Tuesday, July 01, 2014

FAQ about my solution for enhancing security of online poker

Since I went public with an idea for helping to protect online poker, I have received a tremendous amount of feedback. In the poker community, I have had the chance to discuss my idea with notables, including some well known pros. I am grateful to Nolan Dalla, Stephen McLaughlin, Vanessa Rousso, Tony Dunst, Ali Nejad, Christian Harder, Matt Savage, Gavin Smith, Greg Merson, Tom Schneider, Matt Glantz, and many friends who have reviewed my white paper and given me feedback and excellent introductions. Sorry for the shameless name dropping, but I think that’s part of getting traction for this. As a result of introductions by Gavin and Vanessa, I will have an article published in next month's All In Magazine.

The discussions have led to some frequent questions, so I’ve compiled the most common ones here for a short FAQ about my idea:


Q. There is no way to make this user friendly. People are going to hate this, and nobody will want to do something so inconvenient.

Thanks for the question. (not really a question!)

The way I envision this is as an enhancement  to existing online poker sites. Users who want to keep things as they were can do so. Users who want more security can check the “use secondary device for hole cards” option on their configuration screen. If they select this option, then they run through a registration process to register their smarphone or tablet, after which they can receive their hole cards on a second device. At any point, users can uncheck the box in their configuration and receive their hole cards the old fashioned way.

If you find security enhancement cumbersome, you can keep it off and only turn it on when you are playing higher stakes, or perhaps when you are on a network that you trust less (e.g. at Starbucks). The user decides how to balance security and convenience.


Q. How will multi-tabling work? Most poker pros like to play many tables at once. How would you support this?


I have put a lot of work into designing a solution for multi-tabling. I think it’s challenging, but doable. Here is one of my mock up pictures that shows what an iPhone screen might look like for someone multi-tabling. The highlighted hand corresponds to the one that has focus on the user’s computer screen.


iphonemultitable.jpg

You could easily fit 12 hands on a standard iPhone screen, and as you navigate the tables on your computer, the iPhone highlights the hole cards that correspond to the table with the current focus on the screen. I am working on a detailed design document that I plan to publish in the near future that explains how all of this works.

Q. How does your solution address collusion or cheating poker sites?


My solution does not address these problems. It is nothing more than an enhancement to existing online poker that gives users an option to receive their hole cards on a secondary device, such as a smartphone or a tablet.

Q. Are remote access tools a real threat?


I have discovered, to my surprise, that this question is often debated in the poker community. There are loud voices who seem to think that if they deny the prevalence of remote access tools, that somehow the problem will disappear. One of the things that I’ve discovered in my career is that whether I’m working on electronic voting security, electronic medical records security, or any other application area, there are always stakeholders who come out of the woodwork with pseudo-science theories, making a tremendous amount of noise, with nothing but their volume to rely on for credibility. I suppose I should not have been surprised to find the same in the poker community, especially given the amount of money in this industry.


Yes, remote access tools are real, they are widespread, and they will affect online poker, banking, and every other online application. I believe a great first step towards combatting RAT tools was two-factor authentication. My solution attempts to take the technology to the next level, offering persistent hiding of information from malware on users’ computers. I think the true debate should be whether this technique is effective, usable, and efficient enough, not whether RAT tools exist. You don’t fight wars by denying the existence of your enemy - you bring your best weapons to the fight.