Player Functions/GM Player Rules

Alright, this is a couple of things, but I'll try to keep it short for sake of brevity. Right now when a player gets their hand on the link, they log in. If someone you have no intention of letting into your game gets it... they too can log in. We have no ability to block it, or lock specific player logins as able to play. So... Would be nice if the potential player-list could include: ... a whitelisting system verifying if a player should be allowed into the specific game. ... the ability to kick a player out if they aren't. (People abuse anything if you let them. Ventrilo servers and such suffer from terribly trolling because they're open to the public. I'd hate for my game to experience that.) Would be nice if the player's page could include: ... a quick list of the campaigns they're current involved in/vetted for entry to/invited to.

Hopefully... guess I'm pessimistic about the internet at times. ;) I'm just thinking it would be a lot easier over the longhaul if a player became associated with a game they were invited to, that way they only need to come to the site, log in, see their games, and if they're not a DM as yet, not see everything else. Mostly because I'm sending the link out to my players... and life, it can be a pain, in that some players might not pay that password as much attention as others. Also, people will possibly lose it, etc. Although the ability to re-generate links isn't a bad plan. Although, I would be concerned about your someday experiencing people trying to connect to randomly generated false links, in hopes of finding a game to drop into. People can be jerks.

As this is the internet, there may be pickup games with random players or disagreements between known players. What is to stop an "authorized" player that has been kicked from the game coming in and causing havoc and disrupting gameplay? I know it'd be pretty easy to go through and disconnect the specific player from all the controlled characters, etc but the chat and video could still be abused by said player. A simple player list with a status drop-down next to each name with options like "active", "muted", "spectator only", or "blocked" would be handy.

@Riley: No worries. I have confidence that you know why you've done as you have, it has been very elegant and simple so far, which is saying a lot in this paranoid era. But I'm not entirely sure your estimate of time would be true, assuming you had 10,000-100,000 campaigns generated at a given moment (this is not that optimistic considering the fervor around the site right now) and the griefer merely wanted any one game, not a particular one... It would be like Roulette until your anti-brute force algo' blocked them, but yes, it would certainly take some time and dedication, and could be worked around. The Internet is full of griefers and spammers... I unfortunately assume they're getting ready to ruin my day at any time. My concern is closer to what David raised above... if I give a link out to someone, and say... their annoying kid brother gets his hands on it, there is currently no mechanism for keeping the environment locked down to set players. Suddenly you're in the middle of the game, and a new video feed pops up with an anonymous filler image and a Rick Roll. Even if you change the link, it then gets forwarded on, and again purloined by the idiot kid brother... rinse and repeat. I'm not saying your current system is without thought, or isn't in its own way ingenious, but... I err on the side of caution with such things, personally. Seemed prudent to suggest at least one level of control for the DM beyond passing out a link, considering the potential for abuse. I have a lot of faith in the DMs I've known, but being secretive and properly securing their 'passwords' isn't something I attribute to all of them. Seems like a problem that could bite later on, and make its way to the suggestions again. Not an immediate need; never thought it was. But this is just a suggestion, even if a longterm one. :)

the ability to re-generate a new link One for the wishlist: Links that can be told over the phone and entered by hand. As some very brilliant person pointed out, words from a dictionary actually carry quite a lot of bits, so I'd love to tell someone "Go to roll20.net, press the big green button "enter running game", you'll see 4 entry fields, enter "battery" into the first, "staple" into the second, "correct" into the third, and "dragon" into the last. Welcome to the game!"

Interesting. Under what circumstances do you imagine running a game and inviting someone to play in which the two of you don't both have e-mail? Or at least won't get access to it before logging in becomes possible?

I know a couple of people who only can access their mail when they are at home in their already configured email client; and those usually do not use any web-based communication software (IM/webmail/facebook/g+/twitter). I know at least one person who has both a desktop and a laptop and would have a very hard time transferring any digital information between those two. Hey, even I typed the join link for my test campaign in on my laptop because it was that much faster than sending it there any other way. That was when I noticed, that I could never dictate "-0O" (minus zero uppercase oh) to anyone... ;)

Ahhh... that makes a lot more sense. Since it is paired, I didn't fully conceptualize it with a full pairing of keys. Makes a lot more sense this way and faster. Still... no, no, won't get into it. I'm obviously growing Internet Paranoid as I age.

leaving the invite system the way it is.. I'd still REALLY like to be able to remove people from a game and turn on/off the ability for the link to allow new people on. Recruitment Mode: On/Off sort of thing. Those players already attached to the campaign can still use the link to get to it. But people not attached, including those that once were but have subsequently been removed, could only be added if recruitment mode was turned on. I don't anticipate having any trouble with the people that I'm inviting, because I only intend to play with my friends, but I know other people will want to play games with strangers. I think GMs shouldn't have to be so incredibly careful with whom they invite to play with them.

Though separate of player lists feature, moving the recruitment link (and if in the future implemented) the regenerate link button to the 'My Settings' tab instead of the chat header would allow it to be out of view if/when livestreamed (*cough*as we saw*cough*) and would always be on top of the tab instead of having to scroll back up in chat to relink. It obviously wont solve all the security issues, but link wise it seems secure, as long as you trust who you send it to, and its not always in view it should provide at least some connection security. As for blocking/kicking a player due to being a meanie or a distraction Im not too worried about griefing as Ive known my players for several years now, and can either keep them in control or well stop GMing which they generally dont want to happen. I think it was Nolan (sincerely sorry if Im wrong!) who said during the live stream chat 'griefing isn't a major concern for us, just don't play with jerks' Ive paraphrased of course but the sentiment is pretty much perfect.

