Matchmaking seemed like a neat idea in, like, 2007. In retrospect, it has damaged the industry substantially. All the oxygen has been sucked out of the community server space, etiquette is non-existent, and the aforementioned spyware.
Pretty unfair to paint this as the users choice when the companies are taking our choices away.
If you need to protect competitive play, keep it to actual competitions/make it optional for free play. I'm not giving you unrestricted access to my brokerage account, all of my files, all of my emails/text messages, etc. (which root access on my computer has) so you can prevent cheating in a Sunday night video game.
Of course no security tools work if the game is root.
There are a couple reasons to care about doping in professional sports, that don’t apply here.
First off, these matchmaking games are not real professional competitions. It is more like a pickup game; the stakes are essentially zero. Nobody cares if you dope for your pickup games or your weekend bike rides for friends (other than that that would be a ridiculous thing to do of course).
Second, professional athletes are celebrities. Abusing performance enhancing drugs sets a bad example for the kids watching. Because most people playing matchmaking games aren’t celebrities, they aren’t setting a bad example. And anyway, cheating in videogames has no side effects.
> If you think fairness in videogame competitions is frivolous then do not participate in them.
I mostly don’t. But I can spot wasted engineering effort when I see it, and will continue to call it out.
Reason: Vanguard was crashing another Unity based game I play nonstop. It also seemed to decrease system stability in general.
I will never play another Riot Game so long as this software is a part of it.
Obviously they have so many users, they might need to fix it.
I can imagine that Microsoft might try to help them doing things right.
Closet cheaters are cheating in subtle ways, which make it impossible to know if they're really cheating.
It's a constant analysis of "is he cheating or am I bad?", and most of the time, I could not really know. It's a psychologically toxic experience as I cannot focus on the game itself. I was enjoying the game, but that paranoia made things just unbearable.
I suspect china/russia are actively paying people to make effective cheating software, as it's also a lucrative business.
Even a few pro players are cheating. Those online FPS are rotten to the core.
Apparently valve doesn't seem to care that much, because they probably know that there is a big overlap between cheaters and people who trade skins, who are a big source of income.
Too bad!
My account is 20 years old. And has several games with hundreds of hours including a couple of perfect games, not to mention a hundred or more games. Also phone verified. I don't expect everyone to have similar accounts, but it's seldom I'm matched against anything even remotely similar, say 5 year old accounts with similar playtimes in non-F2P games, though many profiles are private, which itself is - I think - also suspicious since virtually everyone leverages aliases on Steam so I can't really imagine a case for this other than obscuration, though I'm certain some people do it for privacy reasons I expect that rationale is rare.
Beyond that I would say there are a lot of suspicious individuals I've been matched against in both premier and comp . Regardless of whether or not they're smurfs it makes MM obnoxious if only because you end up matched against people who rage and ruin 45m-1h of your time by competing illicitly.
The MM algo is also just shit without these considerations lumped on top of it. I regularly play with my friends who rank lower and that draws my rank down so we get matched in low ranks, resulting in violent pubstomping. Of course I play on my only account, so I'm sure I get hackusated a lot, which would ostensibly get my trust factor drug through the mud. I suppose that's a solid incentive for smurfing on its own, especially since the system is opaque.
It's all pretty bad, frankly. Faceit is hardly better, a lot of the community is pretty toxic and obnoxious salty tryhard metabangers that aren't fun to play with.
On an evolutionary level, the purpose of play is to improve your skill in something in a tight, enjoyable feedback loop. Cheating messes with that.
Though your approach is preferable, I do think cheating (or more broadly, not trusting that you can learn how to improve with further play) kneecaps the whole point of playing.
