150 WPM hard limit and anti-hack ideas

[martinkr...@gmail.com]

I had several very nice runs recently and none of them registered.
So I looked into the code. Found the Validate() function and there it is:

FAIL anticheat if speed is above 750 char/sec (150wpm)

This introduces a hard max speed limit that is impossible to go over.
There's a good reason why it's there. However, 150 is far too slow.

Would it be possible to move more of the anticheat checks over to server side? Frontend code can easily be manipulated anyway. Right now I could simply delete that line and the request would be sent to the server. Not sure what would happen then but I'm not going to try and find out :)

More advanced serverside checks would enable you to see for example if the user has over 5,000 or 10,000 samples, maybe allow them to (apply to) have a higher speed cap.

Or run detailed analysis on timeToType. But not raw milliseconds. A couple I have freakishly low, like 9ms. On the same run, another key took 188ms. My keyboard has seen some shit, so there's some key chatter on my E key and that may contribute to some anomalies. But if the variance is 0, like if there's always 50ms to type K, then it's fairly obvious what is going on.

10ff has a captcha based anticheat. Seems to work fine. However, that's a lot of dev hours to implement.

Not sure how many users we have that believably can get past 150, so maybe a serverside whitelist curated by the dev team would even be the simplest solution to pull off.

The UI flow example:

1. Type, hit 151wpm
2. Popup: yo man nice speed bro, BUT this looks fishy af. Would you like to apply to a higher speed cap, say 175?
3. Dialog options: [YES] -- [Nope, I was cheating]
4. If it gets past basic checks (not a fresh user etc), notify the dev team
5. Dev team looks at users history
6. And makes a decision to raise the limit or make good use of the banhammer.
7. If user looks legit, raise max speed cap for him to 175
8. Practice more, hit 176, repeat the whole process

TLDR:
150wpm limit is too low, please raise.
Maybe use instead: manual whitelist, server-side anticheat or a mix of both.

[4zi...@gmail.com]

Whoa you can type that fast?

[Martin Kruusement]

Not every run.

But my daily max is lately almost always ~145+ when using the shortest length and max alphabet size.

[rafailk...@gmail.com]

+1 for the funny popup message.

I also think that 150 WPM is a low upper bound & more complex methods should be implemented to help distinguish and prevent bot usage.

[Martin Kruusement]

More advanced methods can come later.

Raising the 750 chars/second limit to 1000 would be good enough to start.

Or even just logging 'this.speed' it to the console inside the validate() method.

[Martin Kruusement]

Can we raise the speed limit?

[nova...@gmail.com]

Yes, seconded (I suppose we all have a little democratic blood in us).
To the developers: update the code or do something so that faster typers get accurate feedback.
It is remembered that this wasn't always the case. I.e., there were times when the score always updated during practice runs, but over the past year or two, very often practice speed doesn't update. Whoever implemented this was either ignorant of effective methods, or nefarious for those who want accurate feedback. For what it's worth, multiplayer form never seems to have a problem. Either way, thanks for the main program. It's been useful.

[Martin Kruusement]

I guess not. Time to move on then.

[P. Phan]

 In the 150+ range this is more for competitive/esport typists, which is like < 1% of the typing population. I run an esport typing server and it sounds like you are ready for the next levels of competition :)

[andrewsc...@gmail.com]

Yeah this is a big problem because it does not take into account the 150 wpm segments, leaving me aiming for high 140s just so it counts toward my average.
Very unfortunate because everything else on this website is great.

[nova...@gmail.com]

It's a secret to everybody:

http://twiddler.tekgear.com/tutor/twiddler.html

Here's an alternative site that some how incorporated the basic engine of keybr.com without the erroneous wpm limitation -- the catch being that there is no login profiling.

[Lemon]

Agreed, my friend and I have been using keybr for over a year while practicing for WorldSkills SG, and our long time goal was to reach 150wpm.

However, it was a huge bummer that my recent runs had been negated.

At first, I thought my internet had issues, but after getting 147wpm~ runs then getting a much faster run right after which didn't get stored, i started to suspect that it was impossible to hit 150wpm :(

Would be nice to increase to speed cap to 200wpm, and maybe for the runs above 150 they require some captcha verification before appearing on the leaderboard? Ultimately, as someone who does not care about my username temporarily being on the leaderboard, it sucks that the speed cap is so low to prevent potential hackers wanting their name to appear on the leaderboards.

[vic...@gmail.com]

Envying for such fast typing, congrats! But check your math when you type :) that fast. I think you forgot the decimal separator when you typed 750 char/sec, or even more likely -  you meant minutes.