Greetings, glorious testers!

Check out Alpha Two Announcements here to see the latest news on Alpha Two.
Check out general Announcements here to see the latest news on Ashes of Creation & Intrepid Studios.

To get the quickest updates regarding Alpha Two, connect your Discord and Intrepid accounts here.

Should Intrepid offer a bug/exploit bounty system?

13»

Comments

  • JesterLoJesterLo Member, Alpha Two
    edited November 2021
    It is a well established practice in the software industry to pay a monetary reward or bounty of some sort to anyone who can find, reproduce and discretely report any security vulnerability they find in a company's software.

    It could be argued that in an MMO an "economy breaking exploit" could be as devastating as a security vulnerability in any other software and thus could warrant the same type of bounty program.
    Noaani wrote: »
    Again, this is the exact type of person that all multiplayer games are better off without. The idea of targeting a feature directly at such players is not healthy for any game.

    I do not see the problem in attracting talented exploit hunters if they are here for the money. They will be driven by monetary gain and thus will never sit on a bug/exploit for any length of time as someone else might have beaten them to the prize/bounty.

    The filthy personality you are afraid of attracting will find the game regardless of any bug bounty program as they are here for other reasons. However, some of them might even be persuaded to join the light side 👍

    -Karp
    -Karp
  • NerrorNerror Member, Alpha One, Alpha Two, Early Alpha Two
    Ulfbrinter wrote: »
    Nerror wrote: »
    Relying solely on players to find all the exploits is a bad idea, bounty system or no. Gotta hire the professionals and let them do their thing for sure.

    Intrepid already have QA, in fact, pretty much every game ever has a QA team, but that doesn't prevent massive exploits from being discovered by players. I am not advocating a player only system, but rather that Intrepid have their QA team but also pay out to players who report on massive bugs.

    I mean outside professionals who can do black box stuff as well for example. Proper pen testing stuff.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Very few? Even games that had years before coming to the west suffered with things like bug/exploit abuse which caused mass bans, rollbacks, and game economy damage which caused a lot of damage to the games name and playerbase.
    Very few MMO's have had bugs of this magnitude.

    Of those few games that have, I can't think of a single one that would have had a different outcome with a bug bounty system in place.

    You seem convinced otherwise - give me an example of when there would have been a different outcome.

    A system like this would only ever deal with small, insignificant bugs - which is why it isn't needed.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Karp wrote: »
    I do not see the problem in attracting talented exploit hunters if they are here for the money.
    Neither do I, but that is not what this system will do.

    MMO players (especially those at the top end of their chosen gameplay sphere) are better at finding bugs than players that are there for the money.

    I know this because I am one of those. I have reported dozens of bugs, some minor, some major in a handful of games - all of which were patched soon after.

    This is also how I know for a fact that some developers introduce exploits in to the game to catch undesirable players. One particular developer gave me a personal heads up about a bug they were introducing, knowing that I would find it within hours of it going live. As a tool, the ability for developers to weed out these undesirable players (basically anyone that would exploit a bug rather than report it) is better for the game than a bug bounty system.

    Again, the ONLY bugs that this system would uncover are those small enough that the player that is only there for personal gain considers to be not worth exploiting for greater gain. It is NOT a system that will uncover game breaking bugs - as these players would always take the option that has the largest personal gain.

    This is not a system that has any value at all to an MMO developer, and it boggles the mind to think that anyone could think it would.
  • Noaani wrote: »
    Very few MMO's have had bugs of this magnitude.

    Of those few games that have, I can't think of a single one that would have had a different outcome with a bug bounty system in place.

    You seem convinced otherwise - give me an example of when there would have been a different outcome.

    A system like this would only ever deal with small, insignificant bugs - which is why it isn't needed.

    You want an example? Sure, i will give you one.

    Archeage's Infinite Apex Bug/exploit. Apex was an archeage cash shop consumable item that was tradable and when consumed would give the user a certain amount of cash shop currency that would be otherwise untradable directly.

