These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
 

Dev blog: Updates to Team Security and the ongoing war on botting

First post
Author
Previous Topic Next Topic
Ranger 1
Ranger Corp
Vae. Victis.
#61 - 2013-03-18 17:53:39 UTC
mynnna

I was always under the impression that if a player was banned for botting, and the character in question had just been purchased legitimately, a deeper investigation would be initiated at the players request... and if necessary the ban would be reversed AFTER the investigatioin was concluded.

So are you saying this didn't happen and that further investigation was refused until a stink was made?
Or is this a case of the investigation was under way and just didn't get concluded until after loud rumblings were made?

The former is a problem that needs to be worked on, the latter is simply taking credit for something that would have eventually happened anyway.

View the latest EVE Online developments and other game related news and gameplay by visiting Ranger 1 Presents: Virtual Realms.
Vincent Athena
Photosynth
#62 - 2013-03-18 17:59:17 UTC
Andski wrote:
Vincent Athena wrote:
A player who wants to RMT goes to a friend who does not play eve and says:

"Could you start a character in Eve, buy a pile of ISK via RMT, then sell me the character?"

How would CCP stop that from happening, other than swinging the ban hammer even after the character has been sold?

Edit: Ill answer my own question: Ban the person who did the RMT and remove the ISK. That way the receiver of the character gets zero benefit from the transaction.


Your idea is terribly unfair to players who sell their characters for ISK and end up getting screwed out of billions because the other guy paid for the character with botted or RMTed ISK. Unless, of course, CCP reverses the character transfer as well, but that'd probably be a gross violation of CCP's confidentiality policies.

In that case the ISK is removed from the guy who payed for the character, as he did the RMT.

Know a Frozen fan? Check this out

Frozen fanfiction
Azami Nevinyrall
172.0.0.1
#63 - 2013-03-18 17:59:38 UTC
CCP Stillman wrote:
Vera Algaert wrote:
CCP Stillman wrote:
Vera Algaert wrote:
CCP Stillman wrote:

But client modification right now are anything that injects/touches the running EVE process. That is, reads or writes memory into it, injects and executes code. Basically anything that modifies the client to change the client or extract information that's not normally accessible. That includes bots of course.


that description also applies to widely used tool such as the Mumble/Teamspeak overlay and fraps Shocked


To some degree, it does. But in some ways, it also doesn't. But do you really think we want to ban people using fraps or mumble/teamspeak? That'd be silly

I don't know... after all you're not going to whitelist specific programs P

(with 100% less tongue-in-cheekness: I am a bit afraid that one day you will introduce a poorly tested client integrity check that accidentally flags tools such as the ones I mentioned and that getting the permabans undone will be a massive hassle.)

I understand your concern. We'll address that concern in more detail in the possibly near future when it's relevant :)

*uninstalls fraps, good thing I auto disable overlay*

What are you doing about the Jita bots?

...
CCP Stillman
C C P
C C P Alliance
#64 - 2013-03-18 17:59:54 UTC
mynnna wrote:

Will you also address the concern I voiced on the previous page, namely the one where instances of innocent players being wrongfully banned was basically swept under the rug and ignored until loudly and publicly called on it? Because that past action makes Vera's concerns all the more troublesome.


Discussing individual cases is not something we do. In the cases where we make a mistake, we do our best to correct that and make sure to compensate the player for time lost. It's really that simple.

Just a random dude in Team Security.
CCP Sreegs
CCP Retirement Home
#65 - 2013-03-18 18:19:44 UTC
jonnykefka wrote:


EDIT: On a different note, with Sreegs gone, who will tend to the Edge of Glory?


Veritas is familiar with the danger zone and I'll be training someone new at Fanfest who will be introduced later.

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012
virm pasuul
Imperial Academy
Amarr Empire
#66 - 2013-03-18 18:27:10 UTC  |  Edited by: virm pasuul
First off thank you all, and very well done for all the effort that CCP is putting into banning bots. I rabidly despise cheating in all multi player games and I fully support any and all efforts to eradicate it.

Secondly I have a question.

How does someone bot without client modification?
The three strikes rule applies to botting in the original article. There's a separate insta permaban for client modification.
But if client modification is defined as "anything that injects/touches the running EVE process" then doesn't that cover all forms of botting?

