**Mastery Loadouts**
Due to issues related to the release of Mastery Loadouts, the "free swap" period will be extended.
The new end date will be May 1st.
Due to issues related to the release of Mastery Loadouts, the "free swap" period will be extended.
The new end date will be May 1st.
Options
Solution to Piloting Alliances in AW
This discussion has been closed.
Comments
I agree with almost everything you have been saying and i know for a fact that they use the deviceID code as previously (around 10.0 maybe) someone found a way to decipher the support url. The data that was sent just to the support url was account creation date, account name, lifetime spend, most recent purchase, deviceID,and maybe one or two more things.
What i disagree with you on, is yes. It probably IS enough to prove sharing, if data was logged by device ID history, and then then one device ID is only used during war attack phase, and used on several accounts. It’s a pretty open and shut case. And they can even track WHO was the pilot by looking back at who is the primary user of said deviceID.
Would only take a handful to show they actually care. And i can think of a certain someone who, in doing so, would be noticed by a lot of people.
That's a lot of ifs that make the question of whether two logins from the same device prove account sharing a completely different question. What you're saying is if several accounts log in from the same device and those accounts only log in during AW attack phases, that is an open and shut case of account sharing.
That's more suggestive, but that would not be enough for me because there are still scenarios that can replicate that behavior, at least once. It would be more difficult to account for that kind of behavior multiple times in different patterns, which is why I mention traffic analysis. Its how this actually works in real investigations: you look for multiple instances of unusual behavior which can be individually explained but not with an explanation that explains them all. You build a strong enough case with enough data that you're comfortable making the inductive conclusion.
A good investigator, by the way, wouldn't be sure of what was conclusive evidence without looking at the data first. This kind of investigation is a complex meet in the middle where the data informs you of what is normal, and then you look for abnormal within that data, as impossible as that sounds. Whenever I've done this type of work, it has always included a reverse analysis that specified that the criteria used to show that something unauthorized had been done does not fit any known innocent behavior in the entire data set. If you state with certainty that X,Y, and Z prove someone guilty, you have to be 100% certain that you know all the times X, Y, and Z actually happened in all of the data you possess, and are certain that all other instances are equally guilty. One innocent piece of conduct that matches your criteria that someone else can discover destroys your entire analysis because it is the very definition of reasonable doubt.
If you repost I promise not be offended.
Would only take a handful to show they actually care. And i can think of a certain someone who, in doing so, would be noticed by a lot of people.
It was about different crimes, and how even though one wasn’t as bad it was still a crime and should be prosecuted. But with more descriptive words.
Not as controversial as I expected
The question I ask myself is, do I want Kabam to spend resources developing this technology to eradicate account sharing or do I want them to spend it eradicating bugs or adding new features in the game?
I’d be surprised if someone isn’t working on this sort of thing for gaming already. My guess is that the 2FA service would have to track something like geolocation. Then it verifies that yep, the person signing in is near the same physical location as the game. Kind of weird to ask people gaming to get access to their location, but, it would shut down all piloting.
Well, this is assuming that altering the 2FA process is tedious, which it typically is. Thus, you can, say setup the 2FA app on your phone, then flip between the phone and tablet for the game. But trying to give the login to someone means giving them 2FA login, which usually requires de-registering a device and registering a new one. And that you can simply say requires a lockout period.
It should be trivial as well to have multiple “game accounts” for a single 2FA account, so all current legal usage would be supported.
Many MMOs already use two-factor authentication systems of some kind. But no two-factor system specifically integrates geolocation because that doesn't address a problem enough people want to spend money on, at least not in the way you're describing.
This would also not eliminate piloting. This would add extra steps to piloting, but it would be easy to defeat. Any technological solution would have to account for the following. I drive to your house. I forgot my iPad. You let me log into the game with my account. Any reasonable authentication system must a) allow for this to happen and b) not detect this as account sharing. No technological system can distinguish between this situation and account sharing, that doesn't involve the phone literally watching the person playing the game and figuring out a way to identify that person. The privacy concerns involved would make this all but impossible to implement by the hardware manufacturers, and without their support the game companies cannot use this.
