Page 1 of 15 12311 ... LastLast
Results 1 to 10 of 146

Thread: Alternative to Captcha

  1. #1

    Default

    So that means that no one will be able to run Evony from their school, office, library etc, unless they managed to be one of the first 3 lucky users.
    Keep the captcha. The only people complaining are the botters and at least the npcs are a little more full than they were before.
    http://bbs.evony.com/image.php?type=sigpic&userid=124675&dateline=13105  66312

  2. #2
    Join Date
    May 2009
    Location
    Alusair cave
    Posts
    2,639

    Default

    Hm, a 3 limit may not work so well. People will not just sign in from personal homes, but also more public places like workplaces (Davemata exampled this in an earlier post), or places like colleges, where several different and honest players maybe be using the same IP address.

    Despite that though, your overall suggestion is definitely an interesting one- here's to hoping for something good to come from this thread.
    It's all Rodri's fault.

  3. #3

    Default

    Quote Originally Posted by Derek Zoolander View Post
    So what is the solution? Rather than using captcha you limit the number of connection by IP address.
    This discussion has been had before, and while on the surface it seems like it's the "silver bullet" answer, it is really not.

    In my house, there is a Linksys WRT54GL router. That is a Wireless G router, which also has 4 x 10/100 Ethernet ports and a WAN port. The WAN port goes to my cable modem. Two of the remaining 4 wired ports are to two individual computers.

    As viewed from outside my network, they share the SINGLE IP address that I get from my cable provider. One IP <---> Many computers

    This process is called Network Address Translation and/or Port Address Translation (NAT / PAT). The reason this is done is because there is a limited number of addresses available with IPv4, the original Internet Protocol that has been in use for decades. NAT and PAT were added as an enhancement to IP so that more addresses (addresses are synonymous with devices) can use the address space. Consider it like an area code in phone numbers.

    Anyway, out of those remaining two wired ports, I could connect 2 more computers, or I could connect 1 computer and 1 network printer, or I could even connect two additional routers. Those two routers would get a DHCP address lease from the primary router, then have their own address pool for devices connected through them.

    Again:

    1 IP address <---> Many devices

    I haven't even gotten into the fact that my router also has wireless access.

    I agree that multiaccounting is a very serious issue, but you cannot judge by IP addresses alone, because there is not a 1-to-1 match between an IP address and an individual device. What can provide, to a degree, 1-to-1 matching are MAC addresses.

    So, use MAC addresses, right? Well, MAC addresses in IPv4 operate at Layer 2 in the OSI model, while IP is a Layer 3 protocol. Layer 2 traffic is only seen by the router that the device is DIRECTLY connected to. The next router in the chain to the destination only has a record of the MACs of what is directly connected to it, and so on, and so forth. Layer 1 and Layer 2 traffic is not routed. Without special software or a court order, a MAC cannot be obtained easily.

    YES, you can obtain a device's MAC address through a piece of software that is installed, but Evony is not installed. It is only played through Flash Player along with some Javascript. You can also get a MAC address through a script in Javascript, but doing so REQUIRES that users intentionally modify the default behavior of their browser to allow that kind of access. If Evony would try to do that in the Javascript on their page, I'd be given a prompt about running a script that was not marked safe for scripting (Internet Explorer). I'm not exactly sure what FireFox would do, but it is something that has to be explicitly allowed, because defaults do NOT allow it due to privacy concerns.

    What privacy concern? Well, I said that a 1-to-1 mapping can be had using MAC addresses "to a degree". The privacy aspect is known as MAC spoofing. If someone was able to obtain your MAC, they can spoof their MAC to be your MAC, commit a crime, and it would initially (and perhaps completely, depending on if they actually got onto your physical network) look like it was YOU that committed the crime.

    I know you hate the captcha, but from a technical standpoint, it's a valid way to attempt to try to stop some botters. Like you said, people can spend money and get the solvers, but if it requires money being spent, it will have removed the people who were using a bot and were not spending any money at all, meaning no money being given to Evony and no money being given to a solver service. These would typically be teens who do not have credit cards or substantial bank accounts, and teens make up a large percentage of customers playing this and other "freemium" games.

    Like I asked in the other thread, please stop the ranting - calling captcha a "fail". It's going to remain. There are likely problems with it, and what needs to be done is for people to calmly assist them in solving the problems. That does, however, also mean that the company has to be willing to listen to some frank criticisms. They cannot continue to just say "can't see it from here" and shut down threads. Well, they can, but if there really are problems, they are only doing a disservice to themselves by not listening.

    I can, however, guarantee that continued "you suck" / "captcha sucks" / "this is fail" (or phail, or any kind of derivation of calling it a failure) is just going to get the thread closed and yourself smacked around, because, bluntly, the company does not seem to be able to handle criticism very well. They might let it go on for a bit, but then the big hammer comes down. That is ultimately not productive for ANYONE.
    Last edited by neko_lord; 10-20-2011 at 03:21 AM.

  4. #4

    Default

    Quote Originally Posted by un3x View Post
    Limiting 1 mac per session server can work. i think the client must be changed to read that mac address or the user to register his mac somehow like email, max 3-4 per player (home, work, laptop, ... ).
    The current Evony client is written in ActionScript (Adobe Flash). ActionScript, by design, does not have access to that low level Operating System functionality. In other words, any Flash-based application cannot provide a MAC using Flash alone. A Flash-based application requires the additional help of a browser scripting language, typically Javascript, to be able to have access to low-level OS calls.

