Will the transition to Pay-to-play stop botting?

Put any feedback about the game here.

Will the transition to Pay-to-play stop botting?

Postby PKOLake » Thu Jan 10, 2019 9:59 pm

The answer is a simple no.
But let me explain why

As you all know, some users decided they were going to develop botting software in order to disrupt the gameplay of multiple people. This in turn caused developers to implement several different (worthless) anti-botting systems.
Each and every update failed to do what it intended to do. Why? Because they weren't designed to stop botters. They were designed to show that the developers have "taken action" against "Those pesky botters"
In reality, it was a setup. Sure, the botting was completely legitimate, but their reaction was suspicious. It took them several days to even react at all. They decided to take some 'action' by implementing an anti-spam and captcha system. Both of which failed miserably. Instead of deploying moderators to ban botters on sight, or implementing bot-detection, or limiting IPs to one registration per day/week, or blocking all TOR nodes from accessing their site, or blocking popular 'free' vpn IP addresses from accessing their site, adding a captcha upon login, OR EVEN BLOCKING DISPOSABLE EMAILS, they decided the easy cop-out was to leave free-to-play entirely. They believed that, if the botters were forced to pay for accounts, they wouldn't bot anymore. Right?

This reasoning is flawed, and even though it stopped the crux of the issue, it didnt squash it, like bot detection methods and an active moderation team could have and would have. Especially for a game like Town Of Salem, where legitimate discussion and legitimate client behavior isn't all that hard to differentiate between. There are multiple other issues that this doesn't solve:
1. Ref codes being used for malicious behavior
2. Bruteforcing to gain access to an account
3. Phishing to gain access to accounts
4. Off-site phishing
5. Using viruses and keyloggers to gain access to accounts
etc...

The point is, methods to steal accounts will now be something more worth doing to these people. They could even automate phishing, bruteforce accounts, and sell access to those accounts and ref codes for cheaper than what BMG currently asks for. And i've already seen a couple of these "phishing" bots rolling around, and these people have already been known to be bruteforcing accounts.

In other words, instead of just registering a new account, these people are now targeting other people's accounts, because those accounts are now worth something.
And BMG have already expressed their unconcern for players whose accounts have been compromised by another player.
Quoting from naru2008 on this thread http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=8913&sid=08372cee693a7fc3b4397de3db686d5a
So-and-so used my account and got me suspended or banned. Can I get unbanned?
9 out of 10 times, this will be a no. People often use this excuse to get unsuspended, and we're not likely to give a second chance. You are responsible for what happens on your account, regardless whether you are responsible for what happened in-game to get you reported and suspended. You also aren't allowed to share accounts in the first place, as that alone is in violation of our Terms of Service, and is punishable, so it's all on you to make sure your account is secure, used by you and only you, and make sure it isn't abused.

They state that "You are responsible for what happens on your account", and "it's all on you to make sure your account is secure, used by you and only you, and make sure it isn't abused."
In other words, if a hacker or phisher gains access to your account and gets you banned, that's YOUR FAULT
This plea has been used multiple times when responding to people who appeal and claimed their account was compromised.
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=79032&p=2602980&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p2602980
"Well, sadly you are held responsible for any actions your account does, as you are supposed to be the only one having access to it." -- Jerme
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=78267&p=2580550&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p2580550
"I'd like to inform you, that you, as owner of this account, are held responsible for every action that is done with it, as there is nobody else supposed to know your password" -- Jerme
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=72206&p=2354538&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p2354538
"You are held responsible for every action yoru account is doing." -- Jerme
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=64537&p=2064626&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p2064626
"The account belongs to you and thus you are held responsible for every action it has done." -- Jerme
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=95182&p=3048135&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p3048135
"You are responsible for actions that are performed under your account." -- TurdPile
http://blankmediagames.com/phpbb/viewtopic.php?f=40&t=94749&p=3038605&hilit=hacked&sid=08372cee693a7fc3b4397de3db686d5a#p3038605
"Nevetheless, the actions were inexcuseable and thus is your appeal denied." -- Jerme

Even their own Terms of Service states "You may not share your Account with anyone other than as expressly set forth herein, and you are entirely responsible for maintaining the confidentiality of your Login Credentials and for any and all activities (including purchases and charges, as applicable) that are conducted through your Account."

This means that, regardless of whether the activities done on your account were committed by you, you are still breaking their Terms of Service, even if you didn't give out your password or share an account, and your account can and will be banned for breaking the rules, no matter if you were hacked or not. and "9 times out of 10" your appeal will be denied.
It's also against the rules to make another account to play if your account is suspended or banned, so if your account is hacked, and your account is banned, you can't make another account, you are assumed guilty until proven innocent.
And with the new "moving to pay-to-play", this problem will only get worse, if not unstoppable.

