Exploit found which can lead cheating

This is one of the worst PR-driven replies I’ve seen in my entire life.

1. ‘Our server captures changes made by players to their profiles’. We realise servers capture everything. Whether those changes are being monitored and anomalies flagged is an entirely different matter. Luciano has clearly demonstrated that there is a way to alter the weight and prevent it from showing within the race results, including ZP. Which leads to…

2. ‘Players who weight-dope in a race are routinely detected by other participants by putting out suspiciously high w/Kg values’ that has absolutely nothing to do with this exploit. This is literally just a text filler to make us think like something is being done when it isn’t. In this case no suspicious W/kg values will be shown as the app does not detect changes applied in the way Luciano demonstrated.

3. Just friggin fix it. You do realise that this will only lead to multiple people, across multiple platforms, releasing even more ways to cheat, right? The more denial, the more consequences. Hope you’re prepared to ban comment sections on all UCI Worlds livestreams.

I am not sure you need a top secret plan for this. You just stop people changing aspects of their profile mid race.

Someone detects a serious error in the application that allows to cheat the results and what does your company do?
Instead of solving the problem, correcting the error, you banned the person who reported it.
Shame on You Zwift.

please leave it up until they fix it. i hope you can find an account to train on in the meantime, assuming you’d even want to after this kind of treatment.

You do realize this is not the first time it has been brought to your attention? I believe to have read other users have reported this nearly two(!) years ago already…

If you are super greedy, yes. But if you are cautious, you change just enough so it is not blatantly perceivable by the others, nobody notices. Only post race control, once the race is already destroyed.

And just to remember everyone, I did not interfere in any race. The test was done during an iTT. No draft. Pulled myself out of any possible ZP points.

Watching the video you can see that before the race I was sure that I would prove that the cheat was not possible.

Anyhow. Crazy story. Unbelievable.

This is rather disingenuous. Nobody using this exploit would do so in such a way as to make it obvious. The whole point of the article was to expose a fundamental flaw in the game, it’s NOT the responsibility of the userbase to resolve it.

Zwift urgently needs to play the ball, not the man.

It was certainly being actively exploited over a year ago, I’m not allowed to post links to the relevant thread on Zwiftpower though.

For what it’s worth I’ve suspended my account now. I may or may not resume it, I’ll wait and see what happens.

There are several problems with this response.

Longer-term, we have a plan to block this kind of mid-event weight exploit …

First, this exploit is easy to execute, so “longer-term” is not acceptable. You need to close the exploit immediately. We don’t know if “longer-term” means next week, next couple months, or as long as it took to fix the London gradient graph. (Reported May 2020, reported to be on Zwift’s to do list in June 2020, about 95% fixed in the last client update in early 2022.)

Second:

…we would like to address the suggestion made by the originator of the post that this is ‘The Ultimate Undetectable Weight Cheat on Zwift’. This is not true. Our server captures changes made by players to their profiles.

If the servers capture the information, then why was Luciano not flagged shortly after the race? Also, in the first bit I quoted, you basically admitted that this exploit is feasible. That could be read as contradicting the quote directly above.

Third,

Players who weight-dope in a race are routinely detected by other participants by putting out suspiciously high w/Kg values … community reports are investigated by a human who can readily find weight changes made to a rider’s profile mid-ride.

The mid-ride changes to your weight don’t appear to make it to Zwiftpower. Hence, we wouldn’t be able to see someone doing this after the fact. Also, those of us who have ever raced or ridden hard will almost surely agree that it’s hard to think straight and to type on your phone. If you are relying on the community to systematically find weight dopers, that’s a losing strategy, because not everyone will notice, and not everyone who notices will file a report - assuming they even know the functionality is there.

Fourth, back to the ban - if Luciano had emailed you without publishing the article, would you have acted? Others have asserted that they’d reported this previously. If this is true, then A) how long was this known and not dealt with, and why is the answer not immediately? B) If reporting exploits to Zwift through standard channels is ineffective, then are you sure you want to go hide behind your terms of service?

