How Would You Detect Bots?

n64jive · March 27, 2011

ID numbers that change? That COMPLETELY takes away from the purpose of an ID number. ID's are meant to speed up the way data is accessed. If you make it so they change, the lookups have to spend more time trying to find the information.

Runescape objects essentially linked together by their IDs. Think of objects as looking like this

[id|rest of data corresponding to ID]

Isn't is easier to go through and say DragonID = 500. and look through a list until you reach 500? The alternative would be Dragon must have this model, with this color, performing these attributes, doing this, doing that, if this, if,if, if,...etc. Please get off the idea of changing ID's. It is not the solution, but rather would cause a bigger problem!

I repeat CHANGING IDS OR ANYTHING WITH IDS IS NOT THE SOLUTION. YOU DON'T UNDERSTAND HOW THE GAME USES IDS!

DYNAMIC IDS == HORRIBLE IDEA.

Stev · March 27, 2011

Not sure why people think changing the IDs would do anything. Being a programmer, I can tell you that'd be the easiest thing to correct in a bot. Hell, I could write an undetected bot for just about anything on RuneScape and make it not use IDs.

The only way to fully detect bots would be to use a 3rd party software like other gaming companies. For example, playing WarRock or Battlefield launches Hackshield / Punk Buster.

The reason for this is... They often detect the ones whose bots are embedded into the RuneScape applet, correct? Well, that's an easy fix. They can track mouse movements and colors clicked. Hm, randomize click colors and coordinates, randomize sleep patterns and add human like mouse-movements and you just beat their current system.

Alphanos · March 27, 2011

ID numbers that change? That COMPLETELY takes away from the purpose of an ID number. ID's are meant to speed up the way data is accessed. If you make it so they change, the lookups have to spend more time trying to find the information.

Runescape objects essentially linked together by their IDs. Think of objects as looking like this
[id|rest of data corresponding to ID]
Isn't is easier to go through and say DragonID = 500. and look through a list until you reach 500? The alternative would be Dragon must have this model, with this color, performing these attributes, doing this, doing that, if this, if,if, if,...etc. Please get off the idea of changing ID's. It is not the solution, but rather would cause a bigger problem!

I repeat CHANGING IDS OR ANYTHING WITH IDS IS NOT THE SOLUTION. YOU DON'T UNDERSTAND HOW THE GAME USES IDS!

DYNAMIC IDS == HORRIBLE IDEA.

Didn't you claim earlier to be a senior computer engineering student? Either you didn't grasp what was meant by changing IDs, or you don't know what you're talking about.

Let me give an example in technical terms. The Runescape Java client comes with a list of IDs in constants, enumerations, etc. When the player's browser requests to download the client in order to run it, some sort of session hash could be generated as a one-time key to translate the real ID numbers into client/fake ID numbers. A copy of the Runescape client is dynamically modified on Jagex's end to replace all real ID references with these hashed, session-specific ID numbers, and then the client is sent to the user. During play, any client-server requests that use an ID number would include whatever hash/key was originally used, and the server would decode the fake ID numbers into the real ones it actually uses. All of this is feasible.

The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs. Even if the dynamic ID changes included reordering the object lists, it would probably be easy to identify whichever objects the bot authors were seeking using other variables such as utilized graphical resources. I currently can't think of any way to obfuscate the local ID storage in such a way that it would foil bot authors.

Also, please tone down the condescending uber-rage.

Stev · March 27, 2011

The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs.

So botting then becomes "hacking". My specialty, I love it! :P.

Or at least what they call hacking in multi-player FPS... Which is simply editing client memory.

n64jive · March 27, 2011

ID numbers that change? That COMPLETELY takes away from the purpose of an ID number. ID's are meant to speed up the way data is accessed. If you make it so they change, the lookups have to spend more time trying to find the information.

Runescape objects essentially linked together by their IDs. Think of objects as looking like this
[id|rest of data corresponding to ID]
Isn't is easier to go through and say DragonID = 500. and look through a list until you reach 500? The alternative would be Dragon must have this model, with this color, performing these attributes, doing this, doing that, if this, if,if, if,...etc. Please get off the idea of changing ID's. It is not the solution, but rather would cause a bigger problem!

I repeat CHANGING IDS OR ANYTHING WITH IDS IS NOT THE SOLUTION. YOU DON'T UNDERSTAND HOW THE GAME USES IDS!