    Games and other applications that are installed, like World of Warcraft, are written in languages like C, C++, C#. There's also some other specialized language that's used, but I can't remember the name and don't feel like looking it up, because it's not really that important. The C languages will allow low-level OS calls, to both main OS kernels - Windows and *ix, where *ix is Unix, Linux, and Mac.

    Facebook use now SMS, an user being identified by his phone, no mater what computer use. Can be a solution but not for everyone (some kids may not have phones).
    Same principle applies. There was an "app" installed on the phone. Evony is not an installed game. Adobe Flash is installed, not Evony.

    Thanks neko_lord for explanations, you are the best on networks. +rep.
    You're welcome, but the praise is not needed. I would just like to see the process work properly. If the process is currently working properly, then I'd like the company to be able to explain to their customers what they are doing that is triggering the frustration for the customer. If what the customer is doing that is triggering the frustration is breaking rules, then that means that the process is working properly.

    In other words, I want the process clarified and for the discussion to end. At the end of the day, all I'm searching for is the truth. Nothing more, nothing less.

  5. #5
    Join Date
    Dec 2009
    Location
    Arkansas
    Posts
    2,253

    Default

    Quote Originally Posted by cenobyte View Post
    So that means that no one will be able to run Evony from their school, office, library etc, unless they managed to be one of the first 3 lucky users.
    Keep the captcha. The only people complaining are the botters and at least the npcs are a little more full than they were before.
    Do you even play on a captcha server? Cause I can promise you there are more than just "botters" complaining about this.

    ~Betrayed's Little Geeky Kitty~

    ~Read My Story Here Show Your Support~

    I cyber stalk people for fun

  6. #6

    Default

    Quote Originally Posted by un3x View Post
    No, no one app, is just a simple sms with a code to login, if facebook "see" another ip/mac (not sure which one).
    I do not own a cell phone (aka "mobile"), nor have a Facebook account, so you're going to need to be very specific about what you're talking about. Right now, all you're saying seems to be just a jumble of stuff to me.

    I looked up SMS, and the underlying foundation of SMS has several significant security vulnerabilities. Just recently introduced was Facebook Messenger, which is an application on the iOS. If that's what you're talking about (Facebook Messenger), then, again, it's an installed application that has access to the network device. My unfamiliarity with phones is coming through here, so I do not know if the phone has a standard network interface card, or if it is signaling through the radio and once the radio / cell signal is received, it gets reformatted to standard IP.

    In any case, a phone-based solution would exclude people without phones, and despite how shocking it might be that some people don't have phones, especially if you live in Europe, where cell phone (moblile) ownership is about as common as toothbrush ownership, there are some people who do not own a phone.

  7. #7
    Join Date
    May 2010
    Location
    Cracking my whip
    Posts
    3,473

    Default

    Sorry while it seems a good idea on the surface your're actually eliminating a fair portion of the player base.

    Those who use, internet cafe's, campus internet connection or play while at work will suddenly not be able to play. In my mind that's hurting what possibly are the honest players. There are many safe guards on these connections which make downloading and applying bot more difficult.

    I actually tested s153 and didn't have any lag that I would call a problem. Not one captcha appeared during the 2-3 hours I was on the game. I will spend a bit longer on it today but from an independent point of view I think most of the claims that have been made against captcha on s153 are a little overblown.

    Thanks to Infinitus for the epic B'day pressie!

  8. #8
    Join Date
    Mar 2010
    Location
    Look at that tree, to your left.. Bit more... Down a little bit.. Yeah, found me.
    Posts
    990

    Default

    I've been playing 153 as well - have had 2 captchas so far today (5 hours), just farming 5s and finishing off building my second city there..

    Not really much of a problem for me...

    Don't see how it would affect anyone other than botters unless it were to come at the most unfortunate moment...

    I highly doubt that every single botter spends - many would probably leave the server due to not wanting to have to spend money to get their captchas auto completed...
    Last edited by Hollandrock; 10-20-2011 at 07:27 AM.
    Server 133 (SS62)

    Find me if you dare!

    http://i1127.photobucket.com/albums/l633/ImGimp/Wabbits_com.png
    Amazing sig - Morgon le Fay!

  9. #9
    Join Date
    Aug 2009
    Location
    Building a religion... a limited edition...
    Posts
    15,996

    Default

    Quote Originally Posted by un3x View Post
    Yes, will exclude some peoples.

    I can't explain well, if You have a facebook account and You register a "mobile" phone number there, then You can login using email, password and a code sent via text message to Your phone when You try to login from another computer. If same computer, the code is not needed. No need any apps for phone or computer. After email, the phone is next alternative to identify a player. Not the best, nothing is perfect.
    I see even google use phone text messages for recovering lost passwords.
    Need some effort and money to make accounts more safe and prevent the bots, just posted an idea, may be good or not (for sure it's annoying lol).

    .
    Some people don't have cell phones or texting capabilities.

    Others have privacy issues and don't want to give out their personal cell phone number out for a reason.

    Just gotta toss that out there.

  10. #10
    Join Date
    May 2010
    Location
    anywhere
    Posts
    309

    Default

    Quote Originally Posted by acer5200 View Post
    Some people don't have cell phones or texting capabilities.

    Others have privacy issues and don't want to give out their personal cell phone number out for a reason.

    Just gotta toss that out there.

    ok. was an alternative.

    .
    Tp,Wk,Sc,W,Pk,Sw,A,Cv,Cp,B,R,C.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •