Guild Wars 2 compensates those suspended unjustly in 2018 spyware cheater purge thanks to victim’s GDPR sleuthing

    
32

Last April, the Guild Wars 2 community was shaken by the news that over 1500 players had been suspended from the game after ArenaNet silently patched in (and then patched out again) what players characterized as invasive cheat-detection spyware. ArenaNet claimed that it “targeted programs that allow players to cheat and gain unfair gameplay advantages, even if those programs have other, more benign uses,” but it admitted it could not actually prove any of the players suspended had actually ever cheated in Guild Wars 2. Across Reddit and our own comments, players surfaced to claim they’d been unfairly suspended for having programs like UNF, CheatEngine, and MMOMINION installed on their computers for use in offline games or work, without ever having cheated in GW2 itself. Other folks said they didn’t have any of those programs at all. But still others sided with ArenaNet, and the story went cold.

Now it’s back. One of the affected players, who goes by slashy1302 aka Fire of Spirit on Reddit, has a thread up this week says he’s been appealing to ArenaNet ever since April to reinstate his account and clear his name. Support originally told him ArenaNet had tracked him using UNF; he didn’t even know what that was. After what appears to have been months of back-and-forth and run-around, he ultimately invoked the GDPR to force ArenaNet to turn over the data it had pertaining to his suspension. Eventually, he secured those data. And what did he find?

“I had the cheat detection logs (though with erased timestamps) including the md5 sums of the programs they detected,” slashy1302 writes. “I was determined to find out which of my programs triggered the false positive… It took me a whole minute to find out that they fucked up badly. As I have been dealing with MD5 a lot I recognized that hash: d41d8cd98f00b204e9800998ecf8427e It’s what you get when you hash an empty file or string. I couldn’t believe my eyes.”

Yesterday, slashy1302 received an email from ArenaNet’s Gaile Gray that admits to the mistake. “We reinstated all suspended accounts by October 2018,” ArenaNet wrote. “When you let us know you had spotted a possible anomaly in the data you received in response to your personal information access request, we immediately began a full investigation of the data related to all accounts that were suspended during this initiative. As a result of that investigation, we discovered that a very small number of accounts were suspended in error, including yours. We are extremely sorry for this error, and very grateful that you made us aware of it.”

Of course, as Anet notes, the six-month ban concluded in October, so the suspended accounts had already been reinstated, though presumably with a black mark on them. Other players also report receiving similar emails, though without the specifics about slashy1302’s sleuthing, of course. According to the note, all players affected will receive free unlocks for the ongoing living story season (which they’d not have been able to secure before, since they couldn’t log in) and 2500 gems.

Reddit responses are generally sympathetic to the victims; there have even been calls for firings of the developers involved and criticism of the level of compensation being doled out.

We reached out to ArenaNet for a statement this afternoon; here is what the studio told Massively OP:

“In our ongoing process to continually improve the overall experience of Guild Wars 2, we discovered a very small number of accounts that had been erroneously suspended last year as a result of our anti-cheat detection processes. Those suspensions expired last October, returning those accounts to active standing. After recently concluding a thorough follow-up investigation on the matter, we felt strongly that we needed to apologize for our mistake and we sent the affected players a gift of content unlocks and gems as a means of expressing our sincere regret.”

Source: Reddit. With thanks to Sabas! This article has been amended to clarify that the player’s Reddit name is actually slashy1302.

32
LEAVE A COMMENT

Please Login to comment
  Subscribe  
newest oldest most liked
Subscribe to:
Reader
Kickstarter Donor
NeoWolf

Although Arenanet are the ONLY affiliate of NCsofts who I have not had an experience when they have acted unfairly and treated me disrespectefully (or utterly disgustingly) it doesn’t surprise me that they have followed suit in having abyssmal practices and utterly incompetent customer service staff. And this is why I will no longer touch any NCSoft or its affiliates games ever again.

