As a long time gamer, a game industry insider, technologist and Pantheon/Brad fanboi this is my expectation of what will destroy Pantheon.
BACKGROUND
I began playing MMO's with my eary entry into UO pre-alpha in 96'. Walking the first unpopulated isometric mmo world with no other players was a unique joy at the time. From UO I then transitioned into EQ beta in Sept. 98' was a new level of excitment as well. This was a new, never experienced before reality of gaming that I knew would be vastly successful.
Back in those days I worked in IT and enjoyed much of the best of things it had to offer. The best computers, biggest monitors, fastest dial-up (ISDN) and so forth.
Over the years that have passed I tried to play as many different types of games and MMOs as I could. And I can say I have played a large percentage of the MMOs that have come and gone(some of them).
A number of years ago I transitioned into working in the game industry which opened up better perspective on how the sausage actually gets made. I have met a number of people that were involved with those early games(still work with a couple) I played such as UO and EQ and have had a lot of fun reminiscing about those days. (One interesting tech note that probably explains why UO had such troubles was their original DB was a big flat file. :) )
So with that background and experience here is what I expect to see happen with Pantheon.
RIP PANTHEON
A game rendered unplayable by Bots, Gold farming, Gold Spamming, account hacking, client hacking, griefing and essentially downright rage-inducing activity.
This is the sad state of affairs for modern era MMOs.
No game company has yet to successfully implement a secure unhackable client, which means cheaters and gold-farming entities will be tearing apart the heart of the game. making tools to give them instant advantage to everything of any value. Monopolizing valuable resources such as housing, named drops, camps, spawns, crafting materials and so on.
Anything that is not server authoritative will eventually be hacked and sniffed out. The fact that no game has found a way to keep the client secure by means of passing a regular changing salt to encrypted packets or identifying illegal client activity and locking it down is a sad reality. Most game companies are more worried about simply getting a successful game out the door to worry about security and defeating hackers. And then after the game is live it is too late, too difficult, and too expensive to implement those important security measures.
The most recent MMO, BDO essentially had to cut out part of the soul of it's game to try and defeat the gold farmers by removing all open market functionality and in-game item trading. Two things that truely define a sandbox MMO.
SOLUTIONS?
One of the best things that can happen in Pantheon is to NOT implement any sort of built in global market and leave it completely up to the players ala EQ 1999 and the fully organic East Commons player bazaar.
Zero ways for outside $$ to enter the economy. No cash shop items should be tradable whatsover.
Introduce one of the most secure in-game trading mechanisms possible, with serious tracking of each party's actual account history. No newbie character should be trading 1000's of gold, valuable items, etc. without some legitimate logic associated with it. Maybe no trading is allowed without an "active" max level character on the account or something like that. The need for mules ala Vanguard should not exist. (Vanguard limited the amount of gold you could own at one point.)
Make as much game activity as possible Server Authoritative.
Find some means of passing a constantly changing salt to the client with encrypted packets? Client hacking will introduce the ability for cheaters to find anything they want on the map instantly and teleport to it, fast run, fly, invis, invulnerable, etc and so forth.
Find some way to defeat harvesting bot's that are repeating very simliar patterns over and over constantly. This can be hard to do as some randomness is not hard to introduce into a programmed bot.
Maybe introduce some type of bounty system for all sorts of observed questionable in-game activity.
A logging system that tracks all manner of questionable activity for regular review and possible corrective action to be taken.
Maybe an in-game warning system used by players of observed questionable activity such as bots, farming, cheating, etc.
REALITY
Pantheon will not be perfect. Just like every other game made, the first and primary directive is to produce and ship. That means some Nice-to-have features will be left out. Which means sadly, security will take a back seat to functionality.
So be prepared fellow travellers for your Pantheon experience to be tainted by any and all of the usual issues MMOs are born with.
Out right hacking in most MMO was rare. Exploiuting an in game bug sur ethat happened a lot but had nothing to do with hacking it was a dev messup. As for gold spam EQ2 had a great system trial accounts could not send global messages and you had to be lvl 10. When paid accounts start getting banned you see gold spam drop off very rapidly.
As for gold farmers who cares it happens it doesnt make or break a game its just annoying.
This is a sore subject for me. Bot activity has made me stop playing games in the past. Blizzard comes to mind on how bad it can get with game companies.
Solutions are a tough nut to crack I am afraid. Encryption is nice but it’s a resource hound on the host infrastructure. There are many protocols for this but once implemented performance is hit first. Many game have tried. Open world game suffer the most due the computing power needed for smooth game play. This gets far worse with the more advanced game engines.
