Saturday, October 10, 2009

Offtopic?! Blunders of Aion

Not to demonize our friends at NCSoft...

So Aion came out recently. Back in beta they were using nProtect GameGuard in an apparent attempt to stop cheaters. It was relatively big news when they pulled it for the game's release (but indicated they may use it in the future, and some sites say it may still be in use in some markets). So first a little bit about this whole GameGuard thing. I tried running the Aion client during beta, and without any other software running on the PC, the damn thing just wouldn't launch. It came up with an error in Korean. I don't read Korean, and I don't think the font is even installed. But it mentioned GameGuard in English. Long story short, I never successfully ran the game during beta. I probably could have, but I didn't bother. I had seen enough. The reason it wouldn't launch? I was running Windows 7. I could have probably copied it over to another PC and tried it, but the GameGuard debacle convinced me that I didn't want to.

I wasn't the only one with issues with GameGuard. Indeed, a quick Google search will turn up numerous problems that players were having with this "protection". And, as it turns out, these problems were basically all for naught. It was easy to disable GameGuard with a hack that someone distributed for free and could be found via a no-brainer Google search. So Aion using GameGuard didn't achieve its goals of preventing cheating, but it did prevent honest players from playing the game. If playing Aion is prevented, only the prevented will play Aion! In other words: FAIL!

And that's without going into any of the gory details of GameGuard! WoW players are lucky to have Blizzard's relatively non-invasive Warden. GameGuard runs a Windows driver (one that is commonly referred to as a rootkit, having complete and unfettered access to your PC, and "secret" functionality. Do YOU trust everything available for download on the internet?), which means that it can easily cause your system to BSOD (and, for many people, does exactly that). It's one thing to not trust your customers (in multiplayer games, this mistrust is necessary to some degree), but it's another to crash their PC, potentially causing lasting damage, while trying to achieve perceived fairness.

So these things presumably contributed to dropping GameGuard for the game's release. Smart move there. But NCSoft wasn't dropping cheat protection entirely, just GameGuard. I don't know of any available information about what protection is in place, and I haven't particularly looked myself, but last night they showed the world that they are still using something. And they're banning lots of people who aren't cheating (along with some who are). What's more, they did it on Friday night and apparently don't provide customer support on the weekends! Good game, NCSoft. Good game. (Update: This is enough of a problem that they are apparently working this weekend)

This has me slightly concerned about my own non-cheating customers. I write software that, by and large, is used for multiboxing (playing multiple characters) by facilitating visibility, ability to easily switch to different characters, and more recently the ability to control different characters at the same time as you control the main. And since my company launched in 2004, no multiboxers using my software have been banned from any game -- there were some accidentally banned from World of Warcraft a few years back, but their bans were reversed and Blizzard gave them free subscription time to make up for the mistake. But, while there are former Blizzard guys at the top of NCWest (US subsidiary of NCSoft) thanks to ArenaNet, and these guys seem pretty reasonable, NCSoft is not Blizzard, and NCWest doesn't exactly control NCSoft. So even though NCWest may be sympathetic to multiboxers, who knows what kind of destruction will be doled out by NCSoft. NCSoft is used to a much different Asian market, and recent law changes in Korea probably carry a lot of influence in what sort of protections the game will have. (Update: Apparently Jeff Strain left NCSoft a couple months ago, and I'm told that my statement "there are former Blizzard guys at the top of NCWest" may no longer be true)

I've spent a good portion of the last few weeks preparing my software for compatibility with Aion. That's just to get it to launch and interact with the game... in a style similar to what X-Fire does, but providing the capabilities in a different way (so as to support additional features such as the ability to manipulate the game window, or put games that don't support windowed mode in a window, and so on). But the end result is basically the same -- my software can provide an in-game interface and indeed X-Fire could be implemented using it (some people use an IRC plugin for my software for example, which allows them to chat on IRC while in game).

But my system is also more likely to be incompatible with a game than X-Fire is, for other reasons. Aion, for example, uses a packer called Themida. Themida is supposed to be one of the best ways to protect a program from being modified, or even reverse engineered (which is often necessary in order to implement interoperability, is used in many disciplines, and is expressly legal to do). But like GameGuard, this is only effective as long as the perceived enemy is unable to bypass it, and there is likely to be collateral damage. Older versions of Themida loaded a driver, and as I described with respect to GameGuard earlier, this meant BSOD and eventually incompatibility with Windows. Themida is also used, legitimately or not, to "protect" malware in order to evade your favorite anti-virus software, anti-spyware software, etc. This means that, for some people who are simply trying to protect themselves against malware, the game can't be played without disabling the anti-virus software, or is detected as malware and destroyed. But hey, at least the game can't be modified or reverse engineered, right? Wrong. Themida only prevents a program from being modified on disk, and even then, only if it is not unpacked. Aion unpacks itself in memory so that it's just like any other program, and once it's loaded in memory it can be both reverse engineered and modified. This means the Themida packing is only so effective in the first place. By using Themida they prevent entry-level hacking of the game, in exchange for looking like malware to various antivirus software, and whatever other collateral damage comes with it.

This happens to be a hindrance to my software because my original design had some related flaws. The way Themida unpacked Aion, it happened to ignore parts of my software. This is no longer the case. Unfortunately it's a lot of work to redesign something that has been an integral part of my software for 5+ years, so there is still work to be done before anyone is using ISBoxer to multibox in Aion. I sincerely hope that Aion does not become the first game to ban my customers for nothing other than multiboxing.

