Exploit found which can lead cheating

I will chip in with saying #freeLuciano.

I understand that Zwift may feel stepped on their toes, but this is no different for genuine racers finding out about this bug feature and especially the fact it has been allowed to exist for such a long time. Apparently it has been made easier to tamper with weight and height during a ride than it is to change of bike. What bothers me the most is the framing to try and make a bad guy out of the whistleblower. It speaks volumes that Zwift chooses to view this the way they do, which as has been pointed out is not consistent with some precedents. So my request would be to take a zip of coffee, pause for a moment, and try to reflect on what could be driving a passionate racer/user of your platform to act the way he did. And to consider the possibility that you, him and the (majority of) the community may be aligned when it comes to wanting fair racing for everyone. I’m sure you could think of classier ways to deal with this situation. But if any good can be taken from all this, then at least we now have public confirmation that Zwift is aware of this feature, as well as being capable of shadow-banning a rider within 24h. I’m looking forward to the fix.

I actually was begging Zwift to solve the issue!

And only for that, the ban, while totally unfair, is still way worth it.
If it has had the slightest influence on the fact Zwift acts on it slightly faster than they had planned to (my assumption is that if they did not do it in 2 years their plan was never, ut it is only my sarcastic opinion), then I will happily wander the circuits of watopia for 30 days being like a ghost, and write on it very soon

While a 730-day exploit is laughable alright, that entire message is just a pile of bad corporate speak some spineless poor chap has been handed to read out aloud in public during their office hours.

I don’t understand the excitement. This is just Zwift as it has always been.

Some of us young Padawans are discovering

You know what happens when you try to sweep something under the carpet rather than tackling it properly?

You can’t ban someone that’s already quit

We really should. Count me in.

OK… Unfortunately this post only makes things worse, and really shows contempt for the community that make Zwift what it is. I know it’s not you, specifically, but I gotta raise a few points:

Lets have a look at the points in turn:

“‘The Ultimate Undetectable Weight Cheat on Zwift’. This is not true. Our server captures changes made by players to their profiles”

Right, and what action is taken against these riders who perform those changes? Does it automatically flag with a team who review these? Are those who make these changes in races routinely warned or suspended for cheating? Do you do this for major events such as Zwift Academy, Community Races, WTRL?

Or do you only investigate when, as you put it, " Players who weight-dope in a race are routinely detected by other participants by putting out suspiciously high w/Kg values. If you suspect others of cheating - we ask that you report"

Which basically confirms that the point first above does not happen, you rely on players reporting this. See, the main issue here, is that in races people generally aren’t watching every other riders power. Also, if I’ve been at 3.4 on the flat, and then at 4.4 on the climb, that doesn’t look weird. I’m not about to fanview everyone in hopes of checking their heartrates.

Now on this part of your post:

“Having shared details on how to exploit Zwift in multiple public forums, the originator has been found to be in breach of these terms of service. As a result, their social interactions with other Zwifters has been limited, they will not be visible to other Zwifters in events, and they will not show in Zwift race or ride results for a period of 30 Days. Unless it’s an invite-only event, this doesn’t prevent core use of the game.”

Unfortunately you have misrepresented the entire scenario, so I’ve helped out a bit in rewording it for you:

“Having flagged how to exploit Zwift repeatedly for over 2 years, Zwift has taken aim at the community in order to try and shift blame for not performing a relatively easy fix. It came to a point where, although the exploit has been known and used for 2 years, that members of the community who have more respect for the Zwift community than Zwift HQ actually does have decided to flag this in a way that can’t be ignored. In response, Zwift has decided to penalise this individual for making public how poor Zwift practices really are.”

But anyway, the next point:

“Longer-term, we have a plan to block this kind of mid-event weight exploit so race results are not impacted by bad actors with ill intent. We are unable to go into details of these plans for obvious security reasons. Detecting game exploits is a never-ending battle, and we appreciate your help in finding this one.”

1. Do you? Really?
2. Longer term? 2 years is pretty long term as it is, and it is not exactly a difficult fix.
3. I’ll help: IF: Event is in session, THEN: Any changes to rider profile are queued until either event has concluded or rider leaves the event. Forward this logic to your development team. You’re welcome.

