There is a very easy way to cheat rolls, how can we fix it?

 So, after a bad experience in a chronicle, I decided to compare my recordings with some rolls and found out that one player was cheating (heavily). After some thought and experimentation, I discovered how it was being done.  By opening multiple tabs in a browser with "offline mode", loading up the tabletop in all tabs, and then turning on offline mode, you can make various rolls, close any tab with a roll that you don't like, get out of offline mode, and only the result that you picked will be sent to Roll20 and viewed by others, which felt pretty easy to do already, without any technical knowledge or other applications - and I am sure that any experienced coder can streamline this process even further.    It is so bad that you can even make a roll, keep one browser in offline mode, play in another one, and use the roll right when you need it by turning the offline browser on.  How can this be fixed besides having the DM/GM/ST/Head Honcho do all the rolls in the game?

Hi Araéliz! Longer answer: By not publicly sharing exploits. I've been on these forums for over a decade and this is the first time I have seen this. I can't think it's that common. This makes it common knowledge. Medium answer: Best way to report this is a  Help Center Request , where it will be seen and examined by the dev team. Short answer: Cheaters gonna cheat. You can only do so much.

 Hey, Keith, thanks for the input!  I just reported the thing as you suggested, however, shouldn't we make exploits like this more public, so everyone at least knows what is going on, making cheating "discreetly" harder? 

Araéliz said:  Hey, Keith, thanks for the input!  I just reported the thing as you suggested, however, shouldn't we make exploits like this more public, so everyone at least knows what is going on, making cheating "discreetly" harder?  No, for exactly the reason he just mentioned. Before? Let's say 25 people knew how to do this. They wouldn't want anyone else to know, because that would only increase the chances of them getting caught. Now? You posted to the public forums. Now 5,000 people know how to do it. All while having no way to stop it. See how that's a problem?

As mentioned above, describing how this cheat works only serves to show more people how to cheat. Reporting it just to the devs is a better idea in case they might find a way to prevent it.   As for solutions (and this is all my opinion, so take it FWIW): If you can prove that a player is cheating, show the proof to all the players and report it to the Roll20 devs by posting a request via the  Help Center , then issue the cheater a warning and tell them that you've reported it. If the cheater does it again, repeat that process and boot them from your game. (Yes, this can "shame" the cheater, but IMO cheater's deserve it. If you can't prove it, tell your all of your players that you suspect a cheater, so from now on you will be making all the rolls. The cheater will likely cry the loudest before rage-quitting, at which point you can get back to normal play. Araéliz  said:    How can this be fixed besides having the DM/GM/ST/Head Honcho do all the rolls in the game?

These types of cheats should be fixed if possible but the details should be in-private with roll20. I would suggest simply redacting the specifics of this particular exploit to avoid a hoard of copycats. IMO Player's that cheat are really missing the point. ;-(

 So, from what I can see, the issue has been fixed, partially.  The manipulated rolls no longer have the "verified" icon, but they are still sent and displayed to everyone. One cool feature would be to have the "quantum roll" icon appear in the chat log as well (I don't know how hard that would be to implement), but as of right now, it feels satisfactory.  As for the "security through obscurity" approach, I don't believe that it is that effective, at least not in this case - it is the kind of cheat that takes some setup and should be easier to perceive after you know about it, while also giving you some understanding of how similar tricks could be done in the future - I would probably agree with your guys if it was some kind dedicated program and what not exploiting something hard to fix, but that was clearly not the case.  Anyway, I am satisfied with how this developed, and thank you all for the input (and the devs for the fix, but please attempt to add it to the chat log as well!).