These are just some ideas for discussion for the Quakeworld developer guys, since you guys are very experienced:

Banning troublemakers, uniquely identifying players

Quake has always had the problem of having to identify players by IP address. This doesn't work very well for a lot of different for the purposes of banning. [Other games have the benefit of actually having ways to uniquely identify players: Steam, CD-keys and so forth).

But a possible solution is having the client pull the MAC address of the hardware running the internet adapter and creating a hash from it (might be some sort of privacy violation to send the actual address, I don't know). These addresses are unique worldwide, or so I've read.

If both the client and server were modified to expect this, this could be used as part of a key not only for banning, but also for true identification of a player. You can't do too much about your hardware.

For backwards compatibility, the server could accept old clients that don't do this, but make a notification of a client that isn't doing this.

Just want to see what kind of thoughts you guys have on this. I'm probably going to try this for NQ within a couple of weeks.

It just takes one command to change the mac address in Linux, but i guess most use windows and windows users probably don't even know what a mac address is, I'm all for it. faking is bad!

Useless as MAC addresses are very easy to change. Any desperate troublemaker would laugh at this so just forget about it.

very laughable.

It's really problematic at best.

Like already mentioned, MAC address can be changed easily these days. You can even do it through drivers on most of the network cards out there.

The only thing that might actually work would be to have some sort of identification system. It means you would have to create an account to some "master server" that provides you with an unique key. Then you should set up your client with that key and connect to the servers. While all this is being done your client would validate your auth info and allow you to connect to a server.

Now regarding the bans. It would mean that the server you are connecting would have to check your auth info from the "master server" and compare it to it's own ban list. What if the "master server" was down? You couldn't play at all since servers now require the auth info check (if it's to be strict and actually working). Also the connecting time would be somewhat increased. On top of that what prevents you from just making another account? Quake has no cd-key so on what basis should one get account infos?

And tbh what's the point for having such strong and lots of work requiring feature for that one cheater we see on each year? MVDSV can set real-ip bans that hit through proxies and avoiding such requires either coding experience to modify client or changing your ip-address (the part that isn't hard depending on the ISP). It's also possible to ban IP-ranges that actually might be an annoyance but it still works.

Being able to uniquely identity a player wouldn't only be good for preventing abuse and cheats, but also for things like individual statistics and such too, perhaps?

yep

there have been numerous projects on the polish qw board for that, it's pretty simple to implement actually, shaman had it like 90% working

btw, remember that 'nofake' or something hosted on the old qw.nu ? was awesome

email or irc like identd@w.t.f.
*

Had no idea this was possible. I'm glad I asked


Yeah, some ISPs you can change your IP address in 5 seconds. I can.

The more unique identification aspect would be good for stats too as someone above mentioned.

It was called exposure BTW. :-)

many ISPs in my country use Mac adress to identify clients and prevent IP stealing (since these ISPs are based on neighborhood LANs and it's very easy to steal someone's IP).

a protection idea would be to write a secret key in the registry and verify that if it's valid or banned.
the bad user would have to reinstall their OS to get rid of it.. and it would be kinda inconvenient.. well.. just an idea

nothing on the client side will ever be safe, just accept that.

try to make some kind of a central qw users database at least that will be SOMEWHAT of a 'safe' feature

It would take like 20 seconds to find a secret registry key!

As someone else said - what would prevent you from creating several users?
What would work as the "primary key" that you identify each user by? E-mail? PIN? I guess what we are trying to prevent here is troublemakers who uses aimbots, is an ass on a server or whatever and that will always be possible i think as it's impossible to uniquely identify even a person on the web when it comes to an international scene?

Our incapacity to indentify bad users is really frustrating sometimes. However the many actions that could be taken to prevent this users from accessing servers, would be a bigger barrier to new player trying to experiment the game than for the unwanted ones.

a solution (a shitty one, but one anyway) would be to form a high qw council to manually add the user id and passwords and have then implemented in every new ktx/mvdsv whatever the server is and using some sort of auth system like in the q bot, but im guessing this would be pretty flawed and silly. and slow too if someone wants to try the game.

and also might be annoying now that theres rookies joining the scene and no way telling whether they're fake or not without seeing them play but perhaps this could work if someone polished the idea and made it good if it's even possible

another partial solution is resolving player IPs to country and city (like GGPO does in its matchmaking system).. as a sidenote: country flags would look cool in EZQuake scoreboard.

this partial solution coupled with another one would make faking really hard.

placing mouse cursor on dots shows everyone from each dot's respective location..

We could use a better f_system, one that could not be turned off (maybe server side) to identify users (spectators and players).

Edit.: Aquashark's idea plus a better f_system check should be enougth to identify someone.

Is this a problem in the QW scene at all?

I guess we are looking for something quick&cheap, but something that all players could easily start using.
I don't like being a pesimist, but QW is really lacking developers lately... (just another factor)

Well i really wanted to have something like this when some asshole joined the xs4all FFA server with an aimbot a couple of weeks ago.

Funny. I know the cheater's ip-address and it seems to be more or less static (swedish guy btw) since his ip-address can be matched on few different nicks. Therefore he could be easily banned using real-ip ban.

Let's say there is Player X.

What is going to be constant about PlayerX in a realistic sense?

1. He will be using the same mouse setting every game (sensitivity, m_yaw, etc.)
2. He will be using the display settings every game (width, height, etc.)
3. He will be using the same FOV every game
4. f_system is going to be constant
5. Maybe other stuff

If you created something like a MD5 hash, CRC16 or CRC32 of that and displayed it in f_system, wouldn't that be virtually unique?

A CRC 16 is 4 hexidecimal digits like (F3B5), CRC32 is 8 (F3B5-2355) and a MD5 is way too long.

Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.

No drama please!

--//--


Not exactly!

I have 2 monitors in my computer (17" CRT and 19" wide), then I use two sets of display and mouse settings to match the monitor I'm using at certain moment. I'm not saying this to prove that kind of identification will be useless, I'm saying this to show that it's not flawless.

Right now I'm using this service to know who is who on server!

http://www.ip-adress.com/

Sucks if you get an ip-address in Stockholm though for example.

Not that I really feel a need for this kind of added lamer security, I could honestly say that I wouldn't pass phase checks for 1-3 on most days, even check 4 is suspect And what about players simply trying different settings during the game? Personally I don't believe that we can come up with a system that is easy to set up, manage, deploy and doesn't hinder new players. If we actually get to the point where the scene is huge and proportionally more lamers involved, then maybe, just maybe I would ask for something like this. Admin voting and giving trusted people admin rights on servers works pretty good atm.

Agree.

Sometimes, every now and then, there are some haxx and bots on the XS4ALL FFA server, would be handy against them, but they are not that much around.