These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE Information Portal

 
  • Topic is locked indefinitely.
 

New dev blog: Team Security - Banning Bad Guys and also Bad Guys

First post First post
Author
Asuri Kinnes
Perkone
Caldari State
#181 - 2012-03-02 01:30:47 UTC
CCP Sreegs wrote:
Thanks for being blunt but I've already explained that if "in order to gain the playerbase trust" I have to divulge our methods then you're simply not going to trust me. That's assuming that you personally speak for "the playerbase".

I will say that, as I've said in the past, I could only make a completely idiotic guess at how many bots there are. If I knew that they'd all be gone. I have been reminded about why I hate giving people numbers, as you are quite accurate in stating that you don't have the perspective to use them properly. The last time we did this I gave out none and everyone was all "JUST GIVE US SOME NUMBERS WE DONT NEED PERSPECTIVE WE WANT NUMBERS WE LOVE SPREADSHEETS".

We're just going to have to agree that this is as happy a medium as you're going to get for the time being and I'll apologize if that's not satisfactory to you. :)

You know Sreegs, you might want to take a page out of the 2003 Devs forum replies... Just tell'em "this is the way it is, it's not changing and there's the door if you don't like it..."

There is a HUGE difference between "18 months", "watch what they do, not what they say..." and "I'm not telling you how we catch botters..."

And just to be clear here,

THANK YOU!

Bob is the god of Wormholes.

That's all you need to know.

Scrapyard Bob
EVE University
Ivy League
#182 - 2012-03-02 01:30:47 UTC
CCP Sreegs wrote:

Naming and shaming has been and will continue to be part of an internal dialogue but for the time being it's something we've been avoiding. I understand completely why people would want to see that but I also understand completely why it's pretty dicey to be doing it. As it stands the policy is not to do so.


Anyone who gets caught with 3 strikes should be named and shamed. They've proven with getting caught 3x that they're not going to change their habits. And eventually, that name-and-shame should be extended to those who have been caught twice, but not until the ban duration has passed (allow time for appeals).

Vaerah Vahrokha
Vahrokh Consulting
#183 - 2012-03-02 01:31:20 UTC  |  Edited by: Vaerah Vahrokha
Asuri Kinnes wrote:

What the hell is up with you?


I am thinking outside of the crowd, like I always did, do and will do. Sorry if I don't groupthink, I don't take my pitchfork and don't hold a torch and don't wear the Inquisition hat nor show a frothing mouth.


Asuri Kinnes wrote:

Let me put it to you this way:

The only way (ONLY WAY) to make sure someone doesn't get an inappropriate ban is:

NEVER BAN ANYONE AGAIN! EVER!

FOR ANYTHING.

< snip more caps and fervor maddened eyes >

NOTHING IS PERFECT so they do the best they can.

Deal with it.


No, they are not doing the best they can.
CCP used to show a bland-at-best politic against botting, hand mild penalties and a pat on the shoulder to the repenting wrongdoers.

Now they hired a real Security Expert, got an official team to deal with the phenomenon, set up an organized bot smashing machine. At the same time they will make penalties harsher, permanent and so on. Which is AWESOME!

This requires a similar step up in the prevention and defense tools to be made available to the players.
In the same way they added a big warning on all the forum links outside CCP's domain, in the same way they posted and updated multiple threads about how to defend from phishing and hacking etc, there should also be an effort into providing information and / or tools for the honest players to be SURE they are 100% running allowed stuff.

Otherwise you are providing a Ferrari engine to a Ford Fiesta. Sooner or later you'll notice how having crappy tires and city car brakes does not work so good with 500 HP.

As for the "sht happens, deal with it", I supposed in some countries it's a custom to have people sentenced to death and executed and then eventually find out if they were innocent.
In the others, the defendant is given tools for self defense, there is a proofing system. If CCP goes the hard fist way then they should also implement a resilient proofing and possible defense system for those they suspect of cheating.

Said that, I hand the pitchfork back, use it at leisure, I envy your blind trust in technology, behavioral patterns and so on.

Titanic crew trusted in technology and self imagined total safeness after all.
Asuri Kinnes
Perkone
Caldari State
#184 - 2012-03-02 01:32:26 UTC
Scrapyard Bob wrote:
CCP Sreegs wrote:

Naming and shaming has been and will continue to be part of an internal dialogue but for the time being it's something we've been avoiding. I understand completely why people would want to see that but I also understand completely why it's pretty dicey to be doing it. As it stands the policy is not to do so.


