mc776: A little yellow ant in the grass on a sunny day. (yellow ant)
m ([personal profile] mc776) wrote2021-12-08 01:11 pm

Thinking about FOSS-in-spirit MMO design

MMOs versus FOSS - tl;dr the entire way an MMO is structured means you can't do any hard anti-cheat and still have your game be FOSS

Adrian's post with discussion

My abridged comment:
the only alternative i can come up with that doesn't require the entire playsim to be server-side-only is to have a decentralized mmo (w/opt-in federation if there's to be any at all) where individual admins are strongly encouraged by both word and UX to actively vet players and run instances in a way that's conductive to ppl identifying with it as part of a community
Which raises the question: what sort of design features would encourage this?

Brainstorming some beneath the cut.


Front admin page always prominently shows current, active (within the past 60 days) and maximum allowed users, plus a record of data transfer usage over the past month.

Server setup wizard prominently shows options for maximum users, maximum data usage and maximum idle time before an account is deleted. Let's say something like 500, 200GB(?) and 365 days.

There's an IRC-like chatroom - text only, no embedded media - that anyone can view at any time while logged in.

If a server's bandwidth is maxed out, you can still log in but everyone but the admin is restricted to the chatroom. The admin has a command that lets them modify the bandwidth cap for that month.

Anyone can DM the admin at any time. The admin's only option is to delete the offending account (and block the IP if they're a bigger problem).

Only one pending account allowed per IP.

All login IPs are easily accessible to the admin, and to the account that logged in from said IPs. This fact is made plainly known to users.

If your account application is rejected, or your account terminated or your IP blocked, or you log in and the bandwidth is maxed out, you will get a (not a click-OK popup just a relatively unobtrusive notification) reminding you of where to look for other servers or how to create your own.

2FA by email is on by default.

Federation is opt-in only and inter-server interactions only happen in certain areas. You have to manually switch between chatrooms, and each time you bring up the chatroom interface it's for your home server.

PvP only happens for specialized arena fights and requires peer-to-peer connections. Parties must unanimously agree to which server's rules to use, as well as whether or not the fight is "for keeps" in terms of having any mechanical consequences after the fight is over. Desync warnings happen early and often if people are running different software.

No challenges should depend on interface. Players should be expected to have some means to plainly see where all the mobs are, all their hitpoint counts, resistances, etc. so no one can be accused of cheating just because they're using an accessibility aid for this sort of thing. If someone finds something hard because they can't see something in the native UI that a modded client can, that should be treated as a bug. (This one pains me to write as someone who likes to keep things murky and ill-defined as a matter of suspension of disbelief; however, my experience is that most players would think this sort of policy to be a gain rather than a loss.)

Admin should have the ability to extensively modify the game world, and take control of most NPCs. The admin directly controlling mobs to make a fight harder should be the only principled exception to the PvP-iff-P2P rule.

Admin may spy-cam any user at any time. An icon will appear on the affected user's GUI that an admin is spying on them.

"@"-ing someone does not send them a notification, it just provides a link to that user's profile, but the message will be made more prominent if the tagged person happens to be around to see it.

Admin account can have its own characters but they will be clearly marked if they're in "superuser" mode. Whether this effect is diegetic is left to individual player headcanon.

Only the originating account can add or (forcibly) remove admins, except for itself which must always be an admin. Anyone appointed as admin can revoke that status on their own, without the consent of anyone else. If the originating account is compromised, the entire server has to be nuked. Backups are encouraged.

Custom dungeons, bosses and items should be the norm.

The server software should be light enough that any regular user can start their own temporary server for themselves and a couple friends for a quick dungeon raid - think Quake or the original Unreal Tournament.

Any user (including an admin) can export their character into a file, and an admin can review a character file, modify it and import it for a user on their server. An admin can export another user's characters this way, but the interface is intentionally janky and hard to reach - really, it's just there at all to discourage people from modding in something more convenient.

The game's TOS includes an agreement that the admin has a non-transferable licence to reproduce or modify any content you upload to that server, but that licence ends when the account is terminated and in any event does not include using that content for commercial or money-making purposes.


I am aware that all of this offloads a lot of power and responsibility onto a server admin. Perhaps there's some way to distribute this authority in a communally-controlled server setup, but that is beyond the scope of this brainstorm.