The problem we have with top list Of ot server list

[xinn]

@xinn
Ok, lets address one point at a time.
I have to start by asking a question since the parts of my posts that you're responding to, and the way you're responding, makes absolutely no sense:

Why would you assume here that I don't know about the max 4 MC rule when I literally mentioned it twice in my latest post?
In fact I mentioned it literally in the line below the part you quoted me in which you're responding to here in the first quote of your post.

Because you keep talking about the MCs and I assumed you talked about the excessive mcs but now I see that you don't.

MCs will ALWAYS exist and it doesn't matter if those are bots, or simply rune makers. So what is good and what isn't good?
Bots aren't good but would rune makers on bot-free servers be ok?
Bots should be prohibited, but what about the systems which would incentive you to login charactesr (and just stay online)?
Technically you are not botting. You get the idea?
Or maybe I should just show the unique number of connections on the otservlist (servers doesn't provide now such info btw), would that be okey for example for servers in Brazil where a lot of players play from internet caffes? Or what about the countries where a lot of people share the same IP? Technically we can have a situation where 50 different people would be counted as just one. There are always some kind of trade-offs.

Actually there is one thing which I can do (AND WILL DO) which will let people judge (to some degree) even better how populated server is. Ask servers to also return the number of unique connections to the server. So basically if they return 100 unique connections but 400 players online, you will be able to say with 100% certainly that yes, this server is fully populated with mcs.

And if you are interested - most of the servers have around 60-75% unique players.

Oh right, I'm really sorry but I've been here for the last 5 hours answering posts/private messages etc. I really need to go

 

[CesarZ]

Im not hating on no one ot server or saying is bad...What im trying to say is that there is something wrong and unfair for other people happening and some people refused to accept it..
Utorion for sure is not the only server that is doing this but it is an example.. Some of you guys are quick saying ohh he is hating. Is not that. The server is cool, But there is something happening that most people ignore.

 

[Source]

Because you keep talking about the MCs and I assumed you talked about the excessive mcs but now I see that you don't.

Yeah, up to 4 MCs per IP. Maybe I shouldn't have mentioned MCs just in case it could be misunderstood, the point is about cavebotting, I just brought it up because a regular player will usually just play 1 character, while a botter is more likely to use multiple characters, which is mathematically significant in terms of online boosting.

MCs will ALWAYS exist and it doesn't matter if those are bots, or simply rune makers. So what is good and what isn't good?

Hopefully you're not trying to create a strawman here with a "bot vs runemaker" dichotomy that I certainly haven't mentioned here, however it does matter whether it's a regular player vs a cavebotter.
Just looking at the simple mathematics of it: no player is able to play on a server 24 hours a day (for any extensive period), or even if a small percentage of players are, the mathematical mean/average online count is far below 24 hours per day.
A bot is capable of being online indefinitely, not just for one day, two days, three days, literally forever. Compare that with an average player that might play for an average of maybe 3-4 hours a day, lets pick the highest number for your sake; 4 hours.
Now if that player decides to bot instead his online time is an (24/4) = 600% increase of online time.
That's not even considering that any player can literally go on a vacation for a week, not touch his computer at all, and still have the bot running forever, meaning we're not even accounting for things like "days of abstinence" that a normal player would have here which would increase this factor even more, and several other factors we'll just skip here as well for the sake of simplicity.
Would you call a 600% increase of a player count insignificant? This is just in terms of really simple math.

Bots aren't good but would rune makers on bot-free servers be ok?

No, runemakers wouldn't be okay either, they shouldn't be accounted for as online players, but cavebotting is way more serious since it usually takes more of an effort to runemake (gotta get new blank runes all the time after all).

Bots should be prohibited, but what about the systems which would incentive you to login charactesr (and just stay online)?
Technically you are not botting. You get the idea?

Not really, if a player chooses to sit in front of his computer and stare at a character that just stands still all day that's his choice, he's still being counted correctly as long as he's playing on a single character (or in terms of your rules up to 4 characters, personally I think a single character actually makes more sense, but that's just my opinion) and he's not AFK.
What the player chooses to do with his time is up to him as long as he's not a bot.

Or maybe I should just show the unique number of connections on the otservlist (servers doesn't provide now such info btw), would that be okey for example for servers in Brazil where a lot of players play from internet caffes? Or what about the countries where a lot of people share the same IP? Technically we can have a situation where 50 different people would be counted as just one. There are always some kind of trade-offs.

50 different players from Brazil on an internet café sharing the same IP wouldn't be able to connect to the same server because of your rules limiting them to max 4 players from the same IP, so I don't know why you're trying to make this argument in your favor, you have already made a limitation on this, so just keep it at 4 and it's basically a "non-issue" (works decently enough as far as MCing is concerned).

