Greetings, glorious testers!

Check out Alpha Two Announcements here to see the latest news on Alpha Two.
Check out general Announcements here to see the latest news on Ashes of Creation & Intrepid Studios.

To get the quickest updates regarding Alpha Two, connect your Discord and Intrepid accounts here.

Should Intrepid offer a bug/exploit bounty system?

Most software devs with a brain offer these. And since the enormous number of exploits have made that other MMO currently unplayable, should Intrepid implement such a system?

I think most of us who have played subscription-based MMO's know that any sort of rampant duping/infinite resource (for instance) often results in irreparable damage to the player base and word of mouth. Suddenly the well becomes poisoned and subs drop off when such exploits are left unfixed for even a few weeks for both of the aforementioned reasons.

Personally? As someone who has found multiple of these sorts of exploits in past MMO's, I always keep them to myself or tell a small number of trusted friends that I know won't tell others. This way we can just sit on the exploit without anyone finding out about it. There's simply no immediate incentive for the player to tell the Devs about it, but if you pay players who report these exploits and glitches before knowledge of them becomes commonplace? Well - that's just being smart, and that's just doing what other types of software companies do to protect their own interests.
«13

Comments

  • SathragoSathrago Member
    edited November 2021
    I think they need to invest more in their QA team if anything. Many games that have released lately, mostly mmos, will put all the QA testing on the players AND charge them for doing it under the guise of "playing the game". This is a great sleight of hand they pulled to not only cut down on expenses but make some dough off of players in the process.

    This wouldn't really be that much of an issue if the games took that money and invested it into a quality assurance team that can make the game better, but most see this "alpha/beta access" cash as purely extra spending money on whatever they want.
    8vf24h7y7lio.jpg
    Commissioned at https://fiverr.com/ravenjuu
  • ButtercupCloverButtercupClover Member, Phoenix Initiative, Royalty, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    No matter how much QA a product goes through, new exploits will be found after release and patches. I think it wouldn't be a terrible idea for them to offer bounties on exploits or abusable bugs to stay on top of stuff like item duping and such.
  • UlfbrinterUlfbrinter Member
    edited November 2021
    Sathrago wrote: »
    I think they need to invest more in their QA team if anything. Many games that have released lately, mostly mmos, will put all the QA testing on the players AND charge them for doing it under the guise of "playing the game". This is a great sleight of hand they pulled to not only cut down on expenses but make some dough off of players in the process.

    This wouldn't really be that much of an issue if the games took that money and invested it into a quality assurance team that can make the game better, but most see this "alpha/beta access" cash as purely extra spending money on whatever they want.

    My experience is that no matter how much QA you do when a few hundred thousand people hit a game, some things are going to shake loose that your QA team of maybe a dozen or two guys are going to miss. Either from some obscure combination of game mechanics or just abusing infrastructure in ways that you couldn't really do in a closed environment. Server-side -> Player-side exploits are extremely hard to find because of this. Further, new patches mean new bugs, always.
  • SathragoSathrago Member
    edited November 2021
    Yes guys, people say this all the time. "QA is too small and cant catch everything". Of course that is true. HOWEVER this does not mean you ignore the damn thing like wow does, like new world does. Do you know how horrible ff14 has it when a new patch comes out with all the bugs? No? That's because they have a great team working to make sure things added to the game are polished and not riddled with bugs.
    8vf24h7y7lio.jpg
    Commissioned at https://fiverr.com/ravenjuu
  • Those things happen after many years of learning your engine and how your server infrastructure operates. Not day one. Microsoft, the largest software dev on the planet, still has Day 0 exploits and they still offer up millions of dollars for that information. Same thing with Google. Same thing with Apple. Same thing with basically anyone who doesn't want to get pwned.
  • NerrorNerror Member, Alpha One, Alpha Two, Early Alpha Two
    edited November 2021
    I would be ok with a bounty system for sure. Whatever it takes to make the game as bug free as possible.

    @Ulfbrinter I wonder, you do realize not reporting exploits hurts you in the long run right? I am trying to understand if people just don't realize that using an exploit instead of reporting it may be short term gain for long term pain, or if some other motive is at play. Even if you don't use but just don't report, it's almost a guarantee that other players also find the same exploit and use it.

