Oct 22nd, 2003, 20:17:09
Exploit Team Lead
**FAQ** Exploits/Exploitable Bugs in Anarchy Online
Part I. Technical information
What is an exploit anyhow?
No. 11 of our Rules of Conduct (RoC) states the following: "You will not exploit any bug in Anarchy Online and you will not communicate the existence of any such exploitable bug (the definition of bugs like this is: a bug that grants the user unnatural or unintended benefits in game), either directly or through public posting, to any other user of Anarchy Online. You will promptly report any such exploit via http://help.funcom.com/ and never use it again."
Bug = [Computer Science] A defect in the code or routine of a program.
An exploit is a bug that grants a user an unnatural or an unintended benefit in the game for a character of their profession and level. Meaning, it's a bug or design error that makes it possible for characters to fight monsters, solve quests, earn money, get items, etc. that normally should be out of that character's reach or not possible in the first place. Basically, exploiting can be described as cheating.
If you're not sure if something is considered an exploit here's what we expect you to do, and what you shouldn't do:
Send an visit http://help.funcom.com/ including a description of what you think might be an exploit - this is the correct channel to use in regards of exploits. Try to include as many details as possible such as character names involved, the level and faction (Omni-Tek, clan or neutral) of the characters involved, date/time when it happened, the playfield where it happened, etc. and possibly a step by step procedure. You'll receive a reply, sometimes with the request for more details or an in-game meeting if needed.
We expect you to inform us about exploits, not tell other players about your discovery (this includes in-game channels, message boards and other possible communications) and to not use the exploit after you've found it. It is very important not to spread information about exploits after they have been discovered, as the team needs time to solve the problem and to keep the amount of players that might use it as small as possible.
Also, remember that exploiting and/or sharing of exploit-information might lead to the suspension of your account, banning and/or deleting of characters/items/credits. Furthermore, we'll not put out any information about exploit fixes until they have been patched to the live dimensions; we do that in order to not spread exploit information ourselves.
Last edited by Anarrina; Jun 14th, 2012 at 17:54:53.
Oct 22nd, 2003, 20:18:18
Exploit Team Lead
Part II. Onto some of the questions I received over the last years
"I have an idea that could improve your work!"
I appreciate objective criticism. So, please, if anyone has suggestions on how to improve the work I do with exploits in AO I want you to write me - http://help.funcom.com/
I can not promise you that everything you might suggest will become true, but if something is possible from our end I will at least go through it and give it some thought and discussion with others in the team and my supervisor.
"Will I get banned for reporting an exploit?"
If you follow the procedure mentioned above you do not have to worry about actions on your account for reporting an exploit you discovered, saw or heard about. No one has ever been banned for reporting an exploit only.
However, it totally changes if we see someone who was involved in the discovery of an exploit sharing this information with other players, or using it afterwards, etc. THAT is when someone who originally reported something could have to deal with consequences towards his/her account
"What if an entire team discovers an exploit? Does everyone have to write an email?"
If an entire team comes across an exploit, one of the people involved could write in the name of the group. List the names of people who were involved and describe in detail what happened. Everything's fine then.
Again, it totally changes if we see someone who was involved in the discovery of an exploit sharing this information with other players, or using it afterwards, etc. THAT is when someone who originally reported something could have to deal with consequences towards his/her account
"I felt threatened when I tried to report an exploit in game!"
I encourage players to send a direct email to me if they indeed feel threatened by either ARK or GM for wanting to report an exploit. I can then look into it and take appropriate action if ARK and/or GM didn't follow the proper procedures concerning an exploit-report.
NOTE1: You should always email me about an exploit, except if something is happening *right now* that requires immediate action.
NOTE2: This only goes for exploits, I am not in any way responsible for abuse by GMs or ARKs in general. This is the CS manager's responsibility, respectively the ARK manager's responsibility.
"You sound so mean/rude/harsh...!"
It is certainly not our intention to ever sound rude or harsh when interacting with anyone. The way I was trained to interact is that I have to be completely neutral. Being completely neutral and always 100% politically correct can perhaps be *perceived* as unfriendly since I simply can't take sides, but it is definitely not intended to be rude, harsh or even unfriendly.
"How are we supposed to know what is in exploit? Why isn't there a list or exploits/punishments to expect if you exploit?"
I'm afraid there will never be a list of known exploits if that is what you're asking about. Why? The answer is quite simple: because it's too risky to be blunt.
In other words, by publishing a list of exploits we could give players more ideas to exploit, we would encourage them to try to reproduce some of the already known ones in a slight different way, etc. Due to the same reasons we'll not put out any information about exploit fixes until they have been patched to the live dimensions; we do that in order to not spread exploit information ourselves.
"Can I make a new account when my account was banned?"
No. 11 of EULA seems to upset many of our players. I'll try to explain a bit more:
I don't go around hunting for possible returned players.
