Plus taking photos on the scenes. Those sells spoofing services are not able to provide in-time photos of specific portals, if Niantic adds additional detection and force some suspicious accounts to upload photos. Niantic could even do a cross checking with other normal players around the portal at that time to double check whether the photos uploaded by suspicious accounts contradict with the reality i.e. not taken at that time.
Of course some normal players are not able to do 3D scanning or taking photos because there are something wrong or limitations with their phones, but when it comes to suspicious accounts they should find a way to prove themselves despite that. Device incapabilities should not work as excuse of not able to do any uploading as verification, if Ingress team really wants to stop spoofing as much as possible to save the game.
Yes but considering the fact that there seems even no independent QA/Tester for Ingress game as it's frequently loaded with minor/major obvious problems after each new version... Small cost beyond storage or other operation cost is still additional cost for the team making it hard to apply :(
Scanning/photos require that Niantic processes spoofing Reports in real time and that they are able to verify your location based on photos/videos that you provide.
Neither of those is true now, nor are they likely to become true in the future.
Nobody is going to wait at or return to every portal just in case Niantic requires proof
@LuoboTiX has said many things that make a lot of sense, but I have to disagree with this specific one:
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
Spoofers typically use throwaway accounts, and relying on reports after the spoof will never really solve the problem. At best asking for scans is just one more mechanism for aiding the situation that we are in now, which relies on reporting followed by manual unwinding of the actions. Manual intervention is expensive for Niantic, and since the process can take days it means that the spoofer often accomplishes their goal. In order to effectively stop spoofing Niantic has to be able to recognize and block spoof actions when they are happening. You know what?
Effective anti-spoofing is very difficult. I've done a fair bit of amateur-level anti-cheating work on a hobby-level game server that I run, and I've done professional fraud detection work. I've also invested a lot of mental energy in thinking about what I would do if I was in charge of anti-spoofing efforts at Niantic, because I find it a fascinating problem. What I can tell you is that cheating/anti-cheating is a perpetual cat and mouse game. As soon as Niantic finds a way to recognize a new spoofing technique the spoofers will find a way to get around Niantic's blocks. Neither side can ever declare victory in this game. The good news is that "big data" can help with some of the problem by using a whole lot of input signals to help identify illegitimate actions, and also to prioritize places where it's important for them to care.[1] The bad news is that spoofers find new ways to make illegitimate actions look legit. Lather, rinse, repeat.
Anti-spoofing is hard not just because the game is constantly changing, but because false positives can be extremely painful for legitimate players. I've heard of many cases over the years where players made some significant investment of time/effort/money in order to reach a strategic goal and then got blocked at the last minute by anti-cheating technology. Even though those players are constantly frustrated by cheaters ruining their efforts they will be even more frustrated by not being able to accomplish their strategic goal.
There's one thing that I know for sure about the spoofing/anti-spoofing metagame. Whenever anyone says, "This is easy, all you have to do is..." they're wrong. If it was easy and only required this one thing to be done then the problem would have been solved years ago. LuoboTiX, I'm not criticizing you specifically with this paragraph, and I hope you don't take it personally. You just happened to have provided the example that I used as a starting point for discussion. Problems like this often seems easy from the outside, but once you get up to your elbows in the nitty gritty of it they are anything but simple.
[1] Imagine a portal in a high-traffic tourist area. That portal probably changes hands 20 times per week, rarely holds up a field larger than a couple dozen MU, and has no strategic or tactical value to either faction. Is it good if this portal gets spoofed? Of course not, but probably nobody would even notice if it happened. Now, contrast that with a portal on a mountain peak that requires a strenuous hike and only gets accessed a few times per year. That portal will often be used to anchor large fields or strategic blockers, and if it gets spoofed that's a big deal. Niantic can essentially ignore portals that look like the first example and focus their energies on ones that look like the second, and similar cases.
I wonder if the game went subscibers only to play, how many % spoofers would stop or not, would it even make a difference or ? its sad it seems its a uphill battle against cheaters :(
If Ingress went pay-to-play, aka subscribers only, we'd lose about 70% of the playerbase in one fell swoop. Sure, spoofing may be decreased a bit, but so is the global activity of legitimate players. That would k i l l the game.
