[Part 1]
As of the past month or so, it's come to my attention GGG has been stepping up bans and a lot of people are getting destroyed. This thread is for all your theories so you can achieve a piece of mind in knowing we do care, and we're always looking out for things to improve. However, before you post, please read the entire thread.
First, to date, there's no known client side software detection of EB specifically that I am aware of. I have never seen a cheat detection scan run trying to identify EB directly. That doesn't mean it hasn't ever happened, but if that was what was going on, it should be arbitrarily catchable. We don't talk about a game's cheat detection systems, but the client sided system in Path of Exile has been the same for quite some time now, and we believe was originally meant to deter people from using various client hacks (presumably to gain an advantage in races).
The reason why client side detection is almost certainly not the issue, is because GGG has invested over 5 years of server side detection and heuristics for their game. Unlike client sided detection, these systems cannot be bypassed because no one has access to them, so as they grow and improve, no one knows what to change to counter them.
Let me remind users we have been around this game since 2012, quite literally from the beginning of when there was public access to the game past Alpha testing. People, especially botters, have continuously underestimated GGG and their anti-bot/rmt/cheating efforts from the start. We don't. Each client update is checked against the last before pushing the next update, which is why there is always a minimal downtime on any client updates. To date, we have literally processed close to 400 clients (https://gyazo.com/03b436aa6b77a5154341d50200c0fc53)
Getting back to server sided detection, it has been publicly stated many times by GGG they do this. There are many posts over the years of the tracking GGG does to catch people crashing instances (all the rollback crafting exploits), spamming instances (looking for corrupted areas based on loading time), performing the same repeated action over and over again (why item vendor recipes don't show sockets), and participating in RMT (even supports who have spend a lot of money on the game).
Each of the recent leagues, you can find official posts about statistics in the leagues and races themselves. In these posts you can find data on skills used, items used, challenges completed, and other various data over time. GGG isn't making this stuff up, they have been investing into server sided metrics for quite some time, and you can see some basic capabilities from these posts. From other replies on reddit, you can surly find more relevant posts hinting about various server sided tracking going on.
Furthermore, since this is a F2P game, new accounts are under more scrutiny because GGG knows after botters get banned, they just make new accounts to start up again. This is nothing new, it's been this way for a long time. It was several years ago when there was a level 25 restriction added to prevent currency trades to combat RMTers. It's been confirmed by many people who have been caught that the IP addresses you use matter, and e-mails are checked as well. While VPNs are not against the ToS of the game (they are not allowed to be talked about on our forums) it's not rocket science to imagine certain accounts being checked more often than others based on simple account creation metrics.
Anyways, none of this should be new or revelational information. Nothing has really changed since the start of Legacy league. If EB itself was detected, or was doing something absurdly wrong, people would have been getting wiped left and right at the start of the league rather than far past the end (it's currently extended).
So, what's going on now? It's not exactly rocket science, and it's nothing new that hasn't already happened time and time again over the past several years before big expansions. The playerbase drops significantly in size, but botters keep botting at the same rate they were at the beginning, and they get caught. As time goes on, GGG will have more resources available for detecting bots, coupled with more experience.
This Legacy league period marked an unprecedented amount of players (peak of 120K concurrent) as well as botting interest that wasn't marred with any significant amount of bans. While we don't talk about user numbers, we did see a noticeable growth increase for the first month, and that month was not marred with bans, nor the next month. We also had an unprecedented amount of up-time as well, as there weren't many significant client changes that we're typically used to. If something was fundamentally wrong with EB, it's logical to think that it'd not magically start appearing now at the very end of the league, after people have made insane profits the past few month, and moved on for the most part waiting for 3.0.
PoE 3.0 is going to be massive. It's going to totally blow 2.6.0 out of the water in terms of new players and game interest. As such, GGG knows they will have to step up their server sided detection if they want to combat the influx of cheaters. While they aren't "starting now", they are certainly in a position to be able to start stepping things up as there's a lot less noise from new players now. As a botter, it's your responsibility to understand the environment you are botting in, and now is not the time to bot the same way you would at the start of the league.
Just think common sense for a second. If a "new player" joins the game now, maybe to take a look before the new expansion comes out, how are they going to play the game? Are they magically going to be end-game in a day or two? No. Are they going to efficiently be farming a ton of currency and not using it? No. Are they going to play one character 6+ hours a day with solid progression, repeatedly? No.
I think a lot of people are under the impression they should be able to freely bot in this game up until whatever level, and get away with it, but that has never been the case with this game. Path of Exile is still a small game, it doesn't have hundreds of 1000s of concurrent players like MMOs do. It just so happened botters were given a gift of infrequent bans this past league, and people have gotten reckless with their botting habits thinking they are safe and sound.
