open All Channels
seplocked EVE Information Portal
blankseplocked New Dev Blog: CSM December Summit - Meeting minutes (Part 3of 3)
 
This thread is older than 90 days and has been locked due to inactivity.


 
Pages: first : previous : 1 [2] 3 4 5 6 7 8 9 ... : last (12)

Author Topic

Infinion
Caldari
Awesome Corp
Posted - 2011.01.15 19:44:00 - [31]
 


Regarding the future plans to improve account security, has CCP considered giving players a standalone password for account management?

Steve Thomas
Minmatar
Sebiestor Tribe
Posted - 2011.01.15 19:49:00 - [32]
 

Originally by: Evelgrivion
Originally by: Steve Thomas
Edited by: Steve Thomas on 15/01/2011 16:48:59
Edited by: Steve Thomas on 15/01/2011 16:43:42
Quote:
)


Close. I'd say it's closer to "We don't really know where we're going with this product, but it's going to be totally awesome! See how awesome it is?" The CSM didn't buy into the awesome though, and CCP slapped an NDA on the ensuing discussion. It's pretty obvious that the NDA is nothing more than a muzzle.


In all fairness I think its more like the Underpants Gnomes, I think we all know what they want to go for with EvE over the long haul.

the problem is step 2.


Steve Thomas
Minmatar
Sebiestor Tribe
Posted - 2011.01.15 19:55:00 - [33]
 

Originally by: Shepard Book
Removing jumpbridges and creating more remote 0.0 entrances is an interesting idea. I hope jump freighters get a jump range increase and carriers get a hanger size increase if this happens.

I am surprised nothing was said about black ops after such a high ranking from the vote that the CSM asked for.

Super carriers getting a nerf would make a cry to be able to park them for sure.

I like the ideas of letting small fleets ( wing or smaller ) having a bigger impact. Anything new on removing local from 0.0?
I think the idea is to either defacto totaly remove jumpdrives alltoghter or to somehow otherwise nerf them. (Ie making jump range shorter or only able to go to systems that are already linked by a jumpgate link to the system the jumpfreightor is already in)

Trebor Daehdoow
Gallente
Sane Industries Inc.
Posted - 2011.01.15 20:20:00 - [34]
 

Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.



Surely I must be misunderstanding what you are getting at there, Sreegs, because it appears that you are advocating "Security by Obscurity". Surely it must be expected that the black-hats know exactly what you are doing (to assume otherwise would be foolish, and you are no fool).

Given your statement in the minutes that you are going to prepare a devblog about general security changes, and the information disclosed at the meeting, with respect to account security and anti-hacking measures, I am reasonably confident that this is not the case.

However, with respect to anti-bot measures, I cannot be as confident. How can I possibly, for example, honestly tell the players that CCP is doing a good job fighting RMT, or botting, or whatever, when all we are told is "we are doing stuff, but we can't tell you what it is".

Several CSM members (myself included) made suggestions about possible bot detection techniques and countermeasures, but we have no idea if they have been tried (and failed), or will be tried, or will be forgotten as soon as our plane takes off from Keflavik. And we have no way of getting feedback that can help us be more helpful.

But to answer your question, one good reason you make such things public is to stimulate discussion and analysis, in the hopes that someone will make a suggestion that contains the germ of an idea that will be helpful, and just in case someone comes up with a gotcha that helps you close a loophole. I have no doubt that your upcoming devblog will stimulate such discussion.

I would hope that we will also see a devblog that provides sufficient information about CCP's anti-bot efforts to stimulate a similar discussion.

Clansworth
Good Rock Materials
Posted - 2011.01.15 20:33:00 - [35]
 

I love the talks of trying to slow logistics, thereby shrinking empires. I'm wondering if this might have too much of a stiffling effect. Bexaus of this, I wonder if there has been any furthur internal discussion of true industrial ships. There's no reason small scale production shouldn't be able to be done on indi's (badger ii's gotta have gobs of cpu for a reason). Thinking ammo and such for 'nomadic' groups.

Tidanis
Autistic Sharks
Spreadsheets Online
Posted - 2011.01.15 20:35:00 - [36]
 

If you shut down/remove jump bridges from the game it will solidify any major alliance's holdings on their space. Battles will not commence on an "invasion" scale and will be limited by smaller roams that have no purpose other than for lulz.

Unless the ability to conquer space changes this will make 0.0 very stagnant and by itself will ruin the endgame of territory disputes.

This will make the NC/IT/Russians the absolute dominant force in their area and no one will be able to invade them. They will simply park their fleets in stations on their borders, park a jump clone there with them, blamo: done. No one can get through their front door.

