Showing Posts For Mrah.7340:
There must be more to it than that, I play from two different computers in two different countries quite often, even use different key binds because I have a gaming mouse in one place and just a regular one in the other. None of that is against their rules or user agreement as far as I know.
Yeah, like I said: without taking the time to really dig into an account, they can’t tell. It’s just a scare tactic to say that they can tell. And there are a lot of armchair incident response people in this thread.
One thing I should clarify, however, is that this shouldn’t be confused with telling when two accounts are “linked” to a similar user. That’s MUCH easier to tell in the logs than who is sitting behind the keyboard. So thinking you can hide behind an alternate account is foolish.
(edited by Mrah.7340)
To those freaking out about the whole account sharing and logging in from different PCs:
I work as a security engineer, and I can say with pretty high confidence they can’t tell with absolute certainty that an account is being shared. It’s not technically feasible. They have to operate off of a lot of circumstantial evidence. I can almost guarantee you they Splunk their logs and cross correlate off of that. (Hopefully they aren’t using ELK or logstash).
IP address alone isn’t enough because, as some of you pointed out a lot of our infrastructure uses NATing. So a publicly routable address can correspond to many RFC1918 addresses.
Geo-location data against time is usually a good indicator (i.e. logging in from somewhere at one point in time, and in an infeasible amount of time for a human to fly logging in from another geographic location), but as some people have pointed out wake-on-LAN and remote tunneling/RDP are issues with that.
Key binding data can help, but most people playing on someone else’s account aren’t going to take the time to unbind and rebind everything unless it is something competitive (like it was in this case).
Average time of clicks could be implemented, but the logs for that could get astronomical (you could maintain an average on the client, but feasibly doing this would be a nightmare and vastly inaccurate).
Hardware queries are definitely possible, but people have various computers that they play on (I know I use both my desktop, and my laptops to play when I travel) so again this can be inaccurate.
A big one they probably use is of no surprise: Chat logs. People type differently, use different slang/acronymns, and a lot of people are stupid enough to type about their “transgressions” in chat. That is how they will catch you most of the time, and it is the most accurate way of catching someone. But keep in mind this method, while the most reliable, takes time. You can write AI programs to delve through these logs and track differences (there’s some open source code that would help with this), but a lot of the time it is a manual process. The main take-a-way is that they will use this when they have a reason to dig into an account. It doesn’t happen naturally (unless they employ some sort of machine AI that looks for differences). Most likely they look for keywords in your chat and store that data or flat/report on it.
Main thing is: No they aren’t all powerful like they want you to believe, so you don’t have to panic about using several machines to log in. If you are doing something bad and they have inclination to find you, they can probably find enough circumstantial evidence to ban you.
For those that actually do want a refund, I’m pretty sure you can get it. There is this concept of legal detriment in contract law where someone can claim damages if they either take actions they were legally not obligated to do, or refrain from actions they were legally allowed to do because of an understanding based on an implied contract. In this case one could argue that someone purchased HoT on the implied contract that new legendaries would be coming with the expansion, or soon after. Even if it was not directly promised, the fact that people acted (to their detriment) by purchasing the game when they would not have if they didn’t believe the legendaries were part of what was promised, could claim damages under US law.
Disclaimer: I’m not offering legal advice in any capacity and I’m not responsible for any conclusions people draw from what I said, or actions taken as a result of their understanding.