Greetings, glorious adventurers! If you're joining in our Alpha One spot testing, please follow the steps here to see all the latest test info on our forums and Discord!
Options

Solutions for bots - Best ideas (?)

ZaphiriZaphiri Member, Explorer, Kickstarter
We have all played MMORPGs over the years. We have seen many of them fall for different reasons. We also have seen that all these games have bots to profit from in the real world. These bots, as we all know, ruin the game very quickly as you start seeing AFK players, repeating moves, stealing loot from you, and many more things. This make real players mad until they stop playing the game, even when they put so much time and sacrifice into it. I created this post, to discuss what are the most effective ways, we can imagine or have seen regarding this matter.
In my opinion, the best strategy is to ask for a KYC per account. You would have to upload your information, documents that verify this information, and even real photos/videos of each one. This information is not intended to show it online but to understand that there is a real person behind the computer playing Ashes Of Creation. There are going to be people who seek to cheat with this system and bypass it, but from my point of view, it would solve a lot. What do you think?

Comments

  • Options
    I ain't sending no one my info.

    And if I see a bot, I report it and then PK it. Live GMs can check it out when they have the time for it.
  • Options
    ZaphiriZaphiri Member, Explorer, Kickstarter
    NiKr wrote: »
    I ain't sending no one my info.

    And if I see a bot, I report it and then PK it. Live GMs can check it out when they have the time for it.

    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
  • Options
    NiKrNiKr Member
    edited October 2022
    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
    If they have that information, couldn't they just limit the amount of accounts under one name? And if they can't then how exactly would a picture (that could be not even of me) would prevent botting?

    There's AI generated faces now that botters could use with a bit of photoshop touchup and potential botters from 3rd world countries could just go take photos of random people and use those.

    And if you're suggesting sending Intrepid photos of your IDs - that's gonna be a "nah dawg" from me yet again.
  • Options
    ZaphiriZaphiri Member, Explorer, Kickstarter
    NiKr wrote: »
    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
    If they have that information, couldn't they just limit the amount of accounts under one name? And if they can't then how exactly would a picture (that could be not even of me) would prevent botting?

    There's AI generated faces now that botters could use with a big of photoshop touchup and potential botters from 3rd world countries could just go take photos of random people and use those.

    And if you're suggesting sending Intrepid photos of your IDs - that's gonna be a "nah dawg" from me yet again.

    Yes, that could be one solution, with the information they have to limit the amount of acc under one name.

    Although i don't know how secure KYC would be, not an expert in this field, which is why i suggest the picture. It does not necessarily need to be an ID, it could also be a driver's license. But, let's say they do not ask for ID or driver's license (because that is too personal), they could ask for a video of you holding some type of info (acc name, date, anything) that also cut down the possibilities of having a lot of bots. Of course, there going to be some that still manage to surpass that but it would prevent a lot of them. What do you think?
  • Options
    AzheraeAzherae Member, Alpha One, Adventurer
    NiKr wrote: »
    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
    If they have that information, couldn't they just limit the amount of accounts under one name? And if they can't then how exactly would a picture (that could be not even of me) would prevent botting?

    There's AI generated faces now that botters could use with a big of photoshop touchup and potential botters from 3rd world countries could just go take photos of random people and use those.

    And if you're suggesting sending Intrepid photos of your IDs - that's gonna be a "nah dawg" from me yet again.

    Yes, that could be one solution, with the information they have to limit the amount of acc under one name.

    Although i don't know how secure KYC would be, not an expert in this field, which is why i suggest the picture. It does not necessarily need to be an ID, it could also be a driver's license. But, let's say they do not ask for ID or driver's license (because that is too personal), they could ask for a video of you holding some type of info (acc name, date, anything) that also cut down the possibilities of having a lot of bots. Of course, there going to be some that still manage to surpass that but it would prevent a lot of them. What do you think?

    Doesn't prevent a lot of them.

    Spoofing is easy. I say this as someone who has worked in the 'field' of trying to help stop it.

    Until you reach PRC levels of surveillance and don't allow payment by debit card, you won't manage this.
    Sorry, my native language is Erlang.
    
  • Options
    ZaphiriZaphiri Member, Explorer, Kickstarter
    Azherae wrote: »
    NiKr wrote: »
    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
    If they have that information, couldn't they just limit the amount of accounts under one name? And if they can't then how exactly would a picture (that could be not even of me) would prevent botting?

    There's AI generated faces now that botters could use with a big of photoshop touchup and potential botters from 3rd world countries could just go take photos of random people and use those.

    And if you're suggesting sending Intrepid photos of your IDs - that's gonna be a "nah dawg" from me yet again.

