On line poker may be fair but there is no proof that it is. In fact, given the Ultimatebet.com scandal, there *is* proof that online poker cheating by the site themselves has occurred.

“Russ Hamilton, a former poker champion and consultant to the prominent, Costa Rica-based and Kahnawake-licensed, online poker site Ultimatebet.com, had cheated players out of millions of dollars with the help of “God mode” software that let him peek at other players’ hands.”

http://www.slate.com/blogs/crime/201...line_poker_sca ndal_that_never_ends.html


Absolute Poker also has had cheating on their site:

http://en.wikipedia.org/wiki/Cereus_Poker_Network

These scandals do NOT involve the issue of whether or not the RNG is random and the deals are random. That is a moot issue here and I will not address it. It is a Non sequitur. (I personally believe that the RNG and deck shuffling routines used by on-line poker sites are as close to random that we can get. So put those arguments aside).

The proof of cheating is there. On-line cheating has occurred, is possible, and has taken place at the highest levels within on-line poker sites. What about current poker sites? Well, I would only say that they haven't gotten caught yet. Why? Because their site software has not been audited.

The real question is, are there back doors in the SERVER software that with the right client software one can view hole cards or manipulate the flop & other cards to come and how can the public be assured that they do not exist? Are you assured when a poker site's CEO says "Our site is fair. Trust me."?

I am advocating software audits by truly independent third party companies as a requitement for a poker site to be licensed.

Before I go further, let me say that I have been in technology since 1985. I have programmed poker applications. I have reached the highest levels of management in technology and systems development. I was a divisional Chief Information Officer (CIO) with the largest bank in the USA responsible for all asset-based lending systems with millions of lines of code. These systems processed over $16 billion annually and had interfaces to deposit, wire, and ACH systems. For the last 12 years I was the CIO for a financial services company and developed the leading online secure system for factoring and invoice processing. These are very high risk financial systems not unlike on-line poker systems. So I am qualified to speak on secure financial systems. Full disclosure: I retired last year and no longer work in the finacial services sector.

Here’s a fact that is telling: No on-line poker site has ever had their software (server and client) SOURCE code audited by a verifiable independent company that will certify (and post a bond guaranteeing their findings) that the software is fair and that there are no “cheating”, God mode, or back door routines embedded in the code. None. Some may have placed their source code in escrow but that is not what I am referring to here.

Some on-line sites purport that their software has been tested and found to be fair. A few years back I contacted four such sites and the companies that did the testing. I asked specific questions about what was tested, how was it tested, and how were the results interpreted. I asked if the testing company had access to the source code. Crickets. One poker site responded. Two testing companies responded. No testing company had access to the source code, and what they did test is the RNG. No testing methodology was provided or results. None would state what their standards are for a RNG to be considered ‘random’. If anyone has more information on the testing companies and their methodologies I would love to see it.

If you have ever done system development you know that programmers have to use special testing routines to test their software. How does a poker site know that their software ranks a straight flush properly? Do you think that they just deal hands all day long until a straight flush comes along and then check to see how it responded? No, they force the condition to come up and then they can verify that the routine responds correctly. In this example they force a straight flush to come up against all the other ranks and verify the results. These routines are called diagnostic or testing routines and when the programmer is done he removes them (usually by commenting them out) from the source code. I can’t tell you how often my QA teams have found testing routines in code that were supposed to have been removed but hadn’t. It happens all the time.


Not only do poker sites have to test their server software, they also have to verify that the client software does what it is supposed to. The server has to send data to the client software so that the client software can display of your screen the other player’s names, their stack size, their bets etc. As was proven in the Ultimate bet case, there can be special client software that has a super-user (‘God’) mode and the server sent the values of the other player’s hole cards to the client software and the client software showed them on the cheater’s screen. This could not have been done without the super-user routine coded into the server software that ALL of the players were logged into.

Let’s call this type of cheating “Hole Card Peeking”. In this case the shuffle is random, the deal is proper, and the cheater can win IF he has good cards. He can also fold if he knows the other players have better cards. But there is no guarantee that he will win a given hand.

