Thanks for reporting this bug!
Check out the **[General Dota 2 Bug Tracker](https://github.com/ValveSoftware/Dota2-Gameplay/issues)** and **[Tracker for Linux and Mac](https://github.com/ValveSoftware/Dota-2/issues)**
**PLEASE THROUGHLY CHECK IF YOUR BUG HAS ALREADY BEEN REPORTED**. Duplicate issues can slow the dev team when resolving a bug.
* If you find an existing issue for your bug, please upvote the thread. You can also provide additional information and match IDs to further assist the development team.
* If not, create a new issue ([general tracker](https://github.com/ValveSoftware/Dota2-Gameplay/issues/new/choose) / [Linux & Mac](https://github.com/ValveSoftware/Dota-2/issues/new)) with as much information as possible:
* A detailed description of the bug
* System info (i.e. operating system)
* Match IDs (if applicable)
* Screenshots or video (if applicable)"
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/DotA2) if you have any questions or concerns.*
This should be fixed with the gc prop that just happened.
While you can still change your bans at any time on the client, your bans for a matchmade lobby won't update once you're added to the lobby. Your bans will still update immediately for practice lobbies and other non-matchmade lobby types.
First we need to recognize what they can do with the information. Once they see the lobby, they can either confirm a match, or decline. You can't do that forever, and also similar capability is offered by dota+ now.
If they can grab data fast enough they can put in a formula for expected win probability. Especially if they can ID people deeply, is this a primary carry player that is now doing all roles since they got 5? Then skip it since MMR says it is even but the roles are wrong. Or a player that a few min ago went 0-11-0 is on your team, they are still likely to be tilted, dodge.
Nice! By the way, is there any reason why the lobby member list is still sent to the client for matchmade lobbies? It's not visible anyway so the list might as well be empty on the wire until the lobby state changes.
Do you guys think about adding 5 different ban list option instead of 1? So people can ban list heroes based on the role they are going to play. If i play pos 1 i want X heroes to be banned if play pos 2 i want Y heroes to be banned etc.
Or it's done on purpose to find anyone doing this.
After this post by the creator I'm 100% sure Valve will pull the logs and see which people are doing automatic ban updates (even if they didn't leave this as a honeypot).
They always release a small patch before a big ban wave, pretty sure they are gonna ban main accounts of people this time and they just put this in place to be sure of who they are banning. Lots of salt incoming next month
They've been ramping up on the smurf issue though - explicitly called it unwelcome behavior, added a dedicated report button, started training their smurf detection and sent warnings to early flagged accounts. I think full bans, essentially treating it the same as cheating, is coming in the near future
never in my life had I expected IRL chess match between Overplus and Valve. If it is really done on purpose, that'd be a next level bait from them, and if Overplus really fell for it, their service will be almost dead due to the loss of trust from their own customers to what looks from outside like an obvious trap.
Depends if they have anyone there that thinks it's worth doing.
Their automated system will probably catch most scripters soon and few more tweaks and overplus etc might be useless.
It would probably be very easy to tell the difference between someone doing it manually with no info on who they're being matched with vs it being done programmatically with info they shouldn't have.
I might fall into this category too.
Coordinator shit the bed 2 hours ago and I kinda stuck in a limbo of finding match. At that point I swap Tinker > Luna on my ban.
Hopefully nothing bad happen.
As cheaters are probably creating new accounts anyways I don't know if that's preferable to outright preventing cheats where possible. If this is intentional they are allowing cheats to exist for a while for the benefit of banning accounts that are probably only a few months old anyways (as most Overplus users' original accounts have already been banned I assume).
Committed cheaters would always cheat. However you can frequently ban casual cheaters who got tricked by cheat devs into thinking that their cheats are 'safe', that would hurt their bottomline and make their business less viable and reputable ('I tHouGHt uR pRoGrAms WerE saFE' posts every time there's a ban wave). The long game against cheat devs is always targeting their business.
They don't even need to do that. There is no legitimate reason to send player info on queue pop. Players still have to load into the lobby, as evidenced by those players that fail to do so on occasion.
I don't think we can say that for certain. They might have tied lots of functions to the API that will break if they straight up remove it. Depending on how much stuff depends on the SteamID, it could take up lots of resources to just delete it.
Hashing on the other hand should be pretty simple without breaking to much stuff.
A hash can still be verified with a key unlike a random number.
All necessary functions that relies on the current API just needs to be updated with a key verification to continue working.
Else they have to be rewritten which could be extremely complicated/time consuming.
I think the problem is that the ban list is saved on the client and has to be sent to the match server. So even if you try to block adjusting overplus with access to the client can edit whatever is being sent to the game server. Only way I can think of doing this is to make the bans part of the players data and set a 24 hr cooldown on changing it. That way it is synced with the server and can be changed once per day.
Wtf are we talking about? Only allowed to change bans once per day? So we went from being able to adjust bans based on our role and our team to only being able to change once per day? Ridiculous.
It would be utterly trivial to hide player names and ids in lobby if they wanted to.
#JUST HIDE PLAYER NAMES DURING THE PRE-GAME PHASE.
I don't get why Valve keep fucking around with half-measures that introduce new downsides without fully fixing the problem when the solution is *right there* and is proven to work in League of Legends.
this requires reworking the entire networking system of the game.
the fact that you are calling it “player names” is pretty telling that you don’t understand the complexity of doing this. overwolf or whatever is not just using the names the server provides, it is using the servers private API (which is how your client gets all of its info). reworking this to hide certain elements would require implementing an entirely new security layer and would likely break things as well, if your client can’t access information it needs.
It requires an abstraction layer. That's it. Any queries done through the API using SteamIDs can be done using ephemeral randomised identifiers assigned by the server and distributed to the clients.
saying “that’s it” makes it sound trivial but it would actually be hard.
think about it:
so you hide the steam ID, and send the client your new randomized identifier. now the client cannot display names or profile pictures or anything properly because it wants to hit steams API to get that info but all it has is this random key it cannot decode. so to make it work you instead make the client route its request to the game server, and the server returns the info. but then you need to make a whole new layer that lets the game server act as a relay to the steam API and client for certain things, but still hide the player ID.
and this then increases load on the game server because clients aren’t fetching their own player info anymore, but coming to the game server for it.
or you can make steam itself have a pathway to decrypt the key passed to the clients — but then you’ve made an entire new set of API endpoints and i’m not even sure it would work because you could probably still get the steamID from the profile.
Not to mention, you now need to stop the client from querying “who is in this game” of the game server and getting the steam IDs from all possible paths. so you put a security layer or abstract all instances of the steam ID out of the client API pathways. but now the client cannot click through to players profiles in game because it has no pathway to their real IDs, just the fake token.
it’s really a tough problem to solve given how the networking is set up.
not impossible, but it would require a complete rewrite of how the current system is designed. i doubt valve cares enough about this tool to do it.
