Who actually polices a ClubGG club

Every cheat is somebody's job — or nobody's

The useful way to sort ClubGG cheating is not by how it works but by who is supposed to stop it, and whether that party actually has a reason to. Some cheats threaten the operator, some threaten the club owner, and some threaten only the players while leaving everyone above them better off. That last group is the dangerous one. The table sorts the categories by who holds the primary responsibility and how aligned their incentives are with catching it.

Notice the misalignment hiding in that table. Outside-channel collusion sits at the top of the operator's list because, in the long run, a club whose regulars quietly rob the soft players loses those players and stops producing rake — so NSUS and a long-term-greedy owner are aligned against it. But a short-term-greedy owner is not. Chip dumping and embedded bots are even worse, because they can run with the owner's knowledge: the cheat pays rake, the owner collects it, and the only losers are players who will be replaced. The platform's stack and the club's stack are not two halves of one team. They are two parties whose interests overlap on some cheats and diverge sharply on others.

Two enforcers, two sets of incentives

To predict where a behaviour gets caught you have to model two separate parties, not one pipeline. NSUS runs the network layer for the whole population; the owner and his agents run the club layer inside one club. They see different things, can do different things, and want different things.

Network — behavioural fingerprinting

Client telemetry on input timing, touch-dwell on mobile, action-confirmation latency, idle behaviour. Cheapest layer, runs continuously, produces a per-session behavioural score. Same signal family GGPoker has refined for years, with a population baseline tuned for the ClubGG demographic.

Network — statistical play-pattern analysis

Per-account distributional analysis on VPIP, PFR, 3-bet by position, fold-to-cbet by board texture, bet-sizing histograms, river aggression, all-in equity at showdown. Heavy compute, nightly or weekly cadence. Pure-GTO output is paradoxically easier to flag, because population variability is the baseline.

Network — account-graph models

Accounts joined by device fingerprint, IP, deposit method, KYC document, table co-occurrence and action-timing correlations within hands. Multi-accounting and farming fall out here; collusion within a single club is harder because the natural prior is high co-occurrence.

Club — what the owner can see

Owners see balance sheets, transfer histories and full table logs for their own club, with tools to restrict seats, expel players, freeze balances and refuse settlement. No algorithm on the network side has this resolution into a single club. The owner can notice a regular winning above their skill envelope days before any statistical verdict exists.

Club — what the owner will do

The decisive and least predictable variable. Catching a cheat costs the owner nothing; acting on one costs him rake, a vouched-for relationship, sometimes a settlement partner. An owner can hold all the evidence and sit on it. From outside the club, a cheat who is known-and-tolerated and a cheat who was never spotted produce the exact same data.

Neither layer subsumes the other. The network layer is broad, impartial and slow — good against farms and statistical outliers, blind to context. The club layer is fast, deep and conflicted — it sees everything in one club and acts on whatever the owner's incentives permit. The cheats that thrive are the ones the network cannot prove and the owner does not want to.

The owner as gatekeeper, and as risk

The agent and owner layer is the structural feature that separates club apps from public operators, and it is double-edged. An agent manages a segment of players — deposits, cashouts, vouching, seat restrictions, transfer visibility. The owner is the agent of agents, the gatekeeper for everyone under him. He is the closest thing ClubGG has to a casino floor.

Read as a detector, he is a low-volume, high-context classifier no model can match: he watches a small set of players for hours, knows who he vouched for, who deposits, who runs hot. A bot that passes NSUS fingerprinting but wins above its seat's rate gets noticed within days. Read as a risk, he is exactly the wrong person to trust with that power, because his pay is the rake those same players generate. The honest owner is your best protection on the entire platform; the dishonest one is the hardest cheat to beat, because he is the referee. You cannot tell which you have from the table — only from the chain above it.

This is why running your own club to escape the gatekeeper backfires. The club becomes a visible farm, settlement partners refuse its action, and scrutiny escalates up the union. The durable pattern is small-volume embedded play inside a legitimate club run by an inattentive owner — which is just another way of saying the cheat depends on the owner's trust being misplaced.