DYNAMIC IDS == HORRIBLE IDEA.
Didn't you claim earlier to be a senior computer engineering student? Either you didn't grasp what was meant by changing IDs, or you don't know what you're talking about.

Let me give an example in technical terms. The Runescape Java client comes with a list of IDs in constants, enumerations, etc. When the player's browser requests to download the client in order to run it, some sort of session hash could be generated as a one-time key to translate the real ID numbers into client/fake ID numbers. A copy of the Runescape client is dynamically modified on Jagex's end to replace all real ID references with these hashed, session-specific ID numbers, and then the client is sent to the user. During play, any client-server requests that use an ID number would include whatever hash/key was originally used, and the server would decode the fake ID numbers into the real ones it actually uses. All of this is feasible.

The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs. Even if the dynamic ID changes included reordering the object lists, it would probably be easy to identify whichever objects the bot authors were seeking using other variables such as utilized graphical resources. I currently can't think of any way to obfuscate the local ID storage in such a way that it would foil bot authors.

Also, please tone down the condescending uber-rage.

As far as I know, Jagex uses a cache system. The objects are requested from the Jagex server, and then the reference is stored on the users HDD. The objects are referenced in the cache first, and if not found, they are requested from Jagex's servers. What you suggest only changes the ID's per session. Also this would require more calculation on Jagex's part, which is more overhead, something Jagex surely doesn't want.

You already stated the solution for bots in your problem, which would be to simply decode the IDs, so how would this solve the bot problem?

I am a senior in computer engineering, and I did grasp what he was trying to say. He never mentioned using any sort of hashing algorithm or encoding/decoding in his changing IDs. All he mentioned was to change the ID's, which I assumed he meant as changing the ID's periodically throughout the a period of time, thus having to perform a new lookup every time the ID's changed.

Jagex surely has a team working on this. But like this thread, every idea that they come up with is likely shot down. I see no way in Jagex winning this battle, and that is my final stance on the matter. They can either remove bots and lose money, or just accept that bots exist and enjoy the fact that at the end of the year, they are still profiting, which is what seems has happened.

PS. Sorry for the rage, I'm just sick of people coming up with the same idea over and over again that wouldn't work.

mindstormer398 · March 27, 2011

When I was going for 85 mining by banking iron in the dwarven mines/resource dungeon I got soo sick of being crashed by bots that I ended up making some accounts and looking on botting sites to figure out a way to get ahead. Long story short I learned that most of the mining bots are trained to look for color, but also expect a spawn order to speed themselves up. So there are three rocks, A B C. They aim for A then B then C. So I could just mine C then B then A, messing up their predicted spawning order and giving myself a much easier time competing.

But while I was looking this stuff up, I was amazed at the sophistication of the color bots. There is like this whole developers kit of scripting functions for scripters to use to basically make writing bots really easy, and some of the stuff they are capable of is crazy: they use icons and colors on the minimap, colors on the game screen, the text in the upper-lefthand corner when you hover over stuff... I don't like botters stealing my resources and deflating resource values but I have to admit the whole system they set up is pretty impressive.

IDs do change apparently and break the bots that basically look at the client, but the color bots don't break unless they change fonts or item pictures. I dunno how it can ever be stopped. It amazes me the quality of programmers that spend their time on botting... what if they were devoting their talents to productive uses?

I guess my point is that unless Java is able to monitor other processes on your computer then they will have a hard time breaking the color bots.

Stev · March 27, 2011

what if they were devoting their talents to productive uses?

If they make money doing it, why not? It's extremely easy money. ;).

sees_all1 · March 27, 2011

I'd really like to know what other [cabbage] you can pull out of your ass? As a senior level student in computer engineering undergrad, and after taking many courses on security and algorithm enhancement, everything you seem to say is completely false.

You're absolutely brilliant.

First off, most data standards are developed to be relatively cheap. That is the goal of data security, to have very little overhead.

If you kindly reread my post, you'll notice the cost I mentioned is the time it took to develop the algorithm, not the time it takes for the algorithm to execute. The time it took IBM and the NSA to develop current standards is on the order of decades.

Next, 2-7 years? Most encryption/decryption methods try to ensure the security against a brute force attack for something like 10^18 years, aka longer than the universe has existed. (look up AES on google).

No, not "most". The newest methods may have that long of a time, but older methods (all the rest) from the 1970's-80's are now able to be brute forced in as little as a day.