Actually there is one thing which I can do (AND WILL DO) which will let people judge (to some degree) even better how populated server is. Ask servers to also return the number of unique connections to the server. So basically if they return 100 unique connections but 400 players online, you will be able to say with 100% certainly that yes, this server is fully populated with mcs.

And if you are interested - most of the servers have around 60-75% unique players.

Oh right, I'm really sorry but I've been here for the last 5 hours answering posts/private messages etc. I really need to go

Sure.
About a solution to cavebotting btw, here's a really simple solution, I'm sure you can think of something better, but just to have mentioned it: divide server list between servers that either allows botting or aren't able to account for/actively ban botters quickly enough VS servers that doesn't allow it and is able to actively/quickly ban botters, you could even make multiple categories to make it easy on hosters, e.g. within 6 hours, within 24 hours, or within 3 days, and separate list by these criteria using javascript to show/hide entries.
If a server is listed under "botting not allowed and we actively/quickly ban botters" and there is strong evidence of them not taking action quickly enough, either give them a warning or ban them.
Just to be clear: would I recommend this redneck system that I literally just came up with on the spot, not really, but it's literally better than what there is now, the main point is that you should acknowledge the issue and try to start working on it.

Just a minor suggestion btw: I'm not sure for how long you ban servers and everything atm, but when dealing with something that isn't a 100% proof kind of thing like this (and other things like spoofing) and you don't have hard evidence to "catch" someone, imo. you probably shouldn't permaban servers indefinitely on the first infraction, but either ban servers for incremental amounts of time, or even start out with warnings and then with bans after x amount of warnings.
I hear of a lot of permabans, never heard about anyone receiving warnings, so I just thought I should mention it.

 

[Source]

Enlight me how am I supposed to check 1500 single players if they bot or not? The only way is to be sure it to check them one by one (because for example the common rule might be that botting isn't allowed but GM created a special group which CAN bot).

How do you check if 100, 200 or 500 players are spoofed (or afk MCs on an island placed by a GM). There's absolutely no way of knowing without checking them out in-game, so what's the difference here between these afk MCs and cavebotters?
In either case you clearly don't need to check all of them out, just enough for a strong suspicion -> issue a warning or short temporary (incremental) ban unless you have strong evidence of a rule violation -> let the server owner actually contact you for a dialogue so they have a chance to show evidence that you've potentially made a mistake or not -> reconsider -> pardon or punish.

Btw, honestly, you know what's the simplest and probably best solution to all of this? Just remove the online population from the website, or at least the sorting for it.
We both know how easily it can be manipulated and how hard it can be to try to correct for it, might as well just get rid of it (sorting).
Use some other form of system instead, like voting/reviews, website categories (Real Map vs Custom, etc) / sort by map, sort by engine, total uptime in hours, even "total advertisement points" if you'd like to incentivize people to pay even more for your advertisements
Point is there's tons of solutions, but it doesn't matter if you're not motivated or interesting in doing anything about it, nobody but you can change that.

 

[xinn]

@Source:

while a botter is more likely to use multiple characters, which is mathematically significant in terms of online boosting.

I agree with that statement. That's why showing unique connections to a server solves that problem. It doesn't have to be displayed as a pure percentage, more like an bar indicator of how many MCs a visitor can except by joining a server.

it's a regular player vs a cavebotter.

Like I always repeat, I'm not here to tell people how to run their servers, I'm rather here to create an environment where servers can be fairly measured and compared.
From visitors perspective, where the most significant factor is how many players are playing on a server, it doesn't matter if players are using cavebots or logins tremendous numbers of rune makers.
In both cases a regular otservlist visitor would be deceived. He joins a server and thinks that there are for example 100 players online and it's well-populated while in fact those 100 players are controlled by just 25 people. That's the point I try to make.
If the visitors wants to play on a bot-free server, he will basically look for such a server since those are very uncommon. Tibia is basically a game based on botting, just try to spot a moment when XenoBot servers are down (and botters can't use it) to see how the total number of players online drops.

A bot is capable of being online indefinitely,

It's not a case nowadays since most custom clients have the option to auto-login after being disconnected from a server (just like a bot). So a regular person who doesn't use bot can stay online 24h/7. As long as his computer is online (just like a bot).

Not really, if a player chooses to sit in front of his computer and stare at a character

Well, like I said earlier, you missed a point. From otservlist's visitors perspective such character would look like a botter and would deceive him just like a botter. The difference is that such characters doesn't occupy popular hunting spots and doesn't ruin server's economy

divide server list between servers that either allows botting

Yes, that's a thing which I can do and is into my TODO list. Basically there will be some checkboxes which server owners would be able to fill (like having the anti-bot software et cetera).
Than there will be more options to filter out servers in "search" section so it will be easier for for example people looking for bot-free servers to find what they need.

