I note how you only reposted my comments, instead of the ones that they were replying to, which were part of the discussion. Did you become a forum moderator when we weren't looking?
because things went wild twice when you raised "key replication in quantum capsules" and "terrorist watchlist" theories.
As you have mentioned you were familiar with Trusted Reporters. Then you definitely knows that spoofers got and share keys of remote limited access portals very easily and this is a major problem as well. Comparing with that, "key replication in QC" problem which you raised first is not worth mentioning at all and is never a problem, when the general topic is about anti-cheating.
Removing limited-access portals won't stop spoofing to any extent. Spoofers just turn to portals difficult to reach (less difficult than limited access ones but still) and mess around as previously. "It's because the existence of limited access portals that we start cheating" is a classic fallacy that distracts the topic.
Spoofers spoof not start out of frustration. It's out of the fact that they can and they were not effectively detected and severly punished.
Remember that many of these spoofer actions are paid for, by frustrated people. And others once they get past their frustration, decide to "get even" or "since everyone is playing like that I will to", because they assume that a possibly legit player is spoofing.
The current assumption in many communities right now is "If it's hard to do, it must be spoofing". It's a bad mindset that leads to people normalizing spoofing and therefore deciding "If they can do it, I can do it".
While the account you mentioned at one point, playing for 24hrs, is likely a spoofer, and I even have one my local area that won't be destroyed, I know from my experience with TR's, that there are a lot of wild accusations that can easily be disproven, or are flimsy enough to be ignored.
If you learn what the motives of spoofers are, you can better lobby to adjust the game itself, so that people aren't incentivized by frustration or "getting even", to curb spoofing back to the more egregious actors, leaving most regions free of the scourge.
If you want to just have a sulk-party about how you know better, and NIA Ops doesn't work at all, doing it front and center of the Support team probably isn't going to win you any friends.
While we are here arguing for infinitely extending thesis, professional spoofers are watching, eating popcorns and laughing because they didn't expect that there are normal people trying to understand them and though unintended but de facto adding barriers to anti-spoofers.
Allow me to tell you (or remind you of, as you are familiar with) about how some ENL players are cheating in Shanghai (I could say that because I've banned some sub-accounts of them): they record the movement during their daily route, optimized the route files and then launch those routes virtually. That's what we call professional spoofers who appear to be just normal or hardcode players on the face but collapse when we dive deep into trivial details of their actions.
Professional spoofers are happy when normal players criticize not-many reporters of lack of empathy, mindset and too termagancy. Professional spoofers are also cheerful when normal players force not-many reporters to give up on all beyond-log documents and prove that they were spoofing by referring to COMM logs only which is extremely hard, but not impossible if someone from Niantic really takes time looking into it which is a previous and rare chance that reporters look for.
Endless barries to anti-spoofing are what I feel from your replies, if not intended by you. "Understand the enemy" never helps. It's "Help the reporters" does. And "You might be just overreacting like many communities" makes the matter worse.
You missed the context. I'm not excusing any spoofers. I've spent years working to remove them in the areas I've lived, as well as work with others to find ways to expose them. If you cheat, you should be banned.
But people constantly telling NIA Ops that they're bad at their job is also not going to help matters any. All it will do, is convince them it's not worth listening to.
Understanding why people spoof, even the ones who play simply to troll people like you, are doing so "for a reason". That reason might be as simple as "It's fun when they post on the forums in frustration." or "I just can't be bothered going outside.". Or it might be that they've had to face someone over and over again, who has overwhelming advantages, like the Pony Riders constant fields over Salt Lake City that created at least one opposition spoofer (until they got banned).
But accusing another agent of cheating is a serious charge, and there are a lot of areas who now use it as their 'go to' for any time they don't like the opposition play.
And unfortunately, what this results in, is a massive load of unnecessary work for Niantic, meaning that they don't have free resources to go after the real spoofers like your 24hr player, or the bot nurseries in Lithuania, or the P8 farms in inaccessible monasteries in Romania.
I want every spoofer gone as much as you do. But I know from past experience, that there are as many invalid reports of spoofers, as there are valid ones. From their own stats Niantic is banning 20% of reports. Even if you think that they're under-banning by a margin, there's a lot of reports that are unfounded.
And also, Ingress players are capable of some almost inhuman feats sometimes. I've been constantly surprised by what people did 100% legitimately.