A worse kind of cheating would be if the cheater could know the flop, turn, & river cards before they are shown to the other players. Since the server software knows what these cards are BEFORE the deal begins, it’s no problem sending the cheater the flop, turn, and river cards at the same time that he gets the other player’s hole cards. Then he knows when he should stay to the bitter end. As far as I could find out, no one has ever stated definitively that in the Ultimatebet scandal if the board cards were also sent to the cheater under God mode or not. If anyone has definitive information on this please let me know.

PURE SPECULATION ON:

I believe that the board cards were provided as well. Why? Well why not? It’s just a few more bytes of data to send the board info as the system knows the order of the deck before dealing any cards. Nothing is being changed. The shuffle is random, the deal is proper. What’s not proper is sending all the card data to a super-user.

PURE SPECULATION OFF.

On-line poker sites use prop or shill players. The sites pay them to play. The prop players fund their own accounts – they are not playing with the site’s money. The question is, do any on-line poker sites use house funded shills & prop players? I am willing to bet that some sites do use house funded shills or bots to increase action on their sites. We just don’t know if they do or do not. As far as I can find out, no on-line regulatory body prevents this and there is no way to detect if it happens. But if they do have house funded shills, the site has a vested interest to make sure the shill doesn’t loose the house’s money.

In a ten handed Hold ‘Em game, twenty cards are dealt out, thirty two remain. Most of the time, any two starting cards can win. With on-line poker, ANY two starting cards can win. More accurately, any hand can be forced to be the winner. So if a site funded player is down a certain amount of money that the site deems unacceptable, it can force the cards so that the selected player wins.

Example: Suppose the shill is player 8 in a ten handed game. The hands are AA, AKs, KK, 6Qo, 39o, 8Js, 99, 27o, A2s, 87o. The shill has 27o and there are lots of good hands there. Players should be betting. The flop cards in the deck but not shown yet are: K, J, 9.

The shill will loose with that flop. So God mode is flipped on and out of the 32 remaining cards here comes the ‘adjusted’ flop: 7,2,10 suited. Now the shill has two pair. Player 6 made his flush. The turn is the last K. That’s to suck in the trip kings. The river is the last 7. Bingo! Shill has a boat seven’s full of duces, AA is busted as are the trip kings and the flush. Shill is back in the money and God mode is turned off.

Example 2: Suppose the hands are A7, AQs, KK, 2Qo, 37o, 8Js, 99, 27o, A2s, 87o. Shill is player 8 again with 27o. All the sevens have been dealt and three of the deuces as well. The best the shill can do is a pair of deuces which will not beat the kings.

Not to worry. Flip on God mode and the flop is 10, 8, Ko .

Player two flopped a 4 flush with the 10 & 8, player 3 has trip kings. The turn is a J suited and player 2 has the nut flush. The river is an 8 and the trip kings are now a boat. If player 6 stayed he has a boat as well 8s full of jacks.

The shill stayed with the 27o. Why? Since God mode was on when the flop was dealt the shill’s duce was swapped a 9 and now the shill has 79s for a straight flush and wins the pot. Possible? Yes. Extreme? Yes. Probable? No. More likely it would be a boat over a nut flush when God mode is flipped on. Who hasn't had a flush beaten by a boat? The house would not want the shill to be a big winner - they would just want them to stay even and not loose the house money. Undetectable.


Oresteen’s Theorem: Any random hand in a ten handed on-line Hold ‘Em game can be forced to be the winning hand from the remaining thirty two cards.


My theorem applies only to on-line poker. It would never happen in a B&M. Imagine the dealer going through the cards and selecting the flop he wants. How would the players react? Yet it is possible with on-line sites today.

Do any on-line poker sites have a God mode? I do not know. No one knows except the site themselves. Is it possible? Yes. Has it happened? Yes. Ultimatebet.com proves that. Are any on-line poker sites using God mode? I do not know nor does anyone else except the site themselves. I would venture to bet though that if they do have a God mode it is used very sparingly so not to repeat the ways previous cheating scandals were detected.

