Friday, November 21, 2014

CCP's War On Bots And Illicit RMT: A Quick Update

I haven't written about the actions of Team Security for quite some time now.  The team has quietly worked away in the background while other teams and game decisions start to play a larger role.  Two events yesterday highlighted the change.

The first was that the price of PLEX hit 1 billion ISK before settling down toward the 970 million ISK range.  While players look at the price of PLEX skyrocketing, I see the price plummeting.  The websites selling illicit ISK were already struggling when the price of ISK sold in Jita was $22 USD/billion ISK.  Now that the price of ISK has sunk down to $18 USD/billion, I see only a handful of the sites I monitor trying to stay competitive with the CCP-sanctioned method of buying ISK.  Needless to say, no more graphs about the website price of ISK.  The data just isn't worthwhile.  But at $18/billion, I'm interested to see how sellers without the infrastructure needs react.

The second was a post by CCP Foxfour on the Third Party Developer Blog about market data.  CCP is approaching the point where it will make real time market data available to third party developers.  CCP Foxfour began his post:
"To be clear upfront we do NOT believe this will, nor is this an attempt to, kill web sites like EVE Central. For one the format of this data is not very friendly for many applications. It is not the best optimized if you are trying to bulk get data for many different items from many different regions, and other such things. Web sites such as EVE Central and their APIs will be around for a long time to come. We are however fairly hopeful EVEMon can stop cache scraping after this."

Indeed, Eve Central sent out this tweet yesterday in response to the CCP Foxfour's news:

When I asked CCP Foxfour if the change meant that cache scraping could go away, he replied:

I really, really want cache scraping to go away, and not just because the practice violates the EULA.  Some of the things that CCP's devs have put into the game in the past, like hooks in the in-game browser to make cache scraping easier, also made developing market bots easier as well.  I'm hoping that if the applications that traders and industrialists use start using the CREST API, the market bots will stand out and Team Security can develop automated detection algorithms that can crack down on the cheaters.  The following section of the post really gives me hope:
"The market buy order and market sell order resources will NOT be made available on public CREST. There are several reasons for this but actually this is a good thing for you guys. Since this resource wont be in public CREST but we want you to access it we need to give you authed CREST. Authed CREST actually has a substantially higher rate limit as well. This will require creating an application here on the developers site and select the publicData scope. Yes, this does mean it's going to be basically impossible to get this data straight from CREST into things such as excel or Google Docs as you will have to send custom headers along with going through the whole OAuth flow. However doing this through authed CREST gives us more confidence in releasing resources, it preps the way for authed CREST to private data, and gives us better monitoring/control over people using it." [emphasis mine]
Does anyone really think a bot developer is going to register his/her bot with CCP?  I don't think so.  Hopefully, having to use authorized CREST will mean that only legitimate third party apps will access the real time data and not bots.

That's the quick update for now.  Unless Team Security comes out with a dev blog with lots of nice stats, I probably won't publish another update until next weekend.  I have a lot of data to compile before I can really write another post on the subject.


  1. Market bots will continue to use python injection and intercepting the market data coming back from the servers. I don't think kiling off cache scraping, by whatever means, is going to affect them at all. The client has to request market info before fresh data makes its way into the cache in the first place. If those client requests are done automatically by a bot, why wouldn't it just read the results coming back from the server? CREST will never provide data fast enough for a market bot to function, and CCP can monitor people who use it" all they want, but they're not going to ferret out market bots that way.

  2. Part of the reason is that the IGB has hooks that the bots use in order to run though the data. The hooks were put in place in order to facilitate cache scraping back in the days that CCP devs didn't care about the EULA. Take away the hooks and the bots have to use another way to cycle through the market, hopefully using a technique that is easy to detect.

  3. wow super cheap