[thewanderer]

Hi,

I like the idea behind UrT HD's Passport system meant to prevent cheating, since the only viable way to handle that is making players establish an online identity which they can then lose for cheating, while keeping it reasonably hard and time-consuming to register multiple times, which, as I understand, is what the system is supposed to do.

However, personally I would never accept an anti-cheating system that runs on my machine as a "black box" and takes the control away from me. I run UrT specifically because it uses an engine which is open for everyone to see and fix, and I can be assured it doesn't do anything besides what the code says.

Still, an online identity system would be a welcome addition to our beloved, open Urban Terror 4.1. Here are two different ideas, one easier and one designed to be more robust but requiring changes in the client and (possibly) server code. I'm posting them here because I'm not a good coder, but having them implemented could relieve some of the issues that game server administrators are currently facing without closing down the game engine source.

A) Have B3 implement identity checking. If it has access to GUIDs sent by the clients, it can compare them to a central authoritative database for a given nickname. In this case, the database needs to hold the plaintext (in this case, users' qkeys) and respond with a hashed value. Nicknames have to be constant, too.
Example: B3 connects to the authority and requests a GUID of user "Boulder" for game server at dswp.de:22222 → authority generates the hash according to the GUID algorithm and sends it back → user is kicked if it does not match or if an entry was not found at all.
Benefits: easy, non-intrusive implementation; compatibility with all clients; friendly error message on kick that instructs you how to register.
Issues: single authority to be entrusted with your qkey; single point of network failure (as the qkey server cannot be replicated to third parties easily); users need to take the qkey with them; unchanging nicks (but a global alias system can easily be made); vulnerable to replay attacks if the client's network is sniffed; still allows a small timeframe of flood attack between join and B3 kick.

B) Have the client send a proof of authority to the server on connection start. I'm thinking about PKI here. The client generates a signature using his private key and authenticates to the server using it. Signed are: nickname, server address/port and a random string generated by the server (say, an UUID) to prevent replay attacks. The server verifies the signature using a public key stored on an authoritative server, which can be replicated as the data is non-confidential - only integrity, not privacy, has to be maintained across the network.
Benefits: resilient; secure from network attacks; mobility support if required (encrypted privkey in the "cloud" that the client gets via HTTP?).
Issues: still need to manage account registrations in a sensible way. Feel free to point out anything else.

I see solution A) as a stop-gap measure really, but could still be a breakthrough in fighting cheating in UrT - in fact, a complete game-changer.

Now, who wants to implement a B3 (or whatever bot they want to use) module as a proof of concept? :) (Oh, a welcome feature would be banning a client for one day after 20 or so connection attempts without a valid GUID to get rid of the recent spammer)

This post has been edited by thewanderer: 20 September 2011 - 11:25 AM

[FS |HSO|RaideR]

In which case, very sadly you will be unable to play Urban Terror HD. It will have as a requirement use of both our authentication network and our AC client. Both of which will be closed source.

While we don't wish to alienate people in the slightest, this is one thing that i can tell you for certain WILL we a requirement. If you have a personal disagreement with that course of action then we do respect your choice, however you will simply have to not play Urban Terror HD if you make a personal choice not to trust our game.

Many Thanks

[Rayne]

Name one anticheat system you have control over.

[thewanderer]

@Rayne: I don't know of any such software. However, I don't believe in anti-cheating systems' effectiveness either. It's really like an anti-virus program which detects known threats and reacts to them. It might work properly, not work at all or even worse - be too sensitive and kill your game because it thinks something is wrong. Making it react properly to all kinds of activities that the user might happen to be doing is an impossible task.

My proposal for 4.1 is simple enough - it's still server administrators who can choose to ban players. I think that such choices should be left for people to take, as machines are in no position to judge if a person is cheating or not. Of course, they can employ heuristics, but that's all - we're still very far from making efficient use of artificial intelligence on the average computer. After all, the community spirit is maintained by people, not machines, and well-managed servers rarely see abuse.

Perhaps I should explain that my main focus is keeping the game engine free, not preventing cheats. An occasional troublemaker is not worth changing the license to a restrictive one. Apparently, my opinion differs from that of Frozen Sand team members, and I can clearly understand that. At the same time, I have to point out that I was only able to start playing UrT due to mitsubishi's effort preparing the fixed 64-bit version which actually worked. Such forms of community support will effectively have to cease when a closed engine is used for the game.

