1 Year Later... SMS verification still leaves a minority out! 😔

Deleted • 28 November 2023 at 11:17 AM

One year ago, sms verification (main & side linking) via entering your phone number on the site was made. This unlocked dailies and various activities for everyone that agreed to share their private info (= phone number). A minority of users addressed their doubts about it one year ago, myself included: at that time, I didn't have a cell phone, and was left out from the fun activities with many others that either didn't have a phone or didn't want to pur their sensitive data on the site. The problem was never properly addressed and this minority is still left out. No dailies for us. Many asked for an alternative (email verification, etc etc), but no alternative or solution were given to us. There was a promise to look into an alternative, but it's been so long I fear we're just waiting till everyone will be forced to do this to be able to enjoy ALL site features. it's been one year guys. One year.

I quitted EC exactly one year ago, and came back recently to enjoy some feeding in hope there was a chance, and I'm frankly quite disappointed because in the past owner always, always addressed issues like this and never left anyone out a site's feature. I'll say it again: this feature feels like blackmail to me. You can try to say it's good, privacy will be respected, etc etc, but still, it's something with no other choice given, so it feels like having to swallow a very bitter pill. 2FA should be OPTIONAL and shouldn't be linked to daily game activities. Site features should be allowed for EVERYONE. Leaving a minority of users out and unable to enjoy voting, raffles or dailies, is UNFAIR.

Just because there is an account abuse problem (I suppose it's people using multiple accounts to get rares?) why a minority of legitimate players has to be "punished" in that way and left out site activities just because they don't have phones or value their privacy and right to keep their phone numbers private? People with a verified account can still use multiple phones to link different mains after all, so, the excuse of it existing purely to avoid abuse, don't stand imo.

I once again ask the people in this minority to stand up and come to this topic! Please, feel free to post here, ping @Ian and mods, and let your doubts and issues be known. I don't know If we will move something, but it's still worth a try. I'm saddened to see this situation still. 😥


Also please note I'm not trying to be rude or ruin the fun. I'm writing this bitterly and feeling bitter because I care. I played from 2012. I love this site. I never abused the dailies or anything. Yet, I'm left out with a minority of people from daily activities. You can support sms verification all you want, I'm not against it, just asking for an alternative that includes EVERYONE. Just try for a minute to put yourselves in our shoes.

I'll also explain why I'm reticent in sharing my phone number. A year or two ago (can't remember) a site I was playing on (neopets, If you know it) got attacked by a group of hackers. ALL INFO, emails, pws, and such of players, were SOLD to people that were trying to see If into this data were pws of personal and sensitive matter (such as credit cards, phone numbers, etc etc). I had only mails registered there, no sensitive data or anything, and I solved by changing email and pw but that thing left me quite shaken... I DON'T want to share personal data with ANY site, and I think people should have this choice respected.


EDIT: as an alternative, I suggest an app like 2FAS (https://play.google.com/store/apps/details?id=com.twofasapp&hl=it) it's open source, available for both phone and desktop, and doesn't require you to share personal data. It gives you a numerical code that changes automatically every x minutes and that eggcave site would require to "verify" it's really you when logging or doing dailies that requires receiving the free cc thing. (? Don't know how they work as I never saw them sadly). It's a very nice and secure way and would make people less angry with having to pur their phone numbers on the site...

Pinging some well-known users:
@suzanab
@hinokazes
@redflipflap

suzanab • 28 November 2023 at 11:23 AM

@sinthr

I feel for you. Knock on wood I don't have this problem, but I can relate with the time I didn't have my phone working. Now my problem is the popups, too many, too large, too annoying.

Deleted • 28 November 2023 at 11:27 AM

@suzanab I have phone now, but I'm unwilling to share it. And I think EC should respect this. Denying feature ISNT respecting this choice imo.

Please let us use at least something like 2FAs as an alternative (an open source app available on phones and pc) that doesn't require to put a phone number. It generates a short key that changes every x minutes so you can login or do an important daily by inputting this code. This ensues the person login in the actual owner of account and also verifies it. Or something like that. I can't understand why sharing personal data has to be the only way...

redflipflap • 28 November 2023 at 11:33 AM

I think this is an important topic to consider. Maybe even if just setting up an email address for this instead of providing a phone number? In my humble opinion, Eggcave is a site for all ages. Heck, I joined when I was 15! Back then, I had a crappy little flip phone that I wasn’t allowed to give out the number for, but I know nearly every teenager has a smart phone now.

