Forums » General
Hi everyone. I'm on my own for releasing this evening (Michael is moving to a new apartment, Ray is on a brief vacation), and it was my intent to put out some new addon stuff and missions. I don't think I'm going to be able to do that.
We've been dealing with our most expensive case of credit card fraud, this week, from someone who admits to signing up and playing the game.. and then submitted multiple accounts as chargebacks anyway. This is a gigantic headache and involves hundreds of dollars in chargeback fees, on top of the actual charges themselves. We're going to have to change our Terms of Service and other policy stuff relating to chargebacks and fraud, more on this when I'm up to writing about it. This requires us to be a lot more militant about going after fraud cases and individual people financially, which is really not why I got into making videogames.
[EDIT]: Since apparently someone misunderstood the above, we haven't "lost" any credit card numbers or in any way endangered the security of our subscribers. Rather, we've had fraud perpetrated against us by people who subscribed to the game, and then later "claimed" fraud, despite admitting to playing and not unsubscribing. It's called "Friendly Fraud", although I would probably call it something different; see wikipedia for more info.
We also had our worst-ever case of game exploitation, which we fixed on Monday (the "other bug"). An individual generated billions of credits, in production, by exploiting a problem of which we were unaware (the person claims to have reported it, but we have no emails or bug reports showing it. I have all my emails from the last 8 years). Regardless of whether the bug was reported or not, we only found out about the extensive exploitation because of third party complaints. This whole thing is just really.. disappointing to me. Anyway, all the game aspects are handled, we removed the money and fixed the problem, and we're working on new ways to watchdog this kind of thing in the future. Unfortunately we're going to have to adjust/reiterate our policy on this too: anyone caught doing this kind of thing in production gets the perma-ban. Yes, the game has flaws, but 9 billion credits over a couple of days is egregious in the extreme, and damages the game as a whole. I would think that would be obvious. The individual in question has not been banned, instead I'm choosing to clarify things for everyone from now on (don't exploit in Production, ever! Any "curious tinkering" should be done on Test, and the outcome reported to us), and then potentially follow up in other ways. For anyone totally confused on what an "exploit" is: using a good trade rate is ok, writing a script to exploit a loophole that lets you bypass the cargo limits and fill your ship with hundreds of thousands of CU of cargo before using said route.. NOT OK.
These two issues have been a tremendous drain on our time and energy, and this has really been one of those weeks when I hate my job. Hopefully next week we can get back to the actual fun parts, like, you know, making the game better. I may yet take a look at some addon/mission stuff tonight, but at this point it's best for me to say that I can't promise anything. I mentioned earlier in the week that I was hoping for a content drop tonight, so I felt it was best to post and keep you guys informed.
Take care, have a good weekend, all.
We've been dealing with our most expensive case of credit card fraud, this week, from someone who admits to signing up and playing the game.. and then submitted multiple accounts as chargebacks anyway. This is a gigantic headache and involves hundreds of dollars in chargeback fees, on top of the actual charges themselves. We're going to have to change our Terms of Service and other policy stuff relating to chargebacks and fraud, more on this when I'm up to writing about it. This requires us to be a lot more militant about going after fraud cases and individual people financially, which is really not why I got into making videogames.
[EDIT]: Since apparently someone misunderstood the above, we haven't "lost" any credit card numbers or in any way endangered the security of our subscribers. Rather, we've had fraud perpetrated against us by people who subscribed to the game, and then later "claimed" fraud, despite admitting to playing and not unsubscribing. It's called "Friendly Fraud", although I would probably call it something different; see wikipedia for more info.
