Update on new cheating prevention initiatives from Niantic....

12346»

Comments

  • GrogyanGrogyan ✭✭✭✭✭

    There has been some white papers over the years for portion of the ARM core, which would mitigate a lot of the direct manipulation of the GPS data. However, there are just so many players who are using (sorry to be frank) obsolete mobiles, particularly Android.

    There is just no one-size-fits-all solutions.


    @SSSputnik a long time ago, it was revealed that Niantic do in fact use ML to detect bad actors, and the issue is that there is no way to detect legitimate travel, vs spoofing.


    It's crazy to acknowledge that Niantic have sent out so many 3 strike notices, when it is obvious to everyone that spoofing and multi accounting are still hugely prevalent across all 4 games.


    As I said, I am fully aware of my location, and if I am not where I am not normally, just do a couple of wayspot scans.


    I did write up a very lengthy set of methods to use in conjunction with the methods already in use, however, due to the fact that there is no direct way to raise issues with the Niantic Real World Platform dev team, such suggestions I fear have fallen on deaf ears. I did send my recommendations to someone at Niantic to pass onto the NRWP dev team. It hasn't yet been implemented.

    😢

  • SSSputnikSSSputnik ✭✭✭✭✭

    Machine Learning and Deep Learning are a bit different. I'd be surprised if Deep Learning cannot tell the difference most of the time.

  • ToxoplasmollyToxoplasmolly ✭✭✭✭✭

    Ah! But when the Deep Learning fails, will we laugh 😂, or will we cry 😢?

  • SSSputnikSSSputnik ✭✭✭✭✭

    Heh, neat trick. Ingress data should hopefully be easier on the algorithm. Plus false positives can be corrected for on a continuous basis. Eventually it should be pretty hard to fool.

  • PangarbanPangarban ✭✭✭✭✭

    @Grogyan said, "2 Factor Location Authentication", not "2 Factor Authentication". It's not a term I've heard used before, but it's clearly what a lot of this thread has been discussing: a means of authenticating the player's location in addition to the device GPS. I'm not convinced that players being asked to scan or photograph a portal after the fact is a good solution, since in most cases the player will have moved on long before they would be requested to make the authentication. However, I don't know of any other way to verify their location as well. Probably why none of us have ever heard of "2 Factor Location Authentication" (at least AFAIK).

  • HosetteHosette ✭✭✭✭✭

    Proof-no-spoof photos work fairly well as a social convention between players because they are reasonably easy for humans to evaluate. It would be much harder for a machine to reliably authenticate them. Another reason they work well, as was alluded to above, is that they are things that players are usually taught to do proactively when they are taking strategic actions. Asking for someone to do something after-the-fact is not realistic... I might be hundreds of miles away by the time I get the request.

  • It's not a term I've heard used before, but it's clearly what a lot of this thread has been discussing: a means of authenticating the player's location in addition to the device GPS. 

    Fair enough, though that's because it's generally called "verification" not "authentication". 😊

    You can't verify the location if the data source is compromised, because all the methods of providing verification are under complete data control of the spoofer.

    Even using portal scans will eventually become compromised, at least for some portals, as people start sharing pre-recorded scan data with each other.

    If you wanted independent geographical verification you'd need something like an NFC reader in the location, which uses it's own secure communication method back to Niantic. Something that's not even plausible let alone scaleable.

    This is why it's a constant cat and mouse. At some point there would be reference scans to defeat the portal scanning test, and then Niantic would have to start doing comparisons of a given submitted scan to others to see if the same one had been submitted twice etc. Then someone would work out how to modify the scans enough to still look similar, but not meet the "identical" test. And so on.

    Spoofing has never been solved at scale in any game simply because you can't provide those sorts of methods without relying on the hardware of the person supplying possibly tainted information. That's why preventing Root and Jailbreak on Prime was done, and then the spoofers quickly solved that. (Well they solved it for PoGo and ported it.)

  • GoblinGranateGoblinGranate ✭✭✭✭✭

    Proof-no-spoof pictures are of no use, agent can still spoof the portal and provide a picture.

    Wanna hear a good community proof? Record a video, speak your agent name, the portal where you are and a 6 digit random number generated the moment you touched the portal by an external app.