And for what? NCSoft has been so confident that this game would be the ever-so-elusive WoW killer (many have tried, but none have succeeded thus far) that they are trying to protect the game experience for honest players, but in the process have alienated many of those honest players. Honest players who might be purchasing multiple accounts, and telling all of their WoW friends that they should be switching to Aion because it is so awesome. Sadly, bungles early after a game's release can do more harm than having cheaters early after a game's release. Consider that WoW didn't even have Warden until many months after its release. And people cheated! They did all of the things that everyone hates them for doing, and you know what, even with Warden, people still cheat and do the same damn things they did before it came out. You don't have to ban honest players, you just need to create the impression that you are serious about taking steps against the cheaters that people are complaining about. There's going to be cheaters either way.

It seems to me that for all the work put into protecting the game, what they have actually achieved is a limitation on the size of their player base, rather than preventing cheating.

And, while I wholeheartedly disagree that Warden and other anti-cheating software is copyright-related DRM as protected by the DMCA in the US, there are clear parallels to be drawn. For example, some DRM restricts use to specific devices, preventing use of content by potential customers using other devices with the intention of selling more of the device it is restricted to, and many people remove this DRM in order to use it on devices from other vendors. In either case, the trade-off is to alienate some customers in order to achieve some goal for the company. And in the end, the customer that was locked out is able to take the upper hand.

To the company, this is all about money. The company is betting that by implementing this DRM, they will receive more money from customers. The obvious risk in this bet is that customers may not be willing to sign on to their DRM scheme. The company probably doesn't care if the DRM itself causes damage, until it hits them in the wallet.

If you need any examples of DRM causing damage, I have personal experience with one and another is common knowledge. Here's mine first: I made the mistake of installing a game called Splinter Cell: Chaos Theory on my PC several years ago, which used a protection scheme called StarForce. I didn't know or really even care until I later tried to upgrade from XP to Vista, and Vista told me I couldn't upgrade because StarForce is incompatible. Oh, and I couldn't uninstall StarForce to upgrade to Vista, even though I had long since removed SC:CT.. I had to do a clean install of the OS to get rid of it! (There's apparently a removal tool now) And for common knowledge, the words "Sony" and "rootkit" should be plenty, but if not, here's a link (this one actually hit Sony in the wallet!). People in general don't like overly restrictive DRM, and many will refuse to buy something that has it.

The company is betting that all of these factors combined with their cost of implementing the DRM will result in receiving more money than they would have gotten without the DRM. It seems to me that the way to balance this is to avoid overreaching at all costs, not to try to make it perfect. I am reminded of a quote... "The more you tighten your grip, Tarkin, the more star systems will slip through your fingers." It'll never be perfect.

Friday, January 30, 2009

MDY v Blizzard trial results

Very interesting stuff. Today I will be writing about the court order dated January 28, 2009, found here in PDF form: http://docs.justia.com/cases/federal/district-courts/arizona/azdce/2:2006cv02555/322017/108/0.pdf

The most important point, as I see it (well, it's probably plain to see), is that the court ruled that Warden is protected by the DMCA insofar as that it protects the non-literal elements of the game. That is to say that the game elements generated by the server and sent to your client, which make use of the literal data -- say, a monster here, a building there, etc -- are copyrighted and Warden prevents accessing them if you are shown to be violating the Terms of Service. I would still argue that simply adding terms to the Terms of Service probably shouldn't be applied as far as the DMCA. I don't think it would fly for the RIAA, so why should it fly here?

This will also have implications for other games, and with companies that are far less trustworthy than Blizzard. For example: New game comes out, has DRM that is wider reaching than Warden and includes features that happen to send private data back to the server, and it's protected by the DMCA simply by tying random terms into the Terms of Service. Company doesn't mention it, much like Blizzard didn't come out and say exactly what Warden does (resulting in the Hoglund debacle and other false claims), and until someone reverse engineers it and determines what it is doing, nobody would be the wiser. Cue the ignorant responses: "They have your credit card information from subscribing, what else would they possibly want?" and "Well don't play the game then". It should be noted that until the problem is exposed, nobody would know not to play the game, and something could affect a large number of customers. And of course, providing software that protects your private data from being exposed would be a violation of the DMCA. How do you like them apples?

It doesn't even stop at games. That's just the most obvious. This could harm a lot of modding, of anything at all. A car manufacturer can put such controls on its in-car display system to prevent you from making changes to it by making it a copyright violation to do so. What sense does that make? For further reading on this point, an article at Ars Technica: http://arstechnica.com/gaming/news/2009/01/judges-ruling-that-wow-bot-violates-dmca-is-troubling.ars

Blizzard also won on tortious interference with contract, which they were pretty confident about from the beginning. This is basically that MDY was apparently inducing WoW players to violate the terms of their contract (EULA, Terms of Service) with Blizzard by suggesting they use a bot.

And more importantly at least as far as MDY is concerned, Blizzard is entitled to a permanent injunction against Glider, preventing MDY from making another penny on it, not to mention the $6 million stipulated damages this means MDY owes Blizzard. Or rather, that Donnelly himself apparently owes Blizzard, since the court deemed him personally liable. Ouch.

