Concrete suggestions against bots from 10+ YoE software engineer

Hello AGS and Smilegate staff,
Hope you are doing well.

Before anyone assumes I’m talking out of my ass, I’m a software engineer with 10+ years of experience in distributed systems, and also an hobbyist game developer.

Here are some relatively low-cost-of-implementation suggestions that will make life harder for bots:

  • Build a basic in-house captcha system based on shapes / pattern recognition that is used at log-in and whenever any large amount of gold is being transferred or traded. This doesn’t have to be overly complicated, something like creating a bunch of shapes on the screen and asking the user to click N times on a particular shape. When the bots catch-up, introduce new shapes or ideas (e.g. right click, dragging shapes, etc).

  • Require 2FA with email and/or phone registration for account creation and large gold transactions. Again, this will slow down bots considerably. For the email, an in-house mail server is enough (no need for additional recurring expenses). For text messages, I’m sure Smilegate can strike a good deal with services that provide text message verification.

  • Make gold untradable until a certain bot-unfriendly milestone is reached. The milestone could be something like clearing all Tier 1 (or maybe even Tier 2) abyssal dungeons and guardians. Something that humans can do reliably well but bots will struggle with unless a lot of money and time is invested in creating more advanced AI.

All of these suggestions, when combined, will very likely make the botters’ lives much harder and less profitable. And I believe that all of these suggestions can comfortably be implemented without much engineering effort, as long as they are properly prioritized.