These are very important questions. We tried to answer them in the TMWC Organization Structure
, but sometimes a simple, straight answer is best.
Does the owner have admin access?
Define admin access.
Can the owner see our passwords?
He can get pw hashes and break them.
Can the owner spawn items in the game?
But he can edit the files and add himself any rights.
Can the owner gain full access from the command line to do any of the above?
Yes, anyone with access to the Linux account which runs TMW can gain full access to the binaries, data files, client updates, forums, and wiki.
He is root, he already has a full access and may use it as he wishes (see below).
That last answer begs explanation.
First, this is not different to the previous hosting.
Wrong answer - the previous host was active and well known, long time contributor and game/community admin, not a complete stranger who can be anyone - eg. a psychopath, with anger management problems who does rm -rf / and demolishes his appartment anytime he goes late for his TV show or a kid, who one day will play with debugfs and will wipe everything. Most likely he is some guy, who bought himself a dedic, and will tell you go away after he gets an invoice for extra traffic after some DDoS.
Second, not only the owner has access, but any admin (all are published), anyone who can gain physical access to the server, and anyone who can break into the operating system. Although this was true for the old host also, I think it's important to identify all those possibilities.
The old host was one of the best secured machines around, administrated by a security expert with almost fifteen years of experience, not a complete stranger, who we don't know, we don't know if he even has any idea of security, maybe he is just a kid with password "God.123". We can't say because WE DONT KNOW HIM, we have no OFFICIAL AGREEMENT with him, we have basically no security at all, we can't be even sure if tommorow there will be any hosting. It already happened in the past - before I became a host (it wasn't even bad will of the admin, but he wanished for a month and the server first crashed and then was closed).
The major change from our previous hosting is a separation of roles. The new server owner does not have authorization to gain admin access, see passwords, spawn items, or make arbitrary changes to the TMW server. There is always the risk of unauthorized access, regardless of host.
Again, wrong answer. The major change from previous hosting is accumulation of roles - previous host disagreed to give developers power over community (it is not neccessary for development) current host made developers are also community administrators, which is wrong.
And the current root has authorization of see and use everything he has on his system, because you did not sign any agreement with him (show us the scanned copy if you did).
This was not asked yet, but it seems as important:
"Do we have backups that are independent of the server?"
Yes. We have backups of all TMW data at another site. These backups are independent of the server itself, the server owner has no control over them (although it's with his approval), and even if the main server is fully compromised the backups will be intact. Such backups are our best protection against the server owner trying to manipulate TMW.
By doing so you are breaking international privacy law as well as moral transparency law. Platinum complies to these laws, so all backups were stored within Platinum's infrastructure and there were no consent to move them to foreign sites, so users had a full control over where are their personal data and what is being collected.