I'm also totally on board a cyno limiter, have it a different size, etc so you can only bridge in certain size of ships, spoolup time wouldn't be so bad either. That would allow the enemy fleet a chance to pop the cyno before 1,000's of supercaps land on field.

Please for the love of god increase the Jump Freighter range. Please please please (same with the dread, super caps need to be afraid of dreadnoughts!!!)

Also, why you are at it: make dreadnoughts better super cap killers.
Also, why you are at it: make dreadnoughts better super cap killers.
Also, why you are at it: make dreadnoughts better super cap killers.
Also, why you are at it: make dreadnoughts better super cap killers.

Copy Pasta'd for emphasis.

Clansworth
Good Rock Materials
Posted - 2011.01.15 20:43:00 - [37]
 

Shortening overall logistics range/speed will not solidify the power blocks, it will make them choose how to respond to threats, as they won't be able to traverse their blobs about in their space in minutes. The only way to maintain positive control would be to shorten those distances.

Cyaxares II
Posted - 2011.01.15 20:50:00 - [38]
 

Originally by: CCP Sreegs
Originally by: Ravcharas
This is also an issue with most anything CCP insists on NDA'ing. Exploits and botting and what have you. I get that there're things CCP wants to keep under wraps, but they cannot both have their cake and eat it. Support is built through communication.


Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.


What is the value of the many, many devblogs on lag?

Do you think knowledge of the servers' internal operation being public information is to the players' benefit?

In those cases in which players could make use of the information ("use less drakes", "don't ungroup weapons"), do you see them actually applying that extra knowledge?

So there is an argument to be made that these devblogs don't directly impact the players but cost time and effort to CCP and might lead to unwanted behavior (e.g. by improving players' knowledge of grid-fu). The player generally can't see what composite of different lag-types he is facing in a given situation and even if he knew it there wouldn't be much he could do to adapt while in battle. Essentially the devblogs leave him with "there's all this fancy stuff going on behind the scenes and I can't do anything about it - my user experience still sucks".

However, please think back to the first few weeks after the Dominion release. From what I remember players reactions generally were "CCP is incompetent", "CCP doesn't care", "fixing lag would be soooo easy (just revert to the pre-Dominion fleet code)", "RAAAAAAAAGE", "that's enough, CCP has destroyed the game - I quit", ...

Do you see a certain parallel to the current situation regarding the current botting concerns?

CCP could just have gone out and said "we'll try to fix lag asap" - which is in fact what they did.

This changed to "we'll fix lag soon(TM)", then "we have this really great fix in the works", "ahem... looks like our fix didn't yield the results we had hoped for but stay tuned for more awesomeness", "yes, we are still working on this" and finally, at some point, some smart guy (or gal) within CCP realized "we aren't going to fix this problem really soon and the community is getting pretty upset at us... our core customers are spending more time in WoT than EVE and our own sleep-deprived devs don't look really happy either".

So they came up with 2 ideas "let's write a lot of devblogs on this topic" and "let's run public mass-testings so players can do something to help us fixing this problem".

the first point was a pretty good idea.

It showed:

CCP does care (and has many different people with different areas of expertise assigned to this problem).
CCP is competent. (lots of tech-**** and complex explanations)
There is not just one problem that could be easily fixed but a combination of many different complex problems.
Your mom would not be able to fix lag but our very own MIT-genius might come up with some good ideas that go far beyond mere bugfixes.

This was a pretty good step in terms of PR as it resulted in the community forming more realistic expectations regarding the timeframe and scope of lag fixes and most importantly signaled them "CCP does listen. CCP does care. CCP does act." (basically the less romantic approach to veni, vidi, vici^^)

Cyaxares II
Posted - 2011.01.15 20:50:00 - [39]
 

Edited by: Cyaxares II on 15/01/2011 20:58:06

However, the 2nd point turned out to be a little more difficult...

Players were happy about being able to contribute.
However, doing so appeared to be complicated.
It was not clear what information was gained by CCP during the tests and how it was specifically used to reduce lag.
There were no rewards for playing bug-testers.
Why does CCP need players to perform a job that could be easily automated? (again the implication: CCP is incompetent)

after CSM intervention CCP did eventually fix these points by

Providing an automated Sisi installer/updater and improving player awareness of Sisi.
Being more open about the purpose and success/failure of the various fleet tests.
Rewarding players with nominal rewards for showing up at mass-tests.
Keep players informed about the progress made with the thin client, its applications and limitations.

However, it remains to be noted that most of these issues could have been foreseen (and preemptively fixed), if CCP had taken the lesson from the initial complaints seriously and applied it to the mass-tests without waiting for a negative community reaction first.

