Mobile Authenticator for High Seas players to reduce banned players from accessing the game

@wolfmanbush If Rare having my phone number results in the group of people who constantly are doxxing myself and other players/content creators then i'm all for it

Hey Slippery 👋

I understand the frustration, but I don’t think this is something they can implement only due to the way that accounts for SoT are handled. Since the only thing they rely on is you have a Microsoft account, they’d need Microsoft to require 2FA for their accounts. Microsoft won’t do that.

So the next step would be for them to create their own account system that you then link your Microsoft account to, this is what Overwatch 1 did when they introduced cross platform. You have a battlenet account and you linked your Microsoft account to it.

But when Overwatch 2 came out they required accounts to have a mobile phone connected to them and this caused a lot of issues. In order for requiring a phone number to work you have to code it to disallow VoiP and prepaid numbers or people can easily get those for very cheap or free, negating the point of adding the additional layer of security. This in turn disqualified entire groups of people: people who don’t have their own phones(age or economic reasons), people who live in countries where prepaid is the norm(which is quite a lot of countries), and people who ported their prepaid to a contract or Google Fi.

Yet despite this additional layer of security, there’s still plenty of cheating and alt accounts. I personally play with someone who has a dozen accounts. He doesn’t cheat, he smurfs(which a lot of people still consider cheating) but he isn’t using hacks, altering code, or using 3rd party software. He just wants to play with his wide range of friends from bronze to GM. Overwatch recently introduced wide match to combat this issue so now he only plays on 3 of his accounts as although wide match is allowed, you can’t wide match in masters or GM. So to still cover all his friend groups, he needs more than 1 account.

My point is, while I understand your frustration and I very much think they need a better way of dealing with the cheating than what they have right now. I don’t think 2FA is the way to go for this game.

@th3-tater Very good point about the multiple accounts because i'd be screwed then too :(

@abjectarity Hey long time! i hope you've been well

You make a bunch of good points so yeah maybe not the way to go unfortunately

If anything Rare needs to relax their banning policies as often times small infractions lead to permanent bans, motivating people to go further down the cheating rabbit hole to get their desired gameplay.

Ex: tdmer/spawn camper gets 3 strikes and perma banned

The tdmer had spawn camped in the past and gotten banned for it (1 strike). They learned their lesson. They the pursued "legal" tdm options. In one of these tdm sessions they were playing camp wars and somebody malicious recorded a clip and got them and everyone else banned (2 strikes). Finally they are playing hourglass one day and keep matching a streamer and winning over and over, maybe being a little toxic cus they generally don't like the person. The streamer reports them and they are found guilty. The player is now permanently banned.

In only one of these scenarios was the example player truly "guilty" and they then learned their lesson and the ban system did as intended. In the next 2 scenarios the player is taken out of context and banned off sufficient evidence that doesn't tell the full story. Regardless of the legitimacy of the claims, the player is now permanently banned from the game they love. These scenarios can occur months or even years apart, the time frame does not matter at all. Now I will paint a picture of what happens after the ban.

The tdmer now with a bitter taste in their mouth from Rare and knowing they are on a "time limit" due to ban evasion being bannable, creates an alt account. They still want the tdm experience and don't see any point in wasting time waiting for the right opportunity or lobby. So they download ********** and begin teleporting to fight people. Sure they get banned, but they can just make new accounts and use new bypasses. Besides they already lost everything they cared about. One day they might see that streamer that got them banned in the server and go terrorize them. Or mess with hourglass players. Or do whatever they want because they effectively have god powers and nothing to lose.

This player who was dedicated to the game for a number of years and was just looking for a specific gameplay experience the game didn't easily provide is now rage hacking. An infraction in 2020, one in 2022, and one in 2023 all add up to a permanent ban. It doesn't matter if the player learned their lesson. One or two bad actors with the right clips and it's over for them. And this is not the only "path" to cheating in this game. I've known cases of people getting bored of PvP and being unable to find a proper solution, false banned by streamers or Rare, the tdmers I mentioned here, people getting banned due to a meme they shared, people banned due to using a PvE exploit one too many times, people turning to cheats because they felt wronged by high seas.

