Pages

Friday, March 2, 2012

CCP's War On Bots: CCP Sreegs Unleashed

Following CCP Sreegs' Spring Offensive last year that put the Eve Online mining bot RoidRipper out of business, getting information from botting forums became much harder.  Not only did bot developers not want the bad publicity of having users getting banned for using their products, but the anti-bot forces used those forums as sources of tears.  Then Incarna came and news of official CCP anti-botting efforts disappeared.  The War on Bots™ turned into the metagaming equivalent of faction warfare as players took measures to combat bots without official sanction from higher authorities.  This state of affairs lasted for months until someone on Failheap Challenge leaked the tears flowing on the H-Bot forums.


"Got 5 accounts down only one was botted with. Know of two others who got ban hammered also.

"To add only one was botting anoms on VMware, was on at downtime but not on for the past 4 days. All accounts banned used sequential names and some on the same email didnt get banned as the names were not sequential."

"Its a bot holocaust. I lost two accounts, one of which was running a brand new hbot account I just purchased today, ~10 hours ago. It had only been running for ~6 hours. Two other (non botting) accounts still up. It must have been something they did just prior to downtime."

"Yeah, same here. looks like CCP did a purge. CSM minutes were a lie! 6 accounts down. several weren't botting."

"On Saturday and Sunday my bot was not running. I just launched it today at 7:00 EVE time. And I have 4 accounts banned."

CCP Sreegs and his anti-bot task force is back and hunting those using H-Bot.  Since his actions were noticed, the security chief quickly put together a dev blog to give a hint of what is happening and to tease his presentation at Fanfest is a few weeks.  He also has responded in a couple of threads on the Eve-O forums.  Although his presentation is one I plan on attending, CCP Sreegs has put out enough information over the past couple of days that I can put together a Q and A section on what he has revealed so far based on questions asked on the forums.

Q: In the dev blog you mentioned that the bot detection systems were turned off for a few months.  Was that because of the decline of subscribers following Incarna and Monoclegate?

CCP Sreegs: "As you are all aware the company has gone through a lot of changes in the recent months. Because of this there was a period of time where nobody had responsibility for handling the technology responsible for nuking botters. As of now there is a formal team on the EVE project devoted entirely to security, of which I am the product owner which is a fancy word for manager. This means that we've now thrown the switch again and turned on the catching bad guys machine because we own it and we don't like cheaters."

Q: You estimated that you issued between one thousand and two thousand bans.  Is that the number of players, the number of accounts caught botting, or the number of accounts banned even if a player was not botting on the account?

CCP Sreegs"The number is based on accounts. When one account is banned and tagged for botting all of that player's accounts go with it. So if you only bot on 2 of your accounts but you have 5 all 5 are getting tagged and banned."

Q. How accurate are your detection methods?

CCP Sreegs: "I've yet to see any false positives in our work and were one to come up I'd be pretty interested in seeing what it was."

Q. Last year you made a big splash against mining bots.  This week we've seen users of mission/ratting bots like H-Bot get banned.  Did you catch any market bots?

CCP Sreegs: "Still don't have exact stats but I did confirm we nuked some market bots."

Q. Doesn't 1,000 to 2,000 bans sound a bit low?

CCP Sreegs: "There's really no way to answer this. It's something that will have to play out with time. The last time around we were seeing that 2k average on a bi-weekly or so basis with low levels of recidivism but I suspect that locking the character transfers and some other goodies we're working on will reduce that."

Q:  You say that the recidivism rate for the third strike is as low as 3%, but what percentage of the accounts related to one or two strikes actually remain subbed?

CCP Sreegs: "We have that number as well and it's actually also very low. I'll have it all put together and prettied up for Fanfest but if you can find my presentation from EVE Vegas somewhere I'm pretty sure there's a slide in there that shows all these percentages. At least at the time.

"It takes a few months to gather really good data on this so we're going off of old rates, but as someone else mentioned, the general idea is to change behavior and turn people into good law abiding citizens."


Q: Have you considered the fact that most accounts only get dinged once because they just start up a new account once they get caught?

CCP Sreegs: "We didn't overlook that, but the solution to that is larger than the current discussion as working around that would lead to changes in design or how accounts are handled. We're moving into a world where that becomes less and less of a possibility but that can't happen overnight and the new team's existed for about a month or something. We need to progress in steps and if all I could deliver out of the door was The Ultimate Solution we'd never get anywhere.

"Point being I think that yes, we do consider that fact and yes we'd like to make it less and less of an option."


Q.  In the dev blog you mention once a player receives a warning for botting character transfer privileges on that account are revoked in perpetuity.  But then a few sentences later you write "We'll probably have to come up with some form of timing solution for the future, but as it stands today it's forever."  Wouldn't putting a time limit on a ban lessen the deterrent value of the penalty?

CCP Sreegs: "There's no discussion about changing it at this time. I'm just leaving us an out because I like to talk like I'm in court and someone's going to read this back to me in the future. It happens sometimes on the Internet."

