[MUD-Dev] Guest Voices #2: Griefing in Online Games

cro at alienpants.com cro at alienpants.com
Thu May 12 01:27:59 New Zealand Standard Time 2005

I wasn't going to reply to this, but given my recent work (large-scale
Identity Management and Roles Based Access systems), a couple of the
comments in this piece have been niggling at the back of my consciousness
since I read them.

[Steven B Davis wrote:]

> The Cost of Insecurity: Griefing, from Anonymity to Accountability
> by Steven B. Davis 2005-05-10


> Similarly, credit card controlled accounts for massively
> multi-player games can strongly identify an individual player
> during a session, but they also cannot be bound to a potentially
> offending message.

This is the bit that's been stuck in the back of my head. I don't
understand why a credit card controlled account cannot be strongly
tied to a potentially offending message, especially if the chat
server/game server actually has a coorelation between the login
account (and hence the credit card details) and the player avatar -
which, to my understanding, is a basic requirement of being able to
play an MMO.

(Note: I understand the potential complexity when you are talking
about a non-credit card controlled account, such as for
CounterStrike or other pick-up-and-play style games. I've also
looked into and attempted to address that by using a credit-card
controlled account system and access proxy for FPS games. This
basically stopped griefing, abuse and other forms of nastiness since
we could identify the actual player performing the actions based on
server logs and tie that information back to their home address and
telephone number, gathered when they registered and paid their
subscription by credit card. Regardless of on-screen avatar name, we
knew who they were - and the same should hold true in any
environment where accounts are potentially controlled by

The way I see it is that any piece of text that is entered and
submitted via the chat server is intrinsically associated with the
originating account in an environment like this (again, I understand
the complexities of this sort of thing when related to IRC - I help
run QuakeNet, the world's largest IRC network).

An example: When I'm playing World of Warcraft, I log in to the
server using my username and password. These are my account details,
and are tied to my credit card details (which alsocontain details of
my billing address, real name etc). I then select my Avatar (which
is associated with my login account) and enter the game world.

While playing, if I submit some chat text, I don't write my username
first - the server figures out who I am and displays as
appropriate. So we have the server associating text from my client
with my login account (and hence my credit card, taken to it's
logical conclusion), and displaying my avatar name for other users.

Isn't this then a strong conenction between my credit card (and
hence me) and my actions in the game world - if the text is captured
on the server and not based on my user logs or screenshots? (Ref:
IRC. We don't accept text logs as proof of anyting, unless said logs
were captured server-side or by a network operator, the equivalent
of a GM)

  (Here's where I don't comment on digital signatures - I agree
  they're a useful thing in certain circumstances, I just don't
  think they're a useful analogy when it comes to credit-card
  controlled accounts in MMO games - unless of course the game
  hasn't been designed with security, auditing or logging in mind,
  and there is no actual code-level correlation between the player's
  billing account and their playing account. Which begs the
  question: who's playing the characters I'm paying for?)

  (I'm also gleefully ignoring the issue of storage for audit data
  and log files - which can easily run into multi-terabytes. But
  there are ways of initiating audit log snapshots based on an event
  - be it a server-side event or the triggering of a GM ticket. For
  text-based complaints, enable a one-hour (or two hour) rolling log
  of all activities on a server. Should someone wish to complain,
  the lodging of the ticket initiates a log snapshot which contains
  audit information, (as well as systems to prevent the same log
  information being resnapshotted by another person) which can then
  be used as an authoritative source for dispute resolution.)

I think the concept here goes as far as what I was writing about the
More Massively Multiplayer Games 2 (techniques for online customer
support). If your game servers are designed from the start to
support Identity (capitalised) tied to strong authentication devices
(a valid credit card), then you should be able to track the Identity
(capitalised again) of a player across all systems and uses within
the scope you are controlling - game avatars, chat text,
server-action, even the trading of goods within the game world
itself - and associate that back to the originating credit card.

Tom Gordon
AlienPants Ltd
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list