Thank you very much. This is a bombshell. Great research and it's getting more obvious, the longer you look at it, although I suspected more human trolls and less bot "contributions" at first. No matter what it is, it's really interesting how such extreme abuse was even possible.
Unless we'll see radical changes to repair this and prevent similar situations in the future, this might be the end of Wayfarer as we know it. Many people have lost their trust in Wayfarer and I don't see how they may come back if their efforts were shamelessly discarded. The least Niantic could do is re-review (and approve) at least the most obvious cases reported here because appeals are completely insufficient.
I wonder if Niantic has failed to find out the root cause of this, despite having even more information than the community, or if they knew it all along and decided to remain silent because it would have hurt their business and they had no response or fix anyway. I mean, now that Niantic Wayfarer has been reportedly compromised by a botnet and their system abused for commercial purposes, how will they ever recover from this?
Let's just raise a toast to all the Wayspots which have been withheld by this abuse, all Wayfinders who quit due to their frustration and maybe the demise of the system itself!
@Testonoga-PGO Niantic has a long and patchy history of dealing with systemic abuse. It took them many years to crack down on gear sellers in Ingress... I'm not sure how successful they were though I think they did pretty well for a while. Probably the gear sellers got smarter. They've been playing cat-and-mouse with Ingress spoofers for as long as I've been playing with mixed success... I've seen spoofers shut down almost instantly after taking an action (killing a BAF that I threw), and I've seen them spoof with impunity. As far as I can tell they've never done much about spoofers or multi-accounters in PoGo, and their response to multi-accounters in Ingress has always relied on player reports I think.
Having said that, programmatically identifying abuse is hard. I spent a bit of time doing fraud detection professionally and you're never done... you can make inroads for a while but abusers just get smarter and evade your blocks. It's also difficult to avoid false positives.
Thanks for the insight how it has developed in Ingress. It's true there are many other issues which haven't been dealt with and location spoofers in all games are a good example. It hurts the gameplay of many people and there are many complaints, but it's usually the use of third-party tools being auto-detected and punished, not the activity itself. Fraud detection is based on patterns after all.
But again, every system has to rely on user reports that something is clearly wrong as well and we had those in masses. Something should have happened by the end of 2021. It looks like the second wave apparently followed the same system after a break, rather than the abusers actually getting smarter. There should have been many opportunities to stop it, the earlier, the better. Even if Niantic responds adequately ASAP, some of the damage is already beyond repair.
From the Wayfarer community perspective, this is still huge. It might not be the greatest deal to the most players though and Wayfarer is a sort of side project without any bigger appeal to the wide playerbase. In that regard, players might not be affected by this or even hear of such abuse going on. It's definitely an issue that it hurts the main part of Niantic's business model, the POI "gameboard" database. That's not my department and I'm just a contributor, but I'm still worried by the implications of this.
I mean, it could be worse. Neither personal data, nor finances (well, except for the "business model" of those who run this abusive system), nor critical infrastructure or even physical health or the lives of anyone seem to be affected by this. It's only a part of a game which has been compromised, but let's just acknowledge this.
It's true in a general sense that smart bots can be difficult to detect and combat, but there are some things that Niantic can do without too much trouble since these Wayfarers have already got a good start for them, imho.
For one thing, Niantic should start with the data collected in this thread and remove the Wayspots that obviously don't meet acceptance criteria, instead of insisting they must meet rejection criteria to remove. If people are paying 30 euros for stops that get removed in a week, it will cut the market for the "x stops" bots, and have some pretty annoyed customers. Banning all the accounts that approved those stops and using them as training data for bot detection algorithms (both for detecting in Wayfarer as well as in the games they played to grind to level 10/38) as well as identifying other illegitimate stops they made would be another good step. As for how the bots level up to submitting level, I would guess they just make massive gifting networks in PoGo and use gift XP to quickly reach level 38? Maybe some other way, but Niantic can investigate.
If they want. Or not. They can continue to ignore massive problems in their games and Lightship database because bots buy lucky eggs to grind XP or because they'd have to hire more programmers.
That would be the very same reason why Niantic still won't deal with a popular spoofing app named PG S****, yet because of this the spoofers still messing up with Wayspots in Sydney CBD.
One interesting thing to note that bot service is available only in Germany, the Netherlands, and Poland..., was the latter being popular because of back-to-back abuse reports that got constantly shut down?
No, I think the same. Despite the facts already collected by the community. There would be a lot of work left for Niantic. Data has to be sorted and eveluated.
It's easy enough to add trails to Google Maps. They take about a week to be approved. I could type out the process if you're interested. I do it sometimes for trail markers, but usually a photosphere is enough, I've found.