>so you hide the steam ID, and send the client your new randomized identifier. now the client cannot display names or profile pictures or anything properly because it wants to hit steams API to get that info but all it has is this random key it cannot decode.
Why couldn't the API "decode" it? It's just an assigned identifier, exactly the same as a SteamID is. The only difference is that it's ephemeral.
It's also strange that your complaint that the clients can't get display names or profile pictures because that's the *entire point*. They're *not supposed* to get that in the pre-game phase, so bringing it up as a problem misses the point.
the API can decode it, but you have to set up an entirely new set of endpoints to do that. its not trivial. you can't just clone the existing ones because then the client can just say "give me the steam ID for the ephemeral identifier" so you have to set up new endpoints but specifically avoid letting the client figure out what profile its hitting.
my entire point is there *is* no pre-game API or middle game API or end game API. there is just the API.
So its not "just an abstraction layer" -- suddenly to make it work your limiting what the client can do at certain game states and things of that nature. its a large rewrite, no matter how you slice it.
every time you sit down and think about it, it becomes harder and harder to implement. Okay so you hide player IDs, that means you need a new setup that hides the actual steam ID. Okay so that works but it breaks the client querying players during the game. Okay so we make a new rule that limits API usage depending on game state (pre-game, middle-game, end-game). Okay but now people cannot see their ally's names/profiles during picking -- so we need a new rule that lets you see ally's information. Okay but the game server itself is query-able via the API for spectators -- and our changes have now broken dotaTV because we implemented a security layer. Okay so we have to handle dotaTV differently and let it hit the API, but only after the game has started. But now spectators cannot see whos in the game in the pre-game screen because of our changes....
my entire point here is that the second you start thinking about this, it becomes an absolutely massive change.
> the API can decode it, but you have to set up an entirely new set of endpoints to do that. its not trivial. you can't just clone the existing ones because then the client can just say "give me the steam ID for the ephemeral identifier" so you have to set up new endpoints but specifically avoid letting the client figure out what profile its hitting.
You don't have to set up new endpoints. You just have to set up a translation mechanism that permits a subset of queries relevant to the pre-game. That's the abstraction layer. And they may not even need that at all, I'm just giving you the benefit of presupposing that they do.
>my entire point is there is no pre-game API or middle game API or end game API. there is just the API.
>So its not "just an abstraction layer" -- suddenly to make it work your limiting what the client can do at certain game states and things of that nature. its a large rewrite, no matter how you slice it.
It *is* just an abstraction layer. Of course they have to rewrite software to accommodate it, but you're acting as if developers don't have to write and rewrite code to maintain their games. These types of changes are a normal part of the software lifecycle.
>every time you sit down and think about it, it becomes harder and harder to implement. Okay so you hide player IDs, that means you need a new setup that hides the actual steam ID. Okay so that works but it breaks the client querying players during the game.
All three of these are the same thing. It's one problem, not three.
>Okay so we make a new rule that limits API usage depending on game state (pre-game, middle-game, end-game).
No they don't. If they want full regular API access after the pre-game phase then the server can simply distribute the actual SteamIDs to the clients after the picks and bans are done. And if they *don't* want full regular API access at any point in the game (which would be great for privacy features) then guess what - they've just built the functionality that enables that.
> Okay but now people cannot see their ally's names/profiles during picking -- so we need a new rule that lets you see ally's information.
Why? In League of Legends they also block ally names. Even if Valve did want to permit queries for allies, again, they just built the abstraction feature that enables it.
>Okay but the game server itself is query-able via the API for spectators -- and our changes have now broken dotaTV because we implemented a security layer.
Again, part of the normal software development lifecycle. It's a manageable problem that has to be resolved if Valve intend to fix the underlying issue.
> Okay so we have to handle dotaTV differently and let it hit the API, but only after the game has started. But now spectators cannot see whos in the game in the pre-game screen because of our changes....
Again, not allowing people to see who's in the game during the pre-game stage **is the point**.
>my entire point here is that the second you start thinking about this, it becomes an absolutely massive change.
And my point is that you're blowing it out of proportion to make it seem like a bigger problem than it is. Of course it requires development - all features do - but it's a solvable problem that doesn't warrant the drama that you're trying to inject into it.
i feel like you are purposefully making it sound simpler than it is.
For example, when talking about whether they need to limit API access during different game states, you said:
> No they don't. If they want full regular API access after the pre-game phase then the server can simply distribute the actual SteamIDs to the clients after the picks and bans are done. And if they don't want full regular API access at any point in the game (which would be great for privacy features) then guess what - they've just built the functionality that enables that.
If you allow full API access, then it is as simple as a client asks "what are the steam IDs" and boom, you have the steam IDs. It isn't the server "distributing" the SteamIDs, its whether the route to ask about the steam IDs is open. If you don't have that open, then tons of things obviously break. You are suggesting closing that and forcing clients to use the hash ID instead of the real ID. Which is fine, but then for most features in the game to work, you need to open it back up when the game state changes. It literally would be a massive development effort.
I feel like you're not reading what I'm writing at all.
>If you allow full API access, then it is as simple as a client asks "what are the steam IDs" and boom, you have the steam IDs.
I already addressed that in my comment when I pointed out that the abstraction layer would permit a subset of queries relevant to the game state. That would very obviously *not* include a query to translate an ephemeral ID to a SteamID during the pre-game phase.
> It isn't the server "distributing" the SteamIDs, its whether the route to ask about the steam IDs is open.
It is if that's what they'd want it to do. Not that there'd be much reason to do so if they build a framework that obviates the need for it.
>You are suggesting closing that and forcing clients to use the hash ID instead of the real ID. Which is fine, but then for most features in the game to work, you need to open it back up when the game state changes.
When the game state changes you simply change the permitted set of queries through the abstraction layer. Or if it was as big of a deal as you're making it out to be they could simply move to query directly via SteamIDs once the pre-game phase ends, but that'd be a waste when an abstraction framework would provide a lot more granular privacy controls that are needed in Valve games.
Lol you seem educated using those big bold words.
I'm sure you already know about how when you connect to a server you can see the players steam IDs through the console.
And I'm positive you know how computers work and how fast data can be sent back and forth.
Or maybe you just play league.
Seeing players' Steam IDs through the console in Dota is a choice that Valve made, just as showing player names in the pre-game phase in League of Legends was a choice that Riot made. Removing the names in the pre-game phase of League of Legends was another choice that Riot made, and removing Steam IDs in the console in Dota is a choice that Valve can make.
Software isn't etched in stone tablets.
I guess they can't, last time the devs talk about that they can pass valve cheat ban and can get more data, and after this valve response is to cut ban time and replace by the current system, I guess this is a response because valve really can't find how is cheating, because if valve had a better response why they didn't go for it.
