Slashdot Mirror
Verant Backs Down On Drive-Scanning
fastpage writes, "Verant, the people who bring you Everquest, are backing down on scanning users' computers for anything they want to prevent cheating."
Read
the CNET story.
"I guess getting Web sites shut down to prevent the distribution of ShowEQ wasn't enough."
Why not complain a little about not having an OS that will let you control things better, and do it easily, with safe defaults? Nobody should be able to "scan your HD" without your telling the OS to allow it, nor any other i/o or activity. It should not be a matter of nice companies refraining from doing it. It should be your absolute choice, enforced by an adequate OS.
Why not design the OS and installation procedures so that admin privileges aren't needed when they're not *really* needed? Why not make it easy to execute games and untrusted whatnot in an OS-provided sand box/quarantine/jail with something better than on/off resource usage/access privileges?
You can probably configure NT to do that, but how long will it take you find the information and get from the default installation state to something you can believe is safe? (And since NT is closed, you have to believe what MS tells you about it, or be left wondering).
You can probably configure BSD to be about as safe as you can get, and maybe Linux too, but even in those the defaults are not as tight as they could be (how would you configure an account that you could log into as "gamer" to play something you didn't trust, and whose side activities you wanted to monitor? Easy if you know how? How about automating optional creation of such accounts, so all you had to worry about was choosing a password, instead of learning about groups or policies or other soporifics, when all you want to do is play safely).
Also, in general it seems that OS design does not yet deal very well with the difference between trusting someone technically with root privileges and trusting someone with business/personal information.
My .02USD. Gotta go.
The real problem is that they got caught scanning people's computers BEFORE they made this announcement. The announcement was just their spin doctoring of the issue after the fact.
You make some good points, mainly the key one. Unless you're the NSA, NIST, or international standards organisation, you NEVER NEVER NEVER NEVER implement your own crypto. You aren't smart enough, and it's gonna get broken. (CSS, anyone?)
Anyway, I do take issue with your statement:
"(Moral of the story, folks: Possession of a public key authenticates NOTHING.)"
I dunno what cryptosystem you're talking about here, but this, in general, is not true... think about Diffie-Hellman signatures - you sign with a public key and verify with a private.
Of course, maybe you just meant that if your (private, symmetric) key is public, then you have no security. Which I think most 6th graders would realize - leave the key in the door, and you're screwed.
Verant's "poll": About as loaded as you could get in terms of questions. As far as I'm concerned, the 83% figure is being held up as an attempt to show what ethical and reasonable people Verant Interactive can be. Of course they're ethical and reasonable now that they have the legal boilerplate justification to snoop on you anyway.
.plan once about this, and in a perfect world with sub-50 pings it would be possible to Not Trust The Client. As it is however, the reality of latency requires that some prediction must be left up to the client in order to keep the performance that online games have had so far. As a result, no online realtime game is safe from the 'extra-data' hack. EQ is no different than the rest in this regard, but they do send an absolute shitload of extraneous data.
Data stream "encyption": There is a vast difference between merely masking data with a simple XOR and actually encrypting the stream. Do not confuse the two. Encryption in this case would be generally useless without an authentication scheme as well. For obvious reasons, Verant can't actually use decent encryption. However, they can play around and frequently shift masks via patches (as little as it has helped them so far).
The EULA has been changed to the point that if you want to keep receiving services (playing EQ) you consent to whatever snooping Verant deems appropriate to halt gameplay that is not "in the spirit of the game". Verant already has your genitalia in a tight little grip, so they can be as maganamious as they want to be. Go ahead and get indignant - they have your name, address, credit card number and also the capability to scan your tasklist and see what's running.
And as for online games using various tricks to get around latency: you simply cannot get around the fact that extra data must be supplied to the client. John Carmack had a very long and informative
Seriously, moderate me down all you want, but WHAT happened? You can tell us, CmdrTaco.
Oh, yes, of course.. three!
*holy music*
:)
then the holy music :)
First, lets acknowledge that there are at least two kinds of online games, those that require mouse precision and those that don't. Quake and all other 3D shooters require precision, Starcraft, Ultima online, and others do not.
For non-precision games, its pretty clear how to keep them from cheating, as their cheats are all about information. Don't send them anything you don't want them to know, and don't depend on any of their calculations.
For the precision games, I think the key is to stay ahead of the encryption curve. If you can generate keys (and patch them in) faster than the l33t h4x0rs can crack them, then you're secure. Fall behind just once, and you have problems. Its a heck of a problem to send a key to a cracked client without the cracker getting it.
Zipwow
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
But the scariest thing is: when they polled 15,000 of their users, 83% agreed to let Verant search their HD as a precondition of playing the game!!!
Ask them to show you the poll, the questions and the possible answers, as well as the point spread. Maybe the question was worded in a way such that it tries to avoid the possibility of privacy infringement. Even if a company doesn't give my info to private parties, I don't want companies using my checking computer resources to suit their internal purposes.
Besides, what vested interest does a gaming company have to actively stomp out cheats like this? Persuing legal action against cheat software costs money. Does it cost more money than fixing the bugs in their own software?
I am also curious what they do to think that they can change the licencing whenever they want without telling you. At least that's my impression.
Note, I've never played this game. Now I'm glad I don't.
Though I work on it no longer, when UOX was first GPL'ed, I became involved and coded a huge amount of stuff for it.
:)
Yes, OSI's official UO servers have about 6 or 7 subservers (about to double, as they double the world) controlling specific pieces of the map.
The key difference between UO and EQ here is that EQ sends you position info for everything in your zone. UO sends you position info for all dynamic objects within about 20 tiles (for mobiles and dynamic items) and about 32 tiles (for multis (aka houses)). As almost all of that fits on screen, the advantage to looking at the information before it appears on screen is virtually zero.
As for the protocol, I've studied it in quite a bit of detail and have worked out all but a few parts which are simply uninteresting (to me) now. The few things which were present originally that would give an advantage have been removed. Examples: The server used to send information about people who were hidden / invisible (no longer). The server used to send the exact hp/max hp info for character (gone, now it sends max hp as 25, and hp scaled to that range).
Of course, they still have insanely inefficient messages present. For example, if you press the help button, the client sends a message that is an identifier byte, followed by 256 null bytes. (That's unimportant because it's used infrequently, you say? Take a look at how much is sent any time a character other than yourself walks / moves on your screen. A bunch of stuff that isn't likely to change every step...)
Yes, the key is to do everything important server side.
There was a linux version of UO. It simply isn't updated frequently. It's currently too old a version to use... It may be updated at some point though.
Jerrith (AR Schleicher)
ars@iag.net
I feel that "Matt Burch Everquest Junkie" is totally right. Look at what happened with Diablo? Why would you want to play that game online when you can easily download a trainer that alters Diablo's memory space and makes your character a god?
The thing that I love about everquest is that your character becomes more and more "powerful". You can be began to possess items that are more rare and vauluable.
Its the same thing that appealed to me with Zelda and Rygar on the Nintendo, except now there is the whole teamwork and social aspect thrown in.
There are items in the game that are worth hundreds of dollars on eBAY. It's a game. I play it to enjoy it, and when I stop enjoying it I put it down for a couple of days.
People who take advantage of the game (and people like me who aren't cheating or farming the items) will just ruin it for us. Verant, Sony, and Everquest are commercial entities. They exist to make money, and this was an economic decision and still is. If I, like many others, cease to have fun with the game because of this, I will stop playing, and Verant will stop getting our money.
I was one of the 83% who agreed with the scanning. I don't run ShowEQ, and I never would. I'm proud of what of I have in the game, that I have earned it, and I didn't get things by cheating or having them given to me.
There is an Everquest server called Test where they make all of there modifications before patching the on the live servers. From what I understand, on this server, they have the spells for next ten levels of the game that will be available once they release the expansion pack called Ruins of Kunark.
The JOKE was that they nerfed (massively weakened) a major spell for every casting class. Now the spells they nerfed were not actually available in the game. The only way you would know they had changed was if you were hacking the program files.
The average player didn't know (or care) about the joke until it was well over with.
I think you have overheard generalizations from the discussion boards and made a hasty uninformed decision. The Verant Everquest boards lack moderation, unlike Slashdot - Thank god!, and are filled with people trolling and being jackasses.
Ok, got me there.
I play on a production server and I misread/misunderstood the posts on the verant board.
However, unless I am mistaken this time around, there are only a couple of hundred people playing on the test server at a time and it is with the understand that your character can be deleted at anytime, or other nasty things may happen.
Thanks for correcting me on that =)
Mock not the masters of our existence, they who have granted us this miraculous game! There are those who say they suck our essence, our very lives through this "game" of theirs, but we are willing servants to our lords!
[glares at the clock over her desk]
Move on, foul demon! Strike the five o'clock hour and free me from my torment! I am due in Lake Rathetear to deal with some giant skeletons, and will not take kindly to being delayed.
------------------
I'm one of those people who answered "no" to the question about drive scanning. I understand their motivation and have no problem with that, but their current hack-detection does not always work as planned - it concerns me when they automate banning of players, especially since there is no standard procedure for contesting a ban.
I'm also a die-hard evercrack junkie, and I think that the game (while having occasional flaws) is the best thing I've ever played on my computer. It was made by gamers to be what they wanted it to be... and they did an excellent job of it. As far as I'm concerned, it keeps improving. I think the idea of drive-scanning was a mistake, and I'm glad they decided against it. Frankly, they seem to be reasonable people who actually do listen to their player-base (no matter how much people whine that they don't) - and I have a lot of respect for them.
Leilah
(Taerma D'Estain, 26th Erudite Paladin of Quellious, serving the Blade of Enric, Brell Serilis)
~ Leilah
Argh. It's this "If I'm not doing anything wrong, what do I have to hide" attitude that is giving companies and governments more and more control over our privacy every day. Let me state for the record, and put it in bold so everyone can read it:
ANY COMPANY THAT WOULD EVEN THINK ABOUT SCANNING THEIR USERS' PROCESS LIST, REGISTRY OR HARD DRIVE, FOR ANY REASON WHATSOEVER, DESERVES TO GET TRASHED IN THE COURT OF PUBLIC OPINION.
This is a totally unacceptable solution to a problem that the game programmers brought upon themselves. If they weren't sending information that would give players an edge, they wouldnt have to worry about people "sniffing" it.
Violating a user's privacy is not an acceptable way to make up for incompetant coders.
________________________________
I heard the same report. The program was called MyZack (or something that sounds the same - this was radio, so I couldn't tell), and the guy explaining it was none other than Richard M. Smith. He's the privacy guru from Phar Lap who (among other things) exposed the Microsoft Word document IDs and the RealJukebox user information collecting.
Your right to not believe: Americans United for Separation of Church and
Even more history...
Circa 1983-84, the Minnesota Educational Computing Consortium timesharing system running on a CDC Cyber machine had several interactive applications, including a persistant, multi-user RPG called Milieu and an interactive 'chat' system called XTalk.
While not the internet, it often supported 70-80 users from all over the state simultaneously. Back then, "cheating" consisted of managing to get access to a 120cps dialin account or being lucky enough to have a terminal with programmable function keys so that you could hit F1 and send a spell instead of having to type it.
Written entirely in Pascal, with perhaps some Compass glue, it was later ported as a science project to a Sage IV microcomputer as a high school project, and a VAX 11/780 at 3M's Science Research Labs where it lived a brief life as
I seem to remember variants appearing on local multiuser BBSs in the late 80s.
Reading between the lines, it seems to infer that the user configuration is all stored on the client machine. Wouldn't it be reasonable to store a checksum/hash of the client config each time they log off, and compare this when they log back in? If anyone has modified their characters, it should be feasible to kick them until they rollback their modifications. Or are the servers just incapable of determining what is happening to any character and leaving all the info on the client?
During a track meet, the race is to the finish line, along a specified path. They do not give the prize to the runner that takes a shortcut, that wasn't the contest. If you win by modifying an online game, what did you win? Certainly not the game everyone else was playing.
For those that say that the disparity in hardware and ping configurations force some to hack a game to get a "level playing field" I reply "NO!". I offer you an example. I play rugby. I am slow. My 350 pounds does not move as quickly as some(any) of the lighter players. In order for me to be a factor, I have to work harder. It means that when not playing the game, I must attempt to get faster. I cannot simply make the referee have everyone jog at my pace. What kind of game is that? Take away someone's advantage so that I can do better. It is more satisfying to find their weakness and exploit it and any and every opportunity that I can, as they run around me when afforded the chance, so must I drive them into the ground when I tackle them. For online gaming
I do not agree with companies policing hard disks, or processes, but would like to see some kind of referee system that makes sure all of the rules are abided to. It would be real nice if online games were like playground sports, where rules were agreed upon and no officiating was necessary because if a rule was broken it was well known and most of the time a result of bad luck on a hard play. If there is a disagreement, the dispute is settled quickly.
Neil Cherry - Linux Smart Homes For Dummies
Ooops that might turn you into a karma whore ;-)
Neil Cherry - Linux Smart Homes For Dummies
I'd say that was a pretty valid argument, wouldn't you?
No, I wouldn't. They were implementing a change in policy that would affect users. They fact that some other users have already left is irrelevent, they were checking their userbase to see if they minded the intrusion. Regardless of what you, or the AC (BTW, my previous reference to AC was Asheron's Call, not Anonymous Coward), or even I think about the outcome, they asked the question to those that would be affected by the change. It was the contention that this was the wrong set of people to ask, and I have to ask, if not the people affected, then who should be asked?
-- Keith Moore
This sig is the express property of someone.
Just to be fair, Verant did a poll of their users, and 85% said they had no problem with the scan. (Probably, like me they don't want Everquest to become the next Diablo, where 95% of the players are cheaters, and the game becomes unplayable).
DESPITE this, they backed down, and the CTO put a letter on the eqnews that stated that it's just not a good idea, they made a mistake and were overzealous in protecting against cheaters.
I'm just waiting for the expansion pack, and could care less.... more EverCrack, more, MORE, MORE!!!! (Asheron's... shiver).
-- Keith Moore
This sig is the express property of someone.
Over 80 people have been banned from EverCrack due to being caught based on logging. (too much dmg done, etc). This has kept the cheating to almost nil at this point, and will probably continue to do so. This new breed of cheaters are extracting information out of the datafiles to gather extra information that is normally impossible to get, and using that information to gain advantages over other players. These are generally people who just aren't good enough to play normally.