However, it should still be taken into consideration that some younger players may not have access to a cell phone and their parents may not want to give out their phone numbers for an online game. This isn’t a standalone issue for younger players through, some folks really just do not want to give out their personal information on a website, and that’s entirely valid.

I hope that Eggcave will take this into consideration so that players aren’t left out/excluded from things like voting for rereleases and dailies.

Pinging some folks just for funsies:
@poe
@wonder404exe
@dragrawr
@daisycat

heatherm19 • 28 November 2023 at 11:46 AM

Personally I have no issue with sharing my phone number, at this point no one's data is truly safe online imo so it doesn't really matter. And I do trust this site enough to believe they aren't going to use my info for anything other than verification.

That said, I do find it extremely disappointing that the issue of possible alternatives and people simply not being *able* to verify, hasn't been addressed in all this time. Imo, if users don't verify because of privacy concerns or just not wanting to link their phone to an account, that's their choice. But some people don't *get* to choose, because the *only* way to do this is through text and despite how prevalent technology is nowadays there *are* still people who simply don't have access to a cell phone.

I think there needs to be some sort of alternative, simply so everyone who *wants* to verify, can. I don't think it's fair or right that users be cut off from verifying their account and whatever features can only be accessed that way, because of something completely out of their control (and not having access to a cell phone is often out of someone's control).

Deleted • 28 November 2023 at 12:43 PM

Thank you very much for giving your input, guys. ❤️

@heatherm19 you raise a very interesting point as well, thank you. 💪

megamisama90 • 28 November 2023 at 1:08 PM

What about verifying with two emails? I don't really have any ideas but I agree that everyone should be included in the fun we have on the site. Or maybe that one time code @sinthr was talking about?

Pings to give some ideas or support:
@sapphire12
@dragrawr
@ida92

Deleted • 28 November 2023 at 1:22 PM

@megamisama90 thank you very much for your support! >///<

Random pings:
@isis
@werewire
@opalquinze

bunnyshadow • 28 November 2023 at 1:25 PM

@Ian is offering you a chance to get CC [which you otherwise have to pay for] free of charge if users verify/confirm their account with a phone number [for reasons that were stated when this change was first introduced]. It is a far stretch to call it blackmail because it is your choice whether or not you want to do X thing for Y thing, and it is nowhere near close to unfair [in my opinion].

dragrawr • 28 November 2023 at 1:26 PM

@redflipflap thanks for the ping. I joined when I was a mere 8-9 so I can understand the frustration and disappoint from users who cannot or are uncomfortable sharing their phone numbers. I think this is a topic that needs to be heavily considered by the staff~!

@megamisama90 thanks also for the ping !!

I like the E-Mail idea. It’s a bit safer, not that eggcave is sharing information but for those who feeel uncomfy with it. 💕

@bunnyshadow I don’t think anyone is extremely angry or calling it blackmail- it’s simply a chance some literally cannot participate in, even tho so many other users can. I understand their feelings of missing out, especially when cc has inflated so so heavily recently. No one is blaming the staff either, we totally understand how difficult running a site can be, many just want to join in on the dailies (which would be more beneficial for the sit4 as well as there would be more ads encountered :]

ida92 • 28 November 2023 at 1:36 PM

@sinthr I support you on this. I did verify my main with my phone, but I was very hesitant about it. I would have prefered a different option. And when a different option becomes available, I will be the first to change from phone verification to the new one.

Deleted • 28 November 2023 at 1:38 PM

@bunnyshadow I honestly don't care about the free CC. It irks me the wrong way that site features are restricted (and yes, it feels like blackmail) like this without giving an ALTERNATIVE. I respect your opinion, but NO OTHER SITE I play on literally offered this kind of thing... nobody else asked for my phone. They offered an ad-watching or login streak to get free premium currency. Asking for personal information in exchange for a little CC is, in my opinion, not the correct way to approach this. Site features should be allowed for everyone. A legitimate player without a phone or that wants to keep their privacy to themselves shouldn't be penalized because of that.

