Concerns re: Spoofing [A Dedicated Thread]

1246715

Comments

  • Of course the teamwork is gone lost, there's more people quitting than new people playing (at least in my area) and that leaves little space to teamwork when there's nobody or few people playing.

    Accelerating the problem isn't going to make things better though. A more damaging solution is worse than no change at all.

  • TheKingEngineTheKingEngine ✭✭✭✭✭
    edited February 2022

    I have no comments on "Spoofing is not going to be fixed by people yelling at Niantic constantly". While I can say that spoofing is definitely not going to be fixed by some players' insisting on "anti-spoofing can't be improved because it's too difficult a problem and your spoofing reports won't result in more things that you expected if you didn't have them upon initial feedback" ALL THE TIME regardless of what has been provided and what attempts have been made by players.

    In order to help players, could you please also raise some questions towards NIA OPS such as "I've seen many players providing multiple reporting ticket numbers which seems unsolved, are they really manually reviewed and have you really taken actions", "I've seen many players in the new anti-spoofing dedicated thread asking about the fact that are you still auditing multi-accounters and are reports filed for multi-accounting really reviewed"

    along with or instead of "could you refrain from making boy cried wolf situation", "could you not yell at Niantic", "could you please stop accusing players in COMM" (I don't see such COMM behaviors actually here on the forum, where?) towards other players? Or could questions be raised by you simultaneously on both sides. Much appreciated!

    For now I see that you are questioning players and I would be interested to know whether you are questioning Niantic as well.

  • TheKingEngineTheKingEngine ✭✭✭✭✭
    edited February 2022

    yes, which I think is the most critical issue here. Though somebody does not think so by saying that "I do not think that "the masses" are rallying behind your position though". A vote should be created to see what actually is cared about by players coming to this thread.

    If this main issue could not be solved or speaked for, by FORMAL Niantic staff, there is no need to talk about anything like "how to build better anti-spoof algorithm" (and I doubt how many players care about it). That's why I am avoiding to drive the topic away from it.

  • SSSputnikSSSputnik ✭✭✭✭✭

    That said, most tickets I lodge are NOT insta closed. Only some. Response usually the same though :)

  • Like300WombatsLike300Wombats ✭✭✭
    edited February 2022

    Sadly, no, this will not end multi-accounting. We have a local player/spoofer (not naming names...has been reported through the automated portal so will abide by the rules of the thread) who spends his week creating/leveling 3 or 4 alt accounts (we know the locations he likes to level them in...easy to track), gets them to level 6 (which is high enough to take out any portal/set of portals), farms gear for them (so no gear trading required), then, each Friday, he trots them out to clear so he can go fielding...or to knock down big fields and throw derps through lanes. You know, what cheating trolls like to do.

    The alts get banned fairly quickly, same day. Action has been taken against the main...I believe it was handed a 2nd strike last Fall as it did in fact stop playing for a month solid (and a 30 day suspension is the penalty for a 2nd strike). But it continues to follow the same pattern so...🤷.

    Ultimately, if his main gets banned...what does that actually accomplish? He currently still gets to create as many accounts as he wants. So, yes, I understand the nature of the problem.

    As to the low/high bar to entry that has been discussed: if the bar is low-to-non-existant and new players join the game only to be turned off by the high level of multi-accounting and spoofing and then just turn around and quit again...I'm not sure what good having a low bar to entry really accomplishes in the long run.

  • ToxoplasmollyToxoplasmolly ✭✭✭✭✭

    What might be left is to tell some stories: Stories about teammates and friends who quit the game because of cheating. Stories about the sitreps that never got written because spoofing ruined the best laid plans. Stories about how Agents started to enjoy the game more when some multi-accounter got caught by Niantic. That sort of thing.

    Maybe those stories will prove more inspirational to Niantic than continued repetitions of the usual complaints. 🤷‍♂️

  • Otrera35Otrera35 ✭✭✭✭
    edited February 2022

    Btw, do you realize there is thing called life? Either one rides a bike or a car, or walk when playing this game; it depends on the situation. Why would a person cargress? Have you ever thought that there are agents being followed when they walk and complete missions? They do it because of safety. As for your unsolicited advice, it's considered inappropriate and its not your place to tell me how I run my household.