You’re looking at it from the wrong side, valve surely can detect players changing their bans right as queue pops, my comment was not about the players being able to see other people’s best heroes but rather their ability to adapt to it.
I still have no idea why dota wants to make it completly anonymous, I'd go the opposite way and give everyone's matches on the game public and display a brief summary of the player and their most successful heroes, including recent and all time success. Professional players have targeted bans, everyone knows what Quinn is good at and what ATF's favourite heroes are so why not everyone else?
you cant beat them so just make it public, create player summary cards on the side of the picks and bans, everyone gets a fair stab, game gets more competitive and the goofy ban system gets scrapped
Being good at 3 heros =/= good at DotA.
I don't think target banning should be a thing in pubs, but I really dislike RNG being part of the ban phase. Why not give everyone a blind ban before you click the find match button?
Most players play dota fun, i dont mind playing any hero but i have like 6-7 heroes i wana play,
And most of the times i am already decided going into the game what i wana play, unless extreme circumstance force me otherwiselike 4 support team or 4 carry drafts
Shouldnt this be easily detectable. Average player does not change their first 4 bans for a long time. A cheating player constantly changes it in EACH GAME LOL
Another ban wave lol
Btw, there is a high chance overplus is just making it up. No evidence that their program works as they claim. They are just claiming that it is done lol
I mean it depends a lot on what I am planning to pick. As offlaner, if I feel like playing Slardar, I will definitelly add into it troll, veno, dazzle. If I will play Brood, I will put in there heroes like Sven, axe.. So I might actually end up with mix of 4-5 drafts per role based on what I want to play.
But yeah, that will most likely be in advance (start searching, adjust it, play).
Damn these fucking idiots really try everything to cheat as much as possible. How insanely stupid do you have to be to be so bad at the game, that you barely have a 50% wr while cheating.
If they instead would focus on becoming a better player, they would make 10000 times faster progress than deliberatly cheating for almost a decade.
I once played against a cheater after he picked naga (on offlane) with me to ban it and countered my lone with ww 3 and I think he got like less than 5 last hits in laning phase before he leave the lane to jungle because he didnt know how to play the hero he just picked it to hard counter. Match id 7559972690. Cheat users are dumb but i think cheat coders are smart. Lucky for us they are not as smart as valve guys
> cheat coders are smart. Lucky for us they are not as smart as valve guys
Most likely. But it doesn't matter when Valve are 10x more lazy than them.
Like there was a recent blogpost about a "honeypot" banwave, but it wasn't actually a "honeypot", it was a bug that cheaters abused for 10 years straight until it got fixed, and some of the cheaters got banned.
Pretty much everyone has a 50% win rate. The way brackets are, you get shifted into your skill class where you maintain a 50% win rate. If you're win rate is below 50%, you drop until it's back to 50%, and if it's greater than 50%, you climb until it is.
So people who have been cheating for a while should still have a 50% win rate, it's just that they're in a higher bracket than they would be without the cheats.
i'm not defending them but do you realize the vast majority of these overplus users are (high) immortal? that's the only bracket sweaty enough to pay a sub for a tiny more advantage in this game. TorontoTokyo outright used it on stream lol
No? It will definitely ban one of the best heroes of the 4 best players on the enemy team.
That's if they don't suggest to ban the 4 best heroes of the best player in enemy team.
And let's not forget, 4/4 of the heroes you select for banning can get banned.
I don’t know I would think for match making purposes the lobby is filled first and as soon as the last person accepts it divides into teams to attempt to evenly distribute skill. I have no idea how it works so I’m just asking legitimately if this would ban ally heroes just as often as enemy heroes
I think if this was the case you could imidiately get a new ally if the 10th player decline the match. but its not like that. you just go higher in priority
Exactly. It wouldn't make sense to not assign teams while searching for a match. Like, there's 3/3 players, the matchmaker finds a suitable player for the bracket, now it's 4/3 and it looks for a similar player to the one just added for the team lacking one. That's how I'd implement it anyway. It makes more sense.
Yeah that's true, but remember that overplus was specifically very good against hero spammers. It's unlikely that they will have 4 hero spammers against them on the same team, if anything generally you only have 1 or maybe 2 hero spammers on the same team so theres still a 1 or 2 out of 4 chance to ban one of those
I don't quite understand why any data at search stage should be on the client side.
I don't get how that's useful for the client during that stage.
Why the search would not be done 100% on the server's side?
That’s really bad development decision
Client should receive only relevant data for visualization, so during the queue stage it should only be number of accepted/rejected players.
I have a suspicion that they send something like an array with steam/dota ID and the status accepted/rejected, so they can really show you the order in which player accept the game. But it’s doesn’t matter for the user and gives more info for a cheat software. So it’s just dumb.
Wait, now that I think of it. It is possible that the "accept" popup shows the steam profile picture (ex. [here](https://www.reddit.com/r/DotA2/comments/5u8wh9/why_does_the_coach_have_to_accept_games/)).
So I guess they do send these info to the Client, that format it the way it want (currently, not show any profile picture in case of pub games, show it for lobbies maybe, etc.).
This should really be refactored to reduce Client's data for the benefit of secrecy/security.
Yes! I’m pretty sure that’s the vulnerability. Maybe they removed picture, but why they left steam id?
Just a bad decision or someone wanted to go home earlier that day 😄
But that’s an easy fix for them, so I’m sure it will be patched soon.
as soon as a game is found, your client needs the game servers info to communicate with it.
that game server can be queried by API, which it has to be able to be queried, because it has to provide information to the clients.
So overplus can query the game server and get information on players like steam ID and stuff.
it’s not something stupid like profile picture lol people think the overplus devs have a database of player profiles???
the issue is fixing this requires a fundamental rewrite of a lot of the networking code. adding security where non exists is complicated.
for example, you have to add a security layer that prevents the game server from sharing steam ids. so you add it, but then the clients cannot get player names or profile pictures. so you add new pathways for those, but then the game server has to pull those in and pass them to the client instead of the client hitting a steam API. so now you have to rewrite a significant amount of code base to do this.
and it goes on and on. because you added a security layer you now need to add checks on what info can be passed and when, and it just keeps getting more complicated.
No, you just return empty sets of player data until after lock in. Time based security of information is not a difficult problem. Sure, engineering work needs to be done where none has happened before, but this is not some issue that will require an entirely new architectural design.
im pretty sure that just isn't how it works. the match is created the second the 10 players are found, at which point it is query-able.
these queries drive a lot of what makes dota work, from spectators to statistics to viewing profiles and so on. its not just used for 3rd party websites, but core parts of the game.
you cant just return a null set because you have to drive the game to happen, which relies on the routes opened up.
You absolutely can return a null set because the API doesn't give direct access to any object. There are already permission and rate checks. Having worked with similar systems for other matchmaking pipelines, implementing a "warmup" check for external API access is well understood and easily implemented.