They have a lot of anti-cheating code (the patch program DOES monitor their own executable and data files), and I'm very glad that they have succeeded. I have been able to play for over 8 months without having a problem with cheaters, unlike Diablo, and Quake, and others.
When you logon to EverCrack you automatically get the latest version of the software, and optionally any new zones which have come out. (you just can't go there until you download it, but you can download it at your leasure during the day while you sleep, getting ready to play again that night. hehe).
-- Keith Moore
This sig is the express property of someone.
Let me get this straight. The USERS of EverCrack, the only ones affected by the scan, are not the proper group to poll? Who should we ask? AC Users? They aren't affected, People who don't play games? They aren't affected by the ECrack scan. Hmm.... how is it irrelavent?
They were changing the future EULA, and EverCrack has been very forward about telling us of any changes to the software, including warning us about this proposed change. Quite honestly, if MS had come up with this idea, they would have just implemented it, not open it for discussion. (MS Update anyone?).
-- Keith Moore
This sig is the express property of someone.
Before you go completely crazy, you better realize that some things happen just because they are using some of the internet libraries from MS. Their code is a bit brute-force at times, and checks internet-related things even if you didn't code anything in to do it.
-- Keith Moore
This sig is the express property of someone.
If you played Diablo you would know. Once there are a few cheaters, some of the legit players start leaving, after a while, the majority are cheaters, and you can't play the game as a standard player without dieing a lot. (True, PvP is an option on EQ, but what if there was a hack around that?)
Also, what if you are trying to get a rare spawn, he finally spawns and some cheater casts a single spell doing 15000 dmg, and takes the item you were waiting for? Verant has done a lot to protect against KSing, but that all that code would be useless at that point. Not to mention the cheaters will really screw up the spawn rates.
-- Keith Moore
This sig is the express property of someone.
Unless, of course someone who doesn't like you makes an anonymous call to child protective services, or the ATF. Then you're just screwed.
-- Keith Moore
This sig is the express property of someone.
Now don't get me wrong. I *DO NOT* want Verant to do a nice slow scan of my hard drive to find all of my nice security utilities. But looking at my task list before I log on? They should let us know that they're doing it (in a dialog or something) and give us a chance to log off first, but overall I'm fine with that. Hell, I'll email em my task list if they want. If I can actually sit down after work for a few hours and enjoy my latest addiction without being harassed by teenagers with inferiority complexes, I'll give em my measurements and shoe size for Pete's sake.
The issue here is *NOT* that I want Big Brother snooping everywhere. Down with the RIAA, MPAA, UCITA, and all the other acronyms! The issue is simply that it's just a game. A game that *I* (along with just about every other customer of Verant) want to sit and enjoy in peace. We signed a contract. We're paying for this. We should get to have fun. That's key.
-Militant Elf (A PFY for a BOFH)
andrew-galvan@sos.uiowa.edu
(remove the sos for deliverable mail)
Because... Consumer = Citizen = The majority.
"Corporations" and other 'legal entities' are secondary to the Citizen (or at least, should be).
People do not exist to do what companies want, companies exist to do what people want.
What was it that an old German preacher said ??
"First they came for the Communists, but I wasn't a Communist, and said nothing.
Then they came for the Trade Unionists, but I wasn't a Trade Unionist, and said nothing.
By the time they came for me, there was nobody left to say anything. . . "
Please educate yourself before you start spewing Verant falsehoods:
/ 000347.html
the entire thread is at:
http://www.hackersquest.gomp.ch/ubb/Forum1/HTML
here is an exceprt from the lead post by "orionX"...
I have a program that monitors all file disk activity done through the windows kernel. When I read the new patch message, this peaked my curiosity and had to check what EQ was doing. They going to scan me, I'm going to see what, well some of it anyway
Heres some odd lines.. I don't know much about this sort of thing, but maybe the more experienced can make something out of it. Of course it just might be crap that I'm making a big deal over when its nothing, but here goes
I added a * and how many lines I saw in a row for the certain command for when I saw many of the same line in a row. I did this so I didn't spam as much as I already am =)
Note: Some of the offsets/lengths changed for each of the consecutive read/seek commands but i didn't post the differences.
Eqgame FindOpen D:\EVERQUEST\MEMORY.TXT NOTFOUND
Eqgame Delete D:\EVERQUEST\MEMORY.TXT NOTFOUND
eq trying to dump memory contents to a text file then delete it? no biggie here if it is
Here comes the stuff that made me decide to post...
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES SUCCESS GetAttributes *4 lines of this
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES\DESKTOP.INI SUCCESS GetAttributes
Eqgame Attributes C:\WINDOWS\COOKIES SUCCESS GetAttributes *2 lines
Eqgame Attributes C:\WINDOWS\HISTORY SUCCESS GetAttributes *5 lines
Eqgame Attributes C:\WINDOWS\HISTORY\DESKTOP.INI SUCCESS GetAttributes
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5 SUCCESS GetAttributes
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5 SUCCESS GetAttributes *3 lines
Eqgame Open C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE DENYNONE
Eqgame Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *3 lines
Eqgame Close C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS CLOSE_FINAL
Eqgame Open C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE DENYNONE
Eqgame Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *3 lines
Eqgame Attributes C:\WINDOWS\COOKIES SUCCESS GetAttributes
Eqgame Attributes C:\WINDOWS\COOKIES SUCCESS GetAttributes *3 lines
Eqgame Open C:\WINDOWS\COOKIES\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE DENYNONE
Eqgame Attributes C:\WINDOWS\COOKIES\INDEX.DAT SUCCESS Set Modify
Eqgame Seek C:\WINDOWS\COOKIES\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *3 lines
Eqgame Close C:\WINDOWS\COOKIES\INDEX.DAT SUCCESS CLOSE_FINAL
Eqgame Open C:\WINDOWS\COOKIES\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE ENYNONE
Eqgame Attributes C:\WINDOWS\HISTORY\HISTORY.IE5 SUCCESS GetAttributes *3 lines
Eqgame Open C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE DENYNONE
Eqgame Attributes C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS Set Modify
Eqgame Seek C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *3 lines
Eqgame Close C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS CLOSE_FINAL
Eqgame Open C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS CREATENEW OPENEXISTING READWRITE DENYNONE
Eqgame Seek C:\WINDOWS\HISTORY\HISTORY.IE5 INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *3 lines
Eqgame Read C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT SUCCESS Offset: 0 Length: 0 **20 LINES!!!
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5 SUCCESS GetAttributes *3 lines
Eqgame Attributes C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\DESKTOP.INI SUCCESS GetAttributes
Eqgame Attributes C:\WINDOWS\HISTORY\HISTORY.IE5 SUCCESS GetAttributes *3 lines
Eqgame Attributes C:\WINDOWS\HISTORY\HISTORY.IE5\DESKTOP.INI SUCCESS GetAttributes
Eqgame Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0 *9 lines
then RIGHT after those
Eqgame Read C:\WINDOWS\SYSTEM\RASAPI32.DLL SUCCESS Offset: 131072 Length: 4096 *2 lines
Eqgame Read C:\WINDOWS\SYSTEM\TAPI32.DLL SUCCESS Offset: 106496 Length: 4096 - 2 lines
then randomly later on I keep seeing 3 lines of this here and there:
Eqgame Seek C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\INDEX.DAT SUCCESS Beginning Offset: 0 / New offset: 0
EQ reading internet history and cookie files?! Whats up with that? If theres some useful info for an Internet game in the history/cookie folders then say it here, however tiny.. I dont want to start something huge, because this might mean nothng.
I use microslop IE explorer 5 if you didn't notice. Didn't try this with netscrape yet.
I started the file monitor right before I clicked the EULA agree button.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
But now these online ignroant lumps give all that up because they have no values other than "get me my next l33t level in this game".
What kind of bullshit is this??? What you're doing is equating allowing a person into my house with allowing the [three letter agency of choice here] to install wire taps and surveilance cameras in the same?
I'm as much for privacy as the next guy, but you're committing the typical 'slippery slope' logical fallacy of assuming that innocent action A will lead to dubious action B will lead to totalitarian mind-control facist government state Z at some point in the future. There are costs and benefits associated with every action, and in some cases the benefits outweigh the costs, depending. Online gaming is a great source of pleasure for a lot of people, providing fun and entertainment... if some fuckwit script kiddie downloads some tool that gives him unfair advantages over the rest of the online gaming community, this diminishes the sense of accomplishment for all the players that spent lots of time building up their characters through hard work and perseverance, which could in turn cause them to stop playing/let others know it's not a good game, which in turn again affects the bottom line of the company which looks at players as an income stream. The players were asked about this and a large majority agreed with the company. Just because I have the constitutional right to bear arms doesn't mean I have to go out and buy myself a 12-gauge or whatever, it's my decision whether or not I need to exercise those rights, and the same applies in this situation.
Having said that, I also have to note that this was probably not the ideal situation, and that something more akin to provding a more secure client/server channel would be a more optimal solution to the problem and hopefully one that will be given considertion by Verant. The problem is that as long as the 'cheating' remains unaddressed, the customers will be less satisfied and demand solutions, and implementing a secure communications protocol, including testing and debugging and optimization takes time, time during which there will be much bitching and moaning.
Anyways, to summarize, don't equate something petty like this with the End of Freedom In America, save your ire for something that's actually worth getting upset about.
----
Dave
Purity Of Essence
- Dave
Just because its "difficult" to thwart digital media problems doesn't mean its right.
So you see the lack of control as a problem, I see it as a feature. Deal with it, means in the market sense, not the "fuck off" snese.
-insert ridiculous claims by an AC how personal promotion does nothing to increase demand (Hey, look it's a RADIO!)
-inset additional claims how it's wrong to share the beauty we find in life, because someone else has "rights" to it. (rights set up for the sole purpose of propogating arts and science)
Half-baked arguments only get better with flames. Thanks again, AC.
--
+&x
I'm well familiar with it. I know, I know, I've flamed people before for bitching about moderation. But like a few people have said, for the questionable stuff, why not just respond instead of modding?
/. (that's political correctness) that has become very apparent after the IPO, VA takeover, etc. i.e. after the major media coverage and bunch of people flooded the place. It's like Usenet all over again. Hopefully some of them will find a clue along the way, but from many of their posts, clue-finding isn't real high on the priority list. But that's okay really, just more people to argue about MP3s with. :-)
/. has become PC, that's relative to what it used to be. Maybe it just got too big, whatever. I should stop posting and do some modding, but I like arg^H^H^Hdiscussion, so here I am.
And this is also a lament about the PC'ness of
Now when I say
--
+&x
On the subject of "you are an idiot":
Some people like to play games. Ever played a computer game? Chances are a bot would do better. Ever played a skill-based (not chance based) paper or board game? Was it Go? No? Then a computer could play it better.
Efficiently? Cheaply? What the heck are we talking about here?
I have seen the future, and it is inconvenient.
Judging from the Everquest players I've seen, they don't have TIME to download p0rn. :)
If you are a company facing such a diliema, what would you do? How many of you here will enjoying playing a game where a lot of people are cheating? Hrm, I don't see any hands. Once people start cheating, interest in the games will decline, and all this spells out to is lost profit for the company. My question is not if they are right or wrong, but what are we going to do to fix this problem?
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
BTW: Does anyone know when pigs will fly? (c:
According to RFC 1925:
(3) With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead.
I know I am supporting the MS empire but I can not help it. Have you played AC? It is incredibly fun and addictive. Also MS just runs the servers and distributed the the game. Turbine wrote it and they seem like a fine bunch of folks.
D.
So, if a company provides a service, that company decides what is required of people who use that service. If you don't like this, you don't have to play.
Of course, I've heard that to stop playing EQ is just akin to kicking heroine...
So, if a company provides a service, that company decides what is required of people who use that service. If you don't like this, you don't have to play.
Of course, I've heard that to stop playing EQ is akin to kicking heroine...
You're supporting the MS monopoly!
Aeeeiigghh..
>When Verant annoucned they were going to scan your tasklist for cheat programs
...
They were asking for more than just that. They could have accessed any information they found fit. Of course, they said they wouldn't do more, but they were asking for more.
"You also grant us permission to access, extract and upload (i) Game-related data as part of the patching process and (ii) data relating to any program that we, in our reasonable discretion, determine interferes with the proper operation of EverQuest."
>But the worst part is that people decided to make up ways Verant was checking for these hack/cheating programs
They were only doing that in the bounds of what Verant was asking permission to do. In theory, I could get banned if I ran a simple port-scanner, which had nothing to do with EQ. They could use the above clause to get this information and then use ban me, even though I wasn't cheating. (Sidenote: I would also have absolutly no recourse. But thats another issue.)
>What was the check suppost to do? "The client simply would examine
Then why not have this statement in the EULA instead of what they proposed?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
What they wanted to crack down on are other programs running along side EQ.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Its in the current EULA that they can ban you for whatever reason. And you have no recourse.
Thats what I don't like about this whole thing. There is no appeals process if you feel that you have been wronged. You become attached to the game and all its in-game goodness but if something goes wrong, any reason at all, then you have no recourse.
But then again, it is clearly in the EULA.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
>Given this concern, the only reasonable and effective thing for them to have done was to scan the user's hard drive for said cheating tool.
No it isn't. They are trying to stop ShowEQ. As other posts mention here, ShowEQ doesn't have to even run on the box EQ is running on. You effectivly have to search the entire network to detect it. Searching the HD is a minor way of detecting it.
>This isn't a privacy issue
It is. Even Smed (Top guy at Verant) admited that it was.
>they're only scanning for a tool which will lessen everybody's enjoyment of their game.
But where does it stop? They are also including a clause forbidding trading/selling items/characters. Can they track which sites I visit, the email I recieve, what by ebay acccount does to prevent this "cheating"? And they can do this all just by scanning your HD.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
Everyone I talked to took it like a troll, at best a very weak joke.
It was done days before April 1st (March 28?). It was a Test server, they put things on to test before going live. How else are people suppose to take it?
>The only way you would know they had changed was if you were hacking the program files.
Apparently, and I never did try it, they DID go into effect on the Test server. It wasn't only listed in the file. If they could change the file and not the actual game, why don't they get rid of the file and eliminate the hack entirely?