We also had our worst-ever case of game exploitation, which we fixed on Monday (the "other bug"). An individual generated billions of credits, in production, by exploiting a problem of which we were unaware (the person claims to have reported it, but we have no emails or bug reports showing it. I have all my emails from the last 8 years). Regardless of whether the bug was reported or not, we only found out about the extensive exploitation because of third party complaints. This whole thing is just really.. disappointing to me. Anyway, all the game aspects are handled, we removed the money and fixed the problem, and we're working on new ways to watchdog this kind of thing in the future. Unfortunately we're going to have to adjust/reiterate our policy on this too: anyone caught doing this kind of thing in production gets the perma-ban. Yes, the game has flaws, but 9 billion credits over a couple of days is egregious in the extreme, and damages the game as a whole. I would think that would be obvious. The individual in question has not been banned, instead I'm choosing to clarify things for everyone from now on (don't exploit in Production, ever! Any "curious tinkering" should be done on Test, and the outcome reported to us), and then potentially follow up in other ways. For anyone totally confused on what an "exploit" is: using a good trade rate is ok, writing a script to exploit a loophole that lets you bypass the cargo limits and fill your ship with hundreds of thousands of CU of cargo before using said route.. NOT OK.
These two issues have been a tremendous drain on our time and energy, and this has really been one of those weeks when I hate my job. Hopefully next week we can get back to the actual fun parts, like, you know, making the game better. I may yet take a look at some addon/mission stuff tonight, but at this point it's best for me to say that I can't promise anything. I mentioned earlier in the week that I was hoping for a content drop tonight, so I felt it was best to post and keep you guys informed.
Take care, have a good weekend, all.
Let the speculation commence:
Holy jeez. Sometimes, Incarnate, I don't envy your position at all. I do wish you the best of luck in dealing with issues like this as quickly and as easily as possible though.
That being said, keep up the good work and try to have a nice weekend as well.
That being said, keep up the good work and try to have a nice weekend as well.
PS... sorry to hear about the problems. Although I might offer that something of this magnitude, and the fact that you guys will be more diligent from now on, does provide me personally with a bit more faith in the system. I've seen various "hacks" since the lua backend was opened up, all various degrees of trickery. Enough to make me question the integrity of the game as a whole. If steps are being taken to be more careful of loopholes existing, then I think in the end it may be for the better...
...not in anyway saying that exploitation of said loopholes is a good thing of course.
...not in anyway saying that exploitation of said loopholes is a good thing of course.
Sorry to hear about the credit card fraud issue, that really blows.
I'm in support of you fixing effects of bug exploitation in the future, but in the past...
People have made untold hundreds of millions expoiting BP with no retroactive fix.
The short lived cargo dupeing bug was exploited, changing the ctc outcome one week, with no retroactive fix.
People crackbotted gaining levels and standing, with no retroactive fix.
The list goes on (way on), my point is a precedent has been set (intentionally or not) that once you've reported a bug, if you abuse it to your advantage, nothing will be done to undo the abuse, only stop further abuse.
I do support trying to undo the abuse in the future but setting a precedent of not retroactively fixing exploits, (especially when nobody is any worse off for it) then going against that just kinda bothers me a bit.
Just my two cents on the matter.
I'm in support of you fixing effects of bug exploitation in the future, but in the past...
People have made untold hundreds of millions expoiting BP with no retroactive fix.
The short lived cargo dupeing bug was exploited, changing the ctc outcome one week, with no retroactive fix.
People crackbotted gaining levels and standing, with no retroactive fix.
The list goes on (way on), my point is a precedent has been set (intentionally or not) that once you've reported a bug, if you abuse it to your advantage, nothing will be done to undo the abuse, only stop further abuse.
I do support trying to undo the abuse in the future but setting a precedent of not retroactively fixing exploits, (especially when nobody is any worse off for it) then going against that just kinda bothers me a bit.
Just my two cents on the matter.
oh snax, this bug was not dependent on lua, you could do it manually, it would just take forever. And no it wasn't me.
All bug exploitations should be reversed and with the most serious cases (such as this one) people should be perma banned.
Money is already irrelevant in this game as it is but 9 bil in a matter of days? Come on, its almost like the people who keep doing crap like this are intentionally trying to drive everyone outta the game.
Just because someone runs a red light and doesn't get pulled over for it doesn't make it ok.