Luciano said that he was told by a teammate that this was possible, indicating that the knowledge is out there already. A few days before this blew up, this Redditor was asking about live height adjustment. One guy said no, this doesn’t work, a few other guys gave him grief or asked him not to do it … if only we’d known. I appreciate that code is complex, but it doesn’t look good if you’re unaware of a pretty basic exploit. If you were aware earlier on, it looks even worse. Either way, the company reaction gives the impression of being angrier at this coming to light than about it being abused.

Blockquote
Firstly, we would like to address the suggestion made by the originator of the post that this is ‘The Ultimate Undetectable Weight Cheat on Zwift’. This is not true. Our server captures changes made by players to their profiles.

@shooj - this whole reply is so disingenuous that it’s made me de-lurk.

This exploit has been known about for 2 years. Zwift doesn’t appear to have done anything to stop players exploiting this “feature” or to flag users who have been caught using this “feature”.

Instead, @Luciano_Pollastri_ZE gets banned for being the whistleblower and the party-line appears to be to punt the whole thing back onto the userbase to address.

That’s like saying “oh, we have 2 years worth of data on you showing you’re a Cat A racer but we won’t act when you sandbag a Cat D race but instead leave it to the race organizers to DQ you post race.”

#FreeLuciano

Zwift continually allows cheaters to enter official Zwift/WTRL events (ZRL, Chase Races, WTRL TTT) week in and week out and even features them occasionally on ZCL livestreams. Nothing happens to them.

ZP riders are continually allowed to ruin races every day yet nothing happens to them.

Don’t both of those fall under “Section 5, subsection vii forbids “Use our Platform other than for its intended purpose and in any manner that could interfere with, disrupt, negatively affect or inhibit other users from fully enjoying our Platform or that could damage, disable, overburden or impair the functioning of our Platform in any manner.”

Yet Zwift decides to shadowban one of their hardcore fans who is a contributor of content on Zwiftinsider? And for what? Posting about a gaping hole in Zwift that has been known for over a year and not fixed? It’s time to cancel the membership.

Exactly right, Weiwen. It is ridiculous to suggest that someone furiously competing in a race would possibly be monitoring another rider closely enough to detect this. Sure, if they are suddenly 50kg and ride away from everyone, but if their climbing speed is 4.5w/kg, when it accurately would be 4.0w/kg? Impossible to know or even really to suspect weight doping.

Is working at Zwift like working in a cult?

Zwift staff really do give off the impression that they think they are all perfect and that their subscribers are a bunch of idiots.

There’s so much wrong in what Zwift has done in this whole affair and I don’t think all the words in the world will make Zwift staff realise how much they’ve fucked this up.

I honestly don’t even know how to respond to this “explanation” except I’d expect more from Zwift especially after the numerous PR snafus over the past year(s).

#FreeLuciano

Shame on ZwiftHQ for allowing this issue to persist for so long and even more shame for punitively acting out against someone who dared to speak about it in public. It’s frustrating to see the community that does so much for this company be treated in such a way.

@Luciano_Pollastri_ZE should not be banned.

Zwift: “After many years of the community asking for unfair racing to be addressed, we’re finally rolling out category enforcement.”

Also Zwift: “Gaping hole in the entire game? Community’s problem.”

Exactly, especially since we are constantly told “The community is what makes Zwift what it is”. If they keep this up, eventually that community might find greener pastures, once a valid competitor emerges.

RGT is pretty good, there are many parts of it I like better than Zwift but they don’t have the critical mass of community yet to make it a viable alternative, for me personally at least.

I still can’t get my head around why the coding would allow on the fly changes to fundamental data like rider weight.

This is a typical passive aggressive response from zwift and this particular moderator. Points to a bad company culture IMO.

#freeLuciano #watopianPollastri