Its only funny when people laugh. Its called a troll when they do it to "to get a rise out of you"
( http://boards.station.sony.com/everquest/Forum4/H
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
>the Head GM is required to send each banned user a personal e-mail, stating why
Could you please show me where its says that the Head GM is required to do this?
I have a feeling that he/she doesn't have to because in the existing EULA it states that Verant can ban you for any reason they see fit.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
>They took their first countermeasures not too long ago, by adding a feature to the client software that scans your Windows task list and looks for these "external utilities".
If they did this then they did it without informing the user.
>They proposed to extend their search to the hard drive, to see if any of these programs even exist on your system
They proposed more than just this. Read the proposed change to the EULA and tell me this does not extend to checking what web sites they visited or your cookies. They did not do this, but they could.
>offering reasoning and explantions of the scanning process
I could explain to you what I am going to do in your home, but then I want you to sign that I could do anything while I'm in there. Its not what they said they would do, its what is actually in the EULA.
>Even with the overwhelming support of the scanning by their playerbase, they responsibly decided to back down on the issue.
Why? If the vast majority of people wanted it why back down?
>they did not try to "sneak" it past their users in any form.
They didn't try and sneak this one through but, according to you, they did sneak in the process of examining the task list.
>Verant should be commended on their responsible handling of this entire incident, not trashed in the court of public opinion based
They only backed down because of "the court of public opinion". If it wasn't for this the clause might be in the EULA today.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
"Customers... able to influence big company's decisions"!?!?!?
This is what the Cluetrain Manifesto is all about. In fact, a review of the book just appeared here on Slashdot.
Maybe the RIAA will get a clue.
BTW: Does anyone know when pigs will fly? (c:
Remember, these 180s in company policy we have see are the direct consequence of a profit motive. If the anger customers, and they stop using the companies service, then profit certainly goes down.
Spencer Ogden
I know this is a long stretch, but it's a possibility that you're ignoring, so I'll mention it just so that it doesn't happen:
When someone gets moderated down, they don't know who moderated the post down. Therefore, it's possible for the people who work for Slashdot to moderate posts down that they wish to quiet.
Again, I don't think it's happening, but those who work at slashdot have a motive (protect their bottom line), a means (they have access to the database), and the opportunity (it's not possible for the community to police them).
--
Of course, the current move of consoles to become more PC-like will potentially destroy this anti-cheating solution. Let's see if there is much twinking and PowerGaming in the Dreamcast multiplayer market when they release Phantasy Star online.
This may be a place where dedicated game boxes under tight controls from their parent companies do certain things better than PCs...
(Note: This should not be construed as an endorsement of despicable console maker Sony, whose villainy runs unchecked throughout the world.)
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
Ah huh.
Tell you what, how about you give me the keys to your house.
I swear I'm only going to use it to water the plants when you're out of town. Oh, and sign this statement saying 'I allow Erik to use my housekey and come into my house for....'
Yes, that part is left blank, so I can change it whenever I feel like it.
This is the situation with Verant.
Later
ErikZ
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
I, of course, am on a cable modem... and have it set to display all comments for every story. This sometimes makes slashdot take up to FOUR SECONDS to load on any particular page.
Don't criticize slashdot for being an open forum, because it makes your browsing slower :P. It truly is YOUR MODEM, not slashdot :).
--
linuxisgood:~$ man woman
Restating the obvious since nineteen aught five.
I don't even think thast would really even be cheating. It was just a virtual break in :)
treke
That's a load of crap, man. Most cheaters do NOT innovate, they just abuse a bug until it's patched. One thing I dig about the MUD scene is that wizards/immortals have the ability to assign punishments for someone who cheats or exploits a bug... if it's done in a malicious way. For example, I have a friend that climbed into a boat, and had his extremely strong friend sell the boat to a store. The way the MUD was set up, all the goods of the store will stored in a 'room' (more like location, actually). He loaded everything into the boat, got back in, and then signalled his friend to buy the boat back. now that's a hack. running an inventory duplicator is not.
my karma ran over your dogma
Yes, I should have mentioned that... The test server has, all along, maintained a policy that "bad things" can happen (up to and including a complete character wipe if necessary). It has been that way since the game was in beta stage.
:)
I don't have any sympathy for the people who got extremely upset over the changes for that reason. I do think, however, that it would have been funnier if the test server patch message had said something like, "a lot of new enchancements have gone in today that should increase the overall enjoyment and playability of the game! Please check them out and tell us what you think!"
Yes, I know about this.
My immediate question is, why do they even need to be collecting data from my computer? If someone is smart enough to avoid the server-side logging than they probably won't be caught by scanning the task list.
All a task list scan shows is that a program with a certain name happens to be running. That information is not helpful at all without additional evidence from logging, and if the additional evidence exists than the scan probably isn't needed in the first place.
It makes me very tempted to start regularly running a do-nothing app that shows up as a "problem app" in the task list, just to see what would happen...
"The client simply would examine a small subset of information on your system, none of it containing information personally identifiable to a third party, and only send it to our server in the event that you were "running" an illegal program at the same time you ran EQ." I'm assuming here "illegal program" means a program designed to give a user an advantage over other users in EQ.
You're assuming a good bit there. "illegal program" meant that, if you had the Microsoft debugger running on your system for any reason, the task name was sent to Verant's servers. This was tested by creating a test app (with a sleep loop), running the debugger on it, and watching the Everquest data stream while playing.
Now, granted, you *probably* don't have a reason for running a debugger on your system while you're playing Everquest. This is anything BUT a goof-proof system, however... the very fact that a do-nothing app would trigger the sending of information shows that. And I would rather not have a program scanning every task name I have running and reporting on whatever it sees fit, thankyouverymuch. (even though I DON'T do anything that should be reported)
how hard is it to end the tasks you don't want to be seen before firing up EQ?
Good question. The problem here is that Verant didn't let anyone know they were scanning the task list, or what the scanning was looking for. It's a bit much to expect users to think about every program they have running before starting up any other program.
Any scanning based on program/task names is a hideous choice in this kind of situation. I'm not sure what else they could do, but I am sure that I do not want them doing what they DID do.
Actually generations of soldiers have given up their "normal" life to fight for wars that were based mostly on economic principals. I can't think of any war that was fought over privacy rights.
I wonder if this was some programmer that thought of this, or if some manager suddenly decided it'd be a good idea.
Oh well I'm glad I play Asheron's Call now instead, much better game.
I played everquest with a group of friends for about 2 months after the initial release, and while it was fun I have to say that the lasting impression was that Verant is not very interested in making decisions which are fair to the users.
... but then they realized eventually, "Hmm, this is strange - not a single one of the werewolves has died yet!" ... well, turns out they never tested the code well enough, and the admin-controlled entities turned out to be unkillable. So basically it was a situation in which the admins came in and just slaughtered a ton of users - and the users had NO chance to do anything about it. When they figured it out, they started yelling ,"Hey, come back, we're killable now!", but that's pretty weak for the paying customers they fucked over.
,"Hmmm, sorry, that happens sometimes ... it's a bug. I would give you your experience back, but I can't since you already took your belongings off your body" (what the fuck?)
... monters can run and attack through walls ... attacking monsters don't have to worry about the z dimension (standing on a roof, a wolf on the ground can attack me, despite the 20 feet of intervening space) ...
...
During this early phase, there were countless bugs and errors which had a strong impact on users. The game shipped in a state where some of the player classes had abilities advertised on the box which didn't work at all in the game (until months after release).
Periodically, they would run "role playing events", whereby human beings at Verant would take control of monsters in a region and move them about and speak for them, presumably to liven up the game world. In one such event that I recall, it was a full moon and a pack of "werewolves" (really Verant admins in the guise of werewolves) descended upon an area and set about massacreing a group of players
I was playing once in a game, and a bunch of robotic guards in a given town went apeshit and killed a bunch of players (myself included). Admins showed up and said
Let's see other things
Verant is making a ton of money, and most of their users don't seem to care that they get constantly treated like shit.
Anyway, I know this is off-topic -- I'm just saying, it doesn't surprise me. They're a bunch of wankers who don't really seem to give a shit about their customers rights, as long as they are clueless enough to keep paying to get screwed
I've got some new info, so I figure I'd post it.
First, check out number 10 of the Rules of Conduct. It says "You will not attempt to interfere with, hack into, or decipher any transmissions to or from the servers running EverQuest.", right after reserving the right to ban you for failure to comply with these 13 rules.
Second, I found a copy of a bunch of posts by John Smedley (Pres & CEO of Verant Interactive, Inc) on Everlore.
here's an excerpt:
"...However, to get at the heart of your concern let me assure you that we could care less about anything that isn't going to interfere with EQ.
We aren't Big Brother and we're not sending back a list of sites you've been browsing, or anything else for that matter. Specifcally we have technology that can find the signatures of programs that are known to be hacking tools. If you have those tools, that's fine. Just don't run them when you're playing EQ. That's all we are saying."
There's a lot more there. If you're seriously interested in this issue, and not ranting for the hell of it, I suggest you check it out.
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
In regards to MS debugger...
buzzkilr asked:
"My concern comes in that what happens if a false positive shows up?"
John Smedley replied:
"buzzkilr - there's no significant risk from false positives. We do a lot of server side things as well to catch hackers, not just client side. More often then not they show up in multiple logs that we have, but that's a fair question.
John Smedley"
i found this over at Everlore.
There's more stuff there, check it out.
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
uh, dude? "ethical cheater" is an oxymoron
cheat (cht)
v. cheated, cheating, cheats.
v. tr.
1.To deceive by trickery; swindle: cheated customers by overcharging them for purchases.
2.To deprive by trickery; defraud: cheated them of their land.
3.To mislead; fool: illusions that cheat the eye.
4.To elude; escape: cheat death.
v. intr.
1.To act dishonestly; practice fraud.
2.To violate rules deliberately, as in a game: accused of cheating at cards.
3.Informal. To be sexually unfaithful: young marrieds who cheat on their spouses.
n.
1.An act of cheating; a fraud or swindle.
2.One that cheats; a swindler.
3.Law. Fraudulent acquisition of another's property.
4.Botany. An annual European species of brome grass (Bromus secalinus) widely naturalized in temperate regions.
just thought you could use a refresh on the word "cheat".
a better football analogy is this: you're the most brilliant scientist in the world. you've created a serum that multiplies your athletic abilities 100x.
is it ethical to promptly join the dallas cowboys and lead them to victory?
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
I didn't get the feeling that Verant was asking for permission for a more robust method of searching for cheat programs (or extracting whatever information they wanted)... but you could be right. I don't think that was their intent, though.
I think the EULA was worded as such not for reasons of gaining more information from user's hard disks, but for the lawyerisms that exist today... it's way too easy to find loopholes in specifically worded statements.
I would feel more comfortable with the EULA if they defined what "...interferes with the proper operation of EverQuest." - if they enumerate the items they're looking for, they restrict themselves to what information they can upload.
No, they were *not* doing that in the bounds of what Verant was asking permission for - they were inventing ways that Verant was going to check for programs that interfere with the proper operation of EQ.
I find it interesting that you use the port-scanner example - ShowEQ is nothing more than a heavily modified packet scanner - modified to show information not meant for the users.
A couple months ago, there was an instance of a couple characters banned from EQ for hacking/cheating - Briochan, Hawk, and somebody else. They responded to the Head GM's e-mail telling them they were banned (the Head GM is required to send each banned user a personal e-mail, stating why), insisting on their innocence. It took some time, but after reviewing the case, Verant acknowledged their mistake, apolgised for it, and offered them free EQ for life because of their mistake.
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
I thought they announced their intentions before scanning the task list. It is a lot to think about every program before running any other... and it shouldn't have to be done in many cases. I tend to close down every non-essential program when I run games, though.
And program names aren't good identifiers of what that program does, true.
So there needs to be something that keeps EQ to itself while protecting it from programs that stop the intended operation of the program.
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
Hey, I don't know if you're talking about Hawk and Briochan...
They were two EQ players who were banned for "cheating". They continually proclaimed their innocence, and less than a month later Verant came back, gave a public apology, and to apologize to Hawk and Briochan, gave them free EQ for life.
<sarcasm>
Yeah, that sounds like a company becoming so paranoid about maintaining "their world" that they're destroying the game...
</sarcasm>
sounds more to me like they're trying to stop cheating, and admit when they're wrong - and make up for it.
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
That's a very good point... and indicates somewhere where Verant needs a better utility before implemeting it.
I also would prefer to keep my tasks private... but I don't mind sacraficing that *little* privacy (how hard is it to end the tasks you don't want to be seen before firing up EQ?) to keep other folk from cheating in EQ. Cheats *destroyed* Diablo, I'd rather not see that happen to EQ.
Can you (or anyone) think of a better way to stop folk from cheating in EQ? Keep in mind (most of) these programs are passive, just scanning incoming data. The others (the malicious ones) are meant to disrupt the servers... I'm not sure how they do that, though.
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
As has been pointed out elsewhere, there are things that can't be prevented. Such as a hacked client that "helps" the player to aim. How are you gonna detect that?
Say no to software patents.
Ye gods! I wrote better encryption than that 20 years ago in high school to protect the source code of my multi-user space shooter. Seriously. Said encryption was never broken (though anyone today would have figured it out in a week) rather a sysadmin started watching my CPU usage and used the root password to go into my home directory whilst I was compiling the thing (the only time it was ever decrypted) and copied the sucker away. Ah those were the days. Still, after receiving one of the most annoying, boring, and tedious C++ proficiency tests from Verant after applying there for employment last Summer, this is a real kicker. Scott Le Grand Lead Coder Scatologic
what a good shot at that Anonymous Coward!
now, tell me, what was your real point? if you have none relating to his text, then perhaps you should just ignore similar posts and admit defeat.
Adding things like LIMITED weapons, ammo & powerups would require people to conserve their ammo and to play strategically, rather than switching over to rocket launcher, putting it on autorun and holding down their fire button.
This is exactly why I have been spending too much time playing the free Counterstrike mod for Halflife. Halflife is already a fantastic game, but the CS mod to it has improved the online play so greatly that I think it easily surpasses the quality of game play of any other online game in this genre. There are no powerups, you can only purchase weapons you can afford - and you get paid for killing your opponents in game cash, so you must be successful to get the good weapons.