    I mean, on an abstract level I get it of course. Greed or easy gains for little effort seems alluring if you don't consider the long term consequences. But the game will actively hurt for it, meaning fewer players, meaning less fun, meaning long term problems for the game, meaning you get to enjoy it for a much shorter time.

    On a personal note, any single player game where I have cheated or used exploits just stop being fun for me almost immediately. Any and all achievements in the game are null and void after using exploits. Completely worthless.
  • Nerror wrote: »
    I would be ok with a bounty system for sure. Whatever it takes to make the game as bug free as possible.

    @Ulfbrinter I wonder, you do realize not reporting exploits hurts you in the long run right? I am trying to understand if people just don't realize that using an exploit instead of reporting it may be short term gain for long term pain, or if some other motive is at play. Even if you don't use but just don't report, it's almost a guarantee that other players also find the same exploit and use it.

    I mean, on an abstract level I get it of course. Greed or easy gains for little effort seems alluring if you don't consider the long term consequences. But the game will actively hurt for it, meaning fewer players, meaning less fun, meaning long term problems for the game, meaning you get to enjoy it for a much shorter time.

    On a personal note, any single player game where I have cheated or used exploits just stop being fun for me almost immediately. Any and all achievements in the game are null and void after using exploits. Completely worthless.

    There comes a point in most games where grinding isn't fun anymore, nor is doing the same boss a hundred times. Hence why people push (including myself) for exploits to be discovered so as to sidestep this. It isn't necessarily greed so much as just not wanting to grind and wait for RNG. My focus in this game is going to be on PvP; and I think that's the case for a lot of people. Thus, I will do whatever I can to minimize my exposure to PvE. This is how I approached WAR, for instance. I despised the PvE side of things but was nonetheless forced into it for specific gear attuned things. When I discovered a duping glitch, for instance, I simply told no one outside of my small guild and the devs were none the wiser. However, if I was offered a cash reward of some actual significance? I'd probably have reported it.
  • PlutarPlutar Member, Alpha One, Alpha Two, Early Alpha Two
    So you want Intrepid to pay you to not abuse a bug and go against their ToS, or hold them hostage by ruining their in-game economy? You know what this sounds like, right?
  • TyranthraxusTyranthraxus Member, Alpha Two
    You know what? With the Underworld content that's accompanying the places of origin for the Tulnar, then why NOT offer a "bug-finder" cosmetic outfit, made to look like it was crafted from the remains of some massive Underworld man-killing insect?

    Maybe the first 10 or so people who find the bug and figure out how it's repeatable get a "bug-crusher" cosmetic reward? Doesn't feel unreasonable. Anything that gets past the testers and is caught by the player base might be worth rewarding.

    /Support



  • tautautautau Member, Alpha One, Alpha Two, Early Alpha Two
    Mildly off topic, but to the OP who sat on exploits and shared them with friends....hopefully that kind of cheating in AOC will quickly earn you (& trusted friends) permabans.

    Further off topic, remember in L2 the 'Seven Secret Emotes' which, if done in the right order, opened the blouse of dark elf ladies?
  • akabearakabear Member, Braver of Worlds, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    Absolutely no issue with incentivised in-game bug reporting rewards in some form or another.

    Much rather a pro-active approach by both Dev`s and Community swiftly dealt with and rewarded than to have the game grind to a halt due to game breaking bugs and /or a minority of the community exploiting them and the vast majority bear the issues.
  • VhaeyneVhaeyne Member, Alpha One, Alpha Two, Early Alpha Two
    I have an issue with in-game rewards for bounties if they could affect the economy. While I agree that incentivizing the search for bugs and exploits will only improve the game. I don't like the idea of rewards taking the form of in-game currency or non-cosmetic gear.

    I think the best reward for a proven bug or exploit that is game breaking would be the cash shop currency "Embers". Maybe, an exclusive cosmetic skin, but I can already hear some people on here crying because I thought of it.

    Still, the idea of an elusive mount or armor only awarded to those who find a major bug is attractive to me... Like a giant bug mount...

    As long as it's not items with in game value, I am fine.
    TVMenSP.png
    If I had more time, I would write a shorter post.
  • ButtercupCloverButtercupClover Member, Phoenix Initiative, Royalty, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    Vhaeyne wrote: »
    I have an issue with in-game rewards for bounties if they could affect the economy. While I agree that incentivizing the search for bugs and exploits will only improve the game. I don't like the idea of rewards taking the form of in-game currency or non-cosmetic gear.

