Hacking bans on frail evidence and with intent disproved?

Discussion in 'General Discussion' started by The Infamous Doc Holiday, Oct 4, 2018.

  1. neutral

    neutral Banned VIP

    I think I can probably explain why evidence isn't shown in all cases- especially since this is one of those cases that will probably be the case.

    Some of the tools that we use sincerely do have 100% conclusive evidence that a hack client was being used on the servers. I can say with confidence that this isn't just some type of 'detection' software like cake which is notoroious for false-detections. They're tools that may display portions of source code, or other types of residues that the hack may be sending to the server. It gives more evidence than just 'Oh this person is hacking- ban'. The reason this isn't released publically is due to the fact that majority of the time this can also release which hacks we are able to find, which source code may need to be disguised/altered, etc. It is absolutely beyond something that can just give off a false positive since more information is provided than just saying it's positive.

    That being said- being former administration myself, I can say with confidence that we're not just out to go banning people for hacks because they're suspiciously good. No matter how annoying they are, there is going to need to be evidence behind it. If we say that there is 100% conclusive evidence, that means there is more than just some videos backing the ban, and it is truly 100% conclusive. You're just gonna have to trust us in those cases because providing the evidence, unfortunately, can normally just cause more issues down the line. Note, these offenses are also all collected and under peer review as well. Although the peer review portion on these is pretty unneeded since these type of bans are totally conclusive. It's more of a check and balance against people banning for no reason- even though I don't have anyone suspecting of doing so.
    • Winner Winner x 3
    • Like Like x 1
  2. Rozboon

    Rozboon Forgive and Forget, or just forget. VIP

    You gripe about how it's weak because they don't show you everything which makes it look like you're whining about not being able to see everything they have.

    Let's get this straight, you arent a mod, you arent an admin, this ban doesn't effect you unless you are hacking, or are super good beyond human capabilities and can't prove you aren't hacking.

    And honestly, why do u care so much? a hacker got banned, the evidence that you've seen is more than enough from both him playing ingame, his history and the videos shown, stop caring so much for something that doesnt effect you.
    • Confusing Confusing x 1
  3. Amatsu

    Amatsu Emerald

    Honestly, the only part of the ban that puzzles me is the 'sabotaging our anti-cheat systems' part. What does that even mean? If the systems can be somehow sabotaged, that might speak volumes to some sort of flaw that hopefully has been resolved...or suggest that Rice and Chicken did more then your typical cheating which certainly would warrant removal from the community.
    • Agree Agree x 1
  4. Opalium

    Opalium Stay Awesome Banned VIP Silver

    Rice and Chicken has triggered one of our internal anti-cheat systems over three times. It's part of a custom system I've written that was specially tailored for our servers. Without too much detail, it is capable of scanning the client for any code that has been tampered with, as well as detect attempts to sabotage itself.
    Anyway, The trigger in question should not ever be reached even once with a clean, unmodified client, so triggering it more three times is more than enough to prove it.
    However, seeing the large disagreement within the community, I decided it'll be worth another try. Perhaps my system was somehow flawed (even though it never had a false positive even once during its entire year of existence). Before I unbanned Rice, I've set up a trap: I extended this specific trigger to cover specifically the type of cheat and bypass system I thought he was using, as I knew that he will try to hide his tracks now that we're on his tail. And guess what? It worked. It triggered twice again, including for the bypass. He took the bait.

    And yes, while I challenged him with the demos in the appeal, it was in fact just an attempt get him to admit on his own. The proof was already in our hands, but I always prefer basing bans on public evidence when possible, because I know threads like this one are quick to appear otherwise.

    Also, about hacking ban in general: like Helix said, our policy on hacking bans was made a lot stricter now that we are permanently banning for it. We have a storage of each and every piece of evidence used in hacking bans, and a perma ban is only given after both offenses have been validated by a lead or myself. This, together with the system I mentioned, leaves very little room for error. So I wouldn't consider any of this "frail". There's no 100% perfect system, but we're fairly close to it.

    • Winner Winner x 13
    • Like Like x 4
    • Informative Informative x 3
  5. Noccam :^)

    Noccam :^) Member

    Well that pretty much ends the thread, doesn't it? GG Opalium, what a fucking guy.
    • Like Like x 1
    • Agree Agree x 1
  6. Might as well just close this thread and the appeal now ;)
    • Agree Agree x 1
  7. Tedelicious

    Tedelicious The knight in white armor! Elite

    What i mean to say is that so many eyes look at the hacking bans it is highly unlikely that said person is banned unjustified.
    • Agree Agree x 1
  8. MemeDaddy

    MemeDaddy VIP

    Neat stuff opal!
    • Like Like x 1
  9. Thank you. As @Noccam :^) said, this does seem pretty final, the solid pieces we would need. Thanks for all the hard work you put into this.

    I believe it would still be a good idea going forward to require video evidence to be made with a program that produces HQ. That shouldn't be much trouble for staff, would help in cases where the expenditure of these kind of resources isn't warranted, and would provide a better public image.