It was a serious charge. It's not currently because with the help of BOT tools a L10 account could be established within 3 hours. Cheaters could pile you up with endless sub-accounts which drains you up easily if political correctness is required individually.
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
And make players like me who submit concised and effective reports often the real "Trusted reporters" (not Trusted Reviewers who are named as TR) with high-priority of revisions, free from useless automatic replies.
Problem solved, isn't it? It's just Niantic don't want to spend mandays on adding such additonal anti-spoofing layer, probably there are already not many players and player base shrinking annually, resulting in us anti-spoofers desperate and tired, looking for justice in an environment that does not care about justice that much as previous years.
For the time being, automatic replies from general customer support lines make us, who think of ourselves as the one help to build a better game, feel like we are not appreciated and thanked at all and instead we are probably seen by Niantic as someone who are trying to block Niantic from getting more revenue from some sub-accounts, though flying, may potentially make contributions to the revenue. Perhaps it's us being the problem now.
I'm not aiming at you, while I'm saying what I feel about current situation of Ingress anti-spoofing. Not to mention other cheating including multi accounts that are rarely punished.
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
I am 100% behind this concept and have said so before, as long as it's tempered by the reality that scanning portals isn't always feasible at any given time. Allowing multiple chances is far better, though likely it will localize spoofing, such that people will have an opportunity occasionally to go out and trigger the scan.
It's just Niantic don't want to spend mandays on adding such additonal anti-spoofing layer, probably there are already not many players and player base shrinking annually, resulting in us anti-spoofers desperate and tired, looking for justice in an environment that does not care about justice that much as previous years.
The "Ingress team" distinct from "Niantic" in terms of revenue doesn't have the money to dedicate development time. Unfortunately, spoofing isn't seen as as much of an issue in Pokemon Go. It's far more rampant, but it doesn't have the same impact, so there isn't the same impetus to spend the resources on fixing it.
If PoGo took the time to 'fix' spoofing, Ingress would get those fixes almost automatically.
Delay can be kept fairly short I think. Even in low data cell you can usually get back in range fairly quickly. And you can just limit actions in meantime.
Just want to avoid what happened on a few ops where links were impossible after flights to remote areas due to triggering some anti spoof mechanism.
(Had to lodge a ticket before the guy could link).
I missed out on a personal longest link record by this one.
Niantic have stated they are working on this problem and we have to take that statement at face value.
I've had countless reports rejected and thought "NIAOps are blind!". And yes it's disheartening.
I've also had plenty actioned, indeed it seems better these days, after a period where it was hit and miss. Pre TR revamp I could get close to 100% hit rate on spoofer reports.
Some additional gate mechanism for reports would be good. Balancing this with legit play and malicious reports is the tricky thing.
I still think SMS verification has some value. (Yes I am aware of SMS services).
Sure, but it's an added layer. I can think of a few workarounds for SMS verification, but all require expense or extra work.
I'd also drop the multiple accounts shared on one phone allowance. It's 2021, I really can't see serious players, or even most casual, being in the situation where they need to share their handset with other family members etc.
While I'm less against this provision than I once was, there's still definitely families where a child plays on the parent's phone, or two kids share a phone between them.
However, the 13+ age 'expectation' tends to limit that now.
While I agree with the general concept of needing some verification and proof of visit for certain portals, I remember you that not everyone has a phone capable to do scans.
But almost everyone has a phone capable to do classic photo submitting. Thus, if Niantic/Ingress team really wants to implement such feature it's not only technically possible but effortless...effortless enough for them not to wait for the Pokemon Go team to do something and than copycat.
Scans should not be used to verify a player. If you have a phone capable of running Ingress, but not scans, you should not be penalised for this. If verification is going to be device-dependant, then it should ensure that every legit player is capable of verifying, not just the ones with a compatible device.
Can't verify by credit card. Niantic doesn't manage payments, Google/Apple does. And even there payments can be made with vouchers or point credits. In addition, credit cards can't be verified to belong to an actual person. Only your own bank can do that, and even then you as a person are capable of having more than one credit card. Not even to mention corporate credit cards.
This really isn't as easy as it sounds. For Niantic to store credit card details, they would need to be PCI-DSS compliant to protect and encrypt card data. And yet again, not everyone has a card / people can have multiple cards / it's easy to generate a valid CC number that'll pass a Luhn check if it doesn't need to make a payment.