(I'm badly presenting an idea I learned from Jonathan Blow re: how some game design ideas, such as opaque adaptive difficulty like rubberbanding found in racing games, destroys the purpose of playing)
People constantly cry that the other team is hacking and reviewing the demo shows that they almost never are. The reality is they were just better. That seems to be hard for a large portion of the player base to handle. Low ranks and low trust factor are full of obvious hacks because they make an account, get banned and repeat. You don't see the decent hacks until the upper ranks because you need to be good enough at the game to hide it and would just rank up fast through the middle rankd
Point being that a ”subtle hacker” might be subtle to some and obvious to others. So OP, being a newbie with only 6 mo of experience, might suspect someone being subtle about their hacking but they might be very blatant to a more experienced player.
TF2 is an interesting case study because it's a very old game with a very high skill ceiling. I have 2,000 hours now. Players with 4,000 hand my ass to me.
The difference between an aimbot and a sweaty 4,000 hour sniper is close to none. You peak the corner and within 200ms you're dead. It's easy to think they're cheating, then you open up their steam profile and no, they just have even less of a life than me.
They'll even headshot you when you got invisible on spy. Yes, really. They have so much experience their hands have remembered the movement speed and trajectory of spy. So you go invis, and then they can predict where you're going to be and headshot you. Especially so if you go for a health pack or ammo. It's really crazy stuff, but not cheating.
For example wikipedia description of a rootkit is
"A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software."
Vanguard does not mask its existence or the existence of other software nor does it get/give access to unauthorized users (you authorized it during install so by definition it is not unauthorized).
You don't manually give permissions to actual rootkits and they do their best to try and hide their existence.
The Flutter vision feels very similar, treating the web as a big canvas to draw pixels on.
Adding an extra 5 or 10ms of delay would be a massive issue (especially bad if it is an inconsistent delay)
https://www.leagueoflegends.com/en-us/news/dev/dev-vanguard-...
> “On Demand” Vanguard
> "As was foretold, a future will eventually arrive where we can rely on the security features of Windows to protect its own kernel, instead of protecting it from boot with a driver. This will allow us the opportunity to start our anti-cheat services when the game client runs, provided the end-user has opted into all of these features. We’ll have more communication on this topic early next year, but if you’re on Windows 11 and on relatively recent hardware, we wanted to let you know that you won’t have to tolerate the taskbar icon forever (even though we worked very hard on Vanguard’s logo)."
https://blogs.windows.com/windowsexperience/2024/11/19/windo...
> "To help our customers and partners increase resilience, we are developing new Windows capabilities that will allow security product developers to build their products outside of kernel mode. This means security products, like anti-virus solutions, can run in user mode just as apps do. This change will help security developers provide a high level of security, easier recovery, and there will be less impact to Windows in the event of a crash or mistake. A private preview will be made available for our security product ecosystem in July 2025."
This is actually great because Microsoft "security" systems are notoriously easy to pwn. Workarounds will appear almost instantly.
Also with xbox one and series x/s they have the dev mode thingie lowering the interest in trying to hack the retail mode.
And speaking of up to date video drivers, these checks are a plague of usability. If I have stable driver rev 235, why would I install latest buggy version 246? Eg. AMD has 2 flavours of drivers, Adrenalin which has “optimisations”, but crashes, and the Pro drivers which are older but more stable, and have 10 bit support, more colour spaces etc. I’m done dealing with experimental drivers, give me stability 100% time. Games which insist that I run experimental drivers and secure boot can get stuffed.
Kernel-level anticheat is ridiculous. Especially when your data becomes a gaping would ready for the chinese state to stick their fingers into and twist around. It's like the police installing mandatory cameras in everyones house to catch thieves (if society here is games with kernel-level cheats).
I want to go back to the days of Windows 7. When there was minimal corporate bloat in the ecosystem, no ads in the startmenu, and when game studios actually knew what they were talking about and had some balls to stand up for their values.
And, as anyone remotely familiar with the situation would know, Riot Games is a wholly-owned subsidiary of Tencent, a Chinese company, and all Chinese companies are subject to arbitrary amounts of control by the Chinese government.
> they call each other Chinese. In the not-racist way that one does that.
You just committed the same fallacious propaganda technique of the parent. It's extremely dishonest and malicious. Don't do it.