The two sides have until Friday the 13th of February 2009 to make their cases as to why or why not the injunction should be stayed pending appeal (meaning that MDY of course has no choice but to appeal, and the argument is whether Glider sales should be allowed until the appeal process runs its course) and other minor details regarding the injunction.

So that's it for now.

Saturday, December 20, 2008

Why are people still referencing Hoglund?

Okay this is relatively old news but I hadn't seen it until now. Someone in IRC linked this article on wowinsider.com by Jon Eldridge from May 19, 2008: http://www.wowinsider.com/2008/05/19/azeorth-security-advisor-wow-is-watching-you-part-2/

So we've got this "computer security expert", and alright, I'll bite, maybe he is some sort of computer security geek... but he's definitely no reverse engineer. He goes on to explain with some degree of accuracy, 2 of the scans that Warden had before early 2007. Notice the emphasis on had. What isn't accurate is this:

It reads the text in the title bar of every window you have open including that really embarrassing Furry fan site you don't want your friends to know about. Yes Nekudotayim, Bliz knows about your pr0nz.!
I went over that in detail in the first On Warden blog post, here: http://onwarden.blogspot.com/2007/07/privacy-and-you.html. Blizzard doesn't know about your Furry fan site porn. Sure, Warden went through the titles of each window, and compared the title to a hash. But all it would do with that information is send back a yes or no. There was no sending back the titles of all the windows. Eldridge seemed to imply that the titles would be hashed and sent to Blizzard in order to compare to a database. Nope. Partial credit. Even if that was what happened, that doesn't give away your Furry porn. The hash is one way, there would be no way to recover the original title in order to determine if it was, in fact, Furry porn (Eldridge is apparently also not in the cryptography school of computer security expertise). Blizzard sent a hash to compare window title hashes to, not the other way around.

But that's not the worst misinformation of the article. This is:
The second act of the Warden Power Tour is to sniff out and hash every single process running on your computer and compare them to the list of banning hashes. So while you are playing WoW, Blizzard takes complete stock of every program, every window, every website and every process on your machine and compares it to a list you will never see... every 15 seconds. Contrary to many fanboy and armchair security expert flames Blizzard does indeed know about your surfing habits while you are playing WoW and a whole lot more. The issue is not what they know but what they choose to audit and act upon via their secret list.
Speaking of armchair security expert flames, Mr. Eldridge... Blizzard does not know about your surfing habits "and a whole lot more." Even if they were hashing all of the processes and sending them back, once again they could not recover the original executable name (oh, did I say executable name? yeah, you forgot to). They could only compare it to a list of known hashes, so they would have to take a huge number of guesses before coming up with the right one in order to determine what obscure programs you are running. But this doesn't even translate to "every web site", even if they were grabbing every window title and every process executable name. I don't know about you, but I use a browser that supports tabs. Only the focused tab changes the title of the top level window. But, once again, the process list scan hasn't been used since early 2007, and they sent the hashes to your PC to check, not sending a list of hashes to their servers.

Then Mr. Eldridge goes on to recommend Governor for anyone who'd like to "watch the Warden sniff around". If only that's what Governor actually did. (and again, I've gone over this before) Even when it was created, Governor only intercepted API calls from roughly half of Warden's scans. But it never showed what would actually get transmitted back to Blizzard. Governor hooks a small set of windows API functions such as GetWindowTextA and CharUpperBuffA. GetWindowTextA is used to get the title of a window, and CharUpperBuffA converts some text to upper case, for use in generating a hash. CharUpperBuffA was used for both the window title, and process executable names. But using these API doesn't mean that's what Blizzard is seeing, just what's happening on your PC. It's really quite mundane, and in fact, what Governor would see now is even more limited.

What's interesting is that people are still going back to something posted in 2005 by a guy who gave up on protecting WoW!Sharp because he didn't have the expertise to handle Warden (that'd be Hoglund), but there are people such as myself who actually know what they're talking about when it comes to Warden and I don't get so much as a question from people like Jon Eldridge. Instead, Eldridge has placed himself squarely in the FUD. Maybe he bought Hoglund's book!

Tuesday, November 18, 2008

Updates and a slight correction

The last post, about WoW 2.4.2 bans, had a mis-statement that is causing some confusion. It says that the bans "hit Inner Space." What it should have said more specifically was that the bans hit ISXWarden and/or ISXWoW users. Inner Space "vanilla" is not something that Warden is actively seeking out and banning for, and this is clearly evidenced by the people (including me) who have been using Inner Space without ISXWarden or ISXWoW for some number of months now. On the flipside, I'm told by people who used ISXWoW without ISXWarden that they were banned within 20 minutes, and people who used ISXWarden were of course banned in waves when detected.

ISXWarden, as many have discovered, is indefinitely shelved, on advice from legal counsel. Without implying anything that I didn't say before, it will be back in the future if conditions allow (or, as previously stated, "as soon as possible"). I can't explain any further at this time, nor can I guarantee that conditions will allow. ISXWarden never was a Lavish Software product -- it is something that I provided personally, for free, and was never advertised or marketed by Lavish Software. And it is not guaranteed by or paid for with a Lavish Software subscription.