If you have not heard of it, Counterstrike pits teams of Terrorists (sometimes with hostages sometimes with a target to be bombed) against teams of Counter-Terrorists in a variety of real-world situations. More recent additions include assassination scenarios (where the Counter-Terrorists must escort a VIP who is armed only with a knife - and played by one of the CT players - to a safe zone on the far side of the map), and escape scenarios (where the Terrorists must escape from a dangerous and disadvantageous situtation to a safe zone on the far side of the map). The maps cover a wide variety of fascinating tactical challenges, ranging from a hostage situation onboard a 747 in an airport to a VIP Assassination scenario on an oilrig. Brilliant stuff.
In contrast to most online shooters, CS requires you to be careful, plan your moves, and cooperate with other players on your team to be successful. You can run into a room with gun blazing but often as not you will be shot dead by the guy with the shotgun in the shadows. It does not have stupidly overpowerful weapons - all of the weapons in the game are realworld items with realistic (sic) performance. Not all weapons are available to both sides either - although a lot of care has gone into ensuring the balance of play.
All round this is an amazing effort on the part of the CS developers, and well deserving of a good look by anyone who owns Halflife.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
Yeah, there may be a day. Don't think I'll sit by and let the other computer come under attack and simply roll over and set up yet another computer. I know that won't work forever. But I also know that you have to choose your battles wisely. The world can not be divided into rigid yes/no black/white good/bad ethical/unethical groups. There's a lot of gray area there. The game computer - grey area - scan it all you want. If you do decide to look for other info that what you say you are well, fooey on them - they won't find it. It's a front computer. As long as they think they are sneaking their scans on me then the less they pursue scanning the other machine. As for the total privacy machine - it is well guarded. I take a hard stance on it's privacy issues and carefully select/configure the software on it. Remember, knowledge will get you farther than whinning.
Perhaps you missed the subtleties of his pun.
Here's your clue : Troll is spelled "t-r-o-l-l". Troll is spelled "t-r-o-l-l". I know the similarities are tough to see. But they're there.
The only way to get complete security is to design a powerful system with an incredibly thin client. Who has the advantage in a BBS game? No one! There is a certain advantge to those who have computers above 33 Mhtz, but still.
I believe (am im going to start developing) an online game where the server takes most of the work, and the client is merely a renderer of the server's description.
Very little is perfect, open source or not. The integrity of a game is important, which is why bugs get fixed and people get upset over cheaters.
In a MUD, people exploit bugs. In an online RPG, in the tradition UO or Everquest sense, they use cheating tools or hardware advantages.
When a game is driven by marketing, this is what happens. When a game is truely driven by the ultimate sense of good gaming, then we shall see what happens.
--jay
This is just an instance where obviously during the development phase, someone didn't take the necassary steps in order to avoid this situation. Granted, there is always a way around everything, but with a system as open as this, they should have taken better steps initially. Still an excellent product!
Your question isn't really about security but about feeling good about your other players. The solution is to not have a centralized server method. To allow local groups to run their own servers and control who uses them. Then in your chosen group, administered by fellow players who love the game, you have a community you trust and enjoy playing with.
/Duncan
Lan Parties are examples of this kind of behavior. MUDs was another. There were and are good MUDs and bad MUDs. The best had a community and people who cared.
Solutions regarding social behaviour in Humans are not cheap. They all require hard work and there is no quick technical fix, no silver bullet. Looking for one is just asking for trouble.
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Duncan Watson
The burden to securing the game should be on the Verant programmers. I don't own Everquest or even ever played it, but I'm a long time online gamer (bbs days) and look down upon cheating on multiplayer games. Even still, I think this is pretty low and I'd be ashamed if I was a game programmer and had to rely on laws and scanning HD's or whatever even minor privacy intrusion to make up for my lack of ability to secure the game data. I hope the rest of the gaming industry keeps notes on these sort of things, I hope these aren't the kind of programmers they want to hire.
How about asking the user if it can scan the user's driver for stuff, and then tell the user it's findings, and the user can then optionally tell it to submit that information to the game server. This way some users have the option of 'proving' that they are not cheating if they feel they need to establish that fact.
This should not be compulsory then either, just more of a personal matter.
Domini.
(random rant/rave mode on)
As a regular player of EQ, this is something that affects me. The patch message actually states that they did a survey of people and got a pretty positive response, but decided to back down because they thought it was a rash decision, and too much of an invasion into a persons privacy. I plan on in the future of proxying my EQ connection throught a linux server, (the os that showEQ runs on) I have no intention of cheating, ever. However their tough stance against cheating is in my opinion a good thing. It's no fun when everybody cheats, the games no fun. UO's policy of stoicly(sp?) tolerating cheating led to some major problems. Banning a cheater on the first offense is fine in my book though, if they can't play fair, the shouldn't play at all.
(random rant/rave mode off)
Stupid is as stupid dies.
Arun
Okay, this kind of thing has been bothering me for a while, so I'm going to take a stand here.
You may not realize this, but the moderators are picked more or less at random. The ability to moderate lasts three days. It's not like there is someone out there attacking anything that is against "slashdot policy." What likely happened was a regular reader of slashdot was given moderator status, felt that this post was nothing more than an attempt to get a reaction and therefore decided that it should be considered flamebait. It's not like that moderator is going to be able to carry out any kind of agenda, since after Saturday (at the latest) s/he won't be a moderator any more.
What it comes down to is that most of the moderation has absolutely nothing to do with the Slashdot editorial staff. There is no overriding agenda because any regular reader can be a moderator.
Have you read the moderator guidelines? It's all covered there.
Absolutely. The rules define the game. If you're not playing by the same rules, you are no longer playing the same game.
I would like to second this motion. Verant has been ultr-sensitive when it comes to user's privacy. The simple fact that they backed down from implementing this shows, that responsibility to user wishes. Ironically though before they made this decision they held a poll on EQ, this poll was required, and a overhwhelming amount of people thought it would be ok for Verant to scan their harddrive for cracks.
I think that most people agreed that they would rather have a level playing field. Also this isnt really an issue of invading privacy, all they are doing is making usre people arent cheating, if you dont want you EQ directory looked at then just dont play EQ, nobody is forcing you to. Not without saying that they openly admit and bring to the light the fact that they will be searching a portion. of you harddrive. I commend Verant on their reposibility in this issue.
Only way I can think of is to have a high speed internet (so that firing lots of data around doesn't destroy gameplay), massivley powerful central servers (well, lets say a cluster of interlinked servers each communicating and validating each other) and simple game clients. Here the idea would be that each of the users actions could be interogated by the servers to ensure consistency with the game world. The final step is to ensure that there is no data communicated outside the server ring except the actions of the client to the server (so if you can packet sniff the net as a whole or the subnet of an opponent your in....unless a strong encryption method is used). The server provides all data out on a need to know now basis so you can't know anything other than what the self validating server ring dicatates you must know.
Or hey, option 2 is even easier, let all players simply run an X server that displays the game running on the central server. How big a cluster would that need to run 10000 player quake? (hey if all the graphics work is at the client end, how much worse would q]|[ be?).
I ain't no expert, but surely the problem is an easy one to overcome.....build faster machines and a faster net. If I miss the point completely I look forward to reading the explanation.
Never underestimate the dark side of the Source
In general a game client really should just be a dumb terminal
Such was the case with many many MUDs before EQ came around, (either telnet or dial-up software) and people still found a way to cheat. They set up scripts to play their character for them 24/7. Now, while some may not view this as cheating, it certainly gave a very unfair advantage to these people.
Even if the client gets ONLY the essential information (in the aforementioned case, just text) people will FIND a way to get an advantage.
-- Dr. Eldarion --
They were planning on ammending theit EULA to give them the right to scan and retreive ANYTHING they wanted....
/. get it wrong?
So how did
For me it wasn't about what they WERE doing but about what they COULD do.
Had the EULA change taken place they could have doen ANY cans, taken ANY data.
I'm sorry but NO game is worth allowing the company that makes it free access to my data with no legal recourse for me
big difference in Quake is you play the other players
.oO0Oo.
in EQ you are competing against the ability for you to stay online playing the game for hours and hours
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
It's the player based economy that will fail
.oO0Oo.
it's shaky anyway but being able to duplicate your inventory would drop it dead if enough people did it
hope the coders find a better way of doing it than this crappy arms race
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
The first thing I found wrong there is that UO did/does cheat protection. In the earlier days of UO (when I actually played it), they had a method in place to determine if someone was using a skill raising program.. and subsequently punted them from the game.
Otherwise it looked to be quite right, 83% of those polled that play EQ said that they had no problem with Veriant gathering any/all information to stop cheating, etc.. (myself included)
Veriant changing their mind I must agree was the 'right thing' (tm). Belive it or not Veriant does try to please their player base but don't confuse that with doing whatever you want them too.
The truth of the point is that cheating in any way shape or manner, lessens the game.. Not only for you but for all the other players that have to deal with you. I know, I've cheated in a bunch of games.. without the real cost of working at it there really is no feeling of acheivement.. And if you want to make real $$ from playing the game go play UO.
Some day you wont be able to go around it.. :-( Sad.... You gotta fight for stuff whenever you can.
Given this concern, the only reasonable and effective thing for them to have done was to scan the user's hard drive for said cheating tool.
I liken this type of cheating tool to a virus scanner. Sure the scanner catches known cheats, but new cheats come out every day, and some can even be made polymorphic (they encrypt themselves when they run).
Viruses also infect hamsters.Will I retire or break 10K?
Somehow, I think this was Verant's plan all along. Ever been to an EQ newsgroup or discussion board? The more vocal participants are unbeliveably shrill crybabies for whom Verant can do nothing right. Even the most minor tweak will bring about a storm of angry posts denouncing the company as the Great Satan.
Verant has been implored to "do something" about these various cheats by many people. For the most part, their official mouthpieces have remained silent on the matter. I think that the hard drive scanning thing was to prove a point: that short of imposing ridiculous and Draconian privacy invading measures, it's impossible to stop the sort of cheating people complain about. I sincerely doubt that any of the people who were behind the scanning decision sincerely believed it would be done for more than 48 hours. In other words, point proved.
Of course, I could be wrong. After all, Verant has performed breathtaking feats of blunder in the past. They can be incredibly arrogant jerks, and usually at the wrong times.
The subject of cheating in online games has been discussed earlier on slashdotm l
http://slashdot.org/articles/99/12/26/1255258.sht
As I see it there are two good ways of avoiding cheating in a GPL game. In nethack the sourcecode is open, but each user recieves an encrypted client. I think that the developers claim that Nethack is still covered by GPL. (Actually this has been a mystery to me)
The Worldforge project (former Altima) is an effort to make an engine for creating massive multiplayer online roleplaying games. The engine will be GPL but the worlds will not be not. The Worldforge team decided that the best way to avoid cheating was simply to have a thin client.
These two ways of solving the problem have different advantages. In an ultima-clone I think that a thin client can solve most of the problems. In a wolfenstein clone (such as Quake), aiming is so important that a thin client is not enough.
the patch program still scans your memory .when i ran a memory editor of mine this morning and then tried running everquest the patch program exited.
that not the point o my post really i have although i have ben tempted to make my own graphical mud . what i as tring to was that verant still is scaning your memory even after they said they wouldnt do it.
Ummm... If checking for unauthorised programs on the users harddrive is the best they could come up with, then it's a pretty short sighted solution. Getting around this can be quite easy (Like masqueratind as MS notepad).
How would you like it if the Television industry said that it will be monitoring everything that you watch to make sure that you don't watch stolen cable? Or if the Telephone industry said that they would be monitoring every conversation you had on their lines just to make sure you weren't a spy?
No. User monitoring is just stupid. Instead invent a better client-server protocol. That's the only way to go. And if you don't want to spend the effort in doing this. Well then.. people are going to take advantage of you.
I have little knowledge of how these games work, don't play 'em, don't read about 'em so please excuse this post if it's something that's already been shown to be flawed.
What about an SSL style encryption scheme but where the end user has to buy thier certificate. - The purchase of the certificate would be akin to the purchase of a license. In the EUSA they agree that any abuse of the rules will result in the termination of their certificate.
Any fooling around and you can longer authenticate your self to the server without paying for another certificate. This should deter most would be cheaters.
Also, secret keys renegotiated periodically during game play should make any possible hacks much, much harder.
If this works, it should also work with open source games. (The games are open and free but the certificates aren't)
Any comments re my idea from those with more knowledge in gaming/crypto?
-Aaron Greenberg
--Aaron Greenberg
How can they tell if a program is used for 'hacking'/cheating purpose. Many tools that would allow you to do that have legitament uses. Also, I can just rename showEQ and there measures would be completely useless.
a 1 day poll that gets answered by less then 10% of there users isn't a very good indicator of there user base.
If I was useing showEQ to cheat I would of select YES in the poll and just renamed showEQ.
The chaged wording they purposed did leave room for interpetation as to what they want to call an 'illegal' software.
The Kruger Dunning explains most post on
This barely effects anyone who wasn't cheating anyway.
Not so. As a developer I often run various network specific programs in the background to test them. Some of those programs could be 'targeted' as a hacking tool even 'tho they are not used in a malicious way.
I also wonder if they stopped because it was the right thing to do, or they couldn't find a way to tell the difference between filtering programs and sniffing programs.
The Kruger Dunning explains most post on
WHat are they going to do when they find a packet sniffing tool on my machine? terminate my account? what if I happen to have a legetiment reason for it? how are they suppose to know the difference? They would have to search for anything that COuld be used to cheat, Because showEQ can be renamed.
EQ is not like quake, where your in direct competition with another player. They one exception is PvP option, and a small % of users choose that option. If you max out your lvl and stats, and go kill the toughest monster. That effects me Not one bit. Since verant designed the game so all the important info is controlled on there servers, I can't just edit the info on my machine,a'la Diablo.
The Kruger Dunning explains most post on
I played Diablo. Way to much (IMO) Inormation was kept client side, allowing you to modify the character it self, and anybody could kill you in diablo.
The first time someone cast that 15000 pt spell and KS they will be reported and, in all likelyhood, kicked off. I wish I knew what kind of logs they keep on server side. I want to know if they can 'tell' if someone killed something to quick?
Screw up spawn rates? how so?
there is very little a cheater can do in EQ anyways, since most if not all, of the needed code is kept server side. The only cheat I can think of is the button timming. If the time a button stays 'clicked' is determined client side, then I suppose you could do some sort of packet insertion to make the server think you have activated the event but still bypassing the timer. That would be a nasty cheat. An SK could do harm touch with EVERY sent packet. ewwwww.Fortunatly it would be a difficult cheat.