Whether or not all bug exploitations have been reversed in the past doesn't make it ok for the culprits to keep any of their not so hard earned money.
Not only did this person interfere with the developers continued updating to the game, they were expected to keep the money that they earned illegitimately.
Whoever it is, they should have been banned and are lucky they aren't.
Money is already irrelevant in this game as it is but 9 bil in a matter of days? Come on, its almost like the people who keep doing crap like this are intentionally trying to drive everyone outta the game.
Just because someone runs a red light and doesn't get pulled over for it doesn't make it ok.
Whether or not all bug exploitations have been reversed in the past doesn't make it ok for the culprits to keep any of their not so hard earned money.
Not only did this person interfere with the developers continued updating to the game, they were expected to keep the money that they earned illegitimately.
Whoever it is, they should have been banned and are lucky they aren't.
lnh: retroactive fixes are entirely dependent on the exploit. We log very intensely, but we cannot log everything about everyone all the time. For instance, crackbotting: taking positional records of every user in the game and processing it through all possible "crack" locations across thousands of asteroid sectors and determining how many bots they may have killed in that manner.. would have been a nightmare, not to mention computationally.. challenging. Some issues are essentially not possible to "retroactively fix". Some are.
Either way, exploiting them is a bad idea. But all the crackbotting and other random problems that we've had since.. say.. Alpha.. we have never had an exploit that was abused and unreported on this level. Whether or not "crackbotting" was even an actual exploit is debatable. This on the other hand.. completely unequivocal.
So, quite frankly, we haven't really set a public "precedent" on this topic, we've always done the best we could to put things back the way they were.. with varying degrees of success. In all those cases, however, people were quick to report the problem to us, and we responded as effectively as we could (crackbotting, in particular, required a revamp of how ships.. do combat, not a trivial thing, and it took us some time to accomplish).
In any event, the course from here on should be pretty clear, and I really don't think any kind of discussion of the past has ANY mitigating value on this case at all. Whether or not this situation had any lasting impact on the game is not mitigating either: the only reason why it didn't is because we were able to fix it. If anything, we got off lucky, and so did the person who caused this issue. This is expressly why people will be banned for this kind of behaviour in the future.
If people want us to make the game better, they shouldn't suck up our time with crap like this. In no way does it help anyone.
Either way, exploiting them is a bad idea. But all the crackbotting and other random problems that we've had since.. say.. Alpha.. we have never had an exploit that was abused and unreported on this level. Whether or not "crackbotting" was even an actual exploit is debatable. This on the other hand.. completely unequivocal.
So, quite frankly, we haven't really set a public "precedent" on this topic, we've always done the best we could to put things back the way they were.. with varying degrees of success. In all those cases, however, people were quick to report the problem to us, and we responded as effectively as we could (crackbotting, in particular, required a revamp of how ships.. do combat, not a trivial thing, and it took us some time to accomplish).
In any event, the course from here on should be pretty clear, and I really don't think any kind of discussion of the past has ANY mitigating value on this case at all. Whether or not this situation had any lasting impact on the game is not mitigating either: the only reason why it didn't is because we were able to fix it. If anything, we got off lucky, and so did the person who caused this issue. This is expressly why people will be banned for this kind of behaviour in the future.
If people want us to make the game better, they shouldn't suck up our time with crap like this. In no way does it help anyone.
BP exploit ?
When BP was first introduced, it had several bugs, the most exploitable of which was that adding group members increased bot counts for success and equally increased rewards. Unfortunately, it didn't DECREASE rewards if a member left the group, and so you could have a member join and leave as many times as you wanted, and each time the bot kill count would increase, as would the XP and money rewards. You could level a 0/0/0/0/0 alt up to whatever level you wanted in one mission with a couple experienced pilots killing all the bots, and each player would take home ridiculous rewards in the multimillions. The itani guilds were quite publicly making use of the bug to fill their coffers, as was scar (the only serco guild of the time) and everyone else. You could easily make 25 million in a single mission in under an hour. Martin first reported the bug, and others found it as time went on.