    Yes, that could be one solution, with the information they have to limit the amount of acc under one name.

    Although i don't know how secure KYC would be, not an expert in this field, which is why i suggest the picture. It does not necessarily need to be an ID, it could also be a driver's license. But, let's say they do not ask for ID or driver's license (because that is too personal), they could ask for a video of you holding some type of info (acc name, date, anything) that also cut down the possibilities of having a lot of bots. Of course, there going to be some that still manage to surpass that but it would prevent a lot of them. What do you think?

    Doesn't prevent a lot of them.

    Spoofing is easy. I say this as someone who has worked in the 'field' of trying to help stop it.

    Until you reach PRC levels of surveillance and don't allow payment by debit card, you won't manage this.

    what are the best partial solutions you found working against bots?
  • Options
    AzheraeAzherae Member, Alpha One, Adventurer
    Azherae wrote: »
    NiKr wrote: »
    If you pay subscription they already have lot of your information. The only difference here is looking a way of prevention of the problem, rather than letting the problem appear and then look for a solution. Although, i respect your opinion.
    If they have that information, couldn't they just limit the amount of accounts under one name? And if they can't then how exactly would a picture (that could be not even of me) would prevent botting?

    There's AI generated faces now that botters could use with a big of photoshop touchup and potential botters from 3rd world countries could just go take photos of random people and use those.

    And if you're suggesting sending Intrepid photos of your IDs - that's gonna be a "nah dawg" from me yet again.

    Yes, that could be one solution, with the information they have to limit the amount of acc under one name.

    Although i don't know how secure KYC would be, not an expert in this field, which is why i suggest the picture. It does not necessarily need to be an ID, it could also be a driver's license. But, let's say they do not ask for ID or driver's license (because that is too personal), they could ask for a video of you holding some type of info (acc name, date, anything) that also cut down the possibilities of having a lot of bots. Of course, there going to be some that still manage to surpass that but it would prevent a lot of them. What do you think?

    Doesn't prevent a lot of them.

    Spoofing is easy. I say this as someone who has worked in the 'field' of trying to help stop it.

    Until you reach PRC levels of surveillance and don't allow payment by debit card, you won't manage this.

    what are the best partial solutions you found working against bots?

    In the one 'game community' we had to find ways to get rid of players who were problematic (since this applies in all cases) we didn't ban the account directly, just applied hidden disadvantages to them. This way the player would report it as a bug, not knowing that we had 'caught them'.

    We could then have people gather a LOT more information on them, explicitly have them create new accounts using the types of spoofing methods that one might use but the ordinary person wouldn't have easy access to, flag that they could and would do this easily, etc.

    It's easier to catch people when they don't think you're after them.

    Bots specifically, I personally believe can only be prevented by proper game design, but the general 'make sure you can identify them and deal with this situation' that you are mostly talking about, we deal with in this way. 'Throw a random bug into their character, wait for them to report it, gather info about them when they report it, flag them, maybe spook them by telling them "hey did you know you were also under review for this thing you supposedly did? Did that get cleared up btw?" and so on'.

    Intrepid won't tell us what they will do, but since you asked, that's what we did.
    Sorry, my native language is Erlang.
    
  • Options
    Introduce a fine for identified bots into the EULA + T&Cs for something like $1,000. By accepting the terms & conditions to be charged for the account agreement, you then have authorization to charge the payment token for a fine. So basically eat into their bottom line.

    I'd also hire a firm to establish gold-buying sites for Ashes, collect a list of players then ban them in batches . Then close the site and stand up another one.
    AoC+Dwarf+750v3.png
  • Options
    active gms is a good solution
  • Options
    Solution for this problem is good and fast GMs and effective anti-cheat software.
  • Options
    Arya_YesheArya_Yeshe Member
    edited October 2022
    The solution is ganking.

    In games that ganking has no or minimal or temporary penaties the bots are hunted down and then it's the players who will farm the bots.

    ELITE PVP is finding the bot farms and ganking them all and taking all their stuff and comming back tomorrow.

    The players can do a better job in keeping bots at bay than any company or AI.
    PvE means: A handful of coins and a bag of boredom.
  • Options
    Flagging rules apply to bots too. Suck to go red killing bots then get killed by another player that grabs your gear.
    AoC+Dwarf+750v3.png
  • Options
    AerlanaAerlana Member, Alpha One, Adventurer
    As said

    1) in a free PvP game we are able to limit bots activity thru PvP, i don't know if i would go red on "real player" probably not, but... this freedom to become corrupted i said on another topic becomes totally wonderfull to limit bots efficiency !

