Should I give my personal information to a private server?

[Bue]

It appears that some private servers are now asking for personal information. And I want to start a discussion to help players stay informed about some of the risk involved, so I will start by posing a few questions.

Should I give my personal information to a private server? If not, why?

Are private servers held accountable if they leak my personal information?

[Eiponpon]

ive seen you in the other thread and you come across like a nut

pick a server that suits your sensibilities and call it a day. maybe one with no email and no password that lets you play from the public library (your unique ip is personal info that can be used to look up your house)

[Bue]

[Edit]

Your IP address will expose your country, city, and ISP.

You will be vulnerable to DDoS.

Your ISP may leak your customer information.

You can exposed your IP address by clicking on links through direct messaging, i.e. linking any account with an IP address.

Your private server may leak your IP address.

You can hide your IP address by using a VPN. And you can easily fake your email, username, and password.

In my opinion, private servers should only ask for username and password.

[LavosRT]

ive seen you in the other thread and you come across like a nut

+1

Your IP address will expose your country, city, and ISP. And you can get doxxed if your ISP leaks your customer information. There are plenty of ways you can exposed your IP address, such as clicking on a link that was directly messaged to you. And private servers can collect your IP address when you visit their website or play the game. And if your private server is hacked, then they may get your IP address through logs.

Also, if you relied on the internet to do your job, then an attacker may pay a botnet to DDoS during work hours.

To protect yourself, you can hide your IP address by using a VPN. And you can easily fake your email, username, and password. In my opinion, private servers should only ask for username and password.

May, can, can, may, If, may, can, can.... that is a whole lot of uncertainties. Your IP address is pretty much everywhere if you use the internet at all without a trustworthy VPN.

Because we all know you saying "personal info" is referring to phone number i will be talking about that.
If for some reason you value your phone number more than playing a RO server that requires it, No you shouldn't give it out. But, If you follow safe online practices, then giving out a phone number should not be an issue for the majority of people. In fact id feel confident saying that the majority of online services nowadays ask for a phone number so a RO server should not scrutinized for doing the same.

Should a private server be accountable for leaking "personal information"? No. Ultimately if you gave them that info freely, you gave up all ability to hold them accountable. A RO server and a fortune-500 company are no different in that anything online is vulnerable and every organization has the possibility of having nefarious persons. Using service-specific email addresses, aliases and not reusing passwords is enough to keep yourself safe online in the majority of situations related to ragnarok online servers and websites.

Just use common sense, read all reviews and avoid anything that looks janky and you should be fine. I obviously can't say for 100% certainty because everything in life comes with risks. How much you want to risk is up to you.

[Neffletics]

This is often asked by new players in SolaceRO. What I tell them is that they're free to enter fake details as long as they can remember them. It's only needed when players are requesting account-related assistance such as recovering an email address.

We follow certain standards to improve the security of our website and game servers. I believe the same practice is also being followed by servers with competent admins.

There was an instance in SEA where a server's database was hacked (to view the logs and expose the GMs' corruption) and the attacker later revealed that the players' details were not hashed.

I strongly advise that you stay away from shady servers. You can easily tell which is 'okay, this is fine' and 'stay away at all costs' by looking at their website.

[neethree]

This is often asked by new players in SolaceRO. What I tell them is that they're free to enter fake details as long as they can remember them. It's only needed when players are requesting account-related assistance such as recovering an email address.

We follow certain standards to improve the security of our website and game servers. I believe the same practice is also being followed by servers with competent admins.

There was an instance in SEA where a server's database was hacked (to view the logs and expose the GMs' corruption) and the attacker later revealed that the players' details were not hashed.

I strongly advise that you stay away from shady servers. You can easily tell which is 'okay, this is fine' and 'stay away at all costs' by looking at their website.

Is that the one where someone posted a screenshot of user emails here on RMS? Or is that another incident?
Kinda hilarious how often it happens. I tend to think - would I give this info to a guy on the street? Would I be at risk if the owner decided to post my details for the world to see? Server owners are just random people, after all. Burner emails are the way to go, I pretty much have an email address I use solely to sacrifice for signing up to things and to eat up all the spam. Plus in this day and age I feel like people are more security conscious than ever.

I remember back in the day I had a proboards forum and as an administrator I could see everyone's emails and passwords. Man, can you imagine that now? Still, there is no guarantee that when you sign up for a server that the admin is storing your info securely. You have to just trust the dude on the other side, which is why I recommend everyone use a password manager.

[Bue]

Because we all know you saying "personal info" is referring to phone number i will be talking about that.

