Change to Script Rules for HTML Site

[[violet]]

Hello all,

This post is to provide notice of and seek feedback for an important proposed update to the Script Rules for HTML site.

The proposed version is below, and intended to replace section (1) of the current Script Rules for HTML Site. Please note that at time of writing, it is not yet in effect.

We have two goals with this change:

First, we want to make it clearer that bots aren't permitted to interact with the HTML site to send telegrams in any way. This isn't a rule change, but the language became murky with the last rewrite, and we want to fix it. The history: originally, the Script Rules said: "To send telegrams via a script, you must use the Telegrams API. Tools & scripts must not interact with the HTML telegrams page (i.e. '/page=telegrams') in any way." But on Jan 1, 2019, this became the less straightforward: "There are some things scripts can only do legally via the API, such as sending telegrams and answering issues." We have always intended to keep bots off the HTML site when sending telegrams -- we offer an API for that instead -- and want this to be as clear as possible.

Second, we want to make it explicit that bots that generate special URLs containing embedded information to pre-fill form fields are indeed considered to be interacting with the HTML site as described above. That is, we want it to be clear that a bot cannot legally craft URLs that, when clicked by a human, will take them to the HTML telegrams interface and automatically fill out fields like "To:" and the message content. There are several of these bots around, and we understand they've been perceived as legal because they don't do anything automatically -- a human has to click the link for anything to happen. We want to explicitly address this in the rules, and make it clear that it's not permissible on the HTML site -- again, you can do it via the API -- when sending telegrams or answering issues.

We also hope the language is generally clear and straightforward.

Please share any thoughts!

--v

Proposal:

1. Only Perform Acceptable Actions

It is acceptable to use a tool that merely modifies how pages look. For example, a script may legally add particular buttons when viewing other people's nation pages. Similarly, any kind of information-gathering script is acceptable, subject to the Rate Limits described below.

A tool may never perform a "prohibited action" via the HTML site. Prohibited actions should instead be performed via the NationStates API. A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information. For example, it is illegal for a tool to generate links that, when clicked, take a user straight to their Telegrams page with recipient names and message content auto-filled-in. Prohibited actions are:

• sending a telegram
• answering / dismissing an issue

A tool may not independently perform a "restricted action" via the HTML site. We consider a tool to be working "independently" if it executes a restricted action in any way other than by immediately responding to a user's mouse click (or similar input) at the ratio of one click to one action. For example, a tool that sends ban requests to the server at five-second intervals, regardless of user input, is illegally executing restricted actions independently. However, a tool that makes ban buttons appear on pages where they aren't normally present is legal, as this requires a user's click to change anything. Likewise, a tool that generates custom buttons to move to a particular region is legal, as user action is required to complete the process, and thus the tool isn't independent. Restricted actions are:

• creating a nation
• posting a message
• moving regions
• endorsing / unendorsing a nation
• banning / ejecting a nation from a region
• anything that generates a Happenings event line in a region, the World Assembly, or a nation other than your own
• anything that sends a request to the forums (https://forum.nationstates.net) as a logged-in user, or a forum login request
• anything that affects a Trading Card, including placing a bid or ask, junking a card, and opening a pack

A tool may independently perform non-prohibited, non-restricted actions, which are actions not listed above, subject to the ratelimits and restrictions below. These are actions that don't affect any nation other than your own, such as changing your nation's custom fields.

[Kethania]

This is very silly. This change makes it so that a script can be illegal while it doesn't so much as send any requests over the network. A script that contains a single print statement can now be illegal. Shortest illegal script ever:

Code: Select all

print(f'https://www.nationstates.net/page=compose_telegram?tgto=kethania&message={input()}')

This also contradicts the recent clarification post about bot categories, which says

The API provides auto-rate-limiting, and ensures bots can't do anything illegal -- which frees the bot author from having to worry about accidentally breaking site rules.