Dragonlordjl · March 27, 2011

When I was going for 85 mining by banking iron in the dwarven mines/resource dungeon I got soo sick of being crashed by bots that I ended up making some accounts and looking on botting sites to figure out a way to get ahead. Long story short I learned that most of the mining bots are trained to look for color, but also expect a spawn order to speed themselves up. So there are three rocks, A B C. They aim for A then B then C. So I could just mine C then B then A, messing up their predicted spawning order and giving myself a much easier time competing.

But while I was looking this stuff up, I was amazed at the sophistication of the color bots. There is like this whole developers kit of scripting functions for scripters to use to basically make writing bots really easy, and some of the stuff they are capable of is crazy: they use icons and colors on the minimap, colors on the game screen, the text in the upper-lefthand corner when you hover over stuff... I don't like botters stealing my resources and deflating resource values but I have to admit the whole system they set up is pretty impressive.

IDs do change apparently and break the bots that basically look at the client, but the color bots don't break unless they change fonts or item pictures. I dunno how it can ever be stopped. It amazes me the quality of programmers that spend their time on botting... what if they were devoting their talents to productive uses?

I guess my point is that unless Java is able to monitor other processes on your computer then they will have a hard time breaking the color bots.

Breaking the rules is more fun than abiding by them, especially when you are that talented. The black hat hackers are usually always a step ahead of the white hats, because they are just more talented with scripting. That's why it's such a valuable asset to security companies/agencies when they can flip a black hat hacker.

Stev · March 27, 2011

Breaking the rules is more fun than abiding by them, especially when you are that talented. The black hat hackers are usually always a step ahead of the white hats, because they are just more talented with scripting.

TY. =P.

Alphanos · March 27, 2011

[hide=Quote Pyramid]
ID numbers that change? That COMPLETELY takes away from the purpose of an ID number. ID's are meant to speed up the way data is accessed. If you make it so they change, the lookups have to spend more time trying to find the information.

Runescape objects essentially linked together by their IDs. Think of objects as looking like this
[id|rest of data corresponding to ID]
Isn't is easier to go through and say DragonID = 500. and look through a list until you reach 500? The alternative would be Dragon must have this model, with this color, performing these attributes, doing this, doing that, if this, if,if, if,...etc. Please get off the idea of changing ID's. It is not the solution, but rather would cause a bigger problem!

I repeat CHANGING IDS OR ANYTHING WITH IDS IS NOT THE SOLUTION. YOU DON'T UNDERSTAND HOW THE GAME USES IDS!

DYNAMIC IDS == HORRIBLE IDEA.
Didn't you claim earlier to be a senior computer engineering student? Either you didn't grasp what was meant by changing IDs, or you don't know what you're talking about.

Let me give an example in technical terms. The Runescape Java client comes with a list of IDs in constants, enumerations, etc. When the player's browser requests to download the client in order to run it, some sort of session hash could be generated as a one-time key to translate the real ID numbers into client/fake ID numbers. A copy of the Runescape client is dynamically modified on Jagex's end to replace all real ID references with these hashed, session-specific ID numbers, and then the client is sent to the user. During play, any client-server requests that use an ID number would include whatever hash/key was originally used, and the server would decode the fake ID numbers into the real ones it actually uses. All of this is feasible.

The problem, of course, is that bot writers could find whatever memory structure is used to store these fake IDs on the client side, and similarly have their bot dynamically read them and alter its instructions to use the session-based IDs. Even if the dynamic ID changes included reordering the object lists, it would probably be easy to identify whichever objects the bot authors were seeking using other variables such as utilized graphical resources. I currently can't think of any way to obfuscate the local ID storage in such a way that it would foil bot authors.

Also, please tone down the condescending uber-rage.
[/hide]

As far as I know, Jagex uses a cache system. The objects are requested from the Jagex server, and then the reference is stored on the users HDD. The objects are referenced in the cache first, and if not found, they are requested from Jagex's servers. What you suggest only changes the ID's per session. Also this would require more calculation on Jagex's part, which is more overhead, something Jagex surely doesn't want.

You already stated the solution for bots in your problem, which would be to simply decode the IDs, so how would this solve the bot problem?

I am a senior in computer engineering, and I did grasp what he was trying to say. He never mentioned using any sort of hashing algorithm or encoding/decoding in his changing IDs. All he mentioned was to change the ID's, which I assumed he meant as changing the ID's periodically throughout the a period of time, thus having to perform a new lookup every time the ID's changed.

