Competitive Intelligence β Weekly Sync
π Week 10 β June 2, 2026 Β· β± 30 minutes Β· π₯ Weekly cadence
Agendaβ
| # | Topic |
|---|---|
| 1 | Competitive and Client Testing β Key Findings |
| 2 | Competitive Research β Key Findings |
| 3 | Win/Loss β Competitive Win-Backs (Salesforce) |
| 4 | Social Media β Key Findings |
| 5 | What's Next β Open Planning |
1 Β· Competitive and Client Testing (Julia) β Key Findingsβ
Remote screen control dominated this week. A single off-the-shelf method β built-in screen sharing driven over a Tailscale tunnel, with one person handing full screen control to a remote user in a different location β was tested across multiple integrations. GeoComply blocked it; three competitors did not. A separate Michigan advanced-spoofing retest surfaced two tool-specific desktop / mobile gaps, and Ontario testing of Locance found one compliance and one security defect.
Remote screen control via Tailscale β undetected by competitorsβ
- β Underdog DFS (Radar) β remote screen control via Tailscale undetected for 20+ minutes
A remote operator held active control of an in-state device for over 20 minutes and placed bets freely. Radar did not detect or block the session.
π« CIV-81 β Underdog DFS: remote screen control via Tailscale (Radar) - β Fanatics (OpenBet) β Mac-to-Android remote control undetected, bets placed
A tool letting a Mac laptop remotely control an Android phone from a different network was used to bet on Fanatics. OpenBet did not detect the sustained remote-control session β extending the gap from macOSβmacOS to cross-platform desktopβmobile.
π« CIV-79 β Fanatics: Mac-to-Android remote control (OpenBet) - The origin finding β Bet365 NJ (XPoint) β macOSβmacOS RDP via Tailscale undetected (documented May 26, CIV-73) β prompted this expanded testing campaign across additional operators and platforms.
MI advanced spoofing retest β tool-specific gapsβ
- β οΈ Fanatics MI (OpenBet) β HopToDesk remote control undetected on Android; TeamViewer + AnyDesk blocked
Near the MichiganβCanada border, HopToDesk went undetected at install and during an active remote session on Android, with bets placed throughout. TeamViewer and AnyDesk were both detected and blocked, and iOS FaceTime screen sharing was detected near the border β a specific tool gap, not a blanket miss.
π« CIV-64 β MI advanced spoofing retest - β οΈ bet365 MI (XPoint) β RustDesk evades detection when launched after the geolocation client
RustDesk launched before XPoint flags immediately; opened after XPoint is already active, it goes undetected on Windows and macOS β 50+ consecutive location checks passed, with detection resuming only after a manual client reboot. Indicates a one-time startup scan rather than real-time monitoring.
π« CIV-64 β MI advanced spoofing retest
Ontario β Locance (LocationSmart) compliance & security gapsβ
- β Locance (LocationSmart) β real-money deposit with no identity check; detection rules exposed in API response
A tester completed registration and a real-money Interac deposit with no identity or location verification β a step that should be mandatory under Ontario rules. Connecting from a Singapore IP, the API response named the exact detection rules triggered (e.g.IP proxy detected,IP hosting provider) in plain text.
π« CIV-53 β Locance (LocationSmart) Ontario: compliance and security gaps
Attacks successfully stopped (negative results)β
- β Bally Bet NJ (GeoComply) β remote screen control via Tailscale blocked at login and mid-session
GeoComply identified and blocked the same remote-screen-control attack that three competitors missed β macOS Native Screen Sharing over a Tailscale tunnel (Mac #1 controlled via Mac #2). Detection fired both at login and mid-session with aBlocked_softwareerror. A direct, demonstrable compliance advantage.
π« CIV-82 β Bally Bet NJ: remote screen control blocked (GeoComply)
2 Β· Competitive Research (Valeria) β Key Findingsβ
- Radar's updated version is no longer a pre-release / Beta. Checking whether Bet Saracen has integrated the new build.
3 Β· End-user Feedback (Valeria) β Key Findingsβ
π Full dataset: Social Media Competitive Signals Β· Reddit + X/Twitter public posts.
- No spikes or patterns this week. The full month of May will be reviewed in the next cycle.
4 Β· What's Next β Plan for Next Weekβ
Field Testing β Active & Plannedβ
- CIV-59 β Fanatics / OpenBet: advanced spoofing β GPS simulator
- CIV-45 β Alberta launch: competitor testing GeoLocs / mkodo β spoofing tests
- CIV-78 β GeoComply: remote control of jailbroken iOS
- CIV-64 β Fanatics MI advanced spoofing: remote control of jailbroken iOS
Betting Hero β Active & Plannedβ
- CIV-55 β mkodo / GeoLocs: full validation β Backlog
- CIV-54 β Locance (LocationSmart): full validation β Backlog
- CIV-64 β MI advanced spoofing retest β In Progress (awaiting team support)
Integrations teamβ
- TBD
All findings this weekβ
- Underdog DFS (Radar): remote screen control via Tailscale undetected 20+ min (FAIL)
- Fanatics (OpenBet): Mac-to-Android remote control undetected (FAIL)
- Locance (LocationSmart) Ontario: deposit with no identity check + detection rules exposed (FAIL)
- Fanatics MI (OpenBet): HopToDesk undetected on Android, TeamViewer + AnyDesk blocked (PARTIAL)
- bet365 MI (XPoint): RustDesk launch-order detection flaw (PARTIAL)
- Bally Bet NJ (GeoComply): remote screen control via Tailscale blocked at login + mid-session (PASS)
Competitor profilesβ
Radar β Β· Xpoint β Β· OpenBet β Β· GeoLocs β Β· Locance β