Nick stealing

[Vertigo]

I'm foreseeing some problems with the new proposed scoring where each flown day counts, and the increasing number of reports of nickstealing. Since there is no unique pilot identification yet (nor to be expected soon), I was thinking what other options we had to avoid someone impersonating another player, and then crashing deliberately (for instance) or the opposite, someone claiming to not have flown a certain day (esp. with bad score/crash).

Two idea's so far (neither really great):

1) send a unique "codeword" to each pilot by email before the race. To validate his "ID" and his race, each pilot should announce this codeword in condor chat before starting. . Correct codeword proves he was the real pilot associated with the CN. Wrong codeword, or no codeword =no points, regardless of result (otherwise people wouldn't type it in, and could still claim "it wasn't me!"). Cumbersome, and bound to be forgotten regulary, but this should be bulletproof I think.

2) as I posted elsewhere: not showing the servers on the public condor serverlist, but create a private serverlist on LLC site which requires you to log in first, and we could log each visit (login, IP, timestamp,..) and the server URL clicked. Problem is we wouldn't know a certain DS server is actually running, nor its status.. unless Thomas could change DShelper to report this to the LLC site ?



Anyone got any other idea's ?

[Tima (TSD)]

I can't find reliable solution without modifying Condor.

I see the following way.
1. To participate in the regular competitions pilot should register on the dedicated Internet site. There he declares his CN and password.
2. To enter multiplayer flight which belongs to regular competition pilot should supply his CN and password to Condor.
3. Condor sends short http(s) request to the registration site (which is specified on the dedicated server) with supplied credentials and receives information whether it is valid or not.
4. If credentials valid then pilot is allowed to enter the flight.

Disadvantage of this solution is the need to modify Condor.
Advantages are the following:
1. This is the task of competition organizers to ensure that all CNs are unique.
2. Choice of participants is the pure task of competition organizers. They can request any proof of pilot identity as they want during registration and so limit participation as they want.
3. Black/white lists management is also responsibility of competition/flight organizers if such functionality is needed.
4. Competition organizers will have complete information about number of attempts of the pilot to fly the task during one day. So it will be easier to manage "early" and "late" servers for different time zones.

[JJJ]

i think like TSD before you want to join a server are a lowlands server say your Pasword thnx

[Vertigo]

If you are going to change condor, I see easier solutions with a hash based on condor licence stored in resultfiles. The main problem for LLC at least, is not keeping out fakers/suicide pilots, etc out, but rather not scoring them, or knowing for sure that someone flying should be scored.

Since changing condor is not a short term option, I'm looking for the next best achievable compromise that does NOT involve changing condor. I think number 2 comes pretty close, by comparing eventlog from condor (DShelper log) with LLC website logfiles, we should be able to make sure a certain result ought to be counted or not.

[Tima (TSD)]

If you are going to change condor, I see easier solutions with a hash based on condor licence stored in resultfiles.
...

It is not needed even a hash. Just the license number which AFAIK is already checked on the dedicated servers. So what is needed is just to include license number into the result file. But in this situation it is still possible to misuse CNs. Once i also did that involuntary. I had another pilot on my Condor with the name "Racer Fast" and CN "RF" just for funny flights with the idea to separate statistics of funny flights from "real" flights. And once i forget to change the pilot and entered LLC with CN RF. I expressed my excuses to the real RF afterwards in the forum.
But ok, it's just an example. The issue is that misuse is still possible and this creates additional workload for the competition organizers and still make cheating possible. If use authentication through the Internet site then it will be impossible to misuse CNs. Finally nobody prevents to make the site where all interested pilots can register to create worldwide directory of the Condor pilots. Such directory can be used for any multiplayer flights at the host discretion. There also could be created alternative directories for any purposes. Imho this approach is very flexible and solves a lot of issues in multiplayer while doesn't requre huge efforts for implementation - just small changes in the multiplayer dialogue window and a call of small authentication routine.

[Vertigo]

To the guys from Speedbattle, Gliderracing.com (and all associated competitions such as monday night comp,.), Fredo, and other organised or planned condor events

Looks like there won't be any changes to condor anytime soon to resolve this problem of CN stealing, swearing, deliberate ramming etc, so here is my proposal:

Long post, I apologize, but I hope you take the time to read this carefully…

the idea in short is short is to create a form of “apartheidâ€

[RaiderOne]

... it sounds good ! Well done !