A bot that only sends API requests can now be either legal or illegal depending exclusively on what it outputs to the user -- the API wouldn't anymore ensure that bots can't do anything illegal. There used to be a clear rule "if your bot is not hitting the HTML site, then you're in the clear," which, with this change, won't be so clear anymore. Should you implement this change to the rules, you will also need to amend the API docs, specifically the part that says

If your script interacts with regular HTML NationStates pages instead of using this API, you are bound by a bunch of special rules

as I doubt many people would consider sending a link to a page to be "interacting with an HTML page" -- no request is sent and no HTML is parsed.

It is kind of a major change to the rules, to their philosophy and enforcement.

If this change is something you are determined to implement, then something I suggest you consider is randomizing the 'name' attributes on the form fields you don't want filled in -- for example, you could append some random letters to them, turning 'tgto' into 'tgto-abc', where the 'abc' part is different each time. That way, you would be able to completely prevent this kind of behaviour without changing the rules at all -- address line autofill wouldn't work, while you'd still easily be able to get the value server-side with a regex on the POST form data or something. Then again, that would also prevent static links, which, I assume, I am not the only person using.

Speaking about the material effects of this change from the point of view of manual recruitment, it bumps up the click count to send a recruitment telegram from 2 to around 15 if you're efficient. Hardly the end of the world, but an inconvenience to be sure. Perhaps it would affect card farmers more, I'm not sure how those operate.

[United Calanworie]

This is very silly. This change makes it so that a script can be illegal while it doesn't so much as send any requests over the network. A script that contains a single print statement can now be illegal. Shortest illegal script ever:

Code: Select all

print(f'https://www.nationstates.net/page=compose_telegram?tgto=kethania&message={input()}')

Seconded. This rules change actively harms manual recruiters, creates illegal scripts quite easily, and generally isn't good for region-builders. I can understand a wish to mitigate the impact of card farmers (which I assume is partially the reason for this change), but at the expense of recruiters? Manual recruitment is a chore, even with tools to assist. page=compose_telegram will remain accessible to us to open and paste things into, bots can still grab, filter, and provide targets for us to recruit... why is there a barrier with regards to opening a link with forms filled? There's no additional load generated, and the impact on speed is minimal - most time spent during the manual recruitment process is waiting for the rate limit to cool down, not filling in fields.

I guess what I'm asking is, "why this, why now, why was it allowed to happen for three years with no statement from admin but we're now changing it seemingly out of the blue?"

[Vylixan]

A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information.

This is such a broad definition that if I am using a browser add-on to increase the contrast of websites I'm already using a tool illegaly, since that add-on interacts with the HTML site. Or hell, even a browser itself is a tool that interacts with the HTML site, that's the definition of a browser. I don't think such a broad definition is something we want.

For example, I wrote script a long time ago that adds links to the NationStates issue results page for that issue:



Under the new rules this would be illegal sinces the script interacts with the HTML site.

[Ever-Wandering Souls]

A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information.

This is such a broad definition that if I am using a browser add-on to increase the contrast of websites I'm already using a tool illegaly, since that add-on interacts with the HTML site. Or hell, even a browser itself is a tool that interacts with the HTML site, that's the definition of a browser. I don't think such a broad definition is something we want.

For example, I wrote script a long time ago that adds links to the NationStates issue results page for that issue:
[image snip]
Under the new rules this would be illegal sinces the script interacts with the HTML site.

I'm not sure my reading of the actual proposed text change matches your interpretation here.

It is acceptable to use a tool that merely modifies how pages look. For example, a script may legally add particular buttons when viewing other people's nation pages. Similarly, any kind of information-gathering script is acceptable, subject to the Rate Limits described below.

covers "contrast" etc.

A tool may never perform a "prohibited action" via the HTML site. Prohibited actions should instead be performed via the NationStates API. A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information. For example, it is illegal for a tool to generate links that, when clicked, take a user straight to their Telegrams page with recipient names and message content auto-filled-in. Prohibited actions are:
sending a telegram
answering / dismissing an issue

Your added buttons, when clicked, do not lead to an NS HTML destination at all, right? And they're definitely not answering or dismissing an issue, which are the actual *prohibited* actions.

You could add a button to every single page that links to https://www.penisland.net/ [shh they sell pens], if you for some reason wanted to, and it would be fine because clicking that button doesn't trigger anything on the NS side, especially not a "prohibited action." Correct?