    2) general game design. Just look at Lost Ark where bots are a real thing.
    They do quests (leveling/dailies), chaos dungeons. And some even try to get carried thru Duty Finder on abyss dungeons and guardians.
    Those are content where a simple script and few screen information detection is more than enough to clean (quests/chaos), for abyss/guardians, content are easy enough to get carried, and the DF system makes sure to find group (at worst, bot get votekicked, return in DF queue)

    Without DF, bots need now to be able to do content alone. . . And then you can design the farms a way bots have hard time to be efficient (needing more decision than an automatic way to play)

    3) In game Game master (who can spy on characters, etc) are a great way to deal with most way to cheat.
    Not used a lot because... high cost (so less benefits). But it remains probably the best way
  • Options
    JustVineJustVine Member, Alpha One, Adventurer
    edited October 2022
    CROW3 wrote: »
    Flagging rules apply to bots too. Suck to go red killing bots then get killed by another player that grabs your gear.

    I definitely worry about bot honey traps. Top guilds have basically no reason to not run bots in their chosen node if you think about it. The bot benefits the node and therefore the guild in a lot of indirect ways. Even if IS clamps down on benefiting from the mats they will generate, baiting political enemies into attacking an 'innocent' green bot the guild knows not to attack them, but other people don't.

    And you know what sucks if this scenario happens? Once people go red trying to get rid of these bots, the goon squad can roll in take what drops you gained killing the bot without fear of being tracked as bot users and your gear takes the damage and possibly gets lost setting you back time and resources. They can literally just sucker you into laundering their ill gotten mats for them. That's why I'm hoping IS manages to hire a top gun Security dev.
    Small print leads to large risks.
  • Options
    We have all played MMORPGs over the years. We have seen many of them fall for different reasons. We also have seen that all these games have bots to profit from in the real world. These bots, as we all know, ruin the game very quickly as you start seeing AFK players, repeating moves, stealing loot from you, and many more things. This make real players mad until they stop playing the game, even when they put so much time and sacrifice into it. I created this post, to discuss what are the most effective ways, we can imagine or have seen regarding this matter.
    In my opinion, the best strategy is to ask for a KYC per account. You would have to upload your information, documents that verify this information, and even real photos/videos of each one. This information is not intended to show it online but to understand that there is a real person behind the computer playing Ashes Of Creation. There are going to be people who seek to cheat with this system and bypass it, but from my point of view, it would solve a lot. What do you think?

    With registration, it will already limit the number of bots. For the rest, I hope there will be a whole team tracking bots and permaban the player, his account and his IP address.

    All player mass reports must be checked manually by the staff. Otherwise we'll have (again) some frustrated guilds mass reporting abusively.

    Mordern games don't even seem to have efficient antibots....
  • Options
    Best solutions are:

    Active GMs: I remember WoW Vanilla from 2005 where I reported a farming hunter for botting. After 10 mins a GM contacted me and said, he will check it. I put the botter on my friendlist, after some time he went offline, never returning back. Banned successfully.

    PvP: Ganking the bots or pulling so many mobs that they die, lose time and money (repairing equipment). There were even coordinations between enemy factions hunt down the bots of the opposite faction.
  • Options
    Active GMs and working detection algorithms and report systems.

    That's all.

    Just one GM running around will ban enough bots to make the costs of the botters unfeasible.

  • Options
    In my opinion, the best strategy is to ask for a KYC per account. You would have to upload your information, documents that verify this information, and even real photos/videos of each one.

    Just like the first guy said, I don't fancy uploading my id or passport and my pictures online just to play a game. I'm already put off from OW2 and MW2 just because of the phone number requirement.

    In my opinion the best way to counter bots would be to have a few live GMs in each server and they monitor chat or incoming reports.

    Just a Sail, drifting about
  • Options
    LineagerLineager Member, Alpha One, Adventurer
    edited October 2022
    The idea reporting bots so that GMs would check them is good. Also well is to make a good anti-cheat. In general, if you take shooters, then in CS:GO there are servers from Faceit where both systems keep games pretty clean. Reports + anti-cheat.
  • Options
    When enough players report a bot a msg pops up ontheir screen off to the side but noticable if it a player but not in the way if there fighting and they have 2-5 minutes (with character being in motion aka moving around) to type in the code if they dont they get flagged for no penalty for killing them and they drop their resources as a reward :P
  • Options
    JustVineJustVine Member, Alpha One, Adventurer
    Veeshan wrote: »
    When enough players report a bot a msg pops up ontheir screen off to the side but noticable if it a player but not in the way if there fighting and they have 2-5 minutes (with character being in motion aka moving around) to type in the code if they dont they get flagged for no penalty for killing them and they drop their resources as a reward :P

    This will obviously be used to harass people during combat.
    Small print leads to large risks.
  • Options
    Arya_YesheArya_Yeshe Member
    edited October 2022
    JustVine wrote: »
    The bot benefits the node and therefore the guild in a lot of indirect ways. Even if IS clamps down on benefiting from the mats they will generate, baiting political enemies into attacking an 'innocent' green bot the guild knows not to attack them, but other people don't.