The cheat that is nobody's job

Outside-channel collusion is the dominant problem precisely because it falls between the two enforcers. Colluders share hole cards on WeChat, KakaoTalk or Telegram and coordinate aggression against a target; the platform sees only the visible actions, which look like routine play in isolation, and the owner often has no reason to investigate his own paying regulars. NSUS cannot read the chat. The owner will not read the tells. So defence collapses to one purely statistical signal: joint behaviour over volume — two players folding dominated hands against each other more than chance, raising in tandem against a third more than position predicts, never bluffing each other on rivers across thousands of hands.

The hard part on club apps is the baseline, and it is a club-governance artefact, not a math one. Standard collusion detection assumes near-random opponent matching, so two players seeing each other for thousands of hands is itself a red flag. Club tables break that assumption — the same regulars sit together every session by design. The correct reference is the per-club joint-behaviour distribution, which means the detector has to learn what normal looks like inside one closed group, and most groups are too small to give it much to learn from.

# Schematic: showdown-correlation detector for club tables
def collusion_pair_score(hands, club_baseline):
    pair_obs = defaultdict(lambda: {'soft': 0, 'coord': 0, 'count': 0})
    for h in hands:
        for p1, p2 in pairs(h.players):
            pair_obs[(p1, p2)]['count'] += 1
            if held_dominated(h, p1, p2) and not valuebet(h, p1, against=p2):
                pair_obs[(p1, p2)]['soft'] += 1
            if joint_aggression_vs_third(h, p1, p2):
                pair_obs[(p1, p2)]['coord'] += 1
    scores = {}
    for (p1, p2), o in pair_obs.items():
        if o['count'] < 200:          # too thin to score
            continue
        z = z_combined(o['soft']/o['count'], club_baseline['soft'],
                       o['coord']/o['count'], club_baseline['coord'], o['count'])
        scores[(p1, p2)] = z
    return scores

Production systems condition the baseline on stake level, action sequence, the position relationship between two players and per-pair history length. But notice who has to run this. NSUS can build the per-club priors, yet it lacks the context to interpret a flag inside a club it does not manage; the owner has the context but no incentive to point a collusion detector at his own table. The detector that would actually work needs both, and the two parties who hold the halves do not share a motive. That, not the statistics, is why outside-channel collusion stays unsolved.

Does the chain go all the way up to GGPoker?

The most consequential governance question is whether a flag inside one ClubGG club travels up to NSUS and across to GGPoker. NSUS does not document its cross-product architecture, so the honest answer is structural inference plus the handful of publicly reported cross-product cases. The structural argument is simple: NSUS runs one security organisation over both products, sharing enough infrastructure that any signal collected on either is visible to the same team. The plausible design is a shared abuse-graph ingesting device fingerprints, payment methods, KYC documents and behavioural fingerprints from both. The reasonable assumption is that the network-side chain does reach the top — what you do on ClubGG is observable on GGPoker, the same logic that linked PartyPoker and bwin, or PokerStars and FullTilt. The club-side chain does not work that way. A tolerated cheat known only to one owner never enters NSUS's graph at all, because the one party who could report him is the one profiting from him.

Beating the algorithm versus beating the owner

The two enforcers demand opposite strategies, and conflating them is the standard error. Against the network layer the right frame is adversarial classification: NSUS builds a model separating bot behaviour from population behaviour, and the bot's job is to produce a distribution the classifier cannot separate from humans while preserving expected value. The literature runs from Dalvi, Domingos, Mausam, Sanghai and Verma (2004) on adversarial classification and Lowd and Meek (2005) on probing a deployed classifier, through the modern adversarial-ML lineage. This is why pure-GTO bots get banned faster than noisier ones — the GTO bot wins more per hand, compressing time-to-detection, while a human-shaped bot wins less but survives longer, often with higher total return before any ban.

Against the owner none of that helps. He is not running a classifier; he is watching, and he already knows who he vouched for. You do not defeat him with latency noise — you defeat him by being inside a club he does not watch, or by having him on your side. That is the real reason the cheat economy on ClubGG is a governance problem dressed as a security one: the strongest detector is a person with a price, and the strongest defence is making sure that price was paid before you sat down.