A macro process that recognises and clicks on areas of the screen is "touching" the running EVE process isn't it?

I'm not trying to board lawyer ( better call Saul ) - I just don't understand how the two aren't the same.

Despite my question I can't support you guys strongly enough in your efforts to remove bots, keep up the good work :)
Good Luck Sreegs, TY.
FeralShadow
Tribal Liberation Force
Minmatar Republic
#67 - 2013-03-18 18:27:39 UTC
but... sreegs... I loved you... How could you leave...?

One of the bitter points of a good bittervet is the realisation that all those SP don't really do much, and that the newbie is having much more fun with what little he has. - Tippia
virm pasuul
Imperial Academy
Amarr Empire
#68 - 2013-03-18 18:30:02 UTC
If Screegs is leaving CCP does that mean someone will get to blow him up for boundary violation??
Halgar Rench
The Red Headed League
#69 - 2013-03-18 18:33:00 UTC
So with these changes, what's the plan for two-factor authentication?
mynnna
State War Academy
Caldari State
#70 - 2013-03-18 18:33:37 UTC  |  Edited by: mynnna
Ranger 1 wrote:
mynnna

I was always under the impression that if a player was banned for botting, and the character in question had just been purchased legitimately, a deeper investigation would be initiated at the players request... and if necessary the ban would be reversed AFTER the investigatioin was concluded.

So are you saying this didn't happen and that further investigation was refused until a stink was made?
Or is this a case of the investigation was under way and just didn't get concluded until after loud rumblings were made?

The former is a problem that needs to be worked on, the latter is simply taking credit for something that would have eventually happened anyway.

CCP Stillman wrote:
mynnna wrote:

Will you also address the concern I voiced on the previous page, namely the one where instances of innocent players being wrongfully banned was basically swept under the rug and ignored until loudly and publicly called on it? Because that past action makes Vera's concerns all the more troublesome.


Discussing individual cases is not something we do. In the cases where we make a mistake, we do our best to correct that and make sure to compensate the player for time lost. It's really that simple.


What I am saying is that the particular player in question had absolutely no communication back from CCP whatsoever despite multiple requests to look into it and even pointing out the likely cause why he had been banned. The timing of sudden action on the case coming only after his CEO and others made loud noises on the forums on his behalf may have been coincidental, but doesn't look good, nor does the fact that he was wholly ignored.

I use this individual case in question only because I'm familiar with it. While you guys do not (rightly so) share details, the player in question was. But in the broader sense, I have a sneaking suspicion that other similar cases exist, and that they're just as often ignored. A real good step towards correcting this sort of problem would be, if a preliminary investigation shows that hey maybe they are innocent, to actually tell them that their case is being looked at, instead of taking what appears to be the preferred route of "ignore them and hope they go away." Unless, that is, the goal actually is to lose customers and generate some bad PR, in which case carry on!

Member of the Goonswarm Economic Warfare Cabal
MissyDark
Carsultyal
#71 - 2013-03-18 18:34:57 UTC
I'm afraid CCP anit-bot team lives in some lalala-land. Jita is filled with market bots that deny even remote chance of fair competition from human beings.
Hiram Alexander
State Reprisal
#72 - 2013-03-18 18:36:22 UTC
As an aside, I'd be curious to know the stance on violations of non-botting Eula breaches, such as the recently alleged 'Account Sharing' violations that led to the (alledged) theft/suicide of 4 Null-sec Titans.

1. In the event that an incident of account sharing is ever genuinely proven. Does the account of the Titan pilot (for example) get a 30 day ban, or every player who was proven to have logged into, and used it...?

It's not botting, of course, but does provide 'unfair' advantage within the game.
Dersen Lowery
The Scope
#73 - 2013-03-18 18:42:26 UTC
First, congrats on the progress, and on tightening the screws. You guys are doing this the smart way.

o7 CCP Sreegs.

