Facebook Instagram Twitter Youtube
  • Get Started
    • Create Zwift Account
    • Buy Zwift Hub Trainer
    • How To Get Started On Zwift
    • Zwift Course Maps
    • How to Race on Zwift (Setup, Strategy, and More)
    • Links Every Zwifter Must Have
    • More “Get Started” Posts
  • Tips & Tricks
    • Training & Nutrition
    • Racing
    • Zwift Hacks
  • Reference
    • How Zwift Works
    • Course Calendar
    • RoboPacer Calendar
    • Climb Portal Calendar
    • Smart Trainer Index
      • Top Wheel-On Trainers
      • Top Direct-Drive <$900
      • Top Direct-Drive >$900
      • Exhaustive Trainer List
    • Achievements & Unlocks
      • XP Basics for Riders
      • XP Basics for Runners
      • Kit Unlock Codes
      • Master List of Badges
    • Frames & Wheels
    • Routes & Maps
      • Master List: Routes
      • Master List: Climb Portal
      • Master List: KOMs
      • Master List: Sprints
      • Master List: Rebel Routes
      • Downloadable Watopia Map
    • Speed Tests
  • News
    • Events
    • Game Updates
  • Shop
Search
Logo
Logo
  • Get Started
    • Create Zwift Account
    • Buy Zwift Hub Trainer
    • How To Get Started On Zwift
    • Zwift Course Maps
    • How to Race on Zwift (Setup, Strategy, and More)
    • Links Every Zwifter Must Have
    • More “Get Started” Posts
  • Tips & Tricks
    • Training & Nutrition
    • Racing
    • Zwift Hacks
  • Reference
    • How Zwift Works
    • Course Calendar
    • RoboPacer Calendar
    • Climb Portal Calendar
    • Smart Trainer Index
      • Top Wheel-On Trainers
      • Top Direct-Drive <$900
      • Top Direct-Drive >$900
      • Exhaustive Trainer List
    • Achievements & Unlocks
      • XP Basics for Riders
      • XP Basics for Runners
      • Kit Unlock Codes
      • Master List of Badges
    • Frames & Wheels
    • Routes & Maps
      • Master List: Routes
      • Master List: Climb Portal
      • Master List: KOMs
      • Master List: Sprints
      • Master List: Rebel Routes
      • Downloadable Watopia Map
    • Speed Tests
  • News
    • Events
    • Game Updates
  • Shop
More
    FeaturedNewsRacing

    The Story of #FreeLuciano, So Far

    Eric Schlange
    By Eric Schlange
    February 25, 2022
    LAST UPDATED February 26, 2022
    158

    Update (Feb 26, 6:20am PST): Zwift’s CEO Eric Min just posted the following on the forum thread related to this topic:


    I would like to personally issue an update on a situation that has escalated over the last 48 hours, concerning a ban imposed on a Zwift community member.

    Having been brought up to speed, it is clear to me that this situation could have been better handled by both parties. The performance increasing exploit was until now, relatively unknown both within Zwift and outside, but this is no excuse to not have addressed it. The exploit is detectable, and we have the ability to look back and identify those to have used it. That said, our priority is not to look back, but to look forward, and fix this as a matter of priority in one of the upcoming game releases.

    For this reason, we have taken the decision to lift the 30-Day shadow ban issued to Luciano. For clarity, a shadow ban does not prevent a Zwifter from using Zwift, they simply do not show to others.

    Neither party had ill intent and I can only apologise to all involved, but in particular to Luciano himself. We have an obligation to the community to address exploits on the platform and will fix this particular exploit as a matter of priority.

    It is important for us to uphold our terms of service as they exist to protect the enjoyment of the majority of Zwifters. Rather than share information on how to exploit a performance bug, we would always encourage members of the community to come forward to Zwift with performance exploits they find. The process on how to bring such issues to the attention of Zwift hasn’t always been clear, so in order to improve this, we plan to introduce a bug bounty program that will not only make it easier for Zwifters to highlight issues but will also reward them for doing so. We will need time to develop this program but will share information in due course.

    Thanks,
    Eric Min
    Co-founder & CEO


    We’ll talk more about this in coming posts, I’m sure. Especially the good news about the bounty program! But for now, I wanted to share that Luciano has been freed. 😊

    This week a bit of a kerfuffle has arisen in the Zwift racing community. I feel it’s right to document the key parts of the story, at least from my perspective. I’ll finish with a few thoughts of my own.

    The Story Begins

    On Wednesday, February 16, Luciano (who writes the hilarious Lucianotes series here on Zwift Insider) contacted me via Facebook Messenger, asking for my thoughts on a potential Zwift racing exploit.

    (I’m not going to detail what the exploit here, but let’s just say it’s an easy exploit to execute, and could massively affect race results.)

    Neither of us thought the proposed exploit would even work. It was too easy, too obvious. But Luciano said he would test it the following day (I was traveling and unable to do any testing for a few days). We figured it would make for an interesting Zwift Insider post: “I tried to cheat in a race, but it didn’t work.”

    The next day Luciano pinged me again:

    He explained how he tested the exploit, and what the results were. Here’s my reply:

    We put together a plan for Luciano to compose a Google doc containing details of how he tested and verified the exploit, then I would share that with ZwiftHQ to make sure the right eyes saw it, when I was back in the office. That was on Friday.

    The following Tuesday, Luciano shared the basics of the exploit on a private team Discord server. It became apparent to him that other teams/racers already knew about the exploit, that ZADA had been informed of the exploit, and that Zwift had been told about the exploit years ago.

    So on Wednesday, February 23, I woke up to the news that Luciano had published the exploit’s details on a free WordPress site he spun up for just that purpose. He then shared that post on the Zwift Racers Facebook group and Zwift’s forum. He tried to share it on WTRL’s Facebook page (because his main concern was that the TTT and ZRL were not affected) but that post was rejected because it promoted cheating.

    And that’s when the %#&! hit the fan.

    Luciano’s account

    Shadowbanned

    As the Zwift Racers and forum posts started blowing up, Luciano’s post was shared on Reddit.

    Then a few hours later, things took a surprising turn. Zwift put Luciano’s profile into “Watopian in Review” mode.

    Anyone who has read Luciano’s posts here on Zwift Insider knows he obsesses over Zwift racing – particularly the Thursday TTT. He and his Coalition team had planned a big TTT the next day, at WTRL’s TTT Worlds. He asked me, “May I race being Watopian in Review?” I didn’t know. But I had my doubts.

    On the Zwift Racers Facebook thread, one rider posted #FreeLuciano when they heard his account was locked/banned. This hashtag would begin showing up everywhere, including the comments of Zwift Community Live’s Thursday TTT stream.

    WTRL posted on their Facebook page, referencing Luciano’s post without actually naming him. They subsequently took the post down, but here it is:

    I immediately reached out directly to Zwift via a private Slack channel to find out what was going on, because Luciano had received no communication from Zwift at this point. I was told that Luciano had received a 30-day shadowban due to his publishing/promoting a Zwift racing exploit.

    What’s a shadowban, you ask? On Zwift, this basically means you can see others, but they can’t see you. You also don’t show up in race results. It’s a way of removing bad actors from the game experience, while still allowing those riders to use the game.