Honestly, id just lik le it if niantic went out their way to stop illegal and stupid actions. For example, in Scotland just now we aren't meant to leave 5 miles from local area (i take that as my house but its supposed to mean local council area) yet I've seen players drive up to 18 miles to hit stuff well outside their area (unnecessarily as other people had been doing it anyway). Another example being that 4 people went out onto a loch in the middle of the night during a storm to get to an island on it, that is both stupid and pushing illegal as they use dinghy (to my knowledge) which isn't supposed to be out on lochs at night (visibility issues from other boats). But from what I've read, nothing will ever really be done about that
If the activity is truly illegal and that much of a concern, report it to the police or other appropriate authorities. I'm sure they can mete out punishment and be quite persuasive in discouraging future incidents.
While most of your opinions are true and I do agree with them, the topic you were developing was about Efficient Anti-spoofing, not Effective Anti-spoofing, as far as I can see. The previous one calls for in-time solutions delivered on spoofing accounts while I'm OK with the latter one when it's achieved within from several days to several weeks later but ultimately solutions would be delivered, that is, spoofing accounts would be banned or put on probation (players can appeal if it's a mistake).
There are a lot of players here on the forum insisting on the idea that because Efficient Anti-spoofing is hard and expensive for Ingress team to implement and player scenarios vary, Effective Anti-Spoofing is out of the concept as well. Allow me to raise an example: there are currently a lot, a lot of new accounts leveling from 0 to 8 or 10 in 1 or 2 days worldwide, but with 0 walking distance in their data. I don't see them get banned, even after my/our reports. I bet there are some in your area as well.
0 walking distance+Not a speed run+has moved more than 30km throughout there logs+some even done several in-game missions
I don't think any new player who reaches level 8 but accumulated no walking distance data is a real, normal, valid player, not to mention the fact that it reachs l8 that quickly. Such accounts should be put on probation if not instantly but still definitely. However most of them are not, at least not banned simply because of this. Thus IMO it's no need referrering to talking about "big data" or other key aspects of modernized architecture of anti-spoofing design that builds "Efficient Anti-Spoofing"...Perhaps Ingress team didn't even use simple data at all which probably means even the low-level Effective anti-spoofing is not pursued?
Typical slippery sl0pe. You are trying to overstate my proposal to make it look illogical, by supposing me of suggesting Niantic/Ingress team to test every portal interaction of suspicious accounts, which I don't and everyone knows is unnecessary.
I have emphasized "randomly" and "when it's obviously walking", etc. And multiple players here agree that this is a feasible solution. It's Niantic/Ingress team's responsibility to make the implementation more compatible and user friendly, not me.
Leveling up quickly is not a crime all by itself. Speed runs to L8 are a thing, easily accomplished by throwing a bunch layered fields while standing in one location, assisted by friends who've farmed keys and set up all the portals. These runs might not be the activities of normal players, but they definitely can be real and valid.
I have emphasized 0km walking distance didn't I? oh my mistake, forgot to mention that those accounts has moved quite far, but still 0 km. Everyone knows that what you mentioned are actually corner cases while what I address is not. We didn't see collective speed run very often but of course we see 0 km sub-accounts much more frequently especially in big cities.
Of course Niantic could determine this. Didn't you notice that when you were in vehicles with medium to high speed your walking distance DO NOT increase?
And that's exactly what @Toxoplasmolly meant as well. We have locally levelled a new player with assistance. We set up the base links/fields, farmed the keys, and dropped him all the keys/stock required to complete the linking plan. The newbie didn't have to do any walking. Just sat in one place and repeatedly linked from a cluster of portals. L8 done and dusted in less than an hour.
Feel free to take different extreme corner cases to oppose my proposal, speed run, or whatever, when everyone here has the basic idea of what are common cases about 0KM walking distance acounts, and when I've splitted those corner cases already.
I don't think you have never encountered 0KM walking distance but fast leveling spoofing sub-accounts and has done movement quite far while nobody helps its upgrading.