CCP Stillman wrote:
[re: TS/Mumble overlays, fraps]
I understand your concern. We'll address that concern in more detail in the possibly near future when it's relevant :)


Just thinking aloud here, but the obvious difference is that neither is modifying the EVE UI at all, least of all in a way that grants any in-game advantage. Mumble and TS are overlaying their UIs, making things more cluttered. fraps just sits in the background and, if anything, reduces your client's performance.

None of them really even know that they happen to be overlaying an EVE client; they'll just as happily do their thing with whatever app or window or screen you point them toward.

Proud founder and member of the Belligerent Desirables.

I voted in CSM X!
Vincent Athena
Photosynth
#74 - 2013-03-18 18:45:04 UTC
virm pasuul wrote:
First off thank you all, and very well done for all the effort that CCP is putting into banning bots. I rabidly despise cheating in all multi player games and I fully support any and all efforts to eradicate it.

Secondly I have a question.

How does someone bot without client modification?
.........

A second computer, solenoids over the keyboard, an X-Y pen plotter to move the mouse, and a web camera pointed at your eve client screen. Absolutely no botting software is on the computer running Eve.

Know a Frozen fan? Check this out

Frozen fanfiction
Dalilus
Federal Navy Academy
Gallente Federation
#75 - 2013-03-18 19:07:17 UTC  |  Edited by: Dalilus
Why not go after the 'doers' as well as the 'enablers'? Just targeting the 'doers' is a waste of time.

PS. My main was banned for botting a few years back, too much EVE not enough real life I suppose, but after looking into the case CCP did reactivate the account. They did do their due diligence in my case.
Vera Algaert
Republic University
Minmatar Republic
#76 - 2013-03-18 19:20:09 UTC  |  Edited by: Vera Algaert
mynnna wrote:
I use this individual case in question only because I'm familiar with it. While you guys do not (rightly so) share details, the player in question was. But in the broader sense, I have a sneaking suspicion that other similar cases exist, and that they're just as often ignored. A real good step towards correcting this sort of problem would be, if a preliminary investigation shows that hey maybe they are innocent, to actually tell them that their case is being looked at, instead of taking what appears to be the preferred route of "ignore them and hope they go away." Unless, that is, the goal actually is to lose customers and generate some bad PR, in which case carry on!

I seem to remember Sreegs making a comment along the lines of "petitions to lift bans for botting have a really low priority for us" (I'm sure he'll correct me if I'm wrong).

That's atrocious for false positives but at the same time a necessity as every (real) botter (and/or RMT guy) can be expected to petition his ban - after all what does he have to lose? if nothing else he might learn a thing or two about the sort of logs CCP keeps internally.

I remember posts on the old publicdemands forums after Sreegs' first big ban wave (when many users of mining macros got hit) calling to spam CCP with "I got banned for no reason" petitions just to drive up their costs of handing out bans.

How do you distinguish a potential false positive from yet another bullshit story of a real botter/RMTer without spending any time to really look at it? It's a question of RL ddos mitigation...

.
iskflakes
#77 - 2013-03-18 19:24:23 UTC
Add me to the list of people concerned about your "we can't approve anything" policy. Teamspeak and fraps have overlays that modify the client memory in exactly the same way a bot does. They get handles to EVE windows, debug running processes, start new threads in the target process, etc. How do your automated systems distinguish Teamspeak's overlay from a bot?

Other legitimate software such as remote desktop applications also inject clicks into running programs, so do some VMs with host integration. I find it very hard to believe the claim that you never have false positives.

Another issue I want to quickly mention is your policy on ISBoxer. ISBoxer used to be "approved", but it's not anymore. This change in policy was announced by ninja-editing a 3 year old GM post. This is a terrible way to announce policy changes, because people don't read 3 year old GM posts every day to check if they've been ninja-edited. Please don't do this in future, make a new sticky somewhere telling people you've changed the policy.

I don't use ISBoxer myself though I've got a few friends who do. They're all legitimate players. One of them is worried enough by your non-announcement that he cancelled his plans to create an additional 25 accounts for use with ISBoxer (on top of his 30 existing accounts). If you don't want people using ISBoxer then come out and say it, if you want those accounts then approve the software -- this current limbo where we're never sure if anything is safe is no good for anybody.