    The bug/exploit: When using the apex item there was a 2-3 sec time for it to disappear from your inventory and for you to receive its cash shop currency amount. But when using an instance instant teleportation(mainly to or out of mirage island) between the cast time of the comsumption, the item would not be consumed but the cashshop currency would be received.

    Consequence: The markets of all AA servers where flooded with cashshop tradable stuff which had their prices deflated real fast, stuff that was pretty important for the server economy and because it spreaded before the few that had the bug knowledge were dealt with it affected the price of everything else.

    Result: The game economy was destroyed pretty fast, Trions response to it was even worse, mass ban of people that didn't even exploited forever tainting the game and the company name and a massive reduction of the playerbase. Even tho it was only one of the insane exploits that appeared later on.

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    6wtxguK.jpg
    Aren't we all sinners?
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    Nope, I'm telling you that someone that would only report a bug for personal gain would not have reported that bug, as they had more to gain from exploiting it.

  • Noaani wrote: »

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    Nope, I'm telling you that someone that would only report a bug for personal gain would not have reported that bug, as they had more to gain from exploiting it.

    The absolute majority of them definitely wouldn't and would go against the risks, but here is the trick,
    you only need a single one of them to be afraid of the risks and take the safe route to snitch it....
    6wtxguK.jpg
    Aren't we all sinners?
  • Noaani wrote: »

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    Nope, I'm telling you that someone that would only report a bug for personal gain would not have reported that bug, as they had more to gain from exploiting it.
    Unless you pay them money to report the exploit.
  • SongcallerSongcaller Member, Alpha One, Alpha Two, Early Alpha Two
    If an exploiter is doing the business of exploiting they would hardly take a minimal reward for reporting said bug. Your explanation about Archeage highlights the fallacy because more than one person undertook the exploit. Furthermore, innocent people were banned and that's a travesty.

    If one person can snitch on a whole network ( I assume the innocent people in question received items from the exploit) then it is even less likely an exploiter would report it. Most likely the issue came to light when a non exploiter discovered the issue or the devs discovered the issue.
    2a3b8ichz0pd.gif
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Noaani wrote: »

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    Nope, I'm telling you that someone that would only report a bug for personal gain would not have reported that bug, as they had more to gain from exploiting it.

    The absolute majority of them definitely wouldn't and would go against the risks, but here is the trick,
    you only need a single one of them to be afraid of the risks and take the safe route to snitch it....

    This applies without the bounty system though.
    Ulfbrinter wrote: »
    Noaani wrote: »

    Are you willing to tell me, that if that bug was reported through a bug/exploit bounty hunting system early on it wouldn't have changed anything?
    Nope, I'm telling you that someone that would only report a bug for personal gain would not have reported that bug, as they had more to gain from exploiting it.
    Unless you pay them money to report the exploit.

    You would need to pay them more money than they can expect to make from it - which would not be the case.

    And as pointed out earlier in this thread, a bounty system in an MMO would not be legally able to offer a monetary reward. In many (arguably most) countries, people would need to be considered either a contractor or an employee to accept money for what is essentially work.

    This is why most of the bugs reported to companies like Microsoft and Facebook come from bug bounty companies/organizations, not from individuals. The companies pay the staff, and the bounties are the income that the companies make (among other revenue sources).

    This system kind of falls apart if you try to go international with bounties to individuals.

    So, the notion of a cash reward for bugs in an MMO is a non-starter, meaning we are discussing non cash rewards, which will not see people report bugs like the above.
  • Noaani wrote: »
    This applies without the bounty system though.

    WAY less likely without the personal incentive though.

    6wtxguK.jpg
    Aren't we all sinners?
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Noaani wrote: »
    This applies without the bounty system though.

    WAY less likely without the personal incentive though.

    No it isn't.

    This is why almost all bugs in MMO's are reported and fixed.

    Sure, some are exploited a little before they are fixed, but most are not.