I'm not sure for how long you ban servers and everything atm, but when dealing with something that isn't a 100% proof kind of thing like this (and other things like spoofing) and you don't have hard evidence to "catch" someone, imo. you probably shouldn't permaban servers indefinitely on the first infraction, but either ban servers for incremental amounts of time, or even start out with warnings and then with bans after x amount of warnings.

I tested warning system back in a days - it doesn't work. When people realised that I use that they started to use it against me by basically spoofing and just checking how I ban "servers" or how much time I need to find the spoofing mechanism used by certain server. Then I started to use something which you named incremental ban-system, but only for those servers, whose owners expressed a willingness of fixing their servers as fast as possible. Those were banned for just a week or until they fixed their servers instead of a month banishment. It didn't work either, why? This image expresses more than 100 of words (this guys server's were banned literally like 10 times):

https://i.postimg.cc/j5f9Lgg7/info4-1.png

Right now if I see it was someone's first banishment and he is willing to fix the server asap - the server is unbanned after a week. Otherwise after a month. If it's another banishment or someone intentionally tried to deceive my visitors (by for example logging in fake characters to raise the total number of players online) he is banned for 3 months (same about people flaming me instead of trying to resolve their situation in a civilized manner). If someone uses very sophisticated spoofing mechanisms (which basically required a lot of my time to analyze it/find evidences) - those are perma banned. Same happens to people which were literally banned dozens of time and their whole activity is to create a server, spoof with huge number of players, get banned, create another server (over and over again).

never heard about anyone receiving warnings,

Answer yourself a question. What a regular person can think when hears that person X received a warning? That there was something wrong with it's server (spoofed/counted wrongly number of players et cetera). People will not brag about those things. At the other hand, people who were perma-banned have nothing to lose. They will try to create agenda that otservlist bans people without a valid reasons to push others to for example create different server lists so they can have a fresh start (and new platform to advertise their server). They are incentivized to do that so obviously they will do that. Greed is what push people to do that things. That's for example why Bitcoin works The whole system is based on incentives and human's greed.

Post automatically merged: Aug 17, 2020

@Source
Since you haved added new posts I will also address what you wrote there:

How do you check if 100, 200 or 500 players are spoofed (or afk MCs on an island placed by a GM). There's absolutely no way of knowing without checking them out in-game, so what's the difference here between these afk MCs and cavebotters?

Like I said in other topic. I don't talk about those things since it gives an edge to the people who creates spoofing mechanism. The more I talk about it the more problems I will have in a future (and the better spoofers will be).

Btw, honestly, you know what's the simplest and probably best solution to all of this? Just remove the online population from the website, or at least the sorting.

That would result in losing most of my visitors since this is the factor which matters the most for my visitors.

like voting/reviews

I've also addressed that in the other topic. Review/voting system is worse than sorting by players online. Why? It's way easier to manipulate.
1) it's a popularity contest so by definition servers with more players will have more reviews/votes and will be at top BUT -> point #2.
2) people can be incentivized to write good reviews about the servers they play or bad reviews about the other servers (and there is no way to check if such if a content of such reviews is bad or good).
For example imagine that server X which goal is to be the most popular server in Poland starts giving free gold to their players for writing bad reviews about all other servers in Poland. Those can be things which can be hard to verify like that they bought an item but never received it.
Or like GameMasters creates hidden islands where they create exp monsters for their friends playing that server. Et cetera.
Such system would be basically VERY BAD and doesn't give ANY positive value.
That's why if you see a review systems in environments where money is involved you can't trust them as long as a bar to enter is high.
Steam partially resolves that for example by allowing only people who bought a game and played few hours to write a review. Doctor-review websites in my country allows comments only by those who reserved a visit and paid it using that review website.
On the other hand those reviews also can't be trusted since doctors can request the review-system to remove particular reviews (bad ones) and if they don't do that, they choose a legal path and the burden of proof is then on a review-system website. Of cource since it's a relationship many (doctors) to one (website) review-systems can't just go on war with all that doctors in court and choose to delete the reviews.

 

[Source]

I agree with that statement. That's why showing unique connections to a server solves that problem. It doesn't have to be displayed as a pure percentage, more like an bar indicator of how many MCs a visitor can except by joining a server.

Sure.

Like I always repeat, I'm not here to tell people how to run their servers, I'm rather here to create an environment where servers can be fairly measured and compared.

To some degree you are. For example you already impose a rule on everyone where they're only allowed to count 4 characters as online per IP.
You also would count 500 afk MC (macro chars or custom designed to never get disconnected) as spoofing, wouldn't you?
So you're clearly in the business already of imposing your rules and standards upon server owners, it's just a matter of how much to impose on them.