    I think the best reward for a proven bug or exploit that is game breaking would be the cash shop currency "Embers". Maybe, an exclusive cosmetic skin, but I can already hear some people on here crying because I thought of it.

    Still, the idea of an elusive mount or armor only awarded to those who find a major bug is attractive to me... Like a giant bug mount...

    As long as it's not items with in game value, I am fine.

    While I don't like the thought of messing with the economy either, it's better than allowing someone to run around duping items and making an even bigger mess of the economy. If there's no in game advantage to giving up the secret to free items then people will choose the free items over a skin.
  • VhaeyneVhaeyne Member, Alpha One, Alpha Two, Early Alpha Two
    While I don't like the thought of messing with the economy either, it's better than allowing someone to run around duping items and making an even bigger mess of the economy. If there's no in game advantage to giving up the secret to free items then people will choose the free items over a skin.

    That is a good point.

    The best I can say against that is: "It would be a cosmetic and not being perma banned".

    That is also why I think an exclusive skin for being a person who reported an exploit or bug would be a more attractive deal. The goal is to make self reporting a good option over exploiting or spreading the exploit.

    Getting items and not being banned is very tempting too. While I don't prefer it, you are right. If that is what it took to minimize exploits, I would have to be okay with it.
    TVMenSP.png
    If I had more time, I would write a shorter post.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    As someone that has found many bugs in MMO's in the past as well, I say no, something like this isn't needed.

    Any decent person that finds a bug will let the developer know.

    Looking directly at you, OP.
  • ButtercupCloverButtercupClover Member, Phoenix Initiative, Royalty, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    Noaani wrote: »
    Any decent person that finds a bug will let the developer know.

    I've already met players that have said, "I'm not going to report this and hope it ends up in the full release so I can use it. We're the only ones that know about it so far so just don't show other people."

    Some people need an incentive to give up their advantage over others as not all exploits are easy to detect or track who has used it.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Noaani wrote: »
    Any decent person that finds a bug will let the developer know.

    I've already met players that have said, "I'm not going to report this and hope it ends up in the full release so I can use it. We're the only ones that know about it so far so just don't show other people."
    Noaani wrote: »
    Any decent person

    If someone has said to you "We're the only ones that know about it so far so just don't show other people" with the intent of trying to prevent that bug from being fixed, and you are not reporting that bug to Intrepid immediately, then you do not fit in that above group.

    The person that said that to you automatically does not fit in to that group, and if anyone said that to me, I would disassociate myself from them as I do not want to associate with someone that would willingly wish for an MMO to be worse off for personal benefit.

    That is neither someone I would want to play a game with, nor is it someone I would want to spend time with outside of a game- as that person is clearly not someone that shares the same core life values that I do.
  • ButtercupCloverButtercupClover Member, Phoenix Initiative, Royalty, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    It was someone who was in our clan during alpha. They are no longer with us and we have decided to actively attack them if we ever see them again. We got rid of them about halfway through the month when they started bringing up bugs and trying to keep it within the guild. We did report the bug, it was an xp farming method through a repeatable quest that wasn't meant to be repeatable. They were mad and tried to grief us later on after the exploit was fixed but it there wasn't much they could do with pvp turned off. If they abuse bugs when the game does come out then I hope they get banned but until it does come out they still have time to change their opinion about abusing exploits.

    I didn't mention any of that because it wasn't relevant to the discussion but I guess it is now.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    I didn't mention any of that because it wasn't relevant to the discussion but I guess it is now.
    It's only relevant because this is what will happen almost every time.

    Almost all people are decent. Not all, but almost all.

    Decent people will report bugs.

    Your situation here proves exactly why there is no need for a bounty on in game bugs.

    ---

    As to a reason why to specifically not have one, developers of a few games I have played (that I know of, it may be more common than I am aware of) have set up what is essentially a sting to catch out people that would exploit bugs.

    The two times I have known it to happen, the game had a number of guilds that were kind of "soft cheating", they were doing things they probably shouldn't have been doing, but weren't really exploiting (though only because they were not aware of any exploits at the time).

