Monday, May 27, 2013

CCP's War On Bots: Winter Is Coming

With Odyssey scheduled for launch in 8 days, I'm preparing for what I hope are some botter tears.  I don't expect the level of tears caused by the unified inventory last summer, but I have some hopes just because a lot of botters tend to not follow the game closely.

But I'm already waiting for the winter expansion, at least as far as the War on Bots is concerned.  Why?  When Sean Conover (a.k.a. CCP Sreegs) was in charge I just felt he had a plan.  Sure, the plan was slow moving, but I could track the progress.  I still think Team Security has teeth and I don't see anyone turning off the automatic detection system any time soon.  I bet CCP Stillman has a couple of tricks up his sleeve that we'll see over the next couple of months and I know CCP Peligro will track down freighters full of RMT ISK.  But something just seems missing.

I think that part of the reason is a lack of leadership at CCP.  No, I'm not saying anything bad about CCP Ripley or CCP Seagull.  I'm looking at the holes in the organization chart.  Looking at the CCP jobs page not only shows that the Director of IT Security post unoccupied, but so are the positions of EVE Online Technical Director and EVE Online Executive Producer.  The people in place are good, but they need a full team, especially in positions that require strategic thinking.

The other reason I found this weekend when I watched the Fanfest Dev Track coverage on Twitch over the weekend.  I found the session that featured CCP Seagull and CCP's General Counsel Bill Winter fascinating.

While Mr. Winter was present to talk about the 3rd party developer license, I found a lot of carry over to the War on Bots.  The first answer addressed a concern about the use of the term "3rd party application" in the EULA.  Here's the first answer:
Winter - “The difficulty is that the terms of service were very broad and over time we’ve realized there are some permissible uses of 3rd party -- there are some that are a problem for us.  So what we need to do and what we are in the process of doing right now is making a distinction.  So for example, some people use TeamSpeak, right?  A third party voice system.  And it’s a third party application.  But that actually benefits the community.  It’s great for the game people use it.  It is not a service that we generally recommend for Eve, but we are aware that lots of people use it.  That’s a case where we do not want to ban people for doing that.  But they’re not an official partner so we can’t endorse them.  What we are doing now is work on the terms of service to make that distinction.”
Of course, with the publication of the policy declaring cache scraping against the EULA, that was quickly asked about.
Winter - “So here’s the difficulty.  If you look at the rules, cache scraping was not intended to be a permissible thing.  The reality is CCP allowed it for a very long time and we didn’t do anything to prohibit it.  What we’ve discovered is that many bots and RMTers use that as part of their tools to do the botting that they do.  So the initial reason for coming out on the rule on cache scraping was because we were focused on the botters and the RMTers.  We realized that we sort of overstepped the bounds a bit.  You’ll see that we published it and then we initially added a clarification.  Our intent is not to ban people for cache scraping.  However, if cache scraping is combined with other things that violate the terms of service, for example botting, then we will take action. 

“Over time we are going to amend the EULA and the other terms of service to make that distinction.  But that change, for various reasons I won’t go into, but that won’t happen until probably late fall or possibly the winter release.  So we’ve got just a short period in here.  We did not mean to scare players.  And we’re not, no one intends to ban players for that.  But it’s a great example, because it’s a situation where it is used for bad acts and it is also used for healthy player things, so we need to parse those two, and sometimes it is a little bit difficult.” [emphasis mine]
So we should have a new version of the EULA and ToS to look through by the launch of the winter expansion?  Hopefully the new language will put an end to some of the fighting and bad posting currently seen on the Eve-O forums.

Because of the issue with cache scraping, many in the audience were more concerned with the technique than the future of the licensing agreement, which to me seemed strange.  The following exchange, which started out 3rd part developer vs. lawyer, ended with an unexpected twist when CCP Qc, the lead programmer for CREST, jumped in.
Audience member - “I think that the emphasis should be on outlawing the nefarious activity rather than focus on the method under which it’s done.  So for example, the focus is on you’re not allowed to bot rather than you’re not allowed to bot because you’re cache scraping.  So the emphasis is on the automation rather than on the accessing of the data or the method in which you go about it.”

CCP Seagull - “I guess -- you can correct me if I’m wrong -- I guess cache scraping, it falls in a weird territory because it’s not the intended use of the software and if we open for certain not intended uses of the software then we enter this nasty open world where suddenly other things might be perceived to be allowed.”

Winter - “It’s what lawyers call a slippery slope.  Once you start it can go badly quickly.  You can run downhill fast.”

Audience member - “It’s certainly not the responsibility of CCP to say this is the way to get the market data is through cache scraping or we will always offer this information.  It’s more about letting players do what they want with their data.  And if you don’t want them to do something then you take it away.  But a lot of it, especially market data, it’s harmless.  It’s only when someone tries to automate it and bot and that is the focus of your licensing agreement.”