Within the next few months CCP will have to release at least one devblog on the concept, feasibility and limitations of dynamic load balancing (the blog on specialized nodes could already been seen as a build-up to that) or we will go through the same cycle once again as "Use the fleet fight report form or STFU" won't be a satisfactory answer to the community forever.

So what's the point of me retelling you the actions of your own company?

Well, a different group of people in CCP already faced a problem that is roughly similar in terms of elusiveness and complexity.

They tried with the "trust us that we are working on this; we will tell you once we have fixed the issue - please shut up until then" approach which failed spectacularly and affected the relation to its customers/community very negatively.
(but which might be excusable by them initially underestimating the complexity of the problem themselves)

They learned a couple of lessons from this failure and implemented changes - the two most important of which can IMO be summed up as "make the customer feel in control of the problem" (mass-testing) and "if the customer cannot be in control make him at least aware of what's going on behind the scenes" (both in terms of technological details of the problems and CCP's efforts to fight that problem).

Unsurprisingly enough the customers will even feel better about a problem when they have read a devblog that most of them don't fully understand because it's way too technical.


Give users a "report bot" button (to make them feel in control) and couple of devblogs on advanced detection schemes + statistics on the impact of botting & RMT on the game (to make them feel in control of you :P / keep them informed of the parts they cannot control and only guess about)

And ask Team Gridlock to provide a "Lessons learned: customer-relationship management" document to the rest of your company.

(There can also be more specific arguments be made such as about fostering a more understanding attitude towards false positives, ...)

Cyaxares II
Posted - 2011.01.15 20:59:00 - [40]
 

so in conclusion: sometimes "the customer really WANTs to know" is reason enough.

Tidanis
Autistic Sharks
Spreadsheets Online
Posted - 2011.01.15 21:04:00 - [41]
 

Originally by: Clansworth
Shortening overall logistics range/speed will not solidify the power blocks, it will make them choose how to respond to threats, as they won't be able to traverse their blobs about in their space in minutes. The only way to maintain positive control would be to shorten those distances.


I disagree. Someone will push into their space, that alliance will happily move their entire force and wall off. Nothing will happen.

The reality is that the NC, DekCo, IT, and Russians have thousands of people to support a war. Shortening logistics by removing jump bridges will hurt attackers more than defenders.

Ravcharas
GREY COUNCIL
Nulli Secunda
Posted - 2011.01.15 21:05:00 - [42]
 

Originally by: CCP Sreegs
Originally by: Ravcharas

I'm not saying the players need to now specific counter-hacking/botting methodologies. What I'm saying is that maybe you guys have erred on the safe side a little too often, especially concerning Incarna. Which is totally understandable, by the way, but no less annoying to see.


My apologies then I thought you were referring specifically to the security-type redaction. I'm not in the Incarna department so I'll toss you a hi five and ride off into the sunset.

hi five, rock n roll all night, all right!

On a totally unrelated note though, I was a little bit disappointed in seeing no mention of the tech moon imbalance. Or am I just blind?

PC l0adletter
Posted - 2011.01.15 21:06:00 - [43]
 

Originally by: CCP Sreegs
Originally by: Ravcharas


This is also an issue with most anything CCP insists on NDA'ing. Exploits and botting and what have you. I get that there're things CCP wants to keep under wraps, but they cannot both have their cake and eat it. Support is built through communication.


Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.



I'll bite --

I think there is a widespread perception that botting is rampant in this game and that little to nothing is being done to stop it.

I think that perception dissuades legitimate gameplay. You'd have to be a big sucker or an idiot to mine ice manually, right? To say nothing of how boring and low-wage it is (the latter, of course, being both a cause and an effect of botting that is self-reinforcing).

I think CCP's communications to the playerbase to date reinforce these perceptions (especially GM Grimmi's blog).

Personally, I'm less interested in methodologies than detailed progress. Realize that I'm coming from a perspective of skepticism: I don't think you take it seriously, because I think most botters are subscribers who are not paying with stolen credit cards (duh they all use plex/gtc)or even RMTing. I think people bot because lots of current gameplay is repetitive and boring and hasn't been touched in years, and I think CCP is happy to take their money even at the expense of the long-term health of the game because they're cash-crunched and desperate to get WoD and/or DUST out the door.

If you wanted to dissuade a skeptic such as myself, I would find the following data informative and/or convincing:

Bot Type #warnings+tempbans #permabans
Nullsec BeltRatting
Nullsec CAs
Ice Mining
Asteroid Mining
PI
Courier Missions
Other Missions
Market
??other?

Per month. I would further break it down by account age (< 1 month, <6 months, <2y, >2y), because I suspect that many, many bans are of <1 month old characters for spamming goldselling websites in Jita. Just for grins you could also throw in some #s on the isk left on these accounts when they're banned.

