Is it secure?

[kmw]

I'm not an expert on networking or p2p or such stuff, hence the reason for this post. I just need to ask, are there any security implications from playing ED? I can look at my log files and see the names of other computers that have been connected to the same instance as me - not just IP addresses but the actual name that a person has given to their pc.

It leaves me wondering how much information can be tapped into, and is a game like this a way of letting hackers into a computer?

I want to play, but I want to play as securely as possible, and it occurs to me that we entrust that security to the game developers as soon as we click the 'Play' button. Or will my Firewall & AntiVirus always protect me?

 

[Wavey]

Im not very happy with my ip addy and pc name being easy to find.

 

[Cmdr Andy B]

unless you use the TOR network for all your web browsing you give that info away to every single website you connect to, its no big deal.

 

[Cosmo]

I don't think you can see that data of other players in MMOs like World of Warcraft and Eve Online.

 

[Asp Explorer]

They have intervening servers - but if you use direct voice chat you are sometimes given direct IP.

 

[kmw]

unless you use the TOR network for all your web browsing you give that info away to every single website you connect to, its no big deal.

You appear to understand something about it so that is at least a bit reassuring thanks Andy.

They have intervening servers - but if you use direct voice chat you are sometimes given direct IP.

So are you saying that we all go through FDs servers unless I use direct comms in the game in which case I may open up a direct connection?

Maybe I'll just use Skype in the end
But that would be a shame as I would like to think playing a game like Elite is reasonably secure and using in game comms should also be part of the experience.

I don't want to make a big deal out of it, it's just that it appears to be a new system to anything I have experienced before (I've played COD4, Nether, BF3, and many race sims online) & it surprised me to see other peoples names like that on a network txt file in my Elite folder.

If it is normal then ok, but it's good to (at least partly) understand

 

[Im_Lost]

P2P isn't secure unless it's encrypted, but that doesn't seem to be the case for ED. You can go in to it's log files and find peoples IPs and even machine names. Not good :/

 

[Bald Avenger]

unless you use the TOR network for all your web browsing you give that info away to every single website you connect to, its no big deal.

IP address yes, but computer name? Is that true?

I dont know how to capture that.

This is typically the only data I can get from a user session...

https://panopticlick.eff.org/

 

[TimYersidies]

Really hard to answer this question without knowing exactly how sessions are established and managed but ...

I would assume that the central server is responsible establishing the trust between the multiple clients (machines running ED) but once in place the clients are left to talk without further input.

The threat is that post handover a hacker will seek to exploit vulnerabilities on your machine in general and ED specifically. In a client server setup the hacker would need to attack the game server which would typically be much less vulnerable than a standard PC and will be proactively monitored (hence the expense).

It also worth noting that if you are running slopey's excellent tool for trading you are adding a further tempting target for a hacker because it runs with a administrative privileges.

 

[Obsidian Ant]

Does anyone know if using a SSL Proxy would enhance the security? (A paid for private proxy, not a public one).

 

[Rochester]

After saving and closing my first session in beta my firewall reported numerous high risk network intrusions, I associated this to the game as I don't use my pc for anything else than offline games, ED is the exception, I thought it may be worth noting glad I'm not the only one, hopefully it will be resolved. Has a ticket been raised?

 

[Wavey]

unless you use the TOR network for all your web browsing you give that info away to every single website you connect to, its no big deal.

Yes it is as this is a game that I am playing and not a website ,quite a difference to me.
Can everyone using the website I connect to see all my info ? Nope

 

[Seonid]

Does anyone know if using a SSL Proxy would enhance the security? (A paid for private proxy, not a public one).

None at all, the game traffic isn't over HTTPS.

 

[Vandaahl]

The data is there for debugging purposes. It won't be there in the released version. There recently was another thread about this subject where this was told.

 

[Juppstein]

Yes it is as this is a game that I am playing and not a website ,quite a difference to me.
Can everyone using the website I connect to see all my info ? Nope

Uhm, yes, a web server is able to see your public IP and usually the name of your computer and it usually transmits this information to the web server, among many other things. Because that is what identifies your client on the internet. Nothing special here. If you would like to see what your browser is revealing then have a look at this site here:

http://www.mybrowserinfo.com/detail.asp?bhcp=1


If you would like to know what information is revealed by playing Elite Dangerous please have a look at the network log files that are being generated on your client while you play. They can be found in C:\Users\%username%\AppData\forgottherestbecauseiamwritingthisonalinuxbox

 

[kmw]

If you would like to see what your browser is revealing then have a look at this site here:

http://www.mybrowserinfo.com/detail.asp?bhcp=1

I tried that link and it gets a great seal of the information wrong.
So I'm happier with that than I am with what Elite is displaying. LOL

Good to see my original question has sparked some debate, but I am none the wiser. Some are of the opinion there is little to worry about, but others, like me, seem to be slightly disturbed that our computer name / IP should be so readily appearing on other players' net logs.
So I still don't know if I should be concerned about security when playing this game.

 

[Cmdr Andy B]

Yes it is as this is a game that I am playing and not a website ,quite a difference to me.
Can everyone using the website I connect to see all my info ? Nope

if you are really that worried about it switch your router off for a few hours after playing, when it reconnects on most networks it will have a different IP address assigned to it - problem solved.

also remember that as its a beta those logs will be useful for debugging, chances are by the time the game goes retail they will no longer be written, and if they are IP details and computer name will no longer be required. at the moment while the network code is being worked on and they are fine tuning the player matching side of things, IP addresses to give location and computer name to identify the user will be very useful info.

Can everyone using the website I connect to see all my info ? Nope

the short answer is actually yes - i wont bore you with the details but its called a 'man in the middle attack' and it works by inserting yourself between the server that hosts the site and the clients that connect to it, most often by a compromised DNS server.

the man in the middle attack vector is one of the reasons that Facebook and other such sites offer SSL (secure socket layer) encrypted connections, and if you think you have any measure of privacy when on the internet i'm sorry to say you have been badly misinformed.

 

[pantbash]

Some are of the opinion there is little to worry about, but others, like me, seem to be slightly disturbed that our computer name / IP should be so readily appearing on other players' net logs.
So I still don't know if I should be concerned about security when playing this game.

Do you know what other programs you have that are connected to the internet do?
Do you know what every exe on your windows machine that connects to the internet gives out?

I assume you don't (if you do then Kudos) therefore why are you more concerned about ED?


(The above is not meant to sound snarky, it's just the way it is with PC security. You either care about all connections to your machine, or you might as well care about none at all.)

 

[Juppstein]

So I still don't know if I should be concerned about security when playing this game.

First rule on the internet: Always be concerned about security

If you don't have a firewall running in front of your router and if that firewall is not configured properly, then ED is the smallest thing to worry about. And if you do not have a malware/antivirus software running at all times the risk grows even bigger.

Just because an application is able to see your public IP and the name of your computer does not make it risk. The question is if someone is able to access internal resources in your network or not through this info. And unless there is a severe security hole in ED that would allow someone to create a tunnel between two clients to access internal information, which afaik has not been done yet, I do not see this as an issue.

 

[Lasse B.]

NAT is usually sufficient. Port forwarding rules aside, no port can be used from the outside (internet) without first having been opened from the inside (your computer). And if the software that opened the port is no longer running, further communication attempts from the outside using that port have nothing to communicate with.

If you want that extra level of obfuscation, you can route your traffic through a VPN provider's server, so any 3rd party client only gets to see the IP of the VPN server, not your own. Just make sure it's a VPN provider that's running his own NAT, as yours will be bypassed by using VPN.