And thank you very much for all your input, guys! I know I am not alone. ❤️ let's hope there will be a positive change, someday... it's been so long already...

isis • 28 November 2023 at 1:42 PM

Agreeing with some of the others here that mentioned a different alternative as a solution, so people have a choice what they want to use for verification. Something like an e-mail or 2FA app for example. I do think the verification is necessary and should be here to stay, to keep bots and cheaters out. I personally don't have a problem with sharing my phone number for this, but I can understand the privacy concern and the annoyance with the fact that there's no other way to participate in dailies if you aren't able or willing to use a phone number. I think it's good that this topic is brought to the staff's attention, even if there end up being no possible alternatives it'd still be nice to know that the situation has at least been considered.

opalquinze • 28 November 2023 at 1:42 PM

there’s already some stuff others have brought up, so i would be just repeating what came to my mind

i do feel like using e-mail verification should’ve been available as an option before, but i suppose it’s cuz e-mails are easily searchable if it’s used often for a certain username attached to it (as in, i really only searched up my e-mail on a specific website to show which sites are known to “share” it (which fortunately there wasn’t much, but still))

totally aware that users can put a random username/e-mail (to remain anonymity) and jot it down somewhere, but they’ll forget that randomized one and usually would stick to one they’re familiar with

(i’m not that great with words, so sorry if this sounds jumbled and prob not what you asked for)

sapphire12 • 28 November 2023 at 1:47 PM

@megamisama90 pinged

@sinthr

Me personally:

I personally have no problems 2FA ing with my phone - pretty much all websites do this now, if I want to register for a webinar now sometimes they ask me for a contact number etc. My airline company has my phone number so they can text me if my flight is delayed etc.

And if a data breach does happen and they get my phone number, I'm not actually that well versed in what happens. What can they do? Prank call me?

If anything my email is more precious.

Alternative Options:

Then again, alternative options do exist. One time passwords can be generated through secure apps like DuoMobile but unfortunately they're not free https://duo.com/editions-and-pricing/duo-premier.

There's also google authenticator? https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DAndroid

What is the point of 2FA anyway? To make sure the dailies are done from just the main account? If our sides and mains are registered now, isn't that enough?

And yes I do agree that everyone should be able to enjoy the site regardless or not they have a phone 👍 but a technically viable solution is challenging

Deleted • 28 November 2023 at 1:49 PM

@isis thank you very much for giving your opinion, and also... here. You have no problem with it but you, unlike some others, try to understand that there are people that might think differently and respect their opinion. Thank you sincerely for this. ❤️ I also think verification should be there to stay, just, take into consideration the feedback of the minority that doesn't want t share sensitive information and their phone numbers.

@opalquinze I feel like phones can be abused as well. A kid playing, for example, could verify a main using their phone and use friend's phones or family's phones to have multiple mains to steal event creatures with. So this won't solve the problems of cheaters. What about the idea I wrote in first post, about the 2FAs (code)? Verifying using a code that changes every x minutes and that only you can look at on your phone or pc...

@sapphire12 your last point - exactly what I was thinking. Once you state x account is your main, what good is the phone? They know x is your main, won't they notice If you use any other account to do dailies? 🤔 Also please note I'm an european players and apps like google autenthicator (or these that allow you to borrow a phone number) don't work for us, or at least not for me. You also have to consider some people might not be tech-savvy enough to understand how to use them.

sapphire12 • 28 November 2023 at 2:00 PM

@sinthr wait so I don't get it. What's your alternative solution then if not an app?

dragrawr • 28 November 2023 at 2:01 PM

@sinthr I hope this topic gets seen

I personally shared my phone number and I’m glad Isis and others like Ida are similar- we care deeply about the community not being left out. I genuinely hope things get changed so everyone is connected and happy as a tight knit community 💕

Deleted • 28 November 2023 at 2:02 PM

@sapphire12 ??? 2FAs is an app. I meant some of these app that let you generate a code or that let you borrow a phone number don't work in some places. I think I got confused with google voice though... isn't google autenthicator something similar? Sorry I'm not very expert. I got my phone less than one year ago and I'm not an expert on this kind of things either. << 2FAs was easy enough to use and set.

EDIT: I think the app I'm talking about, 2FAs, is similar to google authenticator... but it's open source so I trusted it better. ^^

https://play.google.com/store/apps/details?id=com.twofasapp&hl=it


@dragrawr thank you very much for your nice words! I'm hoping we can be all the same and be treated the same as well, without having to compromise on things we can't compromise about (like security and privacy). ❤️

sapphire12 • 28 November 2023 at 2:05 PM

@sinthr lol yeah I think you got confused. I linked it up there. If you open the link, it says "If you set up 2-Step Verification, you can use the Google Authenticator app"

Google Authenticator is an app
So is DuoMobile

I'm trying to give examples of 2FA apps that can be used.