The problem is, it's gotten hard to do drivers for custom hardware on macOS as a result for everything that can't be done with libusb as a result - and it's also gotten harder to patch over deficiencies of macOS.
You can't have an OS that you can tinker around with and an OS that is secure from cheaters, software pirates and malware at the same time. Android is the best example - either you run an OS that passes Play Integrity/SafetyNet and is blessed by Google and thus can use games, Netflix, banking or a whole lot of other apps that require non-rooted phones these days, but you lose e.g. the ability to do an actual full-device backup, or you run a phone that's rooted or runs a custom OS (say, aftermarket once the manufacturer ceases providing even security updates) but you lose out on about 2/3rds of apps because they just refuse to run.
But do these need to be the same OS? Or is it possible to have them be partitioned off from each other that way you can have a game run with full integrity and then also be able to have a customized experience for things which don't care about integrity.
That's part of the reason why Apple is so against not just jailbreaks for mobile devices but also any kind of non-Apple-sanctioned access to anything they deem safety critical.
That resolves the tinkering vs intrusive vendor issue. However it doesn't address the privacy, autonomy, or user freedom angles.
By autonomy I mean (for example) the inability to perform a proper backup on a "secure" android system. By privacy I refer to the fact that the vendor can see everything you do even in the VM. User freedom is only an issue when you can't boot an "insecure" OS on the platform, but if nothing will run when you do that the situation isn't much different. For example, technically I have the freedom to run DOS today but in reality I won't be getting much done if I do.
Addressing the privacy issue we've at least got confidential VMs now. However at that point we've just pushed all the issues down a level and the same drama plays out again with the hardware vendor.
No, a single GPU can support virtualization and be shared among multiple visitors.
>the inability to perform a proper backup on a "secure" android system.
This is by design as a "proper" backup violates Android's security model. Instead a backup system that respects Android's security model was built. Autonomy is given up but in exchange the high level functionality remains the same and there is better security.
>By privacy I refer to the fact that the vendor can see everything you do even in the VM.
What does this even mean? There is no fundamental reason for spyware to exist and even if there was that is independent to using virtualization.
>User freedom is only an issue when you can't boot an "insecure" OS on the platform
User freedom and security are orthogonal, but due to Turing completeness almost everything will support booting insecure operating systems.
>but if nothing will run when you do that the situation isn't much different.
If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.
Do you really think I'm unaware of that? Have you tried it lately? Most (nearly all) consumer level hardware doesn't support it and (I might be wrong about this next bit but IIRC) you won't get full performance because most solutions partition the hardware rather than multiplexing it.
> This is by design as a "proper" backup violates Android's security model.
I'm aware. That doesn't address the problem.
> the high level functionality remains the same
Absolutely false. Apple at least built a solution that appears to perform as advertised even if I vehemently disagree with the underlying security model and believe that it is actively making society worse off in the long run. Google has failed miserably at that (at least last I checked, which was a few years ago TBF).
> and there is better security.
By whose definition? The officially sanctioned security model does not provide anything of value to me (from a technical perspective) relative to having full control over my device.
> What does this even mean?
It means that if someone else has control over the software on my device then outside of a truly unusual end-to-end code auditing arrangement I can never be confident that I'm not being watched.
> There is no fundamental reason for spyware to exist
What sort of drugs are you on over there? Ad tech is a massive industry. There are all manner of motivations to hoover up user data from market research to selling it to authoritarian tendencies.
> User freedom and security are orthogonal
Notice the quotes. By "insecure" I mean not provided by BigTech and system state attested by a whitelisted HSM.
> due to Turing completeness almost everything will support booting insecure operating systems.
Have you tried customizing the OS on a vendor bootloader locked mobile device lately?
> If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.
Sophistry. It's user choice due to a combination of lack of awareness and understanding, a preference for convenience even when that's detrimental to society in the long term, and the resultant network effects.
