Bugged Out – The Failings of Magic Online

Magic: Online is falling short of what it should be in many areas, and I see little reason for it. From problems with bribery, to the recent redemption problems, to the weekly lag that causes drafts to be ruined, Magic: Online is riddled with long-existing and un-addressed problems that are shrouded in mystery.

One of the best parts about Magic: Online is the fact that there is no need for a judge. Matches are conducted according to the rules of the game, stalling in the traditional sense is impossible, unsporting conduct is solved by two mouse-clicks, and when there is a bug, you’re generally able to get a refund.*

Most of these improvements or differences from real-life Magic are what you’d expect from an online game and really aren’t “special” features at all. It’s genuinely difficult to think of a feature that Magic: Online has that is above-and-beyond what I expect for my investment. I love the online Magic experience, but Magic: Online is falling short of what it should be in many areas, and I see little reason for it. From problems with bribery, to the recent redemption problems, to the weekly lag that causes drafts to be ruined, Magic: Online is riddled with long-existing and un-addressed problems that are shrouded in mystery.

I understand that Version 3.0 is expected to come out in the next six months, and the public beta is starting in the next one or two months, but that doesn’t excuse the fact that the current state of affairs is nothing short of embarrassing. Help files are years out of date. The server status window does not work, and has actually been taken off the website. In order to view the meager updates, you have to go to a message board that loads on dial-up connection speed. And good luck finding anything – the “search” function has been broken for as long as I can remember. I’m sure that Version 3.0 is going to solve a lot of these problems, but we spent money on this game for a functioning product. Wizards is failing to keep up their end of the bargain with much of it.

Some of these problems might simply not be worth fixing before Version 3.0 comes out, but there are other aspects of the game which are poorly run now, and which will not change when 3.0 finally appears. The programmers of a new set deal with hundreds of bugs, and probably thousands of bug reports. This doesn’t excuse the fact that Dissension was recently released with a known print-run bug that made it impossible to open certain rares. They had to take the server down on release day in order to fix a bug that was reported during the beta. This sort of disorganization is not going to go away with a revamped client.

The Conduct department is completely opaque. Sending an email to them reporting a bribe, adept, username, or anything else, results in a form letter being sent back to you and often no follow-through. They won’t discuss punishments with anyone except the account owner, despite the fact that real names are posted on the DCI’s banned-players list along with the reasoning behind the ban. The opaqueness of this department is clearly not an accident, but it makes it very tough to take anything they tell you seriously. Why would people go through the motions to report bribery when they aren’t even sure the evidence they have supplied is enough to convict? If Wizards takes things like bribery and trade fraud seriously, they need to start posting the account names, and possibly the names on the credit cards associated with those accounts, on their website… along with the punishment and reasoning behind it. The DCI does this, and I’m not sure why Magic: Online cannot.

A friend of mine recently sent a bribery report about someone who was in a league with him. Such an event is not uncommon in leagues, but considering how seriously Wizards takes bribery, one would expect the offending player to be disqualified without prize, and have his account suspended for some time. This player was sighted days and weeks later playing tiebreaker matches, and ended up taking third in his league, winning fifteen packs effectively stolen from many players below him. Because of their privacy policy, it is unknown whether he was eventually suspended (it seems likely, because this friend of mine did not stop pestering them on their message board until it was dealt with), but I have never heard of any other game, online or not, where cheaters are knowingly allowed to keep the prizes they steal.

While this briber was off stealing packs from honest card-players, one of my accounts (that I rarely use) was banned. When I realized it had happened, I check the email registered with that account to check the reason for it. It seems that someone had complained about my username – specifically the fact that it had an “F” in it. The username OBVOBVOBVUDREWITAFGAIN was considered masked profanity, and I was required to change it after months of having no problems.** It’s a good thing that small children won’t be exposed to things like words with Fs in them, while they play the card “City of Ass” in real-life tournaments. Priorities are definitely in order when Fs are taken out of usernames before cheaters are penalized.

These things are bothersome and unprofessional, but more recent events compelled me to write this article. A user named BentFranklin recently discovered an exploit in the Magic: Online client that allows for someone to access someone else’s account without hacking. Luckily for the Magic population, BentFranklin went through the appropriate channels to report the bug, and waited for it to be resolved. It has been about ten weeks, and according to him our accounts are still in danger of being accessed. While changing your password is a good way to make sure your account will not be accessed in this way, the fact remains that there is a security hole in Magic: Online which Wizards has been aware of for weeks and not resolved.***

Quite simply, this is unacceptable. It should make any Magic: Online user uneasy. There are thousands of accounts that are inactive and will not know to change their passwords, meaning that thousands of accounts are at risk of easily being hacked and stripped because of Wizards’ inaction.