    So, the developers of two games that I know of introduced an exploit that was not easy to find. Once found, it was very obvious that it was an exploit. Since they added it in for this purpose, it was easy for them to track, and easy for them to reverse any negative effects.

    Those that were caught abusing this "exploit" were outright banned from the game.

    Having a bounty system in place removes this as a possibility for developers.

    Personally, I would rather get rid of those that would exploit bugs more than I would want to get rid of bugs. Bugs will get fixed as decent people report them, but getting rid of those that would exploit bugs makes the game better for the rest of us.
  • maouwmaouw Member, Alpha One, Alpha Two, Early Alpha Two
    You cannot trust the playerbase to be noble.

    Especially in a game where you can get an advantage over the person next to you.
    I wish I were deep and tragic
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    maouw wrote: »
    You cannot trust the playerbase to be noble.

    Especially in a game where you can get an advantage over the person next to you.

    While this is true - it is also why developers need to keep tools like the one outlined above up their sleeve.
  • AffluentAffluent Member, Alpha Two, Early Alpha Two
  • tautautautau Member, Alpha One, Alpha Two, Early Alpha Two
    Perhaps the bounty could be a couple of free weeks added to your play time?
  • tautau wrote: »
    Mildly off topic, but to the OP who sat on exploits and shared them with friends....hopefully that kind of cheating in AOC will quickly earn you (& trusted friends) permabans.

    Further off topic, remember in L2 the 'Seven Secret Emotes' which, if done in the right order, opened the blouse of dark elf ladies?

    I want to point out that Steven himself has said on stream that in past MMO's he took advantage of exploits. Such as putting down enough objects prior to PvP engagements that it would crash people's clients.
    Zythtyz wrote: »
    So you want Intrepid to pay you to not abuse a bug and go against their ToS, or hold them hostage by ruining their in-game economy? You know what this sounds like, right?

    No, I want Intrepid to reward players who find bugs. And when I say reward, I mean a genuine reward. Not a skin, not a week of extra playtime. Something actually worth good money, or a genuine reward that clearly incentivizes a player to report on dupes. Otherwise, you end up in New World where YouTubers are just making tutorial videos about exploits for days. Again, Microsoft/Google/Apple, etc. all do this very same thing because it is prudent to do so. If I know of a Day 0 hack, even if it is something I constructed, Microsoft will literally pay me money if I come to them first with it.

  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    tautau wrote: »
    Perhaps the bounty could be a couple of free weeks added to your play time?

    When you compare the profit that can be made from bugs in MMO's, there may as well be no reward if this is the value you are putting on it.

    Even in a game as second tier in popularity as EQ2, people that were exploiting bugs were making enough money from selling gold obtained via exploits to buy a house.

    A few weeks of game time is not worth anyone's time.
  • VhaeyneVhaeyne Member, Alpha One, Alpha Two, Early Alpha Two
    Noaani wrote: »
    tautau wrote: »
    Perhaps the bounty could be a couple of free weeks added to your play time?

    When you compare the profit that can be made from bugs in MMO's, there may as well be no reward if this is the value you are putting on it.

    Even in a game as second tier in popularity as EQ2, people that were exploiting bugs were making enough money from selling gold obtained via exploits to buy a house.

    A few weeks of game time is not worth anyone's time.

    I hate agreeing with you on this because it makes the situation seem so hopeless. Until now, I have been thinking about the everyday man's reaction to exploits.

    When you consider people who are into RMT already, I don't think you can tempt them with any sort of bounty program.

    Still, I think something is better than nothing overall. A bounty program would motivate me to report bugs, a little more. As a human, I know I could be tempted to use an exploit if I found one. Lord knows I have exploited in the past. The severity has always depended on how much I resect the game or If I consider the exploit to be justified.
    TVMenSP.png
    If I had more time, I would write a shorter post.
  • Vhaeyne wrote: »
    When you consider people who are into RMT already, I don't think you can tempt them with any sort of bounty program.

    Most of those people have moved onto easier and safer pastures of making money. RMT is nowhere near as prevalent as it used to be for a variety of reasons. What's RMTing to a guy who can make more money just using a GPU to mine shitcoins? Nothing. It's literally a waste of time and electricity to do something other than mining, it's why a lot of NFT proponents want games to include whatever shill coin they're working on this week.

