Bots in PartyPoker's 6-max Limit games?

[Grim Rapper]

Cheating has always been a part of poker.

That's part of pokers charm.

Learn to accept it, or go play bridge with the ol' folks.

[PLOlover]

As far as the can't rely on trust issue and the insecurity stuff, let's take live casino blackjack.

Live casino blackjack has a shuffling machine. I cannot know for certain that it is not being manipulated in some way. Just like I cannot know for certain that online the muck is forgotten or the other 3 points.

Yet casino auto shuffler blackjack exists and is licensed in L.V.

What am I missing?

[RayBornert]

[ QUOTE ]
[ QUOTE ]

1) the muck is no longer guaranteed to be forgotten
2) sites do not prove their deck selection is random
3) players cannot physically see other players (nor the site)
4) cant prove that the server isn't colluding with a player

[/ QUOTE ]

As a computer programmer and software manager for over 20 years I disagree with the conclusion that points 1,2, and 4 are unsolvable on the internet.

Software can be verified and "branded" for want of a better word. The verification consists of a line by line code review of all software code and build processing pseudo-code. The executable that is running can be examined for this "brand" to see that the already verified software has not been modified. Access of the running programs and the host operating system would have to be made available to the certifying agency on a 24/7 basis (so they could continuously verify that the running software is indeed the certified software). The verification of the software would have showed that inside of the encrypted messages sent to players the program was not shipping anything extraneous to the game, that it was using randomly generated cards, and that the muck was indeed being discarded. This would be very expensive of course and make upgrades prohibitively expensive as well.

Point 3 is of course not solvable even with cameras and microphones - though I agree that the introduction of cameras alone would be untenable to almost all internet players. Collusion could still occur with 2 or more players in the same room out of each others' camera sightlines. As for bot recognition, the "bots" themselves would eventually be actual robots sitting at the terminals looking exactly like humans - thus necessitating the anal probes.

But - here is what I don't get. Even at casinos who can see all players at the table, collusion can occur and it is actually more difficult to detect than on-line because of the lack of hole card data. In a world championship bridge tournament scandal in the late 1960s or early 1970s the Italian team (I believe) signaled suit preference for leads by looking in a particular direction when it was time for their partners to lead a card. In poker it would be similarly easy to get a "partner" to bet or raise by looking in a particular direction or by making innocuous hand signals as the MIT "Bringing Down the House" crew did. Similarly, hole card data could be requested and then transmitted.

And why is item 4 not a live issue as well? Dealer collusion with players is very hard to detect. And is likely to be caught only in retrospect after viewing film if at all. Similarly, a dealer could (with lots of practice) "gravitate" a single card to an individual player assuming that auto-shufflers are not being used - which goes to point number 2 as well.

[/ QUOTE ]

rick,

hole 1: is solvable only if the muck is published.

there is no way to prove that data from a database
has not traveled. branding will not work because
there is no way to guarantee that the branded software
in question is running on any given server; i agree
with you that source code can be reviewed and that
an assertion can be made that the source code as
examined is clean; however, there's no way to prove
that the operator will continue to use that source
code; (he could have a black copy that gets used
instead); it's the same idea in computer science that
says that you cannot prove that a given program does
not have bugs.

you must publish the muck if you want to get rid of the
"good faith" security requirement.

hole 2: is solvable with player determined shuffling
(this can be proven on paper)

hole 3: is not solvable without bringing the public
into private homes via some obtrusive mechanism. the
internet is about playing from a private home (that's
the main attraction). privacy issues trump all here
including any live b&m game mechanics that need to be
physically policed.

your live b&m example isn't a fair comparision because
the games have what is known as an acceptable level of
policeability - also known as the "many eyes" security
strategy.

i know that you're attempting to use the features of the
live game as some kind of precedent but the facts are that
it's much easier for a game server to collude with many
many players than it is for 1 dealer to collude with 1
player. so whatever you're attempting to demonstrate
from the live game has no comparable scope in the online
game.

hole 4: is not solvable in an internet context. period.

************
imagine you're sitting at a live b&m table
everything is normal except that the dealer does
not deal you cards. he shuffles the deck yes and
then he looks at the deck (and memorizes the first
20 cards perfectly) then he gets out of his seat
and walks to each player beginning with the small
blind and whispers in their ear what their cards
are; then he takes his seat and the rest of the game
proceeds as normal.

what i just described to you is the typical internet
game. the main difference is that in my example the
dealer (i.e. the server) has complete knowledge of
the deck; yes it's possible for the dealer to tell each
player only their cards but nobody at the table can
prove that if the whisper is entirely private.

the dealer could be telling any player the entire deck;
or the deck from the previous hand(s) (the muck)
or the decks for the next 20 hands assuming the dealer
is that good to know how he'll shuffle.

the only way to prove that the dealer didnt cheat is
to listen in on the channel but then the card info
cant be private.

ray bornert

[RayBornert]

[ QUOTE ]
As far as the can't rely on trust issue and the insecurity stuff, let's take live casino blackjack.