And, to turn your question around: Let's say you published something like the above chart. Hell, turn it into a monthly report to the playerbase -- someone should already be preparing similar information for internal consumption, right? What does this tell botters that they don't already know? How would it reduce the effectiveness of your enforcement operations?

I can't see that it would. It might be embarrassing if, say, you banned 3 courier bots last month, because everyone knows there are way more in operation, but if anything having that pointed out would draw attention to the problem and allow the relevant people to focus on addressing it. If enforcement were showed to be strong and effective, as through such numbers, I think they'd serve a deterrent effect and reinforce the meritocracy of the gameplay environment to which many players are strongly attached (see, also, microtransactions feedback).

Anyways, always happy to provide an alternate viewpoint, HTH

trjcquee
Posted - 2011.01.15 21:26:00 - [44]
 

Edited by: trjcquee on 15/01/2011 21:42:20
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.


Re. bots, I think people would like to have some feedback on how seriously CCP investigates accusations of botting. The actual methods you use to evaluate and catch botters are not the issue. I reported 3 dozen suspected bots a couple of months ago. Were they bots? Did CCP ban them? Without some sort of feedback I don't know if my effort to petition them was worth it, and I haven't bothered petitioning dozens more since then because I don't like wasting my time. How about some monthly statistics along the lines of number of bots petitioned vs the number investigated by CCP vs the number of accounts banned as a result?

When a buddy of mine gets his wallet submerged into the red because he bought isk as a noob over 2 years ago, yet incredible botting activity by virtually every large alliance in the game goes unchecked..... it's kind of a kick in the ass.

It's not that we want to know specific methodologies (which should be kept secret), what we want to know is whether you're doing anything at all about the biggest offenders. The consensus here and elsewhere (mostly elsewhere) seems to be "CCP doesn't really care about bots". The evidence is overwhelming that that's the case, and that fact appears to be what the iron-fisted NDA is designed to hide.

Destination SkillQueue
Are We There Yet
Posted - 2011.01.15 21:51:00 - [45]
 

Edited by: Destination SkillQueue on 15/01/2011 21:52:15
Originally by: Cyaxares II
Awesome posts.


After all the problems and PR issues EVE and CCP has endured over the years, it is somewhat disheartening that someone still has to explain the obvious to CCP again and again.

These kind of problems aren't just technical issues for your engineers to solve. They also always include the releationship with CCP and it's customers, and that relationship has to be managed along with the actual technical problem. Often the strain in that relationship is the worse immediate problem and needs to be dealt with, instead of just being ignored and thought of as an unrelated issue. This is where info and facts about CCP's efforts and difficulties in dealing with the issue will help immensely.

BeanBagKing
Terra Incognita
Intrepid Crossing
Posted - 2011.01.15 22:18:00 - [46]
 

Couple more replies...

First, what everyone else has already said about the NDA stuff. With regards to bots; we understand you don't want to release details on the specific technology and methods used to catch bots, and that's fine. However, the player perception currently is that CCP doesn't care about bots because they pay the bills too. IMO, if in fact CCP does care about the bots, showing statistics to this effect (X number of players banned for botting, Y number of those were a direct result of player petition, etc, this has been touched on above) would discourage players from trying to bot. While letting players continue with the perception that you don't care about botting would have the impact of a greater number of players trying it. tl;dr if you really hate bots so much, and really take such strong action against it, show this.

Now, I don't think botting was the original issue, it was the Incarna features we haven't seen or heard about. While it's understandable that you want to keep some stuff in the dark, we have virtually no reason to be excited about it. We know CCP has put significant effort and time into it, instead of our beloved spaceships, over the years, and I think there is a great fear that this is wasted time. If we were seeing some gameplay footage, or hearing about awesome features and things you can do, the top priority items that will defiantly make it in, then we could sit back and say "ok, things are going smooth". As it stands there is a concern that outwardly CCP is saying that everything is great, but behind the scenes there's 10 interns running around going OMGOMGOMG It still won't let you exit your capsule without crashing! Much less the pretty features we've all been told to expect.

Now, not saying this is true, just that players are evil, greedy little creatures, which must be fed with tangable objects such as screens, bulleted lists of features, and pretty graphs in order to be satisfied Smile

On to the cyno thing! I think it's been suggested before, perhaps by a dev, though feel free to call me a lair because I couldn't tell you where, that cyno's range should be shortened drastically, but the counter balance would be that certain ships could simply lock onto a system anywhere in their range to jump to. This would balance out the need to have cyno alts/allies in every other system. For example if jump range was reduced from 5 ly's to 1 ly, you would need 5 times as many cyno pilots to travel the same distance. That would be really annoying to coordinate. However, if you could just lock onto systems themselves, or maybe a specific planet/moon to come out near, it would still take the same amount of time and fuel to travel that 5 jumps, but the need to have an alt or trusted corpmate in 5 systems wouldn't be there. Just a suggestion...

