Dealing with duping (multies)

[morales2k]

The list until now:
*place cookie and check when registering Disadvantage: people can remove cookies from computer
*IP tracking Disadvantage: people can share computer, change IP, ...
*check for matching passwords (people who use the same password, are suspicious) Disadvantage: it might be imposible to recover password from the db
*check for matching usernames (people who use almost the same username, are suspicious ; e.g. Jack and Jack2) Disadvantage: some people just use simillar usernames, this isn't that rare
*check for matching e-mail accounts Disatvantage: People can create multiple e-mail accounts

Other ideas for treating multies:
*have a section in the games forum where player bans are reported / cheater status ("name and shame")

Hi, I am new here... Like many of you I have been thinking about this too.

I am yet to finish my bbGame, but this is an issue that concerns many of us devs... so...
How does this sound?

I have thought of logging a lot... everything this list has so far sounds good, and I would add the browser/system OS spec which is available by checking the user agent.

We could also make it less appealing, by using player-to-player interactions that are time-limited, such as once per day... or per 6hr period, a player can make one interaction during that time with another player... that would include send or receive stuff, and have the players approve the transaction before it counts... maybe even add a queue for the transactions so they can make more than one transaction and leave them waiting to be resolved until the other player aproves it. This will slow down the effectiveness of having multies or alt accounts... however, it deters from having a transaction time log because transactions will be placed and accepted later on, so cases in which you could argue wether or not someone switched seats with his/her brother/sister/etc. in seconds, would be ruled outta the question here because we make them wait 6hrs or whatever timeframe we choose...

we can also disable player to player trades or interactions for players with the same IP address...

I wonder how effective is the cookie check if I use FF, IE7, IE8beta, Opera and make 4 accounts... only the IP will show the same, but if I use a proxy then it will all be different, and cookies won't show any difference as long as I log each account on the browser I used to create it... so I could simultaneously run that many accounts undetected... browser check will be ok, no flag raised, ip check will go ok too, cookie will go ok, only thing will be the user agent OS that will be the same and the screen res, and one cannot judge a dupe account on those parameters alone... >_<

[JGadrow]

I wonder how effective is the cookie check if I use FF, IE7, IE8beta, Opera and make 4 accounts... only the IP will show the same, but if I use a proxy then it will all be different, and cookies won't show any difference as long as I log each account on the browser I used to create it... so I could simultaneously run that many accounts undetected... browser check will be ok, no flag raised, ip check will go ok too, cookie will go ok, only thing will be the user agent OS that will be the same and the screen res, and one cannot judge a dupe account on those parameters alone... >_<

Exactly! This is why I think the best action is to limit the benefits of multi-accounting in your game. Additionally, the measures provided by others above helps to reduce the likelihood of someone creating multiple accounts. It's just like any other form of security, it CAN be beaten with a thorough effort, however, placing more road blocks in the path of the would-be offender can make them look for a softer target instead.

[Nox]

I like the most what Scione described - logging and rating every suspiciuos activity
Also combined with some limits and login/name/ip+os/etc. similarity checker would be something I would head for

[incarnate]

But if they are paying i wouldn't mind at all lol unless it is causing you to lose other members

QFT, I'm planning on user shops, but you'll have to buy a license to open one. Anyone can buy from the shop but all transactions and statistics will be logged and there'll be a flagging system in place.

[die4me]

Setting up a trading pass can also keep people from doing it if they know it will take time to get a pass.

[zykal]

I never really dealt with them unless it was causing a probelm. the major problem being fighting ones self for EXP. If I saw that or got a report of it i'd check it and if I saw give a warning. after that I'd either give them an EXP penalty for a while or ban the account for a week. after that it was account deletion. Players will police themselves you just need to be the one to enforce it.

[ST-Mike]

Admins have ignored my deletion request - if you're not going to delete my account then don't have the option there please.

[jannesiera]

I'm confident that dupers can never be caught if they're doing things properly - just using two seperate environments. For example two connections, two computers, two password hashes and two valid e-mail addresses... (etc). I can't see what could be done to see these are owned by the same person... so its always going to happen for those who are experienced enough and have enough time to waste (would love to be corrected though if there was some crazy method to catch dupers 100% of the time)

Off course, but that doesn't mean we can't stop the 99% other cheaters who are too lazy to completely protect themselves .

[ST-Mike]

Admins have ignored my deletion request - if you're not going to delete my account then don't have the option there please.