The bug wasn't fixed for months after discovery. Everyone kept their money and levels.
The bug wasn't fixed for months after discovery. Everyone kept their money and levels.
I'm awed by the illogical arguments involved in complaining about the devs removing billions in ill-gotten gains from the game. Am I to beleive that people are actually arguing that since the devs didn't set the books straight in the past, they are wrong in doing so now? Really? I'm pleased that somebody reported the problem, that it was found, and that some care was taken to protect the economy (such as it is).
You did end up getting a great deal of help from the involved individual about the bug (worth a mention other than "got off lucky").
Whistler, the complains arise from suspicions that the decision might have been biased. Though I personally believe that this combined with the credit card fraud really pushed their buttons...
Anyways, what's done is done, back to normal.
Now give meh my new addons!
Whistler, the complains arise from suspicions that the decision might have been biased. Though I personally believe that this combined with the credit card fraud really pushed their buttons...
Anyways, what's done is done, back to normal.
Now give meh my new addons!
Regarding BP: As I said before, some "retroactive" changes are easier than others. Was it better to do what we did, or should we have simply wiped all BP gains, exploitative or genuine? I'm sure that would have gone over real well.
That was not a precedent, that was us dealing with reality. We examined the total aggregate gains and made the best of what we could.
It's all pretty irrelevant at this point. Current policy is now apparent.
That was not a precedent, that was us dealing with reality. We examined the total aggregate gains and made the best of what we could.
It's all pretty irrelevant at this point. Current policy is now apparent.
Shadoen: no, we had completely tracked down the bug before the person even responded. Actually, we got a lot of flack from the individual in question. He demanded an apology (?!).
When I say that he "got off lucky", that is a vast and drastic understatement. No, it wasn't biased, no bias is required for this level of response. Is everyone taking crazy pills? The guy never reported a bug and generated billions of credits with it.
When I say that he "got off lucky", that is a vast and drastic understatement. No, it wasn't biased, no bias is required for this level of response. Is everyone taking crazy pills? The guy never reported a bug and generated billions of credits with it.
Sadness.
I think I would have sent him to the chopping block.
I think I would have sent him to the chopping block.
The only reason why I did not, is simply because, in the past, other specific individuals have done massive exploits with our knowledge. Some of these people, very hard core individuals, engaged in large-scale reverse engineering and manipulation of the game, reporting all discovered flaws to us. Strictly speaking, this was against EULA, etc, but because they did it with the intent of helping us secure the game, never exploited it for personal gain, and for intellectual curiosity, we let it slide. These people helped us identify a lot of problems, and I mean major stuff, and their contributions came to be welcome.
In some ways, I guess I have kind of a strict moral/ethical code, and it seemed better that we simply establish the rules (for EVERYONE) from this point forward, be they our trustworthy tinkerers or not, rather than simply hanging from the yard-arm the first person to so excessively abuse the game for personal gain. It wasn't that he didn't deserve to be banned (he did). Strictly speaking, it had nothing to do with him at all. It was a policy decision based on the facts as I saw them, with the bigger picture in mind: It is simpler to ban exploitation as a whole than it is to ban "bad" exploitation.
If we hadn't allowed this kind of.. "white hat hacking" in the past (in production), I would have banned his ass. And in case anyone is concerned about some sort of "prior bias", I would have banned Whistler or Firemage for committing this sort of act as well. The act that was committed more than justified the potential punishment, for anyone, and my reasons for choosing otherwise have everything to do with me, and very little to do with anyone else (and definitely nothing to do with "BP", "crackbotting" or any other preceived prior case with tenuous similarities).
I hope that covers it for everyone, and we can leave it be.
In some ways, I guess I have kind of a strict moral/ethical code, and it seemed better that we simply establish the rules (for EVERYONE) from this point forward, be they our trustworthy tinkerers or not, rather than simply hanging from the yard-arm the first person to so excessively abuse the game for personal gain. It wasn't that he didn't deserve to be banned (he did). Strictly speaking, it had nothing to do with him at all. It was a policy decision based on the facts as I saw them, with the bigger picture in mind: It is simpler to ban exploitation as a whole than it is to ban "bad" exploitation.