From visitors perspective, where the most significant factor is how many players are playing on a server, it doesn't matter if players are using cavebots or logins tremendous numbers of rune makers.

You don't think there's a difference between a server with 500 players that are 100% humans and a server with 500 players where 490 of them are MC cavebotters, for a player?
You don't think there's a difference for example just in the matter of simple human interaction?
How many players will be active in game channels on each server you think? ..
Not to mention cavebotters will just stick to one spawn and do the same repetitive things over and over, never questing, never changing spawn, never do anything unexpected unless they're malfunctioning..

In both cases a regular otservlist visitor would be deceived. He joins a server and thinks that there are for example 100 players online and it's well-populated while in fact those 100 players are controlled by just 25 people. That's the point I try to make.

In varying degrees. I've posted several solutions to these problems in this very thread though.

If the visitors wants to play on a bot-free server, he will basically look for such a server since those are very uncommon.

Not really, it varies mostly by client version, newer versions seem to have a lot more bots, with a few exceptions, either way I'm not sure what point you're really making here.

Tibia is basically a game based on botting, just try to spot a moment when XenoBot servers are down (and botters can't use it) to see how the total number of players online drops out.

Arguable, again it depends on client version and the type of server, the more custom you make it the less likely there's bots (since bots are programmed mainly to do basic well-established routines, it doesn't know how to do "new" things), either way we're just establishing how important it is to separate "botting" servers from "non-botting" servers here, since one of them clearly has an advantage when they're not separated.

It's not a case nowadays since most custom clients have the option to auto-login after being disconnected from a server (just like a bot). So a regular person who doesn't use bot can stay online 24h/7. As long as his computer is online (just like a bot).

Even worse. Make a rule about it. Or is your plan of action to stop making counter-measures and let the most ruthlessly exploitative servers win the market?

Well, like I said earlier, you missed a point. From otservlist's visitors perspective such character would look like a botter and would deceive him just like a botter. The difference is that such characters doesn't occupy popular hunting spots and doesn't ruin server's economy

It's beside the point how it "looks", what matters is what's actually going on.
If the player is not afk he will be able to respond to human interaction, if it's a bot it won't be able to respond to human interaction, and that's where you catch and separate the two.

Yes, that's a thing which I can do and is into my TODO list. Basically there will be some checkboxes which server owners would be able to fill (like having the anti-bot software et cetera).
Than there will be more options to filter out servers in "search" section so it will be easier for for example people looking for bot-free servers to find what they need.

Awesome

I tested warning system back in a days - it doesn't work. When people realised that I use that they started to use it against me by basically spoofing and just checking how I ban "servers" or how much time I need to find the spoofing mechanism used by certain server. Then I started to use something which you named incremental ban-system, but only for those servers, whose owners expressed a willingness of fixing their servers as fast as possible. Those were banned for just a week or until they fixed their servers instead of a month banishment. It didn't work either, why? This image expresses more than 100 hundred of words (this guys server's were banned literally like 10 times):

https://i.postimg.cc/j5f9Lgg7/info4-1.png

Gamers will game. Once you've had enough you're in your full right to permaban.
It's a similar situation to street beggars irl. Many of them will use the money donated to them for drugs, basically abusing people's kindness.
But does that mean you should never donate again because some people abuse the system? Just gotta get smarter.

Right now if I see it was someone's first banishment and he is willing to fix the server asap - the server is unbanned after a week. Otherwise after a month. If it's another banishment or someone intentionally tried to deceive my visitors (by for example logging in fake characters to raise the total number of players online) he is banned for 3 months (same about people flaming me instead of trying to resolve their situation in a civilized manner). If someone uses very sophisticated spoofing mechanisms (which basically required a lot of my time to analyze it/find evidences) - those are perma banned. Same happens to people which were literally banned dozens of time and their whole activity is to create a server, spoof with huge number of players, get banned, create another server (over and over again).

Pretty filthy tactics for sure.

Answer yourself a question. What a regular person can think when hears that person X received a warning? That there was something wrong with it's server (spoofed/counted wrongly number of players et cetera). People will not brag about those things. At the other hand, people who were perma-banned have nothing to lose. They will try to create agenda that otservlist bans people without a valid reasons to push others to for example create different server lists so they can have a fresh start (and new platform to advertise their server). They are incentivized to do that so obviously they will do that. Greed is what push people to do that things. That's for example why Bitcoin works The whole system is based on incentives and human's greed.

Makes sense.
Not sure about Bitcoin or what exactly you were thinking about it, I use it to pay developers personally to maintain my privacy, but there's for sure a lot of greed when it comes to the stock market side of it.

