On Duping...

Let me start of by saying that if duping exists in Diablo 3, it will kill the game. I don't think that's an exaggeration. You may think to yourself that it won't be so bad because Diablo 2 is still popular and duping there has been going on forever, and in large amounts. While that may be true, duping in D3 will bring Blizzard to its knees. For one thing, a Real-Money Auction House (RMAH) opens the doors to lawsuits when the provider of the in-game currency (Blizzard) allows for mass counterfeiting.

Duping also destroys the integrity of the game. How excited would you be to get an ultra-rare Eaglehorn drop when dupers are selling them by the hundreds on the AH? Duping destroys the excitement that people feel about what they own and what they might find. Duping also fosters feelings of unfairness (think free money for the Big Banks). It's bad, and Blizz needs to ensure that it never happens.

A while back, Diablo 3 Markets posted an article entitles Will Duping Exist in Diablo 3? We asked an Expert. The gist of the article was that Blizzard had learned from the error of their ways, and that by treating items as items that could only exist in one place at a time, it would prevent duping.

In theory, that is a great approach. As a professional software developer, I certainly agree with the approach. But it is far from foolproof. For starters, bugs in the code could still allow duping. Hopefully, the Beta will find all such issues.

Unfortunately, as late as Patch 10, three different duping methods have been making the rounds as reported here and here.

I've done a good amount of research on the inner workings of how the D3 game client interacts with the Bnet server with regards to the Auction House. No, I'm not trying to dupe; I'm working on a public AH section for the site. What I do know is that it seems that the items in the AH are kept in a completely different area (and database) than the in-game items. From a programming perspective, this makes a lot sense (especially for performance reasons). But if the hand-off between the two worlds (the in-game world and the AH world) is not done in a secure manner, it can lead to issues. And that is precisely what seems to have happened with two of the recent dupe methods!

As a developer on many Client/Server projects, I came up with an important rule for how to proceed. I called it "Rule # 1 of Client/Server Programming: Never trust the client." Blizzard needs to take that approach as well. And for some things, it seems that it has. Check out the Video of Diablo 3 No Latency for High Ping Players. The way that Blizzard can do this is by letting the client perform all the combat calculations locally (so that it appears instant to the player), and then recheck all those calculations on the server. Since the client and server use the same "random" seed for all calculations (damage, and possibly even monster and item spawns), the server can ensure that the client sent in legitimate results, rather than hacked ones. The server can also ensure that your character is not moving faster than it should (given its current movement) speed, however, this Diablo III Beta - Speedhack video shows that there's still work to be done in that area.

As I wrote in a forum post, my biggest concern is that the dupe methods surfacing so far are only the tip of the iceberg. After all, folks that intend to profit from duping have no interest in sharing their secrets with Blizzard and the D3 community. All the dupe methods so far have mostly been discovered accidentally, rather than by hackers trying to take advantage of the system.

What happens to the game when the legion (and I suspect that it's not a small legion) of hackers and Nigerian princes unleash their skills on the game? Will the game survive? I suspect that the answer will lie in how few and effectively dupes and exploits are dealt with by Blizzard. At the end of the day, this more than anything else in the game will likely determine its long-term success.