"the action" specifically only encompasses things specifically related to the three listed actions, as I read it: answering an issue, dismissing an issue, sending (and, per v's comments, preparing/filling out to send] a telegram. The passage mostly clarifies the intent that, for the same given, the admin definition of "sending a telegram" here includes other /interactions with NS/ such as field filling.

---

I do agree with the question of: How is this likely to be policed? At least on the TG side, is there a way, as suggested or otherwise, to simply make the "URL Trick" not work? Would seem simpler than a hard to enforce ban, but you're the experts =P

---

Speaking about the material effects of this change from the point of view of manual recruitment, it bumps up the click count to send a recruitment telegram from 2 to around 15 if you're efficient. Hardly the end of the world, but an inconvenience to be sure.

Seconded. This rules change actively harms manual recruiters, creates illegal scripts quite easily, and generally isn't good for region-builders. I can understand a wish to mitigate the impact of card farmers (which I assume is partially the reason for this change), but at the expense of recruiters? Manual recruitment is a chore, even with tools to assist. page=compose_telegram will remain accessible to us to open and paste things into, bots can still grab, filter, and provide targets for us to recruit... why is there a barrier with regards to opening a link with forms filled? There's no additional load generated, and the impact on speed is minimal - most time spent during the manual recruitment process is waiting for the rate limit to cool down, not filling in fields.

Really fewer. You could still manually go to (or have a bot pull for you, if you want to apply some filter or tracking to it...as United Calanworie noted) https://www.nationstates.net/cgi-bin/ap ... newnations for 8 comma separated new nations, copy paste, copy paste the template on your own (marks it for you still), send. None of that involves any script interacting with the HTML site.

I suppose it becomes a question; Admin appears to want Manual to remain as "manual" as possible. You have to draw the line somewhere. Here they're drawing the line at at least making you paste your own targets in, rather than being able to preload them. I get it, insofar as the intent has always been along the lines of "manual should be as equal of a ground as possible, where sweat brings results."

---

I guess what I'm asking is, "why this, why now, why was it allowed to happen for three years with no statement from admin but we're now changing it seemingly out of the blue?"

If I had to guess, I'd wager that technically allowing these via the 2019 rules change was probably not ....wholly intentional. As [v] noted, it used to say "Tools & scripts must not interact with the HTML telegrams page (i.e. '/page=telegrams') in any way," and there are numerous admin forum posts supporting the intent behind this being in line with the post here today - and no admin posts expressly noting the change. The script rules were cleaned up into the modern restricted actions section, in part related to the rise of keybind scripts, and it seems plausible to me that making these URL tricks legal may have been an unintended side effect that was only recently noticed.

[All Wild Things]

I manually created a newsletter dispatch, and at the bottom is a link to subscribe.
If the link is clicked, the "to" and "message" fields of a TG are automatically populated.
On my reading, this will still be legal going forward, as it's all done manually.

But if I started using the API to post my newsletter into a dispatch, then I would have created "a tool to generate links that, when clicked, take a user straight to their Telegrams page with recipient names and message content auto-filled-in."
So even though the link was an insignificant part of the dispatch, it would fall foul of the rule.

[Refuge Isle]

For example, it is illegal for a tool to generate links that, when clicked, take a user straight to their Telegrams page with recipient names and message content auto-filled-in.

Presuming that it is then permissible for a bot to link to a dispatch that has been written by the player prior which contains the same URL with their template preloaded?

[Bassiliya]

Second, we want to make it explicit that bots that generate special URLs containing embedded information to pre-fill form fields are indeed considered to be interacting with the HTML site as described above.

Does this apply solely to recruitment telegrams (which is something already addressed and that I agree with the disapproval already expressed)? Because it sounds like you're banning all "auto-generated" telegrams, including ones for non-recruitment purposes. Is that the case? I ask specifically because there are ways bots can generate specifically personalized internal regional telegrams without having to copy and paste names and nations into the content box. In large regions with lots of members, you can imagine why copy-pasting names and/or nation tags into every telegram would be both infuriating and RSI-inducing. I just don't see how "having a bot create a URL that happens to be preloaded" equals "interacting with the HTML". There's no call, there's no parsing, all that happens is the URL responds as it should. If this is such a concern, why have URLs preload anything at all? It seems mind-boggling that a feature like this would be included if the most beneficial uses are banned.