Some cards are just limited by the firmware and have hardware support. Microsoft can work together with GPU vendors to get the ecosystem into a state where things will work.
>The officially sanctioned security model does not provide anything of value to me (from a technical perspective)
What about things like malware not being able to steal all of your accounts from your device?
>I can never be confident that I'm not being watched.
Most operating systems have implemented features to let you know when the camera is being used.
>Ad tech is a massive industry.
Adtech is not spy tech. And it doesn't work by seeing everything you do.
>Have you tried customizing the OS on a vendor bootloader locked mobile device lately?
If it's locked then you can't change the operating system that initially loads up, but you can still run a second operating system within the other.
>detrimental to society in the long term
I fail to sympathize when these "detriments" are antisocial things like being unable to cheat in games or being unable to pirate copyrighted works. We already experienced a reality where there was 0 security and it turned out that it was extremely abused inspiring the next generation of computing platforms that offered security and were able to partially mitigate antisocial behavior.
The android (or apple, or whatever) security model doesn't stop that. Malware will perpetually be one zero day away from having root.
It is true that those security models do a decent job of stopping users from shooting themselves in the foot, at least in certain ways. The way they go about it isn't of value to me though.
> > I can never be confident that I'm not being watched.
> Most operating systems have implemented features to let you know when the camera is being used.
Obviously I am referring either to the author of the OS or to the device vendor here (which one depends on the scenario being considered). In either case you can't rely on that party to voluntarily report their own wrongdoing. Hence my reference to a code auditing arrangement.
> > Ad tech is a massive industry.
> Adtech is not spy tech. And it doesn't work by seeing everything you do.
I don't know if you're delusional or interacting in bad faith but either way it doesn't seem we're going to get anywhere when you're saying things like this. It is plainly obvious that there are all sorts of motivations for spyware to exist.
A fairly simple proof is it currently exists, it was created, someone was motivated to do that.
> I fail to sympathize when these "detriments" are antisocial things like being unable to cheat in games or being unable to pirate copyrighted works.
The long term detriments are things like living in an authoritarian panopticon and needing permission from unelected corporate overlords to run any particular app, all on a device that (in the future) you absolutely depend on to perform even basic functions in society. Computer security and the BigTech anti-user security model are entirely different things that you are intentionally conflating here. Your world view resembles a cardboard cutout manufactured at a business strategy meeting.
... that many apps don't use and that's the point. Even today there are still games that don't even do cloud synchronization.
The problem is, as always, cheaters and microtransaction forgeries.
I wouldn't be surprised if Valve started making serious innards into improving Secure Boot support on Linux for the sake of Steam Deck compatibility. However, I'm not sure that would work with the lack of stable driver ABI on other platforms that aren't a known quantity.
> not good enough to meaningfully verify the integrity of your environment
That depends entirely on whose perspective you take. There are tools to do pretty much anything you can think of and you always have the freedom to extend them yourself. So for the end user it's significantly better at that task than proprietary competitors because the end user has full control over the process.
From the perspective of an entity like Riot it doesn't offer anything of value because (AFAIK) none of the distros choose to provide releases that verify the environment binaries match official releases built by the maintainers. I imagine the majority of maintainers would consider providing such a thing to be an anti-feature.
Valve could easily provide an attested system if they wanted to. I'm glad they choose not to (at least so far). If a studio is turning to kernel level anti-cheat they screwed something up to arrive there.
How do you prevent cheating in online multiplayer games without kernel-level anticheat?
The tl;dr is that you largely don't. It's a fools errand.
First you need to recognize the general behavioral pattern and motivations behind it. Once you do that you'll realize that the same people snooping on RAM right now are going to turn to ML botting if they can't do that. Those bots are usually already superhuman, are only going to get better, and the hardware to run them is quite cheap (a video camera and a fake keyboard and mouse).
It's the same problem online chess has. Snooping RAM doesn't help you in online chess but that doesn't mean there aren't cheaters.
Remember catbot? That certainly managed to ruin people's day.
