Mercifull

That's why the text messages should cost standard rate which means they come off the recievers credit (PAYG) or allowance (contract) and do not cost Jagex. I don't understand what you say about botting software able to generate authentication codes. I don't see how this would be possible. Has there been any cases where the algorothm has been broken in this way? Vasco's algorithms and products are not just copyrighted but patented. Anyone that even attempts to reverse engineer as part of a runescape bot it is gonna get pwned by the courts.

What class SD card were you using? That could explain the poor speeds.

Bugger wrote a long post showing all the things that point it to be a fake before getting to the end of the thread :( Edit: As I found them might as well post them: Buskers concept art (note the two in the middle) Consecrated pet house concept art (skip to about 42 seconds) http://www.youtube.com/watch?v=2PJhVuP2AnA&feature=player_detailpage#t=42s Good troll though, a lot of effort put into it. It's a shame really that he cheaped out on the silhouette as he didnt even take it in beta where characters now have fingers.

A Jmod confirmed it as a bug that will be fixed in the next game update, thankfully.

I looked at half a dozen of his videos and none of them had monetisation.

Meh I suppose I'd better use up those 200 free ones. Inb4 "Over 90% of players have purchased something with runecoins so we are now rolling out even more shit rather than quests, stories and monsters"

i can see your underwear

Hooray for more RWT content :D

But I believe this would SAVE Jagex money by not needing to have so many CS staff dedicated to account thefts and hackings.

Not screwed as such, just wont be able to take advantage of the more secure system.

I agree, but for new players who haven't invested as much time in the game yet I think it might make them find a different game. Or at least put people off from spending money on things like spins and runecoins

In a way this might also prevent casual bot usage (i.e not goldfarmers). As a software bot would be unable to physically access your phone or secure key it wouldn't be able to login to any accounts with 2-step verification activated. That would mean that little Timmy has to decide the tradeoff between gaining a bit of hunting xp/chinchompas for selling while at school/work/whatever or having the higher level of account security. It would mean that accounts which use bots are guaranteed to be less secure and easier to "hack". People who might only be casual botters could be put off if it meant they were more at risk of having their items stolen. It may also prevent character sharing for the same reasons that you would have to make the trade off between being able to break the rules or having a more secure account. If players had to constantly disable and enable the 2-step verification every time they wanted to play legit or bot/char share I'm sure people would steer away from it. There is also the risk that the person you are sharing with sets up 2-step verification and locks you out.

Yeah you're right it is a suggestion. I suppose I should have put more effort into my thread to make it more of a discussion. I was hoping to get a bit of activity and debate about it all rather than me just shoving my idea infront of everyone.

It's a shame it's been moved to suggestions (where it will no longer get the recognition it deserves) as I felt this had potential to be a big discussion on methods of securing accounts which is very much relevant to RuneScape General. If anyone is aware of the Mat Honan "epic hacking" story they will know that account thefts can happen even to seasonsed security journalists. He notes that had he enabled Google's 2-step verification system he would have not lost all his data (and faced a $1600 bill from a recovery company to get it back). I now use it on all my google accounts and it's really simple to set up. How to set up 2-step verification on Google.

I disagree with the comment about holiday events being a waste of development time and resources. Jagex have said that these temporary events allow them to trial out new things with the engine or experiment without affecting anything in the live game.

