The Machines Are Taking Over

Good read, well presented, well researched and on point. Top marks, good sir.
It seems that John got greedy. A bot that placed a market order once every 2 minutes or so using a random number generator to modulate its activity probably would not have triggered any interest.Sure that cuts way down on the profit margin, but on the other hand the money is fairly clean.
when CREST opens up writable APIs, there is significant danger for bots to swarm those activitiesI don't think it is going to be that hard to figure out which APIs are dangerously bottable and which aren't. If you can make ISK by doing X, there should not be a CREST API for X. Flying a spaceship? ISK. Setting any price? ISK. So don't create CREST APIs for these.In any case, if CCP has any clue they will design CREST so that an API call can be easily disabled should it prove troublesome.
Sometimes I get the impression that EVE is a bombing range where people who write high volume trading software come to go nuts, with CCP acting as a surrogate for the SEC.
That link to Serpentine Logic was a good read. CCP should automate boring stuff as much as possible. I.e. in real markets people don't 1c each other. Rather, one can set limit orders. Limit orders would eliminate much of the profit from market bots.That's a fairly minor change, but maybe still too hard for CCP. So here's a really easy thing for CCP to do to make my life easier as a market trader: put a "Copy Price" (or just "Copy") item into the right-menu you get on market orders. If you're going to make a game where 1c-ing is a strong trading strategy, at least try to make it easier on your poor non-robotic customers.
The obvious ones are obvious, but there are still a lot of requests that land in gray zones. For a corp, asset organization, accounting, and contracting would all be valuable CREST APIs. They could be implemented in safe ways to empower "enablers", but also skirt bot territory.
All I do in-game is shoot at people, but this seems like a great and simple idea. Must be why CCP overlooked it, it's hard to iterate on common sense.
Isn't it funny how in this far far futuristic utopia called EVE, people still need to slave in mines 24/7, like during the roman empire, all these thousand of years of evolution and we still can not make mining automatized and robotized, people bot for a reason no matter what we think about right or wrong
good article .
Actually, Eve Online is a futuristic dystopia, which is why you are still slaving for a corp somewhere. Also, there's actually an in-universe reason why not everything is fully robotized. The last time they tried, they got the rogue drones. Now every drone has human supervision. No drone-usage without someone behind the table sipping Quafe and pressing a few keys every few minutes.
Classic mistake of every criminal who has ever been caught.
I know the guy and he was NOT botting ffs...

This is a guest submission by Lockefox of EVE-Prosper.

With the recent story EVE University market-bot scandal, there is a disconnect between perception and reality as to how "John" was able to do what he did. As an aspiring EVE app developer myself, I thought it my duty to shine light on the whole scandal from a 3rd party app developer's point of view. The following is a mix of editorial and all the links I could get my hands on.  

How "John" [probably] Did It

90% of the tools you would need to run an effective market bot are already fully available and publicly blessed by CCP in one form or another. EVE Market Data Relay (EMDR) provides, as they put it, "a fire hose of real-time market data", making EVE-Central's database open for live queries. If that's not fast enough, Entity has provided Reverence as the DIY option for scraping those sources locally from the client. By hooking up a cloud or local application interface into these data sources, you too could have up to the second market data as it becomes available... and you thought spreadsheets were serious business?

Though I still believe it would be tough to match the boasted metric of changing orders at a rate of 30/minute, I do believe you could build an app that ties in a suite of keyboard macros with a EMDR fed app. (This would probably put you in Sreegs' crosshairs, though.)

Where did "John" cross the line? I believe in two places. First, anything that is writing data into the game by code puts you in bot territory. Though some small amount of click/macro automation is expected and sanctioned, it's pretty clear the rules are "inputs should come from humans". The second half of the problem is in the sheer volume of inputs achieved. There are reasonable maximums that can be achieved by humans. If your method puts you outside the 95th or 99th percentile for a particular trackable game activity, you will get investigated for botting.  

The EULA is pretty clear here: 6.A.3:

You may not use your own or any third-party software, macros or other stored rapid keystrokes or other patterns of play that facilitate acquisition of items, currency, objects, character attributes, rank or status at an accelerated rate when compared with ordinary Game play. You may not rewrite or modify the user interface or otherwise manipulate data in any way to acquire items, currency, objects, character attributes or beneficial actions not actually acquired or achieved in the Game.

