Items-for-pay merchants and the bots they control have pretty much ruined Diablo 2. You can see that whenever you go to the join game screen. Whenever you are in a public game, inevitably, a bot will join, kill the act-5 trio and the act-3 council, and then jet.

A while ago (a very smart individual whose name I have forgotten) suggested that you must pass a CAPTCHA prompt when creating or joining a game in Diablo 2. Everyone knows what a CAPTCHA prompt is, but probably not by name; it is that garbled series of letters and numbers that you must decipher whenever you want to join a forum or post lots of comments on Youtube. This is done to prevent spambots from swarming the forum so they can advertise penis pills, lost nigerian millions, etc.

If a CAPTCHA system was introduced into Diablo 2 when joining or creating a game, the bot problem would be immediately and forever quashed. Its a slight hassle, but I think any level-headed person would accept that small sacrifice. However, I have a feeling that will never see the light of day in Diablo 2.

Such a system in Diablo 3 would prevent the rampant botting that has engulfed the Diablo 2 realms since 2006 (thereabout). It should also be used when creating an account, to thwart the outrageously annoying spam ad-bots in the public chat.

Condensed version of this post:
A CAPTCHA system should be used in Diablo 3 whenever a player wants to join or create a game, or create an account. This would eliminate loot-bots, in-game ad bots, and chat spam-bots. Such a system would benefit Diablo 2 greatly, but probably won't surface. Diablo 3 should have it.

No. Captcha should be banned on all internet sites. Half the time a human can't even read those damn things.

I'm kinda counting on Blizzard to take care of the bot issues; I expect it was an obvious enough problem for them to consider ways of dealing with it by now...

And no, a captcha system would be horrible. Do you seriously want to play a game which forces you to deal with that nonsense? I know you're trying to be helpful and prove a point but would you, personally, SERIOUSLY want to have to deal with that every time you just want to play?

What if you just have a yes or no question and press a button? Then you would at least get rid of half the bots. ;)

I'm surprised at how annoyed people are by the suggestion. Its an immediate, practically fool-proof method for thwarting all attempts at automating diablo 2/3.

I really would not mind answering the prompt during every game I made, considering I don't do mf "runs" anymore (when I was playing I would just clear several areas like the pit, worldstone, and river of flame), so the prompt wouldn't annoy me too much.

Obviously, they should pick a captcha system which is easy to read, and has a "Can't read it?" button to refresh the picture for a new try.

Come on now. Considering the benefit they offer, those captcha prompts aren't THAT annoying :/

I think this is a great idea, at least if they implemented it for D2. A little annoyance is worth getting rid of most of the bots. In D3 they should have a better system that won't require that.

Doesn't runescape use CAPTCHAs?

Horrible idea, more of a pain in the *** than it's worth.

I guess its all about how well done the Captcha is.
What if you just asked to klick on the wounded monster on a picture?
No bot can recognzie a wounded monster :)

Sorry to say, these days, a Captcha will no longer work. It will just be yet another annoyance to the legitimate player, just like all the other well intended changes Blizzard made that didn't do anything but annoy the legitimate player.

Search the internet. There are software Captcha decoders all over the place that can be easily integrated into the bots, and if that does not work, the major players will simply buy and integrate the necessary hardware into their bots. The major players simply make too much money selling items to let a Captcha get in their way, the same as they didn't allow

- too many games per hour
- entering/exiting games to quickly
- warden

get in their way.

I guess its all about how well done the Captcha is.
What if you just asked to klick on the wounded monster on a picture?
No bot can recognzie a wounded monster :)

Sure it will once it's taught how to tell the difference. Unless you are talking about completely random pictures, with random questions, that never repeat, the Captcha won't work. If not as I just decribed, it's simple enough to build a database of all the possible pictures, the possible questions per picture, and the correct answer.

I still believe the idea I posted in another thread on the subject would work out ... basically:



The server shows you three buttons when you wish to join or create a new game. One reads "Create" (or "Join") while the others have the same number of random letters in their captions as the real button, everything is captcha style.
The User needs to press the correct button, which for a human eye should take far less time then to actually type out a captcha text.
If the user doesn't press the right button he/she/it is logged off to the account login screen. There a proper captcha test will be used, making it have a hard time logging on again, while she or he can just log back on without to much problems.

This should make bots only able to join a few games before they need human attention to log back on ... while human players only need to actually read and click on the right button instead of actually typing things between each game.


A software able to actually read the Captcha would mess it up though I guess ...

A poor captcha can easily be broken, but a good captcha is impossible to thwart with current techniques - well beyond the capabilities of diablo botters. There are undoubtedly software that can correctly answer older captcha prompts, but newer, better ones that focus on clumping the letters together are very difficult to crack.

A picture-based captcha is a poor idea unless the database of pictures is constantly updated.

Also Galtrovan, you are comparing the captcha, a much tougher countermeasure, to three easily-circumvented non-fixes blizzard put in to try and stop the botters. Numbers 1 and 2 are so silly I don't know Blizzard even bothered with them. #3 I will concede was a major defeat, but hopefully battlenet 2.0 will have a much more... intelligent version of warden.

Also, I am not saying a CAPTCHA is the end-all-be-all. Nothing would thwart the botters more than having a game that requires thought to play. As is, once your character is powered up, a computer program CAN play diablo 2. A CAPTCHA would just be another hurdle that the botters would need to surmount.

You make it sound like we are doomed to see botting for the rest of our days in blizzard games :/

Most botting issues can be solved with the top tier gear being bind on pickup. You have to actually earn your gear. Sure there will still be gold bots, but they will not be near as valuable so less poeple botting.

I remember saying this on the Blizzard's forums and laughing as all the poeple who buy their gear on eBay flipped out and screamed at me.

Most botting issues can be solved with the top tier gear being bind on pickup. You have to actually earn your gear. Sure there will still be gold bots, but they will not be near as valuable so less poeple botting.

I remember saying this on the Blizzard's forums and laughing as all the poeple who buy their gear on eBay flipped out and screamed at me.

That really would be a last-resort option if all other countermeasures failed. People want to be able to trade in Diablo. With bind-on-pickup, there's no more trading. Being able to trade for top-tier gear is something everyone wants to be able to do.

People I realized what the real problem is.
The REAL PROBLEM is people are willing to PAY for game items.
As result there will be bots or some kind of cheating and if there will be no cheats there still will be people from poor countries who make a living by doing mf runs all day.

So basicly there is no need at all to ban the bots.

There will always be people willing to pay money for in game items.

Happens on D2, GW, Linage, WoW..etc.

Hey, I know how they can get rid of a lot of the bots! Blizzard can make their transition to the darkside complete and start selling items themselves and reaping all the profit!! :D

Now, as far as a means that would allow my conscious to actually play their games ever again, I think the CAPTCHA idea is pretty good if implemented properly. Of course they could do a totally useless botch job, but something like what Kijya posted would interfere minimally with legit users, and if done right, could really interfere with bots. I know when myspace enabled captcha, my daily spam went from about 10-20 to approximately zero.

Most botting issues can be solved with the top tier gear being bind on pickup. You have to actually earn your gear. Sure there will still be gold bots, but they will not be near as valuable so less poeple botting.

I remember saying this on the Blizzard's forums and laughing as all the poeple who buy their gear on eBay flipped out and screamed at me.

I bind on pick up would ruin D2. No more muling at all. No more trading. Making new characters and testing new builds will lose it's appeal since you'd need to find all the items on that one particular character. I would absolutely hate this.

Also, I've heard of programs that take screenshots to get pictures of the CAPTCHA then put it onto a site like a porn site and make the people have to enter the CAPTCHA from the screenshot into the site in order to access the next file/page. The site then sends the information back to the bot in order to input the CAPTCHA and go about its business.