Note: This is a modified version of my post on the RSOF [QFC]277-278-105-63939404[/QFC] Introduction I think most people here know me, or at least know of me. I have been playing RuneScape on and off for well over 10 years now some people here may have met me at RuneFest in 2010 or 2011. Like many other people in the past I've been the victim of account thefts and lost what would probably now be the equivalent of billions of GP (loss of partyhats). It's an incredibly furstrating and stressful experience and it's not always the users fault. 0-day exploits and social engineering methods as well as the more common keylogging and phishing scams. I have created a concept (well put together more like rather than inventing it) for a more secure way of logging in to RuneScape or any of Jagex properties. It's called 2-step verification and it is very similar to what Google uses as well as other games such as World of Warcraft, Diablo III, Rift, Star Wars: The Old Republic and many more. Back in 2008 Jagex proposed a scheme whereby you could purchase a USB sized Secure key which you could use to generate a unique code to login. At the time Jagex were planning to offer an increased bankspace as an incentive to get people to purchase these keys unfortunately there was outrage from a vocal minority of the community about how paying real money (for a key) could get you an in-game advantage (more space) and so along with possibly prohibitively expensive costs the project was cancelled. Fast forward to 2012 and the world and community is a different place. Security technologies have improved, smartphone usage has risen to over half of the population in America with similar figures in Europe and most of the western world. This means that mobile app authenticators have become much more viable, cost effective and easy to distribute. Why this is needed An authenticator prevents unauthorised access of a RuneScape account even if you are unlucky enough to have your password compromised meaning that noone can steal your in-game items or even cause you real life monetary loss by a malicious person using up your Solomon RuneCoins or Squeal of Fortune spins. The recent bannings of high profile dicers and the mugging of a player with an immitation firearm goes to show how much of a real value some people (legitimately or not) put on our characters and items. The theft of items can in theory net a malicious "hacker" thousands of pounds. How to set it up To set up 2-step verification you would go login to your account on the RuneScape homepage and go to your 'account settings'. In the list of account options there would be a new line of text underneath the 'Recovery Questions' called '2-step verification'. Clicking the + sign would expand the information where you would then get the options of setting it up in three different ways. SMS text message on your mobile phone Smartphone app Secure key You MUST enter your mobile phone regardless of which option you choose to set up, this is incase you cannot get online using the smartphone app, perhaps it is out of sync with the server or your smartphone is broken and you are using a backup phone with your normal SIM, or if you have broken or lost your secure key. If you only choose option 1 then after you have typed your mobile phone number in you will be sent an SMS text message with a special code. You then need to verify this code on the RuneScape homepage. You will then have option 1 SMS verification enabled. I will explain how it works when trying to login shortly. If you choose option 2 then you will first need to enter your phone number as with option 1 but after you have verified the number you need to go to an additional step. You will then be instructed to download an app for your smartphone. Apps would be available for the key providers iOS (iPhone, iPad, iPod touch), Android and WindowsPhone7.5 (or WP8 when it's out). If you do not have a compatible phone then you can click a button to simply choose option 1 or you can cancel the process all together. Once you have downloaded the correct app you can press the next button online. To syncronise your account you would choose the option in the app to add an account and a barcode scanner would activate on the phone. On the browser screen a barcode would be showing and you would be instructed to scan this using your phone. Once you have done this another verification code would show on your phone. You simply type this into the browser box provided press 'complete verification' and then it would be enabled. Option 3 is slightly different and is effectively the canned original idea from Jagex about using a dedicated secure key about the same size as a USB stick which generates a unique code every minute or so. To set this up you would first have to order this from the Jagex store. These could be sold as a cost of around $10 plus post and packaging. To activate this you would need to type in the code that shows on the key into the the runescape homepage set up first and then it would work just the same as options 1 and 2 where you have to type in the verification showing on the key on login to the game or website. If you lose the key you can use the backup phone number you provided in an earlier step to request a code to login to the runescape homepage and deactivate 2-step verification until you order a new one or change your method to option 1 or 2. How it works The look of the app could be comething like the concept below (please forgive my naff photoshop skills). Basically on opening the app it shows a large 8 digit verification code which changes every minute and then a new one is displayed. If you have enabled 2-step verification then when you log in to the RuneScape webpage, forums etc you will be taken to a second page after the username/password which asks you for the verification code. If you have chosen the SMS option then you will shortly recieve a code which is valid for one use only to allow you to login. If you have chosen to use the app option then you will need to type in the code displayed before the timer runs out. If you optn the app and see it's about to change simply wait a few seconds for the next code to be displayed. A small tick box would show under the verification box which says 'remember this computer for 30 days'. This would use cookies to remember your computer so you wouldn't need to enter a verification code each and every time. If you have your browser set to clear cookies regularly then you will need to enter the code in more often. Logging in to the game would work in a similar way. You type your username and password as normal and before you get to the lobby you are asked for the verification code. This works exactly the same as logging in to the website and also gives you a 'remember' tick box. What to do if you lose your phone or get a new number Well there's a few things that Jagex could do. For example you could set up a backup phone number from a family member or trusted friend or Jagex could provide an emergency one use backup code which you will be asked to print out and put in your wallet for safe keeping. With this could could login to update your phone number. Otherwise you would have to go through the recovery questions just like a forgotten password. Costs Ideally options 1 (SMS) and 2 (app) should be free to the player. However I understand that this would require significant development time to work with the Jagex billing system and so the maximum I would suggest Jagex charge woudl be 69p/$0.99 or whatever the minimum fee for apps are on the relevant app stores. A dedicated secure key would obviously have a charge because it is a physical device with manufacturing cost. Other game companies sell these for around the $10 range. Other bits This is just an initial concept I have devised based on my experience of other services which use similar things. This would be entirely optional and so noone would be forced into this. There are immense benefits to this which means that if you lose your password to a phishing site, 0-day exploit or even if you are keylogged or sell victim to a phishing site a "hacker" could notaccess your account. 2-step verification works because of the two types of things you need to access your account something you know (password) and something you physically have (phone). This would also save Jagex significant time in dealing with investigating account thefts and returning accounts to the rightful owner. Obviously Jagex recovery system would need significant rework too to prevent the social engineering away of accounts via the Jagex recovery system being gamed as someone could just claim they simultaniously forgot their password and also got a new phone/deleted authenticator app etc. I feel that if this were to be implemented there also needs to be radical improvements of the recovery system. I strongly believe that the recovery system is the weak link and so even with activated 2-step verification it would need vast improvements as well. New guidelines should be published on how to create more secure recovery questions. With so much personal information available via social networks, YouTube and even searching whois databases people should be discouraged from recovery questions such as “mother’s maiden name”, “first school”, “pet’s name”, “favourite band” etc. Instead people should use information which is easy for a player to remember or find out but impossible for a person to remotely discover. For example “The first 5 numbers from a vehicle identification number” or “Print number from the painting hanging in the hallway”. There are many suggestions from people on this forum and on the RSOF on how to improve the recovery process but the crux is what happens after someone has successfully entered sufficient information. If a person has activated 2-step verification then on a successful recovery claim a person does not get to choose what the password should be, instead a password is created by the Jagex recovery system and sent via SMS to the number they used on setup. If a person does not have this phone number anymore they can opt to also have a copy of the new password also sent to the backup phone number. This way even if a malicious “hacker” has managed to find out enough information to impersonate me to Jagex support, without physical access to my phone they cannot access my account. I think I've got everything in my head down. I hope this make sense.