There's also such a thing as a virtual card. South African banks have been implementing this as a measure to combat internet fraud. These cards can be re-generated with new validation data whenever you feel like it.
CCs are simply not an effective means of verification.
Photos can be easily faked. We used to do it all the time to submit a portal when the game crashed using the in-app camera. Apps like Fake Camera let you take a photo then when the client asks to open your camera App, you choose Fake Camera and select the photo.
That was the only way I could submit portals at one point, because both Redacted and Prime crashed if I used the real camera at the same time as the app.
Scanning uses ARCore which some phones don't have, but also it doesn't allow alternate camera apps during the process.
SMS is effective when eliminating BOTs but not effective for anti-spoofing, and it's adding additional cost which Ingress team cares much about.
There are obviously good ways to to the verification to stop spoofing, but no cost-free ways. Sadly, it's not very useful of us discussing about ways of anti-spoofing when Ingress team seems would not like to achieve better anti-cheating functionality by itself with additional cost.
Those with the skills to circumvent the detection are also skilled enough to make apps/guides for the average Joe.
The only cheats/hacks in existence for anything that can't be done by the average Joe are those that require hardware modifications. So unless you can get phone manufacturers to install a GPS chip that talks directly to a server instead of the OS and can solve any of the privacy issues that brings along, it isn't going to happen.
Comments
I note how you only reposted my comments, instead of the ones that they were replying to, which were part of the discussion. Did you become a forum moderator when we weren't looking?
because things went wild twice when you raised "key replication in quantum capsules" and "terrorist watchlist" theories.
As you have mentioned you were familiar with Trusted Reporters. Then you definitely knows that spoofers got and share keys of remote limited access portals very easily and this is a major problem as well. Comparing with that, "key replication in QC" problem which you raised first is not worth mentioning at all and is never a problem, when the general topic is about anti-cheating.
When did "key duplication allows them to be reused without the extra effort of things like BGAN trips or access permits" become a problem? Never.
Removing limited-access portals won't stop spoofing to any extent. Spoofers just turn to portals difficult to reach (less difficult than limited access ones but still) and mess around as previously. "It's because the existence of limited access portals that we start cheating" is a classic fallacy that distracts the topic.
Spoofers spoof not start out of frustration. It's out of the fact that they can and they were not effectively detected and severly punished.
"Understand the enemy".
Remember that many of these spoofer actions are paid for, by frustrated people. And others once they get past their frustration, decide to "get even" or "since everyone is playing like that I will to", because they assume that a possibly legit player is spoofing.
The current assumption in many communities right now is "If it's hard to do, it must be spoofing". It's a bad mindset that leads to people normalizing spoofing and therefore deciding "If they can do it, I can do it".
While the account you mentioned at one point, playing for 24hrs, is likely a spoofer, and I even have one my local area that won't be destroyed, I know from my experience with TR's, that there are a lot of wild accusations that can easily be disproven, or are flimsy enough to be ignored.
If you learn what the motives of spoofers are, you can better lobby to adjust the game itself, so that people aren't incentivized by frustration or "getting even", to curb spoofing back to the more egregious actors, leaving most regions free of the scourge.
If you want to just have a sulk-party about how you know better, and NIA Ops doesn't work at all, doing it front and center of the Support team probably isn't going to win you any friends.
While we are here arguing for infinitely extending thesis, professional spoofers are watching, eating popcorns and laughing because they didn't expect that there are normal people trying to understand them and though unintended but de facto adding barriers to anti-spoofers.
Allow me to tell you (or remind you of, as you are familiar with) about how some ENL players are cheating in Shanghai (I could say that because I've banned some sub-accounts of them): they record the movement during their daily route, optimized the route files and then launch those routes virtually. That's what we call professional spoofers who appear to be just normal or hardcode players on the face but collapse when we dive deep into trivial details of their actions.
Professional spoofers are happy when normal players criticize not-many reporters of lack of empathy, mindset and too termagancy. Professional spoofers are also cheerful when normal players force not-many reporters to give up on all beyond-log documents and prove that they were spoofing by referring to COMM logs only which is extremely hard, but not impossible if someone from Niantic really takes time looking into it which is a previous and rare chance that reporters look for.
Endless barries to anti-spoofing are what I feel from your replies, if not intended by you. "Understand the enemy" never helps. It's "Help the reporters" does. And "You might be just overreacting like many communities" makes the matter worse.
