The GGNetwork ecosystem: one platform, many skins
Summary. GGNetwork operates a single poker platform that is presented to players through multiple branded skins — Natural8 internationally, GGPoker in many regulated markets, plus regional licensees. They share the client, the RNG, the analytics (PokerCraft) and, critically, the security and anti-bot stack. For anyone studying bot detection, this means signals are gathered per-skin but evaluated network-wide, so the effective detection surface for a bot is the whole network, not one room.
What "skin" means on GGNetwork
A skin is a branded front end over a shared poker backend. Players on different skins generally sit in the same underlying liquidity and run the same software, while seeing different names, themes and promotions. GGNetwork is one of the larger examples of this model in online poker: Natural8 functions as its international-facing brand, while GGPoker carries the network into many licensed jurisdictions, alongside a set of regional skins.
The technical consequence is that "Natural8 security" and "GGPoker security" are not two systems. They are the same system wearing two badges. A research question framed as "how good is Natural8 at catching bots" collapses into "how good is GGNetwork's stack at catching bots, observed from the Natural8 skin."
The shared security stack, layer by layer
It helps to think of detection as a stack rather than a single check. Each layer raises the cost of running a bot, and the layers feed each other. The diagram below sketches the flow from the player's machine down to the network-wide correlation layer.
Layer 1 — client integrity
The client checks itself. Because every skin ships the same binary, integrity checks (memory inspection, detection of overlay or injection tooling, prohibited-process lists) are written once and deployed everywhere. An attacker who finds a bypass on Natural8 has, by definition, found it on GGPoker too — which also means a single fix from the operator closes it everywhere at once. The economics favour the platform.
Layer 2 — device and session
Above the binary sits device and session telemetry: hardware and browser fingerprints, network attributes, input cadence, and the links between accounts that share any of these. On a shared platform, two accounts that look unrelated on the surface — one on Natural8, one on a regional skin — can be tied together by the same fingerprint cluster. Multi-accounting and bot farms are precisely the patterns this layer is tuned to surface.
Layer 3 — behavioral model
This is where most realistic bots eventually fail. The model does not ask "is this move correct"; it asks "does this account behave like a human over time." Inputs include action timing and its variance, bet-sizing distributions, deviation from population norms, and how closely play tracks solver-like (GTO-ish) lines under pressure. A bot that plays "too well, too consistently, too fast" stands out exactly because it lacks human noise.
Layer 4 — cross-skin graph
The bottom layer is what makes the shared platform distinctive. Outputs from layers 1–3, gathered on every skin, are correlated in one place. An account is a node; shared devices, payment trails, timing fingerprints and behavioural scores are edges. A decision about a Natural8 account can be informed by evidence collected on GGPoker and vice versa. This is the practical meaning of "cross-skin detection."
PokerCraft and Smart HUD: sanctioned tools, and their flip side
GGNetwork ships first-party tools that double as data sources. PokerCraft gives players structured hand histories and post-session analysis. It is genuinely useful for study — and the same structured, uniform data is an ideal training set for anomaly detection, because every hand across every skin arrives in the same format.
The Smart HUD context is GG's bounded, in-client assistance. The boundary is the point: it defines what reading the table is sanctioned. Anything that reads or acts on the table outside that boundary — external HUDs, screen scrapers, automated decision-making — is the behaviour the integrity layer is built to flag. The existence of a legitimate, limited assistant does not create room for an unsanctioned one.
Why "test it on a small skin first" does not work
A common assumption in botting circles is that you can prototype on a smaller or more obscure skin, then move a proven method to a bigger one. On an independent-rooms network that logic is sound. On GGNetwork it backfires: the smaller skin runs the same detection, and every observation it makes is fed into the same central model. You are not testing in a sandbox — you are training the defender on your method, under your real fingerprints, before you have made any money.
| Property | Independent rooms | Shared platform (GGNetwork) |
|---|---|---|
| Detection scope | Per room | Network-wide, cross-skin |
| Client to defeat | Many, varied | One, uniform |
| Effect of a single fix | Closes one room | Closes every skin at once |
| Value of "testing" on a small skin | Low risk | Trains the central model on you |
| Account-linking power | Limited | High (shared fingerprint graph) |
What this means for developers and researchers
The interesting work here is not "build a better bot." It is understanding how platform consolidation changes the detection problem. A shared-platform model turns anti-bot from a per-operator arms race into a single, well-resourced defender with a network-wide view. For research, that makes GGNetwork a clean case study in how centralisation shifts the cost curve against automation.
If you are evaluating risk on the player side rather than building anything, the practical takeaways are about account hygiene and behaviour — covered in the responsible-play article, written for the Israeli market and others where Natural8 is the visible brand.
Read: is running a bot worth it — and how account security actually works →
