Fake scores

A Mind runs in a World on the client side, and the World JS then reports the score to the server. Could the Mind JS interfere with that report and hack or fake the score?

The answer is maybe. The problem is that the World JS and Mind JS both run in the same window on the client side. The World JS makes an Ajax call to report the score to the server. We cannot see any foolproof way to allow World JS make that call but not Mind JS.

Even if Ajax was successfully blocked from Mind JS, the Mind might try to directly change some variables in the World code or system code. We cannot see any foolproof way of always stopping this.


The World owner needs to watch the run

The bottom line is the World owner needs to watch what the Mind is doing:
  1. The World owner can study the Mind code to see if there is hacking.
  2. The World owner can watch what appears on screen and match it to the claimed score.
  3. Only the World owner can do a run that appears on the scoreboard.
  4. If the World owner is suspicious, they can reset the score with the "Reset" button.
  5. The World owner might refuse to run the Mind again, so it never appears on the scoreboard.

Conclusion: Fake scores are a possibility, but it is hard to fake a score without the World owner noticing.



The background is a program, showing the JavaScript graphics used on this site.
The globes light up when you log in.
 
Font:

© Ancient Brain Ltd. 2018-19. All rights reserved.

Ancient Brain ™ is a trademark of Ancient Brain Ltd.

Platforms      Stats      The name      Terms and conditions

Bug bounty      Classes in Dublin      Contact

Call for partners
If you are interested in writing a programming course or textbook, Ancient Brain is looking for partners. We will work with you, and integrate your course into the site. This is an opportunity for someone looking to develop a course or textbook to partner with a site to support it and promote it.