    Those that are exploited before they are fixed are not likely to have that situation altered by offering money to people for reporting them. People either report bugs to make the game as good as it can be, or take the option that offers the most personal gain - which will always be exploiting the bug.
  • Neurath wrote: »
    If an exploiter is doing the business of exploiting they would hardly take a minimal reward for reporting said bug. Your explanation about Archeage highlights the fallacy because more than one person undertook the exploit. Furthermore, innocent people were banned and that's a travesty.

    If one person can snitch on a whole network ( I assume the innocent people in question received items from the exploit) then it is even less likely an exploiter would report it. Most likely the issue came to light when a non exploiter discovered the issue or the devs discovered the issue.

    No one is saying minimal, and point of fact myself and he have been railing against the idea of it being some sort of frivolous title or costume or something equally worthless.
  • truenoirtruenoir Member, Braver of Worlds, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    edited November 2021
    Ulfbrinter wrote: »
    Most software devs with a brain offer these. And since the enormous number of exploits have made that other MMO currently unplayable, should Intrepid implement such a system?

    I think most of us who have played subscription-based MMO's know that any sort of rampant duping/infinite resource (for instance) often results in irreparable damage to the player base and word of mouth. Suddenly the well becomes poisoned and subs drop off when such exploits are left unfixed for even a few weeks for both of the aforementioned reasons.

    Personally? As someone who has found multiple of these sorts of exploits in past MMO's, I always keep them to myself or tell a small number of trusted friends that I know won't tell others. This way we can just sit on the exploit without anyone finding out about it. There's simply no immediate incentive for the player to tell the Devs about it, but if you pay players who report these exploits and glitches before knowledge of them becomes commonplace? Well - that's just being smart, and that's just doing what other types of software companies do to protect their own interests.

    I hate to say it but the main key thing that prevents exploits from happening is having a great tester team you can trust. And not pushing out updates that haven't been put through the ringer. Bounty systems don't matter. I'll give you a perfect example cause being someone who worked as a scripter and programmer and also engineered different types of things when I got bored with WoW I actually turned to exploiting using some of my old skill set for hacking from older mmorpgs and building servers.

    I first tried to be the good player by reporting bugs to Wow's development team. And that falls on deaf ears all the time cause if it doesn't show up as something one of there developers catch they ignore it till it becomes a problem. You also can be banned for reporting an exploit if they actually try it and it works. So who is gonna risk that. But aside from ethics of it lets talk about a real exploit that me an a friend found out.

    I'm sure anyone who played old world wow remembers the script fuction which could be used to instantly log yourself out of game. It was useful in pvp cause you could log out when someone was hunting you and wait till it was safe or it was also used to sneak into unfinished zones cause you could walk through the warp out areas. This was pre- cataclysm. But me and a friend stumbled on an exploit with the auction house which would allow you to dupe items. See back then the character server and the login server had a 45-60 second delay in the saving of character data. Part of it was related to the servers being overloaded but also they hosted the servers not all on the same server as well. And when the server was overloaded the time window of data saves got even worse and it could take 1 to 2 minutes. So you could post a bunch of items in 40 seconds using a simple auction bot and use the script function to kick the character out of game and log back in and you would have the items posted in the auction house as well as in your inventory.

    But being a good person originally I was like damn this is a huge exploit and I went to the GM's and they kept telling me that "dupe hacks don't exist". So I gave up and just started using it when ever I needed new rune orbs and BoE copies of things. I used to post a lot of other exploits because I was a member in some communities and wow had tons of mechanical failures with quests. Like dropping a quest mid way to get free gold and EXP.

    And I used to work on one of the famous bots of the time with my friend who was a head developer but I only wrote the AI system for it cause my actual programming skills leave much to be desired. But the friend I did a lot of work with ended up quitting and I also decided I wasn't gonna play wow anymore. So we gave blizzard staff one more chance to listen to us about the dupe hack and threatened if they don't take it seriously we would post it on elitepvpers. In which we got an invitation by a gm to craft some GM items on the auction house and both of us got perma banned. And now you have the "Your body stays in game for 2 minutes" to let the character server save your data to prevent dupe hacking on wow.