There are only so many bridges they can burn in regards to goodwill before enough is enough. They could care less about right from wrong or looking after thier players all you are is a figure on a profit and loss spreadsheet.

Reader
Jesse Wan

It is better that ten guilty persons escape than that one innocent suffer. -William Blackstone

Reader
Eamil

If anyone is wondering just how or why this could have happened, I think the top response in that Reddit thread is also worth noting, from user fwosar who previously analyzed how ANet’s spyware worked back when that story broke.

First of all, I am glad you got some resolution out of it. For the others who don’t know: slashy1302 contacted me a while ago to ask me whether or not those values that showed up in his logs were feasible using the spyware they used. And indeed, it turns out, that if a file can’t be read for whatever reason (for example because it was running from a folder that your user account isn’t allowed to read from), the spyware ended up hashing nothing, which results in the hash mentioned above.

My best guess, and mind you that is only a guess, is, that they added the empty hash to their blacklist on purpose to catch cheaters that protected their cheats using ACLs or sandboxes. They probably forgot, as a lot of Windows developers do, that you can’t assume admin rights on Windows and that Windows is a multi-user OS and multiple users can be logged on at the same time. So if one user logs in and has some applications installed in their user profile, like Discord for example or the Twitch App, and then their spouse switches to their user and runs Guild Wars there, the user will be able to see the processes running in the different user session, but won’t be able to read any of the executable images behind them, resulting in these empty hashes naturally.

Reader
Annoyed badger

I’m not normally one to call for firing poeple, rather learn from mistakes, but this a whole new level of fuck up and shitty culture.

They banned people, due to their own mistake.

They refused to properly investigate it.

A player had to uncover this on their own (which as it turned out did not take long once access to the data was available, so Anet did fuck all to investigate themselves).

This is a serious failing at Anet, not only in the mistake, but the lack of investigation, and teh shitty level of compensation offered is pretty much an insult at this point.

The orignal dev who made the mistake is one thing, learn from it, people fuck up it happens.

The person in charge of investigating customer service complaints needs to go…they have created a culture where they treat customers with disdain, and obviously do nothing to help.

Reader
Eamil

I agree that this is a serious internal problem, but it’s a systemic failure and won’t be resolved by the firing of one person. More thorough reforms are needed within the company.

Reader
Loyal Patron
Patreon Donor
Kickstarter Donor
Paragon Lost

A total lack of comprehensive investigative procedures. In other words the norm. Oh wait….

It took me a whole minute to find out that they fucked up badly. – Fire of Spirit

Right, I stand corrected. A total lack of any investigative procedures before action. Seriously, the norm anymore is to react before actually doing the leg work to find out for sure. QC standards lack in most cases anymore, whether it’s mmo developers or industrial manufacturing or health care.

Reader
Bruno Brito

Anyone with a level head saw that coming. Anet is extremely overprotective of their ways. Everytime, they double down on everything they do. This time, it bit them in their asses.

And good. Everyone said this crap was over the top. Their whiteknights kept defending this garbage.

Heh.

Reader
Schmidt.Capela

The big issue this causes not only for ANet, but also for other MMO publishers, is that it casts doubt onto their automated cheat detection processes; if a MMO publisher was found to have banned players for having a zero-size file with an EXE extension somewhere their overeager cheat detection system could find, and then spent over half a year refusing very reasonable requests to look again at the data, what guarantee do we have that bans by this and other publishers are actually deserved?

Reader
zuldar

there have even been calls for firings of the developers involved

Considering the seriousness of this issue that’s seems pretty reasonable. They need to change how they handle bans and more importantly appeals to make sure this doesn’t happen again.

Reader
Patreon Donor
Loyal Patron
Schlag Sweetleaf
ANOT.gif
slashy1302
Reader
slashy1302

This is my new favorite GIF! :D

Reader
Patreon Donor
Loyal Patron
Schlag Sweetleaf

it was fun to make, quick and easy :)

Reader
Kickstarter Donor
Tandor

“we discovered”

That doesn’t appear to be the case, does it?