How Would You Detect Bots?

[Stev]

They'd get rid of a lot of the people who occasionally bot... Not like the companies who are running 200 bots at once... If they implemented a simple macro feature like in WoW.

[n64jive]

They'd get rid of a lot of the people who occasionally bot... Not like the companies who are running 200 bots at once... If they implemented a simple macro feature like in WoW.

 

Not a bad idea. Simple record/playback action that maybe could run 10 minutes max...Runescape is grindfest. Everyone knows it. Nobody likes it. Playing the game feels more like a chore/job in which you pay for. It's worse than going to school, because at the end of 4 years, you have nothing to show for.

 

Only issues I see is the "pest control" problem. Ie, players will [bleep] that the new system makes the game too easy when they had to do it the old fashion way. I never liked this argument. I've been playing since 2002, and I wouldn't [bleep] one bit if I spent 2 years getting 99 slayer, and Jagex decided to update it to make it easy. Maybe a little annoyed, but I'm not a selfish [wagon]. This games problem is the grind. If they chose to remove it even after I maxed my account, I would understand.

 

Another suggestion I have is add more worlds like the 1500 skill total world. Maybe make a 1750, 2000, 2250...etc. (Btw, what the max level is, and I'm too lazy to look it up, so if 2250 is over that..sue me)...

 

I think the biggest complaint people have with macroing is that it disrupts their gameplay.

[n64jive]

This is flat out wrong. The NSA alone, dedicated to this sort of thing, has a budget of somewhere between 2-10 billion dollars a year. They (Governments, Companies, Academia, etc.) have been working these specific algorithms for nearly 4 decades now (DES started in 1972, and was the precursor to many more algorithms), and countries/nations/empires have been working on encryption/decryption and code breaking for thousands of years. L2History.

1. The NSA does more than just R&D. In fact, I would guess that they contract most of their R&D out.

2. Total Budget != R&D Budget. NSA is similar to the military, and I'm pretty sure part of the branch is tightly related to military operation. Also do you have top secret clearance? You don't? me neither. My friend does, but he still has no clue what the NSA spends their money on. So go ahead and estimate their net budget. It doesn't really grant any you compelling argument.

3. Why don't I just link you to my professors website. http://ceen.unl.edu/yqian/Teaching/S11/4910_8950/ceen4910_8950.htm. So yes, I have L2History. Either way it's a crappy argument. Astrology is thousands of years old. Therefore NASA has working on getting the Rover to MARS for at least that long...:/ Every idea has a root. Just because the Greeks used to cipher their messages using cryptography doesn't mean you can say that it takes thousands of years for good algorithms to develop.

 

If you can't see the parallels between the two, let me spell them out:

1.There will always be people looking to break data encryption, just as there will always be people looking to beat Jagex's macro detection system

2.People looking to break data encryption already know everything about what they're trying to break (how the algorithm works, where its weak points may be), similar to everyone trying to write macro software can de-compile Jagex's client and examine the source code.

3. Once an algorithm has been beat, using it provides little to no protection. Once an anti-macro feature has been beat, using it does no good.

Hmm, so if I have experience as a little league coach, I should probably get my resume into the Yankees. I mean, their is that parallel between them. My entire point was that the research concluded on Data Security at a national level is at least 1000x more complex then developing macro detection software. I hate cliches, but you're comparing apples to oranges. Btw, the parallel between them is they are both fruit, in case I needed to spell that out for you. Oh, and the point of the cliche is even though they have a few things in common, there is far more differences.

 

These are all still beside the original point I was trying to make:

The point being is that yes, eventually cheats will figure a way to bypass anti bot systems, but the best ones will be simple to implement, and take cheaters long times to figure out ways around it without it being too obstructive.

 

I agree with this, although I believe it states the obvious....

 

After all this, I'm just going to agree to disagree with you. I feel like we are both wasting our time as we are both obviously stubborn people.

[JoWie]

snip

 

I've played runescape using remote access technology, and let me tell you, it sucks. Responsiveness decreases quite a bit, and Jagex already has a problem with responsivness(ever notice there is a slight delay between click and animation...this isn't caused only by client-server communication lag, but also because of the nature of how jagex programs their game (using the "tick" system)...

