UNOFFICAL MB2 Account system - POLL!

[Bully]

Hey everyone I've got a cool concept drafted up for an account system. This would help greatly with keeping hackers, trolls and griefers banned. Before I start any major work on it please take the time to answer a few questions in this form UNOFFICIAL MB2 Account system poll. You can also find a very simple explanation of the system there if you are interested.

To any devs reading this: I will send a more fleshed out concept to see if it would pass the server list ToS (no promises)

Edit:
People are confused about me "abusing" the rcon system for this. It wouldn't actually give you rcon access, I'm only using it because the rconpassword variable is a very convenient way to store a secret. Also these things are very much SUBJECT TO CHANGE if I find better alternatives.

 

[Bully]

anything that forces players to exit the game to make work is going to be too annoying to join the server in the first place. It also is not very new player friendly since it will seem like they get kicked from certain servers for no reason. There is also the possibility that some people do not want to have their emails associated for privacy reasons

I agree with you on all points actually, that's why I'm polling it. It's just that with the amount of hackers, trolls and griefers about nowadays the tradeoff seems attractive

 

[MaceMadunusus]

It's just that with the amount of hackers, trolls and griefers about nowadays the tradeoff seems attractive

You think creating a discord account or a new gmail is that high of a barrier of entry? You're only costing them a couple more minutes at most. If they wanted to do that, they would be able to even in this system.

 

[Fang]

That's pretty much my highest issue with accessibility. I haven't used a discord auth in a while but I dunno if it can translate (including being re-directed when connecting to server maybe). It would need to link them to the registration easy etc. Noob friendly.

 

[Bully]

You think creating a discord account or a new gmail is that high of a barrier of entry? You're only costing them a couple more minutes at most. If they wanted to do that, they would be able to even in this system.

You are right, just using a discord or google account would be easy to bypass. However, these API's provide tools to counter spammers. One of these tools is already listed in the poll itself, this is the phone verification (discord example: https://support.discord.com/hc/en-us/articles/216679607-What-are-Verification-Levels-). These solutions are not perfect and will never be perfect unless I start asking for passport coupling or something crazy. From an smod perspective the more effort people have to make to bypass a ban the easier it will be to keep them banned because right now its swiss cheese.

Now that I think of it, I could also probably use the steam OpenID to verify if a user has bought JKA (source: ISteamUser Interface (Steamworks Documentation)). I will do some reading into this.

Edit: Wrong Steamworks link, for the interested the actual API call would be ISteamUser Interface (Steamworks Documentation)

 

[MaceMadunusus]

You are right, just using a discord or google account would be easy to bypass. However, these API's provide tools to counter spammers. One of these tools is already listed in the poll itself, this is the phone verification (discord example:

Yes but my point is with each of those steps, all you're really doing is bumping up the time required. Theres plenty of services that let people use dummy/temporary phone numbers to get past things like that.

I would definitely like an official system like this, so long as it doesnt interfere with the game in anyway during periods of attacks for example, but I feel like this implementation will more likely just kill your server because itll end up being annoying for 95% of the people in order to cost the trolls 15 more minutes of effort.

Also relying on steam isn't really the best, since you can buy JKA from Origin, GOG, Steam and have old valid CD installs.

 

[Bully]

Yes but my point is with each of those steps, all you're really doing is bumping up the time required. Theres plenty of services that let people use dummy/temporary phone numbers to get past things like that.

Sure but I think this will become very exhausting and A LOT harder to automate (yes some custom clients automate switching IP address)

I would definitely like an official system like this, so long as it doesnt interfere with the game in anyway during periods of attacks for example, but I feel like this implementation will more likely just kill your server because itll end up being annoying for 95% of the people in order to cost the trolls 15 more minutes of effort.

I think you are right, there is a decent chance such a system would kill my server. I'm not really afraid to take the chance, if people don't like it the community will shift to a new server or maybe they will come back after I revert it. I feel like it's worth a shot, in the end the only thing I lose are monthly server payments.

Also relying on steam isn't really the best, since you can buy JKA from Origin, GOG, Steam and have old valid CD installs.

This I don't agree with. I bet moderation becomes a lot easier when trolls have to spend ~1.66 EUR every account. I'm averaging ~1 hacker ban a day currently (not including trolls, I should keep track of this tbh, would be a fun stat to review)


On a side note, I get a lot of people that are caught in a range ban. This system would solve that too. I could do away with banning on IP basis entirely and move to account based.

 

[MaceMadunusus]

This I don't agree with. I bet moderation becomes a lot easier when trolls have to spend ~1.66 EUR every account. I'm averaging ~1 hacker ban a day currently (not including trolls, I should keep track of this tbh, would be a fun stat to review)

If you want to have it as an additional variable sure. But you have to remember that people do not exclusively buy on steam. If those other platforms have similar APIs to steam I would recommend wrapping those in too so you can check all 3 for a valid purchase rather than only one. That is what I'm saying, don't go require someone who has a valid GOG client version that they paid for to go buy a steam version.

 

[Master Butters]

I think the best thing would be for the devs to implement a login feature to the launcher. Require all players to create an MBII forum account, have that forum login be the launcher login.

Make it so the forums can only accept 1 account per IP (or 1 account per IP per day or something) as well as detecting and blocking VPNs.