I've never seen any sites that use this process, but it seems like it could work at least partially. There's too many ways around a CAPTCHA for me to be bothered by one when playing a game. I don't think it should really be considered, except as a very last/desperate/pathetic resort.

I was sure i posted this maybe in another thread or I didn't gert round to it.Anyway what about natural ways that do the same thing as a Captcha.An example might be you have to walk through a set of symbols in a particular order .You could even be as blatant obvious captcha where by the symbols are under water that ripples randomly.

I bind on pick up would ruin D2. No more muling at all. No more trading. Making new characters and testing new builds will lose it's appeal since you'd need to find all the items on that one particular character. I would absolutely hate this.

Also, I've heard of programs that take screenshots to get pictures of the CAPTCHA then put it onto a site like a porn site and make the people have to enter the CAPTCHA from the screenshot into the site in order to access the next file/page. The site then sends the information back to the bot in order to input the CAPTCHA and go about its business.

I've never seen any sites that use this process, but it seems like it could work at least partially. There's too many ways around a CAPTCHA for me to be bothered by one when playing a game. I don't think it should really be considered, except as a very last/desperate/pathetic resort.

http://www.captcha.net/

Look at the bottom where it says "The 'Porn Attack' Is Not A Concern." There are of course, ways to circumvent a CAPTCHA. However, the best methods would still suck, and would damage the botters' bottom line.

I do especially like the idea of an in-game based CAPTCHA, but it could be tricky to implement.

If they'd balance the game so that skills were more important than items, and getting legit top-end gear wasn't a once-in-a-lifetime event like HRs are now, there'd be less incentive to buy.

You'll never kill the supply, you have to look at the demand...

Aren't we all forgetting a little feature that was put into WoW which helped deal with this? The reporting system?

Honestly, I don't think players should have to suffer in an area which should be Blizzard's responsibility to take care of in the first place. They should constantly be monitoring and providing patches to thwart botting techniques, and I really don't think it's too much to ask from the players to hit "report" when some stupid ad for D3Legit or something pops up.

The reason you're probably even thinking of a Captcha system in the first place is because you have gotten used to Blizzard not caring enough about D2 to stop bots and you're trying to present a way which Blizzard would not have to work to keep bots away. Well, I say it's about time Blizzard cared enough with D3 and actively moderate their game like they do with WoW.

Instead of captcha I'd like to see d3 being so much more challenging than D2:LOD that botting would be really hard to implement and not rewarding.

1) Difficulty up.. LOD is really easy with the right gear. Compare to D2C where botting is practically non-existant or at least I haven't heard people doing it much or at all.

2) Make boss item runs unrewarding unless you do something else in the way to kill the boss. Lets say you need to clear 1-2 levels of dungeons or activate some locks in 2 levels before the boss to get his full form which drops the best loot or something like that.

3) Nerf teleport.. make it cost a lot of mana so we can't use it as a transport but as an escape method.

Instead of captcha I'd like to see d3 being so much more challenging than D2:LOD that botting would be really hard to implement and not rewarding.

1) Difficulty up.. LOD is really easy with the right gear. Compare to D2C where botting is practically non-existant or at least I haven't heard people doing it much or at all.

2) Make boss item runs unrewarding unless you do something else in the way to kill the boss. Lets say you need to clear 1-2 levels of dungeons or activate some locks in 2 levels before the boss to get his full form which drops the best loot or something like that.

3) Nerf teleport.. make it cost a lot of mana so we can't use it as a transport but as an escape method.

1) That's not an issue of difficulty, that's closer to my point about item balance. D2C doesn't have runes, any elite-class items, or exceptional-class sets and uniques. So far no one has built a bot that can evaluate rares, which are largely your endgame gear in Classic. I'd imagine it's not worth the botter's time to separate the wheat from the chaff.

2,3) Given the current level of bot sophistication, I doubt either of these would slow them down for long.

Aren't we all forgetting a little feature that was put into WoW which helped deal with this? The reporting system?

Honestly, I don't think players should have to suffer in an area which should be Blizzard's responsibility to take care of in the first place. They should constantly be monitoring and providing patches to thwart botting techniques, and I really don't think it's too much to ask from the players to hit "report" when some stupid ad for D3Legit or something pops up.

The reason you're probably even thinking of a Captcha system in the first place is because you have gotten used to Blizzard not caring enough about D2 to stop bots and you're trying to present a way which Blizzard would not have to work to keep bots away. Well, I say it's about time Blizzard cared enough with D3 and actively moderate their game like they do with WoW.

Whether they should and whether they will are two different questions. It'd be great if they did, but I wouldn't hold my breath.

1. They will not monitor d3 as they do WoW, becuz d3 will have no monthly fee.

2. If they can kill the bot-scene, china farmers will take over. Whats the difference for us players?

3. The change must come from fundamental mechanics of the game, like "Bound on pickup" items.
If people have shared stash for all the charecters associated with your cd-key, whats the problem?

4. To supplement Bound on pickup system one should be able to raughly estimate which item where to farm and ofcourse raise the odds for items as needed as HRs.

you dont trade ever do you galabab?

just a question because your set of ideas there would make it impossible to trade.

or say help your friends that you enjoy to play together with.

imagine this scenario:

you find a great piece of equipment but you play as a wizard and its a barb item. Your friend who play barbarian would love to have such a item but alas thanks to the bind system he will have no way to get the item even though it just dropped for you.

sure that wont piss off much people right?

Your fourth idea sounds like you try to remake diablo 3 into yet another wow clone....

Yes, i do trade in d2 right now.

Im aware of the fact there would be no trading if they implement the BOP and shared stash system.

Would I miss the trading?
Not really. My friend can go find his own piece of armor :)
And if i find a nice barbarian item it would motivate me to make a barbarian.

Ofcourse there is something to trading but I think the bad side more than spoils the fun in trading.
Namely having some kids buy runes on ebay (be it from bottting or china farmers) and dominate the game.

I guess its ok to help your friend with gold and help him pass difficult passages, but its not ok to give him free eni, if you know what I mean.

ps: your last sentnace lone_wolf dosnt make sense to me. WoW has plenty of china farmers and auction house for lotsa trading..

I remember there was a pirates-themed game released that purposely segregated (to use a dirty word) the Asian realms from the USA and Europe realms to keep the chinese and korean item farmers from ruining the economies. I honestly don't know how those people can't do that. They don't even up to ****!

People would cry and scream racism, but hey, it would solve the problem.

you will always be able to access any realm over proxies afaik

I think all they need to do is ship D3 with a thumbprint reader and retina scanner. Or a special webcam that detects a real face sitting in front of the monitor. Maybe even a mouse that detects pressure and/or moisture levels from the hand.
There are so many options out there.

Seriously though, I think Blizzard's current system is best for them. Blizzard finds botters, botters get mass banned, botter buys a new account from Blizzard, rinse and repeat. $$$

Wow. The sheer amount of ignorance in this thread is depressing. I can't believe that none of you have done enough research to know why this is not only a bad idea, but a negative idea--one that in fact encourages botting.

I'm afraid I have to dispel certain myths about the "power" of CAPTCHA, to start with.

"CAPTCHA can tell a human from a bot"

CAPTCHA has never made such a bold claim. CAPTCHA (roughly) stands for "Completely Automated Public Turing test to tell Computers and Humans Apart." For the unaware, the Turing test is a test designed to prove that a computer program is capable of intelligent communication, as if it were a human. What this means is that it's not only possible (there would be no need for a test if it weren't), it is in fact inevitable (advances in AI and computer development will make it so), that a computer will be able to automatically decode and respond to a CAPTCHA of any kind. That is the entire goal of the Turing test (prove the hypothesis that computers can't "sound" human wrong).