    I explained to the Zwift folks I was chatting with that Luciano was a well-intentioned dude who only published the post because he knew other racers knew about it and Zwift had been told about it long ago, with nothing was being done. But they held the line – he had violated Zwift’s Terms of Service and the ban was justified. Specifically the cheater catch-all section 5.vii:

    “Use our Platform other than for its intended purpose and in any manner that could interfere with, disrupt, negatively affect or inhibit other users from fully enjoying our Platform or that could damage, disable, overburden or impair the functioning of our Platform in any manner;”

    It became clear that he wouldn’t be making that race. I pinged Eric Min via Facebook to make sure he knew about the issue, and to express my disappointment at Zwift’s handling of the situation.

    Messages Fly

    Luciano hadn’t received any notice from Zwift about his account being under review, so he reached out to support. That poor support chat host eventually forwarded Luciano to another team (I think it’s fair to say Luciano had turned into a “special case” at this point). Eventually Luciano received a more complete email explaining his ban, and the need for him to take down his post:

    Luciano sent this in reply:


    Hi Nick,

    Thanks for getting back to me. I was not aware of what a shadowban was.

    Could you please refer which articles of the TOS I have specifically violated so I get the context and I do not repeat the mistake in case I eventually decide to remain a Zwifter?

    As you point generically to the terms of service but no point in particular, I see nothing on performance metrics nor reporting functional issues. I am not exposing anything relating to the code (I have no such technical capacity) nor vulnerability of the platform… just a functional issue. An easy and obvious functional issue that you and many already knew about and not preventing you from running races and competitions without any problem.

    That mentioning publicly functional issues is sanctionable with any type of ban is news to me, and I don’t see it mentioned anywhere. The same regarding the fact that such situations should be exclusively reported through a support ticket.

    I would be also grateful If you could also let me know where I can find the different sanctions or bans applicable to Zwifters, as the notion of customer associated to the one of sanction is rather an illogical one from my perspective.

    Performance wise I don’t see how I can be considered to have benefitted in any aspect. The test was done during an Individual Time Trial, with no draft, therefore no influence on the race, and I made sure I would not be eligible to any Zwiftpower points as I explain very clearly in the video.

    On the second point. The cheat was reported in many occasions to Zwift, including ZADA and many users, and also through tickets, as many other Zwifters have now reported to me. WTRL facebook post (https://www.facebook.com/WTRLracing/posts/1133810887356502) acknowledges this is a well-known cheat for two years, so I don’t understand at all how my post has any impact on the capacity to cheat. It is surprising that you define it as a guide to cheat while at the same time you acknowledge it is there for years, and publicly written still in Zwiftpower forums.

    If anything, I feel Zwift has ignored the previous reports and failed to ensure the basic functionalities in order to try to prevent such an easy cheat that it had known for a long time.

    I want just to show how ridiculous the situation is.

    Anyhow, I am really surprised about the way all this is handled. I think I have been a very active member of the community and the platform for almost two years now, encouraging many people to join, providing a lot of support to different clubs and teams and even writing tons of articles on how fun Zwift is both in Zwift Insider, on Facebook etc…

    Today was an eye-opener of the very little that you care about your users overall, and obviously a breach of trust and faith as an until now delighted customer.

    There are other alternatives to Zwift in the market, that I like way less than Zwift I am not going to lie, but are good enough so I don’t have to be compromising on basic things as feeling valued as a customer and as a human being.

    Obviously, at this point in time, I don’t see any possibility that I delete the wordpress post. I will just voice my opinion on this topic with the same intensity that I have been promoting Zwift until now. I will see in a month from now where I stand and I understand you will make the decisions suiting the best Zwift corporation interests.

    No worries, I am not going to refer to an overutilized freedom of speech concept that has nothing to do here. It is just a matter of personal ethics. I would like to be able to finish saying Ride On.. but that ship has passed.

    Have a great day.

    Luciano


    Disappearing Posts, Re-Appearing Issue

    Then the posts started disappearing. The Zwift Racers topic went away. The Zwift forum topic disappeared. And WTRL took down their thread as well. (These post removals weren’t a surprise, as Zwift has never allowed discussion of specific cheating/exploits in their forums or Facebook groups.)

    But the Zwift community had caught wind of what was happening, and James Eastwood, ever the stalwart advocate for fair Zwift racing, created a Zwift forum post which didn’t detail the exploit, but asked Zwift to let the community know the status of a fix. See that post here >

    The initial posts had been removed, but the Zwift community was sharing the perceived injustice of Luciano’s shadowban to the world. Mass media reporters began contacting Luciano about the situation, the Reddit thread was alive and well, and James’ Zwift forum post took on a life of its own with hundreds of replies and several posters (including James Eastwood himself, as well as Zwiftalizer’s Mike Hanney) posting that they were pausing their Zwift accounts to protest Zwift’s handling of the situation.

    Thursday morning Luciano unpublished his post and wrote to tell Zwift support he’d taken it down. And Zwift finally replied to James’ forum thread with their point of view:

    Friday morning road.cc published a post about the situation.

    Luciano tells me that as time goes on, he’s hearing from more and more Zwifters who have seen this exploit used in races. Including one very prominent race organizer who reported the issue to Zwift four years ago.

    And that brings us to where we are right now.

    My Thoughts

    Here’s what I posted in the Zwift forum thread on this topic. I think it explains how I feel about this ugly and avoidable situation:


    Just to go on record here, since my reply in Zwift Racers was deleted with the rest of the thread…

    First, let me say this: I think Luciano could have handled this better by reaching out to Zwift with the issue, perhaps even telling them he would take it public on X date even if it wasn’t fixed because he was concerned that it’s actively being used by cheaters. Then if Zwift didn’t respond, he would have a stronger case for publicly posting the hack.

    So I’d say he jumped the gun a bit. Which is hard to fault him for, when he had multiple people telling him Zwift already knew about the exploit, and race teams knew about it too. That’s hard information for a rabid Zwift racer to just sit on.

    Since Luciano went against Zwift’s ToS, Zwift has the “legal” standing to shadowban him or do whatever they’d like with his account. They’re within their rights to do so. But that doesn’t make it the BEST decision on their part, and I’ve tried to communicate this to ZHQ this via private channels in no uncertain terms.

    I would have loved to see Zwift take this approach with Luciano’s WordPress post:

    “Hi Luciano,
    We just saw your post about the Companion exploit. While we don’t like seeing Zwift exploits shared publicly, we know by the content of your post that you did it in order to clearly demonstrate the hack to us and get our attention so it would be fixed. It worked!

    Since your post demonstrates how to cheat in Zwift races, we’ve taken what we hope is a temporary disciplinary measure and shadowbanned your account, which is our standard practice in these cases. We request that you take the post down immediately so more Zwifters don’t learn about the exploit. Once you do so, we will reinstate your account.

    On our side, this exploit has been moved near the top of the list of bug fixes. We anticipate at least a temporary fix rolling out in the month of March.

    Ride On”

    Some of you are bugging me to do a Zwift Insider post about this topic. I’m still not sure what that’s going to look like, but I’ve been in near-constant contact with Luciano during all of this. We’ve joked about how many parts this series of posts is going to have, as the saga continues way past what Luciano foresaw. All that to say, I’m sure this will be talked about on ZI… I just can’t promise exactly when and how.