As far as hacking a main game server is it possible? Sure, but there are usually mammoth obstacles to get through and I can only think of two games that were impacted like this. Bad or lazy coding is most common. Kalgore is correct that those scenarios are the most exploited.
Gold farming is a is right up there with account spoofing it won’t be stopped in the short term. We are curious creatures and we will find a way.
As far as killing the game I think that may be over stating it a bit but it does raise concerns. I don’t want it to happen but I am sure it will.
Some good reading on the subject though.
http://www.gamedev.net/page/resources/_/technical/multiplayer-and-network-programming/security-issues-of-online-gaming-r2062
Good post to be honest!
Ox
You're certainly right that the server should keep as much control as possible over the data sent and received. It was said already that they're working hard on making the client as "dumb" as possible.
But another thing that is at least equally important: A strong and active GM force. How often have we read on other games' forums about (suspected) bots who keep running around even weeks after the fact has been posted on the forums? There have to be GMs for every server, round the clock. Reports must be followed upon. Sure it may not always be 100% sure wether you have a bot or not...but if there's a dozen naked characters with garbled names running around the same spot for weeks...the suspicion may be justified :)
Every iteration of EverQuest I've played has been inhabited by a large quantity of bottom feeders and it's doing fine.
You can't get rid of bottom feeders on the internet. You simply can't. They exist(ed) in literally every single onine game that has ever been made, and they will continue to exist until we shift into the South Korean way of requiring a valid I.D. to register a game account so permabans follow you for life.
To be clear, I think SK's system is horrible and I don't advocate for that kind of Orwellian idiocy. However, my point stands.
Liav said:Every iteration of EverQuest I've played has been inhabited by a large quantity of bottom feeders and it's doing fine.
You can't get rid of bottom feeders on the internet. You simply can't. They exist(ed) in literally every single onine game that has ever been made, and they will continue to exist until we shift into the South Korean way of requiring a valid I.D. to register a game account so permabans follow you for life.
To be clear, I think SK's system is horrible and I don't advocate for that kind of Orwellian idiocy. However, my point stands.
Is that seriously True about south Korea?? God could you image the amount of swatting that would lead to in the states . I agree bottom feeders have always beena thing they never really damage anything. If you are on a PVP server kill them and move on. if its PVE then dont buy stuff from people named LIASHJGKLJADDHAF7P9432MK
Kalgore said:
Is that seriously True about south Korea?? God could you image the amount of swatting that would lead to in the states . I agree bottom feeders have always beena thing they never really damage anything. If you are on a PVP server kill them and move on. if its PVE then dont buy stuff from people named LIASHJGKLJADDHAF7P9432MK
The information isn't available publicly but yeah, in some Korean MMOs I've played I've had to spoof the citizen ID check in order to make a valid account. I'm not 100% certain of the details but I believe the purpose is to try to increase accountability on internet interactions. Of course that's pretty scary, though.
Awesome post!! I feel like a newb compared to some of you guys. Maybe if the game is kept hardcore enough...that alone will drive a lot of the cheaters out? Tough topic. I remember when EQ2 had bots that would farm nodes in areas where there were a lot linear nodes. Now, SLR of end game gear is rampid in EQ2. Sure, it is nice to get that 1 piece that eludes you, but in the grand scheme of things...I think it makes the game not so fun. Really, if you can buy anything you want- what is there to look fwd. to?
The worst thing you can do to fight those factors is by screwing over legit players.
Check out Black Desert Online. NO TRADING WHATSOEVER... why? Because Gold Sellers. Guess what... Gold sellers found a way, but legit players still can not trade.
Never. Ever. Screw. Over. Legit. Players.
That being said, let me alaborate on all the mentioned points to show why i don't see most of the issues. Or why i think they will not be an issue and / or can not be avoided whatever you do.
Account Hacking: People talking about hacking don't know what hacking is usually. Hacking does not usually happen in any MMO. Hacking takes effort and while hacking a single person for its account is possible... it is usually not worth the effort. Hacking a server to get multiple user data has not happened ONCE as far as i know. The saveguards are crazy and if you have the machine power and knowledge to hack a server like that,... you will most likely have a well paid job or way more valueable targets then some MMO players. What happened was successful phishing. Nothing more, nothing less. And nothing a game could stop. If players are dumb enough to fall for phishing, it is their own issue.