    And you know what sucks if this scenario happens? Once people go red trying to get rid of these bots, the goon squad can roll in take what drops you gained killing the bot without fear of being tracked as bot users and your gear takes the damage and possibly gets lost setting you back time and resources.

    @JustVine brought up things that are truly concerning.

    Bot farms will not only make the player rich, but they will also upgrade the node.
    The upgraded node will enslave the surrounding nodes who now will become vassal nodes.
    Vassal nodes can not declare war against the upgraded node and the vassal nodes pay tax and xp.
    :/

    If the vassals go for ganking as a form of assymetrical war for their own self-defence then the Corruption system will make them red... then the master node will come with their main characters and kill the reds and steal the loot.

    The Corruption system creates a monopoly over violence, monopolies over violence only create oppresion.
    PvE means: A handful of coins and a bag of boredom.
  • Options
    Arya_Yeshe wrote: »
    JustVine wrote: »
    The bot benefits the node and therefore the guild in a lot of indirect ways. Even if IS clamps down on benefiting from the mats they will generate, baiting political enemies into attacking an 'innocent' green bot the guild knows not to attack them, but other people don't.

    And you know what sucks if this scenario happens? Once people go red trying to get rid of these bots, the goon squad can roll in take what drops you gained killing the bot without fear of being tracked as bot users and your gear takes the damage and possibly gets lost setting you back time and resources.

    @JustVine brought up things that are truly concerning.

    Bot farms will not only make the player rich, but they will also upgrade the node.
    The upgraded node will enslave the surrounding nodes who now will become vassal nodes.
    Vassal nodes can not declare war against the upgraded node and the vassal nodes pay tax and xp.
    :/

    If the vassals go for ganking as a form of assymetrical war for their own self-defence then the Corruption system will make them red... then the master node will come with their main characters and kill the reds and steal the loot.

    The Corruption system creates a monopoly over violence, monopolies over violence only create oppresion.

    they cant instantly teleport next to you and kill you. also you probably wont drop anything if you have less than 3 pk. just be selective when you go red, weigh your options. do it when ther is no one around. the system is still better than being able to kill with no penalty, or not being able to kill at all
  • Options
    IskiabIskiab Member
    edited October 2022
    Netflix and other streaming services look at the IP address and reconcile the address with the account. Do the same, collect the IP.

    If multiple accounts are associated with an IP address look into potential botting. Could be a family, but for any fix to work you need to determine the person who was controlling the bot and go after their main account. Banning just the bot isn't enough of a deterrent. So don't ban accounts, ban IP addresses.
  • Options
    Iskiab wrote: »
    Netflix and other streaming services look at the IP address and reconcile the address with the account. Do the same, collect the IP.

    If multiple accounts are associated with an IP address look into potential botting. Could be a family, but for any fix to work you need to determine the person who was controlling the bot and go after their main account. Banning just the bot isn't enough of a deterrent. So don't ban accounts, ban IP addresses.

    people who bot can bypass that. and banning ips hurt innocent people who have dynamic ips
  • Options
    SongRuneSongRune Member, Alpha One, Adventurer
    edited October 2022
    Iskiab wrote: »
    Netflix and other streaming services look at the IP address and reconcile the address with the account. Do the same, collect the IP.

    If multiple accounts are associated with an IP address look into potential botting. Could be a family, but for any fix to work you need to determine the person who was controlling the bot and go after their main account. Banning just the bot isn't enough of a deterrent. So don't ban accounts, ban IP addresses.

    Almost zero consumer grade internet providers will give anyone a static IP. Your IP changes over time. With IPv4 exhaustion as a serious concern, huge swaths of internet providers (nearly all ISPs in many countries; many university housing departments in the US) will combine hundreds of unrelated customers onto the same IP address. Add to this that someone malicious has numerous ways of getting other IP addresses.

    It's not a bad thought, it's just that it's the way we defeated ban evaders in the early 2000s. You've needed more advanced tactics since about that era. It's still useful sometimes, but it's never enough on its own.

    There are a LOT of methods you can use (and I've used a decent amount of them), but banning financials (credit card number, etc) is one of the better ones. Though these days you can even get 'unlimited' CC numbers from certain privacy services. Most companies have gone to SMS verification, these days. It's unpopular for various reasons, but some big names do use it (Overwatch 2, I hear lately).
Sign In or Register to comment.