Reseting a portal that has been spoofed, why this needs to be improved
I wanted to write this post as a feedback for Niantic, to highlight some flaws and share concerns about the situation we're facing in my area.
First let me recap some events:
- on January 15th in the evening a new account from opposing faction starts playing in a medium-sized city, immediately attracting curiousity because our country is under covid restriction which forbid people to go outside after 6PM
- said account plays like a regular player would, no obvious beginner mistake, reaches level 4 or 5 easily and stops
- during the night between January 15th and January 16th around 1AM account previously mentioned uses a virus on a portal in a mountain area, which is immediately identified as spoofing (mountains are covered in snow, we're in the middle of the night and the account exists since less than 6h). At that time several strategic links are destroyed.
- An agent of my faction that is not sleeping immediately starts writing a report, report is sent at 2AM, asking for a reset of the portal and the links
- By the end of the night the account is banned, 7AM local time January 16th
- A vanguard reaches the agent owning the portal before it was spoofed on January 17th
- The portal is reseted on January 19th, approximate time 7AM local time
Between the report of cheating and the reset of the portal 72h passed. Now this is where things are getting ugly: during these 72h several agents from the faction of the spoofer have thrown links that should not have been possible to establish because they would have been crossing links destroyed by the spoofer. Those links are still there and blocked the restoration of most of the links the spoofer destroyed.
So from my faction point of view here is what we learn: if a link is blocking a future operation there is always the possibility to
- create a dummy account
- spoof one of the strategic portals blocking your operation to come
- let the account get banned
- go throw support links for future operation
I'd like to hear the opinion of @NianticBrian on this topic, why can't link destroyed by a cheating action take priority over those established after that ? The current situation is leaving way too much room for spoofers to do severe damage.
EDIT: remove name of a virus form the generic term "virus" since I want to keep this post as neutral and faction independant as possible
Yes problem is that even if the spoofer gets banned fast, once a portal that held many links and fields gets taken down by spoofer it opens up suddenly a big area and then the nightmare starts.. how will niantic restore that play area? usually they dont what i know....
Uhhh I understand you because this problem is deeper than that, communities try to keep spoofers outside their communities. However, if they begin to rot inside, they may accept to do this kind of behaviours. Since I've started to watch intel, I've seen everything.
Any script can restore those links.
Oh no! There is a link crossing the link I'm trying to restore! Retrieve info from intel, terminate the link, give the used key back to original thrower. Repeat until no links cross the link I'm trying to restore. Repeat until all restored links are placed.
Please, someone estimate this effort in hours of work, thanks.
But lets say a portal gets taken down by a spoofer that held many fields etc.. ok. Then suddenly a big area is clear and you can throw lots of links, think of all players that have no idea that a spoofer took down the portal, game does not pause anytime it is running 24/7, should the legit players links that they could link because of the spoofers action also be reset ? U see how a nightmare this is for everyone, even legit players that have no idea what is going on that a spoofer took down a portal suddenly.
I have no idea what the solution should be when this type of things happens.
I don't see why is that a problem, used keys are being held back to the agents, it doens't matter if they know or don't.
This would only remove blockers, I don't actually see any need of total removal. Your team managed to throw an entire OP in the time window? Good work, but if that OP becomes a blocker you better not get attached to those fields.
Also, something like that would be a nice target for invertigations, who does throw a mega-field after a spoofer move? Magical planifications and availability from the participants? XD
Current restore system is being abused constantly, with the script I mention that impact would be significantly reduced.
Please, someone estimate this effort in hours of work, thanks.
That's why I mentioned Brian in my original post, I guess there can be technical difficulties but the intuition of an algorithm is so simple I really want some feedback from the devs…
Why not just cross the links that are 'in the way'
Because if you don't remove the links there will be more possible blockers apart from the link you are restoring. Also, it would be painful to see and would cause innecesary bug reports.
I've been thinking on this a little more and I don't even believe the keys should be given back to the agents: they got the AP for using them and most agents already have quantum key piling, so the script would be even easier. Just get the info for the investigation and that's it.
Also the info should be there since the agent previously owning the portal had alerts about the links being destroyed, so it's probably accessible by NIA anyway.
I can give a little bit of insight on the difficulties of link removals on resets. This isn't as easy as "remove all links thrown by account X" or "remove all links blocking link Y".
