This topic was removed by Blizzard from the official forums.

I pulled it out of the browser cache and reproduced here with only minor formatting changes. Since I do not know the official reason, I guess that they removed it because I called Warden spyware, which it is.

Are bots really that evil?

09/12/2009 12:59:17 AM PDT


Disclaimer: I do not write bots. I do not use others' bots either, mostly because I do not trust the writers. Oh, and I would hate to get banned. But! I do not believe that people deserve to get banned for botting. Botting is not cheating.

Check out the Wiki on MUD bots:

It is generally agreed that a sufficiently sophisticated bot will be indistinguishable from a human player, if the bot is able to summon the player to the terminal for those tasks that it is not programmed to perform.[3] For less sophisticated bots, this will mean any event it is not specifically programmed to react to. For more sophisticated bots, this means chatting and other complex tasks.

Note that the Turing test is used to evaluate a machine's capability of engaging in a human-like conversation. As of 2009, no machine has passed such a test, making the conversation test an effective measure against would-be botters. As said, this test loses much of its effectiveness if the bot client in question is able to alert the human with sufficiently short notice, so that the botted game performance may be supplemented with actual real-time human communication, making detection harder.

It is not long before bots can chat about the game. In the case where a bot is using the default interface (moves mouse and generates clicks, for example), it is really not that different from a human. It has only one advantage: it does not get tired.

I believe that the bot "problem" can be most effectively solved by the game design which specifically allows botting via the provided interface.

Chatty != Evil

Instead of hunting spam-bots, design the chat system so that spamming is less effective. It is mind-numbingly simple to do: just give the player a black list and white list. If it make sense, give him also a trainable Bayesian filter. Really, the only effective anti-spam measure is a content-sensitive robot filter.

Balance play-bots

And the play-bots. So I want to play, may be, 4-10 hours a week, a dedicated player will log 40, a bot will do 168 max. I don't care how good your bot is, it cannot go above 168. Can't we just balance the game for bots? I am OK with other people being ahead of me if they spend more time. I am OK with bots being even more ahead of me.

How to balance? Just make a game where a crafty human can do tasks mmm say 4 times faster than a bot. This is not a difficult goal. First, however, you must eliminate cheating (see last paragraph). So imagine D2 without dupes (it really is bizarre that one has to imagine that). No HR duping means that there is no Enigma, no free teleport. In fact, let's just say there is a 9s casting delay on teleport. Under these conditions, I honestly do not see a bot being very efficient in SC or just plain surviving in HC. It has to walk and kill everyone. If useful at all, a bot would be either painfully slow or die a lot.

Discriminating computer players is unfair

Finally, botting is not cheating. Robots want to play games and they should be allowed to. Stop hating computer players. Botting simply automates repetitive tasks. It also encourages human players to analyze the game on a deeper level and teaches them to program.

Fight cheaters instead of bots

Instead of developing lame backdoor hacks like PB and Warden, shouldn't game developers instead write client-server games which insure that no one is cheating? Make cheating impossible. Make it as hard as rooting a patched and secured BSD box. In Diablo, for example, to prevent duping, one just has to delegate the item creation to a Diablo server. To prevent a cheater from revealing the map, one has to generate the map (or at least its basic layout) serverside and feed it gradually to a client. Latency, overhead, blah, blah, blah... I know. But look on the bright side: cheating will be impossible. To sum it up, the client should be designed with the assumption that its memory is readable by anyone, and the server should distrust the client for any task that affects multiplayer. This will require a beefy server which actually handles the game, sans the graphics and the rest of human interaction. Which brings me to my last point:

I may not be very popular here when I suggest that may be we should pay for Diablo 3, but I'll just come out and say it: I would pay a low monthly fee for accessing a game server if it helps to eliminate most grievous forms of cheating. There will always be bugs and exploits, and they will have to be patched in a promptly manner. I just don't think that a game that is vulnerable by design (like D2) is worth any money at all.


The only "good" that came from bots was the deflated value of impossibly hard to get items.

But, one has to wonder whether these items were made impossibly hard to get because of botting, or because of poor design?


Lol'd. Obvious troll is obvious.


Hmm I don't see how this is trolling. Indeed, I find it amusing that players are threatened by very dumb bots and want to exclude them from play. Not only that, but players are also willing to endure silly tests like CAPTCHA, which quickly get harder for humans and easier for AI.

Let me just go on a rant against CAPTCHA, I guess. I am talking to all the people who think that CAPTCHA is a solution to anything. It is not. CAPTCHA is an approach doomed to failure from the very start. From the day on which the first CAPTCHA was implemented, it just became less and less effective, and it will continue to do so steadily until the effectiveness is exactly zero. "Completely Automated Public Turing test to tell Computers and Humans Apart" will obviously fail when computers are either as intelligent as humans or are fused somehow, and these things are happening already and cannot be stopped or even slowed down.

