suggestions

One of the more common bmails I get is about email addresses that are no longer accessible being set as the registered email of a bot. This prevents the bots from being reset, makes it harder to secure it if you're sharing passwords, etc.

Obviously I can't simply agree to change registered emails whenever it's requested, otherwise it entirely defeats the purpose of having a registered email in the first place. That said though, there are legitimate cases where you might lose access to the registered email, so it'd be nice to have a safe way to clear it out in these cases.

My idea for solving this has two parts:

• Bots with registered emails would have an option to remove the email. Once triggered, the game would send an email to the current registered email saying what's been requested, with a link to prevent the email from being removed. There'd be a cooldown period of X days after which the email would be removed. The idea is that if X is large enough, it gives a sufficient amount of time to prevent someone from stealing a bot they know the password of by sneakily removing the registered email.

• Bots going through the above cooldown period would have a warning shown on login reminding the player that unless the email link is clicked, then the registered email will be removed. The idea of this part is to give more visibility to what's happening in case the owner logs in but doesn't check the registered email frequently.

Thoughts on this workflow? If you like it, thoughts on X? I was thinking something like 30 or 90 days. Other ideas? My idea isn't foolproof - it's a question of making this workflow automated, relatively simple to use, and minimizing the chance of fraud.

It's an interesting idea but it still leaves avenues for theft. There are players that dont check in regularly. What happens when someone sends this email to bots they dont own but they do know the email for (shared bots) knowing that the player that does own them wont login to that bot or possibly check that email for very long periods of time? I suppose the answer there is have you personally verify the ip or something of the requester if you get one that goes the full duration before removal. Just a thought on it.

To add something more productive to what i just said. Personally, I think it would be better to either add optional security questions to bots (yes i know its very tedious for the user end when they have 200 bots like some people do.) or somehow automate reseting the password if the user requests it from the ip they bot was originally created from.

Hmmm for example my bot. I asked yesterday Ender to change my bot email because the one I used 7 years ago are no longer exists and I'm not able to log in or either create a new one (imyourdream@email.com" is available).

So if I want to reset my bot, I can't. And or if this suggestion will be approved I will have to wait a month or two or even three just to reset my bot ? I don't say I don't like the idea but from another side I feel it should be another option.

I'm against this suggestion. I only share my bots because I'm sure they can't be reset. Ofc I only share with people I trust but who knows? I don't login all my bots and I don't check the email I use to register them regularly. I'm sure that I don't check both for periods longer than 30-60 days.

@DREAM: your bot was reset less than 2 years ago. I think your email should still be valid no? Or it gets deleted if you don't login within a year?

I agree with esv, this idea is bad and dangerous. And dream/lobster showed that its easy to steal "retired friends" bots. At least someone can try this way...

Mate I'm original owner of this bot. So think next time before you accuse someone of stealing.

@Esv it's very possible that the email no longer exist, I've lost my instagram account as well because I haven't logged in for a year and they sended security check to the same email that I'm not able to login. It's my fault as well that I choose wrong email provider, but there must be a way how to change the email.

I'm sure there is other people who want to reset their bots but because of original owner email they can't. So how we can fix this if those emails abandoned or no longer exist?

These are fair arguments against this idea. It does still leave open an opportunity to steal bots that you know the password of, provided the owner doesn't log into the bots or the email for an extended period of time. The current system makes it so that you don't have to worry about losing bots if you keep your registered email locked down - this idea would make it so that you have another angle of attack to potentially worry about (if you password-share).

So if I want to reset my bot, I can't. And or if this suggestion will be approved I will have to wait a month or two or even three just to reset my bot ? I don't say I don't like the idea but from another side I feel it should be another option.

I'm all ears if you have a workflow in mind without a waiting period that minimizes risk further than the idea I put out there.

Mate I'm original owner of this bot. So think next time before you accuse someone of stealing.

It's not about you. You know you're you, and I know you're very likely you, and it would almost definitely be fine if I just manually reset your registered email. In fact, it would probably be fine 99%+ of the time.

What this topic is about is the 1% who will lie. If I give someone the benefit of the doubt and assume they're not lying, that opens up opportunity for a honest person to be scammed, so my default assumption, as a way to protect everyone's stuff as the game's admin, has to be dishonesty. It's not enough for someone to just say they're not lying and that a bot really is theirs. This will be abused eventually and this is why the game's account recovery policy is that you're mostly on your own. I know this always seems like me being a hard-ass to the majority of honest people who make honest mistakes and lose access to bots or emails, but it's ultimately to protect players. If I make exceptions, it will be abused and honest players will lose their bots to dishonest players.

These topics are tricky. Sometimes they are solvable. Years ago there was a PayPal chargeback scam where people would buy stars from me, trade them to other players (for either real money or bots), then issue a PayPal chargeback to get their money back from me. It led to a lot of drama, but with a little bit of creativity, it's effectively a solved problem at this point.

Hopefully we can think of something for registered emails too...

Thanks Ender I appreciate your efforts. I totally agree and it's probably best to wait until we can find a better solution. I won't be able to reset but at least I can still log in :)

Implement a 4 digit code or something like that. Lose your email just give the code and boom, may or may not work, not sure but its an idea haha