    I know about 2000 wow players just ran over to wow to test if it still works but your long out of luck.

    Bottom line though don't hack and ruin a good game. But also development team don't ignore players who actually give a damn and want the game to be a great game. I want to see ashes of creation hit #1 and be the best game for the next 20+ years like Ragnarok Online.

    But too the reason bounty systems don't work cause the reward has to out weigh the exploit. Back then you could sell wow gold for enough money to quit your job if you where that kind of person and wanted to go through that. Same thing with botting if people make 100 a month per bot per person they wouldn't want exploits used to be reported. Anything I catch I'll be reporting reward or no reward.

    All antihack systems suck to a certain degree. Nothing is ever 100% safe from hackers. Wow's warden that isn't public is trash just like it was back then. But we could talk for hours on the subject of how to protect the game and it wouldn't really get us anywhere. The main thing is the more quests that need specialty programming the less bots can do or the longer it takes to program them to be able to do them.

    Edit: side note to ^ when the content is hard bots have a hard time as well. If questing is hard they go to monster farming. If monster farming is hard and quests are hard they look for something else.

  • UlfbrinterUlfbrinter Member
    edited November 2021
    truenoir wrote: »
    But too the reason bounty systems don't work cause the reward has to out weigh the exploit.

    I read your post, but the only part that I have to address is this bit. If you read through the thread or just the first post, you'll see that I explicitly mean cash. And while this may seem outrageous, please consider that this is a subscription-based MMO where even a few hundred people quitting for good has major knock-on effects. As myself and a few others in this very thread have also pointed out that it really just takes one major exploit, one bad response from Intrepid to have a bunch of yellow journalists running around ruining the image of the MMO. Further, even if the response is in line with what veteran MMO players expect (a rollback and a fix) should the exploit become well known - it still doesn't solve the problem of the reputation being soured. This is why a bug bounty system must be implemented because it preys upon the inherent greed in most people (or perhaps desperation). You and maybe even Intrepid may look at several thousand dollars for a duping/invincibility/etc. exploit as excessive but all it takes is the very simple math of weighing the number of subs just quitting altogether and the potential lost revenue from people who might have played but no longer will since it's "that game with the exploits." Something like a few thousand dollars (given the hopeful rarity of such bugs) is a drop in the bucket if you just step back and look at the reality of the situation for two seconds.
  • truenoirtruenoir Member, Braver of Worlds, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    edited November 2021
    Ulfbrinter wrote: »
    truenoir wrote: »
    But too the reason bounty systems don't work cause the reward has to out weigh the exploit.

    I read your post, but the only part that I have to address is this bit. If you read through the thread or just the first post, you'll see that I explicitly mean cash. And while this may seem outrageous, please consider that this is a subscription-based MMO where even a few hundred people quitting for good has major knock-on effects. As myself and a few others in this very thread have also pointed out that it really just takes one major exploit, one bad response from Intrepid to have a bunch of yellow journalists running around ruining the image of the MMO. Further, even if the response is in line with what veteran MMO players expect (a rollback and a fix) should the exploit become well known - it still doesn't solve the problem of the reputation being soured. This is why a bug bounty system must be implemented because it preys upon the inherent greed in most people (or perhaps desperation). You and maybe even Intrepid may look at several thousand dollars for a duping/invincibility/etc. exploit as excessive but all it takes is the very simple math of weighing the number of subs just quitting altogether and the potential lost revenue from people who might have played but no longer will since it's "that game with the exploits." Something like a few thousand dollars (given the hopeful rarity of such bugs) is a drop in the bucket if you just step back and look at the reality of the situation for two seconds.