CAPTCHA systems can be roughly classified into two categories: easy and hard. Easy CAPTCHA systems (images in any form, simple "pick the correct <thing>" questions, etc.) are trivial to solve for humans, and equally trivial to solve for bots. The only things excluded are the lazy bot makers and the incompetent humans. This isn't a solution. Hard CAPTCHA systems (advanced science/math questions, complete the statement questions, etc.) are hard to solve for humans. In fact, some of them are nearly impossible to automate, even! However, they may or may not be hard to solve for bots. Some problems look difficult to a human but are in fact very simple when broken down into their key components. These CAPTCHA systems generally require human intervention to implement, meaning they're useless for mass-scale usage.

"CAPTCHA is fool-proof"

Even ignoring bad implementations, the problem is that all it takes is time. Give a computer enough time to analyze a problem, and it can solve anything. ANYTHING. The key problem is that most of the answers we really want from computers have a calculation time roughly equivalent to the amount of time the known universe is said to exist. However, even with that, there are certain shortcuts that can be taken for problems. They usually provide a good enough approximation so as to provide the correct answer in merely a fraction of the time.

However, even the best CAPTCHA implementations have several noted flaws. reCAPTCHA, which this site and many others are so fond of using, relies on humans to provide correct responses as a kind of a trust verification system, meaning if the "check" portion of the CAPTCHA is incorrect, the whole response is considered invalid (even if the "response" portion of the CAPTCHA was valid). For instance, I went through at least 15 images just today trying to register to post this, and my response was absolutely valid for all of them (the images were clear enough to correctly make out every letter). Additionally, the CAPTCHA systems that Microsoft, Google, and Yahoo have implemented have all, at one point or another, been broken. If "The Big Three" websites not relying on an external CAPTCHA system can't even get it right, what chance does Blizzard have?

"Some CAPTCHA systems can't be automatically cracked"

Even beyond automated CAPTCHA cracking, there is an obvious white elephant in the room--human-powered CAPTCHA cracking. Pay 50 guys $.10/image to crack CAPTCHAs all day long, and you'll never have a problem with any CAPTCHA system. Don't want to pay money? Use a different reward. There are plenty of things a human is willing to recieve just for cracking CAPTCHAs. Chinese farmers have been using this technique already in games that require CAPTCHAs for certain actions.

Now, on to the myths about bot-blocking theory.

"Bind-on-pickup will stop bots"

Bind-on-Pickup will merely mean that people bot with more of their characters--and with advancing bot technology, it'll be even easier to run and harder to distinguish. The real problem is escalation. You (Blizzard) implements an anti-botting feature (max games per hour), they (bot makers) implement a fix (change cd keys after X runs, wait longer between runs, pause after X runs, you name it). You (Blizzard) implements a fix to the anti-botting feature (Warden), they (bot makers) implement a workaround (don't respond and keep running times low, hide loaded code, use kernel-mode drivers, patch warden on-the-fly, etc.). There's no end to the war. There never will be. Bots will keep evolving to meet the next challenge.

"Increasing the difficulty will stop bots"

Increasing the difficulty will only increase the intelligence of the bot. Bot makers have only just begun to tap the potential of what's available. Most bots use a linear, do-this-and-this-and-this approach to botting because there is no need for anything more high-powered. If you (Blizzard) increases the game's difficulty, bot makers will likely look to the AI field for more and more inspiration for making their bots smarter. Instead of having one bot clearing an area, five bots will coordinate and clear an area. Instead of limiting bots to boss runs, bots will band together and clear every area (some already do, in fact). The end result is that the game gets harder for legitimate players while changing only ever so slightly for botters.

(D2 specific) "Nerfing teleport to cost more mana per cast will stop bots"

This will only mean that botters will stop using teleport as their evasion/traveling mechanism. There are plenty of other, more tedious ways to get some place, and evasion isn't critical when you're as fast as the computer planning the attack patterns--you can simply react the moment the missile appears.

"Hardware can solve the bot problem"

Rule number one about computer security is that if an attacker has physical access to your system, it's not your system any more. It doesn't matter how many locks or passwords you want to put in front of the attacker, they will get in if they have access to the hardware. All it would take to circumvent these proposed hardware systems is a few minutes with a soldering iron, a diagnostics board, and time. Once the attacker has collected enough information, simple analysis techniques will provide the correct response patterns from the hardware, and then it's merely a matter of faking that through either software (custom kernel-mode driver that re-routes responses) or hardware (simple capacitor system that re-routes power to the appropriate pins at the appropriate times).

Ok Mr. usernamesareforlosers, what do you suggest? *sceptical*

a pretty insightfull response!

I think i can agree on the whole thing.

The only soluitions whuich comes to my mind is for blizzard to pay its own team of hackers who would secretly **** up botters sites and distribute false bots which **** you system.
After a while people keep away from that dangerous ****.

Ok Mr. usernamesareforlosers, what do you suggest? *sceptical*

"The only winning move is not to play." The short answer is that there is no answer.

The longer answer is that it's a war of escalation. There's nothing Blizzard can do that can't be routed around by a determined attacker and, thanks to the power of digital reproduction, once one person overcomes it, everyone does. Like copyright, more encumbrance isn't the solution. A possible solution, albeit unlikely to ever be actually implemented, is to reduce scarcity such that all items are easily obtainable within a short period of time. That would reduce the need, and therefore the incentive, to produce bots.

[EDIT] However, the proposed solution is counter to the whole concept behind the Diablo franchise--namely, that of item scarcity. The only real reason to keep playing after so many years is to find that ever-elusive perfect item. Maybe Diablo III, with its randomized random quests (IIRC), can do something to alleviate that problem.

usernamesareforlosers,

Obviously a computer can crack anything given enough time, but the goal then is to make that length of time intractable.

If I remember correctly, the WinRAR cracker (for opening passworded .rar archives) would take around 60 years to brute-force a password with 8 characters that used the entire alphanumeric character set, capitals, and punctuation marks. What's the point then? CAPTCHA's have a ways to go before they can have that level of security, but throwing in the towel so quickly seems imprudent.

Admittedly, the human-powered CAPTCHA solving is more or less unstoppable. However, it does hurt bottom line, which is just fine. Same with nerfing teleport. Of course the bot could just walk and fight their way to where they wanted to go, but is that not much slower and inefficient? Again, bottom line would be hurt. Follow the money!

Where are you getting that it would "encourage botting"? I cannot see how that would be the case at all.

Obviously a computer can crack anything given enough time, but the goal then is to make that length of time intractable.

Correct. This is why the code-cracking cryptography field is at a near-standstill. Public Key cryptography relies on a specific property of prime numbers--namely, the fact that multiplying two large prime numbers results in a very hard to factor number that can be used as a simple cipher to encode any stream of bits. However, there are ways around having to factor primes: one can simply listen in to the conversation prior to it being encrypted and catch the necessary parts to decrypt the traffic; one can pretend to be both sender and receiver to either party, trading traffic and decrypting/encrypting as necessary (a so-called man-in-the-middle attack); and one can exploit weaknesses in either the algorithm or the distribution of randomness in the cryptext to decrypt the traffic (this one doesn't work for most public-key algorithms, however). There are ways around nearly any problem, if you only look at it from the correct angle.

If I remember correctly, the WinRAR cracker (for opening passworded .rar archives) would take around 60 years to brute-force a password with 8 characters that used the entire alphanumeric character set, capitals, and punctuation marks. What's the point then?

The point is no one would ever actually run a bruteforce against an 8-character password. They would, instead, run a dictionary attack (which takes a matter of hours, and possibly days for a larger dictionary) against it, negating the obvious advantage of length complexity by trading off completeness. Additionally, one could use a rainbow table (a giant table of precomputed values) to pattern match against the bits representing the password in the file--thereby reducing the time from hours to seconds (at worst).

[EDIT] Additionally, this is factored by processing power. What one computer can do in 8 hours, 8 computers can do in one hour (or less). Throwing more hardware at a problem is always a possible solution, and with literally millions at stake, you can bet that the first thing any botter will turn to is more hardware.

Admittedly, the human-powered CAPTCHA solving is more or less unstoppable. However, it does hurt bottom line, which is just fine.

This is a non sequitor. You're under the assumption that a) it actually costs them anything to provide human-powered CAPTCHA cracking, and b) that the human CAPTCHA crackers aren't volunteers, each making a cut of the profit.

Same with nerfing teleport. Of course the bot could just walk and fight their way to where they wanted to go, but is that not much slower and inefficient? Again, bottom line would be hurt. Follow the money!

Who said anything about fighting? Given sufficient increased run speed gear, very few enemies stand a chance of catching up to a character. Even without it, dodging enemies around corners and other objects is trivial at best. In addition, there are no packs large enough that they cannot be dodged and dropped off somewhere.

Where are you getting that it would "encourage botting"? I cannot see how that would be the case at all.

Bot users would have less trouble with the preconditions required (CAPTCHA, increased difficulty/difficulty curve) to play, and would in fact increase their bot usage because of how powerful their bots have become in relation to how much effort it takes to actually play the game.

Or in other words, because of how hard it would be to play instead of bot, they would play less and bot more.

How can a dictionary attack work if you use the entire character set?

How is it a non-sequitur that human CAPTCHA solvers would hurt their bottom line? You suggested above that they would be taking pay.

Pay 50 guys $.10/image to crack CAPTCHAs all day long, and you'll never have a problem with any CAPTCHA system. Don't want to pay money? Use a different reward.

I completely disagree with you that you can efficiently run through the game to get to the best farming spots. There is a reason all the best bots require an enigma or sorceress. It would work for the Act 5 trio but that's about it. Durance of Hate would be tough to run through. Once you get surrounded, you can't run anymore. The best option then would be to run, get surrounded, and then TP out back to town, heal, and go back to the waypoint and try again. This is much slower than being able to teleport yourself to Durance 3 in the blink of an eye. Baal would also be much slower. Bear in mind, I am assuming the bot will always be able to defeat the enemies it comes across (a fair bet if he's using a pumped up hammerdin.)

I am not convinced at all by how putting a CAPTCHA would send more people to the bots. People that don't want to bot just don't want to bot. They want to play the game to get their items. If they wanted to bot, they would just google "d2 bot" and go get one. If people were massively turned off by the CAPTCHA, they would just quit playing.

How can a dictionary attack work if you use the entire character set?

Think about it this way: how many people will want to enter ÿ or ǽ on their keyboard? How many people will want to have to decipher avd3t8ji as a proper CAPTCHA (which means scrambled, on top of each other, and in different colors)? There will never be a CAPTCHA system that uses that level of technology because that raises the bar of entry to beyond what the standard person is willing to bear, meaning no one will ever actually fill out one of those CAPTCHA systems.

How is it a non-sequitur that human CAPTCHA solvers would hurt their bottom line? You suggested above that they would be taking pay.

If they're the ones running the bot(s), they're not hurting their bottom line, now are they? Even beyond that, if your bottom line is $10,000 per month for not running any bots, and $15,000 with an expense of $1000 per month for running bots and paying people to break CAPTCHAs, what's better?

I completely disagree with you that you can efficiently run through the game to get to the best farming spots.

And I completely disagree with you as well. Even if teleport was nerfed with a casting delay and a massive mana cost, it would still be far more efficient to run to your destination with a bot than to play the game yourself. All nerfing teleport will do is piss off the average player.

There is a reason all the best bots require an enigma or sorceress.

Yes--it's called developer laziness. It takes very little effort to write code to find a path with the only constraint being able to land on the tile you're teleporting to, but it's not impossible to find a path that takes into account monster positions, "safe" zones, different monster types, line-of-sight, and what-have-you. I'd know because I've written similar code before--The D* algorithm is exceptionally powerful when it comes to choosing nodes based on an unknown map.

Durance of Hate would be tough to run through. Once you get surrounded, you can't run anymore. The best option then would be to run, get surrounded, and then TP out back to town, heal, and go back to the waypoint and try again.

Consider: You're talking about a bot, here. It has predictive capabilities far beyond that of a standard player (or, for that matter, an intelligent player). It has beyond twitch reflexes, and can react before the standard player can even perceive that there's a problem. Yet you want to say that it's impossible to run through a medium-sized area with plenty of places to park enemies? It'd actually be more difficult to run through the swamps than through Durance of Hate.

This is much slower than being able to teleport yourself to Durance 3 in the blink of an eye. Baal would also be much slower.

Of course, but it's still much better than doing it by hand. You're forgetting one key factor here: bots have unlimited endurance.

Bear in mind, I am assuming the bot will always be able to defeat the enemies it comes across (a fair bet if he's using a pumped up hammerdin.)

Even a ghetto rigged character could outperform most current bots, if developers had any incentive to actually improve their bots.

I am not convinced at all by how putting a CAPTCHA would send more people to the bots. People that don't want to bot just don't want to bot. They want to play the game to get their items. If they wanted to bot, they would just google "d2 bot" and go get one. If people were massively turned off by the CAPTCHA, they would just quit playing.

You're, again, making invalid assumptions. I'm saying that if you raise the bar of entry to exclude bots and bot technology catches up to be able to bypass it, then botters have all the more reason to bot more and play less (because of the aforementioned raised bar of entry). Of course people that don't want to bot won't bot--that was never a question, and I'd removed them from the equation entirely. People that are on the fence about botting are more likely to bot if they perceive their invested time as pointless--and filling out CAPTCHAs is a quick and easy way to guarantee that they will feel their invested time is pointless.

I'm making invalid assumptions?
You are assuming that every CAPTCHA is simply letters. First, there is nothing wrong with using letters AND numbers. I have used CAPTCHA's before that did that, and it wasn't that big of a problem. Punctuation marks is probably pushing it though (who wants to guess if that dot REALLY is a period?). I read a paper written by some Google R&D people, and they have had good success with a captcha that involves rotating pictures into the "proper" upright position. With the correct pictures (any random picture will not work), it becomes very difficult for software to thwart the captcha (often resorting to simple brute force, << 1% success rate), but is easy for humans. The pictures are chosen from a pool that thwarted state-of-the-art orientation software.

How can you even expect that a brute-force alphabet attack would succeed on a CAPTCHA? After oh, say (giving humans the benefit of the doubt), 30 failed attempts, the logical thing for BNet to do is ban that particular cdkey for 24 hours.

Botters ARE hurting their bottom line by solving the captchas, since the entire point of a bot is to farm items automatically. If you have to babysit it to solve captcha's, its not automated anymore, is it? Time is money.

I think your guesstimation as to how intelligent these bots are is over-the-top. Look at them youtube. Just type in "diablo 2 bot." THEY'RE STUPID! These are not Terminators developed by Cyberdyne systems! The average diablo 2 player does not have anywhere near the programming or mathematical skills to do what you say can be done. Even assuming it could be done, how long would it take, and at what cost? Again, you even concede the point that it would slow the botters down. Slower botting = less money = less incentive.

And on the last point, you are saying, in effect, that there is a large, underlying population on BNet that is *just* on the verge of going to botting to get items, and that the next slight nudge of inconvienence (i.e. a CAPTCHA) will send them to the other camp. Why did this not happen after the FAR more annoying non-fixes discussed earlier? (temp-banning for logging in and out too quick etc.). Its not a matter of utility or self-interest. Some people don't bot because they feel its wrong, or that they actually want to play and grind. Some people bot because they want to make money selling items, or save themselves time (which is in, effect, money) by botting to get items for own self use.

You are assuming that every CAPTCHA is simply letters.

I could've sworn I explained why anything beyond letters and numbers is too complicated for the standard user.