It doesn’t matter if you alter the game client like Jitonomic, or just make a point-and-click bot, both are over the line. As many have pointed out, Sreegs' word is law, and EVE's servers are a dictatorship. Precedence and law will have no power in your defense. Once the ruling is made, you’re S.O.L.

Reactions To the Perceived Problem

This isn't the first time cache scraping has been in the spotlight. The bitterest vets here might remember Bacon; a tool that scraped local channel feeds and sent alerts when people entered systems. This became the ultimate AFK tool, and was ultimately destroyed by removing the hooks it used and a stern finger waggle from CCP. Credit to Winterblink for Warp Drive Active if you really want to know the story of Bacon.  

"Cache scraping enables bots!  CCP should fix it!" you might shout.  But cache scraping is only a tool, "and as with any tool, it can be used for evil as well as good" (Entity). If you use EVEmon, or Goonmetrics, you're already using a cache scraper every time you open the market window in-game. Say hello to contribtastic, the workhorse that feeds EVE-Central/EMDR. Also, the client’s IGB hooks allow tools like market scanning to be run on demand. The reason EVE-Central has such a high quality feed is they are processing the market data seconds after it becomes available, through a network of completely voluntary and transparent background apps.

"CCP should host the market API themselves!" would be the next most common cry. Some developers, like Fuzzysteve over at Fuzzworks, have put forth proposals (TL;DR: CCP should host EMDR-like service), but in my opinion this trades the devil I know for the devil I don't. I am especially concerned with the alarmingly regular rate the EVE API servers kill 3rd party apps. Also, the last rumor I heard through my fellow developers was that CCP can't or won’t host the live market data for fear of toppling the in-game market, though without sources that is only hearsay. Lastly, there is also a philosophical debate of "how perfect should data be?" - but that is a topic for its own article. My feeling on a CCP hosted market API is: it sounds like a lot of work to replace something that is already adopted as “standard”, and very easy to do wrong. A poorly implemented substitute for market feeds would be devastating to 3rd party apps.  

The major lesson I do hope CCP takes away from this scandal is the razor-thin line they walk with CREST. Though most feeds are benign, and there are some places game design might be improved by 3rd party developers, it's only a hair's width to BOTS Online. It's a precarious path that CCP walks to enable players to automate away the grindy work that "turns people into robots" without squeezing humans out of actual gameplay. No one would want to play EVE against real market bots.

What the 3rd Party Devs Say

As is constantly pointed out, if you're waiting to play until CCP fixes something, you're gonna have a bad time. This is especially frustrating for developers, since the API has consistently been a minimal priority. Thankfully, the last year or so has seen the slow solidification of CREST thanks to CCP Seagull, though the addition of more powerful feeds is still a long way off. Secondly, having a high quality market feed like EVE-Central is a foundational pillar of the 3rd party developer community... and I can tell you first hand how hair-rippingly maddening it can be to try and manage any serious market/trade/industry operation without an automated price feed. My personal TL;DR is: READ access is largely benign, immensely useful, and largely sanctioned or even directly supported by CCP. The danger is WRITE access is by and large forbidden, and even when CREST opens up writable APIs, there is significant danger for bots to swarm those activities.

Blake Armitage over at K162space adds his own worries about CREST development.

I have heard the community and several CSM7 cry out for a implementation of a write API in the new CREST system and I feel like they are not grasping the full extent of what the 'write' portion of the API could bring to the game. Having the ability to interact with the universe without the use of the Eve client will mirror the issues that we face with nuclear technology in the modern world; used for good we can generate massive amounts of cheap power while the evil side heralds apocalyptic seriousness for the entire world. The ability to adjust and distribute ship fittings, send evemail, and modify standings would vastly enhance mobile and web based application while the darker side of the coin of API based market automation could obliterate the games market dynamics. CCP will be walking the fine line with the new CREST system and fervent 3rd party developers such as myself will be carefully watching.

Other Resources

About the Author

Lockefox is a die-hard industrialist and black belt spreadsheet master. Currently developing a large-scale, cloud-based, industry tool called Prosper. He can be found in the #tweetfleet as @HLIBindustry.

AKA Alikchi. Traitor, hater, ganker, idiot. Follow me at @alikchialeika.