    Who does this? No one.

  • HosetteHosette ✭✭✭✭✭

    @GoblinGranate I think they are pretty high value. Opposing factions aren't generally looking for evidence that will stand up in a court of law, just a basic verification. If I'm several states away from my home area throwing a field and I can provide an obvious photo of myself in front of a portal with all of the facts aligning (e.g. if I threw the field at night it's a night photo, I've left the metadata intact for examination) that is pretty credible evidence for faction relations. Here's one from my archives, taken in front of the town hall in Estancia NM. (I live in California.) My local opponents would easily recognize even that dark blob in the photo as me, although I have better photos too. Verifying that it's the Estancia Town Hall can be done via Google. IIRC the timestamp is a few minutes after the last layer was thrown.

    The credibility of the agent is also a factor when it comes to those photos. I've taken tons of proof-no-spoof photos in my life. I don't remember ever being asked for one.

    This photo is a great example of the topic in question though. A proof-no-spoof photo is a good tool for human verification, but it doesn't lend itself well to machine verification. For that Niantic needs to rely on data that are available on its servers but not to players.



  • GoblinGranateGoblinGranate ✭✭✭✭✭
    edited March 2021

    If it can be falsified, it is of no use.

    Can you verify the picture was taken at that exact time at the portal? Can you verify the picture was made by the agent? Can you verify the picture was taken by the agent at that exact time at the portal?

    Example: I go to a mountain, take 5 pictures of the portal, then go back home, no spoofing. One week pases and someone takes it down. I wait 24 hours and the spoof it and then I provide one of the 4 unused pictures. Am I a legal player to you?

    On the other hand, the video I spoke about is not possible to fake like this. The most you can get is another person doing the work for you, including the video.

    Truth is that this should not be ever required, who are you to demand pictures to another person? Out of context, this would be harrasment! But, if you do it for your teammates to share the experience, that's ok.

  • HosetteHosette ✭✭✭✭✭

    @GoblinGranate Proof-no-spoof photos are not mandatory, but they are a custom that has evolved in order to build trust between factions. You seem to believe that the only evidence that has any value is that which can't possibly be faked. Our disagreement is over whether that is a reasonable standard of evidence for a social convention. I will grant you that such photos aren't ironclad evidence, but I assure you that I and others have found them quite useful. Useful is a spectrum, not a binary.

  • GoblinGranateGoblinGranate ✭✭✭✭✭

    Trust between factions... such expensive words! I don't think I've ever known that.

    My apologies, I should have noticed earlier that we do not speak the same languaje.

    F

  • SSSputnikSSSputnik ✭✭✭✭✭
    edited March 2021

    Entering spoken code into scanner could work, but again, can eventually be defeated.

    We need a way that's low cost, can be worked around but so difficult only the most dedicated spoofers will bother.

    Entering a obfuscated glyph sequence? The problem with these, is even a human has trouble reading them sometimes.

    For instance:


  • That doesn't really verify location though, which is what needs to be verified.

    A spoofer can say a word or fill in a captcha from home

  • SSSputnikSSSputnik ✭✭✭✭✭

    The topic drifted to proving where you are not if you are real. I know a captcha type arrangement would only really impact bots.

  • ZeroHecksGivenZeroHecksGiven ✭✭✭✭✭

    Even that can be circumvented, at least it used to be easily bypassed.

  • I disagree with the whole portals on military bases shouldn't be aloud because of the simple fact that well what are the military families that are on the base supposed to do when they want to go out and about and not be around the house or apartment or whatever they stay in

  • jontebulajontebula ✭✭✭✭✭

    Nothing happend with multi accounts. Not work for multi account when agents now easy can use multi accounts.

    Please work hard on multi accounts and relese we only can use 1

  • jontebulajontebula ✭✭✭✭✭
    edited June 2021

    Not help when agents in Ingress use lots of accouts and the system dont work and spoofing with lots of accounts. Best are only 1 account on phone. If agents cheating Niantic block the phone from run Ingress Prime. I fint lots of cheting agents dont buy lots of phones to chating with lots of accouts.

  • MoogModularMoogModular ✭✭✭✭✭

    It's 2021 - do not use SMS verification when there's 2FA

Sign In or Register to comment.