LARP

Why Your LARP’s Safety System Will Fail: A Hacker’s Guide to Engineering Player Safety

Why Your LARP’s Safety System Will Fail: A Hacker’s Guide to Engineering Player Safety

I’m been thinking a lot about authority and safety teams in our LARP games. My mind started drawing parallels with my own background in software engineering and security. Part of my job is thinking about complex systems, and how to control the power of users in those systems.

I began to see problems in the ideas and standard policies being proposed. I began to see failures in my community and elsewhere. So, I started to think –

Can you take lessons from the world of hacking and security, and apply them to the meat and bone world of LARP communities? What happens when you start thinking about community safety like a hacker? What problems with our current approach are revealed?

“Can what we are creating to protect people actually be used to make things less safe? How do we stop that from happening?”

Hacking is about how systems can be made to turn against themselves. I want us to start thinking – can my LARP organization be hacked? Can what we are creating to protect people actually be used to make things less safe? How do we stop that from happening?

There’s a real danger in not thinking about vulnerabilities and subversion of our safety systems, where the illusion of security actually makes us less secure to the most abusive individuals. I want you to read the following as both a warning and a guide as to how to make our players, volunteers and employees truly safe.

We need to do two things in our community:

  1. We need to realize black hats exist.
  2. We need to be critical of organizations and manifestos on safety which do not acknowledge the threat of black hats, and insist they are inadequate until they do so.

But what are black hats?

The Black Hats

A black hat is someone who seeks to use a system for a destructive or selfish purpose, against the intentions of the creators.

In computer security, a black hat hacker is one who infiltrates systems for criminal, destructive or malicious purposes, as opposed to a white hat hacker who does so to explore, close vulnerabilities or test. The term comes from the imagery of the villains in old Western movies wearing black cowboy hats.

Let’s call those who seek to use our games and organizations in a destructive or selfish way “black hats”, encompassing the wide variety of motivations to misuse your game. Abusers, predators, bullies, pathological liars, narcissists, queen bees, profiteers, all these things fall under the umbrella of black hat if they are sophisticated and manipulative enough.

Their motivations vary wildly. They might be driven to humiliate and debase others out of a desire for revenge. Or need to feel powerful and show dominance in order to assuage deep feelings of insecurity and uncertainty. Or feel driven to attack others by deep resentments and prejudices. Or just find the feeling of inflicting pain on others gratifying. If these are deep emotional compulsions in them, they will go to surprising lengths to fulfill them.

“natural selection often turns abusers and other malignant personalities into black hats over time”

And natural selection often turns abusers and other malignant personalities into black hats over time. Those who do not build the manipulative habits of a black hat do not last in one place for very long.

They will seek out the company of enablers who will empower them to indulge their desires, and protect them from the consequences. Their enablers might be friends or romantic partners who the black hat has convinced they are unfairly persecuted. Or their enablers might be malicious themselves, using the black hat’s behavior as a tool for their own ends. The enablers might use them to attack their rivals or create disasters they can then get credit for fixing.

So, what should you know about black hats?

1. Black hats exist and they will target your organization if it is vulnerable to them.

The first reaction is to doubt that black hats exist. They do, and you are only doing them a favor by doubting it.

Black hats are in every community and seek out vulnerable systems that allow them to indulge their desires; and learn how to manipulate the people around them into being enablers. They will cluster with other black hats when they compliment each other’s behavior. They might even flat out coordinate with one another to achieve their goals.

Their behavior won’t be limited to LARPing. The black hat will engage in this behavior wherever they can get away with it. By the time you encounter them, the black hat will have years of experience. They have been honing this behavior for years. You are at a disadvantage from the very start. Never forget that.

“The black hat is the sophisticated threat because they will turn your organization against you.”

If they are thwarted from indulging their destructive impulses elsewhere, they will be especially looking to indulge them at your game. You must not be surprised at the energy they will expend in gaining territory for themselves.