Think about it this way: how many people will want to enter ÿ or ǽ on their keyboard? How many people will want to have to decipher avd3t8ji as a proper CAPTCHA (which means scrambled, on top of each other, and in different colors)? There will never be a CAPTCHA system that uses that level of technology because that raises the bar of entry to beyond what the standard person is willing to bear, meaning no one will ever actually fill out one of those CAPTCHA systems.

Yep. I did.

First, there is nothing wrong with using letters AND numbers. I have used CAPTCHA's before that did that, and it wasn't that big of a problem. Punctuation marks is probably pushing it though (who wants to guess if that dot REALLY is a period?).

And I assert that such CAPTCHA systems are trivial to solve, making them useless for the case you're trying to fit them into.

I read a paper written by some Google R&D people, and they have had good success with a captcha that involves rotating pictures into the "proper" upright position. With the correct pictures (any random picture will not work), it becomes very difficult for software to thwart the captcha (often resorting to simple brute force, << 1% success rate), but is easy for humans. The pictures are chosen from a pool that thwarted state-of-the-art orientation software.

That would work for a while, but it would be trivial to simply guess and have a 1/4th chance (or a 1/360th chance) to get it right because there are only either 4 orientations (if you use a standard up/down/left/right system) or 360 orientations (if you use a full circular orientation). For the record, anything above 1-2% is considered significantly broken for a CAPTCHA system. For that matter, I can think of several attack vectors to increase the chance up to at least 1% (compare parallel and perpendicular lines to see what orientation makes some sense, detect visual anomolies like lens flares and perspective, etc.).

How can you even expect that a brute-force alphabet attack would succeed on a CAPTCHA? After oh, say (giving humans the benefit of the doubt), 30 failed attempts, the logical thing for BNet to do is ban that particular cdkey for 24 hours.

I already said a bruteforce technique is infeasible. However, you're assuming that a player won't write/copy down the solutions to a bunch of CAPTCHAs and train a neural net or a Bayesian classifier to solve those ones before siccing it on Battle.net. Additionally, you will have regular people who will fail the CAPTCHA 30 times in a row simply because it's too difficult. That's another problem with CAPTCHA--it relies on the uncertain human factor.

Botters ARE hurting their bottom line by solving the captchas, since the entire point of a bot is to farm items automatically. If you have to babysit it to solve captcha's, its not automated anymore, is it? Time is money.

No, the point of botting is to not have to do the runs yourself. If you're paying someone else to solve CAPTCHAs, you're still botting. If you're solving the CAPTCHAs yourself, you're still botting. If you're automating the CAPTCHA solving, you're still botting.

I think your guesstimation as to how intelligent these bots are is over-the-top. Look at them youtube. Just type in "diablo 2 bot." THEY'RE STUPID! These are not Terminators developed by Cyberdyne systems!

You don't even know the half of it. The public crap that anyone can find on Google or YouTube isn't where the real bot development is done. It's not even a pale comparison to what's being done. Hell, it's not even a fraction of what's being done. I could elaborate, but the rules here prevent me from doing so.

The average diablo 2 player does not have anywhere near the programming or mathematical skills to do what you say can be done. Even assuming it could be done, how long would it take, and at what cost?

I want to see some statistics on that claim. I am an avid D2 player (still...) and I know for a fact that I have the technical know-how and the mathematical skill and the programming talent to design and implement absolutely everything I've described, and I'm nowhere near as talented as some of the people whom I know. It would take maybe, maybe a year to develop, test, debug, and release. The code isn't complicated, it's just complex.

Again, you even concede the point that it would slow the botters down. Slower botting = less money = less incentive.

You're making another false assumption that slow botting = no botting. Any botting is better than no botting, even if it's slow.

And on the last point, you are saying, in effect, that there is a large, underlying population on BNet that is *just* on the verge of going to botting to get items, and that the next slight nudge of inconvienence (i.e. a CAPTCHA) will send them to the other camp.

I said there's a population that would, given enough annoyance, resort to botting instead of playing. I maintain that as a true statement. Temp-banning and the max game limit aren't sufficient enough changes to make people resort to botting (and some people did, in fact, resort to botting over that) because they don't affect how a player makes a game, only how many games he can make.

Why did this not happen after the FAR more annoying non-fixes discussed earlier? (temp-banning for logging in and out too quick etc.). Its not a matter of utility or self-interest.

They did. In fact, they did in droves. I wish I had some hard numbers to give you for this, but trust me when I say that bot traffic is far more significant than anyone other than (possibly) Blizzard actually estimates.

Some people don't bot because they feel its wrong, or that they actually want to play and grind. Some people bot because they want to make money selling items, or save themselves time (which is in, effect, money) by botting to get items for own self use.

I already discounted the people who would never bot--they're irrelevant to the discussion. I've also already discounted the people who always bot--they will never not bot, no matter how hard it is. What matters is the people on the fence, who might bot if they saw a significant advantage to it, and having it solve CAPTCHAs that take them quite a long time to (correctly) solve is a significant advantage.

Neural networks? Machine learning? Bayesian statistics? The average person on Battle.net couldn't SPELL those terms correctly, let alone know how to use them! There are some people that are very, very smart that play this game. Most of that demographic I would imagine are college graduate students that live on a budget and can't afford tip-top gaming (or are burnt out with WoW). Diablo 3 will probably bring some more people back with those kind of brains, but really, to say that the average bnetter has talent, experience, or education to write a computer program that can plot the optimal run course through oncoming random mobs of enemies in the event that teleport was nerfed to the point of inefficacy is giving too much credit.

Which realm are you playing on sir? It is certainly where the world's intellectual elite coalesce. It certainly isn't USEast, that's for darn sure.

And on the matter of brute-forcing an alphanumeric captcha, you are simply asserting your opinion as fact that letters and numbers are too complicated for the average user. Players are certainly capable of typing letters and numbers. How easy or hard it is is completely dependent on the captcha used. And anyways, using number or other symbols is moot. Combined with an auto-temp-ban after an excessive number of wrong guesses, any type of brute-force attack would be completely ineffective and human solvers would have to be used.

While I have no statistics on the average intelligence of the Battle.net player, I do have plenty of experience playing, and while have run into a few smart people, the absolute overwhelming majority of people that play just don't have a clue.

And when is 1% "broken"? Look at this chinese hacker is selling (mods, its not a link to his hacking website. its a blog commenting on it). http://www.codinghorror.com/blog/archives/001001.html

He hasn't even bothered selling the google one because its only at 30%. He wants $8000 for the yahoo one, and that's 45% success.

Also, it seems like were arguing over a molehill. Truly, just HOW MUCH time and inconvienence are we talking to enter in a CAPTCHA to play? 30 seconds? 45? I never expected to see such vigorous opposition for such a small, trifling implementation that can potentially offer huge benefits.

Neural networks? Machine learning? Bayesian statistics? The average person on Battle.net couldn't SPELL those terms correctly, let alone know how to use them!

Neural networks are extremely simple--a first year Computer Science student could properly implement one (the trick with neural networks is training). Bayesian classification is also fairly straightforward, but requires advanced statistics. It's still very implementable for an Undergraduate Computer Science student. Machine learning is more tricky. I'd lay wager that only one in ten Graduate level Computer Science students could properly implement it (I, sadly, don't fall into that category--not that machine learning is required for so simple a game as Diablo II).

We're not talking the average Battle.net user--remember, we're on the internet here. All it takes is one bored person with a bit of knowledge and some free time and suddenly everyone has access to an advanced bot.

There are some people that are very, very smart that play this game. Most of that demographic I would imagine are college graduate students that live on a budget and can't afford tip-top gaming (or are burnt out with WoW).

You'd be amazed at how many of them are intelligent 14-16 year old high school students, actually.

