With the recent story EVE University market-bot scandal, there is a disconnect between perception and reality as to how "John" was able to do what he did. As an aspiring EVE app developer myself, I thought it my duty to shine light on the whole scandal from a 3rd party app developer's point of view. The following is a mix of editorial and all the links I could get my hands on.
How "John" [probably] Did It
90% of the tools you would need to run an effective market bot are already fully available and publicly blessed by CCP in one form or another. EVE Market Data Relay (EMDR) provides, as they put it, "a fire hose of real-time market data", making EVE-Central's database open for live queries. If that's not fast enough, Entity has provided Reverence as the DIY option for scraping those sources locally from the client. By hooking up a cloud or local application interface into these data sources, you too could have up to the second market data as it becomes available... and you thought spreadsheets were serious business?
Though I still believe it would be tough to match the boasted metric of changing orders at a rate of 30/minute, I do believe you could build an app that ties in a suite of keyboard macros with a EMDR fed app. (This would probably put you in Sreegs' crosshairs, though.)
Where did "John" cross the line? I believe in two places. First, anything that is writing data into the game by code puts you in bot territory. Though some small amount of click/macro automation is expected and sanctioned, it's pretty clear the rules are "inputs should come from humans". The second half of the problem is in the sheer volume of inputs achieved. There are reasonable maximums that can be achieved by humans. If your method puts you outside the 95th or 99th percentile for a particular trackable game activity, you will get investigated for botting.
The EULA is pretty clear here: 6.A.3:
You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game.
It doesn’t matter if you alter the game client like Jitonomic, or just make a point-and-click bot, both are over the line. As many have pointed out, Sreegs' word is law, and EVE's servers are a dictatorship. Precedence and law will have no power in your defense. Once the ruling is made, you’re S.O.L.
Reactions To the Perceived Problem
This isn't the first time cache scraping has been in the spotlight. The bitterest vets here might remember Bacon; a tool that scraped local channel feeds and sent alerts when people entered systems. This became the ultimate AFK tool, and was ultimately destroyed by removing the hooks it used and a stern finger waggle from CCP. Credit to Winterblink for Warp Drive Active if you really want to know the story of Bacon.
"Cache scraping enables bots! CCP should fix it!" you might shout. But cache scraping is only a tool, "and as with any tool, it can be used for evil as well as good" (Entity). If you use EVEmon, or Goonmetrics, you're already using a cache scraper every time you open the market window in-game. Say hello to contribtastic, the workhorse that feeds EVE-Central/EMDR. Also, the client’s IGB hooks allow tools like market scanning to be run on demand. The reason EVE-Central has such a high quality feed is they are processing the market data seconds after it becomes available, through a network of completely voluntary and transparent background apps.
"CCP should host the market API themselves!" would be the next most common cry. Some developers, like Fuzzysteve over at Fuzzworks, have put forth proposals (TL;DR: CCP should host EMDR-like service), but in my opinion this trades the devil I know for the devil I don't. I am especially concerned with the alarmingly regular rate the EVE API servers kill 3rd party apps. Also, the last rumor I heard through my fellow developers was that CCP can't or won’t host the live market data for fear of toppling the in-game market, though without sources that is only hearsay. Lastly, there is also a philosophical debate of "how perfect should data be?" - but that is a topic for its own article. My feeling on a CCP hosted market API is: it sounds like a lot of work to replace something that is already adopted as “standard”, and very easy to do wrong. A poorly implemented substitute for market feeds would be devastating to 3rd party apps.
The major lesson I do hope CCP takes away from this scandal is the razor-thin line they walk with CREST. Though most feeds are benign, and there are some places game design might be improved by 3rd party developers, it's only a hair's width to BOTS Online. It's a precarious path that CCP walks to enable players to automate away the grindy work that "turns people into robots" without squeezing humans out of actual gameplay. No one would want to play EVE against real market bots.
What the 3rd Party Devs Say
As is constantly pointed out, if you're waiting to play until CCP fixes something, you're gonna have a bad time. This is especially frustrating for developers, since the API has consistently been a minimal priority. Thankfully, the last year or so has seen the slow solidification of CREST thanks to CCP Seagull, though the addition of more powerful feeds is still a long way off. Secondly, having a high quality market feed like EVE-Central is a foundational pillar of the 3rd party developer community... and I can tell you first hand how hair-rippingly maddening it can be to try and manage any serious market/trade/industry operation without an automated price feed. My personal TL;DR is: READ access is largely benign, immensely useful, and largely sanctioned or even directly supported by CCP. The danger is WRITE access is by and large forbidden, and even when CREST opens up writable APIs, there is significant danger for bots to swarm those activities.
Blake Armitage over at K162space adds his own worries about CREST development.
I have heard the community and several CSM7 cry out for a implementation of a write API in the new CREST system and I feel like they are not grasping the full extent of what the 'write' portion of the API could bring to the game. Having the ability to interact with the universe without the use of the Eve client will mirror the issues that we face with nuclear technology in the modern world; used for good we can generate massive amounts of cheap power while the evil side heralds apocalyptic seriousness for the entire world. The ability to adjust and distribute ship fittings, send evemail, and modify standings would vastly enhance mobile and web based application while the darker side of the coin of API based market automation could obliterate the games market dynamics. CCP will be walking the fine line with the new CREST system and fervent 3rd party developers such as myself will be carefully watching.
- My own tool development blog Prosper, plus my more direct reactions
- Funkybacon’s posts on the scandal: Part1, Part2
- EVE-ID: A resource for aspiring 3rd party developers
- Bagehi’s opinion piece on the EVE University scandal
- Special thanks
About the Author
Lockefox is a die-hard industrialist and black belt spreadsheet master. Currently developing a large-scale, cloud-based, industry tool called Prosper. He can be found in the #tweetfleet as @HLIBindustry.