Glorious Alpha Two Testers!
Phase I of Alpha Two testing will occur on weekends. Each weekend is scheduled to start on Fridays at 10 AM PT and end on Sundays at 10 PM PT. Find out more here.
Check out Alpha Two Announcements here to see the latest Alpha Two news and update notes.
Our quickest Alpha Two updates are in Discord. Testers with Alpha Two access can chat in Alpha Two channels by connecting your Discord and Intrepid accounts here.
Phase I of Alpha Two testing will occur on weekends. Each weekend is scheduled to start on Fridays at 10 AM PT and end on Sundays at 10 PM PT. Find out more here.
Check out Alpha Two Announcements here to see the latest Alpha Two news and update notes.
Our quickest Alpha Two updates are in Discord. Testers with Alpha Two access can chat in Alpha Two channels by connecting your Discord and Intrepid accounts here.
Gold seller, Hacking, Exploiting, Bots, and Third -Part software.
FBI
Member, Alpha Two
Gold seller-
Gold buying and selling is so prevalent in this game? why are the buyers and sellers not being banned? I know probably a lot of people who have bought millions of gold each. ESO, WOW, FF14, EVE ONLINE, GW2, AND MANY MORE. How is AOC going to handle this issue of gold server spamming in chat and players who are buying Gold? and how is AOC going to do differently than the current MMOS?
Hacking and Thirth part application-
How effectively will AOC be able to stop or prevent users from using 3rd party applications that utilize scrip codes to get an advantage in games? As a result of the widespread use of cloned accounts, cheating software, and accounts are detected by the game's codes. The software that enables it exists alongside the games themselves and the hosting platforms. A risk of security flaws and vulnerabilities that can be used by both players and outside attackers comes along with the software. From the standpoint of the gamer, users are not always secure until their software is updated, even if vulnerabilities are patched. It's crucial that players update their software as soon as it's available.
Bots-
Depending on how you look at the scenario, bots are a significant issue in why many video games fail. The majority of players are aware that bots plague the social features of gaming platforms. Receiving messages or invitations from these phony, automated accounts trying to strike up a discussion is not uncommon. These unwelcome messages are frequently used to spread sexual content and send people to websites they did not wish to visit. When utilized for the widespread circulation of such content and malicious pages, social networks' reputations on gaming platforms can be quickly tarnished. When you take into account how many kids are using these platforms, the problem becomes much more important. Gaming businesses frequently have procedures for reporting unethical behavior content or bot behavior, but they should also take a proactive stance and identify methods of detecting and preventing such activity so that consumers are not exposed to it on their platforms.
Gold buying and selling is so prevalent in this game? why are the buyers and sellers not being banned? I know probably a lot of people who have bought millions of gold each. ESO, WOW, FF14, EVE ONLINE, GW2, AND MANY MORE. How is AOC going to handle this issue of gold server spamming in chat and players who are buying Gold? and how is AOC going to do differently than the current MMOS?
Hacking and Thirth part application-
How effectively will AOC be able to stop or prevent users from using 3rd party applications that utilize scrip codes to get an advantage in games? As a result of the widespread use of cloned accounts, cheating software, and accounts are detected by the game's codes. The software that enables it exists alongside the games themselves and the hosting platforms. A risk of security flaws and vulnerabilities that can be used by both players and outside attackers comes along with the software. From the standpoint of the gamer, users are not always secure until their software is updated, even if vulnerabilities are patched. It's crucial that players update their software as soon as it's available.
Bots-
Depending on how you look at the scenario, bots are a significant issue in why many video games fail. The majority of players are aware that bots plague the social features of gaming platforms. Receiving messages or invitations from these phony, automated accounts trying to strike up a discussion is not uncommon. These unwelcome messages are frequently used to spread sexual content and send people to websites they did not wish to visit. When utilized for the widespread circulation of such content and malicious pages, social networks' reputations on gaming platforms can be quickly tarnished. When you take into account how many kids are using these platforms, the problem becomes much more important. Gaming businesses frequently have procedures for reporting unethical behavior content or bot behavior, but they should also take a proactive stance and identify methods of detecting and preventing such activity so that consumers are not exposed to it on their platforms.
0
Comments
The reason for this is simple - any attempt to prevent any of the above is an adversarial endeavor. One side is actively trying to prevent a thing happening, while another side is actively trying to make that thing happen. The more each side knows what the other is doing, the easier it is for them to progress.