Like I said in other topic. I don't talk about those things since it gives an edge to the people who creates spoofing mechanism. The more I talk about it the more problems I will have in a future (and the better spoofers will be).

Sure, I'm pretty sure there's no heuristic difference between cavebotters and MC macros placed by GMs though, just thinking about it logically it's literally the same thing except that it's controlled by one person in one case, multiple people in another, there's literally no other difference, unless you want to argue semantics macro vs cavebotting which would be missing the point.

That would result in losing most of my visitors since this is the factor which matters the most for my visitors.

But is also the most unreliable data point. Agreed?

I've also addressed that in the other topic. Review/voting system is worse than sorting by players online. Why? It's way easier to manipulate.
1) it's a popularity contest so by definition servers with more players will have more reviews/votes and will be at top BUT -> point #2.
2) people can be incentivized to write good reviews about the servers they play or bad reviews about the other servers (and there is no way to check if such if a content of such reviews is bad or good).
For example imagine that server X which goal is to be the most popular server in Poland starts giving free gold to their players for writing bad reviews about all other servers in Poland. Those can be things which can be hard to verify like that they bought an item but never received it.
Or like GameMasters creates hidden islands where they create exp monsters for their friends playing that server. Et cetera.
Such system would be basically VERY BAD and doesn't give ANY positive value.
That's why if you see a review systems in environments where money is involved you can't trust them as long as a bar to enter is high.
Steam resolves that for example by allowing only people who bought a game and played few hours to write a review. Doctor-review websites in my country allows comments only by those who reserved a visit and paid it using that review website.
On the other hand those reviews also can't be trusted since doctors can request the review-system to remove particular reviews (bad ones) and if they don't do that, they choose a legal path and the burden of proof is then on a review-system website. Of cource since it's a relationship many (doctors) to one (website) review-systems can't just go on war with all that doctors in court and choose to delete the reviews.

I know what you're saying, but there are solutions around this.
Mr. Texas, Xenobot guy, I don't remember his name, wrote a post about it yesterday or today in the other "problem with otservlist" thread, mentioning some (imperfect, but functional) solutions, such as JS fingerprinting, which is imo. the strongest technical solution, however invasive it might be.
There are other solutions, for example if you can co-operate with OTLand on this, you could create an API (or OTLand could) to allow you to link forum members up with otservlist reviews and use OTLand metadata to highlight the reviewer's OTLand data, such as post count, etc, allowing players to make their own informed decisions.
Basically I agree that a voting system is flawed, so I wouldn't recommend for using an "average" score for any OT since the data would likely be fairly unreliable, but it can still be useful information for a player looking for a server to play since at least some of the reviews will inevitably be useful.
You could also for example allow image attachments and/or cam/video attachments for people to upload their own proof.

 

[xinn]

@Source:

For example you already impose a rule on everyone where they're only allowed to count 4 characters as online per IP.

You miss a point. I don't tell them that they are not allowed to accept more players from single IP. I just tell them in what numbers otservlist is interested (so visitors can to some degree compare servers).
They can do whatever they want as long as a metric which otservlist uses for comparision is returned correctly. It doesn't matter to me what design they use. They have full freedom.

it's just a matter of how much to impose on them.

Again. What matters to me is the "active players" metric. For example I wouldn't be against for example a server which has 400 fake-characters which are AI war bots as long as those characters wouldn't be counted as active players.

You also would count 500 afk MC (macro chars or custom designed to never get disconnected) as spoofing, wouldn't you?

If those were fake-characters created by the owner which were counted toward the number of active players (to deceive my visitors) - yes.

About the rest of your answers, I will sum it up with one sentence: Rules which can't be enforced can't be rules..

Try to design a verification method where you will be 100% sure that a server doesn't break your "bot" or "staying afk" rule which you ask me to add. Keep in mind that this must be easily verifiable since you have 20k players to check on 600 servers. And it would be great to check the same server from time to time. Also, keep in mind that if you start enforcing it, people which would fool you somehow, will have a huge advantage over those who follows your rules so you have to count for EVERY edge-case. Write it down, step by step, how you think I can check that server and I will show you how it can exploited, ok?

such as JS fingerprinting, which is imo. the strongest technical solution, however invasive it might be.

JS fingerprinting is based on data generated by your machine. Imagine I can download firefox sources, check how you generate fingerprint on the website and change mozilla sources to return you random data which would break your fingerprinting. It would take only 1 person to dig into the sources and release such tool to break the whole mechanism.

Ok I need a break in this topic. I've been already here answering pms/you for few hours and there is still one topic to be adressed out.

 

[Source]

You miss a point. I don't tell them that they are not allowed to accept more players from single IP.