Don't get me wrong, 0KM and high level are suspicious, but they aren't necessarily cheating.
I feel that requiring scanning portals is going to be more cumbersome for legit players than for spoofers which use throwaway accounts anyway. They don't care if they get caught, the damage has already been done.
I don't think you have never encountered 0KM walking distance but fast leveling spoofing sub-accounts that nobody helps it upgrading. Everybody here knows which are common and which are corner cases. Anti-spoofing discussion is focusing on possibility of identifying common cheating cases.
Ingress team could easily tell the difference of speed run accounts (even if it's a new account and hence 0km walking distance) with the help of a lot of keys collected collectively in advance, and strange accounts which has spammed the entire city in its logs but still 0km walking distance.
That would be even more rare in terms of corner cases. When suspicious new accounts spamming the whole city, controlling multiple districts but remains 0 km walking distance just don't get banned, why bother, for those spoofers to act like they are doing speed run?
There are. Spoofing is not unstoppable. It's just Ingress team would not accept the cost or don't think it's worth the effort enhancing the anti-spoofing and reporting functionalities. I've seen quite many online PvP games think in the same way and finally they were ruined by cheating very fast.
Comments
Providing undetectable software for noobs is a subscription model business...
Sms services are almost free now. Yes a small cost, but a handful of subs would pay for monthly unlimited sms.
Plus taking photos on the scenes. Those sells spoofing services are not able to provide in-time photos of specific portals, if Niantic adds additional detection and force some suspicious accounts to upload photos. Niantic could even do a cross checking with other normal players around the portal at that time to double check whether the photos uploaded by suspicious accounts contradict with the reality i.e. not taken at that time.
Of course some normal players are not able to do 3D scanning or taking photos because there are something wrong or limitations with their phones, but when it comes to suspicious accounts they should find a way to prove themselves despite that. Device incapabilities should not work as excuse of not able to do any uploading as verification, if Ingress team really wants to stop spoofing as much as possible to save the game.
Yes but considering the fact that there seems even no independent QA/Tester for Ingress game as it's frequently loaded with minor/major obvious problems after each new version... Small cost beyond storage or other operation cost is still additional cost for the team making it hard to apply :(
Remember whatever auth method used, it will probably be used in their other games - Pokemon could absorb the cost? :)
Scanning/photos require that Niantic processes spoofing Reports in real time and that they are able to verify your location based on photos/videos that you provide.
Neither of those is true now, nor are they likely to become true in the future.
Nobody is going to wait at or return to every portal just in case Niantic requires proof
To absorb the cost, Pokémon Go would have to pay for the development. Spoofing isn't something that they really care about there.
From my reading at least, a lot do care about spoofing. (ie Gyms full of high level monsters they cant beat etc).
If spoofing has no way to be stopped, then this game has no hope at all and it better be destroyed for good.
@LuoboTiX has said many things that make a lot of sense, but I have to disagree with this specific one:
Anti-spoofing is not that difficult: add a in-game functionality that if someone receives multiple reports of spoofing, then Niantic system asked it randomly to do a 3D scanning or photo capturing on the scene when it's obviously walking and reward it with bonus. If it rejects to do so in successive times then it's very suspicious. In this case send someone to have a detailed investigation. It's sort of basic anti-bot design in modernized MMORPG game.
Spoofers typically use throwaway accounts, and relying on reports after the spoof will never really solve the problem. At best asking for scans is just one more mechanism for aiding the situation that we are in now, which relies on reporting followed by manual unwinding of the actions. Manual intervention is expensive for Niantic, and since the process can take days it means that the spoofer often accomplishes their goal. In order to effectively stop spoofing Niantic has to be able to recognize and block spoof actions when they are happening. You know what?
