GamePress

Spoofing myth debunked

I have been working as a software engineer for the past 9 years, specialized in mobile applications. I can assure you that it is fairly easy to write code and detect spoofers/bots in MANY WAYS. For example, you can check the frequency of the dynamic IP address assignments and make a conclusion. Or even a simple machine learning algorithm which is 3 lines of code in Python can do the job with over 90% accuracy.

Now let's talk business. What a logical person can conclude from this fact? Maybe I am more clever as a programmer than the whole Niantic workforce? OR that Niantic actually WANTS SPOOFERS? IMO, they help the game survive and they actually make a ton of money from them. Don't get me wrong, I don't say that spoofers are more than the actual players. I just say the truth, which is that Niantic is aware of the situation. My 2c

Asked by apax8 years ago

Report

Answers

I've said similar things on this forum and have been vehemently attacked for it. Godspeed.

I totally agree I use to play a mmorpg game in which bots were rampid it took years for them to get rid of them once enough people quit it was in their best financial interest to get rid of them which Im sure they had the capability to do the whole time.

It is even simpler than you think. I think most people can get such software from Google Play and they can simply detect such softwares.

Just check if they have 30+ high-IV Dragonites.

... and how many do they have otherwise it would be me - both I have are high IV or I wouldn't keep them.

People always find the way to cheat this game. It just pointless to catch them similar to 3rd party trackers, they always come back no matter how many times Niantic ban them.

That's not true.You have a Pokemon game server, take a client request, analyze the pattern of IP/addresses etc and know whether the player is legit or not. Simple as that

IMO it has to do with the accuracy. I feel like even a 0.1% chance of banning someone who does not spoof could cause a lot of players to stop playing for fear of getting banned after all their hard work.

Well, that has already happened. They did ban EVERYONE who had rooted phones, were they spoofers or not. It felt really unfair.

You don't work there and don't have any access to their codes to make any assumption like this.
Niantic have been banning bots and android emulator users, which debunks your assumptions that they want spoofers. Why would they ban android emulators for example if they really just want more players?

I just proved you that modern software technology can detect 100% spoofers because I do that for a living. I can also assure you that a moderate programmer with a moderate setup can block at least 90% of illegitimate requests. If you don't believe me I don't care, I have no reason to lie. And of course it's Niantic's fault when they don't keep up with their technology.
They banned android emulators in the beginning when they were making tons of money. And because it's easier to use an existing software which bans all emulators and rooted devices, than to write your own script which detects specific cases of intrusions that concern only your game.

apax, i know you're right.

i think niantic can do with the figureheads.

Either you are oversimplifying things, or you have no idea of what you are talking about, how is the IP address assigment gonna help you catch spoofers? If you are talking about cross referencing SSiD with location, that can be spoofed too..

Some spoof from computers and others by factory rooted phones from china. Is that the same to detect?

Yes, it's the same.

I talk about machine learning. A simple neural network (I assume now Niantic has enough training data) can give at least spoofers/botters who snipe to distant regions/countries .This is very basic setup. If you are willing to further, you can fit a more sophisticated model to give you >95% of illegitimate players. In you combine this with analyzing packets/ addresses etc which I won't explain here you can practically eradicate all cheaters

It's not that simple unless you are only banning the obvious ones, and I believe they do that already with their current technology (if you teleport large distances), so I don't see how your propossed method helps at all.

As long as the spoofer is not stupid and the program used to spoof was made by a competent developer, it's really hard to detect it. And yeah... cross referencing SSID with location is a way to detect spoofing... but then again, if the developer is competent enough, they will pick up on that and cross reference that too with existing lists and spoof that too...

since a permanent ban is in-reservable, banning an innocent player is MUCH worse than letting spoofers go. considering gps shift, network connectivity and other issues, so many people can ban in practice. so unless u have a way to be 100% accrue, u r just talking shit

You just use an algorithm who has 100% sensitivity for false negatives, so what's the problem? A player in my neighbourhood with nicknames LikeMyHacksv1 - LikeMyHacksv20 has been ravaging all gyms since November. My point is, any AI programmer can write a simple function to detect that!

You can stop access to an account without removing it altogether.
They would choose how to 'ban' it...it doesn't instantly magically become inaccessible just because you stop it being accessed.

There is more than one way to skin a cat.

I don't care if they ban or stop them...as long as they prevent them to snipe 100% IV Blisseys the moment the gym changes hand

It was a response to the comment, not to your reply - or my comment would be justified slightly more to the right (like this one)
I was simply discussing a solution to the possible problem the commentor highlighted.