 

I think a lot of people would quit if they implemented this, as I don't think the game would be very enjoyable.

 

Honestly, I don't think bots are that huge of problem...What skills are overly botted in p2p in a way that effects they players? Pure ess mining is terrible, but most people just [bleep] with it because it's obvious that these are bots performing these tasks. Hunter is getting bad, and it being a competative skill, it does piss off legitimate players. Yew/Magic cuting is bad. What else? Either way, my solution is Jagex should focus on these skills. Banning bots that compete with legitimate players would 1. End these annoying threads. 2. Make more people happy. It would also send an underlying message to botters: Go ahead and bot, but don't bot something that pisses off our paying customers, because we will find you, and we will ban you.

 

My cents

 

I agree the responsiveness will decrease, but it is not comparable to remote desktoping to another computer that runs the game. I think that it is possible to get it to a level it would be enjoyable to play. This is also something that can be rolled out in stages. In the early stages it would be optional and they could be temporarily enforce it upon alleged bot users.

OnLive manages to make it enjoyable with first person shooters:

http://www.youtube.com/watch?v=eZJBFu-tExw

 

For runescape it would be much easier to accomplish

[No_M0re]

I seriously think Jagex should address why people bot, therefore making the game more intersting, instead of losing loads of revenues due to trying to come up with a way to stop them and then actually losing al the revenue from the botters.

 

More things a bit like dungeoneering pleeeease

[sees_all1]

This is flat out wrong. The NSA alone, dedicated to this sort of thing, has a budget of somewhere between 2-10 billion dollars a year. They (Governments, Companies, Academia, etc.) have been working these specific algorithms for nearly 4 decades now (DES started in 1972, and was the precursor to many more algorithms), and countries/nations/empires have been working on encryption/decryption and code breaking for thousands of years. L2History.

1. The NSA does more than just R&D. In fact, I would guess that they contract most of their R&D out.

2. Total Budget != R&D Budget. NSA is similar to the military, and I'm pretty sure part of the branch is tightly related to military operation. Also do you have top secret clearance? You don't? me neither. My friend does, but he still has no clue what the NSA spends their money on. So go ahead and estimate their net budget. It doesn't really grant any you compelling argument.

What you said is there is absolutely no way that millions to billions of dollars have been spent on developing these algorithms, and you're wrong. Even if the ONLY place to ever develop these algorithms was the NSA, and they ONLY spent 1/1000th of their budget on developing data security LAST YEAR ALONE, and their budget last year was on the low estimate of 2 billion dollars, that still puts it at 2 million dollars spent last year alone. You're wrong, you're being stubborn, and you're making a bit of an ass out of yourself.

 

3. Why don't I just link you to my professors website. http://ceen.unl.edu/yqian/Teaching/S11/4910_8950/ceen4910_8950.htm. So yes, I have L2History. Either way it's a crappy argument. Astrology is thousands of years old. Therefore NASA has working on getting the Rover to MARS for at least that long...:/ Every idea has a root. Just because the Greeks used to cipher their messages using cryptography doesn't mean you can say that it takes thousands of years for good algorithms to develop.

I'm not reading your professors website, you linking me to it doesn't prove that you've read it, or that you've paid any attention in class. Also, learning about the implementation of AES isn't very pertinent to learning the history of encryption, is it? Also, developing codes for use in war is the EXACT SAME THING as using an algorithm to obscure data. Looking through a telescope at the stars isn't the EXACT SAME THING as sending a robot to mars. To put it your way,

I'd really like to know what other [cabbage] you can pull out of your ass?

 

My entire point was that the research concluded on Data Security at a national level is at least 1000x more complex then developing macro detection software.

You can't have it both ways. Data security can't be cheap to develop and be incredibly complex.

 

After all this, I'm just going to agree to disagree with you. I feel like we are both wasting our time as we are both obviously stubborn people.

Don't worry, you've already lost your credibility with me.

[RSBDavid]

snip

 

I've played runescape using remote access technology, and let me tell you, it sucks. Responsiveness decreases quite a bit, and Jagex already has a problem with responsivness(ever notice there is a slight delay between click and animation...this isn't caused only by client-server communication lag, but also because of the nature of how jagex programs their game (using the "tick" system)...