    In the end I, like many of you, wish Zwift had handled this differently – in a way that showed they value Luciano as a person. He may have jumped the gun, but Zwift could have easily taken the high road and come out of this sparkling clean. Now it’s just sort of… ugly all around. And that bums me out. Heck, I got my Zwift Insider kit in game finally this week, and I haven’t even ridden with it yet because I’ve had a bad taste in my mouth for two days.

    I’m not leaving Zwift like some of you. I’m just annoyed to see this script playing out again. I hope Zwift learns from this and does better next time.

    Whew… that was cathartic.

    Ride on, my friends.


    Wrapping It Up

    What began as Luciano’s attempt to reveal a game exploit has turned into a story about how Zwift handled Luciano’s revealing of the exploit. But it didn’t need to turn out like this.

    I’m sure this isn’t the last we’ll write about #FreeLuciano… or about the exploit in question. But I think it’s enough for today. My hope is that this post does a good job of telling the story fairly and truthfully up to this point, while also sharing my position on how things unfolded.

    And I hope ZwiftHQ can take a step back, look at how this situation spiraled, change their processes to avoid it happening again… and #FreeLuciano.

    Your Comments

    I’m sure some of you will have thoughts on this topic. Feel free to share below, but keep it civil. Thanks for reading!

    Related Posts

    Facebook
    Twitter
    Pinterest
    ReddIt
      Eric Schlange
      Eric Schlangehttp://www.zwiftinsider.com
      Eric runs Zwift Insider in his spare time when he isn't on the bike or managing various business interests. He lives in Northern California with his beautiful wife, two kids and dog. Follow on Strava

      158 COMMENTS

      Subscribe
      Connect with
      Notify of
      guest

      Connect with
      guest

      158 Comments
      Oldest
      Newest Most Voted
      Inline Feedbacks
      View all comments
      Tomas
      Tomas
      1 year ago

      Interesting that this gets so much publicity and Julia’s ban virtually none….

      0
      Reply
      The Reasberry
      The Reasberry
      1 year ago
      Reply to  Tomas

      Julia’s ban? What ban?

      0
      Reply
      rdcyclist (Mark Crane)
      rdcyclist (Mark Crane)(@rdcyclist)
      1 year ago
      Reply to  The Reasberry

      Julia Schallau. She got banned for cheating in some Zwift races last year. Might’ve been using this exploit even.

      0
      Reply
      Tomas
      Tomas
      1 year ago
      Reply to  rdcyclist (Mark Crane)

      That’s the thing though… she got banned for “questionably high values” there was no proof of any wrong doing… She even has tests done by German Cycling Federation, on UCI WC race equipment, that proved her values on zwift.

      Pretty much that ban was “we don’t think a woman is capable of 6.0 w/kg”.

      0
      Reply
      Tobin
      Tobin(@tobinhatesyou)
      1 year ago
      Reply to  Tomas

      Julia’s numbers have been discussed to death in a private discussion group. Her outdoor power numbers match her indoor ones, but her outdoor times do not. She therefore must be the least aero person imaginable on flat roads and also has a 30kg bike on climbs. Also yes, the fastest women in the world across all endurance disciplines seem to be about ~12% slower than the fastest men. So a woman doing 6.0w/kg is similar to a man doing >6.7w/kg. Furthermore, not only did her power increase by 35% in less than a year, but she achieved her personal record… Read more »

      Last edited 1 year ago by TobinRacesBikes
      0
      Reply
      Paul Himes
      Paul Himes
      1 year ago
      Reply to  Tobin

      The stupid thing about her case was, if she hadn’t fought the initial violation, no one would have looked back and noticed all the other problems. She would have lost the results of one race and everyone would have moved on. Instead, she got herself a ban and infamy.

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Tobin

      A local rider reports 5.1-5.2wkg for 20m efforts in Zwift races and outside. His improvements are similar, both this and last year, improving >30% in 3 months. And yet when he’s pitted against well known local riders outdoors he comes up quite short. His 400W is easily matched by a rider putting out 260-270W with a 10kg reported weight difference, despite the lower powered rider being on the side of cross wind (this was a ride the two did together). His supposed 20m power of 390W indoors/400W+ outdoors got him a 3 minute slower time in a local 25km TT… Read more »

      0
      Reply
      Stephen Harman
      Stephen Harman
      1 year ago
      Reply to  rdcyclist (Mark Crane)

      No, it’s fully documented on Beastmodes’s Insta page. Julia has the full backing of the German cycling authorities.

      0
      Reply
      rdcyclist (Mark Crane)
      rdcyclist (Mark Crane)(@rdcyclist)
      1 year ago
      Reply to  Stephen Harman

      https://content-cdn.zwift.com/uploads/2022/01/ZwiftPerformanceVerificationDecision-2022-01-Schallau-REDACTED.pdf

      0
      Reply
      James Eastwood
      James Eastwood(@jeastwood)
      1 year ago
      Reply to  Stephen Harman

      Fully documented on her team’s page, very independent they are too.

      0
      Reply
      Tobin
      Tobin(@tobinhatesyou)
      1 year ago
      Reply to  James Eastwood

      Schallau’s Strava has gone private recently. Perhaps she doesn’t want people correlating her real-life speeds vs reported power because they don’t make sense. So much for transparency.

      It’s really, really simple. An independent party should observe her going all-out up a 30min climb. If a 30min climb is not available, even a 20min, 15min or 8min climb would provide some insight into her aerobic capabilities.

      Last edited 1 year ago by TobinRacesBikes
      0
      Reply
      Daniel Andrews
      Daniel Andrews(@sprenten)
      1 year ago
      Reply to  Tobin

      Her numbers are plausible with about 5-6kg more mass which would be close to the mass she used to start Zwifting with.

      0
      Reply
      Tobin
      Tobin(@tobinhatesyou)
      1 year ago
      Reply to  rdcyclist (Mark Crane)

      My guess is Julia isn’t clever enough to discover how to cheat alone…she’d been coached. All of these sanctions have been the result of cheating so poorly and obviously that Zwift has no alternative but to do something about it. Anyone who is remotely proficient with technology or familiar with athletic performance/metrics wouldn’t cheat to this extent. If you are on the cusp of being an “elite Zwifter,” then you only need to turn the knob up 5%, at most 10% to start winning nearly everything in sight. No one goes from 4.5w/kg to 6w/kg in the span of 8… Read more »

      0
      Reply
      Martin
      Martin
      1 year ago
      Reply to  Tobin

      Tobin stop please, there is and was never a cheat in use! this is just BS. It’s simple she is just capable of doing way more watts while standing and this is not a phenomenon that is new. Even i am able to replicate that on the roller!!! She did test with one of the most trusted cycling scientists here in Germany. If someone knows anything and sees a problem in the numbers he would have told here. I know him for 10 years now and if he tells me she is doing these numbers i am full on it.… Read more »

      0
      Reply
      baba
      baba
      1 year ago
      Reply to  rdcyclist (Mark Crane)

      Suppposedly cheating …

      0
      Reply
      Hubert
      Hubert
      1 year ago
      Reply to  The Reasberry

      Julia Schallau Beastmode

      0
      Reply
      rdcyclist (Mark Crane)
      rdcyclist (Mark Crane)(@rdcyclist)
      1 year ago

      Like the WTRL password debacle, this shows how much Zwift has to learn about Public Relations. For some reason they are completely tone deaf to how their response sounds in the real world. It’s like they’re living a Matrix-like world where the rest of us are in game all the time. I don’t understand how these kind of things happen with a company having a capital value over $1Billion. It is truly amazing.