This really is a big issue in Germany and also some parts of the Netherlands I know, there are bots that promote a player named Mara, who makes fake reports, 1stars everything and keeps the queue up clogging. I have over 100 videos in my gallery of photo, title and description edits, they all either spam the same photos, or use the same tags in their title/ description edits. They clog up the system and back log quite a bit, even though it still goes fast, because their review bots make up for it (speaking about backlog) but those same review bots are also the ones that massively 1* nominations in Germany and also some parts of the Netherlands. Countless of many good nomiantions have been rejected for obvious dumb reject reasons and it happens over and over again.
Appeals from Niantic's side gave hope, since well Niantic decides better than the abuse bots, but seeing how slow the appeals go in our area, it's not being hopeful.. Also we can only appeal once per 30 days, that's not even close to enough to make up for all the things that get rejected by this abuse, that never should be rejected. This definitely needs some fix from Niantic's side, but knowing Niantic's past I have no hope for that, untill the fix or any back up from niantic, I will not be submitting nominations, and i have 738 nominations approved in total, so the abuse in Germany and parts of the Netherlands that's going on, really hits me hard. I did mass reveiwing with a group of people and it seemed to help a bit, but we cant keep this up for months and years...
Despite all reasonableness, I do have some hope Niantic acts on this as opposed to their inaction on spoofers and multi-accounters. They want to be an AR company and re-sell their Lightship database, so Wayfarer abuse hurts their future ability to make money while in-game cheating generates money for them (in Pokemon Go at least).
Niantic´s inaction on multi-accounters is totally understandable: they cannot detect if you are playing 10 accounts or if you are a mormon family with pokemon go addiction.
We don’t talk much about our anticheat efforts, partly because we don’t want to provide cheaters with information that can help them understand our detection mechanisms better. But, rest assured our reluctance to share is not due to a lack of effort or intent from our side.
The fact it's so blatant, and so many reports have no effect, and so much of it repeats again and again when they do appear to act means either 1) they have a "lack of effort or intent", or 2) they are really, really bad at it.
Not sure which conclusion is more charitable? It feels like 1 is the case to me because there are a ton of great engineers and programmers in the Bay Area. And sure, cheaters can be really smart too, but even the cheaters who don't try to hide seem to be getting away with it. Otherwise, you're telling me over the course of an entire year they tried but couldn't figure out how to stop bots from passing almost identical gas station signs and streetlights after people first started reporting the problems?
@sogNinjaman-ING what do you want to express with this unfitting quote?
It's way to general. This includes actions against spoofers and stuff like that. Further no one in this thread expects detailed explanations about Niantics anti-cheat actions. The community only wants to see results, and some statements from staff members with a bit social media competence. They could say something like "We found a reason for this problem. Hopefully it is fixed now. Thanks for all the helpful reports. Let us know, if the problem might still occur." This totally follows the policy from above.
What do we have in this case?
The community did the work of the abuse team (and maybe some help of programmers in this case). They had 5 months time and hundreds of examples to identify the problem on their own. All, that we saw were "sorry for the inconvenience"-posts.
Maybe we should also do the work of Niantics human resources management? Would take only a few minutes to assemble a list who to hire as portal ****, and some of them would have programming expierience too.
I've seen a lot of stuff that Niantic has done with abuse over the years, some of it chronic and some acute.
I do expect that they will address this one. I wouldn't expect them to say much until they'd taken action, though "Thank you, we're looking into it" is possible.
Yet I'm still insulted here. 50 upgrades mean it needs at minimum 5000 reviews, and if it's done in at least 6 hours then the bots are reviewing 14 nominations per minute...
How come the bots never encounter the captcha or cooldowns?
Comments
Here some little visual presentation of the bad nominations (white marker), that somehow got accepted:
Thank you very much. This is a bombshell. Great research and it's getting more obvious, the longer you look at it, although I suspected more human trolls and less bot "contributions" at first. No matter what it is, it's really interesting how such extreme abuse was even possible.
Unless we'll see radical changes to repair this and prevent similar situations in the future, this might be the end of Wayfarer as we know it. Many people have lost their trust in Wayfarer and I don't see how they may come back if their efforts were shamelessly discarded. The least Niantic could do is re-review (and approve) at least the most obvious cases reported here because appeals are completely insufficient.
I wonder if Niantic has failed to find out the root cause of this, despite having even more information than the community, or if they knew it all along and decided to remain silent because it would have hurt their business and they had no response or fix anyway. I mean, now that Niantic Wayfarer has been reportedly compromised by a botnet and their system abused for commercial purposes, how will they ever recover from this?