    Well I'll give you another example :https://hackerone.com/riot?type=team riot has a post up there based on people finding exploits or bugs and offers money. But even still there's thousands of bots for riot based valorant not to mention exploits such as aimbot, wall-hacks. Getting offered 100k for a hack or bot that your making 100 per person and you have 50,000 users your taking a huge loss if you report yourself. So they are asking someone who is making millions of dollars to report a bug or kernel exploit for 100k. Rockstar is another that does the same thing with its games just not for as much money. How is anyone gonna report an exploit that they are gonna pay even less for. 25,000 for a SQL inject>? don't make me laugh cost more per hour to get a developer to work on your database then the amount to pay out for a bug that could let someone inject database entries.

    I'm not saying that you can't try these methods but honestly they don't work. The average player is nothing more then a script kiddy and does nothing but copy others codes or can find basic bugs. Its people who have worked in some line of programming, engineering or hacking that can find these types of exploits. People who know how to use ASM and C++ that's who your fighting. Not the average person who knows how to read email and copy the hack.exe and post it into game folder and hit crack.

    And bottom line is most game developers know this too cause they have engineers and programmers working on the game. But everyone is human and we all make mistakes. If we put that call for variables on the wrong line of course we are going to cause a bug that someone could get some gold and exp. Mostly a matter of finding these before they go live. But also testing wise most people don't run through the game all over unless they are told to.



  • UlfbrinterUlfbrinter Member
    edited November 2021
    truenoir wrote: »
    And bottom line is most game developers know this too cause they have engineers and programmers working on the game. But everyone is human and we all make mistakes. If we put that call for variables on the wrong line of course we are going to cause a bug that someone could get some gold and exp. Mostly a matter of finding these before they go live. But also testing wise most people don't run through the game all over unless they are told to.

    I get what you're saying, but this isn't the focus of the discussion. The focus isn't on guys who are selling packages like this. That's well beyond what the intention is because those people will never come forward, as you and I know. The goal is to focus on the people who are exploiting extremely basic, but extremely harmful bugs. You don't need anything you just mentioned to introduce unintentional iframes into a game. You don't need that to dupe. You don't need that even do something like flying. All it takes is the know-how from previous games and some thorough probing where the Q&A team may have failed. Further, as the first page on this thread shows there have already been instances of people who are playing the Alpha 1 that attempted to (and if that's just an attempt this means they're definitely those who succeeded at obscuring their findings) hide exploits but were ratted out.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Ulfbrinter wrote: »
    I get what you're saying, but this isn't the focus of the discussion.
    The focus of the discussion is what ever is being discussed.

    So, the issues with a bug system are that in many countries it is simply not compatible with the law, which is why most bug bounty programs have companies or organizations as the bulk of the participants. If you are not aiming the system at people that are already in such companies or organization (which you say you are not), then you are excluding the possibility of cash rewards.

    Getting paid for finding faults in a product is work, in a legal sense. As such, anyone getting paid for finding a bug is either an employee or contractor.

    You need to address this if you want people to think you are serious about your idea.

    Then you need to address what Intrepid can do in relation to setting up situations in which to catch exploiters in order to ban them. While I am unsure how common a practice this is, I know it is one that some companies do, and often results in hundreds of account bans for exploiting - far more effective than a bug bounty system imo.

    These two systems are not compatible - a developer can only chose one. You need to address why a bounty system would be better for Intrepid than the alternative, which you have so far just ignored (in part because you are likely the target of such a system).

    Then you have the practical side of this to address. If a player is able to make thousands, tens of thousands or even hundreds of thousands from a bug, how much do Intrepid need to offer them to report it? If Intrepid offer a bounty based on the severity of the bug and someone finds a minor bug with no immediately obvious means of exploitation, why would that person not just sit on said bug until a means of exploiting it for gain shows up, and at that point why would they then report it?

    At best, the bugs this kind of system would find are unimportant and insignificant, and would have been reported by the general population at some point. It is highly likely that the bug you talk about in the OP was known about by the developers, but they just never got around to fixing it, as it was not important enough.
  • edited November 2021
    Noaani wrote: »
    No it isn't.