Diablo 3 will probably bring some more people back with those kind of brains, but really, to say that the average bnetter has talent, experience, or education to write a computer program that can plot the optimal run course through oncoming random mobs of enemies in the event that teleport was nerfed to the point of inefficacy is giving too much credit.

See, that's the great thing, they don't have to. There are hundreds of free implementations of all of these things--they only have to know the basics of how it works and how to modify it to work with their code.

Which realm are you playing on sir? It is certainly where the world's intellectual elite coalesce. It certainly isn't USEast, that's for darn sure.

USWest when I actually play on Battle.net. I wouldn't play on East if you paid me.

And on the matter of brute-forcing an alphanumeric captcha, you are simply asserting your opinion as fact that letters and numbers are too complicated for the average user.

No, I'm asserting the fact that users won't enter more than alphanumerics--in fact, when given a choice for a password, nearly every user will enter a dictionary word, possibly followed by a number. This is why dictionary attacks are so powerful. The reason they won't enter anything beyond that is because of usability constraints: even capital letters vs. lowercase letters is a significant constraint. Consider your keyboard. How user friendly is it? Do you think you could type faster with a different layout? (The answer is unequivocally yes, though what layout is the fastest is a matter of debate). The problem is one of effort; namely, how much effort it takes to process, and anything beyond alphanumerics results in overload. If you want, I can find some articles on usability that demonstrate how simple things must be for the average user to understand them the first time properly.

Players are certainly capable of typing letters and numbers. How easy or hard it is is completely dependent on the captcha used. And anyways, using number or other symbols is moot.

No, it doesn't. Had you bothered to read the article you linked me to below (BTW, Jeff Atwood is far from a professional in any area--he readily admits this in his own blog), you would have noticed that he, in fact, criticized nearly all implementations of CAPTCHA because they aren't properly implemented. I disagree with his conclusion that Google's and Hotmail's and Yahoo's CAPTCHA implementations are unbreakable--Slashdot has an article demonstrating that Windows Live's CAPTCHA (http://tech.slashdot.org/article.pl?sid=08/04/15/1941236&from=rss) was broken, and Gmail's CAPTCHA was broken (http://it.slashdot.org/article.pl?sid=08/02/27/0045242) and even Yahoo's CAPTCHA was broken (http://it.slashdot.org/article.pl?sid=08/01/30/0037254).

Combined with an auto-temp-ban after an excessive number of wrong guesses, any type of brute-force attack would be completely ineffective and human solvers would have to be used.

Until your users start complaining because the false positive rate has become unacceptable (and it will). Then you relax your CAPTCHA standards in order to keep traffic, and suddenly you have a bot problem. It's a never-ending cycle.

While I have no statistics on the average intelligence of the Battle.net player, I do have plenty of experience playing, and while have run into a few smart people, the absolute overwhelming majority of people that play just don't have a clue.

Ahh, the ever elusive anecdote. You might as well make up a number--at this point, it has the same effect.

And when is 1% "broken"? Look at this chinese hacker is selling (mods, its not a link to his hacking website. its a blog commenting on it). http://www.codinghorror.com/blog/archives/001001.html

1% of 1,000,000 (via proxies) is still 10,000, and proxies are easy to come by.

He hasn't even bothered selling the google one because its only at 30%. He wants $8000 for the yahoo one, and that's 45% success.

He likely isn't selling the Google one not because it was at 30% success rate, but because he probably uses it for himself and doesn't want it fixed yet.

Also, it seems like were arguing over a molehill. Truly, just HOW MUCH time and inconvienence are we talking to enter in a CAPTCHA to play? 30 seconds? 45? I never expected to see such vigorous opposition for such a small, trifling implementation that can potentially offer huge benefits.

I spent a half an hour trying to register, and that's with one of the "better" CAPTCHA systems. I don't have opposition to them implementing some form of game limiting--I have opposition to them using known broken technology in a way it wasn't meant to be used for the sole purpose of limiting something better limited by other solutions.

I like the idea but this cant be stressed enough:

People I realized what the real problem is.
The REAL PROBLEM is people are willing to PAY for game items.
As result there will be bots or some kind of cheating and if there will be no cheats there still will be people from poor countries who make a living by doing mf runs all day.

So basicly there is no need at all to ban the bots.

There is financial incentive for these guys who sell/run bots.

They will probably find a way around anything.

I'm holding my breath about D3's security...

Blizzard will probably be able to fix this problem either way somehow, but this solution in my opinion works. I don't think it'll kill you to type some words.

I linked to that article solely to show the Chinese hacker's exploits without getting myself banned. Its from 2 years ago anyways; the stuff he wrote is old.

When I was referring to "hard it is" (it = the CAPTCHA), I was referring to hard it is for a human-being to read it; not for how hard it is for a computer to solve.

Users would not at all be in a danger of being temp-banned. Assuming 6 characters in the CAPTCHA key, 26 letters, and 10 numbers, we have 36^6 ~= 2.2 billion possible CAPTCHA keys. Giving the user a generous number of allowed guesses (100), the odds a brute force attack succeeding then are 100/2.2 x 10^9 ~= 5 millionths of 1%. What is wrong with this? I'm not seeing it.

My experience playing this game is hardly anecdotal. If I ran into one stupid person and wrote all of BNet as morons, it would be. I've been playing since 1.04, and the average pubbie is a retard.

How on earth did it take you 30 minutes to register? I registered for another forum to test that, and it took 1 minute and 55 seconds. What on earth were you doing in these 30 minutes? It does not take 30 minutes to answer a reCaptcha. I went to www.recaptcha.com, and solved 25 reCaptchas in 2 minutes, and i wasn't racing either.

If you feel THAT strongly that a captcha is detrimental non-fix, what WOULD you do in terms of game-limiting to thwart automation of the game?

I linked to that article solely to show the Chinese hacker's exploits without getting myself banned. Its from 2 years ago anyways; the stuff he wrote is old.

Yeah. The stuff I linked to is from a year ago anyway--it's as new as it gets.

When I was referring to "hard it is" (it = the CAPTCHA), I was referring to hard it is for a human-being to read it; not for how hard it is for a computer to solve.

That's the thing with image-based CAPTCHAs: those two things are equivalent because of OCR. All CAPTCHA-breaking techniques are a combination of OCR and knowledge about the generation algorithm, and you notice that being web-based (which means the generation algorithm is entirely hidden instead of just obscured) hasn't changed the odds in CAPTCHA's favor.

Users would not at all be in a danger of being temp-banned. Assuming 6 characters in the CAPTCHA key, 26 letters, and 10 numbers, we have 36^6 ~= 2.2 billion possible CAPTCHA keys. Giving the user a generous number of allowed guesses (100), the odds a brute force attack succeeding then are 100/2.2 x 10^9 ~= 5 millionths of 1%. What is wrong with this? I'm not seeing it.

Now, multiply that 100 attempts by 50 proxies and use a dictionary attack instead of a brute force, and you have at least 1% success rate, if not more. Now, add in a bit of knowledge about the generation algorithm (maybe it's a Linear Congruential generator and doesn't have a good distribution, or maybe it always uses a letter or a number as the first character, or maybe it always implements certain characters in certain ways, etc.), and you can bring that up even further.

My experience playing this game is hardly anecdotal. If I ran into one stupid person and wrote all of BNet as morons, it would be. I've been playing since 1.04, and the average pubbie is a retard.

Sorry, but you're not a celebrity, nor are you a psychologist, nor are you any sort of respected authority I've ever heard about to be making these claims. All you're doing is providing anecdotal evidence without any numerical or otherwise basis to back it.

Feel free to prove me wrong, here, if you can.

How on earth did it take you 30 minutes to register? I registered for another forum to test that, and it took 1 minute and 55 seconds. What on earth were you doing in these 30 minutes? It does not take 30 minutes to answer a reCaptcha. I went to www.recaptcha.com, and solved 25 reCaptchas in 2 minutes, and i wasn't racing either.