Then, all you have to do is log into the launcher and you’re good to play MBII on any server. Don’t know how feasible that would be to implement, but I think that’d be the best system.

 

[idfptgofgop]

Why bully isnt banned yet.. what happend to server rules for server owners ????

 

[MaceMadunusus]

Make it so the forums can only accept 1 account per IP (or 1 account per IP per day or something) as well as detecting and blocking VPNs.

IP isn't a good thing to go off of. It changes too frequently for a lot of people, or many people have the same IP. Since IPv4 is very limited many ISPs nowadays will combine many households under one IP though something called Carrier-Grade NAT. And like you said, easily bypassed by VPNs. You need something more robust in order to handle things like that, such as using Hardware ID. But even then HWID is bypassable but requires more effort/expertise to do so.

Don’t know how feasible that would be to implement, but I think that’d be the best system.

Its not easy at all, like easily a multi-year project to fully implement and test. It is definitely something I would like to have for many reasons though. Ive given the team a couple options that might simplify the task but still requires a lot of effort and has a lot of questions since were reliant on JAMP and cannot go full OpenJK.

Why bully isnt banned yet.. what happend to server rules for server owners ????

This doesn't violate the current set of server rules. It isn't modifying the code of the game, its just taking what is already available and using it in a different way through commands in the same way things like RTV works.

 

[Fang]

I'd rather have a 3rd party option for anyone to use than nothing right for years.

This wouldn't even be a topic if I wasn't watching or dealing with people like master waht with nordvpn.

THiS vIDEo Is SpoNSoReD bY NOrdvpN. STAyiNG SAFE OnliNE is aN eVer groWINg dIfFicUlTy and You couLD bE EXplOitEd By hackeRs. noRDVPN alLoWs You tO CHaNgE yoUr IP ADdreSS, makinG YOu Harder tO tRAck, SeCURinG YouR Privacy. CHEck ouT the link in THE DESCriPTiON to Get 20% ofF fOr THE FiRST two MONTHs And tHaNk yoU to NORDVPN FOr SPONsORINg This VidEo.

 

[Bully]

Poll results - 51 responses​

I will preface this with I AM NOT A DATA ANALYST, I slept through all my formal data analysis courses so interpret these numbers how you will. Also a big for anyone that filled out the form, thank you!

The participators
Out of 51 responses 68,6% would participate in a system like the one I described in the poll. Of those 68,6% people that would participate 62,9% wouldn't mind having a phone attached to the account as an extra verification step. Also the people that would participate were generally in favor of having it be open sourced with a majority of 54,3% however 28,6% of them would prefer it to remain closed source.

The participators were a lot less vocal with only some feedback here and there (and some praises I left out😳). This group approved of the idea but desired official support. A couple quotes:

pitch it to the devs instead of making it only for your server.

I like the idea even if the details are subject to change. A solution needs to be implemented regardless

Nice idea as long as it remains open source so the mb2 community can verify their data isn't being collected.

As a fellow server owner for MB2 I highly like this idea and hope it has success to help counter some of MB2s biggest issues.

The naysayers
31,4% did not want to participate in such a system. This group was a lot more vocal and had more colorful words than the participators. They raised some valid criticism regarding the safety, technical complexity and trouble of using such a system. A fair amount of this group would only accept an official implementation. A few of them also were afraid this system would shatter the anonymity they enjoy in the mod. A couple quotes:

If anything this is an idea that mb2 devs should implement themselves, not a random autist

Although it's annoying to see trolls and tryhards aliasing all the time, people like to be anonymous. [...] Some people will see this anonymous free-reign messaging as mb2's glue, or its poison. It's hard to say how the community will react to this (my guess is they'll deal with it), so maybe you could test it for a few weeks and see what happens.

I don't think it would work simply because atleast 50% of EU playerbase are trolls and this server might just end like BG. The Idea is good but I think the devs would have to implement something like that for the MB2 launcher because this method also sounds annoying.

I would only support launcher based login (Official support only)

I get the idea behind it, but as someone who's not very tech savvy, and I'd guess others would be too, it's kind of inconvenient. I have 5 friends I introduced to the game and had to step by step help them download the mod, with each of them ending up having different issues. Point I'm making is that this will hinder new players easily accessing the game. At the same time, I get what you're trying to do. Maybe if their was a way to communicate with the MB dev team and try to come up with an easy tutorial on it possibly. Other issue I can think of is hackers or griefers simply making new accounts

Hassle
In the poll I also asked how annoying it would be to have to login every time you start a play session. Interestingly 62,8% of respondents found it not annoying to do which is less than the amount that would participate (< 68,6). This tells me that I should focus on decreasing the amount of manual actions necessary to login. I already have some idea's in the works for this but I guess we'll have to see.

What's next?
I'll be quietly working on this for a while with no ETA given and no promises made. That said I will probably go through with it for a week or so and gauge the communities reaction and adjust accordingly. Thank you all for your time and I will hopefully see you all in-game 😳

 

[Deleted member 9255]

62.9% wouldn't mind having a phone attached to the account as an extra verification step

In the poll I also asked how annoying it would be to have to login every time you start a play session. Interestingly 62,8% of respondents found it not annoying to do

 

[erichirari]

 

[Manlet]

Free chombo