Edit to add; the reason games like those you listed don't do a whole lot about this kind of activity is actually kind of hidden in your post. You probably know a lot of people that have bought gold and such in each of those games, and yet you probably play said games regardless.
Very few people actually ever leave a game due to gold selling or bots. People get pissed off by them, but very few people leave.
As such, it simply isn't in the best interest of any company to go after these people.
Look at the process from the perspective of a shareholder in a company like Blizzard. Blizzard would need to spend a whole lot of money, and the end result of all that money spent would be that there are fewer paying subscribers. There is no financial upside to any of this for Blizzard, as long as there are no players leaving games due to it.
When you then consider that a publicly traded company is legally required to do what is in the best interests of it's shareholders (not the best interests of it's customers), it is actually something of a wonder that companies like Blizzard have ever banned accounts for botting or gold selling.
The best thing people can do is unsubscribe to games with excess gold selling - however I am skeptical that this will ever happen.
Even if they keep it secret, players they're like a sticking glue and they always find a way to exploit, gold selling, hacking, and bots. You are right about keeping it secret and not discussing it, but let's talk about how they can prevent these things from happening or stop them when they happen to occur, and how it will be what will be preventable. We are all here to bring ideas and talk about issues MMOs today have.
The issues aren't necessarily from a technical perspective.
If someone is advertising that they are selling gold, for example, it isn't all that hard to imagine ways Intrepid could find that gold seller, and then look through the logs to see where they are getting that gold from. The issue is purely one of motivation from game developers.
As to hacking and scripts, this is purely a case of balance between detecting hacking and user privacy. Some games (Tarkov) go hard in one direction, while other games (Overwatch) go hard in the other direction. Any given developer simply needs to ask themselves what balance they wish to strike between the two.
Yes, the issue is not on the technical perfective, but we can deny that hackers always find a way to bypass firewalls. And a lot of gold sellers use clone accounts and they also use cheat codes that will full the Devs so they don't see the seller profile, so every time they bane that account, the seller will create another one and they will come back. If the company can balance the security detection that will be nice so that people who use script codes can be dealt with.
If we assume a developer or publisher is motivated to go after gold sellers, it is simple.
You reply to an add selling gold, and you purchase. You note the name of the character that you made the trade with.
You do not ban that account.
Rather, you look at the account. You look at what other accounts are trading with that account. While it is absolutely true that gold sellers will just go out and get another account to perform trades, they need to have that gold on hand somewhere.
Essentially, gold sellers are a network of accounts, usually including disposable accounts for selling (that are also often used for buying gold from regular players), and mule accounts that store the gold.
Once a developer identifies these mule accounts, banning them is the key strategy. Take out all mule and trading accounts in one go, and then you have completely destroyed that gold sellers operation on that server.
Since gold sellers buy gold (very few actually farm their own), banning a mule account is an actual financial hit to gold sellers.
In the same way developers generally aren't going to bother dealing with gold sellers if it has a negative effect on their bottom line, gold sellers aren't going to operate in any given game if they can't do so at a profit. They are, after all, a company as well. Repeatedly banning mule accounts across all servers will see any gold seller seriously just consider not operating in the game.
As for hacks, I've yet to play an MMO that has had it's server hacked (which is what a firewall is protecting). Most MMO "hacks" are hacking the client in some way. This is what things like Easy Anti-Cheat are for.
The problem with this is that anything that can be run on a different computer will be completely undetectable. If I have a script, I can simply run it on one computer and have that computer set up to appear to the game client as if it is the mouse and keyboard for the computer the game is running on.
I mean, we aren't all that far off of being able to have a camera watch a screen, connected to an AI that is programmed with a specific goal in mind, that is sending inputs to the game client via "mouse and keyboard" and play the game anonymously.
Popular MMORPGs foster a thriving black market where credit cards with stolen information buy gold and cosmetics from cash shops and resell them at a loss. A factory that pays less than the minimum wage is employed by private vendors on occasion, and some players will undoubtedly purchase gold. The sale of gold cannot be stopped.
This process of acquiring and gathering in-game currency in MMO games is referred to as gold farming or MMO gold selling. Following that, they want to sell those currencies for actual cash in the real world. Gold farming differs from other similar behaviors in the realm of online gaming in that its main objective is the acquisition of those in-game currencies with the intention of selling them later. Other comparable methods include harvesting ranking or experience points. The number of persons engaging in this activity has been continuously increasing over time, especially in developing nations. MMO gold sales are fairly common since they may be very profitable given how long it takes to gain this in-game currency through gameplay. As a result, many players would be keen to purchase in-game currency since they require it to fully enjoy their preferred MMO games. This issue is complicated by economic disparity, which is another reason why this practice is so common in developing nations. You'll discover that wealthy gamers from industrialized nations have the resources to purchase large amounts of money from people selling MMO gold. Since you need currency to buy new items and increase your chances of winning, they would save hours of gameplay and advance quickly.
Cheat and script codes
A portion of the issue is that a lot of calculations must be performed on the client side for games to seem responsive. The controls wouldn't react until the server caught up if the server handled all of your aimings. It would be unplayable, laggy, and irritating. The client has a lot of tasks to complete, including aiming. The client must also be aware of specific locations in order to inform the player about them. The client is informed by the server that position y contains an adversary. The client is now aware of your location, that of an enemy, and the map's geometry. It contains all the data required to feed an aimbot.
Most of the time, the player's computer controls gameplay adjustments like invulnerability, limitless ammo, etc. Values are therefore flexible and open to modification. Rather than relying on the server to manage everything, why not? Due to the fact that you essentially have to send a command to the server, wait for a response, and then sync back, this has two effects: it increases the server's workload and causes an observable delay. Because it would be far too resource-intensive for the server to keep track of where every player is looking and determine whether another player is visible, player locations are all given to your computer for graphical hacks like seeing through walls. Since every player's location is stored on the player's computer, it is possible to access and bring them out.
These are typically challenging to identify because it's challenging to tell if another program is viewing or editing the stored values, and even if the game can, what's to stop the hacker from also altering the memory storing whether or not they cheated? Fixing specific hacks and squashing new ones as they emerge is the norm in this back-and-forth. The hacks remain unfixed if a developer is not committed or if the game was made in such a way that it is very challenging to track these things. With the exception of map hacks, quick movement, and projectile weaponry are fairly resistant to exploits in old-school FPS. However, even map hacks can't help you win longer-lasting battles due to health/armor power-up systems. 90% of engagements in contemporary FPSs are decided by placement or surprise, i.e., who fires first. and that would be very advantageous to a map hacker. Because eventually there is a piece of machine code that decides whether to launch the game or display the "go away pirate" screen and if you can find it, you can change it so that it always launches the game. More complex methods entail more checks in more places, as well as obfuscation, but in the end, you are what you are.
This is mostly (note; mostly) a fallacy that seems to be spready by MMO developers, presumably in an attempt to scare people away from using them.
There have been successful cease and desist suits on this in the past.
It is worth noting that the largest MMO gold selling company in the world is based in Texas.
yeah, that's true.
do you know how many gaming industries say, "These systems collect user data and flag abnormal activities for investigation, We do have already built into the game on the outset is essentially behavioral metrics. So in the game, as a player does normal things and they acquire normal gold, that's all good and well, but if there start to be item IDs that appear on the player account that are out of the norm, like either a large amount of gold or significant legendary items, what it does in the back-end it flags the account for view so that we can take a look at where did this item come from. Is it coming from a known gold seller or a flagged bot, or whatever; then we investigate." https://ashesofcreation.wiki/Security_systems
Let us discuss this point,
Do you know how many big games that say something about combating, cheating, exploiting, and collecting user data, every one of these big games has its own system that monitors and collects player's behaviors. No matter well protected the system is, hackers will always find a way to huck. You cannot just include security and anti-cheating features in your game. You want cheating hackers on your team because they can develop complex techniques to stop cheating by checking to see if an outside process is reading memory that the came has allocated. To develop a software architecture where cheating is possible, you need the assistance of specialists. These days, developers are overly reliant on the same damned engines, which makes it quite simple for individuals to publish hacks. A hacker may rapidly port everything he creates for the UE5 to ANY UE4-UE5 game after writing it for the UE5. You perceive the closed beta hacks in that manner.
Indeed you can not.
What you need, is the incentive to use them.
If players see cheating in game and dont leave, what incentive is there for Intrepid to do anything about it?
That is - as I said above - what it comes down to. The security aspects of the game will be as robust as Intrepid need them to be to stop players leaving. If players aren't going to leave, then obviously we are willing to put up with hacking and such.