On a related note, Inner Space is now enjoying renewed attention from multi-boxers. The excise of ISXWarden has given multi-boxers using Inner Space a sense of safety (ironic?), as they feel less likely to be banned alongside botters. Blizzard could differentiate between the two by detecting ISXWarden or ISXWoW (which they were doing), but this should fix the long-shot case where they might feel the need to ban all Inner Space users. Now the vast majority of people using Inner Space with WoW are sure to be "clean", so there is no reason for that to happen. Blizzard does not take banning lightly, and as multi-boxing is explicitly allowed, they are very unlikely to ban a bunch of multi-boxers who are doing something that shouldn't be considered any different than using other multi-boxing solutions. It's not their prerogative to create problems for good customers -- that would be bad business, and Blizzard is not a bad business.

To that end, multi-boxers are now taking advantage of a number of features they didn't previously have access to from other solutions. Instant picture-in-picture is a big hit. Many are now finding new uses for their G15 or G11 keys, X-keys, or other alternative input devices. Having precise mouse multiplexing (on the same PC or otherwise) is also very beneficial. And to Blizzard's credit, zero Inner Space multi-boxers have been banned, including myself -- my accounts are in my real name, with my real address and phone number, and I pay for my accounts with my own credit cards, so there's nothing stopping them from banning me if they see something wrong with my 5-boxing with Inner Space.

Tuesday, May 20, 2008

May 20th ban wave: WoW 2.4.2

Alright it's no secret that there was a pretty big ban wave in World of Warcraft today, apparently hitting Inner Space, Glider, and unapproved addons, among other things (note: I don't know if they hit unapproved addons, or other things, I'm going off of secondhand information from sources that may not be accurate). Hats off to Blizzard for pulling off the Inner Space and Glider detections without tipping off the communities. It's been a while since the last time that happened.

So to that end, I first need to address the people who are wondering how it happened. ISXWarden and Glider's Tripwire both attempt to identify when a new Warden is distributed with new functionality. So why did neither prevent this ban wave? Simple. Warden was not updated. The detection method was hidden away in the 2.4.2 WoW client itself.

But it's not always that simple for Blizzard to get away with. First, Blizzard has no guarantee that the detection code will slip past researchers. The last time this was attempted, according to my logs, was WoW 2.1.0, released on May 22, 2007. I prevented that from affecting ISXWarden or Glider. This one (2.4.2) happened to slip past -- a mistake that is hopefully never repeated, but errare humanum est. Secondly, Blizzard can only update the WoW client every so often. In the last year, it's been about 1 patch per month on average. And, patches are never secret. Unlike Warden, which can be updated at any time while you play the game, client patches are announced to the public, and everyone is well aware when it happens. So it's no big mystery when to go hunting for new detections in the client, this is something researchers need to do every patch.

Now to address the people asking for details on what was detected. Sorry, but I can't provide that sort of detail at this time. I do not typically reveal that sort of information to the public.

What I can tell you is that today's new release of ISXWarden addresses the problem. I'm well aware that there are people who believe that, and people who don't, and if you're not sure which side of that line you're on, the safest option is always to not use programs that Blizzard will ban your account if they find out. Many people choose not to use those sorts of programs for a while after a patch just in case a situation like this arises.

Thursday, March 27, 2008

More rambling on MDY v Blizzard

Okay so after that last post I've a) got more details from the MDY v Blizzard case (note the bolded update in that post), and b) heard more comments than usual from people enjoying reading some of my personal history. So I guess I'll keep sharing.

On my chopping block today is Edward Castranova, PhD (in economics). Castranova is, no doubt, a very smart man. Relevant to the topic at hand, he has published works regarding virtual economies, including the relationship between virtual and real economies (referred to as Real Money Trade or RMT) which he does not appear to discourage (I could be wrong, I'm no expert on Castranova and haven't read all of his work, but am referring to articles such as this one linked from his wikipedia entry). Castranova provides a document titled Effects of Botting on World of Warcraft (as Exhibit 7, which can be seen via the first link in this post). If I were to stop reading at the title, I would assume that Castranova intended this document to be a general overview of botting. However, the table of contents clearly indicates the document is about Glider. I'll give the benefit of the doubt and assume that the document was not simply edited to replace generic statements about botting to contain the word Glider. But here's the thing. He's an economist, charged with drawing conclusions about the economic effects of Glider (and other bots) on Blizzard. Naturally, he's a good candidate for doing so -- having published works on virtual economies and RMT, and he's at least had experience with MMOs. However, his expertise as an economist doesn't particularly help when the document he's providing is full of assertions about gameplay that are difficult, some maybe even impossible, to back up with actual data, or simply rely on fallible logic with many other explanations, which may be more logical.

I'm quite sure that there are counterpoints to my counterpoints, but where there is no definite answer, debate arises, and I would expect nothing less. I'll just go down the list of "The Harms of Glider" from Exhibit 7, which Castranova explains in his deposition that many of these statements are not a result of any particular study, but of his personal experience and hearsay.

1. Users of Glider increase their characters' level considerably faster than human players, reducing the time spent playing the game
1. As Greg Ashe (Manager of Technical Research at Blizzard) pointed out in his deposition, the difference between Glider and a human playing the same amount of time is negligible:
Q. So other than time and multiple accounts, does it give any special advantage over another player who is actually playing the game legitimately?

