WPN Announces Latest Developments in Battle Against Poker Bots
The online-poker world hadn’t heard much from the Winning Poker Network about its efforts to increase its efforts against illicit poker bots attempting to proliferate in its games. However, more than six months after its initial statements on the topic (along with refunds connected to the discovery and account seizures of a large botting ring, WPN is back in the news. On Friday, WPN CEO Phil Nagy offered a very interesting update.
Posting on the America’s Cardroom (ACR) blog, which represents WPN’s flagship site, Nagy revealed that ongoing research into how bots operate has led his network’s team to take a new approach in the battle against the cheaters. While automated bot play can be detected through many different methods, WPN and Nagy have focused on disrupting the screen-scraping behavior that feeds community-card data in live time to the botting software.
Nagy wrote: “Our security teams discovered that both commercial and private bots process the information at a poker table (what cards they have, what position the bot is in etc.) by reading the graphical pixels. We found this was a common trait among all bots we tested.
“As a result, we found that if we change the graphics within the poker client, it renders them useless until the new layout is solved, taking considerable manpower on their end in order to remap the table. Over the past months we’ve made 4 graphical updates to the poker client in order to break the bots.”
WPN has since updated its client graphics at least four times in recent months, at ever-increasing frequencies. Nagy also posted a couple of screenshots grabbed from the user forums of a couple of prominent poker-bot manufacturers, who have admitted being frustrated at WPN’s tactics. One of the images shows a botmaker’s rep writing, “Seriously thinking about abandoning this network,” in response to WPN’s frequent graphical changes.
Nagy himself admitted the solution isn’t the end-all to the problem, writing, “This is, and will always be, an evolving battle. As we get better modes of detection, bot operators will attempt to find workarounds. Regardless, we will continue to implement the solutions above while developing more tools to make our gameplay environment the safest on the internet.”
Nagy’s entire post is well worth the read, as it also talks about the $450,000 or so in seized funds from botters that will soon be redistributed to cheated players, which is… well… better than nothing.
There are a couple of points that Nagy’s post doesn’t address that are worth discussing here. First, there’s the context of the Winning Poker Network being a grey-market offering, meaning it provides services to the US and to some other countries without being licensed. Many of our readers will have stopped reading by this point (and I no longer play on grey-market sites myself), but there’s a big extra operational condition facing WPN and other such platforms. Just as with its battle against some vicious DDoS attacks in recent years, WPN and its sites have no jurisdiction it can turn to for help in battling the botters; it has to figure out a way to deal with the problem itself. And the network has to either take it to the botters entirely or just cut and run on the issue, as at least one other major platform has done.
Also, there’s no reason at all can’t learn from the lessons WPN is learning here. It’s essentially free advice, and if it leads to the entire industry finding more effective ways to battle the bots, that’s great.
According to, Nagy, continually modifying the graphics creates havoc within the botting programs. Cards and betting values and stacks can be manipulated in any of several ways, including font, size, and location on the table. Added to live-play CAPTCHA pop-ups, and it’s designed to make a swamp out of the botting experience.
Nagy’s post also suggests that an ever more modular approach to programming parts of the user client may turn out to be a winning solution. To a certain extent, all online-poker user clients are modular in the programming sense. However, the definition I’m getting at goes beyond that. Rather than supplying updated table and card graphics as a part of a larger client update, imagine what would happen to bots’ scraping results if the graphics were modified every few days, via a plug-and-play software component that dropped into the rest of the client.
That would indeed be something, and if combined with other bot-detecting tactics, it could really curtail much of the problem. Like many others in the industry, we’ll be watching.