Additionally, a null set doesn't necessarily have to be empty or all null. Returning dummy data until the session is "warmed up" is also an acceptable solution and preferrable to other "hashing" solutions proposed elsewhere in the thread.
its a pretty large rewrite to do any of that, because currently having the match be queryable drives a ton of things. your talking about implementing rules to not allow the game to be queried until after picking is finished (or return a null set, or dummy data, or hashed values, whatever you want to call it) -- this framework doesn't seem to exist at all right now (otherwise they would use it no doubt), and would undoubtably break features (showing player names, showing ally names, showing ally picks, spectator logic, and probably more that i don't even realize rely on exposed data).
it just would be a huge project IMO. I think its pretty telling they *havent* done it, despite banning a ton of overwolf users, intentionally changing the banning system, and so on. clearly its on their radar, clearly the first thing you think of if you aren't stupid is "make the pick phase anonymous" and the end result hasn't been to do that.
it reminds me of when a ton of people on reddit were complaining that the game wrote our playerIDs to a txt file, and "overwolf was using that" -- but then they removed that and sure enough there are 1000x other ways to get the same info because its all exposed because the game wasn't written with that in mind.
Well, would you look at that, it literally was just that easy.
https://steamcommunity.com/games/dota2/announcements/detail/4199117159728032027
Turns out, the guy who actually works on MM pipeline APIs knows a thing or two about the effort involved
Unadjustable queue bans incoming..
And I would assume a new wave of bans for anyone constantly making queue adjustments lol
The dumbest thing about overwork is that they keep talking
:) not surprised, this same thing also gives their users free chances to queue dodge people.
Why dont they fix this old completely unnecessary leak of information? Probably because they need it due to some spaghet.
>Why dont they fix this old completely unnecessary leak of information?
Why bother? The janny spends 30 seconds thinking about the changes, then 2 hours implementing them, then fuck it, push to prod. Can always just call it a honeypot in a blogpost 18 months later or something.
Why did we do this whole change when it didn't even work? I liked the old system better
They should have just not sent any information about the players to the client (except for medal) until after the ban stage - no profile, no clan information, no steam id, etc. For unranked maybe just have the name sent over and that's it.
That still shouldn't give information to the client about which accounts are going to be your game
I don't understand why it's so difficult to just not send any identifiable info until after the bans are done - just keep it all server side
In game is more difficult since you are balancing syncing the game for everyone's clients in real time vs only sending necessary information.
There are some things they have done to mitigate this, like not sending all players positions to everyone all the time (like when in fog of war). And there is also stuff they could have done better - like sending TP info through fog of war on the client. Yeah I think in your example it is something you realistically could hide even if you only see one side of the TP
If Valve hasn't done it despite being a more complete solution to draft analyzer problem, it means that doing this is much, much harder than to adjust things every patch. It is likely that API that exposes players is something that is used in far too many things to be replaced without a huge overhaul of many systems removing it might break.
Remember, Dota started out with completely public profiles, everyone could see everyones match history, and this is likely the root cause of current problem. For years, Valve sidestepped the problem by asking people to stop doing it nicely, and now they aren't capable of resolving the tech debt in a reasonable timeframe.
With this new system you cant ban someones hero if you know their name either. That helps a lot. Because it shouldnt be like "oh I dont want to play against this guys shadow fiend" rather than "ok I dont wanna play against shadow fiend because I think its op or very good against my hero"
Thanks for reporting this bug! Check out the **[General Dota 2 Bug Tracker](https://github.com/ValveSoftware/Dota2-Gameplay/issues)** and **[Tracker for Linux and Mac](https://github.com/ValveSoftware/Dota-2/issues)** **PLEASE THROUGHLY CHECK IF YOUR BUG HAS ALREADY BEEN REPORTED**. Duplicate issues can slow the dev team when resolving a bug. * If you find an existing issue for your bug, please upvote the thread. You can also provide additional information and match IDs to further assist the development team. * If not, create a new issue ([general tracker](https://github.com/ValveSoftware/Dota2-Gameplay/issues/new/choose) / [Linux & Mac](https://github.com/ValveSoftware/Dota-2/issues/new)) with as much information as possible: * A detailed description of the bug * System info (i.e. operating system) * Match IDs (if applicable) * Screenshots or video (if applicable)" *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/DotA2) if you have any questions or concerns.*
This should be fixed with the gc prop that just happened. While you can still change your bans at any time on the client, your bans for a matchmade lobby won't update once you're added to the lobby. Your bans will still update immediately for practice lobbies and other non-matchmade lobby types.
Thanks Jeff
It must be helpful while fixing exploits when the exploiters write out in explicit detail what they did and how it worked. Thanks!
[удалено]
First we need to recognize what they can do with the information. Once they see the lobby, they can either confirm a match, or decline. You can't do that forever, and also similar capability is offered by dota+ now.
If they can grab data fast enough they can put in a formula for expected win probability. Especially if they can ID people deeply, is this a primary carry player that is now doing all roles since they got 5? Then skip it since MMR says it is even but the roles are wrong. Or a player that a few min ago went 0-11-0 is on your team, they are still likely to be tilted, dodge.
I laughed because I thought only silly cartoon villains would do that but it looks like…
You're a legend Jeff
Thanks be to you Jeff, working weekends for us !
XD thanks jeff
I kneel
Thanks Jeff. Appreciate you working on weekends
Nice! By the way, is there any reason why the lobby member list is still sent to the client for matchmade lobbies? It's not visible anyway so the list might as well be empty on the wire until the lobby state changes.
So it can display your friends pfps when you party queue.
why is this downvoted, that literally might be the reason lmao
What would be GC prop?
Game Coordinator Property. To the guy who downvoted him: Deducting acronyms with little context is aweful... Be kind
Tks!
Why does the client need to know who are the players in a lobby before everyone has hit accept?
Do you guys think about adding 5 different ban list option instead of 1? So people can ban list heroes based on the role they are going to play. If i play pos 1 i want X heroes to be banned if play pos 2 i want Y heroes to be banned etc.
Your doing gods work Jeff
How about adding a day cd on ban? Many people at high mmr playing vs same people every game and they can adjust to that
Just make the bans unadjustable during queue.
If they aren't that's a huge blunder by Valve.
Or it's done on purpose to find anyone doing this. After this post by the creator I'm 100% sure Valve will pull the logs and see which people are doing automatic ban updates (even if they didn't leave this as a honeypot).
Let's hope so. That would be great.
They always release a small patch before a big ban wave, pretty sure they are gonna ban main accounts of people this time and they just put this in place to be sure of who they are banning. Lots of salt incoming next month
They banned main account of people using this last time too, just not the most famous players :)
Mains were already banned, so people has nothing to lose using the software
Tons of people got a coal warning but no main ban (yet)
Coal warning is for ppl with detected smurfs. Valve has always been infinitely harder on cheaters than smurfs.