This seems like it's an action specifically meant to target those of us who have created recruitment aids, but it affects more than just the now-booted-into-the-dark-ages manual recruitment sphere.

[Wymondham]

For clarification's sake, are these changes being implemented due to said URL embeds/TG interfacing causing issues on the site, or simply because such actions were never intended to be permitted under the rules in the first place? Secondly, has any specific event/report/opinion suggested via GHR caused these changes to be proposed or has this been an ongoing discussion within the administrative team for some time?

[All Wild Things]

Very good questions from Wym!

I'm not keen on the "pre-filling form fields" prohibition.

Years back, I used a extension (NS++ ?) that would automatically block all recruitment TGs etc when a puppet was created. Presumably that would fall foul, as selecting the radio buttons to block TGs must count as pre-filling a form. That would similarly apply to any tool which managed your Notification Subscriptions.

Although I don't know of an existing tool, having something for cards where the text box for "Ask" price could be auto-populated to match the higher of top bid or junk value would be good. I've had several fat-finger moments where I submitted asks at junk-value instead of matching the higher bid price. I know I'm not the only one. A form-filling tool could have saved me a few cents.

[Eluvatar]

Changing settings is neither a prohibited nor a restricted action. You can change your settings through any kind of script you like, we don't mind.

[Bassiliya]

I have thought further on the topic and wish to further express myself in full.

I have a serious issue with the proposed change to the way telegram URLs can no longer be legally created. There are several reasons for this.

The first reason is that it really messes with the already existing imbalance between the three forms of recruitment. Stamps cost money, we all know this, but some people are not willing to pay money to an internet game just so that they can dump stamps needlessly into the void. But even with the fact that stamps end up, most of the time, wasted, they still provide a good basis for people attempting to maintain their region's count or even grow it slightly. The fact is that a user could have a template with 50,000 queued messages on it and sit and do nothing (more on that with manual). API is an option for most people, but the returns are abysmal and the rate is also abysmal. I understand why having a 180-second break between telegrams makes sense for the sake of the site's servers and the API in general. Sending a telegram every 0.6 seconds would be broken, I admit. But the returns make using API for active recruitment closer to the pointless end than helpful. I once tried to found and grow a region a few years back using only API. It didn't make it past three months before folding. This brings me down to manual recruitment. Manual is the hard-working, solid recruitment choice for those of us who want to see our region grow as cheaply and as quickly as possible. But the rates we see these days are not nearly what they used to be, what with card farm puppets and the like filling up the Foundings activity page. I've personally manually recruited for hours on end and the result was a net -1 on my region's numbers. However, that becomes a lot more bearable with a recruitment aid to help speed things along, weed out the obvious puppets, and make recruitment a far more pleasant background task to do while listening to a podcast or book, watching a movie, or doing some other mundane daily task. What this proposed rule change does is remove the possibility of a less difficult recruitment field for manual recruiters. I'm not saying throw out the rules and let people do what they want. I'm simply saying don't take away the one thing that makes manual recruitment somewhat bearable. Now that I've created one of these tools for myself, I can't imagine going back to death-scrolling and auto-refreshing the Foundings page for hours on end with nothing to show for it at the end except for RSI, digital eye strain, and a desire to hurl my computer off the top of a large cliff. I know NS needs to make money, but does it need to be so violently adherent to the pay-to-win mentality? It feels like those of us who do hard work (both manual recruiters and coders) are being sidelined in favor of those who sit back and do nothing.

The second reason is that this messes with already existing non-recruitment features, like endorsement campaigns and personalized, region-wide telegrams. I spent months in the past developing a tool that would use dump data to help with the increased saturation of endorsements in my and other regions. This hinges on the ability to create personalized and specific telegram URLs for the user to then send. It made a task that could take some regions hours to do (cross-indexing nations, compiling lists, actually sending all the telegrams out) take only several minutes to complete. Banning any auto-generated URLs would make this process illegal and kick it back down the technological tree to a time of mind-numbing frustration.