It should be noted that not all predators and abusers in our community are black hats. But the black hat is the sophisticated threat because they will turn your organization against you, rather than fighting your organization openly.

2. Black hats have three lines of defense

Hackers don’t want you to know what they are doing. They want to quietly operate for years, unless the payoff is big enough to expose themselves. The black hat’s goal is use your game to create an environment which allows their predatory behavior in the long term.

If there’s nothing visibly wrong with your system, why would you ever be paranoid about it being compromised?

The black hat’s first line of defense is never to be noticed by those who can stop them. They will hide their behavior, block attempts to report on them, and manipulate others into silence. They may hide behind the alibi of their character’s actions, push the community toward accepting the most sociopathic or abusive interpretation of the rules and setting, and try to make their behavior seem normal. If there’s nothing visibly wrong with your system, why would you ever be paranoid about it being compromised?

How can you stop their behavior if you do not think they are the problem?

Their second line of defense is to pose as something else. Black hats manipulate victims into feeling guilty or wrong, that their bullying was “just how the game works”, that their feelings of violation are “just overreacting”, etc. They will reframe the situation in the eyes of authority, to make it seem that the victims of their harassment and attacks are the perpetrators, not the victims.

Your organization cannot deal with their behavior if your organization is under their control.

And their third and very last line of defense is to seize control of the situation. The most successful black hats will find themselves in this situation only after years of exploitation. Unfortunately, most plans for dealing with black hats in communities focus on the very last defense. Bouts of open warfare can often end in the black hat’s favor, with the organizers who fought them being ostracized or saddled with bad reputations when they are outmaneuvered. We have lost many good writers and organizers to this sort of attack in every LARP scene. You can likely name a few if you think about it.

3. You are only prepared for the least dangerous black hats

A black hat’s desire to camouflage themselves means that the only black hats you will detect early are the least skilled and dangerous. The rest will try to hide much closer to you, and are more skilled at shrouding their behavior. This might seem like paranoia. But when thinking about the safety of others, I’d rather be a little paranoid.

“you have something worse than having nothing – you have introduced a vector of attack.”

If all you have is a response team and rules for reacting to incidents, you are only fighting a small part of the problem. If you have easily exploited systems and organization rules that do not take black hats into account, you have something worse than having nothing – you have introduced a vector of attack.

If you create a naive system that does not take the threat of black hats into account, you might as well be approving of their behavior and are thus complicit in it. People who create bad systems are accomplices to bad behavior in that system.

4. Anyone can be a black hat. There’s no easy test for who is one.

It is tempting to apply broader socioeconomic trends and identity politics to your community of a few dozen or hundred people; and attempt to develop a litmus test for the most likely aggressors based on patterns of historical oppression of entire populations; or adherence to particular ideologies. But that approach will fail. You are dealing on the micro, not the macro. You are announcing a vulnerability and bias in your system to any black hat who looks or acts the right way; and thus can use it against you.

Even if there is evidence one group has more black hats than others, no type of person is excluded. And if you show or say that you will not be expecting this behavior from certain groups, you will attract those black hats who know they can fly under your radar. Remember Rule 1 – if you are vulnerable to them, black hats will sense your weakness and target you.

Black hats strive to avoid revealing themselves. Black hats will often craft a deceptive public persona, Sometimes, they are not even fully conscious of this pattern, but have learned these habits over time that feed their needs. They will even lie to themselves, seeing themselves as a necessary force solving problems.

“History has proven that abusers and other exploiters will take on whatever persona will allow them to take advantage of a system.”

You can’t trust people by their image. History has proven that abusers and other exploiters will take on whatever persona will allow them to take advantage of a system. At its worst, there are an endless stream of cases where outwardly virtuous and popular teachers, celebrities, community leaders, activists and counselors are revealed to have been predators for decades, using their influence and community bonafides to intimidate their victims into silence.

5. Black hats will seek the most gain for the least effort

Hackers will always seek to compromise entire networks or find vulnerabilities in widely used pieces of software, because it is far easier than compromising thousands of computers one by one. Every move in hacking is risky and time consuming, so the less they have to do to meet their goals, the better.