From what I understand, link removals are done manually, and are quite a pain to do, as the information isn't logged in one place. They have to be manually identified, then looked up on a different system and removed. I would imagine doing this via script will be quite a process, as each blocking link would need to be identified, the source and destination portal identified, and the owner of the link identified as well. Plus, new links might be continuously thrown that block the restore, especially for long links that cross countries and intersect cities. I can almost imagine it needing to be rerun, and rerun again to remove new links, and again, etc, and just not getting anywhere (and holding up other resets as well).
Quite frankly, I don't think removing blockers will be a viable solution here, as the system quite likely isn't optimised for this type of function. But, I'd be more than happy to stand under correction. It would certainly improve things all round if this could be done. For players, VG and the Niantic person running the resets.
Our first restoration took 5 days via the new system for a pretty slam dunk restore case. That's around the same as before with Trusted Reporter system.
We have fairly connected contacts in the PNW though, so YMMV.
If they can erase material off a portal the way it's been done at anomalies, why not as a first step nuke the offending portals without giving a notice they've been nuked?
You're advocating to neutralise portals that are blocking link restores?
If it is done for anomalies, then under just as serious issues do it and file it under IG reasons. For example something (time to use lore to advantage) is "using" spoofing as an attempt to do something and let the community know and make a plot out of that.
I guess you haven't thought that through. Take a step back and really think about the implications of that proposed action. It's not pretty.
I can only see in front ( never going to be able to play anywhere that isn't physically brutal to get to, and a LARP veteran) not the deeper implications. I'm thinking that power would require the following:
1. It would take someone way up the food chain to say yes. Vanguards could ask, but the final decision would be north of them.
2. Story would be involved so that it would mitigate by minimum a percentage. It is long overdue to make plot happen again.
3. If there is a deus ex moment, it has to be for a very specific reason.
What precedent is feared?
First of all, you are punishing legit agents for the actions of a spoofer. Agents that may not even be aware that they linked across spoofed lanes. Plus, it's also likely that the agent that linked isn't the agent that owned/deployed the portal in the first place.
Second, this will quickly be abused as a "legit" way to neutralise portals. When a link is spoofed down, just link across from any portal that annoys you and voila, portals neutralised.
No. Niantic doesn't interfere with game actions from legit agents.
And quite frankly, having VG in the mix would put a massive target on our back from affected agents and their communities. So once again, no. You haven't thought this through. Trying to justify it as "it's being done for anomalies" and "make it part of the lore" is .... wow, just no.
I think the entire topic has entirely got out of hand. I believe both sides agree that any maleficent actions (multiaccounting) or spoofing should be removed from the game, regardless when these actions were made. While the community appreciate the Vanguards actions toward this point, is clearly not enough, because, as you stated, you do everything by hand and you are overwhelmed. Everyone should know how tiresome is to do so, you are not perfect and that's understandable, that's why advocating for an scripted option for the problem is a good solution, which indeed, may free your hands to do any other tasks done (and Vanguards do not have enough time for everything).
As many agents stated here, the benefits after a spoofing attack are questionable and open to debate, and as you said, Niantic shouldn't infer anything or penalize legit players. But how is this achieved when the blockers are made after a spoofing attack? Is it fair that a legit player who built the blocks being thrown by a spoofer while other players takes advantage from it? Of course not, if you only focus on "OK. We restore your portal" but nothing else, the spoofer gets away with its objective done. Any corrective actions should discourage new potential spoofers, and, while I cannot entirely agree of "neutralizing portals" as @Mirthmaker said, removal of the links made after a spoofer attack will show agents that taking benefit from the actions from a spoofer is not acceptable.
Needless to say, if an area is frequently spoofed does not undermine the right to initiate any further investigations in order to elucidate the actors behind these attacks and ban them consequently.
What option short of press reset are legitimate, don't give off deus ex machina overtones, and gets the message of if you spoof, you're gone out loud and clear?
Options that don't need full reset are needed, but they also need to be effective. Do they exist at levels that will do the job and not be too much or not enough? I can imagine that is the question bring wrestled with right now.