This is further compounded by people's desire to "optimize" EB by increasing efficiency by removing or reducing various slowdowns in place on EB to keep things more realistic. "EB stashes too slow", "EB performs actions too slow", "Why can't EB work better on 10 FPS so I can run more bots", "Why can't EB support modified GGPK files to make the client perform better", etc... All these things have an effect, and whether or not they result in increased bans or not, we take the position of not wanting to take that chance.
Exilebuddy has always been a niche bot that required more advanced user interaction and a hands-on approach compared to the other bigger bots we have (or as some like to say, it's not user friendly). This has been because Path of Exile has always been a complex indie game that required a lot of user involvement and in the same terms, it's not user friendly.
Path of Exile is not for everyone. Exilebuddy is not for everyone. Botting in Path of Exile has always been, and always will be a struggle. A lot of people give up after not finding success, or find the effort required to be successful to be much more work than it's worth. There's nothing unreasonable about this, there are far easier games to bot and profit off of, but everything has its risks.
Our job is to make sure we minimize risks created from using the software, but only to the extent of your ability to use it, not how you use it. That is, if you have had a long term account, attach EB and don't run it, you should never be banned. If you were, that would be a software detection, which to date, we have never had and take great care to try and avoid. If you run the bot, you assume certain risks, not from just botting, but from doing things that you didn't do before.
For example, while play time seems to be a common metric to detect bots, there's no proof it actually is, as some people claim to bot almost 24/7 and get away with it, while others claim they bot a few hours and get caught. One thing should be clear though, there's a lot of other factors that go in to your account being banned, and no one really knows what they all are. We do not recommend people bot a lot each day, but we understand since people are paying monthly, they need to keep up profits to keep going. It's an unfortunate situation, but also just the way things are.
If the model is not sustainable, then eventually people will stop botting and move on, and we would have to move on as well. Things aren't to that point anymore, but keep in mind one of the best benefits of the direction GGG takes with combating bots, is to reduce effectiveness, eliminating the benefits of botting in the first place. If it was only safe to bot 1 hour a day, and to limit progression during that 1 hour, then it'd just not be worth botting because you can't do much. EB could be 100% safe in that case (nothing is ever 100% safe, but as an example) and it'd not even matter.
But once again, this has always been the case with this game, so it's nothing new. Perhaps a lot of newer users did not think of it this way or weren't aware, but nothing is a given in the botting world. You have your ups and downs, and sometimes things are just more work than they are worth. Either way, we'll always try our best to provide users with the safest product possible.
As of the past month or so, it's come to my attention GGG has been stepping up bans and a lot of people are getting destroyed. This thread is for all your theories so you can achieve a piece of mind in knowing we do care, and we're always looking out for things to improve. However, before you post, please read the entire thread.
First, to date, there's no known client side software detection of EB specifically that I am aware of. I have never seen a cheat detection scan run trying to identify EB directly. That doesn't mean it hasn't ever happened, but if that was what was going on, it should be arbitrarily catchable. We don't talk about a game's cheat detection systems, but the client sided system in Path of Exile has been the same for quite some time now, and we believe was originally meant to deter people from using various client hacks (presumably to gain an advantage in races).
The reason why client side detection is almost certainly not the issue, is because GGG has invested over 5 years of server side detection and heuristics for their game. Unlike client sided detection, these systems cannot be bypassed because no one has access to them, so as they grow and improve, no one knows what to change to counter them.
Let me remind users we have been around this game since 2012, quite literally from the beginning of when there was public access to the game past Alpha testing. People, especially botters, have continuously underestimated GGG and their anti-bot/rmt/cheating efforts from the start. We don't. Each client update is checked against the last before pushing the next update, which is why there is always a minimal downtime on any client updates. To date, we have literally processed close to 400 clients (https://gyazo.com/03b436aa6b77a5154341d50200c0fc53)
Getting back to server sided detection, it has been publicly stated many times by GGG they do this. There are many posts over the years of the tracking GGG does to catch people crashing instances (all the rollback crafting exploits), spamming instances (looking for corrupted areas based on loading time), performing the same repeated action over and over again (why item vendor recipes don't show sockets), and participating in RMT (even supports who have spend a lot of money on the game).
Each of the recent leagues, you can find official posts about statistics in the leagues and races themselves. In these posts you can find data on skills used, items used, challenges completed, and other various data over time. GGG isn't making this stuff up, they have been investing into server sided metrics for quite some time, and you can see some basic capabilities from these posts. From other replies on reddit, you can surly find more relevant posts hinting about various server sided tracking going on.
Furthermore, since this is a F2P game, new accounts are under more scrutiny because GGG knows after botters get banned, they just make new accounts to start up again. This is nothing new, it's been this way for a long time. It was several years ago when there was a level 25 restriction added to prevent currency trades to combat RMTers. It's been confirmed by many people who have been caught that the IP addresses you use matter, and e-mails are checked as well. While VPNs are not against the ToS of the game (they are not allowed to be talked about on our forums) it's not rocket science to imagine certain accounts being checked more often than others based on simple account creation metrics.