“They will prioritize. They will figure out where the vulnerable high value targets are, then go after them.”

I’ve warned you that you should not underestimate the time and intricacy of a black hat’s behavior, but every moment they can save subverting your system, they can spend enjoying the fruits of their labor instead. They will prioritize. They will figure out where the vulnerable high value targets are, then go after them. Those targets might be individuals, authorities, teams or positions.

On a meta-level, black hats will also seek to set themselves as prominent and respected members of the community – and especially will seek to be considered an authority on safety, harassment and bullying, or at least be friends with those who are. There’s no better position for them to be in, the fox in the hen house.

“The more central and valuable the target, the more elaborate efforts will be to take control of it.”

Luckily, this is one of the things you can use to your advantage. If your game resists exploitation, black hats may give up and go elsewhere. But never think that if you create a tempting target within your organization, it won’t be attacked. The more central and valuable the target, the more elaborate efforts will be to take control of it.

Donning the White Hat

Black hats are a nasty bunch, but there’s ways of resisting them. To make things worse, I guarantee that people you and others trust with safety issues are already being targeted by black hats, if they aren’t black hats themselves.

And if you put a naive system in place, you bear some responsibility for all the pain the black hats will cause.

So, you must start thinking like a white hat.

White hats are people who familiarize themselves with the tactics and methods of black hats, and think about how to break systems to show how they can be built better.

Think of Misuses

In software design, we usually focus on use cases. We ask ourselves, how would a good user want use our product? But when we do security, we focus on misuse cases. We ask ourselves, how would someone abuse what we give them? If I want to design a piece of software like SnapChat, I might think about how to make it easy and accessible, what kind of features would be most popular. But if I am doing my job and thinking like a white hat, I’m also thinking about how it could be used for spam, how someone might try to seize control of accounts to pose as someone or get information, how they might try to access personal or location information without their target’s permission through the service.

misuse case is how someone would abuse a system to achieve a malicious end.

One of the most popular and widely advocated safety systems in LARP is the dedicated safety team. Let’s look at the safety team and their list of duties; and see how to improve it. Here’s a list of common safety team duties and what their misuse cases are. These are based on the work of Maury Brown, and is not meant as a call-out on her specifically. It is just meant to be analyzing a common standard.

Duty Misuse Case
Collaborate with main organizers to gain and maintain participant trust in order to maximize the feelings of inclusion and safety from participants. Take on a position of authority with the player base on determining what is or is not abuse in order to selectively ignore or silence others. Negate the valid concerns of groups you regularly target in favor of focusing on others.
Establish channels, such as a Safety Team email, for participants to make contact about safety issues before, during, and after the event. Establish the means to identify trouble, and thus silence and gaslight victims and gate-keep issues away from the staff to prevent your behavior from being discovered.
Convene quickly when a safety concern is received. Interview, investigate, and discuss the presented information, and vote to take an action commensurate with the violation. Spin situations to your favor, protect fellow black hats and control the message in order to protect your position or make examples of others.
Maintain the confidentiality of those who have come forward with concerns, unless the person(s) has given explicit consent to talk with the accused or have their names revealed. Fabricate or exaggerate claims against opponents or targets.

The safety team above is the one easy key to manipulating a game’s culture, controlling the narrative that reaches the organizers and protecting their abusive behavior. It’s the motherload for black hats.

When black hats target your game, they will seek out whatever will allow them to indulge in their behaviors. Teams are small numbers of targets they can either befriend, corrupt or remove in order to gain control of the game’s organization. And they will do so – and do it while convincing you that they are not only your friend but deeply concerned about all the things you’ve outlined in your mission statement. It’s easy to tell you what you want to hear, because you’ve given them a list of things to say to you. They might even help with outing and getting rid of other abusers not aligned with them, to build up their reputation.