Urban Terror HD is not released yet so if anyone feels inspired by the original post and ends up writing a B3 module or patching ioquake3, I'm sure it'll be appreciated.
Last but not least, let's not forget that Urban Terror is not the only ioquake3 game out there and such a solution, if designed to be general enough, could be re-used everywhere.

[Rayne]

^^^^^

This post has been edited by Rayne: 20 September 2011 - 06:57 PM

[FS Frankie V]

The anti-cheat is just one of the services that Passport can provide and it’s seems to me that it is an all to common tendency to think of Passport and the AC as one and the same.

Preventing cheating of course is going to be an ongoing battle and I doubt that anyone one the AC team believe this will be a one shot solution and is and will be a continued program into the future as more types of cheats are discovered.

Of the bat though I believe that the current AC configuration will be enough to detect a large percentage of individuals as lets face it most cheats are not that good and in most cases can be assumed that they cheat for no other reason than to be a nuisance.

Cheating has become in a lot of ways a different form of gamesmanship with a catch me if you can attitude and if caught the reaction they get is in most cases the reward that they are looking for, more so if they are back at it again in short order if the only consideration is risk verses rewarded when currently there is nothing at risk besides a ban that is difficult or imposable to enforce based on the ideal of “life time”.

Pests and in all cases of the pest it’s not their presences that is destructive but what it is that they leave behind that causes damage that cannot be repaired by removing them from the services or the ability to even install a system that can enforce a lifetime ban.

The damage thy cause in this case is the suspicion of players who have reached the upper levels of skill necessary to play this game on a professional level are being accused of cheating that in turn they quit playing on the public servers as what’s the use of trying to improve when not rewarded for their efforts.

The AC is the AC but it’s the second part of the Passport system that most on the development of the game is interested in as we can create the cost part of risk by elevating the players statues over time as part of their notoriety that indeed they are that good as a clean player would be more reluctant to through away all of the statues and rewards they have build up over the years for one moment cheating which they don’t need to do because of their current skill set.

As much as I’m looking forward to the anti-cheat part of Passport as part of the games development team I’m looking more forward to the kinds of player services Passport can add as part of the social network / Meta gamming aspects of the game that will allow our player to reach superstar statues with out the need to prove that they had reached this achievement with out cheating.

In the end the best possible solution is to create an environment where no one really cares about random occurrences of cheating as long as the top players can prove that they are not.

[Rayne]

Quick question/suggestion. You always say how cheaters put good players in a bad position. So will passport allow server admins to see their skill level, how long have they been playing (i know this one only applies to how long their passport is active but a super pro guy with a 2 days old passport kicking ass 2 years after passport was officially released is a dead give away), maybe even some extended stats like K:D ratio, 5 servers they play on most, nicknames registered with the account.

I mean if you have a suspicious player and his passport account stats says he most often plays on a server marked with "FTW competition server" or something like that it's sort of a helping hand to the admin. He automatically knows this guy is a pro and takes it in account.

[-VA-Pretender1988]

Rayne, on 21 September 2011 - 05:31 AM, said:

1, maybe even some extended stats like K:D ratio, 5 servers they play on most, nicknames registered with the account.

I dont like the stats K/D ratio to be added to passport because that is a false stats in most gametypes.
Also it wont mix well.

e.g. I dont play with same objective/intensity in all public server.
TDM is practice personal skills and improving weapons. i Dont bother about k/d
CTF to gather speed, agility and stealth. So i dont give any notice to k/d here
BOMB is to shine and show gathered skill. here also team duty is most important but i maintain a high k/d.

Bottom line different people will play different gametypes with different objective and thus k/d will become a headache stats if it influences one's notoriety or other things.

I do like 5 server played most and nickname registered should be back

[Old account 2.f4]

kills/time (minute etc) could be much better for most gametypes

This post has been edited by 2.f4: 21 September 2011 - 10:01 AM

[Rayne]

2.f4, on 21 September 2011 - 10:01 AM, said:

kills/time (minute etc) could be much better for most gametypes

well the K:D ratio is a measure of "skill" sort of in almost every game. Since most popular game mods are TDM for pubs and TS in comps K:D seems like a logical stat to display.
But it doesn't really matter, the important thing is that a server admin has some sort of insight in players stats and history.