A workable solution has to be end-to-end. Identification based on behavior, competent moderation to review those cases, a model that ensures the moderation efforts are sustainable in the long term, and some way to make sure that bans are sufficiently sticky so that there's actually a point to the whole thing.
Score based methods like Valve employs are a reasonable alternate approach. If cheaters all get thrown in the same pool then who cares if they cheat? Let them have their fun!
Community servers instead of centralized matchmaking are another option. Those once again group the cheaters together, shift moderation costs away from the publisher, and give you a stronger community.
As a player of some of their games - they not only don't care about their players, but have a deeply abusive relationship with us.
Quitting Riot games was one of the easiest things I've ever done, especially now that Deadlock lets you make lobbies.
An extremely profit driven company wouldn't allow that.
Perhaps you may benefit from reading this.
But basically, if the product is free, then you are the product.
It's invalid to say "a profit-driven company wouldn't do x" for almost any value of x.
It's also invalid to suggest that a company that doesn't require money isn't profit-driven. There are thousands of free-to-play games run by greedy companies that push monetization on users (even if they don't require it). There are tens of thousands of companies that use ads to monetize their games.
There's also ample evidence of Riot's greed over the past few years - $500 skins, progressive removal of more and more free cosmetics from the game despite record revenue, encouraging and enabling smurf accounts (which absolutely ruin the experience for other players) because they buy more skins, and many, many more instances.
https://www.resetera.com/threads/riot-games-sends-cringey-ed...
https://dotesports.com/league-of-legends/news/riot-games-and...
https://www.youtube.com/watch?v=H4YvcQOSiRM&list=PLzBq1zjrpq...
- penalizing a pro player for picking a particular champ and rune combo due to it being bugged (which is their fault) even though the player didn't abuse the bug
- the CEO of the company doxxing the developer of a competing game
- the insane AI-powered "zero tolerance chat filter" that regularly catches comments that, upon human review, are clearly inoffensive
- the "lane swap detection" anti-feature
- autofill
- client and server crashes being blamed on the players
...and many, many, many more examples.
Given how intrusive these anti-cheats are, identity verification and login would be less intrusive.
At least with verification, when you ban a cheater, they stay banned. At that point, you can put humans in the loop.
This isn’t about that at all. They want their cake and to eat it too.
By the way, kernel level anti heat has been around for a LONG time. Battle Eye was introduced with Battlefield Vietnam in 2004.
Why would you trust anyone to do that? It's malware style access. Client side anti-cheats that need kernel level access are unacceptable, that's why I'd never play any games with such garbage.
Instead of this, let these companies focus on server side anti-cheats that detect behaviors that can be defined as cheating. Shouldn't AI be good for these kind of tasks? But of course it's cheaper for them to slap malware on user computers and call it a day.
But riot continues to push this narrative that Vanguard works flawlessly. It doesn’t break computers. Nobody has issues. Cheaters are being prevented.
And yet - sometimes I can’t get into a game because it crashes. And then the client complains that vanguard is unhappy and I have to reboot and so I’m late to the game and my team starts way behind.
That bug hasn’t happened in a while at least- lately the blue screens occur before getting into a match. I guess I don’t get temp banned anymore but any blue screens are unacceptable.
The players do not seem to mind. At all. Basically a non-issue for 99%.
I'm not terribly surprised so many here find kernel anti-cheat "unacceptable" or "ridiculous" or whatever, but there's just no there there. Microsoft has kernel access: are they selling my stuff, too ? I don't pay for Firefox: are they auctioning off my passwords? I guess it's fun to speculate; I can make unfalsifiable claims all day
I'd never use a closed source password manager.
I don't use Microsoft for my OS, although it happens that I do generally trust them on account of their size and reputation. They have a very strong vested interest in not getting caught doing something like that.
Spying isn't the only concern. I don't generally want to grant anything unnecessary ring 0 because of the security implications. I certainly don't trust the security practices of most game studios to any great degree.