Anyone who gets caught with 3 strikes should be named and shamed. They've proven with getting caught 3x that they're not going to change their habits. And eventually, that name-and-shame should be extended to those who have been caught twice, but not until the ban duration has passed (allow time for appeals).


They said there was some legal concern they were thinking about - but i figured just in-game names... :)

Bob is the god of Wormholes.

That's all you need to know.

Vaerah Vahrokha
Vahrokh Consulting
#185 - 2012-03-02 01:40:42 UTC  |  Edited by: Vaerah Vahrokha
Adding to my post above with a practical example.

There's a 3rd party tool that has been announced weeks ago (has 20 or so forum pages!) that completely automates in game market prices gathering. It really opens the right window for you, fills in the right item for you, then switches to the next and so on.

With such cumbersome default UI, a player seeing such software would rejoyce!

But wait, is this software - residing on the official EvE forums but never "checked" legit? Or is it a bot? What to the dozens who use it? Until what point an end user is meant to be so much geek to know if a certain python thing is good, another is bad, a DLL is ok and another is not? This is the lack of "tools" I am talking about.
CCP Sreegs
CCP Retirement Home
#186 - 2012-03-02 01:46:17 UTC
Vaerah Vahrokha wrote:
Adding to my post above with a practical example.

There's a 3rd party tool that has been announced weeks ago (has 20 or so forum pages!) that completely automates in game market prices gathering. It really opens the right window for you, fills in the right item for you, then switches to the next and so on.

With such cumbersome default UI, a player seeing such software would rejoyce!

But wait, is this software - residing on the official EvE forums but never "checked" legit? Or is it a bot? What to the dozens who use it?


You are correct that there may be applications out there that we haven't specifically stated are good or bad, allowed or not and we should work to rectify that. I was actually just talking with someone about a different app the other day.

My perspective has always been that we make a client to interface with our server and that's what you're allowed to use, BUT I'm not the only person involved here and it's not purely my decision so I'll take the feedback you've given in that regard and see if we can do something useful with it. :)

"Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012

Asuri Kinnes
Perkone
Caldari State
#187 - 2012-03-02 01:46:50 UTC
Vaerah Vahrokha wrote:


No, they are not doing the best they can.
CCP used to show a bland-at-best politic against botting, hand mild penalties and a pat on the shoulder to the repenting wrongdoers.

Seriously? What has that to do with anything? If I were their security guy - that's all you'd be getting now - Sreegs is doing good...
Vaerah Vahrokha wrote:

Now they hired a real Security Expert, got an official team to deal with the phenomenon, set up an organized bot smashing machine. At the same time they will make penalties harsher, permanent and so on. Which is AWESOME!

Glad we can agree on one thing anyway....Roll

Vaerah Vahrokha wrote:
This requires a similar step up in the prevention and defense tools to be made available to the players.
In the same way they added a big warning on all the forum links outside CCP's domain, in the same way they posted and updated multiple threads about how to defend from phishing and hacking etc, there should also be an effort into providing information and / or tools for the honest players to be SURE they are 100% running allowed stuff.

Otherwise you are providing a Ferrari engine to a Ford Fiesta. Sooner or later you'll notice how having crappy tires and city car brakes does not work so good with 500 HP.

As for the "sht happens, deal with it", I supposed in some countries it's a custom to have people sentenced to death and executed and then eventually find out if they were innocent.
In the others, the defendant is given tools for self defense, there is a proofing system. If CCP goes the hard fist way then they should also implement a resilient proofing and possible defense system for those they suspect of cheating.

Said that, I hand the pitchfork back, use it at leisure, I envy your blind trust in technology, behavioral patterns and so on.

Titanic crew trusted in technology and self imagined total safeness after all.

Lets see - where to start.

WHY does it require a "similar step up"? So some people get inconvenienced? So what? Seriously, so what? And even if it did "require" something, what would it be (and please, do not suggest something client side - that could be hacked/modded too easily, we all know that).

Ferrari engine in a ford fiesta? What the hell are you on about? And death sentences? Shocked Last I checked, it was a game service, but nice little dig there - don't know dig at what, but points for it nonetheless...