A. There are scenarios, I guess, where, you know, specific profiles may give an advantage over a very new player, but that's not, you know, a very practical scenario on a moderately-experienced player.
I'll just let this point ride and not bring it up again in the rest of this post, but it is important to note that the advantage Glider is providing is T-I-M-E. Again from Ashe to back that up:
A. -- time -- player time in the game is really the variable. It's how many hours per day characters are spending in the game and whether those multiple characters are spending, you know, a few hours or a few characters are spending a ton of hours, that's, you know, the variable that's really impacting.
2. This is ambiguously worded, so I can only suppose that it is meant to refer to Blizzard's subscription revenue, because I can't imagine this being construed as harm to Blizzard in another way. I can imagine ways that this is actually better for Blizzard, however. "Less time spent playing the game" could mean less bandwidth, customer service, power, and other expenses for Blizzard.
3. The same point about reducing the time played could be attributed to strategy guides, or quest path guides. Should Blizzard block the sale of strategy guides because they decrease subscription revenue, because people spend less time playing the game?
4. The game does not stop at level 70, and as the game allows several characters per account on a given server, many players will spend additional time playing an alternate character, usually a different class, to level 70. Many players play on additional servers. If subscriptions typically ended a given amount of time after reaching level 70, a profit-minded Blizzard should have designed the game to take longer to reach level 70, but they have in fact shortened the amount of time it takes to reach 70. Therefore, it cannot be assumed that a shorter amount of time spent leveling a single character to 70 translates directly into lost revenue. This means that the $105 in supposedly direct lost revenue per Glider that was calculated in the paper is also inherently flawed, regardless of whether the time estimates to level are accurate. That's not to mention the careful use of "casual" players as the basis for amount of subscription revenue lost -- the comparison should be done against the pool of players of similar play style, and in this case, I believe that would lean heavily toward the "hardcore" players, who typically invest more time per day than 2 hours.
2. Frustration and loss of game satisfaction by average players when Glider bots gain experience points more rapidly than the average user

Wait, there's more. Here's another quote from the same text to go along with this one ("Is it" typo theirs):
From the perspective of the average player, all he knows is that there are other players who somehow have gained 20 levels while he has gained only 2 or 3. Is it difficult for another user to confirm that the players gaining levels at an accelerated pace are botting, so the average player concludes that either he must be an incompetent player or the system is balanced against him
1. These quotes flatly contradict each other. One says the average player is specifically frustrated about bots, and one says the average player is frustrated about players who gained 20 levels while he has gained only 2 or 3, with no idea that he could be blaming bots the whole time.
2. This has been true in MMOs long before World of Warcraft or any complex bots existed. I played EverQuest for years, and from the time I began playing it, as a decidedly average player, I saw people who were online in the game for much longer periods of time than I was. Lo and behold, the majority of those people leveled faster than I, and got "phatter lewt." And bots for the game were all but unheard of. I concluded that these people had more time to devote to the game than I wanted to devote to it, not that they must be cheating, even though I knew as a long-time game automation programmer (I was well known for it on local BBSes, and to drop a few game names: MajorMUD, Tele-Arena, Crossroads of the Elements. Certain crowds know these) that people could be using automation tools. I also noticed that a lot of people played for shorter periods than I did and leveled faster. But I knew that my style of play at that time did not involve simply grinding out levels -- I enjoyed social interaction, exploration, and other activities that had nothing to do with experience points or currency.
3. Essentially covered by 2, but to reiterate without personal anecdote: Different players have different play styles, and different goals. Some people play at odd hours of night, some people play for 3 days straight, some people are willing to sit around for hours and hours simply for a chance at some desirable reward. What these people have over the average player is simply the ability or willingness to spend more time playing the game. I'm sorry, but outlawing botting is not going to buy the average player time, because this problem exists without botting.
4. The system in World of Warcraft is probably always going to be balanced against the player with the least amount of time. That's not because of bots, that's how the game is designed. The player with more available time per day is going to accomplish more and gain more per day. The only time this changes is when balance is shifted away from time, by placing limits on the amount of time any player is allowed to play or, at minimum, allowed to receive rewards.
3. Frustration and loss of game satisfaction by average players when Glider bots decreases the amount of gold average players can earn during ordinary play
1. Okay, the only obvious way that I can see this argument going is competition for resources. The only way this could possibly be directly attributed to Glider or any bot in particular is for the players to be in the same place at the same time, and be competing for the same resource at the same time. First of all, one of the most obvious rules of thumb for a botter is to avoid other players as much as possible, because a lot of players, including those who bot, will report bots. So the botter is already trying to hide from the other players, and does not want to be competing for the same resources, as that puts him at greater risk. Even so, the game is designed to limit the effects of any one player on an entire area -- random spawns for mobs and resource nodes, and so on. And the guy running around mining or collecting herbs has the same chance you do of getting to it first. Kill stealing is pretty difficult with the system World of Warcraft uses for "tapping" mobs. This could be a valid argument in ye olde EverQuest, where you had to specifically kill rare spawns to get phat lewt, and they were on relatively long spawn timers, and may not be seen for days... people sit around at the same rare spawn, monopolizing it and demotivating anyone from trying to take it.
2. The amount of gold average players can earn during ordinary play is bound to decrease over time even without bots. This is all making me think... The problem here is that the game is designed such that the key factor essentially boils down to time -- and indeed Blizzard makes a lot of money by selling customers that time on a subscription basis. Someone with more available time per day will eventually (that is, over a long enough period of time) surpass players with less available time per day, all else equal (the player with more available time per day is also getting a better value for his subscription fees). All that is needed to generate in-game items or gold is time -- the time you spend achieving whatever symbolic goals are on the path to generating that precious resource, be it by looting fallen foes or by practicing tradeskills to craft items. Various in-game resources have various consumption rates (by consumption, I mean effective removal of the resource from the economy, by some game mechanic e.g. soulbound items, selling to an NPC vendor, etc), which may or may not be faster than generation rates -- some may be fast, others may forever have more than will ever be consumed. For any resource where the rate of generation is faster than the rate of consumption, the value naturally decreases in relation to other resources. Currency in this type of game is the most readily available resource -- it can typically be generated in infinite amount by spending time on various infinitely available tasks. A player can kill mobs for hours on end, generating currency and items simply by the act of killing creatures, without even breaking a virtual sweat. The items, in turn, can be converted directly to currency by visiting an NPC vendor (with some exception of items that cannot be sold), for a price that will essentially never change for any given item. So in effect, this problem exists by nature of the design of the game. Any influx of time spent in the game translates to this generation of currency, regardless of whether it is from humans or bots. The supposition I am left with is that any claim of potential subscription revenue loss due to spending less time in the game (e.g. from leveling faster as claimed in the first "Harm" statement) likely conflicts with the devaluation of currency, not to mention the continual growth of World of Warcraft, with now over 10,000,000 subscribers. This growth drives an influx of additional time spent, which devalues the readily available gold. And yet Glider, the most well-known bot for World of Warcraft, claims only about 30,000 active Glider accounts according to MDY's statement of facts.