In the forum post announcing this, they state "We feel that this move will be a positive for the game, as well as all current and future users. The botters will not want to spend real money in order to troll. Even if they do, they will be very limited in the amount of accounts they can make this way without committing credit card fraud." and "This also means that every account has an inherent value to it"
This is the reasoning i am exposing to be flawed here. It is the blindness of the developers to a newer problem that would arise from their changes. If botters aren't willing to fork over money for an account thats going to get banned, then the next "logical" step for them is to start targeting player accounts in attempt to steal those accounts. And they already have been.

While I don't believe BMG should back out of a pay-2-play model, it is misleading for them to say that this is the be-all end-all solution to botting, because it isn't. All this did was change the rules of the game, and that just means that botters will simply change how they play that game.
PKOLake
Amnesiac
Amnesiac
 
Posts: 7
Joined: Thu Jan 10, 2019 7:54 pm

Re: Will the transition to Pay-to-play stop botting?

Postby Flavorable » Fri Jan 11, 2019 4:40 am

Since the group that botted the game are disbanded, as far as I've heard and they are already facing legal repercussions, I sincerely doubt they will move on hacking accounts.

Also, generally, if a hacker gets to an account, they tend to change the e-mailaddress and password used, I doubt a hacker would get into an account, use hatespeech for a game and then move on. This is only one of a lot of signs of being hacked. Also keep in mind that history is checked as well.

The data breach wasn't so botters could get their hands on ToS accounts. The hacker(s) in question likely just sold the list of data and tried to use username/e-mail address combinations with known passwords to run actual scams and try to get into different sites that actually hold value.

All the reports you linked above never actually provided any reasonable proof to being hacked. Heck, some of them even admitted to being careless with their account by letting others (friends, siblings) play on their account.

Also, the making a new account while you're banned thing is now no longer against the rules.

As for some of your other points:

There were moderators to ban bots on sight. It was an unaccomplishable task, since there were an extreme amount of bots.
They did block IP addresses, causing several innocent people to get blocked from the game.
Bot detection would be useless, since the botters would have implemented ways into their bots to circumvent that.

While I understand where you're coming from, I do know that you seem mis-informed or haven't fact checked some of the points you made.

I'm happy to continue discussing this, but I have to go right now. I might be posting more later.
Steam ToS Moderator and Bug Report buttinsky.
Image
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 2831
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Will the transition to Pay-to-play stop botting?

Postby PKOLake » Fri Jan 11, 2019 5:17 am

You completely missed my main point

Stealing Town of Salem accounts is now profitable. This is my main point. Whilst the main group has "disbanded", that doesn't mean they wont continue to do the same thing in the future.
My other point is that BMG assumes guilt, and that you MUST prove that you were hacked.

But how do you do that?

...

Furthermore, I specifically stated Tor nodes and VPN ip addresses be blocked. This doesn't block legitimate users, this only blocks users with a VPN, who can easily disable it. And if you restrict an IP address to 1-2 registrations, it prevents botters from making multiple accounts on the same IP address.
I was there when the botting was happened. Not a single game I was in was in was the botter banned by a moderator. Not one.
Bot detection also DOES work. Especially since your game isn't all that complex. Knowing what is and isn't human behavior is easy to do.

Virtually every single game developer who has had a problem with botting have implemented bot detection. Town of Salem is probably one of the first to go to a pay-to-play model because of it.

But again, despite all of this, my main point is that bot-phishing can now be profitable. My other main point is that the actions taken cant completely stop botting.
PKOLake
Amnesiac
Amnesiac
 
Posts: 7
Joined: Thu Jan 10, 2019 7:54 pm

Re: Will the transition to Pay-to-play stop botting?

Postby Naru2008 » Fri Jan 11, 2019 5:41 am

You're taking my quote from Information Regarding Appeals thread out of context.

The quote is implying you let a friend or relative login to your account, or left it logged in and stepped away and someone (either the aforementioned, or whoever) went and violated the rules, that it is your responsibility. This isn't anything new in gaming communities, as most companies also state that each account is your responsibility, and then most follow that up with that the accounts don't belong to you. This is nothing new in the world of gaming, and Town of Salem certainly isn't going to be the first or last to do it.

Now should anyone's account be compromised, especially after the recent databreach I'm sure BMG would be willing to fix it in the meantime. However, they're doing an security audit at the moment, and recently fixed major exploits used to gain access to the database. Once the audit is complete, they're going to force-reset all account passwords. On the off-chance someone actually got into your account, and you can prove you own it, I'm sure the developers would work with you to regain it.


