Untrusted Deduction Guide, نصائح, and Strategies

This guide will give you some tips and strategies on deducing various roles and how to sort truth from falsehoods.

ملخص

Untrusted, as with Mafia, Werewolf, Town of Salem, Secret Hitler, and the like is mainly about social deduction.

While you can lynch willy-nilly and pray that you manage to vote off AGENTS, you will invariably catch NETSEC and other friendly members in the crossfire. This means loosing valuable players, sources of information, and voting power.

It is far more effective (and satisfying) to vote for players only after making deductions and finding solid proof that players aren’t who they say they are.

This guide will give you some tips on how to form this deduction and gather these proofs.

Sources of Information

In order to form deductions, you will need information. In Untrusted, this can be found in several sources.

• The Network Topology
• Node Connection Logs
• Arrest timings and involved players

The Network Topology

The layout of the network can help you predict the actions of AGENTs. One of the main goals of AGENTs is to stop the hack and they will do anything in their power to achieve this. The main tools at their disposal are Rollbacks and Denial of Service.

When attempting to hinder NETSECs progress through the network they will almost always focus on chokepoints. These are nodes that NETSEC must hack to secure other nodes. AGENTS will use Denial of Service on unhacked nodes to prevent NETSEC from connecting to the node and they will attempt to rollback and re-secure hacked nodes to slow down NETSEC.

You can use this information to predict when AGENTS will attempt DoS or rollbacks and plan accordingly. على سبيل المثال, if you can see that there is only one hackable node on the topology, you know that AGENTs will attempt to DoS it and you can then deploy wiresharks as Netspecs in order to discover the AGENTs.

بدلاً عن ذلك, if it is late game and NETSEC is close to hacking the target node, you know that AGENTs will attempt to rollback a chokepoint and you can then have blackhats and script kiddies DOS these nodes to prevent rollbacks.

One exception to using chokepoints are coordinated rollbacks. This happens when there are two paths forward in the topology, and the Agent Leader and their Offensive mole perform a simultaneous rollback on both these nodes. إذا حدث هذا, you now know that the Agent Leader has an Offensive mole, and you can then begin questioning any players with an Offensive class.

Node Connection Logs

Node connection logs can give you a lot of information about hacking classes (or those who claim to be one)

أولاً, only hacking classes can connect to nodes (or fake connect using the Unskilled Attack ability). لذلك, if a player claims a non hacking class (say an inside man or an enforcer) yet they have connection logs on the servers, you know they are lying and can begin questioning them.

ثانيًا, the inverse is also true, and hacking classes are expected to hack (especially if ordered by the Operation Leader) and will show connection logs. If a player claims a hacking class and isnt hacking (shown by the lack of connection logs), this would be considered suspicious, and you can begin questioning them. بالإضافة إلى ذلك, if a hacking class hacks on some days but skips others, you can deduce that they are using other day abilities instead of hacking and can question them. In these cases, players can claim that they were ISPed which is why they couldnt hack, which can be verified by netspecs.

ثانيًا, hacking a node is hard for most classes and requires cooperation to be completed successfully. The main exceptions to this are Blackhats and the Operation Leader who can often hack nodes entirely on their own. This is called “soloing” a node. نتيجة ل, if you see only a few hackers on a particular node and especially only a single hacker on a particular node, you know that you found a powerful hacker, either a BlackHat or the Operation leader.

AGENTs will almost never use their hacking skills to aid NETSEC and would instead, use Unskilled Attacks, depending on other NETSEC players to hack the node and maintain their cover. هكذا, you will almost never find them soloing a node, unless they’re doing so to prove their claim when challenged. في هذه الحالة, AGENTS will only hack nodes they know are deadends or only progress the hack when their cover is being questioned and they are close to being voted out.

Thirdly, classes with the Download Intel ability will often reconnect to already hacked nodes to search for any intel. So if you see that someone has connected to a node after it has already been hacked, you know you have found a downloader who you can email privately, directing them on which node to download. Non downloading hacking classes will continue forward, hacking nodes and not revisiting hacked ones.

أخيرا, node connection logs should always match up with the personal logs of a player. على سبيل المثال, if Dr. Blue claims in his logs that he connected to node .25 on day 3, then the connection logs should indicate such. If there is a mismatch, you know this player is lying and his logs are fake.

It is important to note however, that AGENTs and some neutrals have the ability to alter logs, and Rollbacks will always add fake logs to the node in question. The analyst would come in very handy here as they can clear these fake logs. If an analyst can clear the fake logs added during a rollback, the true logs left behind will show the AGENT or other player who performed the rollback. That is why AGENTS will almost always perform a rollback, only when they have a mole that can Wipe the logs from the node.

Voting Patterns

Voting patterns can tell you a lot about who may be AGENTs in a given game. Because AGENTs are so few in number, they will rarely vote their own or their friendlies, unless they have no other choice to maintain their cover. لكن, AGENTs will have no problem voting non agent players as that means one less player they need to arrest and one less player who can vote against them. نتيجة ل, you will notice some patterns while voting players, especially in the late game.

أولاً, as agents will vote other players but rarely their own, you will notice that some players will be voted out more easily than others, If a player is quickly voted off without bickering or debate, it is likely that AGENTs are voting with the group and pushing to get rid of this player.

ثانيًا, the inverse is true. As agents are reluctant to vote their own, you will notice that it will be hard to canvas enough votes to assassinate certain players. لذلك, if you notice that some players arent voting for a particular player who turn out to be an AGENT, you can then deduce that the players who were hesitant to vote or late in voting may also be AGENTs as well.

Chat Interactions

Certain things that players say in the main chat can often tell you a lot about what their roles and factions are. These tips below will show some of these patterns.

أولاً, if a player says that downloaders should download a particular node, they are either a Confidential Informant who uploaded their intel, or an Inside Man who used their Inside Knowledge ability. بدلاً عن ذلك, they could be a Forensic Specialist who used their Upload Fake Intel ability.

ثانيًا, the inverse is true as well. If a player is asking for nodes that have information on them, they are probably a class with downloading abilities (or claiming to be one).

Thirdly, by the nature of their roles, Operation Leaders will have a lot to do. Between sending out broadcasts, emailing players, using their abilities and coordinating with other netsec players, they will often write very little in the main chat. If you find someone writing especially little but they are hacking nodes and moving forward every day, you probably found the OL

Fourthly, the above is even more true with agents. Between coordinating their strategies in the Agent Secure Chat, updating their fake logs, using their abilities and trying to keep a low profile, agents will often say little and almost never claim unless prompted.

أيضًا, sociopaths, due to their role, often try to get as close to OL as possible. This means that they will often agree with OL and praise their strategies in the main chat and give suggestions to “يساعد” the hack. بدلاً عن ذلك, in order to avoid too much attention, they will keep quiet and say little, hoping to deduce who the OL is so they can murder them and steal their credentials.

Follows and Watches

The follow and CCTV Surveillance abilities are very powerful means of determining the whereabouts of certain players.