4. Frustration and loss of game satisfaction when the in-game economy is hyper-inflated, resulting in significantly decreased buying power for normal users

1. See my #2 to previous statement. The in-game economy would be "hyper-inflated" over time without bots. I'm not sure it's a valid conclusion that because bots can cause hyper-inflation, and that the economy seems hyper-inflated, means that bots are a major, let alone the primary, cause. It's asserted repeatedly in this paper that players simply do not understand that the problem is likely bots, even though, again, these assertions have not been based on any statistically significant amount of data.
2. The primary destroyer of any MMO's economy has historically been, to my knowledge and belief, dupe exploits. Dupes allow items or currency to be duplicated at will, which may generate far more currency than average humans, hardcore players, or botters ever dream of making, at a much faster rate. A dupe that goes undetected for any period of time may severely damage the game's economy, even beyond repair.

5. Increase cost to play when average players feel they must pay real world money for in-game gold in order to play the game as intended by Blizzard

(italic emphasis theirs)
I don't even know what to say to this one, other than this has nothing to do with Glider or bots in general, and I've already made any counterpoints I would have made to this.
6. Increased cost of providing the game when Blizzard's customer service representatives must respond to hundreds of thousands of complaints about bots, and millions of complaints about in-game problems caused by bots
1. This statement claims millions of complaints about in-game problems caused by bots, while at the same time the paper says this:

To date, Blizzard has received over 300,000 complaints about botting from customers. Millions of additional complaints have been received in connection with issues of inflation, resource-hogging, farming and other issues that are likely tied directly to the existence of bots, but that players do not understand, or do not acknowledge, are connected to botting.
And this:
The more than 300,000 botting complaints that Blizzard has received does not include complaints lodged by the many current and former players whose game experience was adversely impacted by bots, but did not know the reason for their less-than-perfect gaming experience. Unfortunately, there is no way to ascertain this number, or to quantify these damages.
And this:
Do players even realize that botting is behind the distorted economy? The 300,000 user complaints evidences that many do. Given that over 10 million WoW accounts have been created, however, it is reasonable to conclude that many more do not. Players only see ridiculously high prices for items they need, and ridiculously low returns for hours of game play that would otherwise provide more than enough resources for them to enjoy the game as designed. The ultimate root of these problems -- Glider bots -- is difficult to see.
What I'm seeing is a lot of repetition and pointing out bots, or even Glider, as the "ultimate root of these problems", meanwhile acknowledging that it is difficult to see, that most players do not understand it as such, and so on. If one were to not consider the rest of the possible sources, then it would be reasonable to come to the conclusion that it's all Glider's fault. But the vast majority of the players, clearly, do not blame Glider. What else could players possibly blame the problem on? Something logical? Like players who have more time to spend playing the game than they do? Doesn't the stereotype involve people living in their parents basement with nothing better to do than play the game all day? Or during certain times of year (etc), students with time away from school that have plenty of extra time to play? And one reason for people to use these bots in the first place is to keep up with those sorts of people who can invest more of their own time, to cut out the advantage! If people are really sick of having the disadvantage in the game, they can quit their jobs and spend all day playing too.

7. Cost of resources devoted to detecting Glider bots, and the cost of ongoing programming efforts to overcome Glider's constant development and improvement of its anti-detection software

... I saw a number for this, being something like $900,000 (either per year or total), and now I've spent so much time rambling that I don't know where I saw it. So I apologize if I'm inaccurate here, but I'm going to go with that number. I don't believe that anywhere near $900,000 is devoted specifically to Glider, but I don't think that's important, and here's why. At ~$15 per month, any Glider pays up to ~$180 per year to play a single WoW account. If there are 30,000 active Gliders each with only 1 WoW account, that's ~$450,000 in subscription revenue per month for Blizzard, and ~$5,400,000 per year. Even ignoring the purchase of the account itself, the revenue from Glider users alone is likely more than enough to cover that specific cost, given that the $900k cost would presumably not exist without the $5.4m revenue.