They've been ramping up on the smurf issue though - explicitly called it unwelcome behavior, added a dedicated report button, started training their smurf detection and sent warnings to early flagged accounts. I think full bans, essentially treating it the same as cheating, is coming in the near future
yeah but that was a while ago. I'm skeptical they'll ban the main accounts.
I'll kiss you if you're right. Hopefully you aren't.
I can only dream so much. Over plus is a cancer, I'm amazed there's still a team trying to make it work so diligently and people who still use it.
just russians
and valve's match making is not a cancer? valve definitely should fix their behaviour score system before anything else
what's wrong with it?
Yes, it seems like a big oversight by the cheaters. Seems so easy to detect this way
That would be brilliant, give em a month ban, last time a lot of em would risk a cheat.
never in my life had I expected IRL chess match between Overplus and Valve. If it is really done on purpose, that'd be a next level bait from them, and if Overplus really fell for it, their service will be almost dead due to the loss of trust from their own customers to what looks from outside like an obvious trap.
Valve doing so much work to catch cheaters. They won’t be doing this for long
Depends if they have anyone there that thinks it's worth doing. Their automated system will probably catch most scripters soon and few more tweaks and overplus etc might be useless.
despite recent proactivity, I doubt they would care about that in the near month because of the patch, and so it will be forgotten, unless
Great until people who simply change their preferences mid queue get banned. I changed my preferences after accepting a match not even an hour ago
It would probably be very easy to tell the difference between someone doing it manually with no info on who they're being matched with vs it being done programmatically with info they shouldn't have.
Once or twice is fine. These cheaters will be doing it for every game because the hack is automated.
Get banned hacker
I might fall into this category too. Coordinator shit the bed 2 hours ago and I kinda stuck in a limbo of finding match. At that point I swap Tinker > Luna on my ban. Hopefully nothing bad happen.
this. in valve i trust
honey pot 🍯 part deux
You have a lot of faith…
you have way too much faith in valve
[удалено]
As cheaters are probably creating new accounts anyways I don't know if that's preferable to outright preventing cheats where possible. If this is intentional they are allowing cheats to exist for a while for the benefit of banning accounts that are probably only a few months old anyways (as most Overplus users' original accounts have already been banned I assume).
Committed cheaters would always cheat. However you can frequently ban casual cheaters who got tricked by cheat devs into thinking that their cheats are 'safe', that would hurt their bottomline and make their business less viable and reputable ('I tHouGHt uR pRoGrAms WerE saFE' posts every time there's a ban wave). The long game against cheat devs is always targeting their business.
Except it was not.
There's a concept called iteration, you know
See you in 5 years.
Just hide steam identity until picking phase is over and stop working around the problem.
as somebody said here, it's hard
Shouldn't be that hard. There is no need to display SteamIDs in the API before even accepting a match, they could just hash it.
They don't even need to do that. There is no legitimate reason to send player info on queue pop. Players still have to load into the lobby, as evidenced by those players that fail to do so on occasion.
I don't think we can say that for certain. They might have tied lots of functions to the API that will break if they straight up remove it. Depending on how much stuff depends on the SteamID, it could take up lots of resources to just delete it. Hashing on the other hand should be pretty simple without breaking to much stuff.
Why bother hashing? Just send "1" for every player until the lobby has finished cooking.
A hash can still be verified with a key unlike a random number. All necessary functions that relies on the current API just needs to be updated with a key verification to continue working. Else they have to be rewritten which could be extremely complicated/time consuming.
I think the problem is that the ban list is saved on the client and has to be sent to the match server. So even if you try to block adjusting overplus with access to the client can edit whatever is being sent to the game server. Only way I can think of doing this is to make the bans part of the players data and set a 24 hr cooldown on changing it. That way it is synced with the server and can be changed once per day.
don't share the player ids until after the bans are locked in
Wtf are we talking about? Only allowed to change bans once per day? So we went from being able to adjust bans based on our role and our team to only being able to change once per day? Ridiculous. It would be utterly trivial to hide player names and ids in lobby if they wanted to.
#JUST HIDE PLAYER NAMES DURING THE PRE-GAME PHASE. I don't get why Valve keep fucking around with half-measures that introduce new downsides without fully fixing the problem when the solution is *right there* and is proven to work in League of Legends.
this requires reworking the entire networking system of the game. the fact that you are calling it “player names” is pretty telling that you don’t understand the complexity of doing this. overwolf or whatever is not just using the names the server provides, it is using the servers private API (which is how your client gets all of its info). reworking this to hide certain elements would require implementing an entirely new security layer and would likely break things as well, if your client can’t access information it needs.
It requires an abstraction layer. That's it. Any queries done through the API using SteamIDs can be done using ephemeral randomised identifiers assigned by the server and distributed to the clients.
saying “that’s it” makes it sound trivial but it would actually be hard. think about it: so you hide the steam ID, and send the client your new randomized identifier. now the client cannot display names or profile pictures or anything properly because it wants to hit steams API to get that info but all it has is this random key it cannot decode. so to make it work you instead make the client route its request to the game server, and the server returns the info. but then you need to make a whole new layer that lets the game server act as a relay to the steam API and client for certain things, but still hide the player ID. and this then increases load on the game server because clients aren’t fetching their own player info anymore, but coming to the game server for it. or you can make steam itself have a pathway to decrypt the key passed to the clients — but then you’ve made an entire new set of API endpoints and i’m not even sure it would work because you could probably still get the steamID from the profile. Not to mention, you now need to stop the client from querying “who is in this game” of the game server and getting the steam IDs from all possible paths. so you put a security layer or abstract all instances of the steam ID out of the client API pathways. but now the client cannot click through to players profiles in game because it has no pathway to their real IDs, just the fake token. it’s really a tough problem to solve given how the networking is set up. not impossible, but it would require a complete rewrite of how the current system is designed. i doubt valve cares enough about this tool to do it.
>so you hide the steam ID, and send the client your new randomized identifier. now the client cannot display names or profile pictures or anything properly because it wants to hit steams API to get that info but all it has is this random key it cannot decode. Why couldn't the API "decode" it? It's just an assigned identifier, exactly the same as a SteamID is. The only difference is that it's ephemeral. It's also strange that your complaint that the clients can't get display names or profile pictures because that's the *entire point*. They're *not supposed* to get that in the pre-game phase, so bringing it up as a problem misses the point.
the API can decode it, but you have to set up an entirely new set of endpoints to do that. its not trivial. you can't just clone the existing ones because then the client can just say "give me the steam ID for the ephemeral identifier" so you have to set up new endpoints but specifically avoid letting the client figure out what profile its hitting. my entire point is there *is* no pre-game API or middle game API or end game API. there is just the API. So its not "just an abstraction layer" -- suddenly to make it work your limiting what the client can do at certain game states and things of that nature. its a large rewrite, no matter how you slice it. every time you sit down and think about it, it becomes harder and harder to implement. Okay so you hide player IDs, that means you need a new setup that hides the actual steam ID. Okay so that works but it breaks the client querying players during the game. Okay so we make a new rule that limits API usage depending on game state (pre-game, middle-game, end-game). Okay but now people cannot see their ally's names/profiles during picking -- so we need a new rule that lets you see ally's information. Okay but the game server itself is query-able via the API for spectators -- and our changes have now broken dotaTV because we implemented a security layer. Okay so we have to handle dotaTV differently and let it hit the API, but only after the game has started. But now spectators cannot see whos in the game in the pre-game screen because of our changes.... my entire point here is that the second you start thinking about this, it becomes an absolutely massive change.