Let's just raise a toast to all the Wayspots which have been withheld by this abuse, all Wayfinders who quit due to their frustration and maybe the demise of the system itself!
@Testonoga-PGO Niantic has a long and patchy history of dealing with systemic abuse. It took them many years to crack down on gear sellers in Ingress... I'm not sure how successful they were though I think they did pretty well for a while. Probably the gear sellers got smarter. They've been playing cat-and-mouse with Ingress spoofers for as long as I've been playing with mixed success... I've seen spoofers shut down almost instantly after taking an action (killing a BAF that I threw), and I've seen them spoof with impunity. As far as I can tell they've never done much about spoofers or multi-accounters in PoGo, and their response to multi-accounters in Ingress has always relied on player reports I think.
Having said that, programmatically identifying abuse is hard. I spent a bit of time doing fraud detection professionally and you're never done... you can make inroads for a while but abusers just get smarter and evade your blocks. It's also difficult to avoid false positives.
Thanks for the insight how it has developed in Ingress. It's true there are many other issues which haven't been dealt with and location spoofers in all games are a good example. It hurts the gameplay of many people and there are many complaints, but it's usually the use of third-party tools being auto-detected and punished, not the activity itself. Fraud detection is based on patterns after all.
But again, every system has to rely on user reports that something is clearly wrong as well and we had those in masses. Something should have happened by the end of 2021. It looks like the second wave apparently followed the same system after a break, rather than the abusers actually getting smarter. There should have been many opportunities to stop it, the earlier, the better. Even if Niantic responds adequately ASAP, some of the damage is already beyond repair.
From the Wayfarer community perspective, this is still huge. It might not be the greatest deal to the most players though and Wayfarer is a sort of side project without any bigger appeal to the wide playerbase. In that regard, players might not be affected by this or even hear of such abuse going on. It's definitely an issue that it hurts the main part of Niantic's business model, the POI "gameboard" database. That's not my department and I'm just a contributor, but I'm still worried by the implications of this.
I mean, it could be worse. Neither personal data, nor finances (well, except for the "business model" of those who run this abusive system), nor critical infrastructure or even physical health or the lives of anyone seem to be affected by this. It's only a part of a game which has been compromised, but let's just acknowledge this.
It's true in a general sense that smart bots can be difficult to detect and combat, but there are some things that Niantic can do without too much trouble since these Wayfarers have already got a good start for them, imho.
For one thing, Niantic should start with the data collected in this thread and remove the Wayspots that obviously don't meet acceptance criteria, instead of insisting they must meet rejection criteria to remove. If people are paying 30 euros for stops that get removed in a week, it will cut the market for the "x stops" bots, and have some pretty annoyed customers. Banning all the accounts that approved those stops and using them as training data for bot detection algorithms (both for detecting in Wayfarer as well as in the games they played to grind to level 10/38) as well as identifying other illegitimate stops they made would be another good step. As for how the bots level up to submitting level, I would guess they just make massive gifting networks in PoGo and use gift XP to quickly reach level 38? Maybe some other way, but Niantic can investigate.
If they want. Or not. They can continue to ignore massive problems in their games and Lightship database because bots buy lucky eggs to grind XP or because they'd have to hire more programmers.
That would be the very same reason why Niantic still won't deal with a popular spoofing app named PG S****, yet because of this the spoofers still messing up with Wayspots in Sydney CBD.
One interesting thing to note that bot service is available only in Germany, the Netherlands, and Poland..., was the latter being popular because of back-to-back abuse reports that got constantly shut down?
am i the only one that thinks "Niantic" will be passive about this?
No, I think the same. Despite the facts already collected by the community. There would be a lot of work left for Niantic. Data has to be sorted and eveluated.
It's easy enough to add trails to Google Maps. They take about a week to be approved. I could type out the process if you're interested. I do it sometimes for trail markers, but usually a photosphere is enough, I've found.
This really is a big issue in Germany and also some parts of the Netherlands I know, there are bots that promote a player named Mara, who makes fake reports, 1stars everything and keeps the queue up clogging. I have over 100 videos in my gallery of photo, title and description edits, they all either spam the same photos, or use the same tags in their title/ description edits. They clog up the system and back log quite a bit, even though it still goes fast, because their review bots make up for it (speaking about backlog) but those same review bots are also the ones that massively 1* nominations in Germany and also some parts of the Netherlands. Countless of many good nomiantions have been rejected for obvious dumb reject reasons and it happens over and over again.