“One day, you may wake up to discover your safety team has become a tool of the abusers”

One day, you may wake up to discover your safety team has become a tool of the abusers; and that you have been fooled as they isolated the vulnerable players in your community. You might even be powerless to stop them without destroying your game in the process, due to the persona they’ve crafted and the friendships they’ve deliberately cultivated with key contributors to your game. They might have eliminated any opposition that might help you using the very safety protocols you put in place.

You have lost control of your system.

Think About Points of Failure

“There’s no such thing as being perfectly secure, but you can become more secure.”

Think of your organization as an interconnected network. Each position, each rule and each person in your organization is a single part of that network. Each one fulfills a purpose. Now, ask yourself – “How hard would it be to compromise my organization and take it over? How fast could someone do so, and how likely am I to detect it?”

There’s no such thing as being perfectly secure, but you can become more secure. The first step is to be honest about how secure you are right now. Look at your organization, and think about how much damage someone could do, and how quickly; and what controls you have in place to stop them from running rampant before you can detect them or expel them.

Figure out your points of failure, places where if someone is compromised, it gives the black hat power over your organization. One of the main concerns with the safety team or coordinator model is that it could be a single point of failure (SPOF). A SPOF is a piece of the system that, if compromised, gives the black hat all the access they could ever want to indulge themselves. In my line of work, SPOFs are not only bad ideas, they are completely unacceptable.

A Single Point of Failure (SPOF) a piece of the system that, if compromised, gives the black hat all the access they could ever want to indulge themselves.

What’s the problem with a single Safety Coordinator? It’s a SPOF. What’s wrong with putting everything on the main organizer? Also a SPOF. Do you have one person who picks all your safety officers and handles all those cases? Another SPOF.

Imagine each piece of your system being compromised and focus on limiting the damage that it can cause. No matter who you trust right now, think about what might happen if the wrong person manipulates them, or who they might become in the years ahead. People change –  especially when power and popularity get involved – and not always for the better.

Remember, you are also a point of failure

Never make yourself as a game organizer into the single point of failure.

Think about what might happen if someone manages to manipulate you personally. Oh yeah, that’s another part of this – you are part of your game’s system, and thus are a target that can be compromised. Never design systems that naively assume you are personally immune to black hats. I certainly am not, and it is a hard won lesson to admit that.

“Never design systems that naively assume you are personally immune to black hats.”

Critical to this entire process is the staff giving up some but not all control over your game’s environment. You must hold to and honor a system that is designed to keep even you in check should you be compromised, and introducing forces outside of your direct control to keep the amount of damage you can do limited.

If you feel you need to be the ultimate authority who can come in and fix your safety process at any time, the black hats can be able to gain your trust and manipulate you into undermining all the safeguards you worked hard to put in place.

When dealing with security, trust no one completely. Especially yourself.

Create Failover and Watchdogs

In software engineering, failover is when a redundant system kicks in automatically when another one fails. If we do our job, you never realize it is happening. A server goes down somewhere, but another one immediately kicks in to handle those requests.

“Failover is when a redundant system kicks in automatically when another one fails or is compromised.”

We want our safety systems to have failover. We want if something goes wrong, there’s immediately other paths and methods of getting around this failure. My main issue with most safety teams is that they lack failover. By centralizing the safety process, it is creating a place where safety issues can be manipulated, silenced and blocked.

“Transparency is a good method of creating failover.”

Transparency is a good method of creating failover. Safety teams may want a level of confidentiality to deal with sensitive matters, but open reports and public records should also be required. That way any member of the game can check in on the safety authorities without needing to get permission, and possibly being targeted as a troublemaker. Matters of open record mean black hats cannot hide in the maze of mirrors and confidentiality that they can thrive in.

Establish requirements for transparency, and establish procedures where issues can be addressed publicly. A free-for-all isn’t necessary, but the staff should have procedures that emphasize public accountability over personal reputation.

“Encourage watchdogs inside your system.”