CCP Sreegs

Posted - 2011.01.15 22:40:00 - [47]
 

Originally by: trjcquee
Edited by: trjcquee on 15/01/2011 21:42:20
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.


Re. bots, I think people would like to have some feedback on how seriously CCP investigates accusations of botting. The actual methods you use to evaluate and catch botters are not the issue. I reported 3 dozen suspected bots a couple of months ago. Were they bots? Did CCP ban them? Without some sort of feedback I don't know if my effort to petition them was worth it, and I haven't bothered petitioning dozens more since then because I don't like wasting my time. How about some monthly statistics along the lines of number of bots petitioned vs the number investigated by CCP vs the number of accounts banned as a result?

When a buddy of mine gets his wallet submerged into the red because he bought isk as a noob over 2 years ago, yet incredible botting activity by virtually every large alliance in the game goes unchecked..... it's kind of a kick in the ass.

It's not that we want to know specific methodologies (which should be kept secret), what we want to know is whether you're doing anything at all about the biggest offenders. The consensus here and elsewhere (mostly elsewhere) seems to be "CCP doesn't really care about bots". The evidence is overwhelming that that's the case, and that fact appears to be what the iron-fisted NDA is designed to hide.


I apologize for not addressing every single post on this subject. I'll do my best but there's a lot of text to sort through. Firstly to address Trebor's "Security by obscurity" mention. This is a term that has a very specific meaning that is often overused or used in an incorrect context. An example of Security By Obscurity would be one where you create an administrative interface for a store. Instead of wrapping security around the administrative interface you decide to stick it in a subfolder called /supersecretadminland/. Accessing that subfolder grants access. Your SOLE basis of securing your application in this context is the presumption that nobody will find it. This is the definition of Security by Obscurity.

This does not mean that from a security perspective you should be laying all of your cards face up on the table. That would be silly. What this means is that your methodology should be sound enough that you're not simply relying on people's ignorance to keep your jewels safe. I don't think it should be misinterpreted as an open call to publish your procedures on the internet.

My question was of an academic nature really. I am merely a bit curious about the underlying motivation people have for asking the questions because it will help us frame our responses. While we cannot always lay all of our cards out on the table, we can come up with ways to communicate information sensibly that shows results. So what I was looking for really was the type of information regarding these things that you as players would find of value.

What I can say in this post is that a great deal of my own time is spent on this subject, as well as the time of many others. Every petition to my knowledge gets investigated. Every email to the security inbox is read and actioned on and a great deal of things are actioned on for which no individual player initiated a request. I've seen your requests for information and would really like to know more about what would be of value to you, such as the examples quoted. I think it helps us to see where we're missing the mark in this regard from your perspectives.

CCP Sreegs

Posted - 2011.01.15 22:41:00 - [48]
 

Originally by: Infinion

Regarding the future plans to improve account security, has CCP considered giving players a standalone password for account management?


I'm assuming you're referring to having a separate password for account management? I don't quite get the question and I don't want to try to answer it if I don't understand what you're asking.

Iraherag
Posted - 2011.01.15 23:10:00 - [49]
 

Originally by: CCP Sreegs
Originally by: trjcquee
Edited by: trjcquee on 15/01/2011 21:42:20
Originally by: CCP Sreegs
Just out of honest curiosity, what positive outcome do you think would come from detailing specific counter-hacking/botting methodologies? What would you gain from this knowledge personally? I understand that you WANT to know things, but I'm having a hard time wrapping my head around how some knowledge being public information would be to anyone's benefit and I'd like to hear an alternative viewpoint.


Re. bots, I think people would like to have some feedback on how seriously CCP investigates accusations of botting. The actual methods you use to evaluate and catch botters are not the issue. I reported 3 dozen suspected bots a couple of months ago. Were they bots? Did CCP ban them? Without some sort of feedback I don't know if my effort to petition them was worth it, and I haven't bothered petitioning dozens more since then because I don't like wasting my time. How about some monthly statistics along the lines of number of bots petitioned vs the number investigated by CCP vs the number of accounts banned as a result?

When a buddy of mine gets his wallet submerged into the red because he bought isk as a noob over 2 years ago, yet incredible botting activity by virtually every large alliance in the game goes unchecked..... it's kind of a kick in the ass.

It's not that we want to know specific methodologies (which should be kept secret), what we want to know is whether you're doing anything at all about the biggest offenders. The consensus here and elsewhere (mostly elsewhere) seems to be "CCP doesn't really care about bots". The evidence is overwhelming that that's the case, and that fact appears to be what the iron-fisted NDA is designed to hide.