  • NoctarionNoctarion ✭✭✭
    edited February 2022

    I know this may sound unpopular but why not developing some sort of rollback tool when there's a spoofer attack? Maybe this could be a better way to fight that frustration that many of us experience when we do something and later it's destroyed by cheaters. And also a way to discourage spoofing attack since anything they do will be reverted and all they will lose is time and effort with those banned accounts.

    I know portal reset is a thing but iirc it only applies for portals that are difficult to reach. Why not make it anywhere? Although I think this would require shorter times of response between the attack, the report review by the bots and the rollback system so not much can be done after the spoofer's undoing. i.e. links that can be done after the cheater attack by another agent.

  • InvestigateXMInvestigateXM ✭✭✭✭✭
    edited February 2022

    I'm not 100% sure, but as far as I have gathered from comments made by Vanguards and Niantic, there is no rollback system in Ingress at all. Niantic doesn't store the history of portals, links and fields, meaning they need to manually reset the portals, which is probably the main reason that portal resets are only done for difficult to reach portals, as it isn't just a "Revert all actions done by Agent Smith" button.

    Now, could Niantic implement a rollback feature? Sure, but it would probably be really, really expensive to take a snapshot of millions of portals each time their status changes. It could be made more cost effective if it's only saving the portal state only once per hour or so, but probably still quite taxing on the servers.

    Post edited by InvestigateXM on
  • NoctarionNoctarion ✭✭✭
    edited February 2022

    Yeah, you got a point there. I know it would take more resources and people behind it, but as we are now, anything that they are supposedly doing is not enough, and I'm affraid it will never be. I guess we'll have to resign ourselves to play like this (as it's always been in any case)

  • Like300WombatsLike300Wombats ✭✭✭
    edited February 2022

    I don't know about the spoofer you might be dealing with, but this would not dissuade the one(s) we've been dealing with in our area because the only thing he/they is/are trying to accomplish is to troll...not trying to build anything, not really trying to destroy anything (since anything destroyed can just be rebuilt in this game)...just troll. And the trolling can't be rolled back...which is why he/they doesn't/don't care about lossing their alt accounts: there are always new accounts that can be created to continue the trolling.

    Rollbacks aren't the answer; the resets that Niantic currently do aren't the answer (they are a bandaid on a tumor); eliminating the ability to create multiple accounts is the answer.

    I personally would have no problem with finding a way to apply a "one account per phone" rule. Does that impact those few folks out there with parents who only allow their children to play on their phones? Undoubtedly. But I'd be willing to wager that's a modest impact...and you're simply not going to find a zero impact solution...and anybody who advocates for a zero impact solution is simply not serious about solving the problem.

  • Like300WombatsLike300Wombats ✭✭✭
    edited February 2022

    Or how about just making everybody do a portal scan when they first start playing and compare the geodata that's uploaded to the geodata of the location they're claiming to be at? No match, no play.

    I understand: somewhat onerus (and costly) for folks using bgans...but I re-emphasize: there is no zero cost solution...and what price would YOU be willing to pay to eliminate spoofing?

  • @Noctarion

    I know this may sound unpopular but why not developing some sort of rollback tool when there's a spoofer attack?

    There is a system to restore changes made by a spoofer, restoring both portals and links. I believe the process these days is "Ask a Vanguard once a spoofer is banned". The issue is that that sort of system being automated could be easily leveraged by the same spoofers working with two accounts, to make the situation worse. As well, the time between the action, ban and the rollback can be long enough that the entire playing field has changed, and links might be attempted to be hung off uncaptured portals that were destroyed in the meantime by legitimate players etc. Manually doing it everywhere would be far too manpower intensive to pay for.

