One of my addictions during the last year has been the fairly simple online space tactics game AstroEmpires.
Entirely browser-based, and hacked together by a bunch of Portuguese guys in what seems like a few drunken afternoons, it’s a brilliant business model — basic access is free, and a monthly ~3 euro fee unlocks additional buildings, more bases, etc.
The setup is straight HTML; bases and ships maneuver in a coordinate grid (e.g. B23:45:72:13 is server beta, galaxy 23, region 45 on a 10×10 grid, system 72 on a 100×100 grid, planet/moon 3 in the first position from the star.) Everything consists of straight hyperlinks; for example, I could paste B23:45 into the in-game message board, and it would show up as a link to that region. Combat, movement and pretty much all other aspects of the game are paleolithically basic (for example, combat is based on a constantly shifting set of formulas involving various ship values, the timing of a player’s clicks on the “attack” link and, probably, sunspots and the like.)
Due to time constraints (you pretty much need to be an unemployed hyperactive, highly bored insomniac to have any hope of competing as I found out when my latest attempt at building a fleet was bushwhacked as I peacefully slept), I’ve since deleted my account and moved on, so the following screenshot is a stock image from their tutorial. An example from Alpha galaxy, region A00:44:
Each of these systems is clickable. Systems and the entire galaxy are similar.
However, despite its simplicity, it lends itself to all kinds of “politics” (13-year-olds posturing on the game forums) and abuse of technology, including the creation of off-server base coordinate databases, greasemonkey formatting and information management scripts, auto-scouting and -playing programs that emulate browsers, etc.
While my in-game guild, unlike some others, never used “robot players”, our auto-scouter, which wrapped around Internet Explorer libraries and involved a fairly sophisticated target selection and database upload mechanism, let users specify any combination of locations to check for enemy bases and fleet strengths; a web-based database search could generate graphs, travel times, even lists of enemy player/guild capabilities in Excel format.
We ceased using this when a number of our players started being banned for using scout bots, restricting ourselves to a greasemonkey script that uploaded any information a player manually clicked on. Numerous theories were kicked around, including number of hits from a given client within a 24-hour period, failure to take into consideration a string component in the target URL for a certain planet, etc. — turns out the admins had resorted to the basic-but-annyoing trick of creating “fake” planets, invisible in maps like the above, but still present in the HTML source as links. Any scout bot unaware of this would not be able to differentiate (for example, a workaround would involve checking for the presence of one of a number of stock images for planets before following a link); the ID of the player “clicking” on this coordinate would be flagged for review.
Needless to say, the potential for abuse is pretty big, with players sending each other these links via in-game messages masked with tinyURL in order to get someone to click and be flagged as a “cheater.” This took the place of other, equally annoying tools, such as messages containing web bugs (all messages are also html formatted) in order to track players’ online times or source IPs.
The best exploit of all came in the form of a fully functional illicit auto-scouting and information formatting script widely used by AE players — most of the, I won’t say “cheaters”, but let’s call them “those willing to obtain advantage through technical means”, in the playerbase are fairly technically illiterate, prepared to install pretty much anything that will provide an advantage.
That advantage goes both ways:
On some level, you’ve gotta admit the elegant simplicity of it.