-
DarthNefarius
Minmatar Heavy Industries
#78 - 2013-03-18 19:25:06 UTC  |  Edited by: DarthNefarius
Ranger 1 wrote:
mynnna

I was always under the impression that if a player was banned for botting, and the character in question had just been purchased legitimately, a deeper investigation would be initiated at the players request... and if necessary the ban would be reversed AFTER the investigatioin was concluded.



Or the person just gives up due to the prolongered silence & especially since they don't have an 10k alliance CEO to back them up

Ranger 1 wrote:
So are you saying this didn't happen and that further investigation was refused until a stink was made?

How would we know ?
Ranger 1 wrote:

Or is this a case of the investigation was under way and just didn't get concluded until after loud rumblings were made?
The former is a problem that needs to be worked on, the latter is simply taking credit for something that would have eventually happened anyway.



What we get here is plausable denyability from all parties involved?
I think mynnna brings up a good point here.
An' then Chicken@little.com, he come scramblin outta the    Terminal room screaming "The system's crashing! The system's    crashing!" -Uncle RAMus, 'Tales for Cyberpsychotic Children'
Stray Bullets
Perkone
Caldari State
#79 - 2013-03-18 19:34:11 UTC
CCP Stillman wrote:
Vera Algaert wrote:
CCP Stillman wrote:

But client modification right now are anything that injects/touches the running EVE process. That is, reads or writes memory into it, injects and executes code. Basically anything that modifies the client to change the client or extract information that's not normally accessible. That includes bots of course.


that description also applies to widely used tool such as the Mumble/Teamspeak overlay and fraps Shocked


To some degree, it does. But in some ways, it also doesn't. But do you really think we want to ban people using fraps or mumble/teamspeak? That'd be silly


I'm glad this subject came up. I currently have a open petition regarding exactly this. It's being handled by GM Nythanos, which has been great but he replied to the petition but didn't actually answer the questions. This is not a personal attack on Nythanos. I have nothing against him and he's been outstanding as a professional for all I can see.

If I petition about some software being "ok/nok" and you guys reply saying "read the EULA" ... then why in the hell is there a EULA section for petitions? The EULA is ambiguous. For all intents and purposes, TeamSpeak, EVEMON or even EFT are not allowed.

The Terms of service state that you can't build third party tools.

EVE Online TERMS OF SERVICE

21. You will not attempt to decipher, hack into or interfere with any transmissions to or from the EVE Online servers, nor will you try to create or use any third party add-ons, extras or tools for the game.
http://community.eveonline.com/pnp/terms.asp


So, if you won't ban someone because they are using an external tool, let's say, Teamspeak, because it's silly, how am I supposed to know what you'll ban me for if all you do, when a question is presented via petition on the EULA section, is point to the EULA and TOS but then make up your own interpretation instead of taking it literally?

So some applications are ok but you can't say so in public? Leading to stuff like the ISBOXER kind of stuff, where you had tons of CCP people say it was ok and then GM Nythanos says it's not ok. When you look for all the previous posts that said it was ok ... they got ninja edited!

I do understand security through obscurity but if you're passing random interpretations of your own rules and can't give out a straight answer to a customer asking if it's in the rules or not, this is plain stupid. I can easily be investing several hundreds of euros (along the past few years) and then get banned because your interpretation of the rules just suddenly changed.

Sure, you never said it was ok, but now you're saying it's silly ... tomorrow we'll get banned for a mere TS overlay.


This kind of rules MUST be clear. It's not a "maybe". It's a yes or a no. If you know of some software that is possible to exploit something in EVE, rule it out.

A current example is ISBoxer. As GM Nythanos answered me (can't copy the text), you can't allow that software. If this is the case, why not make a simple public statement saying that X software is simply not allowed? You end up banning paying customer who actually thought they were playing straight!
Olaf4862
Dragoon Industries Limited
#80 - 2013-03-18 19:47:15 UTC
Just a thought but banning just the account for 30 days is not going to hurt a botter with multiple accounts.

Might I suggest a ban on the IP used also for 24 hrs to make the point clear that botting is not acceptable. This will do more then just effect their botted account but any other account coming from that IP.
Yes I understand that it might adversely effect players in the same household who are not botting but an IP block might help to put on the added per pressure that its not OK to bot. Twisted