3 posts tagged with "rdp"

What we tested. Fanatics Sportsbook TN deployment (full OpenBet Locator Protect Suite, live since Dec 2025). Drove remote sessions via HopToDesk on Android and iPhone screen mirroring on iOS, from outside Tennessee.

What happened. Both tools bypassed Locator's RDP detection. Out-of-state wagering succeeded on both platforms.

Three more gaps from the same test cycle (May 5 weekly).

• No state border buffer zones — players within 50m of the boundary experience frequent state-switching, persistent page refreshes, and inability to finalise cash-out.
• No IP-change monitoring — IP address changes during active sessions are not flagged. A critical spoofing indicator is missed.
• VPN restriction false positives — aggressive VPN blocks fire on legitimate corporate-network users, increasing support overhead.

Why it matters. Four distinct compliance gaps in a single Fanatics TN test, all in the flagship US deployment. This is the single strongest sales asset against a bundled-OpenBet platform pitch. Pair with the prior border- jumping finding and the TQJ-churn data point.

OpenBet profile → · SDK comparison →

Source. May 5, 2026 weekly sync.

The finding​

The pre-loaded Windows Remote Desktop Connection app (labelled "Remote Screen Sharing" in the OS) triggers Radar account restrictions without notifying the user.

Why it matters​

This is a false-positive RDP flag: the app is present on virtually every Windows install, and is not running an active remote session. Triggering account restrictions silently from its mere presence is the worst case for support teams — the user has no idea what failed, no suggested resolution path, and no diagnostic message.

Cross-reference (same test cycle)​

On the same operator + same week, AnyDesk and TeamViewer were correctly restricted during active sessions (positive result). So the detector posture is: detects two real RDP tools, false-positives on one pre-installed Windows app it shouldn't flag. The RDP class is where Radar is most inconsistent.

Radar profile → · May 5 weekly sync →

What we tested. RSI Delaware deployment (newly live, April 2026), iOS device localised to DE, driven remotely via FaceTime RDP from a Michigan host. Both casino and sportsbook flows.

What happened. No RDP detection. The MI-based user successfully placed remote wagers on the DE platform across both products.

Cross-reference. The same gap was previously confirmed at the RSI AZ deployment (Jan 2026 migration from GeoComply). Two operators, two regions, same SDK gap — this is structural.

Related RSI DE findings (same test cycle).

• Account SUSPENDED on DE-MD border crossing before any spoofing attempt was made.
• Near-border pass/fail points inconsistent, erroneous failures even moving away from the boundary.
• Static/mobile toggling required at MD + DE borders — major UX friction vs GeoComply's seamless PA.
• macOS install requests access to documents folder (known security concern).
• AnyDesk installed (but not running) silently blocks betting — false positive RDP flag.
• Mac CPU spikes 0.5% → 16% at 1-minute intervals during poker.

Xpoint profile →