    @Like300Wombats

    Or how about just making everybody do a portal scan when they first start playing

    Not every phone that can play Ingress, can do Portal Scans. Many of the lower end ones used commonly in countries that aren't the highest GDPs/standard of living in the world, don't support the libraries necessary. Even many of the top end ones don't support meshing.

  • Like300WombatsLike300Wombats ✭✭✭
    edited February 2022

    @Perringaiden

    Then require it of the devices that do support it until NIA finds a way to extend scanning capabilities to those devices that currently do not (which they have said they are working on). A partial solution is better than no solution at all.

    Ingress currently supports compartmentalized access...I would imagine they have people smart enough to be able to have the game recognize what sort of device you are interfacing with.

  • "Partial Solution" is the problem. It's not a solution, because if you let cheap devices through the gap, all you're doing is making it hard for people who play on better devices, and all the spoofers will use the cheaper devices.

    A 'solution' that's sole effect is to make it harder for real players to enjoy the game and stop none of the spoofing is not a solution. Bad changes are worse than no changes.

  • Yeah, I'm starting to see you are in the "let's wait for a perfect, zero cost solution before we do anything at all" camp. Doing a portal scan (on devices that support it) does not make the game "harder" for anybody...it's just an additional login step.

    There are people who would say that the change to Ingress Prime from Redacted made the game "harder to play" for people with certain devices compared to those with other devices...Niantic still made the change...because they viewed it as an improvement. Implementing ANY effort to reduce spoofing would be just as much an improvement...perhaps moreso.

  • edited February 2022

    No. My point is "net improvement". Repeating the same solutions over and over, despite their flaws being highlighted over and over, isn't going to change anything. My litmus test for changes, is "Will this solution cause more legitimate people to quit, than the spoofers do".

    People already hate portal scanning. This will make that far worse.

     Implementing ANY effort to reduce spoofing would be just as much an improvement...perhaps moreso.

    Like I've said before, the best way to stop spoofers, is shut the servers down, but none of us want that... Not every 'solution' is a good solution. "ANY effort" is not true, because making the situation worse is not going to be an improvement.

    The biggest threat to Ingress right now, is losing players. And while spoofers are damaging the game and making people quit, most of the solutions presented would make that even worse without actually solving anything.

    The way spoofers are going to be stopped is detection. Until Niantic starts talking to players about how a player can look at actions and go "Yeah that's likely spoofing" and implement detections to realize the same thing, all these attempts to punish players will do is cause more blowback and more people to quit.

    You won't solve spoofing by attacking the player base with these 'solutions'.

    See here for my original suggestion as such.

  • @Perringaiden

    So, here's the situation we are facing in our area. Accounts are created by one player (and, yeah, we know who it is) on a small piece on land in the middle of a very large lake with a single portal on it (and the piece of land is barely big enough to support that single portal) because that's the lake in which a local agent died...and because this guy is that kind of troll.

    We report those accounts as soon as we see them because there is literally no way to create a legit account there. Nothing happens to those accounts.

    Those accounts then move to different parts of the country. They are spotted, and reported again...and nothing is done about them.

    They move to *yet another* part of the country, are spotted again, and reported again...and still nothing happens to them.

    This reporting is done through Remy because that's what wevare told to do.

    Finally those accounts show up in this area, do actual damage, we report in through Remy, nothing happens and *only when a Trusted Reporter gets involved do the accounts get banned.*

    So you tell me, are we not communicating the nature of the problem sufficiently to Niantic? And if they aren't willing to listen and seem satisfied with the status quo why *shouldn't* players just tell them to cram the game in an unpleasant place?

    A game brings in new players through word of mouth...especially a game that's going on 10 years old. In it's current state I wouldn't recommend Ingress to anybody...not anybody.

    I understand your position, I really do...and I sympathize. I just don't happen to think you're entirely right. You see any action proposed by anybody else as a "punishment" of the fair minded player base in order to rein in the spoofers. I see those potential actions as a *fair price* for a fair game.

    And to be fair, I am not saying that anything I've proposed is an actual solution. Niantic doesn't pay me to come up with solutions for them. I am simply brainstorming...for good or for ill, something I say may fire a different set of synapses in somebody's brain there that might read it and get them to think of something wildly different from anything I actually propose. Or maybe (and more likely) nothing will happen...because we are talking about Niantic after all.