      Hope they finally see reason soon before this continues exploding in their face.

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  rdcyclist (Mark Crane)

      WTRL password debacle?

      0
      Reply
      Mark C
      Mark C(@rdcyclist)
      1 year ago
      Reply to  Tim

      The gist of the issue was WTRL asking for the users Zwift password which is against about any reasonable online security protocol and the fallout afterwards with users getting banned and general BS on the part of ZHQ and WTRL. https://forums.zwift.com/t/wtrl-now-part-of-zwift/573651

      The way it was handled from the beginning to the end is a textbook example of how not address a public f*ckup. Never seen anything like it. Until this one…

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  Mark C

      Thanks for the reply. I appreciate you taking the time to write that up.

      0
      Reply
      rdcyclist (Mark Crane)
      rdcyclist (Mark Crane)(@rdcyclist)
      1 year ago

      Thank you for posting this up Eric. Like your post in the FreeLuciano thread on the Zwift Forum, very well written and captures the essence of the issue very well and concisely.

      0
      Reply
      Stefano Deriu
      Stefano Deriu
      1 year ago

      #freeluciano

      0
      Reply
      Kevin Bouchard-Hall
      Kevin Bouchard-Hall(@kbh)
      1 year ago

      Zwift is blessed with a active passionate and creative player base. Many of the best features in the game came from the communities creativity. It’s sad that Zwift often squashes this than promotes it. To me it feels like Zwift is more worried about the customers it doesn’t have than the ones it does.

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago

      #freeme

      1
      Reply
      Paul Himes
      Paul Himes
      1 year ago
      Reply to  Luciano Pollastri

      😀 😀 😀

      1
      Reply
      Neal Fleenor
      Neal Fleenor
      1 year ago
      Reply to  Luciano Pollastri

      Hey! Want me to utter other than polite words about a certain virtual cycling company when I am in and riding around? I’m composing a list for just in case.

      0
      Reply
      Joost Schepel
      Joost Schepel
      1 year ago
      Reply to  Luciano Pollastri

      Luciano/Eric, I tested this this morning, but there is a way (programmatically) to trace this behaviour during an event. I don’t know if I should mention it here how to, but you can trace it during a live event…

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Joost Schepel

      Through Zwiftpowerlive, yes.

      0
      Reply
      Joost Schepel
      Joost Schepel
      1 year ago
      Reply to  Luciano Pollastri

      That is perhaps possible, but also through a non public api

      0
      Reply
      JimH
      JimH
      1 year ago

      Dear Zwift,

      Please ban the people who are actually exploiting this (or any) cheat in races and NOT talking about it, instead of the people who are trying to shine light on the dark, gloomy underworld that is ‘Zwift Cheating’

      You are sending the message that PR and your public image is more important than the actual integrity of your game (it’s NOT).

      Last edited 1 year ago by JimH
      1
      Reply
      Paul Himes
      Paul Himes
      1 year ago
      Reply to  JimH

      Agree 100%

      0
      Reply
      Darrell
      Darrell
      1 year ago

      It’s not ugly all around. It’s ugly on Zwift

      0
      Reply
      dan
      dan
      1 year ago
      Reply to  Darrell

      Nick L.

      0
      Reply
      Ross Laurie
      Ross Laurie
      1 year ago

      Hi Eric, Agree with your comments. In cyber security, when an exploit is detected : 1) Verify 2) Notify the product developer. 3) Allow them to validate 4) Pay out the bug bounty 5) Publish a fix. and give the discoverer all due credit If they do not react or address the situation in 30 days, you have every right to go public. Is this situation still salvageable for Zwift, certainly … If Zwift were to say : ” Yes, our ToS were violated, it was an honest mistake. Someone though they were acting with the best intent violated them.… Read more »

      Last edited 1 year ago by Ross Laurie
      3
      Reply
      Tim
      Tim
      1 year ago
      Reply to  Ross Laurie

      Zwift had been notified of the bug since years though already from other means. Someone needed to go public or zwift was never going to do anything.

      0
      Reply
      Chris
      Chris
      1 year ago

      Shuji’s closing forum post statement says it all for me “Longer-term we have a plan… And they wonder why we’re frustrated.

      0
      Reply
      The Reasberry
      The Reasberry
      1 year ago

      I’m disgusted, Zwift is clearly not listening to their customers. Also, the power Zwift has to just suspend accounts is not cool, I’m only a few bad experiences away from quitting.

      0
      Reply
      M. D. S. Günther
      M. D. S. Günther
      1 year ago
      Reply to  The Reasberry

      What? Of course they have that power, it’s their platform. This is true for every platform ever. I’m sure Eric could IP-ban you, and you could circumvent that, just like you could circumvent a Zwift ban with a new account.

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  M. D. S. Günther

      Someone has explained and showed an exploit on the ban! Shown to me how to gain back my actual account without the ban!!! But there are some advantages to be a Watopian in Review I am not sure I want to waive immediately 🙂

      Nobody Reads.png
      0
      Reply
      dan
      dan
      1 year ago
      Reply to  Luciano Pollastri

      ive been one for a time or two, and the same zwift staffer in charge of your ban, wasnt going to unban me even after 30 days, (it ended up being around 50-60 after i asked why he wasnt unbanning me) – his answer was he was hoping i would apologize to HIM who had nothing to do with the simple incident of calling someone fat! Nick L. is a TOOL!

      0
      Reply
      dan
      dan
      1 year ago
      Reply to  dan

      oh, and you can do all sorts of crazy shit unseen 🙂 ~ as well as affecting race outcomes.

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  M. D. S. Günther

      Yes, any service provider can ban anyone or shut the whole thing down at any moment, but when people decide to use a service they want those things to be done in a reasonable manner, not arbitrary or silly. So just to say that zwift has the legal ability to do this is silly, zwift exists because it has customers and customers have expectations. Zwift could also close every world except Paris if they wanted, it’s their legal right to do so, but I bet a few people would be unhappy about that.

      0
      Reply
      Peter
      Peter
      1 year ago

      Thanks Eric for the post. Nailed
      #freeLuciano

      0
      Reply
      Ricardo
      Ricardo
      1 year ago

      As Zwift is a fast growing company I am well aware that things can run out of control easily. From my own experience I know that customers are not interested in this and expect always perfect handling while your employees are running the extra mile internally. On the other handside you always should take things seriously that affects your core of business your so called “reason why”. Changing weight within a race is already not allowed in the game, even changing bike without a stop. So clearly changing weight in a race via Companion app is an exploit. Zwift should… Read more »

      1
      Reply
      Deadpool
      Deadpool(@ryanruns26-2)
      1 year ago

      #FREELUCIANO

      0
      Reply
      Mark Baker
      Mark Baker
      1 year ago
      Reply to  Deadpool

      #freedeadpool

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Mark Baker

      hahahahahaa

      0
      Reply
      Joe
      Joe(@jhoff81)
      1 year ago

      “What’s a shadowban, you ask? On Zwift, this basically means you can see others, but they can’t see you. You also don’t show up in race results. It’s a way of removing bad actors from the game experience, while still allowing those riders to generate revenue for Zwift.”