Back when anyone could run their own game server, logging was way more prevalent. Many games let you replay an entire match and it was comically trivial to playback and spot superhuman recoil control, aim snapping, wall hacks, etc etc etc. We had kickvote and Overwatch to farm this out to players in near-real time.
But instead of improving this (esp with "AI"), or just adding some financial loss to being banned, these free-to-play monsters need the lowest level system introspection. Seems a bit suss to me. "You can play my game for nothing but I need root?" No thank you.
Charge a one-off £5 for an account. 95% of your cheaters evaporate if they can't freely cycle accounts.
josephcsible•9mo ago
nekitamo•9mo ago
It's not nice, I don't like running a kernel mode anti-cheat any more than you do, but I can see why it's necessary for preserving the competitive integrity of free-to-play shooter games like Valorant.
imchillyb•9mo ago
Hikikomori•9mo ago
__alexs•9mo ago
doikor•9mo ago
Also the amount of people willing to buy another pc and DMA cards is way smaller making the chance of running into cheater in your match smaller.
az09mugen•9mo ago
__alexs•9mo ago
Computer vision based cheats are also rapidly on the rise. You don't get wall hacks but you do top 1% reaction times and perfect tracking.
fc417fc802•9mo ago
abigail95•9mo ago
doikor•9mo ago
Only thing I can think of is Microsoft locking down Windows so hard that nothing outside of code written (well signed) by Microsoft can run with kernel level privileges but I think that is an even worse option.
If you don't like it you can always just go and play any of the titles without kernel level anti-cheat and get a cheater in ~1/5th of your games (my experience in counter strike).
jjmarr•9mo ago
I'd rather just give Riot Games my driver's licence than full access to my computer. They already know my name and where I live from metadata.
There should be a KYC solution for gaming where a company like Epic, Riot, or Valve verifies your identity and developers can gate competitive video games behind that. If you cheat, you're out for 5-10 years (so dumb teenagers aren't locked out forever). The big issue imo isn't banning cheaters, it's preventing them from creating a new account and cheating again.
Such a system would be free money & low maintenance for whatever company develops it first.
doikor•9mo ago
Though they do also use it for stuff like under 16 year olds not being able to play online games between midnight and 6am.
edit: Some extra details about this from a few months ago https://x.com/deteccphilippe/status/1883945555102957617
> KR (Korea) requires national identity numbers for gaming, which opens up a convenient opportunity to ban cheaters at the “soul” level. It is remarkably effective at keeping them out of game for longer periods of time—cheaters have to buy whole new identities to keep playing, so the bans really stick.
jimmydorry•9mo ago
doikor•9mo ago
At the end of the day the goal isn't 0 cheaters but having few enough that the chance of your match being ruined by one is 1 or 2% instead of 10 or 20%
jjmarr•9mo ago
bob1029•9mo ago
Acquire my identity in the same way you would if I was seeking approval for a new checking account or loan. I'd be perfectly happy to see the bar raised a few inches off the ground. The current state of competitive video games is really bad.
fc417fc802•9mo ago
Maybe let people opt-in to photo ID verification if they want a one-time free account.
razemio•9mo ago
doikor•9mo ago
> “You have to humanize [the cheat] to a degree where the advantage is imperceptible from what a human can do,” said Koskinas. “And once you’re there, you’re not really cheating enough to make it worth it for most users.”
But if you read the article they do have some way to detect (some) DMA based hacks too where the actual cheat runs on a different computer and use DMA through a pci-express card to read/write directly into memory.
> “I think we detect the majority of it today, but it’s kind of iterative,” said Koskinas.
Though most cheaters "rage cheating" after losing really badly and using cheats to "get back" and those are much easier to detects. This kind of "download random cheat from the internet" at the best only get you banned and at worst your computer is super duper hacked (you are effectively manually downloading a virus and manually giving it admin/kernel level access)
> Thanks to all these techniques and strategies, most cheaters can now be roughly divided into two categories. The first, representing the majority of cheaters, is made up by those who are “rage cheating” by using cheap tools that are easy to detect. Riot employees sarcastically call these cheats “download-a-ban,” according to Koskinas.