I dont think anyone suggested neutralising the portal the link comes from, just killing the link and returning the key used
Edit: Ok someone is suggesting it, but I think most people here would say what I said, remove links that were blocking but keep the portals that linked intact
@Azhreia can the reset system bit be improved? As it stands, losing a strategic portal, especially one that's inaccessible, can be devastating
There have already been some significant improvements on resets (restoring resos back to original owner, restoring mods, restoring links), but yes, there is definitely room for improvement. Unfortunately that does require resources and currently other projects have a higher priority than this.
But we keep pushing for improvements. Anything to make the process easier/faster.
I may be wrong but this reads like you assume resets happen without banning the spoofer. Resets are only done once the spoofer is banned, so it's already at the "if you spoof, you're gone" stage.
Also not sure what you mean with "Options that don't need full resets".
If it can be done manually, it can be automated somehow, there is always a pattern. The faster this process becomes, the less efective will spoofing be. And all that saved time can be re-invested in tracking down real source. Is not easy? Ok, just have in mind that any scrapper can retrieve this info in micro-seconds, this involves COMM info only, no need to dive into de DB.
What I understand to be difficult is to identify spoofing patterns, which can also be scripted for faster spoofing identification. We have witnessed spoofers getting a ban in a couple of hours and I personally know of 1 agents who got a ban in that time and wasn't even spoofing (we told him to appeal but he was just not interested and never came back, huge score for spoofer team btw).
So, if a 2 hours ban is possible, a 2 hours portal reset is aswell.
That would solve nothing, spoofers would just change targets and that's it. Not a solution.
Unfortunately, Niantic doesn't store information regarding portal state. We've asked, believe me. So until that changes, resets will still have a manual process of collecting the information needed for the restore. And I think that might only change if/when Ingress is moved over to the new infrastructure.
Oh, boy, that is not good news at all...
Thanks for your insight. Spoofing, at least locally seems to be a problem more lately. I believe you've helped me a few times
To your questions, Watching intel has shown it takes blatant spoofing to raise flags. Trying to get customer service attention can be a pain on the road. Reporting on a mobile phone is not user friendly when multiple portals or repeat offenders are involved.
Reset with banning has only happened once that I know of. i've seen more resetting at an anomaly then on the paths I take ( I am a 99% urban player) .
I'm far more used to seeing spoofers "caught" going somewhere blatant at 3 in the morning and coming back near the scene of the crime, and even then it's 50/50 they don't get banned. It's these types of spoofers the ban hammer needs to be more aggressively used against, re: not just the the account but kick the player out.
If neutralizing a portal that has been spoofed is too strong a response, what is a better, more appropriate response was the OQ.
It seems like the answer is it depends. Urban portals are a different ballgame compared to you need a rowboat and then some cooperation to get to a portal.
The actions taken by Niantic during anomalies have nothing to do with resets. Those actions relate to anomaly rule enforcement, and not specifically to spoofer actions. If players (legit or otherwise) field over the playbox or link through it during the event, that link/field would be destabilised as it was specifically mentioned in the anomaly rules. This is still a manual process, and is limited to the location and duration of the event. Neutralising the portals ahead of the start of the anomaly is also part of the anomaly itself, and is specifically mentioned in the rules in advance. Only the playbox portals are neutralised, and these are indicated by ornaments on each eligible playbox portal.
Resets refer to correcting the actions of spoofers on portals where it would be difficult/impossible for locals to correct that themselves. For urban spoofing actions in active cities, clearing out the deployed resonators and mods is the only current recourse. And any reset is only processed if the spoofing account is banned. It's a requirement.
re: not just the the account but kick the player out.
And how do you propose Niantic should do that? Niantic is only aware of your online identity, and then only the identity you choose to share with them. They don't know who you are as a person. They are able to restrict you from re-using the same email address to create new accounts. They may be able to ban new accounts created on the same device. But that's where their influence stops. I'm not sure how you mean for them to "kick the player out".
Reporting on a mobile phone is not user friendly when multiple portals or repeat offenders are involved.
You don't need to report for every single portal affected. One portal with the date and time is all that's needed. And you also don't need to create multiple reports for a single player. It just serves to clog up the system. Report once for a suspected action, and wait for it to resolve. Logging more reports on the same account while the first ticket is still open is counter-productive. It won't speed up your ticket resolution.
If you need to report a second or third account while the first ticket is still open, use the browser and open an incognito window to submit the next report.