Oh, was that the concern? I wouldn't have worried about that in the first place. I thought people were just annoyed at alleged bots entering whatever giveaways were available, which a person could easily just do themselves. This makes more sense to be concerned over, at least. Thanks for clarifying.
Comment has been collapsed.
"Private giveaways would obviously be the only giveaway worth trying to crack."
If someone is entering for the sole purpose of financial gain, public entries would be ideal. Based on this...
"automated scripts are highly improbable after the unique five character giveaway code was switched to case sensitive."
Might I point out that automation would in fact really be extremely simple?
Whilst knowing 4 / 5 answers in a puzzle giveaway and being totally stumped on the fifth after extensive Googling, I did what many do - Brute forced the final character. As I was feeling creative at the time, I coded an app to do just this for me, and it worked. At this point, I considered the possibility of automating site entries, but decided not to, as it would simply be morally wrong.
Comment has been collapsed.
This is a highly hypothetical situation. I'm not going to argue about this happening, because obviously it was far more probable when the unique characters of the giveaway link weren't case sensitive. People can waste all the time they'd like to enter giveaways, but we've never seen a legitimate concern raised except "it could happen" or "people can do it". Brute forcing private giveaways has never really been a worry, yet we still check on it happening. Trying to work on a "honey pot", per your original suggestion, wouldn't be worth the effort considering the admin would already see this activity.
In regards to your last point, if you know the first four characters of a giveaway, you don't need an app for the fifth. You can do that one by hand. If we increased the difficulty, but you still knew 4/5 or 5/6 of the answers for a puzzle, you would still be able to do this by hand. In this context, resorting to a script is lazy. If you only knew 2 or 3 characters of the 5, that's an entirely different story. Best of luck getting through before the puzzle ends.
Comment has been collapsed.
Assuming slow internet, opening every potential hit:
3 / 5 - Completed in 62 minutes at a rate of 1 / second
2 / 5 - Completed in 75 hours at a rate of 1 / second
This would be perfectly acceptable for most puzzle giveaways :p
Related to my program, I did it more for coding practice than practicality. I actually had some issues with the automation (accidentally added a guess as an actual character resulting in a 6-char brute which obviously failed), and an invalid check (Resulting in 100% failure rate) - I'm surprised my infinite loop when I jogged off to the bathroom didn't trigger anything :D
Comment has been collapsed.
We could start temporarily disabling connections to SteamGifts if our site detects more than a few concurrent connections over a certain amount of time from one location. I think this is more fitting than your suggestion. This would be a pretty pessimistic change introduced to the community, but it's a solution more suited to what you're discussing.
Comment has been collapsed.
"Whilst knowing 4 / 5 answers in a puzzle giveaway and being totally stumped on the fifth after extensive Googling, I did what many do - Brute forced the final character. As I was feeling creative at the time, I coded an app to do just this for me, and it worked. At this point, I considered the possibility of automating site entries, but decided not to, as it would simply be morally wrong."
So in other words, because YOU gamed the system (for one letter) EVERYONE ELSE does too, right?
In your reply to lokonopa's post you prove how unfeasible bruteforcing the URL actually is. It would take 3 days to guess 3 of the characters if you're given two of them. Given the rate you provided, I would guess something like 2 months for 4 letters and 6+ years for all 5.
Sure, automated scrips would help in the scenario you mentioned, where you have at least 3 of the letters for a puzzle (private) giveaway... but that would be it.
Comment has been collapsed.
Hold on, you passed the Turing test?
If so, no bot. We've got artificial intelligence.
Comment has been collapsed.
I was never worried about this at all.
keep up the good work
Comment has been collapsed.
Have you ever thought that the ideas had already been thought out and having it actually come to life would cause more problems?
Comment has been collapsed.
What better solution than someone actually trying to crack it by the use of a script? if someone is willing and has the knowledge, then do it, post the results to support, and the matter will be closed i guess.
Comment has been collapsed.
I was wondering about that thread.
With the points limitation and high variety of games on the site, there's really no reason to have a bot entering the public giveaways...unless the list of allowed giveaways was very specific. Even then, it'd only be worth preventing from a site load point of view, if it was hurting you guys...it wouldn't really give the user a higher chance to win than anyone else.
If you're checking for brute force or infiltration of private giveaways, despite it not being something realistically happening, that's more than enough.
Comment has been collapsed.
Someone leaking the private URL/Alt accounts is by far more likely than having a bot crack it.
That said I have had a single case of someone leaking one of my private giveaways (as I knew who I was giving the URL and the person who won it did not recieve it). It was just a simple matter of having the private giveaway rerolled by a mod and the problem was fixed. This is the solution (albeit annoying) to any leaks or bots.
Comment has been collapsed.
1 Comments - Last post 28 minutes ago by WaxWorm
17 Comments - Last post 1 hour ago by reigifts
1 Comments - Last post 1 hour ago by lostsoul67
69 Comments - Last post 1 hour ago by Moogal
85 Comments - Last post 2 hours ago by RowdyOne
27 Comments - Last post 3 hours ago by Luacs
57 Comments - Last post 6 hours ago by LordHamm
80 Comments - Last post 5 minutes ago by Ad4m
888 Comments - Last post 14 minutes ago by Vini1
40 Comments - Last post 16 minutes ago by Boro666
8,041 Comments - Last post 19 minutes ago by q0500
16,809 Comments - Last post 25 minutes ago by cpj128
23 Comments - Last post 38 minutes ago by Microfish
61 Comments - Last post 41 minutes ago by Zarddin
I was going to leave a comment in this suggestion thread, but it would have probably been lost in the bottom after 30+ comments.
We've been saying this for months: automated scripts are highly improbable after the unique five character giveaway code was switched to case sensitive. We have never seen any substantial traffic coming from any location or account in particular that would lead us to believe that scripts like this are actually effective.
This is something the administrator looks into from time to time and has never seen any suspicious activity of this nature. Having been aware of this potential issue for a long time, anyone using these scripts would be simply wasting computing power and bandwidth. Don't forget that private giveaways are obviously private, and people tend to notice when their giveaways have been leaked.
To get a little technical, a member has to first be part of the particular group to see a group giveaway they've stumbled upon. Private giveaways would obviously be the only giveaway worth trying to crack. The odds would be extremely low for someone cracking into a non-group, non-public, non-expired giveaway out of almost one billion potential links. Hence, it's highly improbable that these scripts are effective.
If you would like to voice your concern in regards to perpetuating this almost unfounded worry, we would appreciate members coming to us in private first before possibly driving up fear in the community. If cg and co. believed this to be an effective method to gain access to ongoing private giveaways, he could easily increase the difficulty of this task by more than a few billion. Literally.
-best regards
Comment has been collapsed.