At the end of the day all I know from my own experience is that the difference in the amount of cheaters I run into between Counter Strike and Valorant is massive and the main claimed difference being kernel level stuff in Valorants anti cheat (or Valve is just really really bad at making anti cheats)
frosting1337•9mo ago
razemio•9mo ago
Someone figured it out and used my account to cheat in counter strike. Valve banned the account one week (!!) later. Now the account can not be used to play their competitive games anymore. Needlessly to say it was a lifetime ban.
To this day I keep wondering how they can fk this up so bad. Why I am even allowed to play CS without 2fa enabled and without Email confirmation for the first login? They also failed to block the login from Thailand despite it's creation in Germany. This could have been so easily prevented.
Not sure if they fixed this yet. Otherwise you have your answer, why there so many more cheaters. It is not just the kernel extension. The most basics are not in place.
doikor•9mo ago
This is because any barrier to playing the game is also effectively a barrier for someone to buying their lootbox crap.
jimbob45•9mo ago
CS2 is entirely unplayable now due to hackers. I’m told Valorant isn’t much better. There’s probably just no solution unless you design your game to not benefit from hacking (e.g. Hearthstone, MTG)
doikor•9mo ago
Though as I understand the amount of cheaters in both games varies based on how high/low in the ranked rating you are.
pcwalton•9mo ago
jokoon•9mo ago
smallstepforman•9mo ago
mschuster91•9mo ago
Besides, sowing discontent is a tried and true propaganda strategy.
orbital-decay•9mo ago
mschuster91•9mo ago
The question is: who coughs up the money for developing these cheats? Some of these, particularly the PCIe hardware rootkits, take a lot of money, time and skilled people to develop - and it is not too far fetched to assume that a nation state has been of assistance here.
Others openly flout their allegiance to Russia like the MIG-Switch developers, a ton of "bulletproof hosters" use Russian ASNs and/or are based in Russia, malware automatically disables itself when it detects indications of being in Russia... I can explain the latter away as "don't shit where you eat", but the others? There's no way there aren't direct links between the Russian government and the criminal actors. At the very least there must be some sort of "tacit approval".
orbital-decay•9mo ago
mschuster91•9mo ago
bee_rider•9mo ago
Government officials and security researchers play videogames too, after all… sure, we’d hope they’d have good computer self defense. But it is a fishing expedition and all that.
kennyloginz•9mo ago
orbital-decay•9mo ago
johnnyanmac•9mo ago
Now is a kerbal level anti-cheat overkill? Hard to say from the outside but it does seem like installing a steel vault for your door. While the window is still right there as normal.
trinsic2•9mo ago
johnnyanmac•9mo ago
i was simply explaining that these studios don't need perfect security to accomplish their missions.
frosting1337•9mo ago
Cheaters currently use entirely second PCs, or other extremely complicated methods of cheating, and are still getting caught.
Security isn't "for nothing", you make it as expensive as possible for cheaters/adversaries to win, and then keep raising the bar, to make the majority of users safe and secure.
orbital-decay•9mo ago
What even makes you think it's a solvable problem? Even with a totally cryptographically controlled end-to-end hardware chain that treats the player like an adversary/inmate (like in the consoles, maybe even more strict) there's always a possibility of ML-based cheats with a low-latency camera. Barely anyone does that now because there are easier methods, but trust me, it will get used if required, just like DMA is used now. People already throw crazy money into cheating.
It's a race to the bottom where everybody eventually loses except the corporations. Players never get rid of the cheaters completely, unrelated people who don't play games get their hardware+software locked down because of a bunch of whiny gamers, and corpos obtain the ultimate vendor lock.
The optimal amount of bad behavior is not zero.
doikor•9mo ago
Making it hard enough is good enough. The difference in 1% of games having a cheater and 5 or 10% is massive in the player experience.