The third and final reason that I have an issue with the proposed change is the implications in general for what this could mean. If bots are not at all allowed to auto-generate any telegram URLs, period, to what extent does that apply? AllWildThings brought up a very good question: if a bot simply does anything automated, even if not for the purpose of recruitment, that involves the posting of a pre-filled telegram URL, is that a violation of the proposed rule? If "interaction with the /page=telegrams page" extends to creating telegram URLs for users to use, what else counts as "interaction"? Why does "interaction" include creating simple copy-paste URLs that don't make any calls to the HTML site to perform any action? Does only creating specific URLs count as "interaction"? If so, why only telegram URLs and not all other URLs? These are the questions I have and that I've heard.

I know that was a big, long set of paragraphs, but these things have been flying around, bumping into crap, knocking it over, spilling things on the rug, and generally causing mayhem in my brain all day. Am I heartbroken that stuff I've been working on since I started coding could be broken by this change? Yes, a bit. Am I a bit disheartened that the two big "I've made it!" coding projects that I wanted to accomplish by learning code in the first place could be made null and void by this change? Certainly. Is it the end of the world/slippery slope for the game/crossing a line? Probably not, but who knows? This could be the one flap of the butterflies wings that sets off the nuclear war. Or not.

[Pajonia]

I have thought further on the topic and wish to further express myself in full.

I have a serious issue with the proposed change to the way telegram URLs can no longer be legally created. There are several reasons for this.

The first reason is that it really messes with the already existing imbalance between the three forms of recruitment. Stamps cost money, we all know this, but some people are not willing to pay money to an internet game just so that they can dump stamps needlessly into the void. But even with the fact that stamps end up, most of the time, wasted, they still provide a good basis for people attempting to maintain their region's count or even grow it slightly. The fact is that a user could have a template with 50,000 queued messages on it and sit and do nothing (more on that with manual). API is an option for most people, but the returns are abysmal and the rate is also abysmal. I understand why having a 180-second break between telegrams makes sense for the sake of the site's servers and the API in general. Sending a telegram every 0.6 seconds would be broken, I admit. But the returns make using API for active recruitment closer to the pointless end than helpful. I once tried to found and grow a region a few years back using only API. It didn't make it past three months before folding. This brings me down to manual recruitment. Manual is the hard-working, solid recruitment choice for those of us who want to see our region grow as cheaply and as quickly as possible. But the rates we see these days are not nearly what they used to be, what with card farm puppets and the like filling up the Foundings activity page. I've personally manually recruited for hours on end and the result was a net -1 on my region's numbers. However, that becomes a lot more bearable with a recruitment aid to help speed things along, weed out the obvious puppets, and make recruitment a far more pleasant background task to do while listening to a podcast or book, watching a movie, or doing some other mundane daily task. What this proposed rule change does is remove the possibility of a less difficult recruitment field for manual recruiters. I'm not saying throw out the rules and let people do what they want. I'm simply saying don't take away the one thing that makes manual recruitment somewhat bearable. Now that I've created one of these tools for myself, I can't imagine going back to death-scrolling and auto-refreshing the Foundings page for hours on end with nothing to show for it at the end except for RSI, digital eye strain, and a desire to hurl my computer off the top of a large cliff. I know NS needs to make money, but does it need to be so violently adherent to the pay-to-win mentality? It feels like those of us who do hard work (both manual recruiters and coders) are being sidelined in favor of those who sit back and do nothing.

The second reason is that this messes with already existing non-recruitment features, like endorsement campaigns and personalized, region-wide telegrams. I spent months in the past developing a tool that would use dump data to help with the increased saturation of endorsements in my and other regions. This hinges on the ability to create personalized and specific telegram URLs for the user to then send. It made a task that could take some regions hours to do (cross-indexing nations, compiling lists, actually sending all the telegrams out) take only several minutes to complete. Banning any auto-generated URLs would make this process illegal and kick it back down the technological tree to a time of mind-numbing frustration.