CCP Qc - “I’ll talk a bit about that.  So, market data, right?  It’s not non-sensitive data, you are circumventing certain design stuff that could harm the game by doing that.

“With respect to cache scraping, we all understand what the intent was.  I think everybody here understands what the intent was.  Certainly not to kill off EveMon.  It’s unfortunate that right now the best channel for you guys to get that information is by scraping local files with no defined format, with no guarantee that next release they will still exist.  Even without legal reasons, for technical reasons we may just change the format on you guys and then you’re left in the dark.  That’s not supercool.  I really want us to push towards, the minute we have CREST live, to address that issue and provide you with better ways of getting that data.”
I have one more exchange I transcribed from the Twitch page.  The exchange followed up on the idea that cache scraping is bad for EVE.
Question - “Is it a problem that some applications built on current cache scraping can be detrimental to the EVE economy if people are using it to update their own market orders very quickly and things like that?”

CCP Seagull - [nods head]

Winter - “The short answer is yes.”

Question - “So, are you saying that programs that are not technically bots but are using cache scraping in such a way to make things detrimental to the EVE economy are not going to be allowed and we’re not going to say because it’s bots, it’s because it’s cache scraping, because there is still user interaction?”

Winter - “Correct.  With the caveat that this is not set in stone, and I probably will get in trouble when I say this, but we are looking at the possibility of actually removing the cache altogether and finding a technical solution for that.  And then this problem simply goes away.  It will be a bit disruptive initially but it will cause people to right themselves and play on an even footing.  No guarantees that that may happen but that is something that is a possibility.”
I've learned in my real world job that once the lawyers get involved that the organization tends to morph itself in ways to adapt to the legal strategy.  With not only a 3rd party developers license as well as a new EULA and ToS on the way sometime in the 4th quarter, I don't see a lot of changes occurring in the way Team Security does business.  Additions to the bots and hacks that CCP automatically attempt to detect would not surprise me, but that is about as far as it goes on that front.  At this point I think everyone will wait on the legal strategy to emerge.  Or, as the vets in null sec might say, "Winter is coming."


  1. It may just be me / my area, but I've personally noted a big increase mining bots. I've identified a corp full of them (40 in corp, at least 35 I've noted as being bots). They still appear to be active after a month or so of me spotting them. Is there any point in flagging these to CCP these days given that they should be "auto detecting" them?

    1. Yes, flag them using the "Report bot" function. There are holes in the auto-detect software. First, from what I've seen on the botting forums, CCP is not trying to target specific pieces of mining bot software. CCP was reportedly looking for 2 Inner Space extensions (used by mission/ratting bots), an auto-pilot to zero hack, and a probe hack that becomes obsolete with Odyssey.

      That leaves behavioral detection on the server. The mining bots can get around doing things like not botting 24/7, which they are now doing. Do they all operate at the same time, or do they rotate in and out so none of them are mining for more than 4-6 hours at a time? If they are rotating, that's to avoid the behavior detection.

      If these really are bots and not ISBoxer users, then with that many bots the odds are good you have stumbled into an RMT operation. That's always good to report.

    2. Thanks for the advice.

      They all behave exactly the same. They mine for around 12 hours (sometimes more), but not all of them in corp will be online at the same time. They appear to have breaks of a day or 2 whilst using other alts in the corp. They operate in maybe 6 or 7 systems and usually have 2 or 3 mining bots in each system.

      I've bumped 4 of them >200kms away from the belt and they all exhibit exactly the same behavior i.e. once they have slowed down from 4500m/s (grin) to almost 0m/s they align back to their previous spot. I bumped one of them 400kms away from the belt (took a few bumps!) and it then just slow boated at 90m/s back to its spot and continued mining. Obviously this behavior is pretty crazy as it could've warped there in a fraction of the time to the rat wrecks / beacon / bookmark.

      Having seen other bot type activity e.g. all belts had been stripped clear and one of them was continually warping between belts for 30mins, I decided to wardeck the corp.

      I went to 4 different systems and killed 2 or 3 mining ships + pods in each system over the space of 2 hours. In the last system I went to, I sat next to one of them in a belt. I shot him. He did nothing. I sat their for another 10 minutes and he warped off to station to empty the ore and warped right back next to me and continued mining. All the time I was flashy red having killed his 2 fellow botting mates in system (pod too).

      All characters in the corp were created in 3 blocks, 10 or 15 at a time, all of them similar looking, none of them are over a month old right now except for the CEO. They all operate in highsec.

      After having blown them up, only the CEO now logs on. The other alts in the corp have gone very quiet (I'm still missing 3 names though atm). I will let the wardeck lapse, observe them a bit more (if they ever log in again that is), report them as bots and then wardeck them again.