Thanks. I don't think unmentionable is related. I think unmentionable allows scammers publish the keys, which they purchase (not fetch) using criminal payment. Because one can't detach a gift from account en-masse on GOG.

The method will stop working when GOG stops requiring captcha for every key or introduce something that disallows non-buyers from attaching gifts.

I don't care if I am the only one using it. :) Its so easy to do and if it miserably fails, everyone will still have a good laugh. :)
(grabs some coffee)

thanks inbefore!

I have a Huawei modem.

I put them in an image cut the image in half and then make the users unscramble the image.. at most in 4 sections... bots dont know MS paint so ^_^

I had that happen to me once within the last year also. It was during one of the big mega sale promos, possibly the Summer sale or the one before that, I forget. I'm a heavy browser user and when I am on the GOG site I open a new browser tab per-thread, one for the homepage, another for my library, etc. Basically almost every page load goes to a new tab, and I guess when GOG's server is under load and you open 10 pages within a short time it freaks out. :)

Hmm no, I have 3 tabs open, and barely using them. The only tab with that message is the redeem page, which I went only to check if a key I entered in would require me to confirm I'm human before telling me if it's used/valid/etc.

edit: why isn't my comment posting?


edit2: finally shows up. Cleared duplicates...

I think it's retaliation for your InfoWars thread.

Out of curiosity i typed some random bullshit into the redeem page.

It actually worked, game was already redeemed though.

Should I play the lottery next?

I'm also pretty sure gog's captcha can be easily solved by most bots without any "botmaster" throwing pennies at the screen.

CD07 FG94 DE71 SI28 RU71.

No, you're missing the point. What is the actual point of doing all of this? Is it to cause harm to people running a bot or bots that eat up codes? Is it to force them to stop using bots?

Even if 10000 bogus codes were posted per hour here, the only thing that it would result in would be pissing off everyone who uses the forums with yet another stupid annoyance that serves no real world value. It would not in any way harm anyone running a bot, nor cost them any money whatsoever. In the best of circumstances it would not harm Steam nor GOG either assuming the rate of code redemption attempts is lower than whatever thresholds are in place to mitigate attacks. The net effect in that case is that for flooding the forums with bogus codes it causes more harm to the community in being annoying and has no effect whatsoever on harming the bot operator, and no effect at harming Steam or GOG. It would not stop them from running a bot, and most likely the bot operator wouldn't even notice anything happened at all.

The next stage which is predictable, and possibly has started now already is that people who do not want to see malicious vindictive behaviour become a part of the way problems are resolved in a civil forum start to complain about it because they feel it is annoying and/or harmful to the community and not the right way to behave. This causes a conflict with the people who don't give a shit and want to lynch mob people who run bots. Neither side is willing to change their minds about it and go ahead and do whatever the please anyway.

Tensions escalate and complaints are made to GOG.com over the issue. GOG may ignore the issue at first, but eventually it turns into a World War III type argument over stupid shit, much like what happened in the old Ninja thread. The community becomes more divided over the issue and things continue to escalate.

GOG steps in and agrees that this kind of behaviour is not civil and that people should stop this immediately. They issue warnings to the people who seem to be the most disruptive and request others please stop doing this. They lock down the thread(s) where the most heated words are being exchanged. Hopefully they don't end up having to make any heads roll to make a point.

Some splinter threads start up where people bicker about it all but with reduced hostility. The conversation eventually dies down about it over the coming days/weeks/months or however long remaining people want do drag it out.

Nobody learns anything from the experience, and gets ready to prepare for the next bad idea to come along down the road.

Problems that are caused by abusive and/or anti-social behaviour within a community do not get resolved by initiating more abusive and/or anti-social behaviour with disregard for the collateral damage that may be caused to others.

In the best case it will cause little to no harm and have no actual results at reaching any end goal (if there even is one), and in the worst case it will cause disruption to the community which either gets settled in the community by the community on its own, or GOG will step in and end it. The one thing I can almost practically guarantee wont happen - is it wont stop people from using bots to claim randomly dropped legitimate codes in the forums, and therefore it is a waste of time.

I don't care what others decide to do but I certainly wont participate in it, and I'm sure I'm not alone in thinking this is a very bad idea.

I wonder... if not us, what if GoG decided to poison the pond?

Hear me out a second. I'm not saying posting thousands and thousands of codes. I'm suggesting specific codes that have... something attached to it. Just a few codes, maybe 10.

This came to mind to me for credit card and identify theft where the FBI/CIA/DHS or other would generate a fake set of identification, and then give them to people to intentionally get 'caught' by scammers via email and other. When that information is tried to be used however, they instead raise a flag and use it to catch either those that used it (sold to) or follow the email and transactions (via credit card) to freeze or shut down accounts directly now suspected of involvement with scamming.


Now, the idea goes the same way. A scammer uses a bot, but has to identify what the game is, so they enter it in, but when they do it won't let them unless they are logged in. If they are logged in, presto! Locks their account! Now assuming they sell it to G2A, those people will have to explain why they had a bogus code bought on G2A, and in theory they could have their account unlocked but follow a 3-strikes-you're-out rule where they are told very clearly that G2A and other sites don't have valid keys and to complain to G2A and get their money back.

Now obviously this could be abused, so after a short time or say 10 attempts of the key being used and locking accounts (or say 2 weeks?), it gets deactivated and is considered used, so they can't get a bogus key and then try to trade with it, and having people getting locked out for seemingly no good reason.

Will this solve the problem? No... However for the immediate unexpected result during the first couple days, could have interesting effects either identifying spammers/scammers/botusers, locking them (preferably with actual libraries) out.

You must really have a lot of free time on your hands?

I had this idea YEARS ago...

Oh I have no doubt whatsoever you did.