    Also, now I am curious: it would be interesting to hear rice and chickens reasoning behind his claims to willingness to play under supervision to prove his innocence. Was he just unaware of these code systems that caught him? How did he expect that to work for him?
    • Like Like x 1
  10. Amatsu

    Amatsu Emerald

    That is what I figured, honestly. That sort of system cannot be argued with, given that all evidence is stored for further review just to ensure false positives can be found and corrected for. I can only imagine the appeal hasn't been gotten to yet simply because all the evidence from the first and final bans are being compiled to shove into Rice's hacking face as absolute, undeniable proof. The odds of a false positive seem very, very low, but given Rice triggered things multiple times and even fell for a probably obvious trap suggest that it's accurate. Also happy birthday anti-cheat, since it's been around a year?

    It does bring up a few further questions related to his appeal, though, for people like me that are not as technically inclined: What is a 30 tic demo? How is it good or bad for proof of hacking? Could Rice be right in that they are not as useful for proof of hacking?
  11. Siddo

    Siddo Banned VIP Bronze

    Basically demos run/record 30 frames per second, iirc.
  12. What @Siddo❄ said; so, it does make for clunky evidence, because you could miss details in between frames, if the game is capable of producing them. Hopefully, we can stop relying on them, as recorders that produce quality footage, that can be hotkey activated exist, not to mention things like Shadowplay, so, as far as I know, there shouldn't be any reason for staff to continue using the demos in the future.
  13. The Memelord

    The Memelord Legendary

    This thread was actually pretty wholesome. :)
    • Like Like x 1
    • Agree Agree x 1
    • Optimistic Optimistic x 1
  14. Siddo

    Siddo Banned VIP Bronze

    demos are:
    very space efficient (roughly 25% file size compared to a medium quality 60fps obs video)
    very light weight (barely take any resources to record)

    This means they're the go-to and most realistic tool for anyone with a lower end PC. Higher quality footage is obviously better, but demos are perfectly adequate for almost all situations.
    And I'd go as far as to say all situations. I've never been in a situation where demos have failed to serve as conclusive evidence for hacking that I've observed.
    • Agree Agree x 1
    • Informative Informative x 1
  15. jshore

    jshore MVP

    this thread sucks
    • Agree x 6
    • Disagree x 3
    • Dumb x 2
    • Funny x 1
    • Informative x 1
    • Creative x 1
  16. You're correct. My contention is that if we can do a better, more thorough job in the realm of staffing and recording evidence, we should. If it's a question of priorities, should we be more thorough, or lower the standards to accommodate those with weaker rigs? I don't think there is much question what is the better route there. And, from personal experience, I ran OBS on a very, very weak rig. Yes, the files take more space, but I don't think that is justification to not use it.
    • Agree Agree x 1
    • Dumb Dumb x 1
  17. Siddo

    Siddo Banned VIP Bronze

    You seem to confuse a lower tick rate for a lower reliability of evidence. As I said previously, with a sum total of 1 year as staff, demos have not failed me once as evidence. Which is smoother? 60 FPS obviously. Is it better as a result? A bit.
    However, you vastly exaggerate the inferiority of 30FPS. In my experience, the difference is of no consequence.

    I am currently holding 15 gigabytes of evidence, 8½ of which are demos. Assuming a conversion rate of 1:4, you would have me hold 34 gigabytes of evidence as video recording, putting me at 40.5 GB of evidence.
    You want me to use an extra 25.5 GB of space on my drive, because it looks a bit smoother.. despite it making no difference in practice.
    30 FPS is perfectly fine and adequate for recordings.
    • Agree Agree x 2
  18. Agent Knockout

    Agent Knockout Warsaw, rise! Moderator VIP

    I must agree with Siddo here. Demos have proven to me that they arent heavy for my gigabytes, and thus allow multi-year long career staff to remain operational. Second, the easier recording comes in handy for low end PCs, or PCs/Laptops that have recently had massive windows explorer breakdowns, aka me in a nutshell in the start of September. I feel like the lightweight demos allow me to both record all my stuff while also allowing me to more or less, attend to any aftermaths. A recording software would likely crash my GMod while in this frail state that it is, and idk what mic usage with its lag-spiky state will cause. Basically, demos are heavily reliable even on performance-damaged devices.
  19. I don't confuse it; that is exactly what I am saying. Even if it hasn't proved to be an issue in the past, it could yet be. And even though it has been proven Rice was hacking, I believe that was still a valid assertion on his part, even though he was using it to deceive us.

    I just feel if we can do better we should. That is my opinion, my 0.02. To say that it hasn't failed and makes no difference in practice in your experience, well, that is all that is: your experience. I am not in anyway discounting that; I have no doubt you have done a superb job . But, especially when we are talking about manual review, if there is anything you can reasonably do to remove even more shadow of doubt, I believe it would be good to do so.

    And yes, drive space is a serious consideration. And it has been said numerous times: the demos lend themselves to being usable for taxed machines. Those are valid points, but it makes it a question of priorities: convenience vs. a better job?

    Once again, this is how I see the matter, from an outside perspective. I'm not trying to inflame anything here.
    • Agree Agree x 2
    • Dumb Dumb x 1
  20. Rozboon

    Rozboon Forgive and Forget, or just forget. VIP

    If the hacks are obvious enough, which most hackers are pretty fucking obvious, then a low quality demo where u can make it all out is good enough, it doesnt need to be 4k or super resolution. For hackers who hide it a bit better, higher quality demos would help to share it around but at that point you might as well run them through the hack detection and get rid of them.

    There really is no point to a super high quality demo, as long as u have some type of evidence that shows their hacks, this can also be done using gifs, anything to capture those couple seconds on a kill.
    • Informative Informative x 1