    But I'm still going to say my piece...and you are welcome to disagree with me as equally as I disagree with you. But something needs to be done...and until it is, I will always feel -- passionately -- that some costs are worth bearing if they improve the game.

  • edited February 2022

    So you tell me, are we not communicating the nature of the problem sufficiently to Niantic?

    No, I'm saying Niantic is not listening.

    And if they aren't willing to listen and seem satisfied with the status quo why *shouldn't* players just tell them to cram the game in an unpleasant place?

    People are, and quitting the game. I completely agree there.

    But something needs to be done...and until it is, I will always feel -- passionately -- that some costs are worth bearing if they improve the game.

    While I agree, the difference of opinion is in what costs are worth it. Given how much people hate Portal Scanning, the likely result of this would be people not considering it an anti-spoof tool, but rather treat Niantic as a 'money grubbing scanning demanding' company, using the pretext of spoof detection to get more scans. And from an outside perspective, that would be right because the solution wouldn't fix any of the problem. The spoofers would just use phones that are "incapable" of scanning.

    This is 100% Niantic's fault, and a problem only they can fix. My issue with most of the solutions, is that it gives Niantic an out, and puts the entire blame on the players to "prove they're real" instead of making Niantic do better at detection.

    • If accounts are being repeatedly created in a single spot, Niantic should be detecting that and flagging that location as a likely source of spoofing accounts, automatically.
    • If accounts are being created in a single spot, then flying to far flung places, all those accounts from that spot should be flagged as potential spoofers, and their actions in low density areas constrained.
    • If accounts are travelling at Mach 3 over the course of 2 hours, across an ocean, why is that not being detected?
    • If a brand new level 3 account is destroying a megafield, why is that not being detected?

    To provide an example of positive changes without significant ramifications (but still a cost), a number of us lobbied hard a few years back to get all AP removed from passcodes. There was opposition because people liked being able to get a jump start on levelling for their friends, but the passcodes were being used by spoofers to create instant level 3 accounts that could **** fields without even having to level. There was a cost, but no-one quit the game because the passcodes lost their AP. That sort of change is positive, without significant cost to the players, but we've pretty much exhausted all the 'low cost high gain' options at this point.

    Improved Detection by Niantic is the only way this is going to get substantively better. And it's clear that the Niantic staff don't have the same instincts as players when it comes to identifying suspicious play, or they're unwilling to increase their desire to prosecute cases.

    Until that changes, raising the barriers for new and existing players to enjoy themselves is going to do nothing for spoofers, and continue to drive away existing legitimate players.

    The time for "Make the player prove themselves" is past. It's 100% on Niantic to focus on improving their ability to say "We can prove this is a spoofer." We are not the ones at fault here. Niantic is.

  • TheKingEngineTheKingEngine ✭✭✭✭✭
    edited February 2022

    No. Saving the state of the portals is NEVER expensive in terms of server resources. They are merely database record and deep down inside is plain text. ALL application developers know it and have the idea of how to optimize the architecture of doing the snapshot. Niantic won't do it does not mean it's expensive or difficult.

  • SSSputnikSSSputnik ✭✭✭✭✭

    I really dislike portal scanning. I also hear the majority of portal scans are just "wave the phone around at the ground" and are pretty much junk.

    Snapshots and rollbacks are not easy or cheap when you are talking that much data. Most db rollbacks or system snapshot rollbacks are all or nothing. Yes you could unpick individual actions but it's really hard. Portals and links and field modifications have flow on effects to other agents.

    @Perringaiden is correct that cheats would just use cheap phones, or no phone at all.

    I would really like to see SOME verification tool in use. (How about select all squares containing traffic lights or Google Authenticator every now and then). You could argue "But what if I'm trying to ****/whatever a portal and this pops up" - Sucks but it would impact both factions equally and the more accounts someone has the more it would impact them.