If you go back and *read* what I wrote - there is no "blind trust in technology", nor is there a Titanic in sight... I said "imperfect system, imperfect people". And the one and only sure way not to get someone "innocent" - is to never ban anyone. That is the only absolute sure way.

But you threw out a couple good straw-men there.

Bob is the god of Wormholes.

That's all you need to know.

BlitZ Kotare
Ministry of War
Amarr Empire
#188 - 2012-03-02 01:55:17 UTC
Personally I think 3 strikes is too mild. I'd rather see 2 strikes:

1st Strike - 14 day "don't do that again, ever" ban where all linked accounts are banned, all funds zeroed, all PLEX removed or injected and all characters permanently locked to those accounts.
2nd Strike - Permanent Ban.

However, I'm happy with the progress that has been made. I'm already noticing a difference in the markets I play in that there are fewer bots (some are certainly still there, no human can update 80 market orders in 2 minutes). Keep up the good work Sreggs.
Vaerah Vahrokha
Vahrokh Consulting
#189 - 2012-03-02 01:55:40 UTC  |  Edited by: Vaerah Vahrokha
Asuri Kinnes wrote:
If you go back and *read* what I wrote - there is no "blind trust in technology", nor is there a Titanic in sight... I said "imperfect system, imperfect people". And the one and only sure way not to get someone "innocent" - is to never ban anyone. That is the only absolute sure way.

But you threw out a couple good straw-men there.


You make it so easy, eh? Lack of empathy much?

"Oh, sht happened, that guy got banned, guess bad Karma hit him where the sun does not shine".


Example of secondary effects:

1) Guy was a CEO that did not gave every rights away, so now stuff is locked.

2) The corp was a group of RL friends / a community (there are many) where everyone know each other. The guy gets defaced in RL before his friends. "Did not even imagine you were a cheater and a liar!"

I believe that "innocent unless proven guilty" may indeed be too much guarantism.
But then, even going with the harsh: "guilty unless proven innocent", the guy has to have a way to prove he is innocent.

Edit:

I am actually baffled about how little of a fck nobody gives and how all are SO SURE someone else will get the stick.
Asuri Kinnes
Perkone
Caldari State
#190 - 2012-03-02 01:56:14 UTC
Vaerah Vahrokha wrote:
Adding to my post above with a practical example.

There's a 3rd party tool that has been announced weeks ago (has 20 or so forum pages!) that completely automates in game market prices gathering. It really opens the right window for you, fills in the right item for you, then switches to the next and so on.

With such cumbersome default UI, a player seeing such software would rejoyce!

But wait, is this software - residing on the official EvE forums but never "checked" legit? Or is it a bot? What to the dozens who use it? Until what point an end user is meant to be so much geek to know if a certain python thing is good, another is bad, a DLL is ok and another is not? This is the lack of "tools" I am talking about.

Hmmmmmm, last time I knew, the UI provided was the one we were all supposed to be using. And automating activities in game w/o player input is high up on the list of things we're *not* supposed to be doing. I know there are mods to use, using only the API pull. But I have a feeling that your not talking about that. So... Does it automate player actions?

If yes, I would consider it a bot. However, just pulling information (as long as no actions were taken - i.e. - filling orders, making orders or contracts, or accepting orders/contracts) - when it automates player decisions / actions - then it's bannable.

What are you going to have CCP do? Vet every addon that anyone ever comes out with?

Waste of time much?

Bob is the god of Wormholes.

That's all you need to know.

Asuri Kinnes
Perkone
Caldari State
#191 - 2012-03-02 02:01:14 UTC
Vaerah Vahrokha wrote:
You make it so easy, eh? Lack of empathy much?

"Oh, sht happened, that guy got banned, guess bad Karma hit him where the sun does not shine".


Example of secondary effects:

1) Guy was a CEO that did not gave every rights away, so now stuff is locked.

2) The corp was a group of RL friends / a community (there are many) where everyone know each other. The guy gets defaced in RL before his friends. "Did not even imagine you were a cheater and a liar!"

I believe that "innocent unless proven guilty" may indeed be too much guarantism.
But then, even going with the harsh: "guilty unless proven innocent", the guy has to have a way to prove he is innocent.

1) - Corp petitions it - I cannot imagine CCP locking down all of a corps stuff forever. Unless there was isk/items moved around by his corp mates. Again, CCP has a system in place to deal with it.