GOG would have no incentive reason to do so, and it would additionally be disingenuous display of lack of trust to the community along with having ample room for false positives. It wouldn't prove that anyone redeeming a code was doing anything wrong at all, and would cause more innocent people's accounts to get locked out and have ill will toward GOG for the wonderful experience than any number of "bots" that might exist.

This is really a complete non-problem and nothing needs to be done about it at all. GOG has millions of customers, a few hundred to few thousand use the forums, and maybe 1/2/5 or maybe even 0 run bots. If there are actually anyone running a bot or script doing this - and for the record I believe that there are at least one or more people likely doing that however I don't think that anyone has any solid concrete proof of it, what is the actual consequence to GOG.com as a company of this? What is the actual harm caused to the person who offers the code, and what is the harm to the community of the so called alleged bots?

Well, the number of codes that might get posted in the forums on a given day is really small. The Ninja thread is probably where most of them appear and it goes for days on end without any codes posted in there, or where people have obfuscated the code in some way. Some of the obfuscation people use is likely difficult to reliably de-obfuscate while the odd one is probably easy to handle. For the sake of argument lets say that the bots are simplistic in nature and only deal with non-obfuscated codes. How many codes are posted in the forums on a given day deobfuscated? Well, I don't know the number personally and well for someone to actually know for sure they would probably have to write a bot to traverse the forums looking for codes, and if they did that well... they would probably be running a bot too rather than telling everyone. :) So I do not know the actual answer to this (I don't have such a script nor desire to bother or care), but lets just make some numerical estimates.

Lets say that on a given day, 100 codes are posted here spread throughout the forums and that the bot logic somehow was optimized to find them with the least number of web queries so it wasn't upsetting GOG's servers with too many requests. From my personal observation over 4 years time, and I'm sure everyone would agree - the majority of codes posted in the forums with or without obfuscation are Steam codes, and the minority are GOG codes.

What incentive would GOG have to even remotely care the slightest bit if people post Steam codes in their forums at all? I postulate that GOG cares less than zero about that so long as it is not causing a disruption to their service nor causing them more work. From observations here I do not think that this causes GOG any work and therefore I don't think they remotely care.

What about GOG codes posted here? Well, they're all bought by someone somewhere sometime, and so GOG already has their money for those codes. I don't think GOG has any reason to care who people gift those codes to after they buy them by means of sharing them openly in the forums. I say that because GOG is well aware that people openly share and trade their games in the form of codes on their forums and if they disapproved of this, then they would have moderated the forums and posted rules disallowing the practice entirely by now. It seems quite clear that GOG doesn't care who you give your GOG game codes to, whether you know them or not, whether you give them directly to a specific individual, or to a random stranger, or dump them for some unknown thing to swallow up. In the end, they already have their money whether the code ever gets used or not, and if it does get used, it has practically zero impact on them and their business.

What if every single code was swallowed by a bot that went and sold them to G2A who turned around and made a profit off of it? Well, we don't know that is the case first of all, and even if it was, people who want to sell codes on G2A have dozens of other much more profitable ways to acquire them in much higher volume than polling the forums with a javascript program to scoop up all of the games nobody actually wants which they could sell for peanuts if they're lucky. Even if they did do this, it is 100 games, games GOG has already been paid for anyway. There are probably 10,000-100,000 or more times that many GOG games likely pirated on torrent sites etc. every single day which are a much bigger dent on GOG's bottom line than some script kiddie swiping paid for codes for what are mostly games people just want to get rid of, and which are often the least popular ones.

The net effect is incredibly miniscule at absolute best.

So basically, GOG would suddenly start caring about something that loses them little to zero money every day and allocate resources to trying to combat a problem that doesn't affect their actual business or profitablility, possibly putting time money and developer resources into it, to try to honeypot frame people who aren't actually breaking any laws even if they might be doing something that annoys some small number of people in the forums and more or less has no other real consequence? Again, with most of these codes actually being Steam codes...

So then they're going to detect these people and disable their GOG accounts as punishment for something GOG doesn't likely even care about, and without any way to distinguish between an actual bot/scammer and an actual real customer who just happens to decide to try one of these honeypot codes themselves anyway - because it will happen. So, every day or few days one or 10 or 50 random customers finds one of these codes, has no idea what it is, doesn't read anything posted, tests it and finds they are now the latest victim of the GOG mega-anti-bot sting operation, which swoops in and shuts their account down? The customer wonders WTF and is pissed like mad about it... "How should I know???" and for what real consequence?

It's really hard to buy where such a scenario would provide any benefit to anyone, all simply because a very small subset of GOG's customer base possibly amounting to 10/50/100 people max get irked when a bot steals a code that someone posts in the forums?

It's reads like some kind of strange movie plot perhaps, but I don't think it works out in reality because the likelihood of GOG remotely caring about this trivia is extremely small. To GOG, and to even the majority of GOG customers, nobody cares if bots steal game codes in the forums, there is no real consequence to that. Sure, it pisses some small number of people off, and sure some bad guy might get off with some goods, but as shitty as that is, it is meaningless noise in the grand scheme of things.

People can devise schemes to "stop the bots" or "seek revenge on the bots" until the cows come home, but it's just not going to happen. It would be like the public devising a scheme that is going to foolproof stop all trolling on the Internet, or all bullying, or all negative comments on Youtube videos. Or someone coming up with a scheme to make sure all video game companies never lie again about the features that will be in their next game.

Bots stealing codes are just an annoying fact of life like one of 1000 other things nobody can ever do anything about. If someone wants to impress me, how about coming up with a way to stop call centres in India and Pakistan from calling my home telephone every day and trying to scam me with a credit card or Microsoft tech support scam. Same thing - annoying as hell. Absolutely nothing you can do to stop it. Best thing is to ignore it and move on.