Jagex surely has a team working on this. But like this thread, every idea that they come up with is likely shot down. I see no way in Jagex winning this battle, and that is my final stance on the matter. They can either remove bots and lose money, or just accept that bots exist and enjoy the fact that at the end of the year, they are still profiting, which is what seems has happened.

PS. Sorry for the rage, I'm just sick of people coming up with the same idea over and over again that wouldn't work.

Upon further consideration I realize that almost none of my assumed understanding of "changing IDs" was said by the original poster . I'm very used to getting software requirements/goals from non-technical people, where only the most basic concept of what they ask for translates into software; at this point my brain just takes a vague concept and starts trying to translate into technical possibilities. I certainly agree that getting rid of IDs altogether, changing them repeatedly during play, or similar measures would do far more harm than good :).

As to the dynamic IDs, yes, as far as I can currently see the end result would be the same, and it would not solve the problem. However, I wanted to throw the revised problem back out there in case someone was struck with brilliance, since the original idea of IDs changing with each login hadn't occurred to me either.

This is an inherently hard problem, and as I've said earlier, maybe our final conclusion will be that there's no good solution, and we've been too hard on Jagex. However there are a few ideas that have come up which I think have good long-term potential. Primarily captcha-like randoms, and filtering the noise from abuse reports so that the real bot reports can get through and get addressed.

[hide]
When I was going for 85 mining by banking iron in the dwarven mines/resource dungeon I got soo sick of being crashed by bots that I ended up making some accounts and looking on botting sites to figure out a way to get ahead. Long story short I learned that most of the mining bots are trained to look for color, but also expect a spawn order to speed themselves up. So there are three rocks, A B C. They aim for A then B then C. So I could just mine C then B then A, messing up their predicted spawning order and giving myself a much easier time competing.

But while I was looking this stuff up, I was amazed at the sophistication of the color bots. There is like this whole developers kit of scripting functions for scripters to use to basically make writing bots really easy, and some of the stuff they are capable of is crazy: they use icons and colors on the minimap, colors on the game screen, the text in the upper-lefthand corner when you hover over stuff... I don't like botters stealing my resources and deflating resource values but I have to admit the whole system they set up is pretty impressive.

IDs do change apparently and break the bots that basically look at the client, but the color bots don't break unless they change fonts or item pictures. I dunno how it can ever be stopped. It amazes me the quality of programmers that spend their time on botting... what if they were devoting their talents to productive uses?

I guess my point is that unless Java is able to monitor other processes on your computer then they will have a hard time breaking the color bots.
[/hide]
Breaking the rules is more fun than abiding by them, especially when you are that talented. The black hat hackers are usually always a step ahead of the white hats, because they are just more talented with scripting. That's why it's such a valuable asset to security companies/agencies when they can flip a black hat hacker.

I'm sure that there are many talented black hats out there. However, I don't think it's correct to generalize that all/most black hats are more talented than all/most white hats. As we've seen with this particular Runescape case, the problem the white hats face seems to be inherently intractable - it's not just that Jagex's programmers are bad, but we've so far been unable to come up with a good solution even in theory. In the more general case, the white hat's job is to ensure that there are no security holes whatsoever, and even one that gets missed is counted as a failure. In the black hat's case, they can try as many possibilities as they like, failing all the while, with little consequence. Once they find even a single successful answer, that is what gets publicized. The job of a black hat is much easier.

onegppker · March 27, 2011

What if they made random events that asked a question that you had to type in the answer to? They would not have to be hard questions, just something that a human could easily answer while a bot could not. I am not experienced writing scripts or things like that, but from watching the Jeorpardy IBM challenge, it seems to take a lot of effort to create a computer that can understand language and answer questions.

Alphanos · March 27, 2011

What if they made random events that asked a question that you had to type in the answer to? They would not have to be hard questions, just something that a human could easily answer while a bot could not. I am not experienced writing scripts or things like that, but from watching the Jeorpardy IBM challenge, it seems to take a lot of effort to create a computer that can understand language and answer questions.

This definitely has potential. There are three key things necessary for this to work:

1) The questions have to be simple enough that players with strong language barriers, or who are simply stupid, can still answer them.

2) The list of questions/answers has to be stored on the server, not in the client code.

3) The list of questions would need to be regularly updated and/or randomized so that bot-writers cannot easily make a database of all questions/answers.