The third and final reason that I have an issue with the proposed change is the implications in general for what this could mean. If bots are not at all allowed to auto-generate any telegram URLs, period, to what extent does that apply? AllWildThings brought up a very good question: if a bot simply does anything automated, even if not for the purpose of recruitment, that involves the posting of a pre-filled telegram URL, is that a violation of the proposed rule? If "interaction with the /page=telegrams page" extends to creating telegram URLs for users to use, what else counts as "interaction"? Why does "interaction" include creating simple copy-paste URLs that don't make any calls to the HTML site to perform any action? Does only creating specific URLs count as "interaction"? If so, why only telegram URLs and not all other URLs? These are the questions I have and that I've heard.

I know that was a big, long set of paragraphs, but these things have been flying around, bumping into crap, knocking it over, spilling things on the rug, and generally causing mayhem in my brain all day. Am I heartbroken that stuff I've been working on since I started coding could be broken by this change? Yes, a bit. Am I a bit disheartened that the two big "I've made it!" coding projects that I wanted to accomplish by learning code in the first place could be made null and void by this change? Certainly. Is it the end of the world/slippery slope for the game/crossing a line? Probably not, but who knows? This could be the one flap of the butterflies wings that sets off the nuclear war. Or not.

I 100% agree with everything that was said here. There is no good reason to keep manual recruiters in the dark ages, and it does seem like its NS adhering to a pay to win mentality in some ways. Making recruitment a background task you can do while listening to music or something is the only way people ever want to actually do it. No one wants to sit in front of the computer, refreshing constantly, copying and pasting things, squinting at tiny names on a founding page for hours every day. It makes the game Not Fun and gives a huge advantage to those that can spend money and do nothing, while punishing people that are willing to do actually do work. Without some type of aid for manual recruitment, it was nearly impossible to get anyone in TCB to do manual.

I oppose these changes and think its just silly, this would not ONLY effect manual recruiters, but would affect card farmers, people using a script to quickly send out telegrams to their region, or anything else that interacts with the site. As was mentioned, even a one line script would be illegal under these changes. Why don't the site admins focus on making recruitment better for people instead of trying to actively make it worse? If you don't want people to create bots for manual recruitment, why not try to make it so manual isn't so painful to do? The only reason these bots exist are because of how terrible the default system is in the first place. I could think of a million ways that you could make the site better, and this is not one of them.

[East Durthang]

A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information.

How does this work with regard to tools which pre-fill form fields but do not involve making any sort of request to nationstates.net? For example, using a browser extension to create a bunch of responses, adding a selection menu to pick one on a manually loaded page, setting the telegram text field to the selected response, and manually clicking send. (Essentially functioning as a clipboard for pasting content into fields without submitting any requests.)

In all likelihood, this is exactly what the change will result in more of: untrackable, unenforceable client-side replacements which don't appear any different to the game server than completely manually. Just in the few minutes spent reading this I can think of several ways in which the entire workflow for generated telegram links can be replaced by browser extensions and operating system macros, all while performing zero requests to the game and layering on top of ordinary usage. Then there are, of course, all those other non-NS related tools people operate during the operation of restricted actions which may interact with the site while performing prohibited actions, such as adblockers, script blockers, element blockers, page re-arrangers, etc. There are even existing, non NationStates related, browser addons which allow for pre-populating form fields in pretty much the exact manner I described above.

To put it bluntly, this appears to be written in ignorance of the possibilities of modern computing technology and grossly overestimates the moderation staff's ability to police the proposed changes.

Edit: grammar

[[violet]]

For clarification's sake, are these changes being implemented due to said URL embeds/TG interfacing causing issues on the site, or simply because such actions were never intended to be permitted under the rules in the first place?

A bit of both, but mostly the latter.

It's always been our aim to separate automated from non-automated activity. Periodically we have to re-examine scenarios that didn't previously exist. We continue to support third-party bots and tools that make life better for NationStates players, but when they begin to automate away parts of core gameplay, we need to make sure they're doing it on the API. Because if we can't manage bots as bots, then non-bot play will become unviable.

We permit bots to send telegrams and answer issues via the API, which has a speed limit. Without this, bots would easily outcompete human players, sending telegrams, answering issues, and harvesting trading cards much faster and more efficiently than any person could.