...

What I can say in this post is that a great deal of my own time is spent on this subject, as well as the time of many others. Every petition to my knowledge gets investigated. Every email to the security inbox is read and actioned on and a great deal of things are actioned on for which no individual player initiated a request. I've seen your requests for information and would really like to know more about what would be of value to you, such as the examples quoted. I think it helps us to see where we're missing the mark in this regard from your perspectives.


Well if you don't want to share the HOW (the methodologies) how about the WHAT?
What kind of security issues / loopholes / common tactics are you addressing?


Compare that to a PC: you don't have to say which software you actually use to protect your privacy, but you can still say "I have a firewall, anti-virus, and popup-blocker for my browser; but I don't use a spyware finder or an anonymous proxy". That's not going to help anyone to attack you specifically but still gives an idea about what's going on.

Imagine there is a risk for theft at your work place and actually things get stolen from time to time. Would you be content with your boss saying "We know it's happening and we're doing something. We won't tell you how, because you would gain nothing from knowing that" or would you rather have him say "We'll have a security guard, new eletronic locks and video surveillance" (and wouldn't really care to know how many different people will patrol the office(s) at which intervals anyway)?

Venkul Mul
Gallente
Posted - 2011.01.15 23:11:00 - [50]
 

Originally by: PC l0adletter

If you wanted to dissuade a skeptic such as myself, I would find the following data informative and/or convincing:

Bot Type #warnings+tempbans #permabans
Nullsec BeltRatting
Nullsec CAs
Ice Mining
Asteroid Mining
PI
Courier Missions
Other Missions
Market
??other?

Per month. I would further break it down by account age (< 1 month, <6 months, <2y, >2y), because I suspect that many, many bans are of <1 month old characters for spamming goldselling websites in Jita. Just for grins you could also throw in some #s on the isk left on these accounts when they're banned.

And, to turn your question around: Let's say you published something like the above chart. Hell, turn it into a monthly report to the playerbase -- someone should already be preparing similar information for internal consumption, right? What does this tell botters that they don't already know? How would it reduce the effectiveness of your enforcement operations?



"What does this tell botters that they don't already know?"

1) CCP has banned 200 courier bots - 70 where in my RMT organization, so almost 1/3 - on the other hand we still have 200 undetected courier bots - what is the difference?

2) 1.000 mining bots banned - none of ours this month - change XY worked - we can apply it to other bots?

3) 1.000 mining bots banned - ours are still undetected, time to activate another 3.000 mining accounts as the other producers are in trouble

4) 0 mission bot banned - none of ours, none from other guys - they work very well, we should produce more

Even by bare numbers the people in RMT can glean some information.






Couvette Elfin
Posted - 2011.01.15 23:11:00 - [51]
 

Personally, my thanks to the CSM team and CCP for keeping the communication open.

Regardless if the CSM meeting minutes could lead to some heated debates, the fact that both of you are working together and informing the eve community is admirable.

Please keep working with the same passion and fervor as you have showed so far.

Trebor Daehdoow
Gallente
Sane Industries Inc.
Posted - 2011.01.15 23:19:00 - [52]
 

Originally by: CCP Sreegs
[Firstly to address Trebor's "Security by obscurity" mention. This is a term that has a very specific meaning that is often overused or used in an incorrect context. An example of Security By Obscurity would be one where you create an administrative interface for a store. Instead of wrapping security around the administrative interface you decide to stick it in a subfolder called /supersecretadminland/. Accessing that subfolder grants access. Your SOLE basis of securing your application in this context is the presumption that nobody will find it. This is the definition of Security by Obscurity.


I must beg to differ; you are construing the term much more narrowly than is the case in actual practice. Security by Obscurity is defined, on Wikipedia for example, as "a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security"

For example, attempting to keep the details of an encryption algorithm secret would be Security By Obscurity. A black box, whether it is an encryption algorithm or a suite of bot-detection techniques, cannot be relied upon by third parties -- there is simply insufficient information to make a reasonable judgment on the matter.

Originally by: CCP Sreegs
I don't think it should be misinterpreted as an open call to publish your procedures on the internet.


As with all things, there is a cost-benefit calculation that needs to be made. You have to balance the possible benefit (that white-hats will point out flaws in, and improvements to, your procedures) vs. the possible cost (that a black-hat will discover a flaw that he would not have discovered without your disclosure, and that the white-hats don't point out in time). So I will not take an absolutist position here.

Regarding your presentation to CSM, while there were probably a few things I would have liked more details on, even in the absence of your promised devblog(s), I would feel reasonably comfortable telling the players "Sreegs is working on some useful, non-braindead improvements to security". And wanting to be able to comfortably say that is part of being a CSM, and is good for CCP.