One of my accounts was recently hacked, and several hundred dollars’ worth of stuff was stolen. I have no idea how this was possible, as I ran several anti-virus, spy ware, and key logger programs and came up empty-handed. My password was impossible to guess, and unique.

While I suppose that there are several explanations as to how this could have theoretically happened, the simplest is that someone used this exploit to access my account. While I cannot prove that it was Wizards’ fault that my stuff is gone, it is a lot tougher to accept getting robbed when it’s possible that the very people who were supposed to protect you knowingly left your account exposed.

Other issues are just poor customer service, but it’s possible that this last point could even land Wizards in court. I asked a lawyer to look into the precedents for this sort of trade fraud/identity theft and the possible penalties for Wizards’ lack of action. His response was:

“I look at it as if Wizards of the Coast is a bailee of our cards. A bailment is a relationship in which one person (the bailor) delivers property to another person (the bailee), for some purpose and with the understanding that the bailee will get his property back. There are all sorts of technical differences for liability between bailments when only the bailee is benefiting, or when the bailor is the only person to benefit, or when both parties benefit. However, the general idea is that the bailee must use reasonable care under the circumstances regarding the bailor’s property, and a bailee that fails to use this care is liable for any damage, loss, or theft that results.

“It is important to note that, in most States, there is a legal presumption that any damage, loss, or theft to the property (while it was in the possession of the bailee) was the fault of the bailee. What this means is that when the bailor’s property is damaged, lost, or stolen while in possession of the bailee, the bailee would be required to demonstrate how his conduct with the property was reasonable in every way, or the bailee is liable. The law puts this burden on the bailee because he had the property, so he is in the best position to say what happened to it.

“While the bailment examples do not fit Magic: Online perfectly, there is an argument to be made that we trust Wizards of the Coast with our property – often thousands of dollars worth of property – every day. Wizards of the Coast has a duty to protect our property because the only protection we can do is to pick a good password and change it often. If there is a hack or security leak on Magic: Online, it is clearly unreasonable for it to remain for this long and for Wizards of the Coast to do nothing to warn us about it and how to protect ourselves.” ****

While Wizards releases old sets like Visions and hypes Version 3.0, it’s time for them to start paying attention to the aspects of the game that they have neglected since day one. Poor customer service, disorganization which results in downtime and poor communication, and a completely opaque process for dealing with known issues and user conduct, are serious issues which have plagued Magic: Online for much too long.

If you find the current state of affairs unacceptable, I encourage you to email Wizards with your grievances.

And since Wizards certainly isn’t going to mention this:

Change your passwords.

Scott Tucker

Special thanks goes to my anonymous lawyer friends for reviewing these issues, as well as the user BentFranklin for supplying material for this article.

* Seriously, if a bug causes you to lose a match, or sometimes even a game, write up a coupon request here and see if they’ll give you a couple of dollars to the store. It usually works.

If the server crashes and you’re currently losing a game in a tournament, you can also just choose not to log back in. You’ll time out, and then you can request a coupon, saying that the server crashed and you weren’t able to finish your match. It’s their job to keep the server up, so let them feel the consequences of the instability.

** The username is a quote from the first Singleton 2x Premier Event, when the player “destructive food” made the following comments after his opponent played Peek on turn 1 for two games running. I’m fairly certain that this quote is the origin of the abbreviation “OBV” that you see so often on Magic: Online:

alanzed plays Peek targeting destructive food.
destructive food: U DRAW
destructive food: IT AFGAIN
destructive food: OBV
destructive food: !!!@#@$@#$$%#$@#!@@@

The F is clearly a typo, and only adds to the quote’s overall charm.

*** I suppose it’s possible that no exploit actually exists. However, BentFranklin is an active member of the Magic: Online community and has done good things for the online game in the past. Further, he’s also organizing an initiative to tell people to change their passwords over release weekend, in order to prevent themselves from being exploited. I find it more likely that Wizards is just covering this up than that BentFranklin is looking for attention.

**** Two lawyer friends of mine who are familiar with Magic: Online have reviewed what happened here, both with Wizards’ simple inaction, and with my account getting hacked. One of them believes that I might have a case if I were to actually pursue this, while the other thinks that this reasoning is on “tenuous ground.” I’m very interested in the opinions of any lawyers out there, and would encourage them to post in the forums.