If anything you're the one missing the point unfortunately.
You quoted me (poorly) earlier saying

it's a regular player vs a cavebotter.

That's what we were talking about, you decided to answer with "I'm not going to tell anyone how to run their server!", but please tell me, who ever made the case that you have to "tell everyone how to run their server" other than you? <.<

Again. What matters to me is the "active players" metric. For example I wouldn't be against for example a server which has 400 fake-characters which are AI war bots as long as those characters wouldn't be counted as active players.

Then we agree. That's the point I was making all along, bots shouldn't be counted as players.

If those were fake-characters created by the owner which were counted toward the number of active players (to deceive my visitors) - yes.

Good, my point here was that unless the owner is completely stupid, you can't prove that these "fake characters" are "fake" without looking for them in-game.
Earlier you used the defense about cavebotters that "you would have to manually check every cavebotter in game, and that's impossible! Too much work!", but it's literally the same with "fake" (macro MC) characters.
And yes, I'm avoiding going into details here as well (for your sake, not to teach more people how to exploit your systems), I know what exception you're thinking of, which is what I called "GM stupidity" here, but unless they're stupid you have no other option atm. than going in-game and looking for these characters (or have someone report them for you).

About the rest of your answers, I will sum it up with one sentence: Rules which can't be enforced can't be rules..

I would never mention anything here that can't be enforced, I've made it very clear how you can enforce it in previous posts.

Try to design a verification method where you will be 100% sure that a server doesn't break your "bot" or "staying afk" rule which you ask me to add.

I've said it before: there's no 100% sure way to catch spoofing either, you seem to raise the bar when it comes to suggestions or ideas coming from anybody else without accounting for the bar actually having been raised in comparison with your current solutions, seems kinda irrational.

Keep in mind that this must be easily verifiable since you have 20k players to check on 600 servers. And it would be great to check the same server from time to time. Also, keep in mind that if you start enforcing it, people which would fool you somehow, will have a huge advantage over those who follows your rules so you have to count for EVERY edge-case. Write it down, step by step, how you think I can check that server and I will show you how it can exploited, ok?

I already have.
You sort of keep subtly changing the topic, poorly quoting me (and others), and just keep asking me to argue a point that's already been argued, it doesn't really make sense, kinda feels like you're not interested in actually changing your systems any, but rather to just give the impression to everyone that you're "not close-minded" or something, "you're really trying to change your systems", whatever is on your agenda, I don't know.
I'm trying to be charitable with my interpretation here, but I can only be charitable for so long.

JS fingerprinting is based on data generated by your machine. Imagine I can download firefox sources, check how you generate fingerprint on the website and change mozilla sources to return you random data which would break your fingerprinting. It would take only 1 person to dig into the sources and release such tool to break the whole mechanism.

You're kinda exposing yourself of really having no idea what you're talking about here. JS isn't even a component of firefox, it's literally its own language.
Is it "100% fool proof", which you keep asking for, no, but literally nothing is, especially not any of your current solutions.
I see why you have to push the narrative that every single person you punish is justified now, since you clearly have some kind of personal need to feel like you've never made a mistake or something, probably something you should look more into; have some time for some personal reflection, maybe take a vacation off or something.

Ok I need a break in this topic. I've been already here answering pms/you for few hours and there is still one topic to be adressed out.

Take your time bud, it's not a competition. Although if it was, I would definitely win

 

[xinn]

@Source

You quoted me (poorly) earlier saying

True, sorry for that. I've re-redacted my answer after writing it in notepad, now I don't even know why I mentioned that sentence.

Earlier you used the defense about cavebotters that "you would have to manually check every cavebotter in game, and that's impossible! Too much work!", but it's literally the same with "fake" (macro MC) characters.

Ok. I believe I know from where the whole misunderstanding comes. Let me put that in this words which should be easier to understand than all those wall of textes. This is not the same work. Why? It's because in most of the cases I can distinguish between a fake player and regular player without logging in to the server and checking all players one by one but in 100% cases I wouldn't be able to distinguish if a character is botting or not without logging in and checking that character in game, those, making such rule basically impossible to enforce. Same applies to staying afk (for any gratification).

I've said it before: there's no 100% sure way to catch spoofing either

The whole thing here is about the time needed to be close to certain about the things. Like I mentioned above. Checking spoofing and checking all characters one by one in game to see if they bot are on whole different levels of time needed.

You're kinda exposing yourself of really having no idea what you're talking about here. JS isn't even a component of firefox, it's literally its own language. (...)