 

I think a lot of people would quit if they implemented this, as I don't think the game would be very enjoyable.

 

Honestly, I don't think bots are that huge of problem...What skills are overly botted in p2p in a way that effects they players? Pure ess mining is terrible, but most people just [bleep] with it because it's obvious that these are bots performing these tasks. Hunter is getting bad, and it being a competative skill, it does piss off legitimate players. Yew/Magic cuting is bad. What else? Either way, my solution is Jagex should focus on these skills. Banning bots that compete with legitimate players would 1. End these annoying threads. 2. Make more people happy. It would also send an underlying message to botters: Go ahead and bot, but don't bot something that pisses off our paying customers, because we will find you, and we will ban you.

 

My cents

 

I agree the responsiveness will decrease, but it is not comparable to remote desktoping to another computer that runs the game. I think that it is possible to get it to a level it would be enjoyable to play. This is also something that can be rolled out in stages. In the early stages it would be optional and they could be temporarily enforce it upon alleged bot users.

 

For runescape it would be much easier to accomplish

 

 

I wouldn't play if my client was hosted on a cloud server.

 

I think this is one of the better ideas on this thread:

 

I seriously think Jagex should address why people bot, therefore making the game more intersting

 

 

Jagex should spend its resources trying to find a way to end, or at least control the click an wait grind fest.

[n64jive]

*sigh* arguing with you is like arguing with someone who has Aspergers. I'd like to quit talking about the NSA, and rather actually talk about the subject at hand, which is developing a simple algorithm for bot detection. However you keep posting information that rather makes you look like an idiot. So here I go...

 

What you said is there is absolutely no way that millions to billions of dollars have been spent on developing these algorithms, and you're wrong. Even if the ONLY place to ever develop these algorithms was the NSA, and they ONLY spent 1/1000th of their budget on developing data security LAST YEAR ALONE, and their budget last year was on the low estimate of 2 billion dollars, that still puts it at 2 million dollars spent last year alone. You're wrong, you're being stubborn, and you're making a bit of an ass out of yourself.

 

1. Quit putting words in my mouth.

2. Again, What does NSA (an national agency) spending billions of dollars on Data Encryption technology(something that has a massive need on a global scale) and research have to do with the subject at hand, Jagex (a much smaller company) developing bot detection software (something of a far lesser complexity on a much smaller scale) for a Video Game?

I'm not reading your professors website, you linking me to it doesn't prove that you've read it, or that you've paid any attention in class. Also, learning about the implementation of AES isn't very pertinent to learning the history of encryption, is it? Also, developing codes for use in war is the EXACT SAME THING as using an algorithm to obscure data. Looking through a telescope at the stars isn't the EXACT SAME THING as sending a robot to mars. To put it your way,

 

Well, I was merely posting where I had got most of the information from and to show that I have had formal education on the subject matter. By the way, what is your background?

 

You can't have it both ways. Data security can't be cheap to develop and be incredibly complex.

 

Data security is a collaborative study. It is cheap because it's findings are worked on by 1000's of Colleges/other institutions and published. I guess the amount of hours and research that goes into is likely not cheap(which I never said), however you take that value and split it up between 1000s of institutions makes it possible to keep implementation cost low. Wait...why are we talking about this again. Oh, right you like to take things out of context elaborate on them, regardless if it really has nothing to do with the subject at hand. Gotcha.

 

Don't worry, you've already lost your credibility with me.

 

Is there some sort of self-proclaimed high stature that you think you hold with this community? I could care less.

[sees_all1]

What you said is there is absolutely no way that millions to billions of dollars have been spent on developing these algorithms, and you're wrong. Even if the ONLY place to ever develop these algorithms was the NSA, and they ONLY spent 1/1000th of their budget on developing data security LAST YEAR ALONE, and their budget last year was on the low estimate of 2 billion dollars, that still puts it at 2 million dollars spent last year alone. You're wrong, you're being stubborn, and you're making a bit of an ass out of yourself.

 

1. Quit putting words in my mouth.

Fine, I'll let you say it:

1. It doesn't cost millions/billions for data security development.

 

Well, I was merely posting where I had got most of the information from and to show that I have had formal education on the subject matter. By the way, what is your background?