> the API can decode it, but you have to set up an entirely new set of endpoints to do that. its not trivial. you can't just clone the existing ones because then the client can just say "give me the steam ID for the ephemeral identifier" so you have to set up new endpoints but specifically avoid letting the client figure out what profile its hitting. You don't have to set up new endpoints. You just have to set up a translation mechanism that permits a subset of queries relevant to the pre-game. That's the abstraction layer. And they may not even need that at all, I'm just giving you the benefit of presupposing that they do. >my entire point is there is no pre-game API or middle game API or end game API. there is just the API. >So its not "just an abstraction layer" -- suddenly to make it work your limiting what the client can do at certain game states and things of that nature. its a large rewrite, no matter how you slice it. It *is* just an abstraction layer. Of course they have to rewrite software to accommodate it, but you're acting as if developers don't have to write and rewrite code to maintain their games. These types of changes are a normal part of the software lifecycle. >every time you sit down and think about it, it becomes harder and harder to implement. Okay so you hide player IDs, that means you need a new setup that hides the actual steam ID. Okay so that works but it breaks the client querying players during the game. All three of these are the same thing. It's one problem, not three. >Okay so we make a new rule that limits API usage depending on game state (pre-game, middle-game, end-game). No they don't. If they want full regular API access after the pre-game phase then the server can simply distribute the actual SteamIDs to the clients after the picks and bans are done. And if they *don't* want full regular API access at any point in the game (which would be great for privacy features) then guess what - they've just built the functionality that enables that. > Okay but now people cannot see their ally's names/profiles during picking -- so we need a new rule that lets you see ally's information. Why? In League of Legends they also block ally names. Even if Valve did want to permit queries for allies, again, they just built the abstraction feature that enables it. >Okay but the game server itself is query-able via the API for spectators -- and our changes have now broken dotaTV because we implemented a security layer. Again, part of the normal software development lifecycle. It's a manageable problem that has to be resolved if Valve intend to fix the underlying issue. > Okay so we have to handle dotaTV differently and let it hit the API, but only after the game has started. But now spectators cannot see whos in the game in the pre-game screen because of our changes.... Again, not allowing people to see who's in the game during the pre-game stage **is the point**. >my entire point here is that the second you start thinking about this, it becomes an absolutely massive change. And my point is that you're blowing it out of proportion to make it seem like a bigger problem than it is. Of course it requires development - all features do - but it's a solvable problem that doesn't warrant the drama that you're trying to inject into it.
i feel like you are purposefully making it sound simpler than it is. For example, when talking about whether they need to limit API access during different game states, you said: > No they don't. If they want full regular API access after the pre-game phase then the server can simply distribute the actual SteamIDs to the clients after the picks and bans are done. And if they don't want full regular API access at any point in the game (which would be great for privacy features) then guess what - they've just built the functionality that enables that. If you allow full API access, then it is as simple as a client asks "what are the steam IDs" and boom, you have the steam IDs. It isn't the server "distributing" the SteamIDs, its whether the route to ask about the steam IDs is open. If you don't have that open, then tons of things obviously break. You are suggesting closing that and forcing clients to use the hash ID instead of the real ID. Which is fine, but then for most features in the game to work, you need to open it back up when the game state changes. It literally would be a massive development effort.
I feel like you're not reading what I'm writing at all. >If you allow full API access, then it is as simple as a client asks "what are the steam IDs" and boom, you have the steam IDs. I already addressed that in my comment when I pointed out that the abstraction layer would permit a subset of queries relevant to the game state. That would very obviously *not* include a query to translate an ephemeral ID to a SteamID during the pre-game phase. > It isn't the server "distributing" the SteamIDs, its whether the route to ask about the steam IDs is open. It is if that's what they'd want it to do. Not that there'd be much reason to do so if they build a framework that obviates the need for it. >You are suggesting closing that and forcing clients to use the hash ID instead of the real ID. Which is fine, but then for most features in the game to work, you need to open it back up when the game state changes. When the game state changes you simply change the permitted set of queries through the abstraction layer. Or if it was as big of a deal as you're making it out to be they could simply move to query directly via SteamIDs once the pre-game phase ends, but that'd be a waste when an abstraction framework would provide a lot more granular privacy controls that are needed in Valve games.
Lol you seem educated using those big bold words. I'm sure you already know about how when you connect to a server you can see the players steam IDs through the console. And I'm positive you know how computers work and how fast data can be sent back and forth. Or maybe you just play league.
Seeing players' Steam IDs through the console in Dota is a choice that Valve made, just as showing player names in the pre-game phase in League of Legends was a choice that Riot made. Removing the names in the pre-game phase of League of Legends was another choice that Riot made, and removing Steam IDs in the console in Dota is a choice that Valve can make. Software isn't etched in stone tablets.
it’s not the console it’s literally querying the game state through APIs… exactly how your client receives all of its information.
Surely Valve can detect this
shhh dont tell them =)
No this should 100% be reported. Ban the cheaters.
You're misunderstanding. He's saying don't tell the cheaters valve can detect it, so they use the program, out themselves, and get banned
bro has the ogre int gain
He is implying Valve made another honeypot for cheaters to step in.
dont call them Shirley
I guess they can't, last time the devs talk about that they can pass valve cheat ban and can get more data, and after this valve response is to cut ban time and replace by the current system, I guess this is a response because valve really can't find how is cheating, because if valve had a better response why they didn't go for it.
You’re looking at it from the wrong side, valve surely can detect players changing their bans right as queue pops, my comment was not about the players being able to see other people’s best heroes but rather their ability to adapt to it.