Yeah... my main concern with griefers isn't being griefed by one of my players. It's being griefed by a third party aware of the link via one of the players, which precipitates a need to plug security holes that happen to be other people that might not be security conscious. Just means having to explain to every one of my players, even pickup groups I might take on halfway at random, that they need to guard the link like it was an internal organ they don't want me kicking repeatedly for sharing. Well.. the metaphor breaks down, but the intent is surely there. The other types are just roaming Internet dbag types, but Riley addressed those fellows pretty well by noting it would take a long time to hit a generated link at random.

I guess my take on this is a little different. I'm not as worried about griefers, but I do like the idea of actually leveraging the fact that players are already making accounts. Basically, even on the little test sessions I've been doing, I find that I have to resend players the join link repeatedly. It's not insurmountable, or even that big of an inconvenience, but I think having each account have a 'dashboard' that lists the campaigns they're in and has simple hyperlinks to those sessions would be more convenient in the long run. Especially if players want to, e.g., log in during the week to check out some of the handouts or in the future to update their data when we have player-editable data. An example of a site that has this structure is wikispaces. You can add/remove people from having permissions to any one of your wikis. In this case, it'd just be different campaigns instead of different wikis.

If nothing else this program will probably be used not just for friends who cannot meet up but for folks who do play by post and other online games because they cant find someone local to play. However we all know that not all people are compatible with all play groups. What happens if you start a game with such people and you have one person who is making the game not enjoyable for the rest of the group? Normally you would talk to them and try to get them to understand. If that doesnt work? You kick them from the game. This process could last several game sessions depending on how long you want to give that person. In a situation like this that person still has the link to the game. Whats to stop him from sitting in voice chat, blaring music and putting obscene pictures on the webcam? Or scrolling the chat so bad players and the GMs cant use the chat or dice roller function? So what we have is a legitimate player who was part of the group. The player did not mesh and was talked to about it. After several attempts he was removed from the group, however due to the way the link system works you cannot prevent them from coming into the game ruining it for people. I would like the ability to on the actual roll20 website to invite people by thier roll20 email. They would then be able to log on the game by going to the website and just clicking in in their account. You could also manage who can see it and thus kick the people that you removed.

I hadn't really thought about it before Ed mentioned above that he wanted to 'invite people by their roll20 email'... but what about once the LookingForGroup stuff goes up? We'll be pulling people we barely know into our games if initial contact works out, but if we only know them through that feature, how on Earth will we give them the link if not making it in invite internal to the service, and thus displayed on a player's dashboard? We'll have to get around the feature somehow to do that, by going out to Skype to talk or maybe direct email, but most people I know are pretty protective of both bits of information until they know someone well enough. Not really a critical thing at the moment... but worth considering.

I'd like to add my voice to this as well. As Riley implied, this is something we're not completely closed off to in the future, BUT we've been really consistent in our approach to this thus far. Every once in awhile we'll worry for a moment about griefing and the like and then we come back to, "if Roll20 is a table in your living room, you hopefully are careful about who you're inviting to your living room." This also extends to "cheating". Most role playing games, in our opinion, aren't about winning or losing. They're about storytelling and camaraderie. So if your players are cheating... that's bizarre and that's not our fault. I realize Roll20 has an appeal for pick up games and the like, which is great. But there are a lot of different focuses we could take... we could make the system more like a video game, we could make it about looking for groups to the point it's a dating site, we could focus on it being a supplement for people having in person games, or a half dozen other things. I think we'll take some elements from lots of those places down the line... BUT to get us started, we'll stay the course on table-based dynamics.

Every once in awhile we'll worry for a moment about griefing and the like and then we come back to, "if Roll20 is a table in your living room, you hopefully are careful about who you're inviting to your living room." This also extends to "cheating". Most role playing games, in our opinion, aren't about winning or losing. They're about storytelling and camaraderie. So if your players are cheating... that's bizarre and that's not our fault. Thing is.. I can lock my house door. :)

I can understand that this can be frustrating sometimes.. and I agree with you guys in terms of going for the open strategy, especially here at the beginning. But at the same time... Amontillado just summed it up pretty succinctly. I haven't had to bodily remove a player in years, but eh.

I agree with the above. I think the simplest fix is doing two things, giving the GM a kick ability and having a function to close the room from new members joining, whether that is generating a new link and players who aren't already in game can only access the game with the new link, or an actual lock room feature.

I'd love the chance as GM to approve players coming into my game. First, it would let me know when somebody has joined (and I can set them up with their tokens, handouts, bio, etc.) and it would prevent unwanted people from joining in. Mailing lists have a pretty good setup around things like this.

I'll be honest, if someone were blaring music or being obscene in my game, I'd simply mute their feed and move on. 100% of people who are purposeful assholes do it for the response they get. When they realize they are not being heard by anyone, they will leave. If someone is being truly awful, or bouncing around games being a griefer, I'm assuming that the creators of Roll20 can simply delete their account and/or block their IP? Am I being overly simplistic or naive? I'm personally in favor of some sort of simple ability to boot a player and/or close the room, but only as a backup. I'm honestly already so very careful in who I invite to play, that this would be a rare and strange concern for me, and I've always suggested people exercise similar levels of discernment.

"When they realize they are not being heard by anyone, they will leave." Normally I follow a similar sense about these things... but the Internet breeds griefers of a very stalwart variety. Most of the ones I've known would just refresh the window, reload the modules, and force you to mute them again. And again. And again. I had a guy pop into a Ventrilo once and do that repeatedly for a few hours. We ended up banning his whole IP range, because a targeted ban only worked until he rebooted his network. Some people, jeesh.