Electrical Engineering degree from Purdue University, Worked a year in industry on a project that used PKCS#7 and PKCS#12. ~8 years programming experience.

[dynastyfan0]

I didn't read all 8 pages, so forgive me if this has been brought up.

 

One of the reasons botting is so common is because the risk is so low. You buy a bot for a few dollars and a membership for a few dollars. If the bot gets banned, boowho you just lost 6 dollars. I bet if people had a lot more to lose it would curtail the problem.

 

How about requiring a security deposite to get members? 50 bucks or something that you get back at any time you want so long as you are dropping your membership. If you get banned, you lose your security deposit. See how many ppl want to risk hundreds of dollars making 5 wc bots after that?

[Alphanos]

I didn't read all 8 pages, so forgive me if this has been brought up.

 

One of the reasons botting is so common is because the risk is so low. You buy a bot for a few dollars and a membership for a few dollars. If the bot gets banned, boowho you just lost 6 dollars. I bet if people had a lot more to lose it would curtail the problem.

 

How about requiring a security deposite to get members? 50 bucks or something that you get back at any time you want so long as you are dropping your membership. If you get banned, you lose your security deposit. See how many ppl want to risk hundreds of dollars making 5 wc bots after that?

 

This is an interesting idea. The trouble is, with all of the players whining about things like "My $6 only bought me 28 days of membership this month instead of 30, Jagex is scamming me !!1one", I suspect that they'd have a lot of trouble convincing people it's a good idea to fork over $50.

 

 

Sees_all1, n64jive, really, this has gone on long enough. Sees_all1, you believe that successfully detecting bots would have the same or a similiar order of complexity to efforts such as the development of military-grade data encryption technologies. N64jive, you think it is a simpler problem. I think we should brainstorm for possible ideas to solve this problem in a simple way. I think we can all agree that if we don't come up with anything, Jagex will not spend millions/billions over the course of decades to eliminate bots. However, our brainstorming costs them nothing, and if we succeed in coming up with feasible, cheap ideas then so much the better.

 

I believe that an ultimately perfect bot detection system would have to be an AI smarter than humans, which is obviously out of the question. However, I also believe that there must exist simpler, cheaper methods which will provide a strong degree of improvement over the status quo, some of which we've touched on in this thread.

[Thus]

Bots have yet to hurt me in any way I can immediately notice.

[mughinn]

jagex could put captchas on random events, not letting anyone leave before they do the captcha, and if the avatar stays in there connected for more than 30 minutes you ban them

[Stev]

jagex could put captchas on random events, not letting anyone leave before they do the captcha, and if the avatar stays in there connected for more than 30 minutes you ban them

Easy to create a script the can successfully read a captcha code. ;). There are already several methods readily available for doing captcha. :P.

[mughinn]

i always though captchas were good at security measures against bots :P

[dynastyfan0]

I didn't read all 8 pages, so forgive me if this has been brought up.

 

One of the reasons botting is so common is because the risk is so low. You buy a bot for a few dollars and a membership for a few dollars. If the bot gets banned, boowho you just lost 6 dollars. I bet if people had a lot more to lose it would curtail the problem.

 

How about requiring a security deposite to get members? 50 bucks or something that you get back at any time you want so long as you are dropping your membership. If you get banned, you lose your security deposit. See how many ppl want to risk hundreds of dollars making 5 wc bots after that?

 

This is an interesting idea. The trouble is, with all of the players whining about things like "My $6 only bought me 28 days of membership this month instead of 30, Jagex is scamming me !!1one", I suspect that they'd have a lot of trouble convincing people it's a good idea to fork over $50.

 

You would be surprised what people would actually pay, especially when they know its theirs to get back at any time they wish. Oh and one edit, you would have to have a deposit in to login. you can take the deposit out but then you cant login. that makes more sense because it covers f2p. You will never find a perfect solution that will make everyone happy, but this one would work outside the realm of computer code and bring it into simple human self-interest. I have learned that nothing is more powerful than the power of the wallet. Want to fix a problem, look to how you can effect people's interests. Its the similar to the common example that you don't need a bigger police force to curb crime, you need more jobs and economic opportunity. In this case you don't need a bigger police force, you just need to connect the game players financial interests. Simple stuff really.