Your real phone number will expose you to real life harassment through phone calling and text messaging.

Your mobile carrier may leak your customer information or SIM swap your phone number.

Your phone number may be linked to your personal information in a directory service.

Your private server may leak your phone number.

Your private server administrator can dox or harass you. Don't write a bad review.

Lavos, I would also want to point out for the sake of your benefit, that your cavalier attitudes towards your own information and willingness to absolve responsibilities for your potential leakers makes you very vulnerable. You are telegraphing to people that you are a leaker for your own information and you don't care who leaks your information.

We follow certain standards to improve the security of our website and game servers. I believe the same practice is also being followed by servers with competent admins.

While this might sound reassuring for your players, this does not tell them how you are protecting their personal information. It is very vague to say: we follow certain standards, just trust us. 4Head

Also, can you be held accountable when your server / staff leaks your player's personal information?

[LavosRT]

I applaud you for trying to do a positive thing by trying to make the RO community more aware of potential threats involved with giving out personal information online.

I must say thought that your argument at this point is just a giant web of conspiracies that have such a low chance of ever happening that its not a sound explanation to why someone should not give this info to a private server and just serves the purpose of making you sound crazy.

https://www.addictioncenter.com/drugs/conspiracy-theory-addiction/
Get help my dude.

[Bue]

Any internet troll can do what I am talking about.

[Bonesy]

spoilers: the game was rigged from the start in favor of corporations and the govt, they have your information and s*** anyways

this thread is stupid

[distilled1]

Pathetic and paranoid.
Is this thread even serious? Seems like a troll thread especially after posting the exact same paranoid things in a previous thread.

Your mobile carrier may leak your customer information or SIM swap your phone number.

Then your mobile carrier is trash. Get a better one that only believes you are who you say you are after seeing proof of identity, which is the standard at least in my country. If someone gets your sim, call your carrier, tell them they made a mistake, and have them switch it back? So unlikely to happen though I don't even know why I'm discussing this.

Your phone number may be linked to your personal information in a directory service.

May be. May not. Most mobile numbers do not have this information linked to them like landline numbers do. If so though, then what? Absolute worst case scenario, someone finds out that you may have played on a ragnarok online server. Uh ohhhh. Simply say "must have been the previous owner of that number. I recently got mine". Like who would give a s***? Seriously.

Your private server may leak your phone number.

May leak. Most likely won't. If so, then what? Absolute worst case scenario, someone finds out that you may have played on a ragnarok online server. Uh ohhhh.

Your private server administrator can dox or harass you. Don't write a bad review.

Could? sure. Likely won't. ANYONE who finds out you have a phone number through various means, or follows you home can harass you. Harassment is still against the law though and is easily dealt with unless you're a big baby.
It's called blocking a number, or calling the police if the harassment becomes a crime. Being paranoid of someone "harassing" you just for having a phone number? Never heard of a prank caller?

Are you afraid of giving your phone number to a restaurant for a take out order? Don't leave them a bad review, or they might harass you, right?
Don't look at them funny when you pick up your food or you could get stalked in real life.
Where is your tinfoil hat to go with that paranoia?

I think you do need help, buddy. Or you're a big troll.
I'd bet on the latter.
One of those "I WAS ONLY PRETENDING TO BE STUPID! HAHA GOT EM" kinda guys.

[Bue]

You are naive if you think internet trolls are not a real threat.

For example, look at how the URL is hidden behind a link in this post. I could have gotten a list of IP addresses from the people that clicked on that link. Then I could have gotten your IP address by filtering that list using the country and province you have listed on your RMS profile.

In this article, an internet troll use a Skype exploit to get the IP address of a streamer. And it was a Canadian ISP that leak the streamer's home address and a Canadian SWAT team that raided the streamer's home. The streamer tried to prove that it was a hoax by showing the text messages that the internet troll was sending as the raid was happening.

This doesn't just happen to popular streamers. An internet troll got an innocent person killed because he had an argument with someone in a CoD game. https://www.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html

I started this thread to help players understand some of the risk involved with exposing their personal information. I have also heard of a case where a private server warlord was bullied into closing down his server because internet trolls found out his real name and address. It is an underhand practice that some private server warlords use when another private server warlord tried to poach their players. So private server warlords should also be careful.

[distilled1]

You don't seem to understand what odds and chance are.
The odds of any of that happening to the average person are practically zero. You're pulling the rare cases you've seen from news stories, like a paranoid old boomer who watched too many rare murder cases on the news, and are believing these are common incidents that happen all the time.
They are not.

