Potential misinterpretation of drone hack data potentially leading to false bans
M1chaeI
✭✭✭✭
Me and several other agents have done an investigation over the last few months and we believe that the location data of drone hacks is not being logged correctly and/or is being misinterpreted.
We have contacted Niantic Support directly for this matter, in an attempt to privately resolve this, but unfortunately according to them, “Sadly, we will not be able to make any immediate changes but for sure I will share these inputs with our development team and work towards improving the Ingress Scanner technology, perpetually.” Therefore, me and this group of agents believe it is in every agent’s interest that the results of our investigation are public, such that they can take appropriate precautions to avoid their account getting banned.
We asked 5 agents who were recently banned about their drone location before they were banned, and for all 5 we saw that the drone was recently hundreds or thousands of kilometers away from where they hacked with it.
So what we believe happened in all 5 scenarios was: They went somewhere, parked their drone there, then went away really far, hacked with the drone, and then got banned not too long after.
Furthermore, we looked at the GDPR package from one of the agents, and we found the logging of the location of drone hacks to be very confusing. It seems like there is no difference between a normal hack and a drone hack. If a drone hack is very far away, it will appear in the logs like a normal hack. We believe Niantic may be misinterpreting this data, which is leading to false bans.
With this happening to 5 agents, I don’t really trust that this is a coincidence and I would like to ask Niantic to investigate its logging on drone hack locations, and also to verify with support how they interpret drone hack locations when doing ban appeals. Based on the results of our investigation, it looks like something is off with this. In an ideal scenario, Niantic would give a public statement that it has investigated this scenario and what the conclusions of that investigation are.
In the meantime: I would personally recommend agents not to drone hack to avoid getting banned, until there is a response from Niantic.
Agent names and GDPR data is available from several agents, but I’ll not post them here to protect the privacy of these agents and to respect the forum rules.
EDIT: Please respect the forum rules and do not post anything related to bans to prevent this topic from being closed for that reason, thank you in advance!
Comments
Disappointed with the continued lack of transparency from Niantic leadership. I'm 1000km from my drone right now and will not be using it.
<quote>
and we found the logging of the location of drone hacks to be very confusing. It seems like there is no difference between a normal hack and a drone hack
</quote>
This is a really fascinating discovery and an excellent use of the GDPR data (I mean really, really clever, using that data as a source to try to figure out what's behind some of the relatively high profile "mistakes" Nia keeps making in this space.)
Kudos to you and your team for continuing to investigate this and to actually discover some significant results. Really disappointed that Niantic couldn't have done this on their own, but cautiously optimistic that this will encourage/embarrass them to finally revisit and reevaluate some of the false positives that have affected so many agents.
Edit: Ugh, I can't remember how to quote stuff properly on this darn forum, lol
i've used mine more than 10.000 km away from it.
and i won't stop
I'm happy for you! I'm unwilling to risk an unmerited account ban.
Thank you for not giving up on these agents. It means a lot to them. I also feel vindicated that they weren’t lying and “fooling everyone”, including Niantic. Don’t believe everything a spokesperson says. Go with your gut and your heart. Glad I didn’t listen when people told me my friend was a cheater and a liar just because Niantic was so “sure” about it.
Awesome work!
You're assuming the bans were for falsifying location. In reality, you can't confirm that. The bans may be issued for other things, like multiaccounting, sharing accounts or even buying/selling third party gear.
Niantic doesn't disclose the specific reason, only the broad category of "Cheating".
What you have here is confirmation bias or assumed correlation. Correlation is not causation.
In my original post, I've not made that assumption on the ban reasons. I've simply observed a pattern and am reporting on it. Based on the observation, I believe there is enough cause for an investigation.
In the absence of any confirmation of the reasons for a ban, any player who has seemingly been hit will go looking for reasons to understand why they were hit. If that same player has done nothing that is a TOS violation and knows that there are no TOS violations, then isn’t it logical the player would want to know the root cause of the issue? Furthermore, if there really was no player generated reason for the ban, wouldn’t it be reasonable for the player to want to exonerated?
Quite honestly, when I read your post, I believe the bias is on your part in automatically assuming the players believe their theory is 100% correct. OP has presented a hypothesis. If anything, it seems to me like you have an unconscious bias against them or that you believe in the infallibility of Niantic’s cheat detection. If it was that effective, then the problems with the very obvious cheaters would have been rectified sooner.
Similarly, while I’d expect 99.99999% of all suspensions and bans are justified, no system is perfect. False positives can not be ruled out.
The difference with this vs other bug reports is that it is based on a data set that they feel gives credence to their theory. As someone who has been involved in QA testing and is always trying to build a better mousetrap, I always want to know if the system has issues. There are also so many unknown factors that could trigger an error… OS systems, phone features, other apps on the phone that are not used to cheat but may have indirectly caused an issue. Unfortunately these scenarios cannot always be predicted or mitigated by game developers… but it has to be acknowledged that it could cause issues that affect players.