FYI showEQ does not let you 'Cheat' as far as I can tell, it only lets you see all the different data that is being passed around.
The Kruger Dunning explains most post on
AS a fellow EQ junkie, does someone else cheating on EQ effect you? Say I have a cheat that allows me to kill any monster in one stroke, how would that effect your 'progression' in the game?Sure he could use it to aquire a bunch of stuff, then give it to all his friends, but that won't effet You.
It has just occured to me that it would effect Red letters, but there such a small percentage, the money loss if they all quit the game, would be minor. On the other hand people who Like out cheating each other would have a way to play that way without effecting anyone else by being a red letter.As far as I can tell, showEQ doesn't do any cheating they way we traditionally mean it, i.e. more points/monet/stats.
Personaly I don't see the need to cheat, and just shake my head when someone does it, but thats life I suppose.
The Kruger Dunning explains most post on
They tried something, people reacted by saying they wouldn't buy it anymore, so they had to change it back. This is just more proof that money rules everything and everybody.
you cannot choose to choose later on these questions
no definition of what they concider 'cheating'... apparently sniffing the ip packets is cheating? I mean come on, I didn't download the util, but I've been sniffing them throu my 'free-pc is now a debian workstation' box.
and I've been meaning to set up a dual boot on my main box and try running eq through wine or Freemware or vmware. I haven't heard anything from the game makers, but other players keep telling me that they'll boot you if they find out
apparently this would be cheating. like watching a dvd is 'pirating'?
but the question was so insidieous. It didn't promise aninomity or that they wouldn't track those that said no. It implies that they are protecting the players who aren't cheating from those that are by checking everyone.
and I just have to reitterate that the question did not define cheating or let you answer at another time.
(i ran into that with the last question, which in order to answer you had to go read up about it on the website, which if you did, the question wasn't there anymore)
my2 cents
---
I really don't have (too) much trouble with someone scanning my HD IF it really would help destroying cheaters. I just think this really won't help very much. Anyway Microsoft must be doing it already so what does this matter?
I don't think it would be that be big of a deal. I mean they only look for certain programs, everything else they just ignore. Also, they don't upload anything unless it is supicious. AOL on the other end will scan your hard drive upload porno and MP3s and post it on their secret sight to resell. Just in case you wondered I am typing this from my new Netscape 6, bugs and all.
How about this - just before I start playing, I go and zip up all my cheating tools. (Or even better, have them on a floppy which I then remove.) They can't tell if I have them anymore. If it was a simple matter of scanning Windows registry or checking for errors in binaries related to the game, then people wouldn't mind so much. I guess what I'm trying to say is that even if they did scan users hard drives, it really wouldn't prevent cheating anyway.
You are in a maze of twisty little relative jumps, all alike.
Well, according to what they said people replied. I don't know, I never saw the poll till two hours ago :)
Anyway, most of the people are frogs in the water. They don't see anything wrong with a "little heat", and cannot see where that kind of slippery slope leads. Where do you draw the limit?
To checking your EQ registry?
Your entire disk?
Your mail aliases to verify you are not a friend with a known cheater?
The contents of your mailbox to verify you are not submitting items to auction for EBay?
Once you start signing away your rights, drawing the line at a later point and starting to defend them become a lot more expensive.
The main problem of ShowEQ is not that it cheats or hacks the server. It doesn't.
It's that it shows you all the information sent to the client, even information purposefully hidden for gameplay reasons.
With showEQ, you do not need to train your Sense Heading skill; you always know where you are.
With showEQ; you do not need a ranger, you have a full (not screen limited) list of all Mobs present.
And so on. ShowEQ users do not cheat per se, they just have a whole lot more information at their disposition, and thus make a lot better decisions. Verant does not think that playing that way is playing fair (it isn't, notably on the PvP servers).
By your logic, I am not doing illegal, so I think the police is justified in putting a vidcam in my living room ("just to check and react if you are burglarised")?
:)
No, I know, I think the government is justified in putting a tracer under your skin to monitor your health and position permanently.
Hey, you have got nothing to hide, after all
If you want a more mentally based example then I would propose that you consider it the equivalent of taking your lecture notes into an exam with you. Or taking the relevant Cliff Notes into an English Lit. exam. Not only do you gain a result that you have not deserved but you distort the results of everyone else so that they do not achieve the reward that they deserve. There are normally invigilators there to prevent this but in the case of online games they are still trying to figure out how to do this.
To revert to a sports analogy it is like taking steroids to boost your body development and hence performance. This gives you an unfair (and originally undetectable) advantage when competing against other who are not taking steroids. Verant were trying to find an equivalent to the dope tests that winners of most large events (and random other competitors) submit to these days.
Of course cheats are not interested in other people (except as victims of their actions) so they don't normally see that in cheating they are infringing others rights. However the right to swing your arm stops short of my nose.
Gamma Testing - Where testing is extended to the full user community (AKA Shipping the Program)
One point would be that much greater than 99 percent of cheats are not creating these hacks themselves (or else there is just far too much parallel development going on out there). They are simply pulling the latest 'enhancement' off a site somewhere and are using it to cheat. There is no great innovation going on for most of them, simply a different form of sheep like behaviour.
A lot of these hacks are the equivalent of forging money. I haven't seen a lot of opinion that forging is good. In fact it is generally considered very bad for any economy. This is why online games try very hard to prevent it. You have no excuse to get upset if when they find you doing it and drop on you from a great height. Most people at least tolerate reasonable checks to detect forgery and deal with it (Checking that high denomination not you just paid with). At the moment they are still developing these tests in online games.
Gamma Testing - Where testing is extended to the full user community (AKA Shipping the Program)
The other folks have already pointed out your logic blunder. I'll add that the people responding here aren't the ones being reactionary; Verant is. But beyond that, it's fundamentally against what our country is supposed to stand for and defend. Not to mention the fact that it won't stop the problem anyway.
I used to live in Northern Ireland where if your house was located in certain areas, you were not allowed to have curtains or blinds on your windows so the soldiers could see into your house to see if you were making bombs. Did this stop the terrorism? Hardly. It just seriously impacted the privacy of the citizens.
Verant doesn't have the right to find out shit about what's on my hard drive. Neither does Intel, Miscrosoft, or any one else. The PIII serial number debacle is one of the reasons I'll never buy another Intel processor again. In fact, after reading about this business, EQ has been completely removed from my system and will never be played again. The people in my house who play it won't like it, but I think crack cocaine is more healthy for them than this game anyway. It's already cost me hundreds of dollars in upgrades just to make the damned game run, but now Verant has just gone too far.
You may feel like your horse is high enough to let you always stare down at those who oppose invasion of privacy, but one day someone like Verant will come by with a real knee-knocker for you.
---------------------------------------------
Yes! Oh yes! My soul is snoring! - Tom Servo
---------------------------------------------
Yes! Oh yes! My soul is snoring! - Tom Servo
I want a
A little over a month ago, an EQ subscriber was banned from the game for "Cheating", as described by Verant staff. (Actually, he wasn't immediatly told he was cheating, it was three days after his account was deleted) Although the guy continued to claim innocence, Verant would not provide further details on why he was banned other than "cheating", nor would they allow him to defend himself. They have slowly been building up to this kind of manuver, and I'm not suprised at all that they wanted data on other processes that your system is running. They have become so paranoid about maintaining "their world", that I believe several execs. would destroy the entire user base just to maintain the continuity of their dream.
--CD
Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.
Actually a recent patch made the rolling server side, from what I recall. And rolling for loot is completely evil, but that's a more philisophical argument :)
The need for a patch and the damage leading up to it could have been avoided had they taken more care in the creation of the protocol, but these game companies never seem to take proactive steps.
:-P
;)
Next up will probably be removing monster hp and level from the datastream. The player is told the general condition of a monster when examined, and the monster's general level in relation to the player's is dealt with using consider.
There's just no reason for the server to be sending the client hp/level information for nearby mobs. The look/consider responses can and should be handled server-side. "The rat looks really hurt! You slashdot it for 4 damage! The rat is dead!" - That's about all any player needs to know. There's no need for the player to know that they just reduced the rat to -1 of 8hp, therefore there is no need for the client to know either. The client doesn't need to know anything beyond that it should make the rat squeak and fall over. Another oversight perhaps?
Once this is fixed, the next datastream "oops" will turn up, and the saga continues. All of this wasted time, energy and even money could have been saved by a little bit of common sense during production.
Of course, the moment common sense prevails in the corporate environment, I'd probably be able to sell the devil a pair of skis.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
What gets me is that the makers of these online games always insist on sending information to the client that is not meant to be seen by the player.
The client is in the hands of anyone who may want to hack it, and hack it they will... So it should stand to reason that you can't trust the client-end once it's in the hands of the playerbase.
The client's code, any information it stores in ram, and the client/server datastream are all accessible by would-be hackers.
If you don't want the player making use of information that is supposed to be hidden from them, just don't put it there. There's no reason this could not have been desinged and contingencies planned for from the beginning in any of these games. All the client needs is the information the player will see and interact with. Everything else can be done server-side.
Take EQ's "roll for loot" system, for instance. The numbers rolled to see who gets an item of loot are rolled client-side, which means they can be tampered with. A huge hole in fair play for what? To take a bit of load off the servers' random number generators? If it was just an oversight, it's a pretty big one IMHO.
After seeing multiple generations of games suffer the same defect, I can't believe they haven't learned. Is it arrogance? I'm at a loss to explain it.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
The "incompetant coders" had to take some shortcuts to reduce the effects of Internet Lag. The game sends the information about the monster out of view just around the corner. When you do turn the corner, the client can display the monsters instantly, instead of waiting on the server to update what monsters are there. Preloading the client with such information greatly reduced the effects of lag. But ShowEQ intercepts the data stream and displays information which normally would not be displayed in the client. Should the "incomepetant coders" eliminate the extra data? No, that would cause more lag. Should they more accurately determine what data the client is likely to need in the next update? Maybe, but that would require much more processing power. Should they have used a better encryption method? Probably, but that takes more processing power as well. I don't think Verant should be scanning our computers. I also realize that cheaters can ruin an online game. I also want a game that plays fast and is lag-resistant. I can't have all three at the same time. Scanning the process list and reporting back (y/n) if one of the processes match known cheat programs is less of an invasion of privacy than a company reporting back every app I have installed on my computer. Do you drive a car? Registered to vote? Have a bank account? Use an ISP? In each instance, you are giving up part of your privacy for a benefit. It is up to you to decide if you are willing to give up your privacy in exchange for the benefit provided. Everquest is the same way. Are you willing to give up your processlist in exchange for a mostly-cheatfree-game? 80+% of EQ players said yes. Verant did make the mistake of scanning before they had actually announced it. That was bad of them.
Everything in this post is false.
Sometimes it is very wise to trust the client. For example, the entire terrain is preloaded in the client. The server just sends the x,y,z co-ordinate of your position and all the monsters around you. If the client was just a dumb terminal, the server would have to send complete terrain information every update. You just can't do that over a modem.
Another example is casting a spell. The Server tells the client how much mana you have. Then when you attempt to cast a spell, the client can determine if you have enough mana to cast the spell without checking with the server. The server can check after the fact if the client did the right thing. If the server detects a cheating client, that client can be kicked out or flagged as cheating. The end result is that lag doesn't affect casting a spell.
It is clear to me that a Smart Client is the best way to go with limited bandwidth and latency. You just have to be extra careful as to what you trust the client with.
Everything in this post is false.
Whatever......I've seen some of the Everquest junkies and there is no way they would just stop playing the game. Some sort of rehab would be needed to control their RPG cravings. But it is far fetched to implement software with capabilities of probing for incriminating utilies...couldn't they simply boot the offending user off . Oh well... stupid is as stupid does.
www.droppingdimes.com
I was on the beta for AC I play EQ.. Playing AC is like playing in a vacuum compared to EQ. AC is the Temple while EQ is the Bazaar. The thing that makes EQ for me is the Human Interaction, it is one noisy game, At it's finest it is a chat room with a game attached. daddio
And I guarantee that if you "switch to rocket launcher,put on autorun and hold down the fire button" in a game with me or the folks I tend to play with you will get beat repeatedly. Not to mention you will run out of rockets in about 5 seconds.
sorry about the off topic
this should help: I hate Verant I hate Everquest, they ruined it with all their nerfing
The in-game poll could be considered biased for many reasons. 83% of the 15000 votes said that people thought it was OK for verant to scan, but what most people dont realize about that figure is that 15000 votes is only 8% of the current active subscriptions, and 83% of 8% doesnt amount to much of anything.
But Slashdot was cracked, would they tell us anymore? Most cracked companies often meet crackers demands rather than risk the public knowing they were cracked. Now that Slashdot is within Andover.net, there's the stockholders interests to consider first. The truth be damned.
There's a time and a place for hysteria over invasions of privacy, but this isn't it folks. Verant were simply trying to prevent idiots and script kiddies from spoiling the game for legitimate players. Because of knee-jerk reactions from online-privacy zealots, the online game is going to be ruined for everyone.
They were not scanning peoples hard drives, email, cookies etc. What they were doing was looking to see if you were running a process that they could ID as a hack program. While I am not entirely comfortable with that I must admit that given the state of the art it is the only way to curb blatant cheating. Cheating ruins most any game, but many insist on cheating and ruining others fun. If you don't mind people cheating I will be happy to play a little poker with you. With my special glasses and marked deck. Or if you wan to play monopoly I get to be banker.
You just have to make the right decisions on what you're sending that client. To quote Designer Dragon (original lead designer of Ultima Online): "Never put anything in the client. The client is in the hands of the enemy."
Zipwow's first corollary to that: "Never send anything to the client that you don't want them to know."
Why is the server sending the mob's hp and level to the client? If you're willing to spend the processes for it, you could also not send mob information about mobs that aren't currently visible to the client.
Its a harder job, but its possible, and it keeps you honest.
I don't know which is more depressing, that 2/3 didn't care enough to vote, or that 1/2 of those that did are crazy.
> but as much as /. likes to bash Microsoft, at
:-)
> least MS can be assured to have considered
> cryptographic protections.
> Sure, they rejected 'em, but still
Cheap shot. (Yeah, I'm responding to my own post. I'm that wrong.)
