#My idea to remove 99.5% of the bots in the game

Hi everyone,

Bots have become one of the main issues on Illuvium servers, affecting both fairness in the game and player enjoyment. The presence of bots can undermine the efforts of legitimate players and drive away many loyal players. Therefore, today I want to present a proposal to tackle this challenge and restore balance to the game.

1. The Problem of Bots

Bots, those automated programs that mimic real players, have proliferated in Illuvium, primarily due to the use of VPNs and virtual machines. These tools allow bots to evade bans and security measures, making it more complicated to identify and eliminate them.

2. Strategies to Combat Bots

A. Blocking VPNs

One of the most effective ways to reduce the presence of bots is to block access through VPNs. Every day, new IPs are created across various VPN services worldwide. To combat this, a system could be implemented to detect and block IPs from known VPN services. This task could be managed by a dedicated individual and should not be costly: with a salary of a thousand dollars per month, this role could be efficiently handled.

B. Eliminating Virtual Machines

Bots also benefit from virtual machines, which allow running multiple instances of the game from a single physical hardware. To address this, the proposal is to ban MAC addresses associated with known virtualization services. Implementing this measure would involve creating a blacklist of MAC addresses related to these services and updating it regularly.

3. Implementing Hardware Recognition

In addition to the above measures, a hardware recognition system similar to those used by programs like "CPU-Z" or "HWMonitor" could be implemented. This system would allow monitoring and controlling the number of active accounts per device, thereby limiting the bots' ability to create multiple accounts from the same hardware.

yes to VPN and mac address ban

not sure about number 3, there might be a privacy/security concern there?

afaik anti cheat software has kernel level permission, it can read all process

I found out that you only need an API provided by Windows at the user level to read MAC addresses.

This may not help with bots directly, but hypothetically what if there was an optional KYC, sort of a blue check mark system like twitter...at least then when you see items listed on the illuvidex you have more certainity you aren't buying off a bot, and then their profitability may collapse. Maybe it doesn't have to be a monthly sub, but a min. ILV staked

if you did a subscription, like $5 a month, its also extra revenue for the dao

I will say it easily: If illuvium asks for more verifications apart from having a personal wallet or a cryptocurrency bank to deposit and withdraw, buy gas for playing, and you add one more security step that any bot can skip it, super easy and 5usd subscription than a bot He gladly pays it but it would anger 100% of illuvium users. It will fail. (You are adding more entry difficulty and not really solving anything)

By blocking a VPN, you block a fairly large part of real players, since some have to use a VPN due to the immutable policy. There will be no bots if they have nothing to farm, remove f2p completely, and let's see how many bots there will be.

they tried to ban vpn at the end of pre-season 2, didn't they? As a result huge portion of legit playerbase couldn't play the game at all. I was getting errors everywhere even tho i'm not from restricted region by imx

They will calmly pay to obtain airdrops; bots that can generate $100 will easily pay $10 for a subscription to exist

Blocking accounts that use VPNs is a mistake that won’t solve the problem with bot farms. They stopped using VPN services a long time ago. Nowadays, they rely on anti-detect browsers and a huge number of proxies available on the market. It’s nearly impossible to fight against that. Blocking VPNs will just push away a large portion of players, including myself. Entire guilds, who have been part of the project since day one and contribute positively to it, will be affected. The real issue is with the distribution of airdrops—that’s what the bot farms are targeting.

A convenient solution for this issue with bots in airdrops and in-game money movement would be to require one or two KYC (Know Your Customer) verifications per person, which would solve everything. You have the entire current season to add your KYC in order to claim mission points, participate in the airdrop, and withdraw money. By implementing a KYC with an ID or a similar unbreakable method, only the real players would remain, and the bots would be gone! If there are minors involved, they should be required to obtain parental authorization, which would be the correct approach. Otherwise, they can play for fun. However, for money withdrawals and participation in airdrops, a mandatory KYC would solve the problem!

When you make your game available all around the globe without any tool then we can talk about it, otherwise this topic is insane. Ask Russian, Chinese and other ppl if they can get access to the game without VPS and so on. The answer is - we can't. I bought another month of VPS for 5$ today coz it's the only way to play the game.

These are all terrible ideas that will still not solve the bot problem. I hate to say it, but we're approaching a point where AI can straight-up play a game like this without a lot of training and look 100% like a human player. If that day hasn't arrived, it is arriving in less than a two years. No KYC, VPN, or VDI policy is going to change that for this game or any other. Yes, you can ban bots when you find them, but it is going to be increasingly difficult.

To do it right, (1) you are going to need AI to look at player actions streaming back from their IP. Look for little inconsistencies in play style between known humans and suspected bots. The data will contain signatures human brains can't see fast enough, but an AI could point out anomalous style. (2) You'll need a validation team to contact suspected bot users. As a crypto game where anonymity matters to many of the players, this is going to be the most daunting task. You can't just ban those you suspect of bot behavior; you'll have to verify it. Perhaps eventually, the confidence level of the AI approaches 99%, and then maybe you could be confident suspending those accounts waiting for an appeal. The "customer support" angle is going to be a royal pain in the butt, however, it will be required. Banning legit players will almost certainly tank any hope of expanding the future user base.