Dal Deinvisu
hirr
Morsus Mihi
Posted - 2011.01.15 23:24:00 - [53]
 

Edited by: Dal Deinvisu on 15/01/2011 23:25:35
Removing jump bridges doesn't make sense to me. Military upgrades are convenient, but when thinking about holding Sov I expect something actually worthwhile. Removing the logistical advantage of claiming space is bad; without it Sov space (that you pay for!) is no better than NPC space you can build supercapitals in.

Jump Bridges should be nerfed so they can't be used as fast deployment corridors, but removing them would not improve the game.

Battleship sized cynos, however? That would be an awesome change. :D

Iraherag
Posted - 2011.01.15 23:26:00 - [54]
 

Originally by: Cyaxares II
However, it remains to be noted that most of these issues could have been foreseen (and preemptively fixed), if CCP had taken the lesson from the initial complaints seriously and applied it to the mass-tests without waiting for a negative community reaction first.


You could pretty much replace "mass-tests" with a lot of other things and it would still be true.
It seems to be a recurring pattern.

Almost like asking someone if something will work, getting a "No", thinking "I'll try anyway" and realizing "DOH, didn't work!?!"
It sounds funny but actually it's weird.

Bel Amar
Amarr
Sudden Buggery
Situation: Normal
Posted - 2011.01.15 23:27:00 - [55]
 

Originally by: Clansworth
I love the talks of trying to slow logistics, thereby shrinking empires. I'm wondering if this might have too much of a stiffling effect.


If the end result is that logistics are slowed, so it's simply harder to get stuff in null sec, it will have a stifling effect.

If the net result is that alliances have to work at building and maintaining infrastructure to locally develop the goods they have lost with increased logistical requirements, and the infrastructure that allows this is open to disruption from others, then you won't have stifling. Give them the ability to replace what they have lost, but require effort, and open it to disruption. It then becomes fun :)

Astomichi
Posted - 2011.01.15 23:32:00 - [56]
 

Originally by: CCP Sreegs
I've seen your requests for information and would really like to know more about what would be of value to you, such as the examples quoted. I think it helps us to see where we're missing the mark in this regard from your perspectives.


Players want the numbers for the same reason CCP does not want to release them - because it would show beyond a shadow of a doubt just how incompetent, or more accurately, apathetic CCP is with regards to the botting problem.

As any long-time 0.0 resident with an understanding of the current scale of botting operations could tell you, CCP is doing next to nothing. They will only persecute bots that use too many server resources (see: Unholy Rage). All the well-behaved bots are left entirely alone.

The truth is, CCP's long inaction has now left them stuck. Imagine walking into the next CCP stakeholders meeting and explaining why you voluntarily slashed your revenue stream by 5%+ (and thus your profits by a significantly larger percentage). Money always speaks loudest, and until there's a very compelling reason not to, CCP will continue turning a blind eye to botting as long as the botters continue buying PLEX every month.

The current state of affairs will continue until the non-botting playerbase makes it very clear to CCP that the long-term costs of condoning this game-breaking state of affairs will be much higher than the massive, one-time revenue hit of fixing the problem.



I could be wrong about the above, but CCP would to have to release some very convincing data and arguments to convince me. Their long silence in the face of repeated questioning and evidence presented by the players confirms their complicity.

Kazuo Ishiguro
House of Marbles
Posted - 2011.01.16 00:12:00 - [57]
 

Originally by: Trebor Daehdoow
Originally by: CCP Sreegs
I don't think it should be misinterpreted as an open call to publish your procedures on the internet.


As with all things, there is a cost-benefit calculation that needs to be made. You have to balance the possible benefit (that white-hats will point out flaws in, and improvements to, your procedures) vs. the possible cost (that a black-hat will discover a flaw that he would not have discovered without your disclosure, and that the white-hats don't point out in time). So I will not take an absolutist position here.


Ideally, your procedures should be sufficiently robust that it makes no difference whether you publish them or not. Google appears to have managed this with the copyright protection algorithms it developed for youtube, for example.

Without the resources of google, I suspect it would be preferable to pursue this goal through making it harder to obtain large amounts of isk via any easily repeatable means. Has CCP ever considered placing a cap on the overall income from missions that a player can accept in a given time frame?

In the context of the market, I don't think anyone actually enjoys the 0.01 isk game, which is far more repetitive than it needs to be. Two things would help immensely - dynamically adjusted minimum order price increments, and self-updating orders that follow simple player-defined scripts, i.e. levelling the playing field. The additional load could be borne by dedicated nodes if necessary.