If these three requirements are met, this idea has a lot of promise. Perhaps more importantly, the main difficulties of this method seem much more easily solved than the central difficulties to other proposed methods.

Edit: This could potentially even be done as multiple choice without causing much trouble. That would eliminate problems due to spelling/capitalization/punctuation/etc. This would then be similar to some existing random events, but with a question set updated regularly enough it would be quite difficult for bots to defeat....

strilmus · March 27, 2011

I am finding it somewhat ironic that a lot of the "most successful sounding" solutions have actually been used before far in the past, but they got removed also because they too were not successful.

What I haven't heard yet is a method they use in some foreign MMOs, which is to implement a roaming "dangerous hellbeast" type of thing that patrols the zone and immediately murders anything in its path that doesn't have the sense to notice the incredibly obvious warnings of its approach - namely, the types of warnings that bots wouldn't see, but I suppose that would be too disruptive for most folks, and I guess they would figure that one out eventually too...

For the most part, since Runescape is unwilling to be a game that is not reliant on easily botted actions, it will forever live as such. If you're not willing to give up repetitive tasks and non-involving gameplay, then you must embrace the fact that bots are more viable than actual people in Runescape (although you don't have to like it). It seems somewhat pointless for Jagex to continue to punish people for both doing what is deemed most effective by the game, and to indirectly punish those others who choose to abide by the rules by ineffectively enforcing their laws.

Wkw · March 27, 2011

If a botter uses something that clicks based on shapes of the game, like a human would, and logs off every so often, like a human would, AND plays in a remote location of the world, there is very little way Jagex can detect the botters.

If someone has a WC bot going 24/7 in varrock, people will report it and Jagex will notice it not logging off. It is a bot.

If someone has a hill giants bot that kills the two in the tree gnome maze that only runs for 8-10 hours a day, Very few people will see it, and thus report it, and it will log off as a normal person would, thus making it very hard to prove it is a bot.

This is all under the assumption that the bots are inputting keystrokes and are clicking on the screen. Something that interfaces with java and "clicks" via UIDs are automatically a bot. Jagex has no way of telling if you are using an autoclicker, like a human, unless they have monitoring software on your computer. Which would be illegal.

tl;dr

Make a bot to play the game like a human would, far away from people, and it won't get caught

strilmus · March 27, 2011

What I would like to see, though, is that instead of punishing people for playing fun, involving, and not as bottable activities with lowered exp (pretty much EVERY minigame/activity, and dungeoneering) while pretty much promoting the most mind numbing and dullard tasks for highest exp per unit of time, that they should boost these rates for the activities above more easily performed and repetitive tasks. Y'know, like how things in real life work. Sure, a task may be "more complicated" because it is a higher level task, but if it is just the same ol repetitive action it is not actually HARDER to do.

That way, there are both activities that are easy to do, but less rewarding, and things that can't be afk'd but are more rewarding, instead of being pointless. The artisan's workshop is actually pointed in the right direction, but most folks felt that they needed the motivation of things to earn with smithing first...

Many people will be worried that they would overshadow the earlier training methods, but.....why the hell is this bad? Why would you WANT to perpetuate a cycle of dumb? Aren't you tired of the fact that even with maxed stats, there isn't much to do in the game besides fight large monsters and kill other players while earning more money to do the same things, but slightly faster? It seems like with ivy and the living rock caverns we have actually given up on making nice and meaningful things, and just simply leveled the playing field to the point where bots don't have an advantage against players because they don't have much of an advantage when everything is almost automatic anyway.

That's the second solution. But....do you REALLY want that?

But enough about my agenda. Let's get back to trying to solve the same narrowminded problem that has persisted for nearly a decade with solutions that are almost identical to each other.

EDIT: Oh, here's another one. Like during the extra exp weekends, just frontload more exp gains (and perhaps item gains from resources) during the first few hours played a day, and then slowly scale gains downward until they become meaningless after a suitably excessive amount of play. This wouldn't apply to farming and other types of "instant large chunk of exp gain" though, cause farming's a bit different anyway...

That way, there's no point in playing further than what could be considered a "healthy" amount, and botters themselves wouldn't actually gain much more if they played way longer than normal people per day.

There are probably a ton of flaws with that but hell if it ain't a new suggestion....