Q. What are you doing to make sure botters don't just sell their accounts for real money when it gets locked?

CCP Sreegs"RMT is a different problem that we're dealing with and we're not ready to have a discussion about that yet, but it's being worked on and there's a huge gap between "being worked on" meaning "we're doin' thangs" and "ready to tell players what we're doing"."

Q. What is the current policy with regard to ISK and assets on a proven botter's multiple accounts? Do you seize all their ISK, or some of it, or none? Do you asset strip them?

CCP Sreegs: "Today, as in like right now, assets aren't touched but I don't see it staying that way."

Q. Is part of the reason for not confiscating assets the difficulty in tracking the goods from the botting characters to the main character?

CCP Sreegs: "There are lots of ways to trace lots of things. Giving specifics would be a bit silly this early in the game. There's also some newer tech coming into play I'll be talking about at fanfest that will make the ridiculous FAKE EVERYTHING EVER ON YOUR ACCOUNT anonymity vanish. I'm not saying what we're doing yet so don't ask, but merely pointing out that we know it's a problem and have for some time."

Q. If the decision is made to begin confiscating assets, will this include Supers and Titans bought with botting ISK?  And how soon will this begin?

CCP Sreegs: "I would say that however this is implemented the size of assets won't matter, but I can't speculate on time frames or even 100% guarantee it today. I'll just let you guys be pleasantly surprised if it happens."

Q. Will you be looking at botting activities retroactively?

CCP Sreegs: "Best I can say here is that we CAN go retro but no decision has been made there yet."

Q: Do you ever plan on publishing the names of those banned for botting?

CCP Sreegs: "Naming and shaming has been and will continue to be part of an internal dialogue but for the time being it's something we've been avoiding. I understand completely why people would want to see that but I also understand completely why it's pretty dicey to be doing it. As it stands the policy is not to do so."

Q. Is the U.K.'s Data Protection Act the reason CCP does not disclose the names of botters?

CCP Sreegs: "Yes, there can be DPA issues with in-game names. I really don't want to devolve into that conversation because I'm not a lawyer and someone would find something I'm wrong about and I'd just be sad and wrong at the same time, but I will say the DPA is a PART of the discussion."

Q. Why don't you disclose all of the methods you use to detect and ban bots?  Wouldn't that convince a lot of skeptics that you are serious about catching botters?

CCP Sreegs: "In this case it's a videogame universe with a very specific set of capabilities and a very small team of people working on a rather large problem. We're not going to waste even an ounce of our time satisfying curiosity if there's even a glimmer of a chance it will make us have to do more work getting back to zero. I'm happy to see some examples of anyone else in this industry who handles the situation differently though."

Q. Since you have a small team to combat botters, are you worried about the gap between the time bot developers have to create bots vs. the time your team has to fight them?

CCP Sreegs: "We'll work on it until we run out of time. I think the motivation of botmakers in our game is grossly overstated as opposed to some others where your potential customer base is immense. Even the dudes who do it as freebies tend to be more swagger than anything else."

Q. At last year's Fanfest you had a content person on your team. Do you still have such a person now? Any discussions on changes to game content to make botting either harder or less inviting?

CCP Sreegs: "The team you're referring to was the ESTF which was a multi-disciplinary group of volunteers working on the problem in our spare time. The team is now formalized as a part of the development process and while I don't have a "content" person per se on the team I do have an ESTF-ish stakeholder group that I reach out to if we need things.

"What you're asking about as regards content does happen and actually works both ways, where sometimes if a content change is being made we'll be consulted to ensure that it's not enabling terrible things. Best answer I can give as I don't have anything right this second to point at, but I'll mention it when I do."


Q: Where did you get the great photo in your dev blog?

CCP Sreegs: "The stuff in the photo is from an area outside of the city where tremendous piles of fish are hung out to dry, similar to how the rotten shark or hakarl is treated after it's pulled out of the ground. I was on my way to walk around a really cool geothermal area and this was on the way and I couldn't resist."

Having covered the War on Bots™ for almost a year now I have one additional observation to make.  Last year we saw CCP Sreegs have a lot of success fighting mining bots before New Eden started to implode.  This year we are seeing success against mission/ratting bots as well as market bots.  So over the past 12 months CCP has greatly expanded its anti-botting capabilities.  At Fanfest, we should hear about the upcoming plans.  Interesting times are ahead.

5 comments:

  1. This story makes me happy in ways I cannot describe.

    ReplyDelete
  2. On the way to more a poor broke EVE where no one has enough ISK to do anything good job.

    ReplyDelete
  3. Thats the point.. dont make isk. Buy it with a plex. People making their own money is a threat to plex sales.

    ReplyDelete
  4. It won't make a difference really. If botters get banned than the prices for the things they mine will go up as a result. And when that happens, you'll be able to make the same amount of isk as a botter, but you'll be able to do it while playing normal hours and not the 24/7 mining that botters do.

    ReplyDelete
    Replies
    1. Incorrect since inflation will hit all the items made with said minerals and you'll be beack to square one. The only reason they selectively ban botters is to prevent their pet alliances from getting competition.

      Delete