JadeNB•9mo ago
If the locks treated me, the legitimate owner, as a criminal and required the kind of low-level access that software that runs at the kernel level gets, and still didn't work, then maybe.
dingnuts•9mo ago
wiseowise•9mo ago
The solution is not to make the lock so hard that it inconveniences you, the user, it is to shoot intruder on sight (aka better moderation).
trinsic2•9mo ago
doikor•9mo ago
> The optimal amount of bad behavior is not zero.
Obviously the goal never has been to have 0 cheaters. Just from the detection side you need to delay the bans, let in some of the previously detected cheats again, etc to keep the cat and mouse game going on (make it harder to A/B test your cheats)
https://x.com/deteccphilippe/status/1883945555102957617
> Worse still, is that we actually have to let them back in. When we outright “block” a cheating method, we are technically providing the cheater an instantaneous surface to iterate against, allowing them to A/B test their cheats until they find something that is actually undetected at that layer.
> unrelated people who don't play games get their hardware+software locked down because of a bunch of whiny gamers
If you think it is an issue then don't play their game. Very few companies are willing to go through the effort as it is actually quite a lot of work just from the security vulnerability aspects alone (and you also have to effectively detect the cheats too)
orbital-decay•9mo ago
>If you think it is an issue then don't play their game.
This is a hypothetical example which would affect everyone regardless of playing any games. Not an existing thing, thankfully.
(although I wouldn't be surprised if the pressure will eventually be enough to make this happen. The fact that you can't fix a rotten culture with authoritarian measures without affecting everyone else never stopped anyone)
candiddevmike•9mo ago
squigz•9mo ago
doikor•9mo ago
Here is some graphs for Valorant https://x.com/deteccphilippe/status/1883945555102957617 basically reaching ~10% at its worst (when Riot devs are only xmas holidays) and around ~1% at its best (~now). And this is the number of caught cheaters so actual amount of cheaters is probably slightly higher.
Here is someone doing a "study" in counter strike https://old.reddit.com/r/GlobalOffensive/comments/1bnhikf/th...
> Out of 60 games, I had 28 games with spinbotters. 28 is an absolutely insane number. 17 games had the spinbotter on the enemy team, 11 games had the spinbotter on my team. Keep in mind though, some games had more than 1 spinbotter, bringing the total number to 36 spinners in 60 games.
(spinbot is a form of aimbot that is very obvious)
dfxm12•9mo ago
mvdtnz•9mo ago
johnnyanmac•9mo ago
Makes me glad I prefer mostly single player content and never tolerate this stuff on my PC. If I gotta be locked down I'll just pick up a console.
jokoon•9mo ago
I am not expert, but I think it's not necessarily the case?
Cheating is really a plague right now, and the only way to mitigate it is using kernel anti cheat.
ronsor•9mo ago
If your solution is bad, it doesn't deserve to work. Find something else.
doikor•9mo ago
> “You have to humanize [the cheat] to a degree where the advantage is imperceptible from what a human can do,” said Koskinas. “And once you’re there, you’re not really cheating enough to make it worth it for most users.”
But it is something they acknowledge will be an issue at some point in the future. Personally I think for now AI is way too slow as all the computation needs to happen in a few milliseconds to really be effective.
> Koskinas says he often worries about the use of AI for screen classification, to learn what human inputs look like, and how to reproduce them.
az09mugen•9mo ago
ronsor•9mo ago
mschuster91•9mo ago
doikor•9mo ago
https://x.com/deteccphilippe/status/1883945555102957617
> “Behavior” refers to an ML suspension (also called “server-sided” anti-cheat), often given to ragehackers.
But then you can just teach an AI to act like a human. Anti cheats in computer games is and always will be a cat and mouse game and AI/ML is just another tool in the bag of many tools (most bans seem to be fingerprinting based basically rebanning previous offenders who failed to get around the fingerprinting system)
int_19h•9mo ago