A Mind runs in a World on the client side, and the World JS then reports the score to the server.
Could the Mind JS interfere with that report
and hack or fake the score?
The answer is maybe.
The problem is that the World JS and Mind JS both run in the same window on the client side.
The World JS makes an Ajax call to report the score to the server.
We cannot see any foolproof way to allow World JS make that call but not Mind JS.
Even if Ajax was successfully blocked from Mind JS,
the Mind might try to directly change some variables in the World code or system code.
We cannot see any foolproof way of always stopping this.
The World owner needs to watch the run
The bottom line is the World owner needs to watch what the Mind is doing:
- The World owner can study the Mind code to see if there is hacking.
- The World owner can watch what appears on screen
and match it to the claimed score.
- Only the World owner can do a run that appears on the scoreboard.
- If the World owner is suspicious, they can reset the score with the
The World owner might refuse to run the Mind again, so it never appears on the scoreboard.
Conclusion: Fake scores are a possibility, but
it is hard to fake a score
without the World owner noticing.