No one can say for sure whether or not on-line poker sites have back doors, special client applications, and a special super-user God mode. The ONLY way to determine this is to have the actual server source code audited and verified by a legitimate independent 3rd party company that will certify and post a bond backing that certification that the site doesn’t have back doors and God modes. God mode client software could be hidden and not audited but the server side can not. All card deals originate from the server.

In order for on-line poker to gain wide acceptance and legalization, regulatory bodies MUST institute valid independent third party software audits and post bonds to guarantee that the software is fair. The third party auditors must also do the compiles and promote the release version of the server software into production.

Will source code audits ever happen? I doubt it. The poker sites are doing very well without it. The players are not demanding it. Why spend the money to have your software audited? Until it happens I for one will never play on-line for real money. It is just too risky. As U.S. states legalized on-line poker I’d like to see them require independent source code audits. Then we might get it. Until then it’s still the Wild Wild West with on-line poker.

Fortunately, as we proved in the AP + UB cases, you don't need to audit the source code to detect cheating.

Instead, you can review the hand histories to determine these things and figure out if there was cheating.

Not exactly true. This will work only if it is done often enough to cause a noticeable shift in the expected variance. By using it selectively and with multiple accounts it can fly under the radar so to speak. With software audits you know for sure that it doesn't exist at all.

No, you are wrong.

The UB and AP incidents both used multiple accounts.

In the case of AP, which was the first big case of this nature, there were just 800 (!!) hand histories available for analysis, across the various accounts.

Just lighten up and play micros for entertainment. If you lose, either get better or quit.

I prefer a system that prevents cheating on the front end rather than relying on detection AFTER the cheating has occurred. Why would you be opposed to it?

True but they also showed no restraint. This would NEVER have occurred had the software been audited.

Aoresteen: I agree with most of what you say except for a couple of things.

I don't think that auditors need to force any conditions to test the software because the auditors can look at hand histories and get a better idea if things are wrong. That's essentially how the UB scandal was uncovered. I think that it's hugely important that players are allowed to keep databases so the players themselves can police the sites. Ultimately it's only the players who can be trusted to not have been bought off.

Also god-mode isn't about actually changing the cards in play. It's only about being able to see the cards of the other players. Changing the cards would overly complicate the programming and probably make the cheating more easily discoverable. Cheating that requires the smallest footprint is actually the most effective.

I agree with this post as a programmer. There are definitely test routines that could easily manipulate every aspect of how how cards are displayed and without a code review could be commented in or out at the programmers discretion. All it would take would be a couple lines of code to get it done and pushed into or out of production.

The owners of highly popular software (that have required years of revisions to reach the current level of functionality and "look and feel") are not likely to ever agree to granting outsiders access to their code. It would only be a matter of time before it was compromised.

If the marketplace values audited software, someone will supply it, and it will gain market share.

Your theorem is false.

Player 1: 2c2d
Player 2: 22
Player 3: 34
Player 4: 34
Player 5: 34
Player 6: 34
Player 7: AcAd

Player 1 can't win the hand.

Sure he can. As in Example 2 when this condition occurs one or both of his hole cards are switched. Change the hole cards to KcKd. Flop is forced to KsJd10s. Turn is 5d. River is Js. Player one has a boat, player 7 has two pair aces & jacks. Player one wins. Theorem is true.

All of these cards exist in the set of 32 undealt cards and are available for God Mode to use. There is no audit trail that the other players can use to know that cards have been switched and that they have been cheated.

What you are saying is that companies want to protect their intellectual property (IP) rights. That is true. I did the same when I was a CIO. We often called in outside consultants and the way we handled it was with Non-Disclosure Agreements or NDAs. Our NDAs had very serve penalties for breach. "Look & feel" is easy to reverse engineer - internal algorithms are not. Having done this many times I feel that a company's IP can be protected. My companies were audited by outside firms regularly and breach was not an issue. When I was working at the bank I was audited by both internal and external software auditors. Not an issue.

The issue is that players are not demanding software audits. The only way audits will be implemented will be through regulation just like banks are. I hope that as states in the USA consider opening up on-line gaming is that they implement software audits. This would be good for the players and for the industry.

Software auditors will not have the time to review hand histories given the size of the data. They will look at the source code and examine how it works. They will look for back doors etc. They will run test of their own.