I mean the fact of the matter is that if you play this game for 1000+ hours you're more than likely to incur one or more reasons for a ban or have been banned before. Everyone has a bad day and spawn camps someone too long, everyone ends up on an lfc that's using major exploits, everyone ends up on a crew with a hacker, everyone fights a streamer multiple times in a row, everyone says something they shouldn't have. I know people that have been banned in the game for dumb reasons, or maybe valid reasons but the other 1999 hours they were perfectly fine. I've been banned from the forums once (temporarily) and their discord for 1 or two mistakes our of thousands of messages. This kind of thing is uncommon for a majority of player, but is not uncommon for the most dedicated, and I think the systems Rare has in place are too punishing. If someone has a 99.99% positive impact, can we really judge on their three worst moments? Can we turn away the most dedicated players from their favorite game based off that? Does it work?

@fysics3037 I messed up the math it's 99.85% which is still ridiculous.

This measure wouldn’t effectively stop cheating; it would only make it slightly harder for players to access the game. For example, it’s incredibly easy to order free SIM cards in the UK and many other countries. If someone is already cheating, they’re likely aware of numerous ways to obtain phone numbers to bypass such requirements.

I’ve personally ordered over 200 free SIM cards from a single network in the past to resell to people who wanted them in bulk. I didn’t ask questions—whatever codes were texted to the SIM cards, I just forwarded them to the buyers, as long as it wasn’t anything illegal or that could get me in trouble, of course.

@wolfmanbush

People playing this game on PC already essentially have given up WAY more privacy since EAC runs in kernel space and has pretty much unfettered access to your PCs memory.

A phone number in a reasonably secured database is not an invasion of privacy. Please stop with that nonsense.

@fysics3037

If someone has a 99.99% positive impact, can we really judge on their three worst moments? Can we turn away the most dedicated players from their favorite game based off that? Does it work?

Lemme put this into an example, and sorry to break it to ya, but - If you've had 99 chicks, and that 1 time you slipped, you'll not be remembered as a Casanova.

You'll be remembered as a... well, I don't need to draw you a picture. It's just how it is.

Being "dedicated" doesn't give you any more rights over the majority of "regular" players. Rules are rules from day 1. The sooner everybody accepts this, the better.

@wolfmanbush

Do not put words in my mouth. I never said that privacy concerns are nonsense. I'm saying that people getting upset about a company storing their phone number in a database is far down the list of things to be worried about, and that particular concern is nonsense considering what is already accepted with EAC.

OP didn't only suggest phone numbers but also any 2FA. They are used by Blizzard and Google and lots of other companies who have had serious issues with accounts in the past. It should be something that Rare looks into and gives a stance on.

@wolfmanbush

This is one of those things where it sacrifices privacy for the majority and then the small amounts of people creating the issues find ways around it anyway.

Here you are speaking for the majority. And then:

You get to determine what is a valid privacy concern for yourself, not for everyone else.

Man, take your own words seriously.

@rare-jumbie while I do understand your point about EAC vs phone number, EAC did actually cause pirates to uninstall their game from their computer instead of updating. We can’t know how many, but we can know it happened as:

I am one of those pirates who moved full time to console instead of allowing a kernel level program onto my computer. SoT was the only game I had on my PC, so not like I’m allowing other games but disallowing SoT. I just no longer game on a PC. This was due to privacy reasons.

My HG duo is another pirate who removed the game instead of updating, and just no longer plays SoT at all and took a long break from gaming in general.

Plus there’s the fact that according to Rare themselves, over 50% of pirates are playing on console and we can’t know their preferences on privacy, but they aren’t giving up anything playing SoT currently like the PC users might be.

@abjectarity

That's totally reasonable; a valid concern. And to be honest if I didn't have a PC that is pretty much exclusive to gaming I would definitely consider it too.

As for 2FA and mobile phone numbers, though? People shouldn't be worried about this. It is not easy to get personal information from a private phone number only and OP was leaning more into 2FA in general.

What even is the point of our kernel level anticheat if it's not going to catch even the most basic things?

Whatever capabilities it has, it is either being underutlized, or it is incapable of detecting when people are doing supply crate exploits. If the devs have to say, "we aren't going to penalize for this exploit because we can't fix it," that tells me that EAC isn't able to catch when people are shooting/moving faster than the game allows.

If it is being underutlized, they (Rare management; MS; this is not on the devs) need to hire someone who knows how to get it to work.

If this is the fullest capability of EAC, then scrap it; find an anti-cheat that will do what the devs (and security team) need; re-work the in-game reporting system, and move forward.

Phone/2FA would be prohibitive to certain demographics, and easily avoidable for the folks who intend to do harm. Level-restricting HG would be prohibitive to newer, good-faith players, and also negligible to experienced players who are smurfing for easy wins or ban evading.

Bad actors will be bad actors and keep coming back like flies. Rare has to make sure its fly-swatter is up to the task.