FYP

There are other reason's that aren't shady to not use SSL encryption. They're not good reasons but they're not shady.

The SSL handshake requires a lot of overhead and dramatically reduces performance vs the same non encrypted communication. This is the first page I found with charts comparing SSL vs non SSL. It's for remote access but should give you an idea of how SSL slows things down. http://www.pcmag.com/article2/0,2817,1202227,00.asp

There are other less computationally intensive encryption algorithms although not nearly as secure.

The Twofish encryption they claimed to use is also pretty slow as well.

It might be that they started out with good encryption and then saw very poor performance and didn't want to spend money to add more hardware (either more servers or SSL accelerator cards), instead they used an encryption that worked faster.

Based on the picture of their offices I wouldn't be too surprised if that was the case.

Wouldn't all this be confirmed by the fact that just after they tried implementing SSL today or yesterday, the site was so laggy they had to basically shut it down?

That was just after Lee posted this.....

"Hi folks –

Yesterday morning we released a security update on our standard poker client which included an SSL layer in all our server-client communications. We are happy with the performance of this update and have just completed rolling this out to our beta 2.0 client as well. You should see no difference in features or player experience.

Best regards,
Lee Jones

Cake Poker Cardroom Manager"

Not trying to defend Cake here, just saying that absolute incompetence might be a bery real possibility.
I've seen it in other domains at levels at which you would not expect it.

Also, I think it's very possible that Lee has contractual obligations not to badmouth the company for which he's a rep.
Can't confirm because I don't know much about rep/marketing, but definitely not impossible.

Or more probably, he has some financial interest in the company and has convinced himself that nothing bad has happened and that it's ok to just go into damage control mode to save the company.

Realize that if they had actually posted the truth ("We had some of the worst encryption in the world for the last couple of years, anyone with 1/2 a brain could've seen your cards and we lied about it"), Cake would be bankrupt by now.
Not that it's that far anyway...

So instead of investing more money in order to protect customers they opted for no SSL while at same time lieing that they use Twofish putting the whole bussiness at risk in order to save few bucks?
That explanation is not working in Cake's favor heh.

I know, I was replying to MicroRoller.
He presented a possible reason as to why Cake wouldn't use SSL , which sounds logical but considering Cake lied about it and put their whole bussines at risk in the process, I don't see that as a "non-shady" or less evil reason not to use SSL then for cheating purposes.

Sorry if my posts are not very clear (language barrier)

No, what the other guy was saying is that it's possible their programers were pathetic enough not to be able to deal with implementing SSL without having the servers crash every 5 seconds, which is what happened yesterday when they did implement their "stable" SSL update.

Seeing how things are being run from a basement somewhere in a suburb in Dublin, I can see how they would've hired some computer programing dropouts for close to nothing to save money.
These dropouts would've convinced them everything was secure after struggling to implement some 3rd world level encryption.
Cake said "ok great! Let's roll!"

After that, the dropouts superuse, or not, because they're not even that smart.

Things fall apart when PTR uncovers the truth.
Cake send Lee to 2+2 to do some damage control, mostly by going after PTR ("those jerks who let our players know any ****** could see their hole cards on our network"), and remind him that his shares in Cake aren't going to be worth much if he can't stop the company from going bankrupt.

The end.

If there was superusers on Cake, they probably would've learned not to play 60/20 or w/e stats Hammilton & CO were playing with. It shouldn't be too hard playing with reasonable stats and keeping win rate at a beliveable level, while still being a superuser. I'm not saying there were superusers on Cake, but if it were, it's quite possible that we wouldn't be able to figure out who that was by just looking for the combination of a good win rate and poor stats.

The fact that they didn't run SSL encryption though, is a clear signal for me to never play on their network. There simply isn't an excuse for not running SSL encryption on a site/app that deals with confidential information and money transfers. If an internet bank had done the same thing, and just let the site run while they were patching it, the bank would've lost all it's customers as soon as they found out. It would've been totaly unheard of, and so it should be for internet poker sites. It's exactly the same thing.

I'm not excpecting Lee to answer any time soon, as there isn't a single answer that would make any sense.

Glad I don't play on Cake.

I do play on Pokerstars and FTP though. :-(

Well a Superuser wouldn't (appear to) play a losing style.