Client Hacking: Not possible in a MMO whatsoever. No experienced team of devs (and Pantheon has that) would ever allow ANY client side data to influence anything on the server. Ever data is verified on the server as well. So don't be afraid of this. It is one of the easiest things to avoid with a 100% rate. Again, you would have to hack the servers themselves, see point above. Possible in extreme cases, but just not worth it. You don't spend 100 bucks to make 50 bucks kinda deal.
Goldfarming: Will always exist and is a clear sign of a VALUABLE economy. So i see this as a PLUS for the game. If there is no value to items, then there is no value to currency. Gold farmers can be everyone. Hell i do it by that definition, since i enjoy mindlessly grinding mob x for gold more then doing quests. I usually mix it up with farming bosses for sellable drops tho. Bottom line: If you see gold farmers it is a clear sign of a GOOD game actually.
Bots: Easy to get rid of. VERY easy. Why does it still happen? Sad reality: They spend money to be there and companys want that money. Yes, it really is that sad. I am a codemonkey myself and doing a lot of coding for gaming companys as well. I have done anti bot software and was asked to put some ERRORS in so it does not work 100%. There is hope VR does not want errors in their code, but if they want: Bots will exist.
Griefing: Do i really need to talk about this?... griefing will always exist as long as your reputation among players does not matter. If for example you can not trade and solo play is as valid as group play,.. why would you care about your reputation? That is why griefing in modern games is common and back in EQ griefers usually ended up alone, guildless and restarted a new toon where they usually became really nice people. Pantheon aims to do the EQ way, so not afraid of this yet. Apart from that: Nothing a game can do to prevent people from griefing if they really want to.
To sum it up:
There are easy fixed to about every problem. Modern MMO mechanics made most fixes impossible and modern Developer want their paying bots. Screwing over legit players WILL NOT HELP and only piss of your legit players while doing NOTHING to solve ANY issues whatsoever. Think again about Black desert online. No trading because Gold sellers,... and people defended that. Now Gold Sellers found a way and legit players are still screwed over. What is next? Remove any form of chatting because harassment? Remove the Multiplayer to remove griefing? We already have way to few actually multiplayer options in our current gen MMOs. Nothing good can come if we limit them further.
Rattenmann said:Client Hacking: Not possible in a MMO whatsoever. No experienced team of devs (and Pantheon has that) would ever allow ANY client side data to influence anything on the server. Ever data is verified on the server as well. So don't be afraid of this. It is one of the easiest things to avoid with a 100% rate. Again, you would have to hack the servers themselves, see point above. Possible in extreme cases, but just not worth it. You don't spend 100 bucks to make 50 bucks kinda deal.
Well, that's debateable, depending on what you mean.
Every MMO I've played allows a surprising amount of client-side manipulation to affect the server. Speed hacking is a good example of this. While speed hacking should be relatively easy to detect, I have played games where repeat offenders of using CheatEngine to manipulate the game memory that stores player movement speed have gone unpunished. The same principle also applies to a wide variety of easy-to-acquire programs in various games.
CheatEngine is the most notorious example. MacroQuest2 allows you to warp to any zone/location in EverQuest with a simple command, and while not a plugin that is officially sponsored by the development team of MacroQuest2, it is a very blatant example of manipulating client-server communications to lead to some really shitty results.
In terms of having your account or characters compromised? Yeah, not unless you install something malicious. Although the MacroQuest2 plugin that allowed you to crash-to-desktop other players by sending them corrupted packets in /tell or /say was pretty amazing, but nothing on par with having your account compromised.
Rattenmann said:Client Hacking: Not possible in a MMO whatsoever. No experienced team of devs (and Pantheon has that) would ever allow ANY client side data to influence anything on the server. Ever data is verified on the server as well. So don't be afraid of this. It is one of the easiest things to avoid with a 100% rate. Again, you would have to hack the servers themselves, see point above. Possible in extreme cases, but just not worth it. You don't spend 100 bucks to make 50 bucks kinda deal.
Depends on how you define hacking. Hacking can be defined as making something do something that it is not supose to be allowed to do.
Others above gave examples to this.
I'll start off by saying I'd hate to see South Korean based games level of RMT in the chat, etc. I think it needs to be monitored and responded to promptly if it's affecting mass number of players (Trade Chat Spam). It certainly is a turn off to not be able to chat with other players in a scoial game.
-To be honest, it's not so much the client that's the issue as how much the backend databse allows the client to manipulate tables. Client can hammer the DB all day with invalid requests but if it's denied from that action it'll just get them logged and hopefully blocked if the logs are being reviewed. Look at FF14 and it's launch issues with dups and warping as the latest example.