      Fixed it for you. 😉

      1
      Reply
      Claus Jensen
      Claus Jensen
      1 year ago

      I left Zwift after the WTRL password debacle – they never did apologise. I do not believe they will apologise this time either, someone high up in that organisation is obviously too arrogant to admit to mistakes.

      I was expecting to return to Zwift at some point. I will not do that now – this is the third time in a very short time span, that they have disappointed me this much.

      I like Zwift, the product. I love Zwift, the community. I can no longer in any way support Zwift, the company.

      0
      Reply
      stayAnon
      stayAnon
      1 year ago
      Reply to  Claus Jensen

      I’m sorry you didn’t get an apology – I did and it was actually a very emphatic one over the password debacle – in that instance it was a mess of someone else’s making.

      This time Zwift is very much front and centre to the storm.

      Sadly lessons have not been learned, so it does not bode well for the future. I would imagine platforms like RGT are rubbing their hands with glee. They are some way off becoming serious competitors but a lot of team and event organisers are expanding horizons from “zwift only” to “zwift first”.

      0
      Reply
      Chris
      Chris
      1 year ago

      Hope your back soon Luciano, with a full apology.
      #FreeLuciano

      0
      Reply
      Jack T
      Jack T
      1 year ago

      Well put Eric 👏🏼

      0
      Reply
      J D
      J D
      1 year ago

      Stopped my subscription for the first time in over 4 years until Luciano is unbanned.

      #freeluciano

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  J D

      Hello JD, It is unbelievable the support I am receiving from all the community. I cannot thank enough all the Zwifters who have backed me during the last two days. You all rock. I have seen the #freeluciano tag all around in Watopia and it has even won some races. Not joking. Two B races were won today with guys changing their name to #freeluciano 🙂 Now, I don’t think you guys should cancel your subscription because of this. I love Zwift community and I wish I had my account back. Sorry if I sound cheesy in the next lines.… Read more »

      1
      Reply
      Mark Baker
      Mark Baker
      1 year ago
      Reply to  Luciano Pollastri

      Luciano, Zwift has freed you, and rightly so. Glad to have you back, if you come back.

      0
      Reply
      Marko Milivojevic
      Marko Milivojevic(@icemarkom)
      1 year ago

      Both Zwift and WTRL need to learn, understand, and internalize the concept of *rewarding* white-hat “hackers” and not punishing them. This is not the first time, and certainly won’t be the last.

      Most high-tech companies have bug bounty programs (i.e. https://bughunters.google.com/). If Zwift really wants to grow, compete and develop as a modern high-tech company, they need to accept that “well-known” exploits cannot continue to exist while reliance on them not being known is the “solution” (in the security community, this is known as “security through obscurity”, and it always, 100% of the time fails).

      Last edited 1 year ago by Marko Milivojević
      0
      Reply
      Mark Gallagher
      Mark Gallagher
      1 year ago
      Reply to  Marko Milivojevic

      A white hacker doesn’t post an exploit on public sites. At no point did he inform Zwift and give them a chance to respond. He took the words of others that Zwift already knew rather than going to Zwift (and through Eric he had the option of more direct access into Zwift than most of us). Instead he went fully public. Even if, as I’m prepared to believe, his intention wasn’t malicious, it was foolish. If you want to quote the example of Google bug hunters then I’ll assume you’ve read the their terms and conditions. Its not tell the… Read more »

      0
      Reply
      Marko Milivojevic
      Marko Milivojevic(@icemarkom)
      1 year ago
      Reply to  Mark Gallagher

      All fair points.

      0
      Reply
      M4rk0
      M4rk0
      1 year ago
      Reply to  Mark Gallagher

      He didn’t hack anything. No code was altered, nothing was injected, no malware involved. He literally changed a setting while riding. Anyone can do this.

      0
      Reply
      Mark Gallagher
      Mark Gallagher
      1 year ago
      Reply to  M4rk0

      A white hat hacker was the comparison used, so don’t nit pick.

      0
      Reply
      stayAnon
      stayAnon
      1 year ago
      Reply to  Mark Gallagher

      It appears you didn’t read the article, or any of the information relating to it.

      0
      Reply
      JaJa
      JaJa
      1 year ago
      Reply to  stayAnon

      Mark G. was responding to the comment by Marko, not commenting on the article. Sad that you couldn’t figure that out.

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  Mark Gallagher

      Zwift had been informed since years ago. This is on zwift. Zwift is lucky no one went public sooner. If no one went public it would never be fixed.

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Mark Gallagher

      I agree with you. I am not a white hat. I did not really know what were the rules here. However I was able to check that the issue was reported in many occasions to Zwift by other members before posting and nothing was done. At the time we posted I had evidence it was reported at least in Jan 21. Now I know for a fact the issue is known since 2018. I am also being told by everybody that a 90 day delay is the time normally given to companies by white hackers to solve and fix the… Read more »

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Luciano Pollastri

      As a software architect with a fair bit of experience and accountability in cybersecurity, it is always my assumption that a “0-day” exploit has been known in the wild for a long time. Anyone thinking otherwise is a fool. 90 days is 70-80 too many, and far more grace than I would ever give. For the record, if someone published an exploit like this for a product I’m responsible for without first reaching out to me and offer a grace period in which I can address it, I would be absolutely furious. And once I calmed down I would have… Read more »

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  s y

      Except that’s not the situation we are in. What would you have done if you had been presented the exploit and your company didn’t fix it for years and then someone posted about it publicly?

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Tim

      I’m confused about which of my two points you refer to. But to clarify my position: 1 – It is a good assumption that 0-day exploits are known and in use before your company ever gets the bug report 2 – If your company ever gets a bug report that has serious impacts for a large user base (security, cheating, etc.), it is your obligation to address on priority 3 – If a company ignores a bug impacting a large user base for months/years, public disclosure is appropriate While a defensive reaction may be expected thanks to human nature, it… Read more »

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  s y

      So to summarize you volunteer to tell us all about what you would have done if someone publicized an exploit for your product that your company didn’t know about. I ask what you would do if your company knew about the exploit, because that is actually relevant to this situation. To that you reply that you don’t want to theorize. But it does seem like you want to theorize from your first comment. Not much point in continuing if you’re gonna say “x” in one comment and “not x” in the next comment.

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Tim

      In re-reading my comments, I can see I wasn’t explicit in either one. I tried to imply the position I talked about is same as Zwift (i.e. my company knew about the exploit), but clearly I did not do a good job. Placed in the same situation as Zwift, my reaction would be to organize and help the engineering team close the hole as fast as realistically possible. My help may mean me personally fixing it, me prioritizing it as a show-stopper, etc. Once the process is under way to appropriately address the ability to cheat, I’d move onto asking… Read more »

      0
      Reply
      Kareltje
      Kareltje
      1 year ago
      Reply to  Mark Gallagher

      Hi Mark, In this case, the issue was reported years ago to Zwift and they didn’t fix the issue. It was due time someone made this issue public, to put pressure on ZHQ to actually fix this.
      Although he could have handled it a little better by giving Zwift a couple of weeks notice, I still think that if a company sits on a bug for over 2 years, they have it coming. They should implement a Coordinated Vulnerability Disclosure proces extended to bugs that could lead to cheating. And they should be transparant about it!