You missed the context. I'm not excusing any spoofers. I've spent years working to remove them in the areas I've lived, as well as work with others to find ways to expose them. If you cheat, you should be banned.
But people constantly telling NIA Ops that they're bad at their job is also not going to help matters any. All it will do, is convince them it's not worth listening to.
Understanding why people spoof, even the ones who play simply to troll people like you, are doing so "for a reason". That reason might be as simple as "It's fun when they post on the forums in frustration." or "I just can't be bothered going outside.". Or it might be that they've had to face someone over and over again, who has overwhelming advantages, like the Pony Riders constant fields over Salt Lake City that created at least one opposition spoofer (until they got banned).
But accusing another agent of cheating is a serious charge, and there are a lot of areas who now use it as their 'go to' for any time they don't like the opposition play.
And unfortunately, what this results in, is a massive load of unnecessary work for Niantic, meaning that they don't have free resources to go after the real spoofers like your 24hr player, or the bot nurseries in Lithuania, or the P8 farms in inaccessible monasteries in Romania.
I want every spoofer gone as much as you do. But I know from past experience, that there are as many invalid reports of spoofers, as there are valid ones. From their own stats Niantic is banning 20% of reports. Even if you think that they're under-banning by a margin, there's a lot of reports that are unfounded.
And also, Ingress players are capable of some almost inhuman feats sometimes. I've been constantly surprised by what people did 100% legitimately.
It was a serious charge. It's not currently because with the help of BOT tools a L10 account could be established within 3 hours. Cheaters could pile you up with endless sub-accounts which drains you up easily if political correctness is required individually.
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
And make players like me who submit concised and effective reports often the real "Trusted reporters" (not Trusted Reviewers who are named as TR) with high-priority of revisions, free from useless automatic replies.
Problem solved, isn't it? It's just Niantic don't want to spend mandays on adding such additonal anti-spoofing layer, probably there are already not many players and player base shrinking annually, resulting in us anti-spoofers desperate and tired, looking for justice in an environment that does not care about justice that much as previous years.
For the time being, automatic replies from general customer support lines make us, who think of ourselves as the one help to build a better game, feel like we are not appreciated and thanked at all and instead we are probably seen by Niantic as someone who are trying to block Niantic from getting more revenue from some sub-accounts, though flying, may potentially make contributions to the revenue. Perhaps it's us being the problem now.
I'm not aiming at you, while I'm saying what I feel about current situation of Ingress anti-spoofing. Not to mention other cheating including multi accounts that are rarely punished.
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
I am 100% behind this concept and have said so before, as long as it's tempered by the reality that scanning portals isn't always feasible at any given time. Allowing multiple chances is far better, though likely it will localize spoofing, such that people will have an opportunity occasionally to go out and trigger the scan.
It's just Niantic don't want to spend mandays on adding such additonal anti-spoofing layer, probably there are already not many players and player base shrinking annually, resulting in us anti-spoofers desperate and tired, looking for justice in an environment that does not care about justice that much as previous years.
The "Ingress team" distinct from "Niantic" in terms of revenue doesn't have the money to dedicate development time. Unfortunately, spoofing isn't seen as as much of an issue in Pokemon Go. It's far more rampant, but it doesn't have the same impact, so there isn't the same impetus to spend the resources on fixing it.
If PoGo took the time to 'fix' spoofing, Ingress would get those fixes almost automatically.
Wow you guys creating a book :)
I'm all for a forced scan etc.
Delay can be kept fairly short I think. Even in low data cell you can usually get back in range fairly quickly. And you can just limit actions in meantime.
Just want to avoid what happened on a few ops where links were impossible after flights to remote areas due to triggering some anti spoof mechanism.
(Had to lodge a ticket before the guy could link).
Just want to avoid what happened on a few ops where links were impossible after flights to remote areas due to triggering some anti spoof mechanism.
Yeah, I know quite a few Australian and New Zealander ENL got pinged by this around places like Cape Reinga.
And the good ol vrla bug.
I missed out on a personal longest link record by this one.
Niantic have stated they are working on this problem and we have to take that statement at face value.
I've had countless reports rejected and thought "NIAOps are blind!". And yes it's disheartening.
I've also had plenty actioned, indeed it seems better these days, after a period where it was hit and miss. Pre TR revamp I could get close to 100% hit rate on spoofer reports.