Appeals from Niantic's side gave hope, since well Niantic decides better than the abuse bots, but seeing how slow the appeals go in our area, it's not being hopeful.. Also we can only appeal once per 30 days, that's not even close to enough to make up for all the things that get rejected by this abuse, that never should be rejected. This definitely needs some fix from Niantic's side, but knowing Niantic's past I have no hope for that, untill the fix or any back up from niantic, I will not be submitting nominations, and i have 738 nominations approved in total, so the abuse in Germany and parts of the Netherlands that's going on, really hits me hard. I did mass reveiwing with a group of people and it seemed to help a bit, but we cant keep this up for months and years...
A big thank you to @Raachermannl-ING
That would have been Niantic's work, but alright. I'll include the post in the "Report a bug"-Section but I have no hope that anything will move.
Otherwise I'm there with @rodensteiner-ING, I don't understand this non-communication on the part of Niantic either.
Despite all reasonableness, I do have some hope Niantic acts on this as opposed to their inaction on spoofers and multi-accounters. They want to be an AR company and re-sell their Lightship database, so Wayfarer abuse hurts their future ability to make money while in-game cheating generates money for them (in Pokemon Go at least).
Niantic´s inaction on multi-accounters is totally understandable: they cannot detect if you are playing 10 accounts or if you are a mormon family with pokemon go addiction.
February 23, 2021
An Update on Our Recent AntiCheat Efforts
We don’t talk much about our anticheat efforts, partly because we don’t want to provide cheaters with information that can help them understand our detection mechanisms better. But, rest assured our reluctance to share is not due to a lack of effort or intent from our side.
Too bad there's no laugh react.
The fact it's so blatant, and so many reports have no effect, and so much of it repeats again and again when they do appear to act means either 1) they have a "lack of effort or intent", or 2) they are really, really bad at it.
Not sure which conclusion is more charitable? It feels like 1 is the case to me because there are a ton of great engineers and programmers in the Bay Area. And sure, cheaters can be really smart too, but even the cheaters who don't try to hide seem to be getting away with it. Otherwise, you're telling me over the course of an entire year they tried but couldn't figure out how to stop bots from passing almost identical gas station signs and streetlights after people first started reporting the problems?
@sogNinjaman-ING what do you want to express with this unfitting quote?
It's way to general. This includes actions against spoofers and stuff like that. Further no one in this thread expects detailed explanations about Niantics anti-cheat actions. The community only wants to see results, and some statements from staff members with a bit social media competence. They could say something like "We found a reason for this problem. Hopefully it is fixed now. Thanks for all the helpful reports. Let us know, if the problem might still occur." This totally follows the policy from above.
What do we have in this case?
The community did the work of the abuse team (and maybe some help of programmers in this case). They had 5 months time and hundreds of examples to identify the problem on their own. All, that we saw were "sorry for the inconvenience"-posts.
Maybe we should also do the work of Niantics human resources management? Would take only a few minutes to assemble a list who to hire as portal ****, and some of them would have programming expierience too.
Forgot to mention:
It's now nearly 6 PM at San Francisco. So Nia had a full workday time to drop a statement about this issue.....
I'm again dissapointed.
I've seen a lot of stuff that Niantic has done with abuse over the years, some of it chronic and some acute.
I do expect that they will address this one. I wouldn't expect them to say much until they'd taken action, though "Thank you, we're looking into it" is possible.
@NianticAtlas @NianticDanbocat @NianticTintino @NianticGiffard any updates on this?
Guys, give Niantic a Bit breathing space.
I get where you are coming from, but this issue is already 5 months ago since its adressed, it's been going on for almost half a year now..
@TheFarix-PGO in case you are still interested in this discussion in southern germany, this is our proof of bot reviewing. The situation here is bad. The rejection reasons are not reasonable at all and I think a couple thousands nominations were wrongfully rejected. Have a read: https://community.wayfarer.nianticlabs.com/discussion/comment/148747/#Comment_148747
They had 5 months xD
And there are even more stupid nominations on the way (also Kempten)
At least, Niantic actually did something: there are captchas added to the review process. This is at least a first nice step. Lets see how it goes.
There have always been occasional captchas. Unless you're referring to something new?
with choosing pictures. Not just the tick a box captcha.
My understanding is that those have always existed as well (although I've never encountered them myself), but only pop up in specific situations.
I wonder if Niantic have triggered them (or upped their frequency?) for this area due to the new developments from this thread.
Ooh, I‘m surprised 👍
Never seen before in wayfarer
Yet I'm still insulted here. 50 upgrades mean it needs at minimum 5000 reviews, and if it's done in at least 6 hours then the bots are reviewing 14 nominations per minute...
How come the bots never encounter the captcha or cooldowns?