Microsoft actually has done quite a bit of work with their Authenticode system giving people a means of digitally verify their code, with a CA(Certificate Authority) backing up that signature. The keys are "only" 512 bit RSA, but that *will* stop the script kiddies.
I guess I was just expressing my annoyance that nothing's been done to handle login scripts--I've got to worry about every single desktop on campus going down to a single eight character password on our IT director's desktop because of it. Really, when it comes to validating executable content, MS has done quite a bit of good work in this regard that hasn't particularly been matched elsewhere(is there a way to sign ELF files in-band? What about RPMs, with a CA?)
Gotta remember, MS may have its technical flaws, but they do pull off some good stuff. It's their business department that's evil
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Concerning inventory duplicators, etc., I still consider those innovative. Not the actual running of one that someone else created (script kiddie style). Actually hacking the binary and/or protocol and using all your skills to determine how to get what you want is just an alternative way of playing the same game.
logan
Your analogy to a football game is a poor one. Football is more of a test of athletic ability than mental ability. The shotgun is a physical threat and action that allows one to bypass one's opponents. I suppose my cheating rhetoric only applies to less athletic games, I suppose. A good cheat is the application of mental skill to bypass arbitrary obstacles imposed by the structure of the game itself, not your opponents.
logan
I know this is tangential to the topic at hand, but neither Ultima Online nor Everquest "started" the MMORPG genre. They aren't even the first graphical MMORPGs.
Between 1993 and 1997, subscribers to online giant CIS and a little online system called AOL could play a text based, for profit, fantasy MMORPG called Gemstone III. After going flat-rate, AOL dumped it because far too many users connected for far too long to play Gemstone. Now Gemstone III players get along quite happily connecting directly via the internet. As far as I know, these were the first for-fee MMORPGs employing "gamemasters" to maintain the code, servers, and portray NPCs for the players. But there could have been even earlier ones, considering all the MU*s and MO*s out there... However, it was definitely the first to hit 1,000 simultaneously connected players. I was there. (And I was disgusted... I started playing when 30 players online was a huge crowd.)
Simutronics, the company who ran Gemstone, also offered several other games, all connected via gateways to several major online services. They're all still up and running, and quite fun, if you can harness enough of your imagination to abandon all the pretty graphics.
Then there was AOL's Neverwinter Nights. (Okay, it wasn't AOL's - they just hosted it.) I know little about this game, except it looked very similar to SSI's old Pools of Radiance series of single-player games, and it was multiplayer, and graphical... and offered no client for my platform at the time. (If someone knows more about the old NWN, please chime in.) Of course, if you've been paying attention at all for the past 10 months, you know that NWN will soon be reborn as the first networked virtual tabletop-style roleplaying environment.
Although I'm sure most players of EverQuest and Ultima Online have never heard of Gemstone or DragonRealms, and believe Neverwinter Nights is a brand-new title, the only innovations in these games are the pretty graphics, and perhaps some interesting server-side hacks... but the genre is an old one.
I can see the fnords!
>What I'm getting at is, most people who object to ShowEQ (and the rest of the suite) and agreed to HD scanning feel so strongly about online cheating that they'll give up their HD's privacy for an equal chance at EverQuest
And, IMHO, thats what is so scary - we are bringing up a generation that has no concept of the importance of the fundamental freedoms that they take for granted - and blithely give them up!
Its getting so bad anymore, that Im wondering if those militia loons arent at least partly right when they start slinging around quotes like "those who would give up freedom for safety will neither achieve nor deserve either" (paraphrased from Ben Franklin, I believe).
First its "bad things" like cigatettes, then the "war on (some) drugs", then priavte guns (ask Amadou Diallo's widow about the police guns). Now its privacy on the chopping block - how long until the freedoms of speech and expression are given up one slice at a time "for our own good" to a police state?
Its damned scary - generations of soldiers gave up normal life to preserve those rights, civil libertarians have stood up and put thier necks out, and even hackers have contributed [by providing the tools to set information free and preserve basic anonymity --Thanks Whitfield Diffie and Phill Zimmereman!].
But now these online ignroant lumps give all that up because they have no values other than "get me my next l33t level in this game".
"EverCrack" indeed!
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
Heh - you want to see their "encryption/decryption" routine? Its laughable!
// set data at this point
their key is a 32bit unsigned int
Their algorithm is something like the following in a semi-C layout:
decode (uint *data, uint bufferlen, uint globalkey)
tempKey = globalKey
uint reg1, reg2
uint shift1, shift2, add
uint blen = bufferlen/sizeof(uint)
for(int i=0; iblen, i++)
{
reg1 = *data
reg1 = reg1 + tempkey
reg2 = reg1 shift2
reg1 = (reg2 | (reg1 shift1)) + add
*data = reg1
reg1 = reg1 shift1
tempkey = tempkey + reg1 + add
data++;
}
Im not sure I have the sequencing right and the shifts may vary, but thats it.
How would you break something like this?
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
This is why I switched to playing ActionQuake instead of standard Quake II. Who needs 90% of the map to be engulfed in rocket or grenade explosions at any given time.
Well, I have to say that it would suck to play a game where I was getting left behind by a bunch of guys who were running cheat programs. I'm just not a real super competative person, and when I do an RPG, I like cool stories and a group of clever and cooperative people in my party, not some gugn-ho I-have-the-most-frags ego trip. Other people like competitive things and have fun backstabbing each other. If I have read my everquest FAQs correctly, (I am not playing yet till my new hardware arrives) there are servers dedicated to competitive play where bodies can be looted and so forth, and others devoted to cooperative play.
So, why not take that a step further? Some people prize privacy above all else, while others are more interested in keeping playability and enjoyability maximized. Is there any reason that Verant can't set up some servers that scan for 'foriegn objects in the ring' and others that leave everyone on the honor system?
That way we can decide on an individual basis wether to submit to these scans, rather than having a few privacy advocates or corporate goons dictating the One True Way to run the game. After all, no one person can always understand what I want from the gaming experience or what my privacy needs are.
Except possibly me.
if ($it != $onething) {$it = $another;}
Yeah they messed up from the inception of the game apparently.
If you design an online game, you can BET 3 things will happen..
1. People will try to spoof the server with hacked packets.
2. People will tinker with whatever files you leave on their hard drives, hoping to find a kink in the armor.
3. People will sniff the packets you send them, hoping to glean a little extra info.
This is BASIC stuff folks, and it sounds like they didn't even consider it from the outset. Now they're trying to cover their own inept engineering by blaming it on the players.
All they needed to do is talk to a few MUD administrators. Any one of us could have told them that some players will do ANYTHING to gain an advantage. We deal with it by plugging the holes, not by blaming the players. Its their JOB to poke at the code to find the holes.
What they wanted to get stop was ShowEQ which is a basic packet sniffer to give a radar of the current game world.
The problem is that ShowEQ is orginally programmed to run on a second Linux box with a Windows box running the EQ client/game. There is Windows version but this would not have stopped ShowEQ usage. It just would have given more advanced users a bigger unfair advantage. The change in the EULA wouldn't have helped unless they were going to scan every machine on a local lan.
Perhaps they should have started by not send so much information in their transmissions. Its called better programming.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
precentable?
Couldn't you create say a random mirror image of a "clean" hd each time a call was made from the program to look at the hd?
Slashdot social engineering at it's finest
Sounds like they need to fix the protocol - if you treat every client as potentially malicious, then the only data that client should be allowed receive or know about is data that the user would normally be allowed full access to anyway (not to mention that all data being received from the client should be checked very carefully for reasonableness).
I guess with the slow bandwidth issues, it might turn out to be almost impossible to implement certain kinds of effects w/o some cooperative processing from the client.
Maybe if they port it to Linux one day (And I get my @#!@#% AGP working on my biostar athlon motherboard) I'll check it out. *shrug*
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's too bad that so many games like this rely on security through obscurity as to their protocols (witness the massive cheating on Quake now that it's GPLed). Which means it won't ever be possible to say, create a GPLed client for Ultima Online (at least not without destroying the game with cheaters). Of course the problems of a secure exchange protocol isn't good either (higher overhead, more complexity, etc).
It's also too bad that people feel the need to cheat at something that's supposed to just be a game you play for fun, but that's another story, I suppose.
But scanning peoples hard drives doesn't seem like a very good solution to me. In fact doing it for something that is, in the long run, completely trivial makes me nervous.
Sorry to say but I am not a 'sheep' or a 'weak and obedient ass'. Yes, I play EQ. Yes, I told them it is ok to scan the computer. Why? Because I'm smart and know how to defend myself. Because I went out into the world, learned my computer skills, and now make enough money to have a seperate computer just for game playing. Scan it all you want - you won't find any useful info there. Corporations have been trying from day one to control their customers and get as much money as they can. They use legal power to protect it. The have closed door meetings that result in less than ethical decisions. You can scream and cry all you want but it's not going away. The only way to deal with it is to go around it. And that's what I did - two computers. And don't give me some weak kneed "What about all those people that can't afford two computers? Huh?" They are on their own. I'm willing to teach people but I won't do the work for them. Suvival of the fittest. You can't change the system - learn how it works and navigate around in it.
You're beginning to get into the issue of cheats vs. exploits. There is a world of a difference. Your friend's boat trick was an exploit of an existing (albeit unintentional) "feature" in the system. These undocumented features happen all the time, especially in the more complex games out there. I believe that in general, as long as a game allows something, it's fair game.
Cheats, on the other hand, involve some kind of external manipulation or modification of the game. I don't think this should be allowed, as it tends to create an uneven playing field. In the case of exploits, anyone who is clever enough to figure out the exploit (or knows about the exploit through word of mouth) can take advantage; in the case of cheats, only those who are willing to download and install the latest unauthorized hack can gain the upper hand.
One gray area comes to mind: "cheat codes". Although cheat codes are built into the game, and might thus technically be considered exploits, I don't think they should be used -- unless all participants are aware that the codes are available and can be used, and all participants want the codes available.
Should "cheat codes" be considered exploits or cheats? Well, consider their origin. In most cases, they are simply debugging aids that are left in the final game out of laziness -- or just for the hell of it.
Cheat codes are intended to be used for debugging, and not during actual gameplay; they can be seen as "external" to the game itself. In this light, a "cheat code" is really nothing more than a "trainer" that happens to be conveniently built into the game. This puts cheat codes squarely in the category of "cheats". In my book, cheats are almost always something to stay away from -- if only because they tend to ruin the fun.
begin 644
I didn't write the AC post earlier, but since you completely ignored what they wrote, I'll quote it again for you:
"current everquest users. the users
who dont mind having their hard
drives being raped. the people
who care about their privacy left
already."
Try reading the post next time before getting all indignant. He was simply stating that USERS who cared about privacy had left already. I'd say that was a pretty valid argument, wouldn't you?
Unbelievable It is absolutely unbelievable as I read most of these post that they are talking about keeping cheaters out of the game. I think the heart of the matter is that a company is wanting to scan your hard drive as a condition for installing there software. I think this is the central issue. If one company can start a trend, who will be next to try this tactic. I'll assume that we were lucky this time because the program asked if it could do the scan. Remember when Microsoft was accused of scanning a persons hard drive as part of the registration process and sending back information about their files. Consider that as part of using an mp3 player that it had to scan the pc for unlicensed songs and report the person to the RIAA?
The reason for this is probably twofold.
1. The community of users is much more reactive than the communities that represent consumers of other goods and services provided by major corporations, and is therefore prepared to make a loud fuss, in a semi-concerted way, and to use their buying decision collectively to hurt large corporations in the short term.
2. There are a large number of alternative suppliers of internet-related services, and given point 1, they have noticed that they can steal market share from competitors quite fast if they can stylize themselves as the "supplier that respects your privacy".
Another point is that companies do not exist to do what people want. Companies exist to maximize shareholder value, and in a perfect free market where Adam Smith's "Invisible hand" works as it should, that equates to supplying the goods and services in a competitive and efficient manner, such that consumers needs are satisfied to the maximum extent that they can be given limited resources. Market failure (monopoly power, certain types of goods, "non-rational" behaviour etc) means that this sometimes fails to happen, which is the economists' argument for government intervention. If companies existed solely to do what people want, we wouldn't need to call them to order like this all the time.
Salocin.com
#1 They did NOT ask their entire customer base. They asked less than 10% of it and then at a time when adults were offline.
#2 The have been far less than admirable about this. Publicly insulting people who raised privacy concerns.
I've said it before and I'll say it again: They over reached. Instead of saying we were wrong they say "A bunch of hackers, crackers and paranoids caused us to change our mind"
The Quake crowd hit this problem when their client went open-source. This was discussed on Slashdot then, and that discussion covers the game design issues better.
Verant has stated that they routinely patch their servers and the client program to try to prevent cheat programs from working. They merely thought about scanning for certain executibles to make their job a little bit easier. They thought it over, put the question to their playerbase, listened, and agreed with the well thought-out arguments of the minority. That is what brought out Verant's about face on the issue. Figure of the 15% that voted against it, 2/3 actually responded, and half of that was not flame. That would mean that Verant chose to listen to only 5% of their playerbase and found those arguments enlightned enough to change their minds. That is how the net is suppose to work, not by mindless boycots but by intelligent conversation. BTW, I was part of the 85% that had no problem with it.
Mess not in the affairs of dragons, for you are crunchy and good with ketchup.
In higher level competition, their bags are examined, they give urine and sometimes blood samples.
This isn't a violation of privacy since the atheletes are *informed* that they will be held under scrutiny.
Obviously the comparison between professional level sports and an online game isn't perfectly natural.
What about a user moderation feature? People who obviously abuse the system can be labelled as such. They are free to play the game, just not with people who don't want to cheat.
Hmmm, the implementation would be difficult, and it would take a critical mass of players who moderated fairly (IE, not labelling someone a cheater just because they don't get along).
Just my ramblings...
Greg
Blizard did that alot with Starcraft and their Battle.net servers. Every time a new hack/cheat came out for Starcraft, they patched the program and any user than wanted to use their servers had to have the latest version to play online. It won't completely protect you from cheaters, but it's not an invasion of privacy...
kwsNI
Yes it is just a game, and I would of dropped it in a heart beat if they went through with the scanning my HD plan.
I just wanted to say there is , in reality, very little competition in EQ. Many people have a precieved competition, I know I did for a while. There is, rarely, any race for anything. If you don't get something today, it will be there tomorrow.