    Nowadays if you offered a few thousand dollars, cash in hand, for just reporting a duping exploit? Yeah, that money would get taken real god damn fast because short-term thinking overrides long-term planning. Or someone in a bind that needs that money who learns of the dupe from someone else will report it. Or someone who just doesn't care that much about the game but could always use a few grand would.

    I know this may seem like a lot of money, but do the math. If even 100 players dropped their subs for even just one month, you've already lost 1500 USD that you could avoided losing if you just paid some guy a grand for his bug report. Now though that monetary loss is compounded potentially by years because those 100 guys may never come back. Shoulda just paid a few thousand dollars to avoid all that in the first place.
  • NerrorNerror Member, Alpha One, Alpha Two, Early Alpha Two
    edited November 2021
    Exploiting people's greed, as per the OP, can be a fairly reliable tool, but there are some downsides as well obviously.

    My take on this is:
    1. let's get Alpha 2 underway. Let the testers who actually care about the game do their thing and report bugs and hopefully they'll have fun while testing. I would be ok with a title or cosmetic thingy be awarded to those who find and report serious exploits during this time. No cash prizes yet though.
    2. Once most of the core systems are up and running in A2, hire professionals to "penetration" test the game. There are companies that specialize in black box, grey box and white box testing of games. Hopefully the industry insiders know which companies are good.
    3. After the professionals have done their job and hopefully fixed most remaining exploits, let the unwashed masses at it through a proper bounty system. Cash prizes are fine. People finding and reporting exploits are giving Intrepid something of real world monetary value, and I think it's fine to be compensated for that. Remove the ingame rewards.

    I don't think Intrepid should announce if they plan to do step 3 above. We don't want people just hanging on to exploits in hopes of getting cash, but rather they should be incentivized through some ingame rewards, or just through the knowledge that the future of the game is better for it, and thus their future enjoyment is better too.

    Once all the planned features are in decently working order, we enter the betas for the final polish, but keeping the bounty system just in case.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Vhaeyne wrote: »
    I hate agreeing with you on this because it makes the situation seem so hopeless.
    While I get what you are saying here, I don't consider the situation to be hopeless at all.

    At least, not in regards to no bounty system.

    To me, the thing that made me think the situation was hopeless in terms of bugs in the part of the game I care about (the combat system), was the comment of no trackers. Without wanting to sound like a parrot repeating the same thing over and over, combat trackers main actual use from a game developer standpoint are as a tool players use to find bugs in the combat, harvesting and sometimes crafting system

    Very few games have game breaking bugs (actual exploitable things, not just balance issues that some people are unhappy with) in their combat system. When you consider that the combat system in most games is the most complex system in the game, and is also the one that players interact with the most, this would seem really strange at first.

    The reason there are very few games with game breaking bugs in their combat system is because every game has a core of passionate players armed with tools they use to diagnose that combat system to a degree even some game developers are astonished with.

    Passionate players with the right tools will always find bugs and serious issues before anyone else - which is what both players and developers should want.

    Then you have the two systems in games that have produced the most game-breaking bugs that I am aware of - game economy and experience game/reward systems.

    These two systems do not have players as passionate about them, and do not have tools players could use to diagnose them in the same way a combat system does. As such, most bugs that exist in these systems make it to the live game and are found by who ever happens to come across them first.

    Such tools for the games economy and reward systems could be developed, but I am unaware if there is the passion in the player base to put the same effort in to finding bugs in these systems as there is in a combat system.
  • VhaeyneVhaeyne Member, Alpha One, Alpha Two, Early Alpha Two
    @Ulfbrinter

    I have literally seen RMT in every MMORPG I have ever played in my life. So, I am a little skeptical that people will not be RMTing in Ashes for any of the reasons you stated.

    RMTers are experienced and skilled at finding, using and hiding exploits in every game they can get their hands on. They see every game as and opportunity to make money. They use account phishing to keep operation costs as low as possible.

    If crypto mining was as good as you claim, I would have stopped seeing RMTers in like 2013. It's 2021, and I still see them spamming in town in nearly every game I play. Just spamming away on someone else's account because they clicked the wrong link looking for a newbie guide...
    TVMenSP.png
    If I had more time, I would write a shorter post.
Sign In or Register to comment.