

Big Fish launches real-money gambling app in UK via Betable - seminatore
http://techcrunch.com/2012/08/16/big-fish-raises-the-stakes-with-real-money-gambling-on-the-iphone-with-big-fish-casino/

======
objclxt
One correction - TechCrunch claim Big Fish would be "the first time a real-
money gambling game will be available on the app store". That's simply not
true: there are several real-money games already available in jurisdictions
where online gambling is legal. The large betting exchange BetFair, for
example, have a casino games app with real money:
[http://itunes.apple.com/gb/app/betfair-
casino/id505191581?mt...](http://itunes.apple.com/gb/app/betfair-
casino/id505191581?mt=8)

~~~
davidtyleryork
Correct, this is not the first real-money gambling app on iOS. However, it is
the first existing iOS game wholly owned by a third party that has implemented
Betable to facilitate real-money bets. So that's pretty big news for us :)

------
david_shaw
One issue that a service like this is going to run into relates to security.
The fact that this application needs to be secure from local tampering and
unauthorized betting is obvious -- what may not be as obvious to some readers
is the location-based access control that needs to be built into legal
gambling applications.

Several casinos in the United States (Nevada, from what I've seen) have
already built and released apps to allow, for example, poker or sports betting
from within the associated casino. Some of these also allow betting from
wireless connections within the state of Nevada.

This is where the idea starts to get really sticky.

If you're allowed to gamble from certain geographic locations, but not _entire
regions_ , how do you enforce access control? GeoIP is somewhat reliable, but
border towns can fall on either side of the coin.

Wireless networking is _generally_ not super long-range, but the DEFCON
wireless shootout proved that it's possible to sustain a wireless signal from
_hundreds_ of miles away, given the correct (in this case, desert) conditions.

And that's not even mentioning transport layer issues. Could I set up a VPN in
England to use this Big Fish app and gamble pseudo-legally from my phone in
the States? If I do so, who's liable? What about simple SOCKS proxies?
Dedicated/colocated boxes in the "allowed" region?

I think that this is really cool technology, and I'm excited to see it
succeed. That said, as a security guy, I can't help but wonder who would be
liable in these edge cases.

And, as I mentioned at the beginning of the post, I'd love to know exactly
what security precautions are in place to prevent unauthorized bets and
tampering. For example, let's say you're using this phone in a Starbucks. Will
an SSL error (I can only hope they're using SSL) prevent the connection
occurring at all? Will it give the user a chance to accept the change? Can I
just submit a spoofed request to transfer me money, or is there some sort of
"two factor" key on the phone itself?

It's an interesting problem, and I'm sure Big Fish has come up with
interesting solutions.

~~~
davidtyleryork
Hey David,

While I can't give you a technical answer as I'm just the marketing guy, I can
tell you that simply setting up a VPN in England is not going to work. We have
a number of state-of-the-art gating techniques for identifying and prohibiting
players from using our service illegally. We check for much more than Geo-
location and IP. Obviously I can't get into as much detail as I'd like, but
that's the gist of it.

Also, as Betable is doing all of the gambling, in the event that an extreme
edge case occurs we would be liable, not the game developer working with us.

Unfortunately I can't answer the following questions about security
precautions, but I can see if one of our engineers can hop on the thread to
respond. I'll get back to you.

~~~
rhplus
_Obviously I can't get into as much detail as I'd like, but that's the gist of
it._

Come on, we all know that security through obscurity is weak. Tell us how the
security system works and the community will test it for you!

~~~
wtetzner
"...I can't give you a technical answer as I'm just the marketing guy..."

"Unfortunately I can't answer the following questions about security
precautions, but I can see if one of our engineers can hop on the thread to
respond."

I don't think he's not explaining it because it would be insecure. He's not
explaining it because he doesn't know it well enough.

------
followmylee
And onward we march towards the Bingo Event Horizon...
[http://www.whatgamesare.com/2012/06/the-bingo-event-
horizon-...](http://www.whatgamesare.com/2012/06/the-bingo-event-horizon-
behaviourism.html)

------
kine
I love what Betable's doing and I'm excited for their team. I took part in
their first hackathon in SF a few weekends ago and built an app on their
platform.

The brilliant part of their business is that they're the casino. You give them
the inputs, they give you the outputs but all of the actual gambling, for
every app, all of the odds - everything - is all handled by them.

~~~
davidtyleryork
Thanks kine! Good to see you at the hackathon btw :)

------
bezaorj
This will promote a flood of apps exploring real-money gambling on all
platforms. Google and Apple are probably worried on the due diligence on this
kind of games, if the odds are respected, if there is no possibility of rigged
games, etc etc

~~~
davidtyleryork
We actually take this very seriously at Betable. We do due diligence on all
games that go live with our platform. There are two reasons: the legal
reasons, and because the long-term health of our ecosystem depends on it. If
players get ripped off, they won't come back. We're going to make sure every
game is legal, fair and fun for those reasons.

~~~
david_shaw
Does this include checksums of server-side code, or random interval testing?

I am not sure how deeply you can go into your vetting process publicly, but
I'd love to know how you can prevent a shadier company from pulling a bait-
and-switch to change the odds of their games after you've approved them as a
trusted vendor.

~~~
davidtyleryork
I can't go into more detail about our vetting process, but I can tell you that
game companies cannot change the odds of their game without our approval.

~~~
david_shaw
Fair enough - I sort of figured you wouldn't be able to comment on it.

You guys have a really smart team, though, so I'm sure you have something
awesome figured out. Congrats on the exposure this should net you! :)

------
PeterInouye
Lol Big Fish seeking real-money whales

~~~
johnr8201
yeah the "whale" terminology cracks me up too