[Bladewing]

security deposit would work IF JAGEX ACTUALLY BANNED RULE BREAKERS

[Stev]

security deposit would work IF JAGEX ACTUALLY BANNED RULE BREAKERS

BA-ZING!

[n64jive]

I'll agree to cease the argument with sees_all. I'll admit that he is actually pretty intelligent, and sometimes I'm just stubborn. One of my many flaws. Anyway, as for the security deposit idea, I don't like it. Who ever heard of a security deposit for a video game. After all, it's a game. I really think Jagex would have a hard time getting people to fork over an additional funds, even if they are volatile. I think that would be an easy solution to the end of Runescape.

 

I still stand by the best method for removing bots would be to remove the repetitive aspects of the game that make it boring. Take the elder scroll series. You don't have to sit around and fight enemies all day to advance your character. You can simply just play through the game, and you will level up at an appropriate amount. Jagex's game should be more like this (although I will admit that they are two different styles of games). If Jagex could make it so your levels level up as you work your way through the game, OR you have the option of grinding (possible giving less xp then actually performing the task).

 

I dunno though. There are tons of quest, and I absolutely hate quests. 1. They give terrible xp for completing them (generally). 2. Reading dialogue is tedious. Maybe they should work on the audio like they have in their tutorial. Of course then they would have to hire voice actors, adding more cost.

 

I guess the option is the one I suggest of adding additional skill total worlds. I really don't mind bots unless they are competing with me. If they added 1600, 1700, 1800, 1900, 2000, etc. worlds I think it would really make the general public chill less about bots.

[sees_all1]

I still stand by the best method for removing bots would be to remove the repetitive aspects of the game that make it boring. Take the elder scroll series. You don't have to sit around and fight enemies all day to advance your character. You can simply just play through the game, and you will level up at an appropriate amount. Jagex's game should be more like this (although I will admit that they are two different styles of games). If Jagex could make it so your levels level up as you work your way through the game, OR you have the option of grinding (possible giving less xp then actually performing the task).

 

I dunno though. There are tons of quest, and I absolutely hate quests. 1. They give terrible xp for completing them (generally). 2. Reading dialogue is tedious. Maybe they should work on the audio like they have in their tutorial. Of course then they would have to hire voice actors, adding more cost.

Jagex stated a year or more ago that ideally the game would be half skilling, and half quests. This would take care of botting - the players actually playing runescape as it was intended won't have to worry about too much of a grindfest, the players grinding runescape can grind it to their heart's desire and ignore the content they never use (as people do already), and the bots will be left behind, as neither player in those two groups would need of their services (as of right now, the player that wants to do all quests can't because of level requirements may look to other methods of obtaining fast levels).

[n64jive]

Quest seem to offer minimal experience for the time you put into them. You should get more xp from quest than grinding, however its the opposite....

[Alphanos]

Quest seem to offer minimal experience for the time you put into them. You should get more xp from quest than grinding, however its the opposite....

 

This is due to Jagex's bizarre philosophy that players should have to "pay" in experience, coins, or both for gameplay that is more interesting. I'm not sure who in Jagex is responsible for this view, or if they're merely adopting the view of their most vocal players. This needs to be turned around before any serious update can take place which would reduce the incentive some players feel to bot.

[Kata_Phfract__the_slayer]

Quest seem to offer minimal experience for the time you put into them. You should get more xp from quest than grinding, however its the opposite....

 

This is due to Jagex's bizarre philosophy that players should have to "pay" in experience, coins, or both for gameplay that is more interesting. I'm not sure who in Jagex is responsible for this view, or if they're merely adopting the view of their most vocal players. This needs to be turned around before any serious update can take place which would reduce the incentive some players feel to bot.

i did once read that

"the goal of quests is to have a one very few levels, so you can grind a skill for a short time and do the next quest then grind a bit more"

obviously not word for word, but thats the basic idea. training is something to be done in-between questing.

 

not like that will ever happen...

[strilmus]

Quests probably shouldn't have too heavy exp rewards...but at the same time it feels like the REQUIREMENTS are largely arbitrary, except in cases where it would be horribly dangerous to proceed without certain abilities.