Especially after what happened on UB. You'd hope a superuser would be smart enough now not to make hero calls with T high on a river shove every time you're bluffing with suited connectors...

I think that I remember reading (maybe in his well?) that he had transferred the 1% equity in Cake that he opted for in lieu of a cash prize in a tournament to his Grandfather in Russia. I'm not sure though and those notes along with AP/UB notes are on an old computer that I don't have instant access to.

I know that he said that he loved being an internet investigator in one of his blog posts. Is he still a mod in bbv or somewhere? I also kinda remember that he was admitted to the bar, but hadn't actually practiced law. In any event, I'd think that he'd want to be involved in this matter.

gTg

The silence is a confirmation. Lee doesnt answer because there is no answer, the facts are plain and simple, there no excuse:

The room was unsecure;

They lied about it;

What more do you need to know, dont expect Cake to come here and admit what they were doing

Its like you get your wife in bed with another man and ask her if she was cheating on you.

Here's my question to Lee. You know how 2+2 works. What in the world made you think it wouldn't come to this in nvg when handing out "none yo biz" answers?

cheer up.
[x]Stars n FTP do use SSL.
[x]I likez ur avi.

He was probably told by his superiors at Cake to not answer any of these questions, maybe hoping it would all go away in time. I wonder if Lee is asking Cake any of these ?'s and if they are even answering him or telling him the truth.

Even if he was told by his superiors not to say anything, "None of your business" is never a good answer in a situation like this.

Just an anecdote but :
Maybe 2-3 years ago I triple barrelled with 54s on an A73xx board. My opponent called my all in on the river with....54. I stopped playing high stakes on Cake after that.

Agreed, I wasn't trying to defend Lee's response or Cake in this matter.

I don't see what good comes out of speculating about whether Lee wants to say the things he's saying or is being told by his bosses to say them or is really a secret crime fighter who doubles as a formerly well-respected card room manager. The guy's saying stuff on the account "Lee Jones" and signing them "Lee Jones, Cake Poker Cardroom Manager" or whatever. I have no reason to believe that his account's been hacked or that someone has a gun to his head. So, for now I feel like it's safe to assume that those are the willful statements of Lee Jones, a guy who is employed by Cake Poker as a card room manager.

I also don't think it's incredibly surprising that he and Cake have handled this as they have (at least in hindsight). It might even be the correct way for them to handle this situation from a monetary perspective. Also, after talking to some people who've been around longer than I have (i.e. when Lee got his great reputation), I've basically learned that he has a great reputation partially because he worked for the best-run site and got a lot of credit for what they did and partially because he just generally got along well with our community.

One of our goals as a community who relies on these unregulated businesses that often have incentives that are aligned against us should be to try to better align their interests with our own. Currently, our best methods seem to be making a big stink on the internet and having a bunch of 2p2ers take their rake elsewhere until a smaller group comes back to play in the softer games. Those suck. If anyone's got a better idea, I'd love to hear it.

I would certainly be a hell of a lot more careful if I were a winning player and if a losing player I'd quit that site and possibly all of internet poker after that kind of hand.

Well, one hand can happen, could be a missclick for example, I´ll prolly need to see it happen at least one more time from the same player before I yell superuser.

Noah- it's not surprising, but I refuse to believe that the "old model" of ignoring what the knowledgeable customer wants can last forever. I think the customer base gets smarter over time and adjusts better each time something like this happens.

If the market wants to punish cake it will punish cake for this glaring middle finger they are giving their customers.

Wow, good move leaving Cake. Did your opponent say anything after the hand like "ooops misclick"?

Yeah. I'm biased as hell, but my guess would be that Cake would've been better off handling this transparently than the way they did. Plus, as you said, we're getting better and better at finding this **** (thanks PTR!), we're less tolerant than before, and the number of customers who learn about stuff like this is way higher than it was 2 years ago.But the fact that they would even consider behaving how they did* makes it pretty clear that we don't have much power here.

If Cake were licensed by some legitimate entity instead of the government of Curacao, their license would be revoked for basically publicly announcing and proving "We don't care about customer security." So, they would never even consider doing something like that. I don't think we can create that kind of pressure, but I'd love to hear any ideas.

*i.e. "Go **** yourselves. We're not taking any advice. We're not letting our other customers know what you know. We're not going to answer any questions. We refuse to explain why we're taking any of these actions."