Yes, there can be a group of people that want to be competitive with each other, and thats fine, but it doesn't effect other players.
My point is, someone can come out with a cheat tomorrow that allowed ont ot be lvl 50(current max,kinda) have a 200 in every skill, and give them a googleplex of money. That won't effect my playing at all.
The Kruger Dunning explains most post on
My younger brother, who plays EQ and Asheron's Call and others, frequently belts out long rants about how irritating these "mini-hacks" are to him. He considers them cheating.
What I'm getting at is, most people who object to ShowEQ (and the rest of the suite) and agreed to HD scanning feel so strongly about online cheating that they'll give up their HD's privacy for an equal chance at EverQuest.
***JUMP PAD ACTIVATION INITIATION START***
***TRANSPORT WHEN READY***
***JUMP PAD ACTIVATION INITIATION START***
***TRANSPORT WHEN READY***
"All it does is lets you see the REAL numbers behind the game that Verant tries to hide with handwaving and frantic knees-bent running about behavior." It DOES allow the user of ShowEQ to cheat, although its users have come up with a surprising number of rationalizations to say otherwise. For example, if a rare monsters spawns across the map, you'll be the first to know. And is that tough mob holding a great piece of rare loot, or just a couple copper? It'll tell you that too. As a matter of fact, Verant has had some success banning ShowEQ users based solely on observing for their behavior. A guy who was just standing around suddenly heads off in a beeline for that newly spawned will-o-wisp that just happens to have great loot. It IS cheating-- keep that in mind, and we can attempt to have a rational discussion.
Example: The NSA should invest in codebreaking technology. It's part of their mandate. But we shouldn't have to hand over keys, to obviate the need for the codebreaking tech.
The Mongrel Dogs Who Teach
For instance: yesterday on NPR(scroll down for RA of story) there was a story on Internet privacy and it featured a new piece of software (name escapes me now) that basically configured your browser to run through a proxy server so that all your traffic could be scanned. Why this software company is still in business after effectifely instituting a wire tap (just on digital information on port 80), I don't know. Though, their EULA does mention that your traffic will be monitored, I can't believe that people actually use their software.
This goes way beyond using cookies to track usage (hell, we have Neillson ratings for TV that do something very similar). I applaud the efforts of the userbase of Verant of taking notice and effecting change through economical means. Now, if only everyone would not use invasive products, all companies with invasive software would go out of business.
First, here's a letter from Verant CEO John Smedley regarding the new policies and security checks announced. (From EQ Vault)
Ok. We put the poll in, and with roughly 15,000 people participating the poll came up with 83% of the people being fine with us running the check for cheating.
DESPITE THIS POLL we have decided that it's the wrong thing to do. Enough people have convinced us that it's chipping away a little too much at people's privacy EVEN if they do consent for us to implement this policy.
Therefore, the change to the EULA will read as follows:
Solely for the purpose of patching and updating the Game, you hereby grant us permission to (i) upload Game file information from the Everquest directory and (ii) download Game files to you.
Now, before anyone wonders exactly what this is, let me explain. Technically speaking we probably should have had this language in there from day one for you to consent us to even download new game files to you in the first place. We apologize for not realizing that we should have gotten this consent, but live and learn.
We can admit when we make mistakes, and I believe this is a case where we owe an apology to our Player base. In our haste to try and thwart people from damaging the game we went overboard.
There will be absolutely no scanning of anyone's computer for any reason other than the normal patching process (which won't do any sort of checking on what you have running).
Regards,
John Smedley
President and CEO
Verant Interactive, Inc.
So to summarize, Verant apologized for their planned policy even though 83% of their player base supported it because they realized it was wrong to scan their computers. They even apologized for not stating previously in their UELA that they scanned and downloaded information to their users for patching (which all online games do).
Here's a posting from the EverQuest Message Boards by Gordon Wrinn, the Verant Customer Service Rep, in reply to a comment by a player.
[In Reply To: Scanning my tasklist for hack programs is not that big of a deal and if it gets rid of the hackers anyway, I say go for it. IMO it is not an invasion of privacy to do this. I give out more information, personal information, everytime I use my credit card at the store ]
Unfortunately it is a case where paranoia ended up winning out. I think that we could definitely have done a better job explaining what it was we were doing, and that would have lead to a bit more buy-in. Instead, some people decided to make up reports that we were scanning directory trees (false), internet files (false), internet history (false), cookies (false), and email (false), and unfortunately many people believed them.
The general paranoia resulted from the assumption that we (meaning: our servers) were actively collecting information from your system. This simply wasn't the case. The client simply would examine a small subset of information on your system, none of it containing information personally identifiable to a third party, and only send it to our server in the event that you were "running" an illegal program at the same time you ran EQ. We had absolutely no interest in what was installed on your system, only what you were running when you connected to ours.
I think privacy is important as well, but I don't really care about what a piece of client software is doing on my system. I only care when that piece of client software is transmitting information from my system to an outside source. In this case, the only time any data transmission was to take place was when something bad was found by the client. There was to be no server-side analysis of raw data. I'm sure that most people would agree that we do have a right to insure that our software license is being complied with.
In any case, I guess it's water under the bridge now. I'll blame Hollywood for all of the misunderstandings.
-Gordon
While I don't agree with all his views, I do see where he's coming from. His viewpoint reflects the majority of EQ players.
Hope that cleared a few things up.
"A person reveals his character by nothing so clearly as the joke he resents."
You could compare it with an anal probe. Some people are actually into that sort of thing... I just had no idea it was %80 of 'em. :-P
All I know is that I'll never be able to look at the other people on the bus the same way again.
---
Where can the word be found, where can the word resound? Not here, there is not enough silence.
"Where shall the word be found, where will the word resound? Not here, there is not enough silence." -T.S. Eliot
Now Mr. Smedley claimed that no hard disk scanning would be done but as you can tell from the wording just about anything is fair game.
More disturbing is Mr. Smedley's admission that scanning and reporting was already being done. Supposedly only the task list was being scanned for an unknown list of running tasks and if one or more of them were running this information was reported back to Verant. This is disturbing because it clearly violates California Penal Code (section 502). (read the law here)
Given the unauthorised scanning that took place before the proposed change to the EULA (which I think we all can agree that unilateral EULA changes are probably unenforceable, moreso than EULA's in general =), it was pretty hard to believe them.
Verant is now in a position to be pursued for criminal prosecution and is also open for civil action according to 502. It will be interesting to watch this develop further.
The Adept -- Long distance motorcyle rider, player of video games, hacker at large, father of one
a) That's 83% of the 15,000 who logged in while the poll was up. There are 200,000 active accounts.
b) The poll was up during the day. That means they were polling children; the adults were all at work. It's pretty safe to say that most of those polled have no real appreciation of the implications of their ''yes'' answer.
c) The poll did not even include the proposed EULA modification; it asked if people ''were comfortable with Verant scanning users' machines to find hacking programs'' That sounds a whole lot less objectionable than what the mod proposed.
The very fact that they even considered such a move indicates that they have Lost It Completely. The fortress mentality has taken over.
"There's no easy way to be free" -- P. Townshend, _Slip Kid_
logan
Hey, I blew my top :)
Perhaps "incompetant management" would be a better description. Being part of the computer industry I've seen many cases where the engineers and coders want to do "the right thing", but management decides that they should do "the lazy thing" because it costs less or takes less time.
Latency is a part of internet games. It is and always will be. Giving clients extra information in an attempt to hide it is just asking for trouble. In general a game client really should just be a dumb terminal, periodically receiving state updates from a server, and never being trusted. The problem of client trust is way beyond the scope of this slashdot article, but for the purposes of a game, the basic idea is that "The Client Can Never Be Trusted".
When you assume a client is trustworthy, for whatever reason (trying to reduce the appearance of lag) you open yourself up to cheating. This is a choice Verant made when they developed the game, and one they should now accept and deal with.
________________________________
>The scanner in question did NOT scan registry, HD, browser history, etc.
But the change in the EULA would allow them to do this. With no legal restrictions, no matter what they said.
>The Verant Management has maintained a very open line of communication with their customer base,
Really? They had an "April Fools" joke recently which cause an outrage from its customers, mainly because they didn't TRUST Verant that it was a joke.
>a mandatory poll of the users asking them about allowing Verant to scan for cheating programs
There was nothing mandatory about it. The poll was only created because so many people were outraged because of it.
>(80+% agreed with the scanning).
Which question? There were two forms of questions during the poll. The first being something like "Do you agree that Verant should stop hacking programs?" Don't you think thats a bit biased?
>I'm at a loss to think of a better resolution to deal with people acting like scumbags.
As I mentioned in another post, what they wanted to get rid of is ShowEQ. They can limit its functionality greatly just by not sending so much irrelevant information.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
First off, 90% of any post I see related to EQ is always bashing Verant for one reason or another. I think a lot of these posts aren't warrented, and their authors aren't giving Verant a fair chance. But this is the same for any corporation / company... when anything goes wrong, or doesn't go the way they want it to, people scream and yell and say "SEE! *THIS* is capitalism at work!" You're all crazy.
Capitalism at work is keeping your customers happy. If they're happy, they'll keep coming back to buy your product.
When Verant annoucned they were going to scan your tasklist for cheat programs, they also put a poll in at the login screen, stating something to the nature of "Do you have a problem with Verant checking for cheat programs when you run EQ?"
That's right - they *ask* their users for thier opinions.
And *despite* the fact that 83% (out of 15000) responded they were fine with running a check for cheating, *Verant decided not to do it*. Why?
Because enough people had stated they felt it was chipping too much into their privacy.
But the worst part is that people decided to make up ways Verant was checking for these hack/cheating programs... for example, scanning directory trees (false), internet files (false), internet history (false), cookies (false), and email (false).
What was the check suppost to do? "The client simply would examine a small subset of information on your system, none of it containing information personally identifiable to a third party, and only send it to our server in the event that you were "running" an illegal program at the same time you ran EQ." I'm assuming here "illegal program" means a program designed to give a user an advantage over other users in EQ.
I understand some people would say this is an invasion of privacy. Some of those people are honestly worried about the continuous breach in our privacy in general. I'm willing to bet that the majority of people who cried "Foul!" were worried they wouldn't get to use thier cheat programs anymore.
Or, they were the people who find a reason to scream "SEE! Capitalism at work! Invasion of privacy! Invasion of privacy!" when it isn't justified.
This post is way too long already, but I've got more to say on the issue. If you disagree, or agree, post and we'll talk.
The information I used in this post can be found at EQ Stratics or The EQ Vault.
lw
Mods: Disagreeing with me != my post Offtopic / Flamebait.
World without hate or war, invaded. Tragic?
Is it Verant and the designers of EQ for being somewhat laxed in their design? It is one thing that the server has to tell the client where all of the dynamic objects in the world are position, it is something else to blantanly tell the client extra junk about them. There is no particular reason why the client needs to know the exact hit points of a creature. It should have been broadcast to the client as a percentage, which in the end is what the player ends up seeing. If they were really concerned about people "eavesdropping", they should have encrypted the data streams. Scanning the computer to see if hacker tools are employed is a weak attempt to stop this kind of exploit, at best, and, at worse, it is wrong.
In another sense, Verant and EQ are trying to act in the best interest of the game. How many people will continue to play a game of Chess against a person who is blantantly cheating? EQ should probably be no different. I want them to actively keep the game from descending into a hacker's paradise.
Is it the players are at fault for trying such junk in the first place? And please don't quote me "the players pay have a right to do what they want" because that isn't true. By agreeing to play any game, you agree to follow a certain framework of rules. If a cheater is playing someone in a game a real world Chess and the cheater is caught cheating, they really have no defense. EQ should be no different. The "neutral tool" argument doesn't really work here either(ie. 'hammer is a tool that does some good things and bad things...do we outlaw hammers?'). ShowEQ isn't a generic tool that has other applications. It was designed for one purpose and one purpose only. If ShowEQ was designed for "acedemic reason" that is one thing but I have a hard time believing so many people are interested in ShowEQ because it teaches useful programming skills.
In another sense, players should push Verant and the EQ Architecture to the limit. The only way the game will get better is if the players push on Verant to improve it. As mentioned before, the fact that you can listen to packets flying by and find out extra information indicates a weakness in their design. It should be pointed out that one of the useful things that came out of ShowEQ is that it was shown that reduntant information was coming back from the server. Verant did take note and said they would do something about it (although I'm unclear whether or not they actually fixed it. ^_^). How can the players do this without actually figuring out how some of the game works?
IMHO, both sides blew this way out of proportion. Verant didn't think things through when they wanted to stop players from packet listening and came up with the wrong solution. Instead of wasting time and effort into figuring out how to detect packet sniffing, they should be putting time and effort into fixing the real problem which: too much information is sent over the wire. Players blew this way out of proportion because because Verant basically said "We don't really care if you have hacking tools...just don't use them while playing EQ" but many read much more into it. If you are going to do something questionable, shady, etc. you probably shouldn't be doing it in "plain sight" (yes, on Windows 95/98, the hard disk is plain sight...everything in Windows 95/98 is in plain sight) especially after you've been warned.
/.ers are always willing to disregard "security through obscurity", but how would you design an open method go about this, aiming to get 100% surety that no one is cheating?
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
Doubleclick,the Feds and Verant all seem to be in the same business. Doubleclick for obvious reasons, the Fed this week pumping the Bill S. 2092, which will give the federal government's ``trap and trace'' authority, and now Verant. Law enforcement and now mainstream business views the Fourth Amendment as the problem. That's the piece of the Bill of Rights that protects ``persons, houses, papers and effects against unreasonable searches and seizures''-- with no mention of data and what it represents. And so now, the corporations and the government want to force manufacturers to build surveillance into technology, all but eliminating another basic right of privacy.
More race stuff in one place,
than any one place on the net.
Those who attempt 'security through obscurity' achieve 'obscurity through stupidity'. Frankly, I prefer 'security through perversity'.
I play Eq and as anyone else who plays knows EVERYTIME you log on they require you to read and agree to the license. It has been a long standng joke that they change the license regularly without telling us.
This is, while I can see there side, just the latest in turning the world of Norrath into more of a police state. Over the last few months they have recuited more guides (read police) to enforce their new play nice policy.
Basically the policy is that anyone who pisses off anyone else is up for disciplinary action that include suspension and expulsion. (sounds like high school no?) While on the one hand they have created a very nice game and are wildly successful, theat success has caused growing pains on their side.