I couldn't read a third of them, my username was invalid 4 times (leading to what I have now), and by the time I found a combination that worked, it had been 30 minutes.

If you feel THAT strongly that a captcha is detrimental non-fix, what WOULD you do in terms of game-limiting to thwart automation of the game?

I would seriously look at the reason why people are automating the game, and fix that, instead. I've already mentioned this, in fact.

I do agree D3 needs a serious and noticeable anti-bot implementation. However I disagree that today's current CAPTCHA standard is the answer.

A poor captcha can easily be broken, but a good captcha is impossible to thwart with current techniques - well beyond the capabilities of diablo botters. There are undoubtedly software that can correctly answer older captcha prompts, but newer, better ones that focus on clumping the letters together are very difficult to crack.



#1 Wanna-bet?
#2 Captcha does not to stop sweat-shopping.

I have absolutely terrible eyesight, I'd prolly never be able to log in if they implemented CAPTCHAs.

Items-for-pay merchants and the bots they control have pretty much ruined Diablo 2. You can see that whenever you go to the join game screen. Whenever you are in a public game, inevitably, a bot will join, kill the act-5 trio and the act-3 council, and then jet.

A while ago (a very smart individual whose name I have forgotten) suggested that you must pass a CAPTCHA prompt when creating or joining a game in Diablo 2. Everyone knows what a CAPTCHA prompt is, but probably not by name; it is that garbled series of letters and numbers that you must decipher whenever you want to join a forum or post lots of comments on Youtube. This is done to prevent spambots from swarming the forum so they can advertise penis pills, lost nigerian millions, etc.

If a CAPTCHA system was introduced into Diablo 2 when joining or creating a game, the bot problem would be immediately and forever quashed. Its a slight hassle, but I think any level-headed person would accept that small sacrifice. However, I have a feeling that will never see the light of day in Diablo 2.

Such a system in Diablo 3 would prevent the rampant botting that has engulfed the Diablo 2 realms since 2006 (thereabout). It should also be used when creating an account, to thwart the outrageously annoying spam ad-bots in the public chat.

Condensed version of this post:
A CAPTCHA system should be used in Diablo 3 whenever a player wants to join or create a game, or create an account. This would eliminate loot-bots, in-game ad bots, and chat spam-bots. Such a system would benefit Diablo 2 greatly, but probably won't surface. Diablo 3 should have it.

Personally I think along with the new Bnet 2.0 system, Blizzard should heavily announce that they will be IP-banning anyone caught botting, or just not playing the game the way it should be, that way the faggots will think thrice before even attempting it, since it's not only their *** alone on the line. This IP ban should be given out on first offense, but normal account bans should be given out for anything else.

I have some faith in this Bnet 2.0, but as Bnet advances, who are we to think the hackers and botters don't get craftier as well?

There are ways around ip bans.

There are ways around ip bans.

Namely, anonymous proxies. They're easy to come by, even.

It takes the average internet user less than a few minutes to change their IP address once they know how to do it. Router+New MAC Address+Power Reset = New IP.

Wow, usernamesareforlosers, excellent posts. I hope you stay around. I've learned a lot from your posts and I hope that the guys at Blizzard make the right decision and never, ever, consider CAPTCHAs as a solution.

Welcome to the forums!

Yeah I don't like CAPTCHA's they are annoying, and essentially solve nothing, if someone is going to go through the trouble of making a bot to bypass warden, then they can easily go through the trouble of bypassing the CAPTCHA.

You need to just trust in blizz that b.net 2.0 they will have as good as anti-hack setup as WoW (which is partially only because they have invisible GM's running around everywhere, and its a monthly fee so they care)

Hopefully blizz cares even when there may not be a monthly fee, hopefully. But CAPTCHA is not a good solution, quite annoying to I think it would force me to quit a game if you had to enter it EVERYTIME you entered a game.... Its bad enouph that if you want to use the search function you had to enter it.

It takes the average internet user less than a few minutes to change their IP address once they know how to do it. Router+New MAC Address+Power Reset = New IP.

It also depends on their ISP.

IP bans are completely unreasonable, many, many Internet users are assigned dynamic IP's by their ISP to deal with the problem that there aren't enough IP's to go around. Banning an IP will result in the next person being assigned it to be banned for something they did not do. Many users are not savvy enough to know how to reset their routers or force the assignment of a new IP.

I'm tempted to suggest instead that Blizzard delete the offending account and ban the CD key instead but that is a bit drastic, especially for accounts that have been hacked.

But all this is off topic to this very interesting CAPTCHA thread. Boy do I hate CAPTCHA, most of the time I can't read the damned things, now finding out they only marginally slow down bots anyway ... bah!

Of all the petty things people complain about as far as "If such and such features is implemented, I will not buy the game" (*cough respecs/AH/deathproof cough*), I truly think if this feature was ever implemented, I would not be able to play the game.

All this would accomplish is the same thing that the current realm down does, hurt the real players while the bots slip on by.

Hi!

One of the limiting factors would be 1 account per key. If you consider the muling is not needed anymore this could be bearable. Eaven if it's not the account they could ban the key that was used to create that account. This way you could have many accounts but if the key was used on an account that has been botting every account is closed.

OFC as we all know this won't stop everything as these kind of limitations are in most MMO games and still they have gold sellers. This could still cut off the casual bot users that put the bot on to run the place when they are off the comp and such as if they would get banned they couldn't play.

CAPTCHA could be introduced so that if the game thinks that you are botting/starting too many games it could ask it. ATM in D2 it bans you straight up if you start too many games in a short period of time. Then if cou can't insert it you try again limitless times but you can't make a new game for a while without getting it right.

Welcome to the forum usernamesareforlosers. I was pointed to this thread by someone else, and read it from start to finnish, Very informative posts. Hope to see more posts by you :D

If CAPTCHA was ever to be implemented, it HAS to be only in such a way:
Start about 3 games quickly one after the other, and it should only then interfere and ask for a word to type or something.

That way, most times you won't have it trouble you. But would be an extra, even of small effectiveness, protection.

I agree generally with usernamesareforlosers, even if I hate his "apocalypse now" style (you know, "the world is over by tomorrow, you all die, the bots will kill all of you, you are too late" and the such, hehe :P)

usernamesareforlosers makes some awesome points, most of which I agree with (depressing, the bots are here to stay).

In regard to the average intelligence of the D2 player, I just have to say that you can't make any assumptions about it because you may not necessarily see a representative sample in public games. I would like to claim a reasonable level of intelligence, and I very, very rarely play in public games (because of the aforementioned idiots). Also, it is invariably the case that the smarter ones don't have much to say, since what can you say to "hlp me plz, lol"?

One option to combat botting (which they would never do because it would, god forbid, cost money) would be to employ some people to go in and out of games all day and ban the bots they see. CAPTCHA, but the other way around, a human identifying the computers. Seriously, go sit in an open normal game and you'll usually get 10-15 advertising bots come through, and they could just ban them. The difficulty would be, of course, that the accounts of the Blizzard employees would become recognisable, but they could just delete their account and make a new one every hour (when they have a coffee break and do the 20 metre stare thing for their eyes). Same approach to baal botting, just join and if it's a bot, ban it. This one could be countered by running in passworded games of course, but again, it makes it harder for botters since they would have to program multiple bots to join the same game and raise the mf chance (although possibly Blizzard employees could not need passwords to join any game, nixing that fix). This has the same problem as CAPTCHA, they can get around it in the end, but critically it puts the onus on Blizzard rather than normal gamers. There's no be all and end all solution to botting, but it's a way to make it harder for botters without making it harder for real players.

If CAPTCHA was ever to be implemented, it HAS to be only in such a way:
Start about 3 games quickly one after the other, and it should only then interfere and ask for a word to type or something.