I think @FingerPicknGood wasn't thinking about geolocating the phone, but rather geolocating the two-factor authentication token or system. This would identify the location of the person, who presumably wouldn't give away their token or it would be too difficult to ship them around, and thus would have to transmit the factor data to the person piloting. You'd then know the token aka the person and the phone aka the game device were physically in two different locations. But this kind of system doesn't actually exist in a practical form, and it contains other weird and nasty problems that make it problematic to build.
Sure, the player could still change his IP, but probably has not that many devices, in any case, it would slow down the account sharing a lot.
As long as they focus on alliance war attack activity, almost everyone would be satisfied by that. AQ would be more complicated, but would be probably the same. I would start applying this in wars.
Again, I’m not talking about using IP location, but things like location services that are combinations of GPS, cellular usage, WiFi, etc. (There was a comment about using VPNs, etc. Pretty sure location services causes all kinds of problems for people trying to hide behind VPNs.)
I’m also thinking this trusted context has to be accessible to both the game and the 2FA mechanism. Which is a really complex and funky user experience and probably why nobody really wants to do it. If I was asked “hey the app where you sign in and the game you want to play both want to track your location” I might get the heebie jeebies.
So yeah, back to the drawing board. Kind of a fun problem to think about though.
It’s not always back to back to back. Some times the piloting is fairly spread out.
I dont think that’s what he was saying. But if someone did invent a system like that they would be very rich after they license it to every competitive mobile game company
What is the root cause of piloting?
Life gets in the way of gameplay.
Lucky/rich but terrible players in alliances they only fit due to roster.
Any others?
People have done that, too. Admit to a wrongdoing and ask for forgiveness in order to get their account back but usually, they just cry "hacking" instead as that generates more sympathy when they post in the forums.
Not really, because general gameplay bugs affect AQ and AW, to an extent more so. The resources for combating issues with solo gameplay i.e. pots, are cheaper and more readily available than for alliance events. I'm way more annoyed about whiffing or hitting through a block occurring on an alliance event than a solo quest.
On a more general note...
If Kabam don't want piloting to occur, create an environment where it is a less necessary evil. If you run map 6, you need 10 people in each battle group working in concert otherwise YOU WILL run out of energy at the end.
We've missed out on map 6 crystals because one person didn't move to a node and the node didn't even have an opponent on it. 30 map 6 crystals gone because that player didn't move to an empty space. If the map didn't require that it run for basically the whole day you wouldn't have to have people choose between playing the game or waking up in the middle of the night.
Actually DNA was pretty close to what I was thinking. And I suspect some very rich people are in fact working on this problem, because it's very interesting to pretty much all mobile applications that have any kind of central server and have to secure data, not just mobile games. I just think that Apple and Google are probably finding more interesting ways to provide secure auth with some privacy.
Lots of ways to skin the auth cat, though. Right now I just think the game's auth system is probably custom, simple and naive. They probably didn't easily keep track of which devices logged in which accounts. So maybe they just do better tracking of that.
Really, it's like tracking the inverse of a "impact user" in social media, where devices are the people and accounts are their connections. You just want to spot any "popular people" or clusters of connected people. Everything will probably need to be reviewed by a person yet, but it's probably good enough as long as the report can pop in for review quickly instead of needing to go through some kind of slow data export and analysis.
How many times do we have to say it. ITS NOT YOUR IP ADDRESS. VPN wouldn’t matter. They would only look for your deviceID.
And you also got the wrong idea of what they’re looking for. They aren’t looking for one account that has multiple log ins from different devices. They would look at the log ins on the account all being from the SAME device ID.
This would mean that the same phone did multiple paths, and the could correlate the log in times with the movements and attack phases in war. It would be easier than you think.
The real issues here is so they even care? And given how the handled a certain high profile case of admitted piloting. I would lean towards thinking that they don’t give a 💩
Well said. Yes, I actually mean it
WE WERE ON A BREAK!