Devblog: Security Update - Q4 2018

teamsecurity
devblog
official

(Dragos Highwind) #21

This is a transparency thing. People complain about bots, therefor companies post their results and suggestions on anti-bot behavior. That way customers at least know the company is doing something rather than silently squishing things behind the scenes.


(Gadget Helmsdottir) #22

Real players need to stop buying unauthorized RMT assets, then.
No market, then the RMT will trickle off.

But that would be a bother for some.

–Gadget could handle that burden


(Rivr Luzade) #23

Thanks gadget, now I remember what I wanted to post earlier.

Would also be nice if CCP put some people on smoking out RMT sites. A while ago I looked for Drake Navy Issue on preferredsearchengine and one of the first search results was an RMT page offering the DNI for 1.95 or something like that.


(Dragos Highwind) #24

RMT transactions are not an easy feat to combat. However, fighting them in a game with free accounts, damn near impossible. It’s a constant game of whack-a-mole that you have to tread carefully because there are real paying players that sometimes use them out of desperation/laziness that you want to keep around.

The massive gaping hole in security IMO is alpha accounts having the ability to create corporations. Removing that capability while putting a 30 day cooldown on a character creating a new corporation (after creating one) would stop a lot of the shell company shenanigans. A that point you force RTMers to do direct transfers or market transfers which in theory should be easier to trace.

Just my 2 cents


(Nolak Ataru) #25

@CCP_Peligro So when are you going to take another look at ISBoxer and overlays? Or when can we expect you to ban multiple monitors, as those constitute an unfair advantage over players with a single monitor?


(Circumstantial Evidence) #26

Market Bots can’t be easily reported via “report bot” - unless you’re willing to buy or sell into them and get a name. I filed a Support Ticket explaining a possible case, suggesting CCP could easily get the name to watch, since only 2 market orders were chasing the same item(s), and was told to use “report bot” or send all the info to the security email address. That seemed kind of silly, why couldn’t helpdesk forward my ticket?

I’ve since decided over the course of weeks that my suspect has enough randomness AND is chasing after items with next to no trade volume… may not be a bot player after all, so I let it go for now.


(Foggy Bernstein) #27

More theater from the security team.

So…yay?


(Wallymarts) #28

When are the proposed additional anom changes?
What exactly are the changes going to be


(CCP Falcon) #29

Our policy on ISBoxer was made clear last time we released an announcement regarding it. Go read.

As for multiple monitors, what you’re saying is ridiculous. Knock off the trolling.


(LouHodo) #30

I still see plenty of Bots in FW space… saw the SAME three last night, the same three I have seen for the past 2 months, doing the same route they run every hour on the hour for god knows how many hours a day. All three of them in shuttles.

The problem is you dont shut them down. You ban them but dont delete the account and all assets. You dont actually prevent them from doing it again. I doubt you even log the IP for possible IP banning.


(Nolak Ataru) #31

I’m not trolling. If you would like, I can make a quick video to explain why I believe that multiple monitors are as much of an, as defined by CCP, unfair advantage as Overlays are.


(Dragos Highwind) #32

There is a line that CCP had to draw and software vs hardware advantage is where they drew the line. Multiple PCs, multiple monitors, faster computers, hell larger case of energy drinks etc is all means of an unfair advantage. They simply drew the line were it’s semi-enforceable.


(Nolak Ataru) #33

But it isn’t, that’s the thing. There is absolutely no way for CCP to detect if you use overlays of any sort (whether on ISBoxer or On Top Replica) because there’s an overabundance of information being sent to the client and the server which would make it fundamentally impossible to know if I am using Overlays or have multiple staggered windows of various sizes, or even if I’m cycling through them at a rapid pace. The policy is unenforceable.


(zluq zabaa) #34

Yes, this!


(Dragos Highwind) #35

" 1. Please be aware of the fact that we do a lot of data analysis which grants us insight into behavior patterns and allows us to detect anomalies. In a lot of cases we do not need to know what you do on the client side because looking at the behavior in our very detailed event logs on the server side allows us to see if you have/had an unfair advantage over anybody else including the game environment. We don’t know all the tools out there and what they do exactly - and frankly we don’t care. If you get banned, then this is because the results of what you did and how you potentially gained from it manifested in our server-side logs."

This is a quote from here: https://www.eveonline.com/article/overlays-isk-buyer-amnesty-and-account-security

Simply put if their logs detect anomalies you’re going to get investigated and possibly banned. They are purposely vague on much of it because simply put, if they feel your response times and rhythms are deemed unnatural, their prob going to chalk it up to unfair modification.


(Dragos Highwind) #36

Till troll corps start using it as a badge of honor :stuck_out_tongue: lol


(Nolak Ataru) #37

None of the multiboxers who have continued to use overlays have been banned since the dev blog. The only person who has been banned was a Russian streamer who had the overlays on stream.

Yes, and that’s a problem. Ask Kun’Mi, who was banned by CCP Peligro while multiboxing bombers without input broadcasting or overlays, because he got mass-reported by people. There was a 4-box miner in hi-sec who also was banned by CCP, who I believe quit the game afterwards.


(zluq zabaa) #38

Depends, but not necessarily that cheap. If they already collect a lot of data about players, it could be as “simple” as feeding all of that data (including the parts that seem irrelevant) to your machine learning framework, define a few basics, and then feed the ban wave data to that. Over time it will get better at predicting who is botting or maybe even who is taking part in RMT schemes. At the very least it will cost Dev time and additional technical ressources, also there might be the need for more player specific data, which isn’t already being logged.

If they want a more fine tuned approach, it’s possibly beyond the reasonable capabilities of CCP, considering that at best, the result will be a flag that has to be checked manually by CCP staff anyway, unless you’d be happy with some algorithm decide wether you’re a bot or not. So for higher granularity, you’d probably want to look for 3rd party cooperation with someone who finds the specific challenge of machine learning in the context of an MMO interesting.

I’d still say that using bots exclusively for hunting bots should be allowed :wink:


(Dragos Highwind) #39

Granted, I’m rather new to the game, but I see multiboxing as a ‘at your own risk’ type thing. If you are able to multibox with such efficiency that they can’t tell your input logs from from a script runners logs AND they are receive mass complaints against you, CCP is just erroring on the side of caution.


(Saeger1737) #40

Why not ban the PIRAT Botters who bot in Nyx’s in omist from the kids with guns alliance… He literally wrote it all down on Reddit as proof and yet nothing has been done to my knowledge.