Encourage watchdogs inside your system. A watchdog is an independent authority who can voice protests or demand issues be heard. They do not have be trained safety officers, but can use their own judgment as to whether to file complaints directly with the staff regarding how the safety system is operating. They can also listen to the players directly about how the safety team is failing to address problems. Watchdogs make it much harder for black hats to hide what they are doing and never be held accountable for it.

You can have multiple kinds of watch dogs, but the key is their independence. Good watchdogs include representatives elected by the player base, independent ombudsman, or volunteers who are not involved with your game’s community. Even randomly drawing a player’s name from a hat to act as one is not the worst idea. The point is – watchdogs need to be selected by a different process than any staff or safety team.

“…a painful process, but it is a necessary one.”

This can be a hard bit for many organizers to accept. It means creating forces outside of your control that could cause trouble. But watchdog positions serve as a necessary check against abuse of power and black hat behavior. Even if your system is compromised internally, watchdogs can alert the organizers and the player base to what is going on. That might be a painful process, but it is a necessary one.

Understand what abuse and bullying actually looks like

Read up the literature on bullying and abuse, in schools and in the workplace. Understand what all forms of abuse look like – not just the popular images of sloven creeps, leering sociopaths, frat boys and the like. Do you know what social bullying looks like? Do you know the forms intimidation actually take? Do you know how to identify gaslighting and emotional exploitation?

“Understand what all forms of abuse look like – not just the popular images of sloven creeps, leering sociopaths, frat boys and the like.”

If you are only on the look-out for some types of abuse, you are complicit in the abuse of all those black hats who do not fit your prejudices. One of the biggest obstacles to stopping bullying in schools and workplaces is convincing teachers and authorities that the real bullies can dress neat, smile and say all the right things to them, and the person that lashes out is just as likely the victim than the initiator.

Refuse to confuse being nice and obedient towards your staff with not being a bully, or else you will not keep your game safe.

Control Damage by Compartmentalizing

Maury already mentioned that the safety teams might have multiple members. But how often do they coordinate with each other? How much can one of them hold sway over the others? Who selects them?

While the conventional wisdom is that maximizing teamwork and synergy is always useful and should be encouraged, it is not always true in security and safety. Compartmentalizing helps avoid organizations being compromised. Over-collaboration gives more access to each black hat who manages to get into the system.

“Abusers feel safe in each other’s company, since they cannot call each other out without putting themselves at risk.”

If we create one safety team, who all collaborate, come to decisions and look out for each other, that safety team can be totally compromised by one misguided appointment of a black hat into that team, skilled or charming enough to manipulate it and take control of its decision making process. Eventually, that black hat might use its insider status to push fellow black hats into vacancies in the safety team and other staff. Abusers feel safe in each other’s company, since they cannot call each other out without putting themselves at risk.

Ironically, the black hat might convince themselves they are the best person to handle such a safety team and mold the game into some “better” form. After all, they know what’s actually wrong with your game and is the one to fix it, with their good friends of course.

Your first step is to compartmentalize. Have multiple people or teams with safety duties. Give them separate duties or shifts that have minimal overlap. Make sure they come from different social groups. Use multiple methods to select team members. Remember manipulating the one person who selects the safety teams can be as good as controlling the safety team itself.

“Focus on making no one position or team too powerful.”

Focus on making no one position or team too powerful. If one small group is handling all the duties or supervising the safety system, black hats just need to compromise that one group. Instead, have duties spread out or rotated between independent forces. Be on the lookout for team members who are trying to claim authority unilaterally, and think of how it might be a way of gaining undue control over your system.

Move Up The Authority Chain

You have identified points of failure, distributed and compartmentalized your safety apparatus. The next step is to go down the chain of those who control your system and decide who is appointed or trusted in your organization. And keep looking for points of failure and imagine what could happen if those positions are compromised.

The reason you select team members in many different ways is that a black hat will look at a distributed compartmentalized safety team that is hard to get into, but will note that the organizer in charge of approving team members is a single person. If the black hat can compromise that person, they can gain control of your safety apparatus much more simply than compromising all your compartments.