I started this thread to help players understand some of the risk involved with exposing their personal information.

Well thank you, captain obvious, for telling us that life has bad people in it on rare occasions. If you're talking about exposing a phone number though, I wouldn't call that risky unless your phone carrier is unprofessional as hell and gives out customer information to any idiot without proof.

You are naive if you think internet trolls are not a real threat.

No I'm just not paranoid. Internet trolls are some of the most harmless "threats" in existence, unless you're a big baby.

For example, look at how the URL is hidden behind a link in this post. I could have gotten a list of IP addresses from the people that clicked on that link. Then I could have gotten your IP address by filtering that list using the country and province you have listed on your RMS profile.

Could have. Then what? You have my IP address... and? You're going to commit a crime with it? Get real.

In this article, an internet troll use a Skype exploit to get the IP address of a streamer. And it was a Canadian ISP that leak the streamer's home address and a Canadian SWAT team that raided the streamer's home. The streamer tried to prove that it was a hoax by showing the text messages that the internet troll was sending as the raid was happening.
Go to that link and read

Okay I did read it. "her address and apartment number, which he had filched from her Internet provider, Cox Communications, by pretending to be a company technician."
Now what are the odds of that ever happening to the average person? None I'd say, because the troll targeted a famous person to get some fame themselves, and also most internet providers aren't retarded like Cox Communications.

This doesn't just happen to popular streamers. An internet troll got an innocent person killed because he had an argument with someone in a CoD game. https://www.cnn.com/2019/09/14/us/swatting-sentence-casey-viner/index.html

"This doesn't just happen to popular streamers?" "This?" as in the above story? They're two different stories where one got the address from a stupid internet provider, and one gave the address willingly.
"During their argument, Viner threatened to swat the teammate – and the teammate responded by providing an address and saying, "Please try some s–t,"".
This second story is the only legitimate threat to the average person you've posted so far, but only if you're dumb enough to provoke someone who was a violent/threatening person, literally telling them your address and invited them to try something. Even then, what are the odds of that person committing the crime with that information? Pracitcally none. What are the odds of a SWAT team killing you afterwards? Practically none.

Also, how does this relate to giving out a phone number to a private Ragnarok server administrator? Oh yeah it doesn't.

I have also heard of a case where a private server warlord was bullied into closing down his server because internet trolls found out his real name and address. It is an underhand practice that some private server warlords use when another private server warlord tried to poach their players. So private server warlords should also be careful.

Okay. How does this apply to giving a private ragnarok server administrator your phone number? Oh yeah it doesn't.

You could die by crossing the street or getting in a vehicle. Better not ever do those things.
Jesus. Chill out.

[Neffletics]

Is that the one where someone posted a screenshot of user emails here on RMS? Or is that another incident?
Kinda hilarious how often it happens. I tend to think - would I give this info to a guy on the street? Would I be at risk if the owner decided to post my details for the world to see? Server owners are just random people, after all. Burner emails are the way to go, I pretty much have an email address I use solely to sacrifice for signing up to things and to eat up all the spam. Plus in this day and age I feel like people are more security conscious than ever.

I remember back in the day I had a proboards forum and as an administrator I could see everyone's emails and passwords. Man, can you imagine that now? Still, there is no guarantee that when you sign up for a server that the admin is storing your info securely. You have to just trust the dude on the other side, which is why I recommend everyone use a password manager.

There are 'modern' ways to protect the data we're collecting from players like encryption. Many years ago, most platforms are only saving data in plain text. Unfortunately, some servers are still doing it. More reasons for players should stay away from shady servers.

While this might sound reassuring for your players, this does not tell them how you are protecting their personal information. It is very vague to say: we follow certain standards, just trust us. 4Head

Also, can you be held accountable when your server / staff leaks your player's personal information?

Idk how to answer your question or I'm just too lazy to write in long paragraphs. But I recommend that you use fake information when joining private servers. If the server is not allowing you to use fake information, then don't play there.

[Bue]

You don't seem to understand what odds and chance are.
The odds of any of that happening to the average person are practically zero. You're pulling the rare cases you've seen from news stories, like a paranoid old boomer who watched too many rare murder cases on the news, and are believing these are common incidents that happen all the time.

Whatever the chances may be. The risk of exposing your personal information still exist. That is the point that I am trying to make.

You can do all the mental gymnastics you want to justified it, but exposing your real phone number will always put you at risk of real life harassment through phoning calling and text messaging.

It is not entirely out of question for a private server warlord to have malicious intent or purposefully leak this information to intimidate players. That is part of the risk and why I want to players to stay informed.