Please don't take quotes out of context and use them for your own exploits. Thanks. :)
Notice: I cannot delete your account, change your email, etc. Please email info@blankmediagames.com for support. Thanks!

Image


BLACKPINK
Image

K/DA
Image
User avatar
Naru2008
Global Moderator
Global Moderator
 
Posts: 14849
Joined: Thu Aug 07, 2014 9:45 pm
Location: USA

Re: Will the transition to Pay-to-play stop botting?

Postby orangeandblack5 » Fri Jan 11, 2019 11:10 am

Nobody is paying for a stolen ToS account lol
Image
Spoiler: Yeah this sig is really outdated.
Help support my Investigator Results List Overhaul and Town of Salem 1.5 suggestions!
Image a a a a a
Favorite Roles: Janitor, Spy
Loved Roles: Jailor, Witch, Executioner
Hated Roles: Mafioso, Amnesiac, Arsonist, Vampire
ElderSivart wrote:I'm confused as to why BMG made a UI for Pirate and not Hypnotist.

Sarah Thorpe wrote:Role Ideas is great for masochists.
User avatar
orangeandblack5
Halloween 2017 Winner
Halloween 2017 Winner
 
Posts: 5451
Joined: Tue Mar 17, 2015 9:24 pm
Location: University of Michigan

Re: Will the transition to Pay-to-play stop botting?

Postby PKOLake » Fri Jan 11, 2019 12:02 pm

Naru2008 wrote:You're taking my quote from Information Regarding Appeals thread out of context.

The quote is implying you let a friend or relative login to your account, or left it logged in and stepped away and someone (either the aforementioned, or whoever) went and violated the rules, that it is your responsibility. This isn't anything new in gaming communities, as most companies also state that each account is your responsibility, and then most follow that up with that the accounts don't belong to you. This is nothing new in the world of gaming, and Town of Salem certainly isn't going to be the first or last to do it.

Now should anyone's account be compromised, especially after the recent databreach I'm sure BMG would be willing to fix it in the meantime. However, they're doing an security audit at the moment, and recently fixed major exploits used to gain access to the database. Once the audit is complete, they're going to force-reset all account passwords. On the off-chance someone actually got into your account, and you can prove you own it, I'm sure the developers would work with you to regain it.


Please don't take quotes out of context and use them for your own exploits. Thanks. :)


That isn't out of context. That is the full quote. The implication of the rule "You are responsible for what happens on your account", and "it's all on you to make sure your account is secure, used by you and only you, and make sure it isn't abused."
Is that its completely on you to make sure your account isn't compromised, and if it is, you are responsible (i.e. it's YOUR fault).

There isn't any other way to take this. It's even in your own Terms of Service, which i also cited.
Town of Salem Terms of Service - III, B. (Eligibility): "You further agree that you are entirely liable for all activities conducted through your Account"
Town of Salem Terms of Service - III, C. (Login Credentials): "you are entirely responsible for maintaining the confidentiality of your Login Credentials and for any and all activities (including purchases and charges, as applicable) that are conducted through your Account. "

These have the same exact implications as your own quote does. So regardless of whether you meant it, it is legally in your own Terms of Service.
If a hacker obtains your login credentials, according to your own Terms of Service, you are entirely responsible for maintaining the confidentiality of your Login Credentials.

Essentially, you are responsible for whether or not a hacker is able to obtain your login credentials because the Terms of Service state that you are responsible for the confidentiality of your login credentials. If a hacker steals your credentials, your credentials are no longer confidential.

It also implies you are liable "all activities conducted through your account", this would include hackers using your account for malicious behavior. Malicious behavior is an activity... conducted through your account.
PKOLake
Amnesiac
Amnesiac
 
Posts: 7
Joined: Thu Jan 10, 2019 7:54 pm

Re: Will the transition to Pay-to-play stop botting?

Postby Villagerlover » Sat Jan 12, 2019 8:25 am

I completely disagree with this.

You already said it: People won't continue botting because of the paywall. Just leave it at that man.
No one is willing to spend $5 just to troll on Town of Salem with bots. And the very select amount of people who do do that repeatedly are going to give ToS profit, and continuously get banned from the game like idiots.
Flavorable and Naru2008 already touched on the other stuff I would've mentioned about the data breach.


So...while teeeeeeechnically the paywall won't stop the botting 100%, it will reduce the amount of botters so significantly that it practically cuts them off.
Wanna say somethin'? >B3
PM
User avatar
Villagerlover
Consigliere
Consigliere
 
Posts: 1285
Joined: Wed Jun 03, 2015 3:59 pm
Location: Hang on I need to ask Google Maps


Return to Feedback

Who is online

Users browsing this forum: No registered users and 2 guests