How to Prevent Bots - A Standford Approach

Dear AGS,

The game’s current state compels us to do something to solve the current bot crisis or risk heading towards ruin. Unfortunately, server queues are in the thousands, and although you did try to do something like blocking VPN connections, that is akin to a double-edged sword.

The folks at Standford had published something which I firmly believe can solve the problem. Here is the link to the paper: https://crypto.stanford.edu/~pgolle/papers/nobot.pdf

In summary, I find the part about issuing physical Captcha tokens extremely viable. Players link their accounts to the tokens and are given random codes to solve at random timings and when playing the game. Although this can be disruptive, we can limit the use only when you are doing non-raid or non-PVP activities etc. Of course, much thought has to be given to operationalising this, but I think with the bright minds at AGS, we can certainly see it being pushed through.

To my fellow players, please give this post some engagement so we can garner the attention of whoever can make a difference.

Sincerely
Velik

2 Likes

Anything like that will require more significant programming work by Smilegate – Smilegate handles that, not Amazon – and that makes it both doubtful that it would happen, and, even if it did, likely that it would be very slow to come along, since it is not in the already planned stream of work they are already doing on the game. So it would be something that would, even if they decided to take that approach literally ten minutes from now, take months and months for them to implement. And I don’t think they would bother to do it, to be honest.

This is why the kinds of fixes we see are easier tweaks – turning things on and off, relying on Steam things, and that sort of thing – which can be done easily and without much incremental
(that is, currently unplanned and therefore unstaffed) programming or design work at all.

Someone else already brought up Captcha in another thread. Captcha has been used successfully in other games in a similar way to what you’re describing…except not physically. What you’re referencing here is essentially something similar to a Blizzard Authenticator.

Problem is, those types of things were done away with because it requires the player to buy the physical device, which can easily become lost or damaged. I think that this would be acceptable for a subscription based game because the game company could eat the cost based on the subscription fees, but it’s really not acceptable for a F2P game…because it would no longer be F2P, in which case they’d have to remove a large amount of the P2W mechanics to justify the shift…and that would cause them to lose a significant amount of revenue.

Year, probably more like a year or more. We’re not just talking about development time, we’re also talking about securing semiconductors from Taiwan, securing a manufacturing facility, design of the physical device, etc, etc, etc.

Not to mention the fact that the sheer amount of money that would have to go into this kind of system is upwards of a few million dollars at minimum.

Who uses physical device authenticators anymore? I bought one for wow back in like 2007 for the Ragnaros pet, or was it the molten hound one, I forget.

Either way, mobile authenticators have all but eliminated any need for an additional physical keyfob or similar type device for 2fa

Edit: I really wanted to find my old authenticators Lolol can you believe they still work?

1 Like

I can, actually. They most likely contain Lithium-Ion battery cells, similar to what you would find in a watch…and since they’re not active very often they use a minimal amount of juice.

But yeah, most people stopped using them as soon as the mobile app came out.

I suppose it’s possible they could use a mobile app in place of a physical token, since it would require a person with a phone…but I also imagine such software could be reverse engineered and emulated, so it probably wouldn’t work.

I didn’t think the game would fail but if the botting issue is not addressed the game is certain to fail. I really don’t believe AGS and Smilegate realise the extent of the problem or the seriousness of it. Their lack of communication on the matter suggests they don’t take it serious enough. I also think a lot of players don’t realise the damage it is doing to the game or are oblivious to it. Whatever they do now will take weeks and/or months to implement. Unfortunately by that time it will have damaged the games reputation beyond repair and may be too late. I actually think it’s so disruptive they would be better to halt the games roadmap and rollout until some solution is implemented to significantly reduce botting activity. I really enjoy the game and I hope I’m wrong.

While the lack of communication might leave things to be desired for some people, I also really don’t see a way to win here.

If they give out specific info, that runs the risk of making whatever solution they come up with worthless when it’s implemented. They just say they’re working on it (which CMs already are doing that) and people feel like it’s all talk and nothing to back it up. They say nothing and people drive each up into a frenzy over the silence.

Having SGR specifically communicate it doesn’t mean anything either, it still faces the same issues.

In-game GMs.

If amazon wants to fix the bot issue, just link the in game accounts to amazon store accounts. The information is already there and verified. No need for double work

The game should be fun. Imagine how annoying this “fix” is.