So my last point, stop hiding behind Section X subsection Y to justify doing the wrong thing. There is no one here saying “yes, Zwift did the right thing” because its absolutely disgusting behaviour and only amounts to censorship. Maybe do the right thing instead of finding ways to justify acting in a way that can only be described as awful.

There are more points that come out of the above post, but I’ll pocket them for later (Unless I get banned for this, which seems quite likely).

lets say Luciano is under maintenance😱

reporting by using companion App:

• you Just have to Open zwiftpower under using the live Tab
• you need to detect and see the weight Change
• you need to use the companion App

This all in A Race with heartrate of 160-170-180

I cant do this kind of work during a Race!

this is not Something for daily use…

Secondly, we would like to explain the actions taken against this individual. Zwift’s Terms of Service directly address exploits in the game. Section 5, subsection vii forbids “Use our Platform other than for its intended purpose and in any manner that could interfere with, disrupt, negatively affect or inhibit other users from fully enjoying our Platform or that could damage, disable, overburden or impair the functioning of our Platform in any manner;"

Promoting information on how to exploit the platform constitutes a violation of these terms as it can negatively impact the enjoyment of other Zwifters.

This is just absolutely terrible practice. It reminds me of those terrible software firms who unleash legal forces on white-hat hackers who discover vulnerabilities. It’s reminiscent of stories like the Australian public transport organisation who reported a good-faith reporter to the police. No proper policy officer would allow a responsible company to behave like you are behaving. It’s amateurish and malicious. It gains Zwift nothing, apart from awful publicity, erosion of reputation, and lost subscribers. What’s the point?!

In fairness, at least if you do somehow manage to report them, then they’ll be taken out of the race immediately and definitely won’t be able to do it again in future.

Oh wait, no that doesn’t happen at all.

I feel sorry Shooj - it is hard having to be the front for such deranged corporate ranting.

I think the difference this time is the sanction against Luciano - usually Zwift just blunder about harmlessly, but this time they have had a unfair and unjust go at a well-intentioned member of the community. That’s what gets me, and I think others.

#freeLuciano

Likewise, I feel for Flint and James on here who’ve been dealing with all the anti-sandbagging stuff over the last few months, putting up with us all whinging whilst rolling out a feature that should dramatically improve the community racing scene. This crap undermines it all.

What is hilarious about a statement like this, much like the one regarding WTRL asking new signups to provide their Zwift password, is that it probably had to go through an approval loop where a number of senior people, PR, legal etc cast their eyes over it and said “yep, that’ll do the job”.

Which just adds to the weight of evidence that ZHQ are completely out of touch with their primary stakeholders - corporate investment houses. Wait no, that’s not it. YOUR CUSTOMER COMMUNITY.

@shooj
“Our server captures changes made by players to their profiles.”
Yes? And what do you do then? Or is it all TOP SECRET, so secret that nobody here has ever seen anything happening on that?

“Promoting information on how to exploit the platform constitutes a violation of these terms”
Is it really too difficult to accept that “the individual” (as you call Luciano Pollastri) was not promoting information on how to exploit the platform, but wanted to stop it? Come on

“Players who weight-dope in a race are routinely detected by other participants by putting out suspiciously high w/Kg values”
Ok, so the community is in charge (for free) for something you are paid for. Not the wisest way to put it IMHO

“Longer-term”
Could you be more vague than that? I don’t think so

“We are unable to go into details of these plans for obvious security reasons”
Sure, top secret again.
The only obvious thing here is the way in which you consider the community when someome points out your flaws.

“We appreciate your help in finding this one.”
You really have weird ways to show you appreciate the help of someone. 30 days ban is a great way to appreciate that help, really.

#FreeLuciano

Another unfortunate issue that could very easily be fixed without the fall out. At the minute Zwift are very lucky other platforms aren’t at the same level.

For the record I love Zwift and everything it could and should stand for. Both mental and physical well-being but this just stinks

So to re-iterate, Zwift has done nothing for 2 years. Expect me to believe that they’re actually super secretly handling this already (they’re obviously not), and will totally fix it Real Soon Now.

All while shooting the messenger for finally bringing this to light.

Zwift, why are you so inept and evil? It really is the worst combination of traits.

#FreeLuciano

This is the kind of action that ZHQ will take more seriously than just words. I am pausing my subscription after the TTT World Champ today. Frankly, at this point it’s anybody’s guess who is legit racing on Zwift and who is not.

Shame on you for that bullshit response.