Alphanos · March 27, 2011

What I would like to see, though, is that instead of punishing people for playing fun, involving, and not as bottable activities with lowered exp (pretty much EVERY minigame/activity, and dungeoneering) while pretty much promoting the most mind numbing and dullard tasks for highest exp per unit of time, that they should boost these rates for the activities above more easily performed and repetitive tasks. Y'know, like how things in real life work. Sure, a task may be "more complicated" because it is a higher level task, but if it is just the same ol repetitive action it is not actually HARDER to do.

That way, there are both activities that are easy to do, but less rewarding, and things that can't be afk'd but are more rewarding, instead of being pointless. The artisan's workshop is actually pointed in the right direction, but most folks felt that they needed the motivation of things to earn with smithing first...

Many people will be worried that they would overshadow the earlier training methods, but.....why the hell is this bad? Why would you WANT to perpetuate a cycle of dumb? Aren't you tired of the fact that even with maxed stats, there isn't much to do in the game besides fight large monsters and kill other players while earning more money to do the same things, but slightly faster? It seems like with ivy and the living rock caverns we have actually given up on making nice and meaningful things, and just simply leveled the playing field to the point where bots don't have an advantage against players because they don't have much of an advantage when everything is almost automatic anyway.

That's the second solution. But....do you REALLY want that?

But enough about my agenda. Let's get back to trying to solve the same narrowminded problem that has persisted for nearly a decade with solutions that are almost identical to each other.

I can agree with what you're saying. It wouldn't stop the existence of bots, but it would help a lot to reduce their motivation. However, Jagex has clearly shown that they disapprove of content which is both fun and efficient. Why this is I can't be sure; maybe they do have some good reason (?). But there is a clear pattern showing that any content which is fun must also penalize the player with higher costs, slower experience gain, or both. Witness updates such as charm sprites and the new smithing update.

If Jagex won't move in the direction you're suggesting, then we should at least consider ideas that they could potentially use, such as revised randoms and the like.

EDIT: Oh, here's another one. Like during the extra exp weekends, just frontload more exp gains (and perhaps item gains from resources) during the first few hours played a day, and then slowly scale gains downward until they become meaningless after a suitably excessive amount of play. This wouldn't apply to farming and other types of "instant large chunk of exp gain" though, cause farming's a bit different anyway...

That way, there's no point in playing further than what could be considered a "healthy" amount, and botters themselves wouldn't actually gain much more if they played way longer than normal people per day.

There are probably a ton of flaws with that but hell if it ain't a new suggestion....

Regarding time limits: no-lifers would flip, but besides that it would introduce an artificial seniority system, where newer players can never catch up to the experience and wealth of their elders.

muuuuuuuuuu · March 27, 2011

First off, most data standards are developed to be relatively cheap. That is the goal of data security, to have very little overhead.
If you kindly reread my post, you'll notice the cost I mentioned is the time it took to develop the algorithm, not the time it takes for the algorithm to execute. The time it took IBM and the NSA to develop current standards is on the order of decades.

Many of the encryption algorithms in use today were not developed by IBM or the NSA, and they certainly did not take decades to develop. For example, the AES algorithm was developed by a huge number of two Belgians. You can read their paper about it here.

Alphanos · March 27, 2011

First off, most data standards are developed to be relatively cheap. That is the goal of data security, to have very little overhead.
If you kindly reread my post, you'll notice the cost I mentioned is the time it took to develop the algorithm, not the time it takes for the algorithm to execute. The time it took IBM and the NSA to develop current standards is on the order of decades.

Many of the encryption algorithms in use today were not developed by IBM and the NSA, and they certainly did not take decades to develop. For example, the AES algorithm was developed by a huge number of two Belgians. You can read their paper about it here.

While true, this gives you a faulty impression of the difficulty in succeeding in such research. Out of all the various researchers in the field of encryption, only rarely do substantial breakthroughs arise. If you have a specific problem that you need solved in a limited amount of time, you may very well need a lot more than two researchers to work on it.

strilmus · March 27, 2011

Regarding time limits: no-lifers would flip, but besides that it would introduce an artificial seniority system, where newer players can never catch up to the experience and wealth of their elders.

Uh....since EVERYBODY would be subject to the same system, they would all be gaining exp at the same rates in a different delivery system, so basically, if the elders keep playing at the same approximate rates, they would be always ahead regardless of the situation. If they don't....then they are at a larger disadvantage every day they don't play.

Nobody ever really falls behind unless they retire.

