The Stupidity of Using IP to stop Multiple Accounts, and how to fix it

StoltverdJuly 14, 2026other

Prepare yourself; this will be a long read. So play this while reading:



Multiple accounts... The ban of fun...
We all know about them. Someone in the US was famous for using them to gain advantages, and we all know of a certain yellow, blue, and red country that uses them as their main strategy (could it be Colombia?).
We all also know of family groups as a "solution", where supposedly, noobs who don't know about the game, will reach out to mods on Discord BEFORE making accounts and ask for a creation of a family group, creating NO FRICTION AT ALL, while they wait multiple days before making a new account.

I was banned the day I made my account.
I was playing DnD with some friends and one of us said "check this game out!", we all made accounts, and I got banned.

Clearly I got better.
But who among you got a friend that was banned and never appealed because "fuck this"?

I know that my country's efforts to expand have been thwarted by Warera's protection system, because LIKE EVERY SINGLE COUNTRY EVER, most people have dynamic IPs, so a lot of false flagging, plus... I mean... Parties. You know of them? People creating accounts at the same time in the same network.

Unban requests because of this system take a lot of time in the support discord. VPNs take care of that, and there are so many other ways of exploiting the system that one has to ask the question:

Why does Vatou keep IPs as a protection system?
I bet those potatoes take much of his time, making that question impossible to answer, so here are my solutions:

As stated before, a single-layer defense based on IP tracking is obsolete. Dynamic IPs, Carrier-Grade NAT (CGNAT),
VPNs, and shared networks (like university dorms or internet cafes) render IP bans either
ineffective or prone to massive false positives. A multi-layered architecture is required to
exponentially increase the cost in time and effort for bad actors, without utilizing paid API services
(like SMS auth) that incur server costs. (Vatou needs that money for potatoes)


So let me explain my 2 layer plan:

Layer 1: Client-side friction to stop casual tab-duplication.
Layer 2: Tiered trust systems that protect high-leverage
mechanics.


To implement meaningful restrictions without alienating legitimate players, especially privacy-conscious
users who refuse to link third-party accounts, Warera.io must establish a Trust Tier system. The
philosophy is simple: If you don't want to verify with your identity (smart), you must verify with your time.

Trust Tier 0 (Unverified / New Account)
This is the default state for a newly created account. It allows immediate access to the core
gameplay loop (working, earning BTC) to hook the player, but restricts actions that can
be exploited by the tri-color menace.

Trust Tier 1 (Verified Citizen)
This tier grants full access to the game's economy, the market, military units, and political
modules. Players can achieve Trust Tier 1 via a:

Proof-of-Work Verification: Players must
complete an in-game "Proof of Work" (PoW) milestone. Example: Logging in for 14 consecutive
days and completing 50 manual work cycles. While trivial for a legitimate player over two weeks,
managing this across 50 alt-accounts is terrifying for an exploiter.


Client-Side Fingerprinting
This layer operates silently to stop the lowest-effort abusers (e.g. opening multiple tabs in the same
browser).

WebGL Canvas Fingerprinting & BroadcastChannel API:
The browser generates a unique hardware hash based on how the user's GPU
renders a hidden 3D graphic. Combined with the BroadcastChannel API to detect
multiple active tabs on the same domain. If the server detects connections from the exact same WebGL hash and IP
address attempting to join the same battle or trade, it silently drops the packets of
the secondary account. Requires zero player interaction and filters out lazy abusers before
they interact with the game.

Asymmetric Restrictions via Trust Tiers
This layer applies the Trust Tier system I explained before to the specific mechanics of Warera.io, balancing early retention
against security.

A. Economy & Work Loop
Action: Open to Tier 0.
Reasoning: Working is the initial feedback loop. Blocking this destroys Day 1 retention. However,
Tier 0 accounts cannot trade on the market, donate directly to countries or MUs, until they reach Tier 1.


B. Military Units (MU)
Action: Partial access to Tier 0.
Reasoning: MUs are critical for social retention. Tier 0 accounts can join, read MU chat, and see
contracts. However, they are blocked from making their own MUs, being commanders, and donating to MUs.

C. War
Action: Limited access to Tier 0.
Reasoning: War is the core dopamine driver. Tier 0 accounts are given a strict, non-renewable
limit (e.g., 5 battles total or a one-time health bar). They experience the gameplay, but once
exhausted, they hit the wall: "Conscript deployment exhausted. Verify Citizenship (Tier 1) for full
military service." This prevents last-minute phantom damage from the tri-color menace.

D. Political Module
Action: Hard lock behind Tier 1.
Reasoning: New players do not engage in macro-politics. Voting, proposing laws, or running for
office must be strictly locked to Tier 1 accounts (with an additional account age requirement) to
prevent the tri-color menace from orchestrating government coups.

EDIT: NOTE! It may be a good idea to make trust levels drop! To keep the friction high on multi account users, while making it non existent for legitimate players.
EDIT 2: oAuth could also be used to verify! Though that may create friction for privacy mindful players as stated.
EDIT 3: For apple devices, a SharedWorker would be a solution too in regards to blocking multi-tab account switching. Active broadcast scripts + listener scripts could also work!

The Stupidity of Using IP to stop Multiple Accounts, and how to fix it | War Era