Deleted • 28 November 2023 at 2:07 PM

@sapphire12 I do use 2FAs (linked in my previous post). I submitted it as a valid alternative (it's open source and all). Something like that would be way better than having to share your phone directly on the site like this... I used 2FAs promtly when neopets added 2FA in their site for example and never had a problem with it. And neo might be a sinking ship site and all but never asked for my phone to do my dailies...

dragrawr • 28 November 2023 at 2:09 PM

@sinthr I agree using them would be helpful, given eggcave approves or that it works out for people as well. I’m just afraid there will still be people who can’t either. I’m not sure there is a solid solution where it includes everyone, but I like this idea and the email idea

Deleted • 28 November 2023 at 2:13 PM

@dragrawr 2FAs is available also on desktop so that is more wide because it doesn't require a phone number to work. c: But yeah, I don't know the specific, some people still might not have such an app available... I think verify-ing should be on-site, main and side linked, without strings like phone number attached. At least for dailies and stuff. As I said, sharing a phone number can be done but can't be linked to site features, If people want the extra security it should be an optional thing that doesn't leave out site features.

sapphire12 • 28 November 2023 at 2:16 PM

@dragrawr you're never going to find a solution that works for everyone. The solution @sinthr proposed will at least solve part of it.

Sinthr, I think you and I are on the same page in terms of using an app for 2 factor authentication - whether it's Authenticator, DuoMobile or 2FAS, I agree we should at least have that option.

I would suggest proposing this directly to Ian, or at least editing your original post to add these as Alternative Options. Usually people respond better to requests of change if given possible solutions to the problem at hand?

dragrawr • 28 November 2023 at 2:18 PM

@sapphire12 yup that’s what I was saying ^^ it’s a shame, but it’s the hard truth.

Deleted • 28 November 2023 at 2:19 PM

@sapphire12 I also think the same... hopefully we can work together to make it so there isn't a minority anymore, or that at least people will feel more comfortable in using a 2FA app that doesn't involve sharing directly personal info on the site. Hopefully @Ian sees this topic, I will keep my fingers crossed... thank you very much for all the input and the patience (sorry again for getting confused haha). I will edit first post to propose 2FAs apps as an alternative! ❤️

dragrawr • 28 November 2023 at 2:21 PM

@sinthr hopefully it gets Seen/heard and implemented at some point 💕 it would be lovely to see. Thank you for bringing this topic up !!

opalquinze • 28 November 2023 at 2:25 PM

‘fraid i can’t put much on what i think on 2FA since i don’t sign up often on sites that use it, so yeah (but from the looks of it, it seems secure enough)

(sorry for delayed response, answering internet security problems is not my forte, so trying to answer this was already making me a lot more anxious than usual)

redflipflap • 28 November 2023 at 2:29 PM

Some of y’all may know that I work in tech support irl. The software I work for did offer an email alternative for two-step verification so that users would feel more comfortable about it, so it would be a nice alternative or a step in the right direction.

And I don’t wanna come across as mean or harsh and say things like “EgGcAvE iSn’T sEcURe-“ but having some sort of 2FA app in place might help users feel secure about it. I also wouldn’t be opposed to a smidgen of transparency from the Eggcave team about how encrypted that info is for those of us that have entered it already (if we haven’t gotten that already, ofc.)

Deleted • 28 November 2023 at 2:29 PM

@opalquinze don't worry about it at all, I'm not very well-versed on the ways of the phones as well (I did a lot of research before using this 2FA app, read reviews and fussed over it a lot because I wanted to be sure it was safe to use), I thank you very much for giving your opinion despite feeling anxious and hope you can feel better and relaxed soon. I feel anxiety 24/7 so I understand. Do take care my friend. ❤️

@dragrawr and thank you for stopping by! I am glad and humbled to see all this support from the community. I find amazing people that had no problem with the phone thing still understand our concerns and would love an alternative so we aren't excluded as well. ^^

@redflipflap and thank you for saying that! Yeah, I'm not saying EC isn't secure, it's just... we can't be 100% sure, that's all, and as users it would reassure us greatly to have a say and a choice on the matter, especially since it's our private data in the end and we should be allowed to choose If sharing it or not without being penalized for that. ^^