Zach Wegner wrote:sje wrote:What do you mean by "meaningful"? If 99.9% of the end users are deterred from cheating, is that meaningful?
I'd say that's meaningful, if the 99.9% is taken from those that would want to cheat. If the deterrence mechanism is something like "Please don't cheat!!!", while relying on 99.9% of authors to be honest, that's not meaningful of course. Really I'm just wondering how you would do this. I personally can't think of any solution with an open source client and server that couldn't be hacked in less than an hour. And that's quite generous.
Also, the server can use timing fraud detection techniques without client assistance and which are impervious to client host chicanery.
Again, how?
I don't want to get off on a tangent about timeseal here, so this will be my last post on timing lag fraud.
A client does not have to be open source, so reverse engineering might not be as simple as you expect. A client may employ more than one fraud detection method and could switch from one to the other (or use none) randomly. It could take a great deal of detective work to undermine all of the methods. Furthermore, if the server policy rewards even a single detected cheating event with a lifetime ban, who would risk the attempt?
The Internet protocols that support ping and traceroute can be used to detect timing fraud. The server can surreptitiously send an occasional ping to the client host and if the ping results repeatedly come back faster than the client response, then that's fraud. If the cheater disables ping replies, then the server can examine the user IP address and try pings on machines on the user's LAN. Also, the route to the user can be traced and pinging can be applied to the user's immediate upstream hosts.
It might even be possible to bounce e-mail to a non-existent user on the client host and derive lag data.
And there are some more methods like surprise challenges with closed software where a user just won't have time to do any reverse engineering.
Finally, the server can set a maximum allowed lag and charge time to any that go over the limit.