A bit of work to implement but thats worth it, i imagine !


Keep it up ...

[andreas.kippnick]

1° have a common registration procedure between our competitions (/servers). This was already proposed by Speedbattle, and I think it’s a good idea. This registration page could be hosted on each server, but essential parts of the data should be shared. We'll need to indentify the fields, but at the very least this would include name, email, CN, acreg. Other optional fields could be asked if required for that competition / server.

We should therefore also merge our existing data (only LLC and Gliderracing I think ? anyone else taking registrations ?), but for existing pilots, CN’s should only be unique per pilot+competition. For new registrations, I’d only allow unique CN’s, not in use by any competition.

Hi,

I'll build a common registration page. But at the moment I have to write my degree dissertation (in german Diplomarbeit). So you have to wait a few weeks.

For the exchange of the shared data I will offer several interfaces e.g XML-SOAP, CSV-Textfiles ... or what ever could be suitable for the competition leaders.

I want to include the current LLC-Useres from the beginning. Vertigo already told me that I can use the LLC user data for this purpos.

I will also contact the Condor Team and ask them if a unique key is planed in a new patch.

Regards
Andreas

[Tima (TSD)]

I thought on this subject also. The problem i see here is that person who want to attempt malicious actions can register, say, as Mr.X, enter the private server list under this registration and after discovering competition server address and password join task as usual bypassing all these protective measures...

[Vertigo]

Hi,

I'll build a common registration page. But at the moment I have to write my degree dissertation (in german Diplomarbeit). So you have to wait a few weeks.

For the exchange of the shared data I will offer several interfaces e.g XML-SOAP, CSV-Textfiles ... or what ever could be suitable for the competition leaders.

I want to include the current LLC-Useres from the beginning. Vertigo already told me that I can use the LLC user data for this purpos.

Good, saves me some time
I'll give you the LLC data (which keeps growing, new participants still registering), but before you start programming, there are some minor things we need to discuss (data format, required/optional fields, how to handle duplicate CNs between competitions and between pilots,..) I'm preparing something, I'll post/mail it when its done.

I will also contact the Condor Team and ask them if a unique key is planed in a new patch.

Don't bother, we already asked them before posting this. I'll spare you the details

[Vertigo]

I thought on this subject also. The problem i see here is that person who want to attempt malicious actions can register, say, as Mr.X, enter the private server list under this registration and after discovering competition server address and password join task as usual bypassing all these protective measures...

This is a remote possibility. IF we change passwords regulary, it will only allow this person to have a time difference between visiting the website and joining the server. If everyone else uses the system normally, you know who he is (someone joined server without clicking on the URL).

[markjt]

Sounds good in principle Vertigo.

The initiative is timely. I think if we act now we can maintain Condor's reputation... If we delay things could very quickly get out of hand. Sad, but a simple fact of Internet life.

FREDO's maintainer is having a very tired day and can't quite understand the details, but I'm sure it will all become clear in the morning

Mark

[Tima (TSD)]

Ok. It is rather complex but somehow should work. Nevertheless it would be good to know opinion of Condor devs team how difficult it is to implement authentication inside Condor. See posting here: http://forum.condorsoaring.com/viewtopic.php?t=3641 message from Serginho near the bottom. I agree with him that if from the very beginning Condor is positioned as Competition Soaring Simulator then maybe it's time now to raise the priority of the authentication feature even at the expence of weather model improvement. Imho it is required much less efforts to implement former then latter. I just propose the easiest way (in my opinion) how to implement this.

[Pit_R]

If we have just one (or maybe few - but not large number) troll there - isn't better to ban him/them on all servers rather than making list of all alowed pilots on all servers?

Reg numbers are sending to server so something like 'check reg number - if blacklisted than autokick' feature would be enough. And prolly it could be implemented in Hitzi tool (this server tool - DSHelper if I remeber its name good).

It will clear situation. And troll can change IP, nick, reg numer etc. he'll be kicked anyway - only one way for him to play is buying another copy of Condor.
What is good in this case.

[Vertigo]

If we have just one (or maybe few - but not large number) troll there - isn't better to ban him/them on all servers rather than making list of all alowed pilots on all servers?

And how else would you ban him? For that you'd somehow need a unique ID (either for pilot, or condor licence), which is not implemented, and unfortunately, not planned by the condor developpers.

@Tima: I agree, but that won't change things. Hence my workaround.