BUT I have to look into every report I'm getting. Meaning, if player X reports player Z for being a banned player who exploited before, who came back yet again I can not ignore that. If I would (even though I couldn't because of my conscience) then I can already guarantee right now that it'll be brought up in a later case as favoritism towards the player we didn't "pursue", but now we are doing it to another player. Also, by ignoring that I could get in trouble for not doing my job (meaning, ignoring certain areas I don't want to deal with).
From now on I will include a note in every email that goes out concerning a ban that makes the player aware of No. 11 in the EULA and that they should always contact me before even thinking about opening another account. I understand that some players might not be aware of the fact that they can be banned again when they open another account and that could be unfair (even though everyone should read the EULA )
"Can't you get rid off this rule for good?"
We will never be able to get rid off this. We need to keep it, because we do need it in certain cases. If someone keeps creating accounts and keeps damaging the game we need to have the possibility to remove this customer based on the EULA/RoC. We still have this happening and I don't think it'll ever stop.
Last edited by Anarrina; Jun 14th, 2012 at 17:55:30.
Oct 22nd, 2003, 20:20:04
Exploit Team Lead
"But it seems like you like to ban people.."
That's false. In fact, I don't like it at all. Banning isn't something that happens daily or even weekly, in relation to game offenses. The majority of bans are related to charge backs or fraudulent account / cc information according to Fadinaway (CS).
Fadinaway: "It seems everyone thinks banning is running rampant and we just ban everyone we can. Banning isn't something that happens daily or even weekly, in relation to game offenses. The majority of bans are related to charge backs or fraudulent account / cc information. We do those rather frequently, seems there are a lot of thieves in the world. We do not like banning people, at all. We look for reasons to *not* ban or suspend people, but when certain people continuously break RoC or break other rules we have to take action."
"But how do you explain that there are no warnings anymore, no suspensions, etc?"
I can only repeat that this is not true. However, I do not deny there are bans without a warning first. This depends on the severity of the offense and it happens. It's correct that things have changed compared to right after launch.
There are still notifications, warnings, requests for information before something is done on our end - it all depends on the severity of the exploit though. One person does not define the severity of an exploit only. According to my numbers, there are more suspensions issued than bans.
"I *never* received an email why my account was closed!"
Every time someone gets banned/suspended/warned you get an email from me. I think I had only one case where I gave up sending emails every time I closed a new trial account after the 5th account.
What happens most of the time when players claim to not have received an email is that they were not using the same email address anymore that they originally registered with. That's not our/my fault. If they don't keep their account information UTD then that’s unfortunate, but not our mistake.
"Did you really give player X item X for reporting an exploit?"
I *never* gave anyone an item for reporting an exploit. The only actual *item* I ever gave to some players to brighten their day was chocolate cake. I highly appreciate the help from players and this is one way to show my appreciation besides thanking them with words.
"What happened to player X? Why did you ban my friend Y?"
Any request about information about another player's case/account, be it per e-mail, petition, IRC message, etc. will be answered in the same way: we cannot reveal any information about another player's account at all, there are no exceptions.
Meaning, we won't tell you if a player has been banned/suspended by us, we won't tell you why the player has been banned/suspended, and we won't tell you any details either. This is simply because we consider this sensitive and personal information of the account owner, and should not be shared with anyone but the owner of the account.
We're aware of the fact that this will always only give one side of the story and
We don't discuss another player’s issue because it isn't anyone else’s business. Unless discussed directly by the account involved in public, we are bound by laws in some countries and integrity to keep that information to ourselves.
Try to keep in mind that just because we don't comment on things doesn't automatically mean they're true.
"Can I be banned for having 2 of the same UNIQUEs in my bank?"
Generally speaking, no one would ever be banned for *just* having 2 of the same UNIQUEs in the bank. I very well know that this can happen by accident.
However, if we have proof that a player for instance has tons of the same UNIQUEs in the bank and we can even prove that the player was very aware of the fact that a workaround was needed in order to get this to work then that ...
"I wanted to hear what comment you had on the instance someone mentioned where they clicked on you with their mouse and you sent them a menacing tell."
There's no way for me to tell if someone's left-clicking on me. I had no idea where this came from that's why I didn't mention it.
What it *could* be, in some twisted version, is that if someone tries to attack me and they can't do any damage.. then I could have said something like: Wanna try that again? =P
"You have alternate characters in <name of guild>!!"
I have tons of characters, mind you, for testing reasons, but neither those, nor my play-characters are in any player organization.
Last edited by Famine; Aug 23rd, 2006 at 20:44:39.
Oct 22nd, 2003, 20:23:06
Exploit Team Lead
"How come the suspensions or the "punishments" in general vary for players?"
That's a good and valid question - let me try and tell you about what usually happens when we get a report about an exploit/exploiter.
First off, note that we have different levels of exploits according to their seriousness. The offenses are dealt with keeping the severity in mind.
As well, the account history also comes into effect - meaning, if the record's clear and the offense is a minor one the player might get away with a warning.
Of course, it can also happen that a player with a clean record can be banned on the first offense (which is determined due to the seriousness of the offense again).