What happens, of course -- and has happened many times before -- is that clever humans figure out how to write programs that deliver the best of both worlds (from their perspective), automating away as much clicking as possible, but avoiding the API and its speed limit. Today, people use recruitment tools that require a live person to do nothing more than click an auto-bot-generated URL every now and again, not even knowing who they're messaging or what the content of the message is... the bot figures all that out by itself, and crafts URLs that, when clicked, take the human to the HTML telegrams page and inject recipients and a prewritten message template.

The only reason this bot doesn't just go ahead and send the message itself is it doesn't want to abide by the API's speed limit. And similarly, the only reason trading card-harvesting bots don't go ahead and answer issues themselves is they want cards.

This situation can't be permitted because it destroys the ability of bots and human players to co-exist on the site. Once we allow "manual" activity on the HTML site that, in practice, is highly automated, no regular human players can compete unless they too have such tools.

Less importantly, it also leads to a constant stream of minor technical issues, because bots that try to do things on the HTML site often mess up.

[The Unified Missourtama States]

A tool may never perform a "prohibited action" via the HTML site. Prohibited actions should instead be performed via the NationStates API. A tool is performing a prohibited action if it interacts with the HTML site in any way during the execution of the action, including pre-filling form fields and auto-generating HTML links containing embedded information. For example, it is illegal for a tool to generate links that, when clicked, take a user straight to their Telegrams page with recipient names and message content auto-filled-in. Prohibited actions are:

• sending a telegram
• answering / dismissing an issue

On my first reading of this rule, I thought all the scripts I used were good, however rereading this, I want to clarify that keybinding to buttons that already existed on the page (as sent from the server) is legal.

Basically, this is a restriction on taking data from other pages (like knowing specific links as to what issues a nation has) and placing it on another page to lose a step in what should without be a muti-step process without it, but as long as the number of clicks is the same as without a script it should be fine?

[New Astri]

seconded all of the critiques above, this is just kinda a disheartening and technically odd change that doesn't provide any QoL improvements for the general playerbase. think the admin team should seriously think about the feedback on this one and possibly reconsider

[Bassiliya]

This situation can't be permitted because it destroys the ability of bots and human players to co-exist on the site. Once we allow "manual" activity on the HTML site that, in practice, is highly automated, no regular human players can compete unless they too have such tools.

This made me chuckle a little. People using manual already can't compete with API and stamps, so unless you want all semblances of actual manual activity to disappear except for the most dedicated and hard-working recruiters (very few recruiters indeed), the current system is better, from my standpoint. Without recruitment aid tools, I'd still be sitting and recruiting, probably the only one in my region, scrolling for hours on end through swaths of puppets for the disappointment-inducing manual recruitment process. That's the opposite of fun.

I understand that you want people to interact via the site without huge amounts of automation, but I'm not someone who often uses said automation to do anything on the site. I am not a gameplayer, but a roleplayer. The only reason I recruit is so that I can please the masses and get them to join in our fun roleplay. The only reason I create endorsement campaigns is so that I can please the eyes of potential recruits who want to see high endorsement rates and want to be endorsed highly once they join. These are not things done to break the game; on the contrary, I use them to benefit the game. I get that there are bad actors out there that would want to automate their gameplaying for some reason or another (instead of interacting with the people), but I feel like that has to be the lesser of the two groups. I feel like there can totally be a different solution to "card-farmers" and "over-automation" than "make the largest QoL tools out there illegal". I also think that most players, the vast majority, don't go to great lengths to code things to take all of the play out of the game. I'd be curious to see how many players actually create and use such programs and, if there are many, what percentage of the player-base they make up.

I also feel rather hurt at the picture that's being painted of people like me who create the recruitment bots. I have no intention of getting around the bot's API rate limits, but rather to work within them. I'm simply attempting to create a way that my people can recruit without having to waste 6+ hours of their lives for little to no gain. Would I rather not have to have such a QoL tool in order to keep my region in existence? 100%. I wish manual recruitment were worth it enough not to have to make it a grinding task that returns little-to-no gain. It's not. I don't have money to pay for stamps, so I can't use that, and API recruitment is about as inefficient and returns less than manual. Again, I'm not seeking to circumvent the API here, I'm seeking to make this part of the game playable. If I could manage to actually play the game and keep my community healthy without having to resort to learning code from scratch so I can interact with the site, then I would. But I can't, right now, and I've not been able to in the past.