8. Loss of game satisfaction by average players when the presence of Glider bots destroys the immersive fantasy aspect of the game, which is the essence of the product
I can only speak for myself really, but I think "Barrens chat" says enough. I can't imagine the presence of a bot here and there being any worse than reading typical in-game chat.

So basically what I'm getting out of Castranova's exhibit is:
  • The monetary damage amounts provided are based upon flawed assumptions, such as shorter level time = less revenue, and that the average player who uses Glider would have spent 8 months getting level 70.
  • He really, really wants to assert that Glider is the root of WoW's problems and great cause for concern to a player base that would not come to the same conclusion themselves, though there is no attempt to prove the any substantial connection. I can only assume the intended audience does not play World of Warcraft and is unlikely to be aware of differences between types of players, or that other likely causes of these problems exist, and would not be able to make their own logical conclusion, choosing instead to rely on information from such an expert.
Once again it's getting late and I'm getting tired, so this may not be as polished as I'd like, but hopefully I've gotten at least a few good points across to ... anyone at all. Some of my points might be just as bad as I'm saying anyone else's are, but I know there's some diamonds in the rough here ;)

Update: I just got a note that Mercury was actually the developer of one of the now-retro games I automated in the past, Crossroads of the Elements. I didn't realize that, how cool. And I've been Master of Elements on my old local BBS for probably over 10 years.

Friday, March 21, 2008

Legalese and other rambling unrelated to Warden

Okay, first things first. Some blogs and websites just picked up on news about a subpoena I was served in relation to the MDY (Glider) v Blizzard case. My attorneys filed a motion to quash the subpoena, as I was given 9 days to retrieve information not related to Glider, with an overbroad scope. Blizzard opted not to pursue the information that I did not want to present them, and I of course am humbled that they did not feel the need to pour bags of money over my head and suffocate me. While their option to not respond to the motion to quash was reported as a blow to Blizzard, it would not have affected this case one way or another if they did so, and this is probably the reason for such a passive acceptance of the motion to quash.

They could still attempt to suffocate me in their cash at a later date, but I try to tread lightly and hopefully they continue to extend me this courtesy. The information they asked for would not have been relevant to the Glider case in particular, as I have never used Glider -- sorry to disappoint. I think my deposition was shortened by an hour or two because I wouldn't have been able to answer general questions about the use and function of Glider, much to the surprise of Mr. McGee, who represented Blizzard. And I appreciate his professional and respectful manner.

So I've been notified that motions were filed on both sides of the case today (or rather, yesterday, since it's now after midnight). After all of the hullabaloo with my subpoena, deposition, motions to quash, providing documents they probably already had seen from other sources, I'm reduced to a sentence in Blizzard's Statement of Facts and an exhibit (being the portion of video record from my deposition referenced in the SOF. Update: I hadn't actually seen the exhibit at the time of this post, but had assumed that it was the video record. The exhibit documents have been made available at http://gameactivist.blogspot.com/2008/03/legal-filings-from-blizzard-vs-mdy_26.html and my exhibit may apparently just be the portion of transcript from the deposition, not including any video record). But, it's now shown in court documents that I provided Mercury with information on defeating Warden, and that's bound to add fuel to random flame wars between my most vociferous customers and his customers who hate being patronized by my customers. Actually I'm kind of flattered that Blizzard decided to toss my name in the documents in the first place, considering I never got a response to sending them my resume other than the postcard that says "if we are interested you'll hear from us, please never call us or email us." It's almost like I got promoted.

All that aside, I find it hard to side with Blizzard on their arguments in this case, even ignoring my personal conflict of interest. I'm going to mention a few things, and certainly not the most important points, but not going to go into full detail, so forgive me for not wanting to go down the whole list or picking the most important points. One problem is that there are numerous assertions made that are implied or stated to be specific to Glider, when in reality, it could not be verified to actually be. Blizzard has included statements from average customers making complaints that may have been about botting in general, that specifically mention Glider instead. They mention Glider because it's the most well-known bot for WoW. Some customers purport to have identified players using Glider, that could have been using one of dozens of other bots. One in-game petition they quoted from October 2006 says "He's busily spinning around like WoW glider does." The first thing I thought of when I read that was a bug in (some?) bots using ISXWoW, (link is a forum post from October 2006 about a spinning bug in WoWBot) which does not include Glider, which caused the character to spin in circles instead of going anywhere. It's impossible for me to say one way or another whether it was indeed a Glider or someone using any other bot because the quoted text is ambiguous. Then there's a handful of others that also specifically mention Glider, but with no indication of how, or whether, the customer positively identified the bot as being Glider. It seems to me that the analytical ability of these average players could easily be called into question. These people are not experts and although I have no doubt they could have identified a botter, I'm not sure they are reputable enough for their statements with regards to Glider to be taken with anything but a grain of salt.

There's also numerous statements that imply Glider gives players the ability to do various things they would not otherwise have the ability to do, where it is simply not the case. For example, "Glider players have special advantages because they can play multiple accounts simultaneously . . ." -- people have been playing multiple accounts simultaneously in MMOs for years, long before Glider was conceived of. They do it with or without any software or hardware assistance. Some people use WinEQ 2 to help them, because it provides features to help facilitate playing multiple characters on the same computer, without being considered a cheat or hack (e.g. Picture-in-Picture, hotkeys to switch to specific sessions, and so on). Blizzard even un-banned WinEQ 2 users that it had inadvertently banned as part of an attempt to hit Inner Space users, and gave them a couple days on their WoW subscription for the inconvenience.