 

However....minigames seem to be more of a place to show off stats for mostly arbitrary rewards rather than any kind of experience that you can actually learn from.

 

Which is fine for some things, but it seems like there is a lot of wasted potential that could alleviate much of the boredom of training that is seriously outdated in this day and age.

[JoWie]

mm, what if you apply that video streaming idea only to random events. In effect this would turn random events into turing tests (captcha). It would not be mind numbing for players to perform, could be made harder than a bunch of garbled text and at the same time easier for players.

The servers would also not be required to run a fell fledged runescape client, only what is necessary for the random events.

 

 

 

 

It would also help to set up random events up in such a way they address hard problems in artificial intelligence (this idea is separate from the one above).

A book on A.I. I have (Russel, S. & Norvig, P., 2003, Artificial Intelligence: A modern approach) lists the following task environment properties as being hard to solve:

1. Partial observabe (instead of fully)
   "If an agent's sensors give it access to the complete state of the environment at each point in time, then we say the task environment is fully observable. [...] An environment might be partially observable because of noisy and inaccurate sensors or because parts of the state are simply missing. - For example, an automated taxi cannot see what other drivers are thinking"
   
2. Stochastic (instead of deterministic)
   "If the next state of the environment is completely determined by the current state and the action executed by the agent, then we say the environment is deterministic; otherwise it is stochastic. [...] Taxi driving is clearly stochastic in this sense, because one can never predict the behavior of traffic exactly; moreover, one's tires blow out and one's engine seizes up without warning. [...]"
   
3. Sequential (instead of episodic)
   "In an episodic task environment, the agent's experience is divided up into atomic episodes. Each episode consists of the agent perceiving and then performing a single action. Crucially, the next episode does not depend on the actions taken in the previous episodes [...] Chess and taxi driving are sequential: in both case short-term actions can have long-term consequences [...]"
   
4. Dynamic (instead of static)
   "If the environment can change while an agent is deliberating, then we say the environment is dynamic for that agent; otherwise it is static. [...] Dynamic environments, are continuously asking the agent what it wants to do; if it hasn't decided yet, that counts as deciding to do nothing."
   
5. Continuous (instead of discrete)
   "[...] For example, a discrete-state environment such as a chess game has a finite number of distinct states. [...] Taxi driving is a continuous-state and continuous-time problem: the speed and location of a taxi sweep through a range of continuous values and so smoothly over time. [...]" Simply put, if the are an infinite number of states, an environment is continuous
   
6. Multi agent (instead of single agent)
   The way things are qualified as an "agent" might get complex (beyond the scope here). Obviously an environment is multi agent if multiple agents have to interact with each other (competitively or cooperatively). When done cooperatively, communication is often necessary
   

(an "agent" is a player or a bot)

(a "state" can be seen as a "snapshot" of the game in a certain point in time. Things on screen, location of yourself, items, monsters, other players, etc)

 

An agent sensors if combined with the first idea would be "screen shots" or "video feed".

If not combined with the first idea, the sensors would be any data currently coming from the runescape servers (monster id's, item id's, chat, whatever).

 

Application to random events:

1. A player would have to explore (look around, etc) in order to solve the random event.
   
2. Sadly, while a lot of runescape is stochastic, the current random events (except for the fact that the occurrence itself is random) are mostly deterministic. Making random events more stochastic is a very good way to make botting random events more difficult
   
3. While sequential may seem like easy to solve by computers (because of the vast memory), this can get very difficult if you also have to decide what to "remember".
   
4. Combat in runescape could be an example of a dynamic environment. Do you fight or flee? do you turn on a prayer? if you take to long to decide you may end up dead. Making random events too "dynamic" could frustrate a lot of players, but could be beneficial in small quantities
   
5. I do not think it would be easy to construct a random event that is "continuous"
   
6. Players having to work together to solve a random event would be an obvious choice. I do not think this would be a wise thing to do however. You can not pick who you would do a random event with
   

So maybe a good random event would be having to taxi around monsters on a busy highway for 5 minutes :D

 

I find it odd that a lot of the random events "test" things that are not all that hard to solve by computers. Some of them just take a while to implement or take a while to gather enough data.

If anything is not understandable, feel free to ask for a better explanation.