    SMS verification, which yes can be bypassed using third party number providers would at least be an improvement over ZERO human verification.

    Forced glyphing is useless - I have seen software that does automated glyphing and even has a "fail %" option so they can't be picked up for perfect glyphing.

    Even if the methods not perfect but slows down bot use/multis and perhaps leads to better NIA detection would be an improvement.

    Niantic have in the past targeted vendors selling hacked clients and equipment sales sites- keep doing that!

    Target accounts that never do public actions on the network, (ie only silent hack and drop, only silent bump hack and drop, target accounts that move with visible accounts that never do public actions).

    I've said it before and will say it again, deep learning could at least indicate with high degrees of accuracy, likely cheat accounts.

  • GreenVamGreenVam ✭✭✭✭✭

    And yet, we would like to know how the solution of this problem is going?

  • edited February 2022

    How about select all squares containing traffic lights or Google Authenticator every now and then

    That confirms that it's a human not a script, but spoofers are still humans. It'd probably help against some sort of multi-bot farming setup, but not the spoofers people complain about.

    Saving the state of the portals is NEVER expensive in terms of server resources.

    Given that there are millions of portals at this point, saving the entire state as a snapshot would be massively expensive in terms of time, and given the distributed system and nosql lazy replication, probably not even literally possible.

    The only way that could track these sorts of things would be cell level activity/change logs which would be selectively rolled back by reversing the actions. However, that sort of process would not take into account cross cell actions that interfere, and could still result in very inconsistent results.

    For example, a link and a portal are destroyed in cell A1 (linked to cell B2). A link from cell A2 to B1 is put up in the meantime, so that when the link from A1 to B2 is restored, they cross. Also if the tracking is not reversed in completeness, if the portal in B2 is destroyed before the link is restored, it would generate a link between a restored portal in A1 and a grey portal in B2.

    The "entire state of ingress in a single view" is not possible to snapshot at the rate that would be necessary, because its simply too big.

    And regardless, rolling back the entire state would be damaging because 99.99999% of the actions taken after the spoofer attack are not spoofers and shouldn't be reversed.

  • TheKingEngineTheKingEngine ✭✭✭✭✭
    edited February 2022

    ALL application developers know it and have the idea of how to optimize the architecture

    Taking snapshots does not have a significant impact on the performance of Ingress. We don't need saving that many states as you described. Players care only about some major states of the portals that can be scanned on a daily basis and can be removed if for example 3 days have passed. Or if the team does not even want to save the data at this granularity, the state can be retrived upon request by analyzing historical data incl. public action logs and private player actions logs.

    The snapshots does not have to be taken according to every user interactions. There is already the public action logs. Many states though not all, can be scanned simply by analyzing those action logs instead of additional access to portals. And some states of the portals can be restored simply by analyzing what exactly have the relevant players done between different states of the portals. Niantic has already been saving a lot of user actions data in their server.

    And taking snapshots are done on server-side which do not add additional latency to your user-end client because it does not require data consistency and thus can be done asynchronously and in multiple concurrent threads. Ask any senior application developer and I'm convinced that he/she will feel funny if saying "it's expensive". There is no need to address this feature request as an extraordinarily costly problem. I'm pretty sure if someone said "it's expensive" to reviewers of Google upon being asked about such architecture when being interviewed, he/she would be easily rejected.

    Again, Niantic won't do it does not mean it's expensive or difficult. Players' thinking of its difficulty does not mean it's really hard to do. IMO It's not worth the effort to do so because Ingress is a game in recession and players are not competing like participating in leagues hence not necessarily ensuring the accuracy of states of all aspects, but this does not mean it's expensive as well.

    And I personally do not care about this "snapshot" feature at all because it does not help anti-spoofing.

  • SSSputnikSSSputnik ✭✭✭✭✭

    Yes this would impact non human actors mostly. However - why not implement the idea? I doubt this issue would be solved by any single action. Some layers of actions would be required. It may also impact those running multiple accounts on phones, especially cargressors, slowing them down.

Sign In or Register to comment.