“Be creative and look for backdoors into your process.”

A possible solution is for the safety team membership to be selected by multiple organizers independently without collaboration; and to separate the duties of managing, approving and removing safety team members between people. The process is always this: identify a single point of failure, divide and compartmentalize it, then move up the chain to find more.

Be creative and look for backdoors into your process. Look at everyone who gets access to the whole of your safety team or game staff, or can influence your system.

For instance, do you have the same person training all your safety team members? That person themselves might be a black hat who has crafted a persona to influence the safety process through their access to all your team members as well as being able to discourage volunteers they think are a threat to them. Handing the training over to an online system might remove that human factor, rotating who teaches the course, or having unaffiliated third parties teach these methods.

“Do not forget to look at how you are monitoring your game.”

Do not forget to look at how you are monitoring your game. Is there someone who compiles reports or handles oversight? That person can manipulate the situation immensely. Make sure whatever monitoring systems are hard to manipulate, and it is hard to hide reports of black hat behavior. An anonymous form that goes to several organizers and other community representatives at once is better than a single point of contact.

Scrutinize who is assigning trust, including the organizers. Distribute the appointment process. Having player-elected representatives involved in selecting safety team members is a great method, as it takes a great deal of power out of the hands of an easily targeted few. If you use popular votes, use voting schemes such as single transferable vote which are harder to manipulate and require wide support rather than a dedicated block of voters. Encourage multiple social groups in your game to field candidates. When you appoint new staff, make sure there is a vetting process that keeps anyone from acting without supervision and have the vetters c0me from many different backgrounds and social groups. Even the game runners should submit to independent scrutiny if they are serious about the safety of their game.

Conclusion

“Those who have written and worked on this topic have my admiration and support; and I hope they succeed.”

I hope this article doesn’t seem harsh or paranoid. But the ultimate goal is to take the momentum towards safety in our community and make sure it is used to make something robust and good. I want the push toward safety to succeed, and I hope bringing some of my own background knowledge and insight can help improve how we think about safety and abuse in LARP, and how it manifests.

Those who have written and worked on this topic have my admiration and support; and I hope they succeed. And I hope that we start thinking like white hats to make our hobby better, safer and more secure.

In addition to his real life mundane work as a software engineer, Matthew Webb organizes live action roleplaying (LARP) events with his team at Jackalope Live Action Studios in Austin, TX; and creates augmented reality software at Incognita Limited. He can be found on Facebook and Twitter. Learn about their upcoming events by following Jackalope Live Action Studios on Twitter (@JackalopeLARP) and Facebook.

5 thoughts on “Why Your LARP’s Safety System Will Fail: A Hacker’s Guide to Engineering Player Safety

  1. Brilliant and useful – many thanks. Change the words “game” and “player” to “organization” and “personnel” and it applies to any industry, organization, group or endeavor. I’m not a larper btw – I run a small martial arts school in an art growing in popularity and see lots of these problems out in “the community.” Women and people of color are particular targets for the black hats.

  2. Thanks for this article, it’s very illuminating.

    Is there any chance you could follow this up with some real life examples or case studies that illustrate your point? I’ve lead a fairly charmed life in regard to encountering Black Hat behavior, so it’s hard for me to envision how these things could play out. It’s hard to defend against an attack you have trouble modeling in your head.

    Fellow readers, I’d be interested in hearing your experiences as well.

  3. I work in the InfoSec space as an analyst and I have been applying this viewpoint to LARP safety.

    The struggle for me is finding people who want to take any form of responsibility. It’s a chore to find people to take on roles.

    I feel it’s also important to have a transparent succession plan in place, especially on safety teams.

  4. I hope you don’t mind if I take some of this for political campaigns. I tend to be very involved in the Democratic Party and those Black Hats are incredible. There is nothing more frustrating than finding out a politician has Bern abusing women for 20 years and we have been working for them dutifully.

Leave a Reply

Your email address will not be published. Required fields are marked *