    This is why almost all bugs in MMO's are reported and fixed.

    Sure, some are exploited a little before they are fixed, but most are not.

    Those that are exploited before they are fixed are not likely to have that situation altered by offering money to people for reporting them. People either report bugs to make the game as good as it can be, or take the option that offers the most personal gain - which will always be exploiting the bug.

    Yes, it is!

    Yeah, almost all bugs in MMO's are reported and fixed, sadly the majority of times its pretty late and people already abused and took all the advantage they wanted from it.

    Depending on the bug/exploit "potential" there will be some that will take the offer as long as there is an incentive for it, if there is no incentive they will never report it for free, the bug/exploit and the report/fix will take longer and possible have more destructive potential..
    6wtxguK.jpg
    Aren't we all sinners?
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    Yeah, almost all bugs in MMO's are reported and fixed, sadly the majority of times its pretty late and people already abused and took all the advantage they wanted from it.
    The majority of bugs that people not working directly on the game itself are able to find are reported and fixed in beta testing.

    The bugs that make it through to the live game are very much the minority.

    The bugs that a bounty system could even potentially be used for are bugs that are not found in testing, that are impactful enough to be worth the cost, are not so impactful that multiple people will find them, and are also not able to be exploited for personal gain.

    I honestly can not think of a single bug in any game I have played that fits these parameters. Even the example you provided from Archeage fails at two of them.
  • truenoirtruenoir Member, Braver of Worlds, Kickstarter, Alpha One, Alpha Two, Early Alpha Two
    Noaani wrote: »
    No it isn't.

    This is why almost all bugs in MMO's are reported and fixed.

    Sure, some are exploited a little before they are fixed, but most are not.

    Those that are exploited before they are fixed are not likely to have that situation altered by offering money to people for reporting them. People either report bugs to make the game as good as it can be, or take the option that offers the most personal gain - which will always be exploiting the bug.

    Yes, it is!

    Yeah, almost all bugs in MMO's are reported and fixed, sadly the majority of times its pretty late and people already abused and took all the advantage they wanted from it.

    Depending on the bug/exploit "potential" there will be some that will take the offer as long as there is an incentive for it, if there is no incentive they will never report it for free, the bug/exploit and the report/fix will take longer and possible have more destructive potential..

    World of warcraft never would rush to fix things cause they just felt "not enough people are exploiting them for it to be a big deal" but as it got posted on multi hacking communities and tons of players where abusing it then they would fix it and ban all the players who used it. But it was just account ban so hackers just buy a new account and start playing again.

    When I used to run game servers we would dish out hardware id bans and would use CPU since modifying a CPU's ID can potentially brick the system. That's really the main way to get rid of someone. Resetting MAC address is childs play for most people and hard drives are easy. Archeage used to do MAC address and hard drive ID bans for people using speed hacking which was cause of cryengine makes you want to cry as a developer.

    But honestly its more profitable for the game devs to just do it wow's way people have to buy the game again, buy the sub all over making more profit for the developers. And the cycle continues.

    All of these types of things get brought up in every game that exists with potential for hacking. Its nice to have dreams of a hack free game but its not reality.

    You can CPU id ban players, Have systems that detect macro's, detect speed hacks, have catchphrases to check player activity. But too then you gotta think about accidental bans. What you don't know about is when someone gets banned by mistake. A antihack program accidently bans 2000 people by mistake or your pc is laggy and you end up teleporting which triggers the speed hack detection and you get banned. or the macro is just the speed of your normal game play and you get banned for not doing anything. Or your antivirus gets you banned because it was scanning the memory. You can look at almost every antihack system made by top producers and pick some kind of annoying problem. Gameguard is hot garbage on a sunny day its banned so many people by mistake.

  • JesterLoJesterLo Member, Alpha Two
    I think it is a really good idea to have honeypots in the game. Exploits known to the developers which they keep track of and ban people who use those exploits.

