On the handling of the Shiny Easter Egg affair

I’d like to start by thanking Michael and the team for restoring the buffs’ permanence.

It is a great improvement on past Nexon behavior, a sign that we are being listened to and Nexon is willing to acknowledge mistakes and rectify them.

However, the handling of this mishap was less than perfect. Abusers once again got away with it, and innocent players ended up wasting their coupons just to get some use of them before they expire.

This event is over and done with. However, there are lessons to be learned from it, for the future. Here are my thoughts on them:

Prevention
Preventing an exploit is always preferable to responding to one.
One of the most frustrating things about this particular exploit, is that it used the exact same mechanism as the recent Hunter’s Club one.
There are several such methods which frequently show up in exploits and outright hacks, vulnerabilities in the game which recur over and over with new content.
It’s absurd that cheaters know exactly what kind of vulnerabilities to check for, but Nexon’s programmers and testers don’t.
Nexon needs to maintain a checklist of known exploit methods. Programmers should check their code to make sure it’s not vulnerable to any of them, and QA testers should verify that indeed none of those methods work.

Response
Of course complete prevention is not always possible. So if we find out some abuse is happening, how should we respond?
Right now, NexonNA does one of two things:
– shut the game down immediately, until a fix or block is implemented;
– allow the abuse to go on, not saying a thing about it, until a fix or block is implemented.
Very few abuses justify the first type of response, so most of the time, they are allowed to go on for a while. More and more people learn of the exploit, and more and more people abuse it, while technical solutions and possible punishments are discussed and developed.

I suggest a third course of action: disable the abusable content.
For this, the developers need to add a mechanism that will allow instantly disabling any event or new content, server-side. This would allow limiting the abuse while not shutting down the entire game.

The problem with this is that it gives warning to abusers that what they were doing is frowned upon, but gives them time to hide or use whatever they gained illegitimately, making punishment harder. More on that, below.

Consequences
So, an exploit occurred, and was blocked.
What happens to the people who benefited from it?
This is a very weak point in Nexon’s history, which reduces deterrence, because people believe they will not be punished for taking advantage of bugs in the code or the design of the game.
I believe the main reason the punishment tends to be erratic is because Nexon does not have the tools to dig through the game logs and find all the people who partook of the exploit (in our case, for example: received more than one Shiny Easter Egg in one hour on the same character) with reasonable time and effort.

The solution is clear: better tools for examining game logs, or people with better knowledge of how to use them. “Laziness” should not be a reason to let abusers get away with their abuse.

It should also not be a reason to mete out collective punishment, as happened in this case. Even if there had been no Shiny Easter Eggs leftover from previous years, it still would not have been fair to non-abusers to make their buffs expire at the end of the month, too.

(Also, a comment on the buffs from previous years: Michael has assumed responsibility for the team neglecting their existence, but that sort of thing should not be dependent on one man’s memory. It stands to reason that if a recurring event gives permanent rewards, then some people will still have these rewards from previous years. Whenever considering a change to an in-game item, it is essential to actually check – in the code and in the live server database – where this item comes from, what it does, and who currently has it).

Punishment should suit the severity of the abuse, and definitely should not always be bans. Just as courts in the real-world don’t always send convicted criminals to prison. Sometimes they only fine them. But they do always try to make sure the criminal retains no benefit of the crime (i.e., returns any stolen goods, loses anything bought with stolen money, etc). The same should happen in the game. Abusers should always end up worse off than people who did not abuse.

Communication
It is important to communicate with the community throughout the process.
– Inform us why content was blocked.
– Inform us (when you know) when it will be reopened. Discuss the options for extending events if they were closed for a significant duration.
– Inform us of the punishment (and listen if we say it’s disproportional, for good or bad).
I must say that communication this time was much better than in the past. But not perfect. After so many years of radio silence being Nexon’s way of saying “forget it”, we need continuous reassurance that we are not forgotten, or we assume the worst, and act accordingly.
Michael “could not wait for the maintenance notes to go up” and told us about the buffs’ expirations being removed a few hours early. But he could have told us earlier. If the change was installed during this maintenance, it was implemented at least a day ago, and decided on at least one day before that.
We should have been informed the instant the final decision was made.
I understand not wanting to get our hopes up before that, but there is no reason not to let us know as soon as the decision is final. Every minute could have saved someone from wasting some of their Eggs.

OK, game is up so time to post this, and hope someone will take the time to read it.

Leave a Reply

Your email address will not be published. Required fields are marked *