2) That would suck for sure - he would have to petition it.

Again and again and again - there is *no* way to be 100% sure that everyone banned / warned / looked crosseyed at is guilty/innocent. It is impossible.

So, what are you suggestions as to "tools" that ccp could provide the players that *can't be hacked / gamed* to prove innocence?

Bob is the god of Wormholes.

That's all you need to know.

Vaerah Vahrokha
Vahrokh Consulting
#192 - 2012-03-02 02:06:45 UTC
Asuri Kinnes wrote:

If yes, I would consider it a bot. However, just pulling information (as long as no actions were taken - i.e. - filling orders, making orders or contracts, or accepting orders/contracts) - when it automates player decisions / actions - then it's bannable.

What are you going to have CCP do? Vet every addon that anyone ever comes out with?

Waste of time much?


See, you don't even know yourself for sure and you are certainly more interested / expert in these things than most.

Grey areas are enemies of fair and sure "first / 2nd strike perma ban" politics.

Anyway I am going to bed, hoping to have provided Sreegs with a little of "outsider view" point of views while he is building this new, solid, WHOLE process from detection => ban => appeal => require innocence-proof => final judgement.
DaDutchDude
Some Random Corporation
#193 - 2012-03-02 02:15:53 UTC
Vaerah Vahrokha wrote:
This requires a similar step up in the prevention and defense tools to be made available to the players.
In the same way they added a big warning on all the forum links outside CCP's domain, in the same way they posted and updated multiple threads about how to defend from phishing and hacking etc, there should also be an effort into providing information and / or tools for the honest players to be SURE they are 100% running allowed stuff.

Otherwise you are providing a Ferrari engine to a Ford Fiesta. Sooner or later you'll notice how having crappy tires and city car brakes does not work so good with 500 HP.

As for the "sht happens, deal with it", I supposed in some countries it's a custom to have people sentenced to death and executed and then eventually find out if they were innocent.
In the others, the defendant is given tools for self defense, there is a proofing system. If CCP goes the hard fist way then they should also implement a resilient proofing and possible defense system for those they suspect of cheating.

I think you are turning things upside down.

In Real Life, there are local laws, national laws, a constitution, international treaties, courts with judges, advocates and so on to protect your individual rights. They are very complex, very costly, sometimes burdening society quite significantly, but very important.

What we are talking about here however, is a game. Of course, individuals have rights, and especially in an MMO that attempts to simulate a society, there should be a good framework of rules between provider and customer to govern that relationship. As a matter of facts, there are those rules: http://community.eveonline.com/pnp/eula.asp

Is that flawless? Does it cover every eventuality? **** no! However, do you want CCP to create virtual world constitutions, and courts, and appeal procedures and more of that just so they have completely cover all their bases in case rule lawyers get all uppity about not having very explicitly in full detail explained to them what they can and cannot do? Really, no amount of work in would ever satisfy some people. Even in real life in some of the most sophisticated justice systems, many people are rightly and wrongly disappointed by rulings and unclear about their rights. What makes you thing CCP can improve on that? Personally I would rather have CCP take a "common sense" approach and deal with legitimate complains on a case by case basis instead of spending vast amount of resources in fruitless efforts to appease rule lawyers in a game about internet space pixels.

And really, if you don't trust CCP in trying to actually keep paying customers instead of unfairly taking their stuff, then you should probably unsubscribe now and go do something else with your time.

They say that the road to hell is paved with good intentions. I always have the best intentions for others ...

Asuri Kinnes
Perkone
Caldari State
#194 - 2012-03-02 02:16:51 UTC
Vaerah Vahrokha wrote:
See, you don't even know yourself for sure and you are certainly more interested / expert in these things than most.

Grey areas are enemies of fair and sure "first / 2nd strike perma ban" politics.

Anyway I am going to bed, hoping to have provided Sreegs with a little of "outsider view" point of views while he is building this new, solid, WHOLE process from detection => ban => appeal => require innocence-proof => final judgement.

If it automates player actions it's a bot. Nothing unusual there... Nothing grey about it either.

Again - what tools that can't be gamed/hacked/circumvented?

Bob is the god of Wormholes.

That's all you need to know.