Overall, the game is just a HUGE seniority system anyway (the older you are, the more near absolute advantages you have). I don't think this would harm them any further. In fact, the elders would complain about newbies having to spend less time on the game than they did!

As for the no-lifers.....it seems like it is all too easy to push that issue under the rug rather than address that your own game might be dominating somebody else's life to the point of obsession and to absolve yourself of responsibility. The fact that they did once ban a player for gaining exp at a rate greater than they would expect any human to get and then got disproven shows that they are painfully oblivious to this kind of thing. Sure, to have freedom is one thing, but being the enabler is the other...

Of course, starting such a system now might still jostle this baby carriage of a game that can't take the slightest breeze, so let's keep coming up with more bread and milk solutions that will totally work against an opponent who isn't even playing the same game we are.

No_M0re · March 27, 2011

Do any of you realize how many people are botting? If Jagex fixed botting by keeping the current gameplay and catching/banning all bots RS would be completely ruined.

How much do you think herbs would be?

How many people would even play?

So many pures are botted, when free trade was still banned pretty much any pure made after end of free trade was botted. But then they were buying the equipment that pures need and that RS needs to keep the economy ticking over.

Only solutions I see is to make alternative training methods that offer more exp/ learn to live with it or allow it.

The majority of RS now bots, apparently at least 25% of players have botted or bot (no proof whatsoever). Theres also a poll on RSC with 50% having botted. Honestly this is one of the first forums I've seen where people don't seem to understand why people bot.

It's cos most people play RS for fun and most people don't get fun out of grinding. But PVP is almost entirely why people choose RS over any other game, and to have a good PKer requires a lot of boring grinding.

Alphanos · March 28, 2011

I've seen an awful lot of arguments in favour of bots... "everybody bots", "the majority bots", "50% bot", "25% bot", "all PKers have to bot", "oh and they keep prices low".... ad nauseum. None of this is sensible in the slightest. The majority of Runescape players don't even go to *any* fansites, let alone RSC. If you're reading this and you think botting's okay because everyone does it: they don't, and it's not. If you don't want to grind, of course that's your choice. It would be hard to find another game with as much grinding as Runescape ;), so go play something else.

As for resource prices: I bet without bots, the Runescape economy would go crazy for a while. Then, eventually, prices would stabilize to the point where we'd get to see the actual value players place on time spent i.e. woodcutting, mining, fishing, etc. It would be kind of nice if resource gathering skills could actually be decently profitable again. Sure, some buyables would cost more. But that increase in price would also drive many to train their "buyables" by actually collecting resources; something which, right now, is almost foolishly inefficient. Prices would reach a new balance point.

Maybe if fewer people botted past the grinding, those whom it frustrates so much could spend their time convincing Jagex to release less-grindy content, which then we could *all* enjoy.

curtis95112 · March 28, 2011

I think the only solution is to make Runescape more dangerous.

There aren't any Nex bots, staking bots or PKing bots despite the high profit potential of these activities. Why? Because their profit comes with one hell of a risk. While bots can be programmed to do almost anything, they are inherently dumb (as of yet...). Few people would trust a bot to keep their items safe if the players themselves had trouble keeping their items safe.

Having said this, I have no idea how this could be implemented without bringing back PvP everywhere like in RSC...

To the OP: You want far too much. You want a procedure to catch bots which couldn't be circumvented even if the scripters knew everything about the procedure? AND no false positives? In short, you want a task that a Turing machine cannot complete while humans can. You're only going to get that kind of thing if the human brain turns out to be a hypercomputer. I don't see Jagex (or any company for that matter) implementing supertasks into their game.

Alphanos · March 28, 2011

To the OP: You want far too much. You want a procedure to catch bots which couldn't be circumvented even if the scripters knew everything about the procedure? AND no false positives? In short, you want a task that a Turing machine cannot complete while humans can. You're only going to get that kind of thing if the human brain turns out to be a hypercomputer. I don't see Jagex (or any company for that matter) implementing supertasks into their game.

Really the goal is for something that humans can always complete, but which computers can complete only some of the time, with limits on possible accuracy improvements. Thing like captchas, or as was suggested above, something similar to jeopardy questions.

Bladewing · March 28, 2011

step 1: raise membership to $10 monthly

step 2: hire some GMs to break the environments of suspected bots, whereby the GM could determine if they were bots.

step 3: the bots would then be banned.

How Would You Detect Bots?

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Important Information