Now I am asking myself why I need to explain this to someone with the credentials you are claimimg.
Relax

I know and I agreed with you in this matter. My anger is towards Niantic not you aSp ;)

You're totally missing the real issue.

Catching the spoofers is not rocket science. You don't need 9 years of experience as a software engineer to factually detect spoofers. There are many ways to check and not all of them require much more than common sense. If all you had to do was "know" someone was spoofing, then it's easy. But it has to be proven in a manner that doesn't make the company look bad. And that burden of proof isnt as easy as "see? This means you're cheating."

The bigger issue is the headache involved with accusing/banning people. There will be a huge backlash and uprising. There will be people who have been banned who are innocent. And once you start going Orwellian on the game you're going to lose a lot of players. People will be less likely to play if they think there is a chance that their hundreds of miles walked and thousands of hours played can be nullified by an erroneous spoof check fail.

And I can hear it already, "yeah but if XXX" or "That won't happen because XXX' Well, if you were right then they would have done it months ago. Don't you think Niantic would be banning more people if it was only a matter of identifying the spoofers? I mean, c'mon.

There's more to finding spoofers and simply finding the spoofers. There's a lot of legalese that all the software engineer background in the world won't help you understand.

Take for instance medicine. If someone finally finds the cure for cancer it will likely be years before it's approved to the public. Not because it doesn't work, but because there's a lot of hoops to jump through before it gets there. It's the same idea when you plan to implement a game-altering algorithm to eject spoofers. ...You can't expect humans to manually inspect all red flags. It's either mostly automated or not happening at all.

In short, finding the spoofers is easy. Nobody, not even Niantic, ever said it was hard. It's how to handle them that creates the problem.

Let me get this straight: You spot a few spoofers 100% accurately, they violate your terms of service, and because of the 'legalese' you don't do anything? Then explain to me why Niantic banned all those innocent players back in August who had rooted devices?In my book, having a rooted device is not cheating

You literally just illustrated my point. In "your" book it's not cheating. You have to draw the line somewhere, and no matter where you draw it someone will be crying foul. Just like you did. Therefore, sometimes it's the path of least resistance to do nothing.

Otherwise, people like you start squawking and complaining and - right or wrong - it's not good for the game.

The 'legalese' is...it is Niantics game, and they can stop anyone they like from playing it.
No one is entitled or has a basic right to access PoGo...all access is at the discretion of Ninatic.

That's it.!

I completely agree. However, the execution of that principal opens up a whole can of worms. Again - right or wrong being irrelevant.

You over think it...it is far more simple than what you have proposed.
You compare the catch location of the mon, to the spawn location of the mon and see if they are vastly different.
Basically, you ask the server to compare 2 fields it already has for all mons. QED

It can be done in real time, and spoofers could be caught as they play.

No algorythms, no false positive.
Sure...it won't catch 100% of spoofers, but it will be 100% accurate.

It is not rocket surgery.

I can work around your solution with IP spoofing and a VPN connection - and so will the hackers that write the programs for all the script kiddes to download and spoof with.

Asp I think you have no idea about software engineering. 'You compare the catch location of the mon, to the spawn location of the mon and see if they are vastly different' That's ridiculous, you cannot find cheaters like that

I think I was running networks and building software when you were an itch in your daddys pants.
The money I was earning from doing this, was what we used to buy my son his first pack of pokemon cards.

First rule...KISS.

I already know how to bypass your solution, just by looking at your description.
I also know that by spoof teleporting you won't get a new IP address...and with a VPN an IP adress can be anywhere in the world.
IP Address =/= location
Secondly, any IP address can be spoof'd too, without even the need for a VPN.
Third, a dynamically assigned, cycling IP address does not prove anyone is a spoofer...just a paranoid internet user that knows their stuff.

They already softban you from catching the mon until you spin the nearest pokestop up to 40 times...so they can clearly tell when someone has 'teleported'.
The way to get around it is to tele to your original location once you have engaged the mon.

The mons already have a spawn location attached to each of them - so it is entirely possible.

First of all, stop the douchebag talk, I have nothing against you

Secondly, my main proposition is machine learning. That's how modern companies detect cheaters. I am tired of repeating the same shit.

Finally, when you change countries to snipe Mr Mimes and Tauros your IP changes. A simple script to detect that can give at least 20% of cheaters. I have tried Necrobot and I assure you that's the case.

Spawn location would be location caught if spoofing unless I'm missing something.

Either when you are spoofing/botting Spawn location=location caught.

Yeah....that is what I said. I was replying to aSp's comment about comparing the two locations. I wasn't sure if I understood him correctly.