As to God mode, we don't know exactly what it was capable of. No outsider that I am aware of has seen the actual source code. We know only what the sites said it did and the 'regulatory' agencies released vague statements as well (not much). If I were programming a back door for sure it would show everything and could switch cards. It is a trivial programming task to do as I wrote similar code in the 90's when I developed a stand alone Hold 'Em simulator for probability analysis.

If anyone has the actual 'God Mode' source code please post it and we can see how deep it went.

Actually it's pretty well documented through listening to secret tapes, interviewing participants and ananlyzing hand histories as to what exactly the UB god-mode did. It allowed the cheater to see his opponents cards, it didn't change 22 to KK. When you are referring to switching cards what you are actually talking about is akin to a rigged RNG. There is plenty of existing posts about rigged RNGs. There is absolutely no reason for a bad guy to go through the trouble and added risk of rigging the RNG when he can already see his opponent's cards. Rigging the RNG also leaves unnecessary statistical aberations for players to be able to pick up in their databases.

It always amuses me when new accounts show up on 2+2 and explain something that happened on 2+2 in their posts.

I didn't read the rest, and I apologize for a mostly off-topic post.

In your first example 72 cannot beat KK.

Thank you for your perspective. I know that most posters here would not question a statement about the AP & UB issues and accept it as fact. However, I included to links to avoid a discussion on if cheating has or had not occurred as some would not and trail of down a rabbit hole on the RNG issue. I realize that this is a sensitive topic with many on both sides of the issue and was simply trying to limit the scope to software audits.

You may feel that it is off topic and I apologize if it is. I've done quite a bit of research on the topic of software audits for on-line poker sites and could not find any. There have been a lot of posts on the RNG issue but in terms of 3rd part audits none that I could find. Perhaps I missed them.

Having spent 16 years in a regulated industry where internal and external audits are the norm I've often wondered why the on-lime gaming regulators don't require external independent audits of the gaming software. Such audits would benefit the players and in the long run the industry itself. It would be a strong argument in support of legalizing on-line gaming in the US, particularly in states that are exploring opening up their state to on-line gaming. Hence the discussion of software audits.

That would force highly successful providers to create a "lite" version. There is no way they would be protected by an NDA. There is no penalty sufficient to prevent eventual disclosure.

This is not banking software. There is real competition in internet poker. At least until competition is "regulated" away.

You are right, I made an error. The KK would have a bigger boat. Change the turn to a 6 off suit and the 27o beats the pair of kings. My apologies for missing it and thanks for catching it.

While we can disagree on the effectiveness of an NDA, we do agree that there is real competition in internet poker. And I believe that the internet poker site that had truly independent audits of its software would have a competitive advantage over sites that did not.

But you wrote this:

Which made it insta tl;dr .

Not at all, the thread's fine, my post was off topic.

Why doesn't Pokerstars as the industry leader take the initiative to show the players what is suggested here. I don't think it is too much to ask and would instantly put a few thousand on your site from me instead of cashing out every opportunity I get. It would definitely alleviate my suspicions and make your site a hell of a lot more in rakes.

Suspicions of what?

So I assume the notion of being able to possibly manipulate what the rng randomly spits out is ok as long as the players can review hand histories.

No.

It wouldnt do ****.

You riggies would just move the goal post.

You can't manipulate the RNG if players can review hand histories. That's the point - it would be detected.
Because PokerStars already does an audit of the RNG, and publishes that report. In addition, because PokerStars happens to hold more online poker licenses in more jurisdictions than any other company in the world, they have had to meet more tests than any other online poker company. This includes Isle of Man, Italy, Spain, France, Estonia, Belgium, Greece, Malta, and Germany.
You seem to argue that some sort of professional audit is important... yet you use the example of AP and UB to support that claim. That make no sense, because AP and UB prove that players such as us can detect misbehaviour of this nature.

The cases of AP and UB are both strong evidence that player analysis of hand histories is effective in detecting this misbehaviour.

Yes you did.

Here's a helpful link: https://www.google.com/search?q=3rd+...line+poker+rng