GM Stormcrow wrote:
What I can say is that we know who was logged in, what credentials they used to log in - and even the details of their specific browser and session, logged to the millisecond with every single click that anyone makes on anything in the entire game. |
Um. This is actually much more alarming than I had previously thought. You have a blanket policy against reactivating abandoned accounts even if you know that it's unlikely and/or effectively impossible that the person who actually owned the account pressed the Abandon button?
Just by way of example here's the scenario I have in mind: Say you've happy-go-lucky Illyriad player Billy. Billy lives in Australia. Two years playing Illyriad later Billy tries to log in but can't. Apparently his account has been abandoned. He whines a bit about how it's not him that abandoned the account.
Meanwhile, you've got one (or more) of the GMs sitting at a computer looking at the login details for Billy. They know that Billy's account was abandoned from somewhere in the United States. Somewhere that he's never logged in from before. They do nothing.
I'm being (hopefully obviously) a bit flippant here so that you get my point. It's not reassuring, in the slightest, saying that you know all of this information if you have no intention of ever using it to undo clearly malicious actions taken against someone's account. A further layer of player-side security isn't a sideshow in that scenario, in all fairness.
Edited by Ruarc - 04 Dec 2015 at 10:41