CCP Sreegs

Posted - 2011.01.16 00:20:00 - [58]
 

Originally by: Trebor Daehdoow


I must beg to differ; you are construing the term much more narrowly than is the case in actual practice. Security by Obscurity is defined, on Wikipedia for example, as "a principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to provide security"

For example, attempting to keep the details of an encryption algorithm secret would be Security By Obscurity. A black box, whether it is an encryption algorithm or a suite of bot-detection techniques, cannot be relied upon by third parties -- there is simply insufficient information to make a reasonable judgment on the matter.




I'm pretty sure we're saying the same thing here, though I did oversimplify the explanation. Without turning this into a giant dialogue where we speak in circles I'll say that you are definitely correct that there's a balance that needs to be struck in communicating these things and a lot that has to be taken into consideration. One of those things is determining how to communicate a complex issue. Saying "We have mechanisms in place to detect bad activity" would certainly appear to be overbroad (as well as obvious). However, it is also unlike a cryptographic algorithm in that these things are by nature in a constant state of change. "Signatures" have the capability of changing multiple times per day and don't lend themselves to the kind of peer review we're discussing here. As patterns are determined and actions are taken tactics change.

The blog will be posted as soon as I can finish it, and there's another one in the pipeline already for after that with a third growing. I'm glad you found the session useful. Aside from the feedback already solicited I can say that we do take botting and attempts at client manipulation very seriously. We do not want them in Eve and we action against unallowed activity pretty much 24/7. There's no grand conspiracy here to secretly allow violations of the rules. Were that the case it would probably be simpler and more cost effective to merely get rid of the rules. The reason I requested information about what you guys would like to hear is because I think it's obvious that there's a disconnect there between what's being done and the perception of what's being done and I want to make sure that when we address it we're addressing what you actually want to know rather than what we think you want to know.

Aylara
Posted - 2011.01.16 00:33:00 - [59]
 

\o/, yey finally no more jump bridges! This means more PVP opportunities, especially on the small scale!

PC l0adletter
Posted - 2011.01.16 00:33:00 - [60]
 

Originally by: Venkul Mul
Originally by: PC l0adletter

If you wanted to dissuade a skeptic such as myself, I would find the following data informative and/or convincing:

Bot Type #warnings+tempbans #permabans
Nullsec BeltRatting
Nullsec CAs
Ice Mining
Asteroid Mining
PI
Courier Missions
Other Missions
Market
??other?

Per month. I would further break it down by account age (< 1 month, <6 months, <2y, >2y), because I suspect that many, many bans are of <1 month old characters for spamming goldselling websites in Jita. Just for grins you could also throw in some #s on the isk left on these accounts when they're banned.

And, to turn your question around: Let's say you published something like the above chart. Hell, turn it into a monthly report to the playerbase -- someone should already be preparing similar information for internal consumption, right? What does this tell botters that they don't already know? How would it reduce the effectiveness of your enforcement operations?



"What does this tell botters that they don't already know?"



I should add to the pertinent question "what does it tell them of value that they don't already know"

Originally by: Venkul Mul

1) CCP has banned 200 courier bots - 70 where in my RMT organization, so almost 1/3 - on the other hand we still have 200 undetected courier bots - what is the difference?



So, to be clear, the botter already knows he has 70 bots that got banned and 200 that did not. He knows this without being told because they belong to him. The only new information is that 130 bots not belonging to him got banned. What's he gonna do with this info? I don't get your point.

Originally by: Venkul Mul

2) 1.000 mining bots banned - none of ours this month - change XY worked - we can apply it to other bots?



Again, the botter already knows that none of his bots were banned this month, because you can't ban one of his accounts without him knowing it. So, he already knows that change xy worked...

Originally by: Venkul Mul

3) 1.000 mining bots banned - ours are still undetected, time to activate another 3.000 mining accounts as the other producers are in trouble


Isn't this the same as #2? Some bots are being banned, but not mine, so i'm doing something right and should scale it up?

Originally by: Venkul Mul

4) 0 mission bot banned - none of ours, none from other guys - they work very well, we should produce more


They already know if none of their bots are banned. This is not new information.

You should also realize that there are sites where botters discuss this sort of stuff, so the bad guys already have a vague sense of things like "nobody is being banned for this" or "lots of highsec miners were recently banned" or whatever.

And, to reiterate, the reason players want these numbers is because we don't believe meaningful action is being taken (for reasons that have been thoroughly discussed elsewhere).


Pages: first : previous : 1 [2] 3 4 5 6 7 8 9 ... : last (12)

This thread is older than 90 days and has been locked due to inactivity.


 


The new forums are live

Please adjust your bookmarks to https://forums.eveonline.com

These forums are archived and read-only