Essentially, you shouldnt be asking what Intrepid are doing to do, you should be asking what players are going to put up with.
I have seen a lot of players who get greedy when they find simple but broken exploits that are normal parts of day-to-day activities. None of the players want to report it or get the devs' attention, especially when it comes to exploits, a lot of players use that to their advantage, yes Itraped monitor players' behavior.
They obviously have to catch them. Without proper detection none of it matters. But if they don't go soft on the gold buyers - like they do in all the other games the OP mentioned - people will stop risking it. It's not the subscription cost, it's the risk of losing months or years of work on your account because you thought it was fine to cheat. The bans need to be frequent and public (not with names, but numbers).
Sure, they need to ban the sellers and bots too. All it will do is make gold more expensive because the price of doing business will increase. It won't completely stop the sellers, but that price increase is important too. It's yet another deterrent.
All of that is of course assuming there are no duping cheats or other exploits to create gold out of thin air, which is where most of the gold comes from anyway in games where they don't have that locked down completely.
The bottom line is we'll have to wait and see, and just pray that Intrepid is willing to spend the money required to really crack down on this, and that they don't go soft on the gold and item buyers.
Yeah, you're right, we just have to wait and see when the game comes out. Nowadays players don't give a shit about Permaban because they can just buy another account. I won't deny myself, I used to involve in hacking and exploiting video games, and I have been permaban, but I always come back. Players will always buy another better account if they are permabanned.
Players do these things for a living, they will have multiple accounts and they will sell accounts, gold, cosmetics, and power leveling for a living. Since I have stopped doing these things, players take the footsteps of other players which let the circle repeats itself. Just like you said let's wait and see how Intrepid Studio will do differently than these big current MMos.
nice parable.
This. Zero tolerance. Instant perma ban when caught cheating. If zero tolerance is too harsh because ooohh 2023, feelings and stuff, bump it right up to 1% tolerance. One month ban, confiscate their inventory, their banks, their equipped gear, and every single cosmetic bought in the shop and earned in game. Wish them luck on their second non cheating playthrough.These people are cheaters. Stop coddling them.
These stories of harsh enforcement will spread and absolutely cut down on the cheating by the masses substantially. Now you can focus resources on the smaller pool of undeterrable serial cheaters.
There are some legal issues with this.
Without going in to any detail, a number of large developers, with very cold names have been taken to court and lost after account bans (one specific case involving a high profile top end player comes to mind).
While the ToS may say that they can suspend your account at any time for any reason, that actually doesnt hold up well if you have a good lawyer - all customers need to be treated the same. As such, without actual, solid proof of gold buying, you cant take action on an account.
The thing many players dont grasp is that gold selling is actually perfectly legal, it is only against terms of service - in the same way that not wiping down equipment at a gym is against the terms of service, or not replacing a divot on a golf course is against the terms of service.
Wether we like it or not, that is the compatible level of action a developer can take against someone that buys gold in an MMO.
It is worth noting that in addition to all of the above, action can only ever be taken against the account that purchased gold. If I create a new account and use it to purchase gold, then hand that gold off to my main, Intrepid can ban that new account, and not much more - at least not if I am willing to argue the point.
The truth is that the issue isn't whether it's unlawful to sell gold. It is prohibited. How to prosecute it is the key question. You almost always have an international situation to deal with when dealing with gold vendors, especially ones that hack. Internationally, most intellectual property (IP) issues, particularly those involving digital IP, are handled very poorly.
These issues are governed by legislation that varies from nation to nation, as do the priorities given to them. Because a large portion of our income in the West comes from our innovations, western businesses frequently pursue these issues much more assiduously. Eastern businesses are often less assertive about it.
Almost anything can be legally challenged. Nothing is absolute, everything is subject to interpretation by individual judges presiding over a case, including aspects of the U.S. constitution. Contract law, which the EULA you sign before playing a game is a contract, while not as solid as the U.S. constitution, is pretty solid. Challengeable yes, again everything is, but it's pretty solid.
A EULA is an end-user licensing agreement. You don't own anything in this agreement. Not even the game itself, much less any virtual items in it. It is licensed out to you. And that licensing agreement can be cancelled at any time, for any reason by both you or the company if that's what the EULA states. Which it usually does.
I don't think this is normally done, but theoretically a company could put a covenant not to sue, or a general release of claims into the EULA, which when you sign it, you'd be giving up your right to sue the company over any specific issue such as termination of your account.