If we hadn't allowed this kind of.. "white hat hacking" in the past (in production), I would have banned his ass. And in case anyone is concerned about some sort of "prior bias", I would have banned Whistler or Firemage for committing this sort of act as well. The act that was committed more than justified the potential punishment, for anyone, and my reasons for choosing otherwise have everything to do with me, and very little to do with anyone else (and definitely nothing to do with "BP", "crackbotting" or any other preceived prior case with tenuous similarities).
I hope that covers it for everyone, and we can leave it be.
The guy got the money falsely.
He didn't report it to the devs.
In any other game that would be auto-permi-ban. Fact.
The person that was lucky in this whole event is the guy that started it. Just because things like this weren't retro-spectively fixed in the past doesn't mean they shouldn't be now!
The thing I want to know is the ridiculous amount of trading xp and badges this guy 'earnt' have been put right to, yes?
Does guild software stand to loose anything over the credit card business? Sorry if that's a stupid question <eg please_don't_flame>.
Spine
P.S
Written on a pda keyboard, sorry for any spelling mistakes.
He didn't report it to the devs.
In any other game that would be auto-permi-ban. Fact.
The person that was lucky in this whole event is the guy that started it. Just because things like this weren't retro-spectively fixed in the past doesn't mean they shouldn't be now!
The thing I want to know is the ridiculous amount of trading xp and badges this guy 'earnt' have been put right to, yes?
Does guild software stand to loose anything over the credit card business? Sorry if that's a stupid question <eg please_don't_flame>.
Spine
P.S
Written on a pda keyboard, sorry for any spelling mistakes.
We stand to lose about $300 on the credit card thing, so far, maybe more. We aren't sure yet. It will probably be some time before it's wrapped up, and even if it ends in our favor, we'll still have to pursue with collections agency or whatever else.. more money and time. Who knows. We've never had to go this far before.
ok, first of all the post from 'samdude0' was me (it was my trial account and my pda still remembered me as it)
I also starting writing that before inc said to leave it be - sorry about that.
I'm really sorry to hear about the $300 :S
Good luck with getting it wrapped up quickly and with the least stress to you.
Spine
I also starting writing that before inc said to leave it be - sorry about that.
I'm really sorry to hear about the $300 :S
Good luck with getting it wrapped up quickly and with the least stress to you.
Spine
Sorry to hear about the hassles Inc . I am always disappointed by financial exploitation of any small business and I know from experience how much time and effort sorting out fraud can be .
The same can be said of fraud within the game ; it is a slap in the face for all the folk who play honestly and contribute positively to VO as a whole.
When the game becomes more populous I fear that such things will become more of a problem, merely because that is the way a small proportion of people behave. It makes sense to put disciplined structures and policies in place at this stage both to protect yourselves and the community as a whole.
As Yuutuu observes'
"Come on, its almost like the people who keep doing crap like this are intentionally trying to drive everyone outta the game."
There is a mean vindictive streak in some people Yuutuu, folk who just enjoy spoiling things for others . The older I get the less I understand it , but I do observe that such behaviour is on an increase in society as a whole. I wish I could understand it , but I can't.
Ecka
The same can be said of fraud within the game ; it is a slap in the face for all the folk who play honestly and contribute positively to VO as a whole.
When the game becomes more populous I fear that such things will become more of a problem, merely because that is the way a small proportion of people behave. It makes sense to put disciplined structures and policies in place at this stage both to protect yourselves and the community as a whole.
As Yuutuu observes'
"Come on, its almost like the people who keep doing crap like this are intentionally trying to drive everyone outta the game."
There is a mean vindictive streak in some people Yuutuu, folk who just enjoy spoiling things for others . The older I get the less I understand it , but I do observe that such behaviour is on an increase in society as a whole. I wish I could understand it , but I can't.
Ecka