Live casino blackjack has a shuffling machine. I cannot know for certain that it is not being manipulated in some way. Just like I cannot know for certain that online the muck is forgotten or the other 3 points.

Yet casino auto shuffler blackjack exists and is licensed in L.V.

What am I missing?

[/ QUOTE ]

you're failing to see the seriousness of the police work
that went into securing that shuffler. nevada has the best
gaming police in the world.

if you want to understand why it's secure then you can
get access to the information. contact the nevada
gaming control board.

ray bornert

[RayBornert]

[ QUOTE ]
Ray-
How widespread is it at FT / ABS / Stars / WSEX / UB?
What limits

[/ QUOTE ]

that's impossible for me to answer because i dont have
a gods eye view of the online game. ft, stars and ub are
standard wh supported sites and there are uniscraper
profiles for wpx; wpx is very popular because of the
free rake feature. not sure about abs.

as far as i know there are wh'ers that have tried every
limit that exists (not kidding). they are typically very
quiet about results either because they're embarrassed that
they're losing still (winning is not easy) or they really do want everyone to think they're losing.

most of bot building is about going down dead alley's for
about 5 months or more while you're learning what does not
win; many give up before this when they realize that the
job of building a winning bot is harder than writing a
holdem book.

ray bornert

[Mr Rick]

[ QUOTE ]
there is no way to prove that data from a database
has not traveled. branding will not work because
there is no way to guarantee that the branded software
in question is running on any given server;

[/ QUOTE ]

I will get back to you on this. I will find out from a colleague who told me about this, if this was done in a real-time or batch only environment. He mentioned to me that this was not done in the Ohio elections in 2004 though it could and should have been. That was a real-time application but the servers were captive (i.e., under surveilance before during and after the elections). His real life example though - which I can't remember right now - indicated to me that this could be done in a real-time environment. That is why I stated that the verifying agency could monitor the "branded" executables while they were running if they had access to the hosts and their operating systems.

[PLOlover]

[ QUOTE ]
you're failing to see the seriousness of the police work
that went into securing that shuffler. nevada has the best
gaming police in the world.

if you want to understand why it's secure then you can
get access to the information. contact the nevada
gaming control board.

[/ QUOTE ]

So then you agree that in principle at least a governing/certification body would be able to certify online poker?

[RayBornert]

[ QUOTE ]
[ QUOTE ]
you're failing to see the seriousness of the police work
that went into securing that shuffler. nevada has the best
gaming police in the world.

if you want to understand why it's secure then you can
get access to the information. contact the nevada
gaming control board.

[/ QUOTE ]

So then you agree that in principle at least a governing/certification body would be able to certify online poker?

[/ QUOTE ]

depends on the gaming jurisdiction and whether or not they
will certify games that have "good faith" security requirements.

my understanding is the the nevada gaming control board
has never certified a game that had a "good faith" security
requirement and thus they would never certify an online
holdem server because of item 4 already mentioned.

obviously costa rica and the kgc in canada will certify
an internet holdem server. but that does not mean the
game is secure.

ray bornert

[Sniper]

Ray,

1. Why couldn't a "certifying agency" sniff server-client traffic to confirm that all players are only receiving their own card info?

2. If you are suggesting that this could be bypassed in some way, why would this be any different in a LAN environment?

[RayBornert]

[ QUOTE ]
Ray,

1. Why couldn't a "certifying agency" sniff server-client traffic to confirm that all players are only receiving their own card info?

2. If you are suggesting that this could be bypassed in some way, why would this be any different in a LAN environment?

[/ QUOTE ]

in a typical internet server, the messages leave the port
of the network card in an encrypted state. if you put a
sniffer on the line it will see encrypted data and hopefully
it wont understand a thing otherwise the encryption is useless.

the pbwc will use a lan with non encrypted protocol.
this isn't an issue on a controlled network because
each laptop will only see the traffic intended for it.
everyone in the room will be able to eyeball the lan
cable from the laptop to the table router.

the sniffer would sit next to the server and listen to
all traffic to/from the server and record it. a post
diagnostic program can then be run to prove that there
was no undefined info in the data stream.

ray.