On a more practical note, imagine that you have a social network which grows very large while excluding AI, say, with CAPTCHA. What are you gonna do when it is defeated? Lemme tell you. You will have a system which is completely and utterly unprepared for AI participants. For starters, you will have a flood of spam. If you didn't rely on discrimination, you'd design your system from ground up to be spam-resistant, via automated, personalized, content-sensitive filtering. But you didn't. You were too busy bending letters to look like a squeedlyspooch. And spam is just the tip of the iceberg. Depending on the design, your system may now be vulnerable to data-mining, DOS attacks, phishing. Oh, wait, it was so from the very beginning, you just chose to ignore the problem. On the other hand, if your system is robust to begin with, you don't need CAPTCHA at all.

What's next, rendering 3D text? Ordinary language riddles? Yuk. All of that work will be garbage only a few years down the road, when the exclusion mechanism is broken.

OK, let's go back to general robophobia in RPG. Why all the hate? Can you give me one reason why it is unfair for a bot to play, as long as it is using the same interface as you do?

Before you answer, there is one technical issue here that needs to be addressed. Bots are considered unfair because they can read the process memory and so are very much better aware of the game state. This is a fair concern, but it has nothing to do with bots per se. Unfairness here comes from two sources:

1. *#*%ty game design which allows the game client to know more than it needs. My first post takes care of this point.

2. Proprietary code in the client. This is huge. The problem here is not with bots reading memory, but with YOU not being able to read the same memory and generally not knowing what the hell the game is doing. The client software should be open-sourced and the server should allow modified and/or third party clients as long as they follow the protocol. Then the bot advantage will disappear, as anyone will have access to the entire client game state (in practice, as much as they care about). This may sound somewhat unorthodox, but it is best for everyone.

By making the client software proprietary, designers reward cheaters, who simply reverse engineer everything they need. Legit players get hosed not once but twice: first they get to meet a duper and TPPKer, and the next day they realize that they have spyware (Warden, PB) running on their computers in order to protect them from cheaters, even though they don't cheat themselves. On day 3, however, they see more duping, just as the Warden gets slower, less stable, more intrusive, with the only constant being its effectiveness (low).

You have a picture here very similar to DRM vs Pirates, and we all know how effective DRM is at preventing copying and how "useful" it is to a legitimate user. Unlike DRM, though, which is simply EVIL, a proprietary client is just a dumb idea as it gives cheaters an upper hand at the expense of honest players who have to endure intrusive anti-cheating tools.

Now imagine that the game protocol is open and documented, the default client is open-sourced. Cheating disappears because the client has only as much information as the server gives it! It does not matter if you rewrite your client from scratch: your character will move only as fast as the server moves it and find only those items the server happens to drop. Exploiting server bugs is the only way to cheat, but it is very hard, since the server code is secret. It is very, very, very hard, and given a robust server design (with sanity checks and play statistics throwing red flags) it is practically impossible not to get caught.

I hope that Blizzard recognizes that for games like D3, where the client/server architecture makes a lot of sense, it is beneficial for all, and especially the players, to have free (as in "freedom") client software. As an added bonus, other clients may be developed (or ported) by fans for less popular platforms.


the reason why bots are so evil in diablo 2 is because people will run 8 at a time, and dupe any worthy, godly, and lucky items they get

and there are a ton of them

turning literally 2 minutes of farming into 100's of hours worth, then when the duping is applied MILLIONS

diablo 3 bots wont be the same because they wont be able to dupe

i dont care about bots in any other game because i played enough to where i had excess..... same with my guild...... only time i visited a ah in any game was to sell

bots dont affect me

edit: unless im playing d2


Irrelevant. Duping is an epic design fail and has nothing to do with bots. Legit players who run with 7 bots are only a few times more effective than dedicated human players, who are many times more effective than casual players. If they can balance the game for casual/dedicated player split, they can do it for bots.

At this point the topic was deleted

So, I guess, they booted me for saying that Warden is spyware. Which, to my knowledge, they do not officially dispute. Because, after all, spywire is software that collects information about users without their knowledge, which is what Warden does.

Here is a tool that scans Warden as the latter scans your system, and here is a post from the hacker. Here is more press from EFF, and here is a comment from an alleged "WoW reverse engineer" (long story). I could not put it better myself: it does not scan outside of its memory space, with one real exception when it does.

I am disappointed that Blizzard Entertainment does not want to address this matter openly by admitting that WoW + Warden spies on computers and their users. At the very least they could offer a justification, or, better yet, reconsider using Warden at all. Instead, they chose to use the sneaky route and keep the majority of their users in the dark for as long as possible, by censoring their own official forums.