That way, most times you won't have it trouble you. But would be an extra, even of small effectiveness, protection.

I agree generally with usernamesareforlosers, even if I hate his "apocalypse now" style (you know, "the world is over by tomorrow, you all die, the bots will kill all of you, you are too late" and the such, hehe :P)

That is just the current situation with realm down repacked to look more appealing, but it still suffers from the problem that bots are very good at following simple parameters(ie, only make x amount of games per hour, etc etc), and all the bots will do is adjust these parameters until they are skimping by on the edge of running into the problem, while legitimate players get left in the wake having to decipher a word that looks like it was written by a 4 year old with dyslexia, while using their non dominant hand.


usernamesareforlosers makes some awesome points, most of which I agree with (depressing, the bots are here to stay).

In regard to the average intelligence of the D2 player, I just have to say that you can't make any assumptions about it because you may not necessarily see a representative sample in public games. I would like to claim a reasonable level of intelligence, and I very, very rarely play in public games (because of the aforementioned idiots). Also, it is invariably the case that the smarter ones don't have much to say, since what can you say to "hlp me plz, lol"?

One option to combat botting (which they would never do because it would, god forbid, cost money) would be to employ some people to go in and out of games all day and ban the bots they see. CAPTCHA, but the other way around, a human identifying the computers. Seriously, go sit in an open normal game and you'll usually get 10-15 advertising bots come through, and they could just ban them. The difficulty would be, of course, that the accounts of the Blizzard employees would become recognisable, but they could just delete their account and make a new one every hour (when they have a coffee break and do the 20 metre stare thing for their eyes). Same approach to baal botting, just join and if it's a bot, ban it. This one could be countered by running in passworded games of course, but again, it makes it harder for botters since they would have to program multiple bots to join the same game and raise the mf chance (although possibly Blizzard employees could not need passwords to join any game, nixing that fix). This has the same problem as CAPTCHA, they can get around it in the end, but critically it puts the onus on Blizzard rather than normal gamers. There's no be all and end all solution to botting, but it's a way to make it harder for botters without making it harder for real players.

basically you want the game masters from WoW. They are hidden to the players(players and bots would not know if they are even in the game with them) and have the power to ban on suspicious behavior(usually after confronting the suspect).

It is a system that works, if they have ways to pay the game masters. With D3 being free to play, I find it hard to believe that they would fund a full staff of game masters to patrol the game(would not be surprised if D3 sold at least a million copies within a quarter of release, that is a lot of games to patrol)

The only surefire way to curtail botting is to have staff who actively look for and ban bots.

basically you want the game masters from WoW. They are hidden to the players(players and bots would not know if they are even in the game with them) and have the power to ban on suspicious behavior(usually after confronting the suspect).

Yup. pretty much.


It is a system that works, if they have ways to pay the game masters. With D3 being free to play, I find it hard to believe that they would fund a full staff of game masters to patrol the game(would not be surprised if D3 sold at least a million copies within a quarter of release, that is a lot of games to patrol)
And that's why I said they'd never do it because it will cost money. Obviously, if you were going to do it you wouldn't be patrolling every game. But looking at the situation in D2 even 5 people would make a massive difference, especially in the advertising bots (which are the ones I loathe the most). From my experience, on average making a normal games gets you at least 5 bots within the first ten minutes. So, assuming 5 bots for 5 moderators, 25 bots per ten minutes, 150 bots an hour. Now that doesn't sound like a lot, but since it's likely there's more than one toon per account (mules/bots) you're getting more than just one. The other aspect of it is that it works by attrition. Some days a botter might get no accounts banned, some days they may get heaps of accounts banned. It makes things slightly less profitable, since they never know when they're going to get banned, unlike those one off big bans where they lose everything at once and then start again, but are reasonably sure of being safe for a few months. Blizzard would never do it though because it would be expensive, but it would be an effective way of making botting just that bit less secure. Although, would it be possible to make a bot fool a human into thinking it's human?

I think one of the best ways for Blizzard to reduce the appeal of botting is through the game itself. The unfortunate natural side-effect of many of these potential "answers" is that it just ruins things for regular players just trying to enjoy their game.

One of the biggest problems I have with these discussions is that we can only look at them from the perspective of Diablo II, which may not have any bearing on the situation once Diablo III is in the picture. What I mean by this is not that perhaps Diablo III will be bot-free because Blizzard will magically figure out how to stop people from being able to create/use bot programs, but that determining the best way to stop bots from running Mephisto or what have you is a potentially fruitless endeavor in the context of Diablo III.

But I guess the problem remains that as long as monsters drop items that people will pay money for, someone somewhere is going to try to automate that system to make the process as easy for them as possible.

However, from what I can tell, many steps that Blizzard might be taking are some of the same things usernamesareforlosers mentioned as being potentially useful for making bots less effective.

I remember reading that at Blizzcon it was talked about that Rares could potentially be the most important items in DIII, the reason for this being that it adds a good sense of replayability / end-game. It's easy enough to gather good gear when you just need to find yourself a copy of the Harlequin Crest, Wizardspike, and Skin of the Vipermagi, but another entirely when your current Amulet has +2 Sorceress skills but is lacking a few resist points to max you out, or the crucial 10% Faster Cast Rate necessary for you to hit the next breakpoint. What's the remedy here? You can hope someone has the perfect amulet for you, but it seems unlikely they'll have found one that has all those mods in one convenient package. So, you have to keep playing, and hopefully you'll find such an amulet, or finally see someone offering one for trade. As was said by usernamesareforlosers, no one has yet made a Bot that can easily evaluate the quality of Rare items.

I'm sure some Uniques will still be powerful gear options, and determining as much will remain rudimentary for bots, but it will mean that the best of the best will likely be gathered by a human being, which at least creates a meaningful divide between the botters and the players (and could potentially make botting unsatisfactory enough to end it as a useful practice).

These next parts are taken from an interviewed posted on the main page:

"The placement of the adventures and quests is much more random, and since the same missions can spawn in different areas with different monsters, that adds a lot of variety and replayability. We’re curious to see how the fans explore and what they like in this build."
I don't know very much about the limitations of botting, but this seems promising. If the best experience and/or items are gathered while on these missions, perhaps this is another step towards decreasing bot effectiveness. It's one thing to have a bot figure out where the "randomly" placed WSK3 stairs are, but hopefully it's another to have one travel through the area, determine and activate the proper missions and complete them satisfactorily.

"Players will know they’re up against a big boss when they have to change their gameplay style. You won’t be able to just charge in and keep using the same tactics you use against a group of Fallen. You have to be more careful against a big boss. A tank character cant just stand and tank as he’s used to. New strategy will be required. We want to make bosses interesting and powerful. They should be a challenge and be varied in what they require of all classes and abilities, as well as from parties. We want to make bosses more interesting than in the previous Diablo games. We look forward to showing them off, but we can’t talk about any specifics yet."
This is also exciting. Killing a serious baddie takes some level of competence, or at the very least variety, fitting in with the general concept in DIII of not being able to just spam the same skill for the entire game, which is hopefully yet another direction that ends up decreasing bot effectiveness.

Ideally, this concept of interesting and varied effort won't be restricted to main and potentially easily avoided bosses, but special packs of enemies and missions bosses etc. etc.

Do you think perhaps bannings result in increased sales? Im pretty sure anyone banned for botting is going to buy another copy of the game.

If the percentage of repurchasing is at least equivalent to the GMs paycheck, then GMs pay for themselves!

The title of this thread is misleading...this isnt news its speculation. As everyone else has said, a patch for a game that is ten years old is not big news. Im sure they will just release the patch when it is done; whether it be before or after or during Blizzcon. On the off chance it is the same time as Blizzcon, I doubt they will make it some announcement. All they will probably do is update the necessary areas.
_________________
Auto Europe (http://mercedezman.webs.com)