- As a fellow IT I would HATE to have to deal with the logging needed to monitor every trade or mail done in game and the storage needed for that. I can't even speculate whether they have the infrastructure or manpower to do that currently. I agree with your idea of player policing. It doesn't help them to have all that money if noone will group with them.
All in all legit issue to worry about but I think a more layer approach with in-game reporting tools, player policing, good server logging, and a responsive GM team will help to moderate the level of RMT in game.
While I agree with most of what has been said by the OP and others I'm not going to debate any of the issues. I think it's safe to say most of these concerns are mutual concerns for the majority of us all.
I do want to comment on what I think is a solution for much of these issues. A very active GM/Guide community cleaning up things like this would alleviate much of it. I'm sure initially the task could be quite large but once it's handled and the violators are squashed it should fall to a very manageable level.
Of course something like this would take the community as a whole to make it possible. Just like the GM/Guide program of old, volunteers would be needed. I don't see VR being able to handle it all on their own at all.
I would certainly be willing to offer up my precious time to help in this area if it's ever considered.
My 2cp
-War
To add to my comment about client side hacking:
The reason this works in some games is simple: Devs don't care.
There is nothing easier then server side validation of your position. If your client is sending wrong movement values to "hack". Either speedboosts, or even plain out teleporting, does not matter at all. The Server knows your max valid speed and knows your location obviously. If you reach location + x in a time that does not match your max valid speed,... guess what? The server can catch that and do whatever the devs please. Slow you down to a crawl, kill you, bann you outright, teleport you into the air and let you fall,...
I COULD excuse this for very old games. Obviously a system like this is very easy and lightweight, but it has to be in place. Very old games may not have thought about that and now lack the money to add it to the game. Or the code base is a mess after xx expansions and noone is able to include a system like this anymore without breaking things. But modern games? Games in development right now? Every half experienced team should think about this and have zero issue implementing it.
Don't forget: This may sound like a pure anti cheat system, but it is actually not. You can use it to monitor what the player base does. Where do they go, how long do they stay. Figuring out what they like, what they enjoy, what they avoid.. all to improve future content patches. So there are several reasons to have this. No new game should be without it. And "client side hacking" would be outright impossible. Like i said earlier: Very easy to do with a 100% hit rate. People can "hack" to send wrong data over the network, but that does nothing if the server simply validates that.
So, sadly this comes down, again, to lazy developer or planning. If this form of hacking works it is due to inexperience or plain out not caring about it.
Krixus said:Warlored said:Krixus said:One of the solutions is for people to volunteer to join the guide/gm system so VR has resources to deal with the gold sellers/griefers, etc.
copy cat
Didn't even see your post. I'm glad you agree.
hah np! I really think it's a soultion for many many things and hope Brad & TM consider it. Heck make it a perk or something idk.
I have the answer to the gold spammer problem... Once an individual has been determined to be a gold spammer, he gets tagged as attackable to other players, silenced except for /say, reduced to level 1, and yeilds an awesome amount of XP when killed. Sounds fun, doesnt it? I guess this could also be used against hackers, bots, griefers, or any number of punishable offences.
Bots are only a common occurence in F2P titles, any game with a subscription/box price up front, immediately weeds out most of them, because they can't afford to get banned, it affects the bottom line to a point where it is no longer financially feasible to continue.
Gold farmers/sellers fall under the same restrictions, however I'm sure we will see some of it, but if you were paying 50$ for a box, and 15-20$ for a sub just to spam your website and get banned in a day, how long can you do that?
The reason this garbage has inundated our games is simply because of F2P, that honestly is it. F2P = roach motel, no consequences for ban.
Rallyd said:Bots are only a common occurence in F2P titles, any game with a subscription/box price up front, immediately weeds out most of them, because they can't afford to get banned, it affects the bottom line to a point where it is no longer financially feasible to continue.
Gold farmers/sellers fall under the same restrictions, however I'm sure we will see some of it, but if you were paying 50$ for a box, and 15-20$ for a sub just to spam your website and get banned in a day, how long can you do that?
The reason this garbage has inundated our games is simply because of F2P, that honestly is it. F2P = roach motel, no consequences for ban.
Sure maybe Bots and spammers are more common in F2P but I would have to disagree with it not being just as much a problem in subscription titles too. Every game I've played it has been a problem to some degree.
WoW, FFXIV are a couple that come to immediate mind.
It's a problem regardless and should be planned accordingly because being proactive is the best approach in my opinion.