I will reiterate that I am still confused as to how creating a simple link for copy-paste is "interaction". Perhaps, if this is going to move forward, a more fitting verb should be chosen?

[[violet]]

People using manual already can't compete with API

API recruitment is about as inefficient and returns less than manual.

I don't quite understand the above, but I'd like to clarify that we're only targeting the newer, most highly automated variety of bot. There are many tools providing assistance to manual recruitment that don't go to the extent of filling out form fields.

I will reiterate that I am still confused as to how creating a simple link for copy-paste is "interaction". Perhaps, if this is going to move forward, a more fitting verb should be chosen?

These bots craft a payload that will be injected into the HTML upon page load. I do understand that to many people, that doesn't count as "interaction," because the bot itself isn't active upon page load. And that's why these bots were developed -- they were thought to be legal. But there's no practical difference between a bot that modifies form fields itself and a bot that delivers a payload to be automatically deployed by the browser. Either way, the bot is sending data to that page.

[Bassiliya]

I don't quite understand the above, but I'd like to clarify that we're only targeting the newer, most highly automated variety of bot. There are many tools providing assistance to manual recruitment that don't go to the extent of filling out form fields.

I'm curious, then, if this is a targeted action against solely recruitment then? Because there are tools outside of recruitment that do a similar thing to the URL filling that create a high QoL, such as personalized endorsement campaigns. Whereas recruitment aids that work on the URL system now can be retrograded to fit with any of the proposed rules, such campaigns rely on the viability of the URL. If users know who they are sending the telegram to from the start, know the content of the telegram, and still click the actual send button, all the bot is doing is speeding up the process that they would otherwise have to painstakingly do.

[[violet]]

I'm curious, then, if this is a targeted action against solely recruitment then?

It applies to all types of telegrams. But we've been looking at recruitment bots more than campaign tools, so please do feel free to provide feedback on what those do /should be permitted to do.

[SherpDaWerp]

(deliberately being painful, sorry not sorry. also talking only about userscripts because they have more direct access to the site)

What about a userscript that uses JS's navigator.clipboard.writeText to fill the clipboard with a recruitment message that can be instantly pasted in?
What about a userscript that writes text to an injected element nearby to copy-paste? What if the userscript then highlights the text in the element using .focus() and .select() for the user to Ctrl-C without having to click?

I'm 100% on board with the changes, but I think the line you've chosen to draw is quite a strange one.

EDIT(s): clarification

[Ever-Wandering Souls]

Is it technically infeasible to block some of these methods that just use fancy URL's from the site end?

Understanding that's somewhat of a nuclear option, that would also break some things people have mentioned here like links in dispatches that do....the same thing, but not for recruitment, I think? And static, not changing targets via a bot? ....understanding that, it still seems like if it's feasible, then in the modern tools age it would be more reliable and effective, and less of an enforcement/understanding burden, to just make it not work than to say it's not allowed, and then leave the "not allowed" to more clearly rules-stretching actions than a fancy URL.

[SherpDaWerp]

just make it not work

How exactly do you want to stop a userscript from going document.getElementById("form submission box").value = "recruitment message"; ?

[Glaciosia]

The only examples of these I am vaguely familiar with are the tools which generate simple URLs which contain parameters listing a set of nations for a telegram to be addressed to, and the desired content for the telegram. Frankly I fail to see:
Why a tool generating these urls is a problem for the site.
How their functionality overlaps with the functionality of the Telegram API in any significant way, ie. making it slightly easier but not particularly faster to put in a list of addressees and message content into a still fully manual telegram which still requires your continuous effort and attention to send any telegrams, and allowing you to say send a telegram with uniquely generated content tailored to a specific recipient (which I would fully welcome in the API by the way)
How a rule proscribing the generation of a url is potentially enforceable whatsoever, or in any way the better option compared to prohibiting the use of them or instituting a technical restriction against them.