Some additional gate mechanism for reports would be good. Balancing this with legit play and malicious reports is the tricky thing.
I still think SMS verification has some value. (Yes I am aware of SMS services).
In game portal scanning may have a better verification capability though.
SMS i would use only as an additional layer.
You want it such a pain that most can't be bothered.
Sure, but SMS verification is such a widely used technology that plenty of methods to easily beat it exist. It's all security theater.
Sure, but it's an added layer. I can think of a few workarounds for SMS verification, but all require expense or extra work.
I'd also drop the multiple accounts shared on one phone allowance. It's 2021, I really can't see serious players, or even most casual, being in the situation where they need to share their handset with other family members etc.
While I'm less against this provision than I once was, there's still definitely families where a child plays on the parent's phone, or two kids share a phone between them.
However, the 13+ age 'expectation' tends to limit that now.
While I agree with the general concept of needing some verification and proof of visit for certain portals, I remember you that not everyone has a phone capable to do scans.
Or even know how to do a scan that won't come out like gobbledygook, unrecognizable.
But almost everyone has a phone capable to do classic photo submitting. Thus, if Niantic/Ingress team really wants to implement such feature it's not only technically possible but effortless...effortless enough for them not to wait for the Pokemon Go team to do something and than copycat.
Scans should not be used to verify a player. If you have a phone capable of running Ingress, but not scans, you should not be penalised for this. If verification is going to be device-dependant, then it should ensure that every legit player is capable of verifying, not just the ones with a compatible device.
Which is why I lean to SMS.
Should also be able to do a photo sub, but that's less valid.
I do think we should revert to one phone per agent. And damn the complaints.
Optional validation can also be a thing. Like credit card. Not mandatory but to help eliminate false positives?
SMS random code that has to be glyphed in?
Or an email?
Ie: email received BEGIN HUMAN DESTINY
Use capcha style obfuscation.
User has 3 tries to input before cooldown.
Would nobble a lotta bots.
Can't verify by credit card. Niantic doesn't manage payments, Google/Apple does. And even there payments can be made with vouchers or point credits. In addition, credit cards can't be verified to belong to an actual person. Only your own bank can do that, and even then you as a person are capable of having more than one credit card. Not even to mention corporate credit cards.
Nothing to stop them using it as a verification method? (Ie not take payment so as not to break compliance with stores?)
One card per account. Would slow people with 10+ mules?
And people without credit cards?
This really isn't as easy as it sounds. For Niantic to store credit card details, they would need to be PCI-DSS compliant to protect and encrypt card data. And yet again, not everyone has a card / people can have multiple cards / it's easy to generate a valid CC number that'll pass a Luhn check if it doesn't need to make a payment.
There's also such a thing as a virtual card. South African banks have been implementing this as a measure to combat internet fraud. These cards can be re-generated with new validation data whenever you feel like it.
CCs are simply not an effective means of verification.
Photos can be easily faked. We used to do it all the time to submit a portal when the game crashed using the in-app camera. Apps like Fake Camera let you take a photo then when the client asks to open your camera App, you choose Fake Camera and select the photo.
That was the only way I could submit portals at one point, because both Redacted and Prime crashed if I used the real camera at the same time as the app.
Scanning uses ARCore which some phones don't have, but also it doesn't allow alternate camera apps during the process.
SMS is effective when eliminating BOTs but not effective for anti-spoofing, and it's adding additional cost which Ingress team cares much about.
There are obviously good ways to to the verification to stop spoofing, but no cost-free ways. Sadly, it's not very useful of us discussing about ways of anti-spoofing when Ingress team seems would not like to achieve better anti-cheating functionality by itself with additional cost.
You seem to suggest there are ways to stop spoofing...
There aren't.
At best, you can make it as cumbersome or costly for those trying it, but those things will be overcome by those that persevere.
I'm all for trying to get rid of cheaters, but you have to stay realistic
Realistic is only computer professionals can even come close to getting away scott free.
Not just anyone with a program/app on a phone. That level of expensive and care not to get busted and thrown in the slammer.
Those with the skills to circumvent the detection are also skilled enough to make apps/guides for the average Joe.
The only cheats/hacks in existence for anything that can't be done by the average Joe are those that require hardware modifications. So unless you can get phone manufacturers to install a GPS chip that talks directly to a server instead of the OS and can solve any of the privacy issues that brings along, it isn't going to happen.