      Karel

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Marko Milivojevic

      We (we were three deciding on the protocol) are not at all bug hunters, and we don’t want any reward, just the thing to be fixed so we can enjoy Zwift Racing again without being thinking that people are exploiting a hole in the system to cheat. It’s not even a problem of performance in sports, it is about fun. I don’t play poker or monopoly with cheaters either. Just because it is not fun. Now, as much as I did not want a reward, I did not expect either to be banned to be honest. Would I have known… Read more »

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Luciano Pollastri

      It is widely assumed that cheating is rampant in Zwift (or at least it is in my circle). As they’ve done little to address it over the years, I see no reason to believe they will now or to give them more benefit of the doubt. Sometimes a fire needs to be lit to get the team moving.

      0
      Reply
      James
      James
      1 year ago

      Alas, as Yoda once said, in terms of exploits, “there is another”. Harder to do but enough to completely change the dynamics of a race. It’s been taking place for some time in the ZRL. WTRL have known about it since at least late last year, but to my knowledge have no plans to act on it. If Zwift and others want to take race organisation / enforcement away from the Community, they need to step up to the plate faster than this.

      0
      Reply
      drnoodle
      drnoodle(@kdstotes)
      1 year ago

      Sorry, I’m an just not a fan of excuses for why people should take efforts to ease the blow to large companies so they can save face for problems that have existed for this long. Much less existed AT ALL. I know you have relationships to maintain so that colors your response in some way. But I have NO sympathy for a billion dollar company that is offering decreasing value over time. I’m less and less confident Zwift will be a long term part of the sports community. I hope they just took a tough nosedive during Covid despite the… Read more »

      Last edited 1 year ago by kdstotes
      0
      Reply
      Pete D
      Pete D
      1 year ago

      #FREELUCIANO

      0
      Reply
      Onno
      Onno
      1 year ago

      Zwift somehow did something about this when doing the change using the in-game Zwift settings.

      When playing with autohotkey changing weight was greyed out after lots of changes. I did the pretzhell and changed it a lot during the event.

      I got some trouble with it as I ended with a way too low weight 😂

      0
      Reply
      Evan
      Evan
      1 year ago
      Reply to  Onno

      see, YOU are the type of person Zwift should ban, not someone like Luciano. Luciano wasn’t cheating. You clearly were (or are).

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Onno

      I am watching you 🙂

      0
      Reply
      M. D. S. Günther
      M. D. S. Günther
      1 year ago

      That was silly Luciano. You had good intentions but I don’t understand why you thought it’s a good idea to share the details. It may be well-known (whatever that means) but of course many many more know it now too. I don’t agree with the hard stance by Zwift (#FreeLuciano), especially if they say they can detect it anyway, but you didn’t know that and i’m just a bit perplexed why, after Eric tells you that he can’t publish that, you publish it everywhere. Hope it gets resolved quickly, Lord knows there are more important things happening right now, and… Read more »

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  M. D. S. Günther

      I love your positioning. Specially on way more important things happening 🙁 I perfectly understand you may disagree. The question we asked ourselves at the moment of publishing were exactly the ones everybody has, and for some of them we came out with different answers. For example, to the one “many others will know know” for us the answer was quite straight forward. Now that you know, will you cheat? When I was made aware, would I cheat? And we believe that if you were planning to cheat anyhow, you would. If not, you would not… As simple as that.… Read more »

      0
      Reply
      M. d. s. Günther
      M. d. s. Günther
      1 year ago
      Reply to  Luciano Pollastri

      Okay, i see your reasoning. For me it’s a risk not worth taking, both on the community not abusing it (you are right that the majority will not become a murderer now, but the murderrate probably didnt decrease either) as well as on your end not getting punished for it. Wish you would’ve taken Erics proposed route but maybe your actions and the fallout lead to a better handling of these exploits. That this was possible for so many years is pretty unbelievable.

      Ride on!

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Luciano Pollastri

      Nothing makes me believe Zwift would have acted on the report had you submitted it in some alternate fashion. If they hadn’t in the past several years why would they now? Of course, they’ll say otherwise, but you either take cheating/security seriously or you don’t …

      0
      Reply
      Lawman
      Lawman
      1 year ago

      I think I lost 3kg just reading that!

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Lawman

      I have some suggestions on how to translate that through companion app, you can DM me 🙂

      0
      Reply
      Maxime Gillet-Thébault
      Maxime Gillet-Thébault
      1 year ago

      #FreeLuciano

      0
      Reply
      Andrew
      Andrew
      1 year ago

      What do I know? But this strikes me as a situation where Zwift got caught looking really bad, and made it worse by punishing the person who shined the bright light on their own failure. It seems really disingenuous for Zwift to say, he should have reported this through proper channels, when it’s clear that people had been doing that for years. If he had used “proper channels” again, chances are that still nothing would have changed, and the exploiters of this would have continued. Instead, it’s become quite the dust-up, and Zwift is now in a position to where… Read more »

      0
      Reply
      AeroCat
      AeroCat
      1 year ago

      Well… I’ m pretty sure u r all aware that there’s Rouvy, Fulgaz,Bkool etc ready to take your money ( less btw) than zwift. These apps feature real roads and not some cartoon madeup sh#t

      0
      Reply
      Suzanne
      Suzanne
      1 year ago

      If they’ve known about it for years already and not made the fix, it must be difficult or impossible so I wouldnt expect it to change anytime soon. But if it DOES get fixed quickly now that everyone is watching, then it’s almost worse because they’ll essentially be admitting that it could have been done long ago but fair racing just wasn’t a priority. Zwift’s response that it’s the community’s responsibility to catch cheaters is SO weak. We can’t be racers and refs at the same time.

      Last edited 1 year ago by Suzanne
      0
      Reply
      #doitnow
      #doitnow
      1 year ago
      Reply to  Suzanne

      I bet it is VERY easy to fix. Program it so that you cannot alter game critical profile settings while riding. A programmer should be able to do that quite fast. This is programming and not rocket science.

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  #doitnow

      Spoken like someone with no programming experience. Unless you’re intricately familiar with the code in question, your opinion is useless.

      As for rocket science, quite literally it would be impossible without programming 😂

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  s y

      I don’t know what the internal zwift code looks like or how it’s structured but we can look at similar changes they have made in the past to estimate. It used to be possible to swap bikes without stopping until they fixed that. So they’ve done similar fixes in the past, so it can’t be _that_ hard.

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Tim

      Unfortunately you cannot infer one from the other for many reasons. Different modules will have differing levels of complexity and we have no idea if the two are similar. We also don’t really know how the cost of the bike swap fix. Do I think it is complex? No, I doubt it would take that much effort. But the original comment implied it is “VERY easy to fix”, which is arbitrary. Do I think they should fix it? Absolutely, they should have done so long ago. I think they should have had a fix out by now even assuming they… Read more »

      0
      Reply
      Tim
      Tim
      1 year ago
      Reply to  s y

      So I can’t even try to do some informed guessing using facts and known things about Zwift about how much effort a fix is but you are allowed to say that they should have had a fix out within a few days. Seems like you have one standard for what you say, and a different standard for what everyone else is allowed to say.

      0
      Reply
      Mark M
      Mark M
      1 year ago
      Reply to  s y

      May wanna be careful with your condescending tone. (https://en.wikipedia.org/wiki/History_of_rockets)

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Mark M

      You’re absolutely right, I took offence at the original comment and reacted poorly (This is programming and not rocket science). I’ll let the OP educate themselves about complexities of “programming”.

