First of all, thank you for pointing out the game.
Now this is going to be off-topic, but we are in off-topic forum, right?
When reading their site I was quite interested in their "anti-cheating" measures. It seems that for certain type of games, being able to have more than one account in the same world giving an edge ("unfiar advantage") to whoever has more than one account. Interestingly, this is not a problem for World of Warcraft. I have not played pardus (yet), so I have no idea what kind of advantage they are talking about. If anyone has any experience with the game, let me know
, what you can do in pardus that you can't do in WoW that spoils the game for others.
No let's consider what pradus does to stop this. First of all the have a rule one PC - one user. They say that this rule was put in place to make automatic
bans possible. Before that it took a lot of man hours to police accounts, and this simple rule resolved it for them. But the ultimate goal is this: one physical person - one account. Compare the rule and the goal, they are not the same. I'm not sure that this goal is really achievable at all, but I'll talk about this later.
Let's think is this possible to detect two accounts being played from the same PC, if you are not relying on IP address. The first line of defence is obviously cookies. We can set cookies with user's account number and if user logs in and the account cookie does not match, we warn them and than ban them. But this is pretty easy to circumvent, just clear all the cookies before logging in and you'll be fine. Can we protect against this by checking if user has clean cookie every time they log on? Yes and no. We certainly can detect
that, but we hardly can act on this as this is not a prove that the same computer was used for playing two different accounts. When you open the game in a different browser, you cookies will be clean. Also it's not a crime regularly ran anti-malware program that kills all unapproved cookies from your browser.
The first line of defence seems also be the last. But hang on for a sec, have you ever heard about browser fingerprinting? Look at this very interesting paper https://panopticlick.eff.org/browser-uniqueness.pdf
the rough idea is that, even if you have the same browser there can be subtle changes in the meta-data that the browser sends, depending on system configuration. We can remember that, and compare different accounts fingerprints. But than again, it's quite possible that two computers has exactly the same configuration and hence the same fingerprint so you can't use this method alone and 100% reliably.
It seems that pardus thought hard about using the game from public places, such as schools and internet café's. To be able to support this, they came up with a notion of Identified account. The goal is still present, you can't have two accounts (identified or otherwise), but the rule no longer applies. If you account is identified, then playing from a PC where someone else plays from is ok and the check is skipped. This way, if you know you'll be playing on a PC other people are playing on two, you can get your account identified and be safe from the scary ban. The poor bastard without identified account that will be playing on the same PC in the internet café as you did won't.
So how do you make an account identified? a) you simply pay. If you get a premium account, it is automatically identified. b) you send them a copy of your passport or driving license. and c) you sent them an authenticated digital certificate. (To get one of those you need to pay a Certificate Authority and the authority will also require some form of ID from you). This kind of identification (apart from the paid account) makes sure that there is a unique person (as identified by physical ID) attached to each account. The paid account does not have this guarantee, but pardus thinks that not many people will risk their money should it be detected that they own two different paid account, as these will be banned once detected too.
This all is nice and good and complicated, but the real question, does this help? This all reminds me of draconian DRMs where you have to prove you are not criminal, and you, the legitimate customer, suffer, while the pirates get away with everything.
The last point is this. The goal of ensuring that one user always have one account is unrealistic. Imagine I have two computers at home. I create two accounts, and play one account from one computer and the other from the other computer. I tell pardus that the second account is my cat's. This is absolutely impossible to detect. I can prove that I have a cat, and my cat can confirm, that she is willing to give her in-game resources because she loves me. Ok, not cat. Sister. Mother. Flatmate. You choose.
So pardus, why all this annoyance if in the end you can't do anything to reach you goal? WoW is much more logical and consistent in this respect. You pay for 5 accounts and you can use them all. You can create many characters in the same world and you can trade items between them. Soul-bound items is mechanics that helps control that. It seems it is possible
to implement the same thing less... severe.