And then there's "Players that buy gold have an immediate and sizeable advantage over other players, because they can use that gold to buy goods, including armor, weapons, potions and other items, that make their character(s) much more powerful in the game compete at highest level." That's actually fairly ridiculous, and is not much different than having a high level friend. Replace "buy gold" with "receive gold from a high level friend" in the quote, and observe the similarity. The sole difference is that one is for money, and the other is for social currency or in exchange for something else entirely. In either case, the gold had to be acquired by roughly the same methods. One may or may not have been automated, and I would actually wager that more of the supposedly illicit currency being sold or otherwise transferred was generated by human power, or dupes or other exploits, rather than bots. I used to do it myself in EverQuest, manually farming and only using EQWatcher to provide me with an alarm to wake me up to kill a rare spawn or its placeholder every 20 minutes or so. I probably made $10,000-20,000 over a couple years just doing that in EverQuest every couple weeks to help pay the bills. And I knew a lot of people who did that, some of whom tried to hide it from guildmates. I regularly sold platinum to a guild leader, and so on. The people who play the game the most are going to have a surplus, and if they need extra cash, selling that surplus is a wonderful option, and I will stand up for that, even in the face of kids who whine and say it's unfair.

The fact of the matter is that the fun of gaming is different to different people. There is no way to write a policy on RMT (selling/buying gold, etc) that makes everyone happy. The poor kids come into the game thinking they have a level playing field with the rich kids only to find out that capitalism is still in effect, and if the rich kid wants a tradeable item he could get it without spending all of those hours grinding, by instead giving up some of his real life money to another player. This is called opportunity cost. Player A has a job making $20/hr. Player B has more time than player A to spend playing games, and acquires item X with 8 hours of work. Player A could choose to spend 8 hours making $20/hr, or spend 8 hours acquiring item X. Player B is probably willing to part with the item for less than what Player A makes in the same time interval, and player A would rather spend the equivalent of 4 hours getting the item, rather than a full 8 hours, so he pays $40. What exactly is wrong with that?

There is no way to write a policy on botting that makes everyone happy either. For a lot of people, designing automatons is more fun than the tedium of doing the repetitive work that others enjoy. I've been doing it since I was a kid, and I'm no stranger to the debate as to whether botting is cheating. I've been kicked off of local BBSs for automating their games. My crime is that I'm a sort of inventor, and being an avid gamer, I tend to explore lots of ideas relating to games, tinkering and developing new toys I can use to learn more about the games, to speed up repetitive tasks, and so on. I made tools to reverse engineer game databases, revealing the data to players for analysis so they could identify the best equipment to use for their character to do the most damage. I made tools to track the progress of other players and compare how fast they were advancing compared everyone else (you could check the top 100 list and see how much experience each character had). I made tools to automatically map and explore maze-like space games, analyzing the data to find the best spots to build my base and the most likely places to find other players' bases. I made tools for BBS operators to make changes to their game databases and provide a user experience unique to their operation. But what I did the most back then was automate those games, and help others do the same. And none of this was to harm the games or the other players -- in fact, I only started doing that automation at the time because it was the only way to keep up with the people who were already automating it. Other people never automated, but actually had the time to sit around and play the games manually, day in, day out. And some people do that to this day even in World of Warcraft. I'd like to make it clear here that a lot of people really enjoy creating or using bots, and they don't want to harm the game or other players. I would like to see an experiment with WoW with a new server where bots are explicitly allowed, and I'm certain that the people playing on it would have just as much fun, if not more fun, possibly willing to pay more to play, including owning multiple accounts (yes, people do that, but this is not a behavior exclusive to botters!). Granted, I don't think Blizzard will do this, because it would put a positive light on botters or providers of bots, and would have positive commercial impact on those providers, and I assume Blizzard wants to have neither of those things.

The funny thing about it is that there's a lot of fun to be had in messing with other people's bots. In the games I used to automate as a teenager, the bots people used were very primitive. These were text based games, so you'd enter a command to check your health, and it would spit out some text like "Health: 50 / 100". Well a lot of bots were so poorly coded that you could say in chat "Health: 1 / 100", and the bot would think it had 1 of 100 health. Typically in those days that meant hanging up the modem to terminate the connection, and the character could have been left online for several minutes and subsequently killed by random mobs or other players. Or when you entered a room and it lists mobs, the game might say "Also here: a giant rat". This could also be exploited in chat to make a bot think that something was there that really wasn't. For example, "Also here: ^Mw^Mw^Mn^Mn" could be interpreted by a bot as the name of a monster in the room, and to attack it, it might enter "attack ^Mw^Mw^Mn^Mn" -- ^M is a code for Enter in the right context, so a bot vulnerable to this exploit would enter several commands:

  • attack
  • w
  • w
  • n
  • n
This made the bot move to the west twice, and to the north twice. I can't even count the number of bots I made wander into towns where guards would kill them on sight, or I made them run into a room full of monsters that would just plain destroy them, and so on. And people do the same sort of stuff to bots in WoW; you can find videos on youtube of people having fun at the expense of someone else's bot. That used to be all part of the fun. Do you want to give that up? ;)

Okay, I've digressed and this post is way too long and I've spent so much time typing it that I can't think of anything else to write at this point anyway. Good night!