Effective anti-spoofing is very difficult. I've done a fair bit of amateur-level anti-cheating work on a hobby-level game server that I run, and I've done professional fraud detection work. I've also invested a lot of mental energy in thinking about what I would do if I was in charge of anti-spoofing efforts at Niantic, because I find it a fascinating problem. What I can tell you is that cheating/anti-cheating is a perpetual cat and mouse game. As soon as Niantic finds a way to recognize a new spoofing technique the spoofers will find a way to get around Niantic's blocks. Neither side can ever declare victory in this game. The good news is that "big data" can help with some of the problem by using a whole lot of input signals to help identify illegitimate actions, and also to prioritize places where it's important for them to care.[1] The bad news is that spoofers find new ways to make illegitimate actions look legit. Lather, rinse, repeat.
Anti-spoofing is hard not just because the game is constantly changing, but because false positives can be extremely painful for legitimate players. I've heard of many cases over the years where players made some significant investment of time/effort/money in order to reach a strategic goal and then got blocked at the last minute by anti-cheating technology. Even though those players are constantly frustrated by cheaters ruining their efforts they will be even more frustrated by not being able to accomplish their strategic goal.
There's one thing that I know for sure about the spoofing/anti-spoofing metagame. Whenever anyone says, "This is easy, all you have to do is..." they're wrong. If it was easy and only required this one thing to be done then the problem would have been solved years ago. LuoboTiX, I'm not criticizing you specifically with this paragraph, and I hope you don't take it personally. You just happened to have provided the example that I used as a starting point for discussion. Problems like this often seems easy from the outside, but once you get up to your elbows in the nitty gritty of it they are anything but simple.
[1] Imagine a portal in a high-traffic tourist area. That portal probably changes hands 20 times per week, rarely holds up a field larger than a couple dozen MU, and has no strategic or tactical value to either faction. Is it good if this portal gets spoofed? Of course not, but probably nobody would even notice if it happened. Now, contrast that with a portal on a mountain peak that requires a strenuous hike and only gets accessed a few times per year. That portal will often be used to anchor large fields or strategic blockers, and if it gets spoofed that's a big deal. Niantic can essentially ignore portals that look like the first example and focus their energies on ones that look like the second, and similar cases.
I wonder if the game went subscibers only to play, how many % spoofers would stop or not, would it even make a difference or ? its sad it seems its a uphill battle against cheaters :(
If Ingress went pay-to-play, aka subscribers only, we'd lose about 70% of the playerbase in one fell swoop. Sure, spoofing may be decreased a bit, but so is the global activity of legitimate players. That would k i l l the game.
Thanks for the update. I am definitely not going to be making an app.
Honestly, id just lik le it if niantic went out their way to stop illegal and stupid actions. For example, in Scotland just now we aren't meant to leave 5 miles from local area (i take that as my house but its supposed to mean local council area) yet I've seen players drive up to 18 miles to hit stuff well outside their area (unnecessarily as other people had been doing it anyway). Another example being that 4 people went out onto a loch in the middle of the night during a storm to get to an island on it, that is both stupid and pushing illegal as they use dinghy (to my knowledge) which isn't supposed to be out on lochs at night (visibility issues from other boats). But from what I've read, nothing will ever really be done about that
If the activity is truly illegal and that much of a concern, report it to the police or other appropriate authorities. I'm sure they can mete out punishment and be quite persuasive in discouraging future incidents.
Photo submission once uploaded never requires real time verification. Niantic could review them afterwards individually, combined with other photos.
Are you going to wait at every portal you visit just in case someone reports you and Niantic acts on it and asks verification?
Are you going to take a selfie at every single portal you visit just so you can proof you where there?
While most of your opinions are true and I do agree with them, the topic you were developing was about Efficient Anti-spoofing, not Effective Anti-spoofing, as far as I can see. The previous one calls for in-time solutions delivered on spoofing accounts while I'm OK with the latter one when it's achieved within from several days to several weeks later but ultimately solutions would be delivered, that is, spoofing accounts would be banned or put on probation (players can appeal if it's a mistake).
There are a lot of players here on the forum insisting on the idea that because Efficient Anti-spoofing is hard and expensive for Ingress team to implement and player scenarios vary, Effective Anti-Spoofing is out of the concept as well. Allow me to raise an example: there are currently a lot, a lot of new accounts leveling from 0 to 8 or 10 in 1 or 2 days worldwide, but with 0 walking distance in their data. I don't see them get banned, even after my/our reports. I bet there are some in your area as well.