Or vice versa, a player with a bad history on the account can be permanently banned for a minor offense if it seems the player won't ever stop doing what he/she did/does.
You can probably already see that it might not always be an easy call - therefore, the rather delicate cases are always discussed with the team, and decisions are made together.
Each report (be it from a player, from a GM/ARK or from our logs) is looked at as soon as possible, and every e-mail receives a reply. Usually, the report includes a player-name so the first thing we do is checking the accused character - note: there is always an investigation before we take any actions against an account.
If we have proof that the character abused a bug the next step can be (according to the severity of the exploit) - an e-mail notification about what happened and the chance to comment on the accusation (minor exploits, account most likely not suspended), closing the account during the investigation (suspension, the account will probably be re-opened if we don't come across more offenses on the account during the investigation), banning the account (severe exploits, exploiters that come back on another, either new, bought or transferred account, and weren't allowed to have a new account, etc.) If you receive such an e-mail, always only reply to the original e-mail that has been sent to you. Do not send in several, new e-mails regarding the same topic. Do not log in to a friend's account in order to petition your case. Do not ask friends to petition for you. Do not take it to the message boards as you risk your message board account being closed if you do this, etc.
Remember, there will always be an e-mail sent out to the e-mail address that is in the account information. If you didn't receive an e-mail it's most likely that you're using a new e-mail account and haven't updated the e-mail address in your account information. If that's the case you should update your account information with the new e-mail address and send in a request to re-send the original e-mail.
What separates us from most other MMORPGs is that we look at each case separately.
Now, naturally, it can happen that we make a mistake - in that case, if you feel you have been wrongly banned/suspended get back to us using only the original e-mail that has been sent to you, and discuss the case with us in a mature manner. If it turns out that we made a mistake, the account will be re-opened and the time the account was wrongly closed will be reimbursed in most cases.
This leads to another factor that affects the outcome of a case - players should remember that it is also against the rules to abuse Funcom staff and volunteers. Frankly, it's just unnecessary. Abusive, threatening, or insulting language toward ARKs, GMs, or any other person acting on behalf of Funcom at any point in the process will factor in to the final outcome. A simple explanation for your case is the best way to get your point across.
"Well, where's the proof that I did this and that? You can't prove it. Show me!"
As mentioned before, the cases where we suspend an account solely because of a su****ion are very, very rare (this could be a case where we know a player did something, but still need to figure out what exactly happened, and the consequences of leaving the account open are considered dangerous for the game-world), meaning there's usually always an investigation, respectively proof, before we close an account permanently.
The last thing we want to do is close a player's account for no reason so this is not something that we take lightly or do without solid proof. Throughout an investigation, raw data is pulled out of our logs and is read an analyzed by trained employees.
By providing this level of detailed information to a player or to the general public, we would open ourselves up to showing others how exploits can be done. That is why we won't give out those details. It is important to remember that while we do so with caution, we have the express right to close any account, for any reason, to protect the integrity of the game.
"I only exploited to make you aware of this. I'm tired of the exploit not getting fixed and this was the only way to get it done!"
Always make sure to use the correct (or one at all) Funcom channel to report exploits. Only then can we guarantee that they're looked at immediately, verified and fixed. Remember that complaining to other players (in game, IRC, ICQ or whatever) does not count as a report of the problem.
"I only did this because my friend/team/etc coerced me in doing this!"
This is something I cannot prove. I work with facts and only with facts. I cannot prove intentions, really.
"Why are some exploits not fixed immediately/earlier?"
Respectfully, I have to say that sometimes a "fix" might look very easy/obvious for a player, but in fact is not. The problem with some exploit fixes is that the specific code/design change can affect other, sometimes major parts of the game-world - in those cases the fixes might take longer, as we need to test and implement them very carefully.
Also, even though exploits are the highest priority next to blockers and crash bugs we have to prioritize exploits among themselves. I can understand that we will not always agree on what deserves higher priority and what can wait a bit longer.
"I know my character is going to be deleted/my account will remain closed, but can I remove item such and such before you do so?"
No, unfortunately, this is not possible.
"I wasn't exploiting myself, my brother/friend/sister/etc. was on my account."
You are entirely liable for all activities conducted through your account, and the login and player names registered to your account. In addition, you're not supposed to share an account.
"My friend/brother/sister/etc. told me it isn't an exploit when I asked him/her/etc. How can I know??"
As mentioned above in part I. - if you're unsure about something being an exploit or not, rather contact me per e-mail than talking to another player about it. Clearly, if you contact another player regarding that, you already must be su****ious if what you're curious about is an exploit/bug or not.
"I was only exploiting on my other account, why did you suspend all my accounts?"
In some cases we close connected accounts. Again - it depends on the severity of the offense/exploit, the co-operation of the player during the investigation, etc. If a player had multiple offenses on several accounts it can happen that we do not want this player in the game at all anymore. Meaning, all accounts (current and future ones) will be terminated.
Last edited by Genevra; Oct 22nd, 2003 at 20:50:29.