Dyner
Zervas Aeronautics
The Bastion
#195 - 2012-03-02 02:27:35 UTC
Hope this doesn't count for people who sit with:

2) 20"+ monitors
1) Keyboard
1) Mouse
1) ALT TAB

...but mining with 5 accounts is sorta fun...


...feels like mast[etc] (relevant word!)....

...till I realize I'm still just playing with myself




LFG: Bot Slaying Pirate
Malus Rens
Stonefish Industries
#196 - 2012-03-02 02:33:38 UTC
You don't need to ban botters on the 1st offense, but you should make it publicly available information on their criminal record.
Kanako Wakabayashi
Perkone
Caldari State
#197 - 2012-03-02 02:36:11 UTC
wtb glitterbomb
Grey Stormshadow
Sebiestor Tribe
Minmatar Republic
#198 - 2012-03-02 03:06:16 UTC  |  Edited by: Grey Stormshadow
Could I get a ban for being such nice guy?-)

blog wrote:

BUT WAIT, THERE IS EVEN MORE! From now on, and this current wave is included, characters who receive a warning such as this will have the characters locked to the account. This means that once you've received a warning for botting your character transfer privileges have been revoked in perpetuity. This is to prevent people trying to circumvent the rules by recycling accounts. Yes we know people pointed out this could happen last time around and if you'll remember we said "We'll keep an eye on it and if it becomes a problem we'll deal with it". Here is us dealing with it. We'll probably have to come up with some form of timing solution for the future, but as it stands today it's forever. If you care about your dudes don't do bad things.

And way to go!

Get classic forum style - custom videos to captains quarters screen

Play with the best - die like the rest

Patient 2428190
DEGRREE'Fo'FREE Internet Business School
#199 - 2012-03-02 03:49:32 UTC
CCP Sreegs wrote:
Patient 2428190 wrote:
Why do you feel the need to lie? Of course it was timed to be before fanfest. Nothing quite gets everybody pumped up and the circlejerking in full swing like a bot banning wave.

You only do a mass banning maybe once a year. Each time you do a mass banning, you claim its an ongoing process, but nothing changes until another annual ban party comes by. This happened last year, this happened with Unholy Rage.

Do you think anybody who would construct these bots wouldn't recognize the pattern?


Nothing you've said in this post is accurate. We did and have shown that we did a large amount of activity on a regular basis for months. I've given you some examples of where to find that information in this thread. We openly stated in this very blog that during a period of reorganization it was shut off. Were I a dishonest lad you'd have never known things were shut off. Were we clamoring for pre-fanfest attention you'd have gotten fanfare about the event rather than having to hear about it from other players, unless you're insinuating that I'm such a brilliant puppetmaster that this is all part of my master plan to gain whatever, in which case thanks!

You deciding it never happened doesn't make it so and I'm sorry if that was somehow not clear enough to you but there is enough of a portion of the playerbase who will choose to invent facts rather than digest them that it really becomes an exercise in futility to respond and difficult to have an open dialogue where I can present honest information. I'll go ahead and give it a shot anyway and suggest that you read the thread and if you don't like something we've done then state your case as it relates to the facts given rather than being rude and spreading misinformation. There's plenty of other threads on the internet to do that in. This isn't one of them.


I'll admit I don't know your schedule or what your team is doing behind the scenes, I'm not working at CCP, I'm just one of those lolcustomers you collectively tune out on the road to :AWSOME:. I just have what you get to say/write as for what is going on.

As I recall of last year's events, bots were banned, dev blogs were written and you were sent out to the forums. You then hosted your talks at fanfest about security, talked more about the process, what's going on and what's in the future. Then, all communication pretty much stopped. Now in the weeks leading up to this fanfest, the process/machine gets turned on and you get thrust back into public view. Bot banning, dev blogs, your forum posts start happening. All of this will probably dovetail into your talks and presentations at fanfest (I'd imagine)

Unless I'm seriously missing something, the timing has everything do with fanfest. If history repeats itself, we'll get more information now, at and shortly after fanfest then a whole lot of nothing in the way of communication.
Purple Madness
Center for Advanced Studies
Gallente Federation
#200 - 2012-03-02 04:10:48 UTC
If CCP really wanted to end 0.0 botting all they'd have to do is release a ship/module/subsystem/implant/booster/whatever that hid its pilot from local chat. The players would take care of the rest.