    I also think it is a good idea to have a bounty program that offers cash rewards for game-braking or economy-braking exploits.

    I agree with @Noaani that bounty programs will not get people to report exploits if they are making more money selling that exploit, than they are rewarded as a bounty. But lets hope that a honeypot system will catch most of those people.

    -Karp
    -Karp
  • daveywaveydaveywavey Member, Alpha Two
    Ulfbrinter wrote: »
    Personally? As someone who has found multiple of these sorts of exploits in past MMO's, I always keep them to myself or tell a small number of trusted friends that I know won't tell others. This way we can just sit on the exploit without anyone finding out about it.

    Then, you're part of the problem. Shame on you and your friends.

    giphy.gif
    This link may help you: https://ashesofcreation.wiki/


    giphy-downsized-large.gif?cid=b603632fp2svffcmdi83yynpfpexo413mpb1qzxnh3cei0nx&ep=v1_gifs_gifId&rid=giphy-downsized-large.gif&ct=s
  • From what I saw in the Alpha 1 streams, the bug reporting tool was woefully inadequate. People had to type in coordinates themselves, and there was no way to add a screenshot or anything. So getting a good reporting tool is essential.

    I don't know how effective a bounty system would be. A lot depends on implementation obviously. No matter the choice there, I think gamifying the bug reporting system might work. Some sort of system where the QA team receiving the bug reports grade them as useful or useless, and if it's a brand new bug the player has found, or a known bug the player just confirmed.

    I think it would create a positive feedback loop, where the players can see the report as received and read, and not just disappearing into a void. If they also get quick feedback from the QA person, with a quick rating system and perhaps some common options like "need more details", "lacks steps to reproduce bug" and such they can check off.

    Tie the whole thing into some titles players can achieve. Maybe some emotes/dances/cosmetics. The more quality bug reports they write, the more they get.

    If a bounty system with real cash is implemented, it can be tied to the above system too.


  • daveywaveydaveywavey Member, Alpha Two
    Jhoren wrote: »
    Tie the whole thing into some titles players can achieve. Maybe some emotes/dances/cosmetics. The more quality bug reports they write, the more they get.

    I want a Superman pose, an Usain Bolt victory pose, and a Christopher Walken Weapon Of Choice dance.
    This link may help you: https://ashesofcreation.wiki/


    giphy-downsized-large.gif?cid=b603632fp2svffcmdi83yynpfpexo413mpb1qzxnh3cei0nx&ep=v1_gifs_gifId&rid=giphy-downsized-large.gif&ct=s
  • UlfbrinterUlfbrinter Member
    edited November 2021
    Jhoren wrote: »
    From what I saw in the Alpha 1 streams, the bug reporting tool was woefully inadequate. People had to type in coordinates themselves, and there was no way to add a screenshot or anything. So getting a good reporting tool is essential.

    Agreed. Bad report systems just make it feel like your reports are going straight into the shredder.
  • NoaaniNoaani Member, Intrepid Pack, Alpha Two
    I do agree that a better bug reporting system would be well worth the time and effort to implement. Far, far better use of resources than a bounty system.

    That said, almost all serious bugs I have found and reported in the past I e-mailed directly to developers/producers.
  • I kinda do like the idea because I'm kinda against rollbacks in mmos in general. Flat out cheating and hacking needs to be permabanned, but lesser sentences that don't have a clear answer could have a system like this. So if enough of the community is angry at you for abusing it you can lose a ton of progress as compensation.

    You have to tie the system to in game time though and not real world time. So you can't just log out and avoid the penalty. If you lose to bounty hunters of this kind then you have a high chance to lose equipment in your inventory and equipped. Not 100% like corrupted though. Just enough to scare the shit out of you, but not enough to guarentee a loss of progress.
    zZJyoEK.gif

    U.S. East
  • I love posting as the last person on a page only to be ignored. Pog.
    8vf24h7y7lio.jpg
    Commissioned at https://fiverr.com/ravenjuu
Sign In or Register to comment.