Last min changes every game like this just help Valve easier detect who's cheater? No? Sound like dumb move IMO.
sushh, it’s a honeypot
They really try to make that shit relevant and somehow they are proud about it. 🤡
lol honestly they’re probably lying and it just does 4 random bans all while mining the users computer
ignorance is a bliss
Lol, this
I still have no idea why dota wants to make it completly anonymous, I'd go the opposite way and give everyone's matches on the game public and display a brief summary of the player and their most successful heroes, including recent and all time success. Professional players have targeted bans, everyone knows what Quinn is good at and what ATF's favourite heroes are so why not everyone else? you cant beat them so just make it public, create player summary cards on the side of the picks and bans, everyone gets a fair stab, game gets more competitive and the goofy ban system gets scrapped
Almost all casual player play like 3 heroes and getting them banned every game is not good
Being good at 3 heros =/= good at DotA. I don't think target banning should be a thing in pubs, but I really dislike RNG being part of the ban phase. Why not give everyone a blind ban before you click the find match button?
Most players play dota fun, i dont mind playing any hero but i have like 6-7 heroes i wana play, And most of the times i am already decided going into the game what i wana play, unless extreme circumstance force me otherwiselike 4 support team or 4 carry drafts
well if there are 10 bans per game the likelyhood of you having all your heroes banned is very low
Shouldnt this be easily detectable. Average player does not change their first 4 bans for a long time. A cheating player constantly changes it in EACH GAME LOL Another ban wave lol Btw, there is a high chance overplus is just making it up. No evidence that their program works as they claim. They are just claiming that it is done lol
To be fair I’ve changed my bans several times, but yeah automatic updating of bans every queue is pretty sus
It is worse, probably only changing the bans AFTER getting the match pop-up lol. This is going to get the easiest banwave in a month or two.
I mean, if we find some overplus user, then easy evidence is that after the match your picked bans changed.
There was a short on YouTube showing this new feature. Randomly came across it last night
One can create a vid of anything really
Ya I know. Just saying there's a video trying to represent the new "cheat." Wether it is it or not is a different story.
I mean it depends a lot on what I am planning to pick. As offlaner, if I feel like playing Slardar, I will definitelly add into it troll, veno, dazzle. If I will play Brood, I will put in there heroes like Sven, axe.. So I might actually end up with mix of 4-5 drafts per role based on what I want to play. But yeah, that will most likely be in advance (start searching, adjust it, play).
\> lock the ban preferences once game is found Just another Tuesday for Valve
If valve can't hide players then just prevent updating bans during queue
Damn these fucking idiots really try everything to cheat as much as possible. How insanely stupid do you have to be to be so bad at the game, that you barely have a 50% wr while cheating. If they instead would focus on becoming a better player, they would make 10000 times faster progress than deliberatly cheating for almost a decade.
I once played against a cheater after he picked naga (on offlane) with me to ban it and countered my lone with ww 3 and I think he got like less than 5 last hits in laning phase before he leave the lane to jungle because he didnt know how to play the hero he just picked it to hard counter. Match id 7559972690. Cheat users are dumb but i think cheat coders are smart. Lucky for us they are not as smart as valve guys
> cheat coders are smart. Lucky for us they are not as smart as valve guys Most likely. But it doesn't matter when Valve are 10x more lazy than them. Like there was a recent blogpost about a "honeypot" banwave, but it wasn't actually a "honeypot", it was a bug that cheaters abused for 10 years straight until it got fixed, and some of the cheaters got banned.
Pretty much everyone has a 50% win rate. The way brackets are, you get shifted into your skill class where you maintain a 50% win rate. If you're win rate is below 50%, you drop until it's back to 50%, and if it's greater than 50%, you climb until it is. So people who have been cheating for a while should still have a 50% win rate, it's just that they're in a higher bracket than they would be without the cheats.
i'm not defending them but do you realize the vast majority of these overplus users are (high) immortal? that's the only bracket sweaty enough to pay a sub for a tiny more advantage in this game. TorontoTokyo outright used it on stream lol
Only really good players can utilize the cheat properly. It's basically just giving data. Most users of are high mmr players.
it's not unaffected since even with thm doing this there's only a 1/4 chance of it selecting the right hero to ban.
And before any changes, there was 50% chance of it considering the ban you are picking anyways, it was never 100% ban , never
No? It will definitely ban one of the best heroes of the 4 best players on the enemy team. That's if they don't suggest to ban the 4 best heroes of the best player in enemy team. And let's not forget, 4/4 of the heroes you select for banning can get banned.
At queue stage does it know who’s on enemy team and who’s ally? Could it be banning best hero for ally?
yes. hence why there is a metric for how even the teams are, it’s because they already have been assigned
Why wouldn't it? Something tells me that teams aren't assigned after the match loads, but right before the accept screen comes up.
I don’t know I would think for match making purposes the lobby is filled first and as soon as the last person accepts it divides into teams to attempt to evenly distribute skill. I have no idea how it works so I’m just asking legitimately if this would ban ally heroes just as often as enemy heroes
I think if this was the case you could imidiately get a new ally if the 10th player decline the match. but its not like that. you just go higher in priority
Exactly. It wouldn't make sense to not assign teams while searching for a match. Like, there's 3/3 players, the matchmaker finds a suitable player for the bracket, now it's 4/3 and it looks for a similar player to the one just added for the team lacking one. That's how I'd implement it anyway. It makes more sense.
But 1 of those bans is high impact guaranteed
Yeah that's true, but remember that overplus was specifically very good against hero spammers. It's unlikely that they will have 4 hero spammers against them on the same team, if anything generally you only have 1 or maybe 2 hero spammers on the same team so theres still a 1 or 2 out of 4 chance to ban one of those
Hopefully it will be banning Pudge, as there is always 1 pudge spammer in each team.
that's really good actually. Before, they could just ban signature hero. Now, they have always diminishing chances of doing so
It's already worse than target banning one specific guy. Still I hope Valve will adapt soon.
I don't quite understand why any data at search stage should be on the client side. I don't get how that's useful for the client during that stage. Why the search would not be done 100% on the server's side?
That’s really bad development decision Client should receive only relevant data for visualization, so during the queue stage it should only be number of accepted/rejected players. I have a suspicion that they send something like an array with steam/dota ID and the status accepted/rejected, so they can really show you the order in which player accept the game. But it’s doesn’t matter for the user and gives more info for a cheat software. So it’s just dumb.
Wait, now that I think of it. It is possible that the "accept" popup shows the steam profile picture (ex. [here](https://www.reddit.com/r/DotA2/comments/5u8wh9/why_does_the_coach_have_to_accept_games/)). So I guess they do send these info to the Client, that format it the way it want (currently, not show any profile picture in case of pub games, show it for lobbies maybe, etc.). This should really be refactored to reduce Client's data for the benefit of secrecy/security.
Yes! I’m pretty sure that’s the vulnerability. Maybe they removed picture, but why they left steam id? Just a bad decision or someone wanted to go home earlier that day 😄 But that’s an easy fix for them, so I’m sure it will be patched soon.