But they don't really have to do this because most cheaters don't sue when they're banned. Neither do most people who are wrongfully banned. Which essentially makes this whole discussion pointless. Because most claims like this would be dismissed before even going to trial. It'd probably be hard to find an attorney that'd even take the case. The person suing would have to hire an attorney, pay filing fees, and they'd have to actually show up for the court date. That's a tall order for someone who knows their case is likely going to be dismissed. Granted anything is possible, I'm just talking reality here though.
All customers need to be treated the same, kind of. Not all cheaters have to be caught at the same time. Not all cheaters have to be caught ever. This isn't the same treatment, some are caught and punished, some aren't. If you can prove persecution, discrimination or otherwise targeting of a certain individual or group, that's where the chance begins for building a successful case. But the company will be given wide latitude in policing their own game in general by courts. If they can't police it, who can?
And who do we want banned? People that cheat. Not people that didn't. So of course we want Intrepid to have tools that determine that to a certain confidence standard. And some kind of investigative record that could be presented in court, if it ever even got to that point. So when I say zero tolerance for people caught cheating, I mean people that have actually been caught, people that have met Intrepid's standard of this account is cheating.
Yes they can ban the account that the gold is handed off to. There's no in game record of your credit card transaction with a gold seller. It's not tied to the account or any account in that way. But they can ban any account for any reason, and certainly an account that they've traced illegal gold to.
You can argue that point, that your account wasn't the first to touch the gold. You have a much better chance arguing that directly to Intrepid in an appeal, than you do arguing it in a court.
Indeed.
There is a small point of clarification to be made to some of what you have said though. Contracts are somewhat solid legally - however, you can not sign away any rights expressly given to you by law. If you live in a jurisdiction where you are given the right to sue, no contract can remove that right from you (there are sometimes exceptions where this can be done, by adding in a form of conflict resolution that is better for the disadvantaged party in the agreement).
However, a contract is able to state that it removes said rights - and the company is able to remind you of this fact should you begin a suit. It is only when it is in front of a judge (or mediator, or what ever as per jurisdiction) that this falls to pieces.
You are right in that it isn't normal for an EULA to state that you can not sue the developer, but it is fairly normal for them to state a specific jurisdiction in which you must do it should you opt to sue (usually the jurisdiction the developers head office is in). These are sometimes able to be enforced, but sometimes are not.
This is all true, but all players caught cheating in the same manner must be treated the same.
Imagine I have a second account. It isn't connected to my main account in terms of credit card, MAC address, IP address or anything else. If that second account purchases gold and then sends it to my main account, in order for a developer to do anything to that main account, they MUST do that same thing to any other account caught being sent gold that is known to be purchased.
Based on this, imagine getting that second account, buying some gold, and then sending it off to the officers of a rival guild - perhaps disguised as a purchase sent to the wrong player or some such, something most people would just quietly pocket in an MMO.
Now, if I do both of the above myself (buy gold and send some to my main, and some to rivals), in order to ban my main, they must ban all accounts that received gold - and I am able to prove which accounts received gold.
The problem there is that this only matters if I am willing to argue the point - at my own expense. This is why many companies are able to do this - no one has challenged them. Those that put less effort in to it are generally the companies that have been challenged, and have lost.
There is an interesting point to be made in all of this though - there is no law about people excluding others in recreational activities.
As such, the only actual guaranteed method for dealing with gold buyers is for their guild to boot them. if you are the kind of player that would play a game like Ashes and feel the need for a purchased advantage, being booted out of your guild and not welcomed in to any other guild is basically the same as being booted from the game.
So really, the best defense against a game being overrun by RMT is us players. Not by reporting such things to developers, but by excluding players we know to be purchasing.
lol
I don't see how you can stop account sales
In order to be even remotely successful with a lawsuit, the developer would need to be able to point out directly where the defendant has cost that developer money.
Since we have all seen that players don't leave a game due to black market sales, there is no loss in revenue for those developers to show.
Account "hacking" is a different situation. That is actually illegal.
What is the point of this "discussion" if you don't think Intrepid is incapable of managing their game properly before it even launched? Since nothing can be done about the hackers I guess it is all doomed anyways *eye roll*
In regards to that kind of hack, Intrepid are essentially relying on AWS, as they are hosting the servers.
If you want to talk about anything in regards to wider security than that - this forum is probably not the place.