I'm sorry but actually you have no idea what you are talking about and why I even mentioned firefox. So let me explain. JavaScript to be interpreted or compiled (JIT) needs a JS engine. In firefox case it's SpiderMonkey which is developed by Mozilla and comes with FireFox's sources. It's way easier to download the firefox addon which breaks fingerprinting (those making reviews look like written by different people) then login significant number of fake characters and not get caught.

I see why you have to push the narrative that every single person you punish is justified now

Yes I do have an inner need to justify banishments. I believe every person who has this kind of power should have such need so he doesn't become a dictator at any point of time.

The rest of your reply which I didn't quote can be explained with the second paragraph of my reply.

Take your time bud, it's not a competition. Although if it was, I would definitely win

Only if it was a competition about who has most chromosomes. I give you that, you would win (✌ ﾟ ∀ ﾟ)☞
(don't take it personally, no hard feelings )

 

[Source]

Ok. I believe I know from where the whole misunderstanding comes. Let me put that in this words which should be easier to understand than all those wall of textes. This is not the same work. Why? It's because in most of the cases I can distinguish between a fake player and regular player without logging in to the server and checking all players one by one but in 100% cases I wouldn't be able to distinguish if a character is botting or not without logging in and checking that character in game

No, you can't. Only in the cases where the owner logs all of the characters in at the same time or something, which will make a consistent pattern each SS on your bs graphs which you apparently think is science, but if the players are logged on at random intervals, or just done slightly cleverly, you won't be able to 100% detect it at all.
Even these heuristic techniques you're using with graphs and everything, it's not 100%, it's just guesswork based on patterns, pretty much none of it is "100%", so you should just stop misusing such words, it's just muddying up the conversation.

The whole thing here is about the time needed to be close to certain about the things. Like I mentioned above. Checking spoofing and checking all characters one by one in game to see if they bot are on whole different levels of time needed.

Then you're basically admitting that you can't and won't even try doing anything about "well done" spoofing either. That's just really really bad.

I'm sorry but actually you have no idea what you are talking about and why I even mentioned firefox. So let me explain. JavaScript to be interpreted or compiled (JIT) needs a JS engine. In firefox case it's SpiderMonkey which is developed by Mozilla and comes with FireFox's sources. It's way easier to download the firefox addon which breaks fingerprinting (those making reviews look like written by different people) then login significant number of fake characters and not get caught.

Then you should've mentioned SpiderMonkey or Firefox's JS engine, not "firefox sources".
Either way I'm not disputing that you can tamper with JS one way or another, but it's way way more complicated than pretty much anything else.
There's a ton of variables involved, even if you were to theoretically change all of them without breaking the browser, you'd have to 1) Recompile the entire browser everytime you want to change these variables, 2) It's a ton of work and very few people are able to do it, so in practice it basically just works, that's all that matters.
I don't care whether you go with it or not, I didn't even say I recommend using JS fingerprinting, it's just one of many strong techniques that could be used if you care at all about looking at potential solutions.

Yes I do have an inner need to justify banishments. I believe every person who has this kind of power should have such need so he doesn't become a dictator at any point of time.

Justifying your every action is exactly what a dictator does though... <.<

Only if it was a competition about who has most chromosomes. I give you that, you would win (✌ ﾟ ∀ ﾟ)☞
(don't take it personally, no hard feelings )

That's fair, I do have more than 20 chromosomes unlike you, so I definitely win there as well

 

[xinn]

@Source:

No, you can't. Only in the cases where the owner logs all of the characters in at the same time or something, which will make a consistent pattern each SS on your bs graphs which you apparently think is science, but if the players are logged on at random intervals, or just done slightly cleverly, you won't be able to 100% detect it at all.

Now you clearly have some problems with understanding the source text. You try to disprove the argument which wasn't made by me. I said in MOST of the cases, not in ALL of the cases. I hope you understand the difference.

Then you're basically admitting that you can't and won't even try doing anything about "well done" spoofing either. That's just really really bad.

That's just your faulty assumption.

1) Recompile the entire browser everytime you want to change these variables

LUL xD

Then you should've mentioned SpiderMonkey or Firefox's JS engine, not "firefox sources".

Technically I was 100% correct. SpiderMonkey sources are A PART of firefox sources. You are cherry-picking.

it's just one of many strong techniques that could be used if you care at all about looking at potential solutions.

Such a strong technique which can be broke with 1 firefox addon.

 

[Source]

Now you clearly have some problems with understanding the source text. You try to disprove the argument which wasn't made by me. I said in MOST of the cases, not in ALL of the cases. I hope you understand the difference.

No, that's just the point. Nobody's said you're not able to ever detect spoofing, the point is there is no "100% fool-proof" solution to it, which is what you asked for.
If you hadn't been so foolish to keep insisting on a "100% fool-proof solution", we could've avoided all of these "misunderstandings" as you call them, intentional distractions as I would call them.
"It's not 100% fool-proof!" has been your excuse to dismiss every suggestion/solution I and others have come up for you.