      0
      Reply
      Stuart Lynne
      Stuart Lynne(@sl)
      1 year ago

      To sum it up. We couldn’t be bothered to fix this in four-plus years how dare you to publicize it. That was the policy generally in the Internet infrastructure community until about 10 years ago. But that has evolved somewhat. Generally, companies know that they need to respond quickly to reports and to actually fix things. They also know that it is generally a bad idea to shoot the messenger even when they may violate terms of service etc. Really progressive companies even have bug-bounty programs to reward people for reporting them etc. Possibly Zwift should review some policies like… Read more »

      0
      Reply
      Rob Bane
      Rob Bane
      1 year ago

      Is the WordPress blog still up?

      #FreeCheatingInstructions

      0
      Reply
      George
      George
      1 year ago
      Reply to  Rob Bane

      @Rob Bane I hesitate to post this, and this comment will probably get removed, but:
      https://web.archive.org/web/20220224130813/https://zweight241477032.wordpress.com/2022/02/23/the-ultimate-undetectable-weight-cheat-to-win-all-races-on-zwift/

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Rob Bane

      No it’s not, but some people retrieved it from webarchive. After the word was out and it was clear that it raised the attention of Zwift (the ban was a clear indication they were taking it seriously) I have decided to take it out. Cost/benefit analysis…. Initial aim was reached.

      0
      Reply
      Jeff
      Jeff
      1 year ago
      Reply to  Luciano Pollastri

      OK, I was agreeing with Eric that you should have gone through proper channels with this… until I finally took a look at your page to see what the exploit was. I am firmly in the LP camp now, this is completely on Zwift. Such a stupid easy fix to this and they knew for years, they should be ashamed of themselves. I’m sorry for ever doubting you.

      0
      Reply
      KJ Phillips
      Member
      KJ Phillips(@k8cancook)
      1 year ago

      I am one of Luciano’s teammates, and I am appalled at how Zwift has handled this. It is a fumble in user support and integrity at best, reckless and damaging at worst. Zwift needs to look at this with open minds and eyes. That said, this exploit should be less difficult to fix than most. There are a number of paths (most of them would be time-consuming), but eliminating the alteration of trigger data during events will stop the exploit and should be a code snippet that is fairly easy to implement. Back to Luciano’s status…Zwift has the power to… Read more »

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  KJ Phillips

      Love! Love! Love!

      0
      Reply
      Sherpa Dave
      Sherpa Dave(@dashton)
      1 year ago

      Well written article Eric and your thoughts are on-point. I can only hope sane voices at ZHQ take the reins before this spirals beyond the point that they can recover their dignity. I am usually Zwifts biggest fan – but whoever was responsible for this on their end needs to be rapidly escorted from the building.

      1
      Reply
      Mother Teresa
      Mother Teresa
      1 year ago
      Reply to  Sherpa Dave

      You would think Zwift invaded Ukraine based on the faux outrage in these comments. The guy promoted a way to cheat.

      HTFU and #BanLuciano

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Mother Teresa

      I am already banned 🙂
      And yes, this is ridiculously superficial given what is happening in Eastern Europe.

      0
      Reply
      Free Luciano
      Free Luciano
      1 year ago
      Reply to  Mother Teresa

      Judging on your nickname probably you are one of the persons who think that Mother Teresa was a good person.

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Sherpa Dave

      I will still be watching your videos even if I am not racing… Please keep the music 🙂

      0
      Reply
      Chris
      Chris
      1 year ago

      There is simple solution to fix that, just block the ability to use exploit in companion app during race events. Easy fix. Can be done in second. I wish to someone check race results on zwift power and highlight cheaters, all power data is there. No mercy for cheaters.
      That should be priority now for zwift programmers.
      More people will be aware how to use this exploit now, and they gonna use it for sure.

      Last edited 1 year ago by Chris
      0
      Reply
      Rob Bane
      Rob Bane
      1 year ago
      Reply to  Chris

      This is amazing, do you know their IT architecture? Which bits of code need changed?

      1
      Reply
      Chris
      Chris
      1 year ago
      Reply to  Rob Bane

      Simple like that:
      If race started x value change is not possible.
      Or if changed it will affect game from next started activity.

      Don’t tell me this thing requires weeks of rewriting code.
      Simple rule set:
      If race started x value is not editable.

      Last edited 1 year ago by Chris
      0
      Reply
      Linus Torvalds
      Linus Torvalds
      1 year ago
      Reply to  Chris

      “can be done in a second”. If you have any experience coding in the real world, you would know that changes are rarely as simple as they might appear at first glance. Then there is testing and the fact that devs are working on other things.

      0
      Reply
      Bill Gates
      Bill Gates
      1 year ago
      Reply to  Linus Torvalds

      I am a programmer. To fix this particular cheat it would be enough to block the abililty to change your profile in the companion app during any ride. Including testing this should not take more than one day for someone familiar with the code.

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Chris

      Chris. I also thought this when we launched the post. I am not a developer. By now I have been explained in detail that the companion app fix is super easy but it would not resolve the whole thing. Seems more complex. Without wanting we pointed at something complex. Zwift responsibility to solve it, and they had plenty of time, not mine. But it is not as easy

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Luciano Pollastri

      If it is possible to do from the companion app, it is possible to do .. period. Security issues cannot be resolved from client side, only made less convenient, that’s the challenge here.

      No excuse though, if they don’t take cheating seriously, how will they handle a real issue?

      0
      Reply
      Thomas Christiansen
      Thomas Christiansen
      1 year ago

      I just ride & race for the fun of it. Cheaters kill the fun!
      Stop the cheaters!
      #freeluciano

      0
      Reply
      Luciano Pollastri
      Luciano Pollastri(@luciano-pollastri)
      1 year ago
      Reply to  Thomas Christiansen

      I should copy paste your line instead of giving all kind of justifications why we did this or that….

      0
      Reply
      Chris Cleeland
      Chris Cleeland(@chriscleeland)
      1 year ago

      In this tragic drama, Zwift plays the part of Missouri Governor Parson and Luciano the part of the journalist alerting the government to embarrassing issues. Not happy to be publicly embarrassed, Zwift Parson abuses power against the gadfly.

      See also “The Emperor Has No Clothes”.

      0
      Reply
      Chris
      Chris
      1 year ago

      I’m happy that Luciano exposed that, unfortunately racing community is ignored by Zwift for years, how long sandbaggers had a chance to destroy racing experience for many people.

      #freeluciano

      0
      Reply
      Jim Peyton TFC
      Jim Peyton TFC(@kevlar_heart42)
      1 year ago

      There are other exploits….I will not post the details…but

      cycle card.jpg
      0
      Reply
      matt
      matt
      1 year ago

      Zwift just taught their user base that if you find exploits and want to make them public to do so anonymously. This is not even an exploit, its just using the functionality they provide in crappy dishonest way. Their response is how you get a bunch of bored nerds to find ACTUAL exploits and publish them publicly. I sure hope there is racing with wtrl level participation on some other platform by next winter. They have shown themselves to not be a company I want to give money to in dozens of ways for years.

      -1
      Reply
      Allen Day
      Allen Day
      1 year ago

      Pssh. It isn’t an “exploit”. It is a bug. It is part of the typical profile that every user must edit. “When” they edit it is entirely up to the UI design team at Zwift. Blaming the public and users is just childish.