0 walking distance+Not a speed run+has moved more than 30km throughout there logs+some even done several in-game missions
I don't think any new player who reaches level 8 but accumulated no walking distance data is a real, normal, valid player, not to mention the fact that it reachs l8 that quickly. Such accounts should be put on probation if not instantly but still definitely. However most of them are not, at least not banned simply because of this. Thus IMO it's no need referrering to talking about "big data" or other key aspects of modernized architecture of anti-spoofing design that builds "Efficient Anti-Spoofing"...Perhaps Ingress team didn't even use simple data at all which probably means even the low-level Effective anti-spoofing is not pursued?
Typical slippery sl0pe. You are trying to overstate my proposal to make it look illogical, by supposing me of suggesting Niantic/Ingress team to test every portal interaction of suspicious accounts, which I don't and everyone knows is unnecessary.
I have emphasized "randomly" and "when it's obviously walking", etc. And multiple players here agree that this is a feasible solution. It's Niantic/Ingress team's responsibility to make the implementation more compatible and user friendly, not me.
Leveling up quickly is not a crime all by itself. Speed runs to L8 are a thing, easily accomplished by throwing a bunch layered fields while standing in one location, assisted by friends who've farmed keys and set up all the portals. These runs might not be the activities of normal players, but they definitely can be real and valid.
@LuoboTiX "when it's obviously walking"
as if Niantic has the means to determine this...
You can go slow in a helicopter.
I have emphasized 0km walking distance didn't I? oh my mistake, forgot to mention that those accounts has moved quite far, but still 0 km. Everyone knows that what you mentioned are actually corner cases while what I address is not. We didn't see collective speed run very often but of course we see 0 km sub-accounts much more frequently especially in big cities.
So they get a few KMs by walking around a bit and they can spoof freely?
Your example of a L8 with 0km (which could still be 999meters) is definitely possible given the right circumstances
Of course Niantic could determine this. Didn't you notice that when you were in vehicles with medium to high speed your walking distance DO NOT increase?
And that's exactly what @Toxoplasmolly meant as well. We have locally levelled a new player with assistance. We set up the base links/fields, farmed the keys, and dropped him all the keys/stock required to complete the linking plan. The newbie didn't have to do any walking. Just sat in one place and repeatedly linked from a cluster of portals. L8 done and dusted in less than an hour.
Feel free to take different extreme corner cases to oppose my proposal, speed run, or whatever, when everyone here has the basic idea of what are common cases about 0KM walking distance acounts, and when I've splitted those corner cases already.
I don't think you have never encountered 0KM walking distance but fast leveling spoofing sub-accounts and has done movement quite far while nobody helps its upgrading.
Don't get me wrong, 0KM and high level are suspicious, but they aren't necessarily cheating.
I feel that requiring scanning portals is going to be more cumbersome for legit players than for spoofers which use throwaway accounts anyway. They don't care if they get caught, the damage has already been done.
I don't think you have never encountered 0KM walking distance but fast leveling spoofing sub-accounts that nobody helps it upgrading. Everybody here knows which are common and which are corner cases. Anti-spoofing discussion is focusing on possibility of identifying common cheating cases.
Ingress team could easily tell the difference of speed run accounts (even if it's a new account and hence 0km walking distance) with the help of a lot of keys collected collectively in advance, and strange accounts which has spammed the entire city in its logs but still 0km walking distance.
You don't think the process of having several accounts farming keys and using that to level up an account doesn't happen with bots/spoofers?
That would be even more rare in terms of corner cases. When suspicious new accounts spamming the whole city, controlling multiple districts but remains 0 km walking distance just don't get banned, why bother, for those spoofers to act like they are doing speed run?
There are. Spoofing is not unstoppable. It's just Ingress team would not accept the cost or don't think it's worth the effort enhancing the anti-spoofing and reporting functionalities. I've seen quite many online PvP games think in the same way and finally they were ruined by cheating very fast.