A few examples of the pains are the fact that each server is disigned to have 1000 - 1200 people playing on it at any one time, you are hard pressed to find any server that has less than 1800 users and many are hitting 2000 during peak hours. For those that haven't experieinced once you select a server that is where your avatar lives it's life, forever. No crossing from one server to another. As your friends join up they want to hang w you so they joing your server compunding the problem.
This excess of players stresses the system on two fronts of course the technical side with zones and servers crashing sometimes for days losing the entire player database, but also the in game resources are pushed having not been designed for that many people. This causes a shortage of things to do with people camping waiting for the first enemy to appear and not only battle the enemy but argue with other players over who it belongs too. This breeds animosity among players who are NOT allowed to kill one another (except under certain mutally agreed circumstance. So now maybe you understand. While Verant has learned from the mistakes of Ultima they have still created their own special problems.
Overall though the game is so very well done and when it works the experience is so cool that we all hang out and keep playing. For the unititated all I can say is that the social aspects of the game are in my opinion what keep people playing.
daddio
http://lum.xrgaming.net scroll down a bit, its got about 6 posts with letters from Verant President John Smedley himself, + Verant lawyers.
Lets face it, people who game online like to get the edge over their opponents, and one of the ways they do this is to cheat. There is a proliferation of tools to do this for various online games, and users can easily find them on the net.
When even one person cheats it makes the entire game less fun for everyone else playing it. Instead of a test of skill it becomes a farce, with little or no skill being required to win or proceed. Verant, obviously worried about the quality and fun of their game EverQuest, were being entirely reasonable by wanting to prevent the use of cheating tools.
Given this concern, the only reasonable and effective thing for them to have done was to scan the user's hard drive for said cheating tool. This isn't a privacy issue - they're only scanning for a tool which will lessen everybody's enjoyment of their game. If you are are against this then you are letting people ruin the game by cheating, which is hardly fair to other users.
Ridiculous. I can't say I'm surprised though. A bunch of suits sitting around a board room discussing their moneymaker and saying "Hmm. we need a way to keep the game fair. I know, let's require anybody who wants to play to give us total access to their computers. They ought to go for that."
The game has YET to be invented that will make me want to trade in my privacy in order that I might keep some other guy from getting some extra HP or resources by cheating.
Not to mention that if you have to cheat at a game just to be competative -- how much fun can it possibly be?
... kinda like the problem with playing Quake online... The levels are completely unimaginative, and it comes down to ping speed & hardware to decide the winner. Adding things like LIMITED weapons, ammo & powerups would require people to conserve their ammo and to play strategically, rather than switching over to rocket launcher, putting it on autorun and holding down their fire button.
But it's all just games anyway, right? Relax, people. Have fun. Stop nosing around on my PC.
-The Reverend
-The Reverend (I am not a Nazi nor a Troll)
=(.\')=
You bring up a very good point. Customers are able to influence a big company's decisions, especially on issues like privacy. One key point I'd like to highlight is this: they can only do this if they are informed. I think it's extremely important that we try out best to make the average Joe user aware of all the potential violations of privacy that's going on today. The reason that so many users today have such poor habits online (in terms of protecting their own privacy) is because they aren't aware of it.
This may be a bit off-topic, but I think this principle can be applied to other things too. Such as things like DMCA. It went by because very few were actually aware of the threats it represents. But if the average Joe user is made aware of these issues, I'm sure the masses will be able to force the powers that be to change things. Just like this case: imagine if nobody knew that the latest Everquest upgrade scanned their computers. Nothing would be done about it, and privacy will be compromised. But once people found out about it, they took action, and things changed. I'm sure this can happen on other areas too, like DMCA, etc..
mikre he sophia he tou Mikrosophou.
The question is no longer whether Verant *ought* to rummage through its user's computers looking for whatever it feels like.
/. likes to bash Microsoft, at least MS can be assured to have considered cryptographic protections.
The question is, what prevents anyone else from doing so?
If Verant can modify Everquest such that it ships with Back Orifice 2000, and the only thing that prevented them from doing so was the (thankfully effective!) fear of inadequate liability disclaimers, what *exactly* prevents anyone else, who *doesn't* particularly worry so much about the law, from attacking any Everquest player they please with a trojan'd update?
I betcha nothing but the network, as if "well, it came from Verant's DNS name, so it *can't* be spoofable." *sigh* I'm reminded of the Genie from Alladin..."PHENOMENAL COSMIC POWERS...itty bitty security." Oh, and toss in a little bit of obscurity to be on the safe side.
I should be fair. There's an off chance that there's some cryptographic protection against such an attack being sued by Verant. That'd be nice. I'd like that, as I do cryptography. Day in, day out, it's what I've been living, breathing, thinking, and scheming. And ya know what? I had a total compromise sitting around in my design, because I forgot the (rather simple, but marginally obscure fact) that it's rather trivial to convert a private key back into its public key equivalent. (Moral of the story, folks: Possession of a public key authenticates NOTHING.) Stupid problem, easy to fix, but then, that's my *job* right now.
I doubt I have an equivalent at Verant.
At best, Verant is employing some painfully inadequate public signature verification key to make sure that an update actually came from them. Rather likely, they're using some symmetric algorithm(RC2/RC4 most likely, as they're easily exportable) with a broken key length--not that it matters, since if they're using a symmetric key to authenticate the packages, then the same key that Verant used to sign the update shipped with every copy of Everquest--*cough* itty bitty security. Same shtick if they use a MD5-signature variant--the "key" used to authenticate the package as coming from Verant and not Joe Cracker necessarily gets shipped with each box.
Of course, who am I kidding. We'd be lucky if there's an XOR in the lot. (XOR, for the non cryptographers out there, is a thoroughly broken but easy to implement logic operation that one can run on data to make it "appear" encrypted. Appearances...can be deceiving.)
Folks, this is a *real* problem. Whenever you're doing crypto, you have to separate the world into Us vs. Them. I don't have a problem trusting Verant--they've got deep pockets, they've got skittish lawyers, and if they try anything, we'll see 'em telegraph it in the licensing agreement. (And if they do things without changing the agreement, We Know Where They Live.) So, for the moment, "Us" is Verant and Me, as an Individual Gamer. Them is every *other* gamer, malcontent, and kangaroo down under.
The question to ask yourself, is: What allows Us to determine what code is executed on the client machine, and not Them?
The next question to ask yourself is, since *you're* the one at risk with the client machine, and not Verant, how likely is it that Verant even broke a sweat regarding the answer to the previous question?
Great. Verant isn't going to hack their users, out of the goodness of their lawyers paranoia. So who will?
What about other games here, folks? Am I the only one noticing that large portions of the Windows software space are suddenly becoming net enabled for no other reason but to deliver ads(at best) and trojans(over time)?
This isn't the first time I've run a company through the ringer over automatic execution of code(both Microsoft and Novell have painfully inadequate checking on their login script functionality; more at www.doxpara.com), but as much as
Sure, they rejected 'em, but still...you gotta know they at least considered 'em. Verant, on the other hand?
Does anyone know?
Email or reply if any of this concerns you. I've had some interesting reponses planned to this trend that I just haven't had the resources to implement. With some help, we might actually be able to...deal with this situation.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
For those that don't have the time or inclination to look at the whole story here's the deal as I observed it over the last little while.
First Everquest doesn't have that large of a real cheating problem, they're very good at logging any strange client behaviour and banning people the minute they're caught. However, a program was released to the public domain a while back called ShowEQ, this program is a passive sniffer that reads the data stream between the client and the server and displays data that gives the user an advantage over other players, basicly it's a realtime map of all the monsters in a zone with their hps and level.
Verant has been trying to combat this for a while by constantly changing their encryption scheme but has thus far been unsuccessful in locking the people maintaining the program out for more than a few days.
ShowEQ ran on Linux, recently someone released a Windows version and this is what verant claims they were scanning for (The passive client on linux is really impossible for them to detect)
Someone recently posted a message on the EQ message boards asking why verant was scanning the task list of their computer and uploading what was running back to the servers, this is prior to the announcement that they wanted to do this btw, Verant was extremely quiet about this thread until the announcement was made that they were changing the end user license which you have to agree to every time you start the everquest client.
All these threads are still available and it's somewhat interesting to read what Verant's reps posted in response. If you want to see check http://everquest.station.sony.com and click on the message boards link.
Part of Verant's problem is they've been fostering a real Us vs the Players attitude (Although they probably don't intend to, but anyone who's been on a MUS* before realizes that it's just part of the lifecyle of such games) By refusing to answer player questions about game mechanics and such, some people have used ShowEQ to get real answers to these questions, such as how the experience system works and such.
And its simply an RE job on the datastream. Passive, nothing more. All it does is lets you see the REAL numbers behind the game that Verant tries to hide with handwaving and frantic knees-bent running about behavior.
The reason? They have some severe design flaws in their game, as well as a piss poor and arrogant attitude toward their player base. The only reason they are raking it in is because nobody else has such a thing on the market yet. They were stomping sites until it got moved to www.hackersquest.gomp.ch, (notice the NON-us addy?) a host site that doesnt have anyone that clicked the Verant EULA, and so far seems immune to their lawyers.
And the prog runs on a separate Linux box: using NAT/ipchains and routing the win box thru the linux box is best, but it can also put the ethX device into promisc and sniff the data. So, really, there isnt jack they can do about detecting it. They seemd to live with this until... What brought this "corporate sniffing" on is that someone took the open source and did a windows port. So every little k3w3l d00d and wannebe could use it.
Verant went into Corporate panic mode - typical of their nasty anti-gamer managerial mindset. Verant went psycho trying to stop it.
But the scariest thing is: when they polled 15,000 of their users, 83% agreed to let Verant search their HD as a precondition of playing the game!!!
What kind of sheep are these? I pity the folks who will need to depend on such weak and obedient asses who will kneel down for a compny just to be allowed to play a game that they are already paying for!
EQ players who said Yes in that poll, you should be ashamed!
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
I think it's because when someone's privacy gets threatened, they feel much more quickly capable of taking significant action, to the extent that they're willing to switch provider, give up a forum or a game they enjoy, or use alternatives (sometimes of dubious legality), in order to protect it.
In terms of the influences faced by online companies today, it seems to be quite a high priority to satisfy the privacy needs of customers, even though this is not a natural consequence of their desire to make profits, but rather caused by an obsession (healthy, in my opinion) with privacy on the part of individuals.
We've seen quite a few radical reversals of policy on the part of some very large corporations (Doubleclick or Intel for example), which would seem to imply that online consumers, as a separately identifiable group, are becoming quite powerful in their own right.
Long may it last!
Salocin.com
I think it's important to note before the standard Slashdot privacy feeding frenzy starts that Verant has done their best to act responsibly on this issue. A couple things to pay attention: The scanner in question did NOT scan registry, HD, browser history, etc. It was doing latency checks (for proxy server goofiness) and running task checks. The Verant Management has maintained a very open line of communication with their customer base, including a producer letter, EULA modifications (with explanations to the users), IRC chats with Sony lawyers, and a mandatory poll of the users asking them about allowing Verant to scan for cheating programs (80+% agreed with the scanning). Admittedly, I don't like people looking at whats going on with my computer in any way shape or form, but I'm at a loss to think of a better resolution to deal with people acting like scumbags. -Matt Burch Everquest Junkie
I run a fairly large EverQuest-related humor site, so I've been following this issue since it started (even if only to make fun of it).
What's happening here is a thorny problem where individual "privacy" headbutts with everyone's best interests.
A quick background for those not in the know, Verant Interactive produces and maintains EverQuest, a massively-multiplayer online role-playing game. Thousands of players connect to Verant-administered servers and play alongside other players in a persistent world. It's the second major-market title in the MMORPG genre started by Ultima Online.
The way these games work is centralized servers store all the state information about the virtual world. To be general, nothing is stored client-side. This is required, because unlike games like Quake, the world is persistent. An early incarnation of this type of game was Diablo. The main difference between the newer games (UO and EQ) and Diablo is that with Diablo, all your character information was stored client-side. This became a major problem for the game, as it was only a matter of time before the file formats were reverse-engineered and people started modifying their characters to be super-powered.
By storing the information server-side, this type of cheating is avoided. No matter what you do, there will always be people who want to cheat, and if the information is stored server-side, people will try to exploit the server to cheat, or will "enhance" their client software in order to give them an unfair advantage in the game. Ultima Online has had a long history of dealing with this type of problem. Many security weaknesses in the UO servers were discovered (and fixed), but at the same time, these weaknesses were exploited by people, most often to do devestating things to other players of the game.
Recently, EQ has had the same things happening to it. A program known as "Show-EQ" has been around for quite some time, which simply gives a player an unfair advantage in the game. Verant has dealt with this in a subtle manner, changing their client/server data stream every so often to set back development of the utility.
In the past couple weeks, other programs for EQ have begun to pop up, with more nefarious purposes. The EverQuest servers have been crashed on more than one occasion by these programs. This is what brought Verant to suggesting drive-scanning. It's one thing if someone is just cheating, but it's another thing completely if they're maliciously trying to crash the game.
They took their first countermeasures not too long ago, by adding a feature to the client software that scans your Windows task list and looks for these "external utilities". If it finds one, it flips a "I'm a cheater" flag on your account and you end up with a cancelled EQ account.
They proposed to extend their search to the hard drive, to see if any of these programs even exist on your system... and this is where people started to get upset.
Verant has been very open and forthcoming about the proposed changes, keeping active discussions regarding the issue on the various websites dedicated to EverQuest, offering reasoning and explantions of the scanning process, and they even required all users to answer a poll question regarding the issue on login to the game (which turned up 80%+ in favor of the scanning).
Even with the overwhelming support of the scanning by their playerbase, they responsibly decided to back down on the issue.
Now granted, what they suggested could be a huge tool for abuse and privacy intrusion, but they did not try to "sneak" it past their users in any form. What they were proposing was nothing compared to some of the things that people thought they were planning on doing (there have been some heated arguments about it the past few days).
In short, its not really that they intended to intrude on people's privacy, but that they were seeking to increase the quality of their service and actually have a way to enforce their "no cheating" rules.
Verant should be commended on their responsible handling of this entire incident, not trashed in the court of public opinion based on reports that only tell half the story, like the one posted here on Slashdot.
NO CARRIER