I understand the need for withholding strategic information for fear it would open up other avenues to cheat or impinge on someone’s privacy. However, the player base has long standing frustrations on certain issues that are never resolved. In the absence of communication, all anyone can do is self-advocate. A group of people that have spent this amount of time trying to get to the root cause of a problem is not inherently trying to exploit the system —although their end goal is player reinstatement, if they are right, they will have helped Niantic developers and the larger Ingress community as a whole.
The OP has simply posted a bug report and a possible hypothesis. They have gone to the effort of trying to find a larger sample size so that anyone investigating a bug has more data to analyze. The question now is whether Ingress team have the time, resources, and ability to advocate for a thorough review of this possible issue if they give it any credence. The Ingress team has stated repeatedly they have no say in appeals. The core issue of the corporate entity’s dismissal of player raised issues is the larger issue.
A point of logic: The fact that GDPR dumps don't clearly label drone hacks isn't proof that the system the data was extracted from has a labeling problem. That could be a glitch in data dumping process.
Other than that, it's an interesting hypothesis.
Your point is valid. That's all I can really say. It doesn't influence the results of our investigation.
Interesting hypothesis, Agents!
Using your Drone will not result in a ban - regardless of how far from your physical location it is located.
@NianticOfficial Thank you so much for confirming that it is not possible to get banned when using a drone!
This is however, one of the two things that I asked. The second thing was "to verify with support how they interpret drone hack locations when doing ban appeals". I don't know exactly how the process works, but I have to assume some bans are automated. Then, upon a manual review through a ban appeal, the data might lead to the agent staying banned. I'll give an example scenario:
Imagine I travel halfway across the world and leave my drone there. I travel back, and I move my drone. I could do this for example in a train, since there is usually enough time to move the drone, but not to hack before getting speedlocked. I then exit the drone screen without hacking and hack any portal normally. After a while, I decide to reopen my drone view, and hack. From the GDPR data dump, I cannot tell if I did a drone hack, or spoofed my location halfway across the world to do this hack.
Could you verify with the people looking at ban appeals that they are interpreting data related to such a scenario correctly? This is the final thing I will ask before resting my case.
So how do GDPR-data dumps for drone hacks look like then, compared to regular hacks?
AFAIK the data must show some difference, otherwise the implementation is illegal and does not comply to GDPR requirements.
I don't want to risk the topic being closed for posting potentially private information, so I won't give you the exact log lines. I would recommend that you get your own GDPR package and look through the game_log.tsv. I'll give you some example lines of the scenario I sketched in my last message. The lines will be from most recent action to least recent action (!). The scenario is as follows: I move my drone. I exit the drone screen. I hack a normal portal. I enter the drone screen. I hack the portal the drone is on.
<self coordinates> are either the coordinates of the player or the portal that the player is interacting with, I'm not 100% sure.
<timestamp> <drone coordinates> hacked enemy portal success //(drone hack)
<timestamp> <self coordinates> hacked enemy portal success //(normal portal hack)
<timestamp> <self coordinates> drone moved Drone Move
Please note again that the bottom line is the first action I performed, this is the order it is in in the game_log.tsv. Please also note that everything including and after the // is not present in the log files, and is just a comment.
If you look at these exact log lines without any other context, even I would tell you that this player falsified their location. This is why I'm sceptical about if these log lines are interpreted correctly by the people who are doing ban appeals.
I doubt that the data Ops looks at is formatted like this. The GDPR dump is a raw text dump, after all.
We can't know for sure, since the process is not transparent. I've never claimed that I know for sure how the process works, but I find this interesting enough that I think it's not unreasonable to ask for an investigation.
Note that GDPR data is the elements that are relevant "to the person". There's far more data they store tied to other elements which are legally not related to the person (but abstracted one layer away), which is what Niantic uses for their work.
"We asked 5 agents who were recently banned about their drone location before they were banned, and for all 5 we saw that the drone was recently hundreds or thousands of kilometers away from where they hacked with it."
This
What this suggests, is that their accounts were possibly hacked by someone, who logged into their accounts.
Obviously at the same time the legitimate player was logged in at the same time.
The anti cheat saw this position discrepancy and issued an auto ban.
We have have seen this occur before, where players accounts have been hacked.
I have never suggested the theory of their accounts being hacked.
Or... they cheated in some other way like 'spoofing' to a location where they then deployed their drone...
Redline Stealer targeting Ingress players for scraping? Maybe?
Or they cheated in any number of ways over the life of their account. Not all bans are for recent activities as stated in previous threads.
Wonder how many of those agents also play Pogo? Just asking in general.