That's just your faulty assumption.

It's an assumption based in evidence (your answers) and your attitude about every suggestion you ever get.
You keep asking for things like "100% fool-proof solutions" when your own solutions aren't fool-proof, basically it just looks like you're trying to whitewash your reputation without changing or even reconsidering anything.

LUL xD

Glad you've finally come to your senses and realized your defense against JS fingerprinting is pretty laughable, now you know how we feel when talking to you

Technically I was 100% correct. SpiderMonkey sources are A PART of firefox sources. You are cherry-picking.

You really don't sound like a developer at all if you don't understand the difference between the language "firefox JS engine" and "firefox sources".
Why would you even randomly bring up firefox instead of simply saying "web browser" or "JS engine in a browser"? It's like you've never had a discussion with anyone in your life and only know how to speak in generalities and expect everyone to just magically "get" and agree with you without having actually laid out any arguments ever.
Do you surround yourself only with people who agree with you or something?

Such a strong technique which can be broke with 1 firefox addon.

Are you actually this ignorant or are you just intentionally spreading misinformation at this point?
If you're against all odds are talking about NoScript, you're aware you don't actually have to install this to disable JS, right?
And you're also aware that you won't be able to use 90% of the web without JS, right?
Can you actually say something specific for once so I don't have to guess wtf you're actually saying 90% of the time like you're some kind of stage magician trying to disappear in a puff of smoke with every chance you get?
If you don't improve I'm probably just going to stop responding since this is starting to feel like a complete waste of time.
Looks like everyone else has already given up on you in this thread: Should OtLand Open New OtServerlist site? (https://otland.net/threads/should-otland-open-new-otserverlist-site.272217/page-3).

 

[xinn]

No, that's just the point. Nobody's said you're not able to ever detect spoofing, the point is there is no "100% fool-proof" solution to it, which is what you asked for.

Again. You are claiming something which I literally didn't say. What I said is that I can't add such a rule about a botting because I wouldnt be able to enforce it. Why? Because the ONLY way to check if a server is trully bot-free is to check each character one by one by logging in to the server and interacting with them. And obviously IT CAN'T BE DONE on a regular basis.

TO TLDR this topic. This is what YOU exactly said about HOW I can check servers if they are bot-free or not and when I can "ban them" (or flag, whatever you meant).
1) Check the average time the player was logged in/day. Which is silly because:

• if I make a rule about the max time online per character after which the server would be flagged as "botting" (for manual checking) server owners would:
• force people to logout after X hours so after that time botters would be also forced to change their characters so they don't fall into that flagging thing. Yet, they would still be botting, just on another character.

That rule which you made is also silly because it doesn't take into consideration:
a) hardcore players
b) shared characters
c) rune makers (okey, you also wanted to rule them out so don't take them into consideration)
All those players would also have some-kind of restriction based on your silly rule.

That was your first argument. Second was that I can check manually one-by-one by "interacting with potential botters" which is also silly because noone ever would have a time to check all the servers and all the players. Not to mention that people can simply be afk and don't answer for some period. Or just didn't feel like talking to you so to check them and be 100% sure that they bot or not, I wouldn't just have to message all the players from temple to see their response but I would have to go to the same place as a potential botter and observe it how he behaves. Just XD
Also I want to mention that "checking interaction" by writing a message to potential botters (to all the potential botters on the server) can't be done because server owners blocks such massive communication so people can't spam their players with advertisement.

You basically make silly assumptions, silly arguments, you don't understand a written text, you don't understand a long-term of rules which you would like me to introduce and argue with something I didn't say (!).

If you're against all odds are talking about NoScript, you're aware you don't actually have to install this to disable JS, right?

xDDDDDDDDDDDD

And you're also aware that you won't be able to use 90% of the web without JS, right?

xDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD

If you made such an argument you clearly can't think logically. The first thing which ANYONE would do if he wanted to use fingerprinting on his website, would be restricting access to the part of the website for those who doesn't have JS enabled. You can't generate fingerprint -> you can't access the website.

I was actually talking about the addons like CanvasBlocker or CyDec Platform AntiFingerprint. Again you try to sound professional but have 0 real knowledge.

I'm sorry but I really don't have patience to make my point over and over again. You clearly will not understand it, you will just again mix my words or do assumptions which can't be based on a written text.

If you don't improve I'm probably just going to stop responding

YES PLEASE DO THAT. Don't waste my time.

Seriously. I never wanted to say that but go create your own server list and introduce all that silly rules you wanted me to introduce. I would LOVE to see how you enforce them. I'm closing this topic. Total waste of time.