Anyways, none of this should be new or revelational information. Nothing has really changed since the start of Legacy league. If EB itself was detected, or was doing something absurdly wrong, people would have been getting wiped left and right at the start of the league rather than far past the end (it's currently extended).
So, what's going on now? It's not exactly rocket science, and it's nothing new that hasn't already happened time and time again over the past several years before big expansions. The playerbase drops significantly in size, but botters keep botting at the same rate they were at the beginning, and they get caught. As time goes on, GGG will have more resources available for detecting bots, coupled with more experience.
This Legacy league period marked an unprecedented amount of players (peak of 120K concurrent) as well as botting interest that wasn't marred with any significant amount of bans. While we don't talk about user numbers, we did see a noticeable growth increase for the first month, and that month was not marred with bans, nor the next month. We also had an unprecedented amount of up-time as well, as there weren't many significant client changes that we're typically used to. If something was fundamentally wrong with EB, it's logical to think that it'd not magically start appearing now at the very end of the league, after people have made insane profits the past few month, and moved on for the most part waiting for 3.0.
PoE 3.0 is going to be massive. It's going to totally blow 2.6.0 out of the water in terms of new players and game interest. As such, GGG knows they will have to step up their server sided detection if they want to combat the influx of cheaters. While they aren't "starting now", they are certainly in a position to be able to start stepping things up as there's a lot less noise from new players now. As a botter, it's your responsibility to understand the environment you are botting in, and now is not the time to bot the same way you would at the start of the league.
Just think common sense for a second. If a "new player" joins the game now, maybe to take a look before the new expansion comes out, how are they going to play the game? Are they magically going to be end-game in a day or two? No. Are they going to efficiently be farming a ton of currency and not using it? No. Are they going to play one character 6+ hours a day with solid progression, repeatedly? No.
I think a lot of people are under the impression they should be able to freely bot in this game up until whatever level, and get away with it, but that has never been the case with this game. Path of Exile is still a small game, it doesn't have hundreds of 1000s of concurrent players like MMOs do. It just so happened botters were given a gift of infrequent bans this past league, and people have gotten reckless with their botting habits thinking they are safe and sound.
This is further compounded by people's desire to "optimize" EB by increasing efficiency by removing or reducing various slowdowns in place on EB to keep things more realistic. "EB stashes too slow", "EB performs actions too slow", "Why can't EB work better on 10 FPS so I can run more bots", "Why can't EB support modified GGPK files to make the client perform better", etc... All these things have an effect, and whether or not they result in increased bans or not, we take the position of not wanting to take that chance.
Exilebuddy has always been a niche bot that required more advanced user interaction and a hands-on approach compared to the other bigger bots we have (or as some like to say, it's not user friendly). This has been because Path of Exile has always been a complex indie game that required a lot of user involvement and in the same terms, it's not user friendly.
Path of Exile is not for everyone. Exilebuddy is not for everyone. Botting in Path of Exile has always been, and always will be a struggle. A lot of people give up after not finding success, or find the effort required to be successful to be much more work than it's worth. There's nothing unreasonable about this, there are far easier games to bot and profit off of, but everything has its risks.
Our job is to make sure we minimize risks created from using the software, but only to the extent of your ability to use it, not how you use it. That is, if you have had a long term account, attach EB and don't run it, you should never be banned. If you were, that would be a software detection, which to date, we have never had and take great care to try and avoid. If you run the bot, you assume certain risks, not from just botting, but from doing things that you didn't do before.
For example, while play time seems to be a common metric to detect bots, there's no proof it actually is, as some people claim to bot almost 24/7 and get away with it, while others claim they bot a few hours and get caught. One thing should be clear though, there's a lot of other factors that go in to your account being banned, and no one really knows what they all are. We do not recommend people bot a lot each day, but we understand since people are paying monthly, they need to keep up profits to keep going. It's an unfortunate situation, but also just the way things are.
If the model is not sustainable, then eventually people will stop botting and move on, and we would have to move on as well. Things aren't to that point anymore, but keep in mind one of the best benefits of the direction GGG takes with combating bots, is to reduce effectiveness, eliminating the benefits of botting in the first place. If it was only safe to bot 1 hour a day, and to limit progression during that 1 hour, then it'd just not be worth botting because you can't do much. EB could be 100% safe in that case (nothing is ever 100% safe, but as an example) and it'd not even matter.
But once again, this has always been the case with this game, so it's nothing new. Perhaps a lot of newer users did not think of it this way or weren't aware, but nothing is a given in the botting world. You have your ups and downs, and sometimes things are just more work than they are worth. Either way, we'll always try our best to provide users with the safest product possible.