Good start. Now follow the money trail.

Here is information on the YouTube partner scheme. Bear In mind once again that montages of clips from 3rd party sources will not give you monetisation options regardless of if you are a partner or not. http://www.youtube.com/yt/creators/partner.html

Maybe those other people are using clips which are allowed to be used, maybe the people who own the copyright to those clips are getting the revenue from the ads and not the uploader. Perhaps they have just slipped through the net and it's just a matter of time beore those clips get removed. Who knows. YouTube has automated systems to detect copyrighted material in video clips and music. It would be impossible for a human moderator to watch every video uploaded. Example 1: http://www.youtube.com/watch?v=Mhv6d_0ZhvE This video is a montage of RuneScape clips. Now the footage belongs to Jagex who are normally pretty lenient about letting people monetise them however I've used some music from MusicShake. Because of this the advert that you see on the page isnt monetised to my account but to MusicShake. Example 2: http://www.youtube.com/watch?v=J3PfM8q4HKY A video entirely my own work which does not contain any copyrighted material from a 3rd party source. I do get the revenue from this advert. The simple answer is that unless the stuff you are uploaded it entirely your own work then you cannot monetise it. Football montages do not count as your own work no matter how much time you've spend editing it.

Lol you already asked a similar thing to this the other week. Monetisation is meant for ORIGINAL content. i.e content which YOU created. Not for splicing together clips from other sources. If you filmed the football clips yourself and added music which you had rights to then you would be able to moetise them. Your football montages, however, are not eligable for monetisation because a) the film footage is copyrighted to someone else, and b) you've probably used copyrighted music as well.

It's only informative until the next game update though. Jagex are constantly tweaking the rewards and order of "common-ness". Perhaps a form on tipit should be made where people can submit the results of their spins into a database, that would be infinitely more useful.

Your "study" is only valid until the next time Jagex changes the squeal, probably next week. By all means buy spins if you want to gain xp, coins or cosmetics but let's not pretend it's research. We'd get much better data if just a few hundred people on tipit recorded their results (from the 2 or 3 spins) into a database daily than any single person buying hundreds of them.

Horse... stable door... bolted... It's too late, the chinchompas they hunted have been sold and as you only need 63 hunter to get them there wuill be plenty of new bots to take their spots. We need the bot nuke to stop them from working, not just banning them once the damage has been done.

Citadels are p2p so there should be no effect.

They still haven't fixed the laggy spinning animation on the wheel using DirectX and the Nav bar is still here. I am disappoint.