      I bet less than 100 lines of code in all need to be changed … just get it done Zwift.

      0
      Reply
      Wayne Schnitzerling
      Wayne Schnitzerling
      1 year ago

      How dare he want a fair platform..😜 Well I am now wondering if this was the method used in the ANZAC Day ride last year by a certain female.. I reported this high profile personality and next minute got shadow band for 30days.. I asked what the reason was for the ban and got a automated response about I breached the terms and conditions. I returned for a week then got banned again. During the first ban I asked lots of others what they thought of this persons ZP and they also reported her.. I ended up just leaving and… Read more »

      0
      Reply
      George
      George
      1 year ago

      for anyone wondering, here’s a link to the article:
      https://web.archive.org/web/20220224130813/https://zweight241477032.wordpress.com/2022/02/23/the-ultimate-undetectable-weight-cheat-to-win-all-races-on-zwift/

      0
      Reply
      Paul Smith
      Paul Smith(@smithpauld1501)
      1 year ago

      Boy, am I glad that I’m a D racer (427 “races,” ZwiftPower tells me. Let’s make that 250, when you subtract the group rides I’ve led.) I just obsess over the races in front of me, rather than what other people are doing. Can’t control them. First, as a former professional journalist, I salute Eric for surfacing this when Zwift is, well, the focus of ZwiftInsider. Sometimes, you’ve gotta bite the hand that feeds you. Second, to Luciano, Dolt! Whatever Zwift, ZwiftPower and WTRL’s failings, what were you thinking? Did you bother to check the repercussions of publication? What amazes… Read more »

      0
      Reply
      Paul Smith
      Paul Smith(@smithpauld1501)
      1 year ago
      Reply to  Paul Smith

      Stripped all my formatting. Bad, Eric. Bad. Bad.

      0
      Reply
      Fausto
      Fausto
      1 year ago

      Maybe Zwift should have fixed this sooner, so they don’t have to rely on catching people using the cheat. However, the way Luciano handled it was absolutely wrong and does not reflect well on his character. It sounds like you guys had the right approach at the start and planned to share the testing with ZwiftHQ and “make sure the right eyes saw it”. Was it that Luciano’s “rabid”/”obsessive” nature meant that he couldn’t follow that plan and had to tell the world right away? He sounds like your friend or at least you like the guy, so naturally you’re… Read more »

      0
      Reply
      Chris
      Chris
      1 year ago
      Reply to  Fausto

      Is it fair to race against cheaters?
      Problem was highlighted long time ago.
      Zwift devs ignored that. Luciano opened Pandora box, looks that this is only way to force them to fix that.

      0
      Reply
      Fausto
      Fausto
      1 year ago
      Reply to  Chris

      “Is it fair to race against cheaters?” No and that’s a stupid question. Why are you asking it, when I did not suggest anything of the sort.

      “Zwift devs ignored that” – not true, if apparently Zwift has a way to detect this method of cheating and have DQ’d people who tried it. With that in mind, it’s easy to see how someone would put the “fix” as a lower priority. That’s not “ignoring it”, when you have 1000 other changes requested.

      0
      Reply
      Kritoffer Smed
      Kritoffer Smed
      1 year ago

      There might be a easy quick-fix for this particular exploit, but it also reveals an underlying design problem with Zwift as a competitive online multiplayer game… There is no server validation! The client is responsible for almost everything. The most obvious hack would be having the client tell the Zwift server that you’re outputting 100W, weights 100kg but are still going at 100km/h (or mph for that matter) while ascending a climb :/ This would look quite weird and suspicious, but what about always having “full draft” or always extra powerful power-ups? Deciding which power-up to get might actually be… Read more »

      0
      Reply
      Colin Peerman
      Colin Peerman
      1 year ago
      Reply to  Kritoffer Smed

      this. exactly is already rumoured to be used….

      0
      Reply
      s y
      s y
      1 year ago
      Reply to  Kritoffer Smed

      Does the client actually specify speed?

      0
      Reply
      Rory O'Conor
      Rory O'Conor
      1 year ago

      Thank you for this. Shame at zwift response to someone trying to improve things. They seem to be losing the plot. #freeluciano

      0
      Reply
      Rob GZ
      Rob GZ(@robgrootzwaaftink)
      1 year ago

      Thanks for this post Eric. #FreeLuciano
      so frustrating Zwift is blaming the messenger instead of focusing on the real problem.

      0
      Reply
      Tim
      Tim
      1 year ago

      I know you have to craft some kind of “both sides” narrative because of your position but even your suggested way for Zwift to have handled this as you outlined in the email you’d have liked to see Zwift send is stupid, ever heard of the Streisand effect? https://en.wikipedia.org/wiki/Streisand_effect When you try to block or ban something on the internet is has the opposite effect, the content gets shared even more widely. So although zwift claims their goal is to prevent more people of learning of the exploit, their own actions have caused many more people to become aware of… Read more »

      0
      Reply
      Kevin Hamer
      Kevin Hamer
      1 year ago

      We should all post how to do this weight cheating (it’s too easy even call it a hack, I’ve seen it being used) on every forum, Discord server and Facebook. This would leave Zwift in a spot where the only way out is fixing this absolute and utterly dumb issue. What else are they gonna do? Shadowban every racer?

      0
      Reply
      wpdiscuz   wpDiscuz

      Get Started on Zwift

      Sign Up (Free Trial)
      Buy Zwift Hub
      Read More...

      Newest Featured Posts

      Zwift Companion Update (v3.51.0) Delivers Map Calendar and Route Browser

      Game Updates

      Zwift Racing League Week 4 Guide: Tour of Tewit Well

      Racing

      Support This Site

      Write a post, shop through us, donate or advertise. Learn more

      NEWSLETTER SIGNUP

      Zwift tips and news every 2 weeks! Click to subscribe.

      This community-driven site is maintained by Eric Schlange and a team of Zwift enthusiasts. Zwift Insider is independent of Zwift corporate (www.zwift.com), although Zwift does provide funding to help defray site costs.

      This site contains affiliate links to Amazon, Wahoo, and other brands. Zwift Insider makes a small commission on purchases made from these links, so please shop through them to support our efforts.

      Terms of Use/DMCA Copyright Policy

      Privacy Policy

      [email protected]

      Latest articles

      Tiny Race Series – September 30 Routes and Last Week’s Results

      Notable Zwift Events for the Weekend of September 30-October 1

      Zwift Companion Update (v3.51.0) Delivers Map Calendar and Route Browser

      Popular Categories

      • Racing1097
      • News752
      • Events648
      • Training & Nutrition619
      • Interviews449
      • Routes & Maps329
      158
      0
      Would love your thoughts, please comment.x
      ()
      x
      | Reply
      Comment Author Info
      :wpds_smile::wpds_grin::wpds_wink::wpds_mrgreen::wpds_neutral::wpds_twisted::wpds_arrow::wpds_shock::wpds_unamused::wpds_cool::wpds_evil::wpds_oops::wpds_razz::wpds_roll::wpds_cry::wpds_eek::wpds_lol::wpds_mad::wpds_sad::wpds_exclamation::wpds_question::wpds_idea::wpds_hmm::wpds_beg::wpds_whew::wpds_chuckle::wpds_silly::wpds_envy::wpds_shutmouth:
      ‹ Back to Categories
      You are going to send email to

      Move Comment

    • Related Posts