Skip to main content
MissedRemote access★ Pinned

XPoint / BetRivers PA: CIV-88 retest — FaceTime RDP sustained for 1 hour; Tailscale Mac-to-Mac RDP undetected

XpointRushStreet Interactive (BetRivers)

Source. June 30, 2026 weekly sync.
Ticket. CIV-88: BetRivers PA — advanced spoofing review (retest).

What we tested

Two additional spoofing checks from the June 23 CIV-88 cycle, confirmed during the week ending June 30:

  1. FaceTime RDP — sustained session duration
  2. Tailscale Mac-to-Mac RDP — detection reliability

Both against BetRivers Pennsylvania (XPoint).

What happened

1. FaceTime RDP — 1-hour confirmed session

  • ✗ A tester in New Jersey remotely controlled an iPhone in Pennsylvania via Apple's built-in FaceTime screen sharing.
  • ✗ The session ran for a full hour — bets placed continuously on both sportsbook and casino throughout.
  • No block or interruption at any point.

This confirms the initial FaceTime gap is not a brief window at login — it is an open, sustained exposure for the full session duration.

2. Tailscale Mac RDP — detection failed

  • ✗ Two Macs paired under one Tailscale account.
  • ✗ An out-of-state device initiates remote control of an in-state (PA) host via native macOS screen sharing (Finder).
  • No local interaction required on the host — the remote connector receives full control.
  • ✗ The geolocation check passes against the host's in-state position.

Why it matters

Both retests deepen the Pennsylvania compliance picture from June 23:

  • FaceTime — the gap is now quantified as hour-long, not transient. Any operator conversation about "we catch it eventually" is contradicted by a full session of uninterrupted wagering.
  • Tailscale + macOS — the same unattended desktop-control pattern that GeoComply blocked on FanDuel NJ the same week remains undetected on BetRivers PA / XPoint.

Cross-reference

Xpoint profile → · June 30 weekly sync →

By
Julia Dolgopolova
Test lead — Competitive Intelligence