Support road.cc

Like this site? Help us to make it better.

TECH NEWS

Shooting the messenger? Zwift bans user for exposing in-race 'weight doping' hack

Tech firms usually thank users for exposing loopholes, but Zwift has cited a breaking of its terms of service and imposed a ban. Updated with Zwift's responses

Indoor training app Zwift has banned a user who exposed a hack that allows riders to change their weight within a race, thus gaining a potentially unfair advantage over fellow racers. Zwift maintains that the user raised the issue incorrectly, which led to the 30-day ban.

Incorrectly entering a bodyweight that is lower than your actual weight is a common issue within Zwift, as riders exploit this metric to allow their avatar to ride faster. ‘Weight doping’ as it is commonly referred to can be guarded against in elite Zwift competitions through weigh-ins; but in day-to-day races, there is little to counter users lowering their weight illegitimately.

Zwift Cheating Report 2021.JPG

The hack that has landed the user in trouble is one that has apparently been around for quite some time, with Zwift being aware of it since at least January 2021. Further to the above image, a now-deleted post by the WTRL - organisers of several races - suggests that they have been monitoring users for this hack for nearly two years in their popular series of races.

Zwift WTRL Hack Statement

The hack, if you're wondering, is a pretty simple one. While you’re racing, you open up the Zwift companion app and when you reach the bottom of a crucial climb, you edit your rider info to drop a significant amount of weight, with the banned user's tests finding that the change takes about 15 seconds to be effective.

This allows your avatar to sail up the climb, and you can either stick with the front group that you have no business being a part of or worse, build an unassailable lead before changing your weight back to its true value at the top of the climb.

The hack can go supposedly undetected, because as long as the user reverts back to their normal weight before the finish, the regular weight is the one published on ZwiftPower at the end of races.

Speaking to road.cc, the user claims that "ZADA [Zwift Anti-Doping Agency] had reported the issue to Zwift previously, and that measures of control were applied post-race for Premium League and certain WTRL events, but not for the vast majority of the races organized at Zwift."

When asked as to why they tested the hack, the user told us that they initially "did not believe it because it looked so easy that it would have been upsetting." Nevertheless, they "thought it was a good idea for an article on Zwift Insider to kill some myths about cheating."

In the world of tech, computer-savvy users will often expose security weak points in a website or app’s code. Sometimes this is rewarded by the website in question with a job, and some just do it for a bit of kudos. This makes Zwift’s approach a little confusing, especially when you consider that it is an issue that they know about.

Zwift however, in an email to the user, stated that the user's actions of making the hack public in “an extensive guide” was the reason for the ban, as Zwift states that this contravenes its terms of service.

Speaking to road.cc of Friday afternoon, Zwift's Director of PR Chris Snook said that the ban only excludes the user from "engaging with other users for that duration and prevents them from showing in events, races and race results" rather than excluding them from the platform entirely.

Chris continues, saying that the ban was imposed because the terms of service forbid the user to "use our Platform other than for its intended purpose and in any manner that could interfere with, disrupt, negatively affect or inhibit other users from fully enjoying our Platform or that could damage, disable, overburden or impair the functioning of our Platform in any manner."

One software manager that we spoke to says that while Zwift might rightly be annoyed that the user had gone public before informing Zwift of the hack, had the hack already been reported, which in this instance seems to be the case, the lack of action by Zwift to fix the issue would simply create a lack of confidence in Zwift from the community. After all, why would you bother reporting an issue numerous times if a fix hadn’t yet been implemented?

This was, the banned user says, the aim of the article. They would like to see Zwift take an active approach to close the door to this easy cheat, so those that like to take their racing seriously can do so with the knowledge that it is fair. They also feel that the current 'shoot the messenger' approach to preventing cheating is the wrong one, and that a "focus on identifying and chasing the cheaters rather than banning people" would be preferable. 

Where this leaves the banned user and Zwift is unclear. The user will likely serve out the 30-day ban and, as they have removed the WordPress article in which they tested the hack, there shouldn’t be an extension of the ban from Zwift. Zwift, meanwhile, still has a relatively easily exploitable hack that can really spoil the racing experience for lots of users.

To that end, Zwift told us that "we are working on a resolution for this bug and would always ask that anyone that discovers a bug contacts us to help resolve the issue."

Add new comment

37 comments

Avatar
Sniffer replied to Rendel Harris | 2 years ago
0 likes

The Ts and Cs for Zwift have this line

Use or attempt to use another user’s account without authorization from that user and Zwift;

Clearly you would be giving authorisation, but Zwift would, I suspect, not.  Clearly this is a technicality that is probably irrelevant in the real world, but I might not advertise dual use too much.

You will not be alone in doing this either.

Avatar
capedcrusader replied to wycombewheeler | 2 years ago
1 like

Right, that's you banned for 30 days for exposing this illegimate practice. 

Avatar
pasley69 replied to Rendel Harris | 2 years ago
1 like

Well this opens up a can of worms:- RH, did you also change the sex setting mid-ride?  Because this brings up the whole issue of males vs females of same age / weight and speed/strength/stamina. Better not go there I guess, but it does bring up the question - If one stops mid-ride (say during a really long ride - circumnavigation of North America perhaps) for a sex-change operation shouldn't you be allowed to change the settings mid-ride as well.

Avatar
Rendel Harris replied to pasley69 | 2 years ago
0 likes

No - as I said above, one can change weight and height but not gender. I don't actually know, because I don't use it for racing, if Zwift has separate male and female races. If it does I wouldn't be surprised if some men gatecrash them, if people are sad enough to be prepared to lie about their age and weight to get a good placing they would probably do so about their sex too, but you would have to open and pay for an account as a woman from the outset, you can't just switch sex at will.

Avatar
Me_ | 2 years ago
0 likes

Seems like a harsh punishment for this, but he deserves it for his blog output so probably acceptable for the greater good

Baz

Avatar
pasley69 replied to Me_ | 2 years ago
1 like

Actually, I'd expect RH to be banned by Zwift for use of a second fitness app. Imagine if the results differ.

Avatar
mike the bike replied to pasley69 | 2 years ago
0 likes

Not a Zwift user, I am amazed at the fuss.  After all, what we have here is someone who has simply confirmed that it's not really riding a bike at all, far less your actual racing.

It reminds me of the army recruit who asked if he might be excused basic training because of his extensive experience on 'shoot 'em up' videos.   Jesus, so I'm told, wept.

Pages

Latest Comments