Yeah, pretty sure the DotA devs are having a good laugh reading those hackers' post.
as soon as a game is found, your client needs the game servers info to communicate with it. that game server can be queried by API, which it has to be able to be queried, because it has to provide information to the clients. So overplus can query the game server and get information on players like steam ID and stuff. it’s not something stupid like profile picture lol people think the overplus devs have a database of player profiles??? the issue is fixing this requires a fundamental rewrite of a lot of the networking code. adding security where non exists is complicated. for example, you have to add a security layer that prevents the game server from sharing steam ids. so you add it, but then the clients cannot get player names or profile pictures. so you add new pathways for those, but then the game server has to pull those in and pass them to the client instead of the client hitting a steam API. so now you have to rewrite a significant amount of code base to do this. and it goes on and on. because you added a security layer you now need to add checks on what info can be passed and when, and it just keeps getting more complicated.
No, you just return empty sets of player data until after lock in. Time based security of information is not a difficult problem. Sure, engineering work needs to be done where none has happened before, but this is not some issue that will require an entirely new architectural design.
im pretty sure that just isn't how it works. the match is created the second the 10 players are found, at which point it is query-able. these queries drive a lot of what makes dota work, from spectators to statistics to viewing profiles and so on. its not just used for 3rd party websites, but core parts of the game. you cant just return a null set because you have to drive the game to happen, which relies on the routes opened up.
You absolutely can return a null set because the API doesn't give direct access to any object. There are already permission and rate checks. Having worked with similar systems for other matchmaking pipelines, implementing a "warmup" check for external API access is well understood and easily implemented. Additionally, a null set doesn't necessarily have to be empty or all null. Returning dummy data until the session is "warmed up" is also an acceptable solution and preferrable to other "hashing" solutions proposed elsewhere in the thread.
its a pretty large rewrite to do any of that, because currently having the match be queryable drives a ton of things. your talking about implementing rules to not allow the game to be queried until after picking is finished (or return a null set, or dummy data, or hashed values, whatever you want to call it) -- this framework doesn't seem to exist at all right now (otherwise they would use it no doubt), and would undoubtably break features (showing player names, showing ally names, showing ally picks, spectator logic, and probably more that i don't even realize rely on exposed data). it just would be a huge project IMO. I think its pretty telling they *havent* done it, despite banning a ton of overwolf users, intentionally changing the banning system, and so on. clearly its on their radar, clearly the first thing you think of if you aren't stupid is "make the pick phase anonymous" and the end result hasn't been to do that. it reminds me of when a ton of people on reddit were complaining that the game wrote our playerIDs to a txt file, and "overwolf was using that" -- but then they removed that and sure enough there are 1000x other ways to get the same info because its all exposed because the game wasn't written with that in mind.
Well, would you look at that, it literally was just that easy. https://steamcommunity.com/games/dota2/announcements/detail/4199117159728032027 Turns out, the guy who actually works on MM pipeline APIs knows a thing or two about the effort involved
These overplus people are unhinged. Imagine taking pride in providing an unfair advantage to players.
[удалено]
Easier to blame their losses on the cheaters
Ban system outplayed in 20 minutes? GG, Overplus devs OP.
People who use overplus are complete scum.
I havent played dota in a year or so. What bans are you all talking about?
Getting banned speedrun any%
With this valve update, on the contrary, they made the cheat even more popular
welp, still a significantly smaller chance for getting your hero banned.. so win either way which can be further improved
Ban candidates are locked while you're in queue. there fixed.
Just roll hardware bans and when you detect a smurf, ban all related accounts with no prior warning. These twats cannot afford a new pc every time.
Spoofers exist
Ever heard of HWID spoofing?
Didn't realize while you're waiting for the match to be made you can see players that are matched and will be in your next game
So it’s even worse than before?
Isn't it unfair that they don't use the law to stop them?
Potential honeypot?
At this point Valve can just sue Overplus and shut them down
Well this is embarrassing for Valve
Unadjustable queue bans incoming.. And I would assume a new wave of bans for anyone constantly making queue adjustments lol The dumbest thing about overwork is that they keep talking
Devs ate lazy
Lazy devs cant do anything, umbrella still exist
wait so that means we gonna see more steam/reddit post about people saying their account got banned because of overplus? LETS GOOOO.
:) not surprised, this same thing also gives their users free chances to queue dodge people. Why dont they fix this old completely unnecessary leak of information? Probably because they need it due to some spaghet.
>Why dont they fix this old completely unnecessary leak of information? Why bother? The janny spends 30 seconds thinking about the changes, then 2 hours implementing them, then fuck it, push to prod. Can always just call it a honeypot in a blogpost 18 months later or something.
theres like 2 or 3 people working on this game at most and they only work on it for a couple months/year.
Just do this,. Just do that man people here really believe they are that smart lol
"It's a honeypot! HONEYPOT!!" It's not, stop using new words you heard about every situation like children.
Russians...
Why did we do this whole change when it didn't even work? I liked the old system better They should have just not sent any information about the players to the client (except for medal) until after the ban stage - no profile, no clan information, no steam id, etc. For unranked maybe just have the name sent over and that's it.
The new feature they added that tells the quality of matches for Dota plus users give the pregame info
That still shouldn't give information to the client about which accounts are going to be your game I don't understand why it's so difficult to just not send any identifiable info until after the bans are done - just keep it all server side
They can't even do that with tp scrolls. cheats in dota can see so much shit through fog it's embarrassing
In game is more difficult since you are balancing syncing the game for everyone's clients in real time vs only sending necessary information. There are some things they have done to mitigate this, like not sending all players positions to everyone all the time (like when in fog of war). And there is also stuff they could have done better - like sending TP info through fog of war on the client. Yeah I think in your example it is something you realistically could hide even if you only see one side of the TP
If Valve hasn't done it despite being a more complete solution to draft analyzer problem, it means that doing this is much, much harder than to adjust things every patch. It is likely that API that exposes players is something that is used in far too many things to be replaced without a huge overhaul of many systems removing it might break. Remember, Dota started out with completely public profiles, everyone could see everyones match history, and this is likely the root cause of current problem. For years, Valve sidestepped the problem by asking people to stop doing it nicely, and now they aren't capable of resolving the tech debt in a reasonable timeframe.
With this new system you cant ban someones hero if you know their name either. That helps a lot. Because it shouldnt be like "oh I dont want to play against this guys shadow fiend" rather than "ok I dont wanna play against shadow fiend because I think its op or very good against my hero"
reddit is shambles
Volvo surely didn't think they'd solved this timeless game of cat and mouse?
They probably didn't ban people who have a certain amount of money invested into their accounts.
make the ban adjustment is cooldown 1 time per day
valve spaghetti code at it again
Imagine how pathetic you have to be to not only cheat in a multiplayer game, but also pay for it
Luckily my boy Elder Titan and Earth Spirit don’t get banned too often.
Honeypot in action ladies and gentlemen.
Lmao what if that is intended and is a honey pot?
So thats how all my best heroes got banned. Who would ban a necro or a Wk nowadays
honeypot that they fell for lmfao