So add another field...although when Iasked this question (I have never spoofed) I was told the location on the mon is the spawn location.

If it isn't, then the first step is to add that field to a spawning mon.

Back during the Lapras event we had two spoofers on this board and one posted pics of thier lapras's and they all said Japan. Though I don't know if they used the sniping method that the other poster just mentioned.

One of those spoofers still posts daily but doesn't mention spoofing anymore. I'm only mentioning this hoping he will chime in..

Well, thanks for the thumbs up at least:)

Softbans works somewhat like this in real time.
It saves the last location you did an action (spin pokestop or catch a mon), then compare it with the next location you take a action.

If the two locations are vastly different, it triggers a softban where you can't spin pokestops and all mons flee for a certain time.

Pokemon snipers have come with a way to bypass this by teleporting to the pokemon location, clicking on it and then they come back to the previous location before doing an action (throwing a item/pokeball).

If Niantic started to consider a click on the pokemon as a action, instead of just recording the action when throwing a item or pokeball, it would end pokemon sniping with a 100% accuracy.

I don't see it combating spoofing, tho.
Someone could spoof always on the same city and not snipe.

As I said above, you can use a simple algorithm like Google does for example to detect spam emails. Google does not analyze IP addresses etc, but the behavioural patterns of the user. AI can do miracles nowadays.

"AI" sucks. A lot of important emails have gone to my spam. You want your account to be put in the spam folder by accident?

AI my friend has beat human champions in all board games(chess, go etc), can detect cancer tumours better than a doctor, has beaten the best players in Jeopardy, and in 10 years max will give us self driving cars.

They don't make devs like they used to.
Everything is algorythm this, algorythm that...when there is a far less complex, far more elegant solution that follows the first rule of programming...KISS

That solution of clicking a mon being considered an action is even more elegant than mine...I like it.

Well, the most popular companies rely on their proprietary algorithms, that's how the make money!

Could they not just make the game require to have the gps enabled and then if their at a gym different from the phone's gps then they know?

lol why is it just now getting debunked

You guys keep trying to explain how easy it really is to spot cheaters. it's never been difficult. If they want to find out whose cheating, they can do it easily. I don't think finding the cheaters is difficult at all. Especially for Niantic.

The real issue is implementing the punishment for cheating.

I have worked on the PR side of issues like this. There's so much red tape and nonsense that the average person would say, "you got to be kidding me!" Just like in a few posts above. But I'm telling you from experience, punishing cheaters is the difficult part. Not finding them. Heck, most of us are probably 95% correct in spotting cheaters in our local areas and we don't have access to any data that Niantic does.

If you still doubt me, ask yourself why the bans aren't more widespread. Catching the cheaters is easy. So why do they still persist? Nianitic is a bit trigger shy. And they should be.

Note, people will ALWAYS find a way to cheat. Crime of almost any sort is never eradicated, rather it evolves to adapt to whatever new safeguards show up.

There's a larger financial incentive to stop file sharing than a few dingbats poaching gyms...that's never going to end either.

Lastly, I agree with the disgust over cheaters. It's not like there is anything to gain from cheating here. Nobody is counting cards to bust a casino's bank, nobody is trying to crack into Niantic's shop to steal real money. It's theft of a virtual asset whose only value is within the game itself. You can't even sell what people are stealing from Pokemon Go for real money. Yes, some people sell level 35 accounts for $25.00. But that's hardly a "huge profit."

Awesome response!
It explains why Niantic are averse to doing something about it, even though they should be able to very simply.

As players then we need to make it so that they feel it is in their interest from a PR level to actually do something about it.
If it is bad PR to ban people...we perhaps need to concentrating on making it even worse PR to keep them in game.

Alternatively, they could just make it harder and more time consuming to snipe/spoof, and therefore making it a less attractive way to play the game...thereby doing away with the need to create bad PR with bans.

Ok but I cannot understand this: Back in August Niantic banned all users with rooted phones (and rooting is not cheating). Where was the shyness then?

That action had enormous backlash. Perhaps they learned from that mistake.

I am of a high level and play dead straight, however I have at any one time 12 -24 mons in gyms. In order to get so many I have to be extremely selective about the gyms as in my area it is controlled by a spoofer so over a 100 gyms are impossible hold as they are his personal gyms. What this has taught me is that without spoofers gyms can easily stagnate!!! (These are the ones i look for) It would not surprise me if Niantic realise this and for this reason do not ban the spoofers for fear of gym stagnation.
It sucks though and I would love to play on a level field. Due to spoofers I am always suspicious of other players wondering if they are cheats which sours the whole game for me!