[dmitrygr]

> This isn’t giving us any surveillance capability we didn’t already have. If we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network. The purpose of this upgrade is to monitor system state for integrity (so we can trust our data) and to make it harder for cheaters to tamper with our games (so you can’t blame aimbots for personal failure).

these guys are pretty cavalier about shoving themselves into the kernel...

[matheusmoreira]

Yes. It betrays a fundamental lack of respect for the user of the computer.

They don't think of themselves as guests who have the privilege of being installed on people's computers. They actually think they own our machines. In their opinion, the mere existence of cheats is an affront to their divine authority over our domains. To them, we are merely an adversary who must be attacked and defeated preemptively before we do something we aren't supposed to do. Our power, freedom and autonomy must be taken away for the sake of their security and the integrity of their video game.

This is unacceptable. Game companies don't get to decide what we can or can't do with our computers. Users are free and they own the machine. If they want to run client-side cheats, so be it. It's not like they're cracking and taking over the game company's servers. If they disrespect users by messing with their computers, they should not be surprised when users show them who's really in charge.

We have quality and trust issues with drivers written by hardware manufacturers and we're finally getting them to contribute free or open source versions. The situation is finally improving. Proprietary cheating prevention software is the last thing we need running in kernel mode right now.

Besides, the video games industry doesn't deserve our trust. For example, capcom.sys had privilege escalation as a feature:

https://twitter.com/TheWack0lian/status/779397840762245124/

https://www.theregister.co.uk/2016/09/23/capcom_street_fight...

The privacy policies and terms of service associated with existing cheating prevention software don't exactly inspire confidence either. They collect and transmit a lot of personal information and will even take screen shots. It's unwise to run this software in anything but a completely isolated environment, to say nothing of kernel mode. Unfortunately, the ability to run the game in a completely isolated and controlled environment is exactly what enables us to hack it and cheat. They're going to have to live with that.

[nitrogen]

Have you ever played a multiplayer game when someone else is cheating?

[matheusmoreira]

Yes. I don't see how that is relevant though.

It doesn't matter how bad the cheating gets. Sacrificing our computing freedom and privacy is simply not okay. These principles are far more important than having an online gaming experience that's free of cheaters. It is better to crack and remove the game's invasive modules than to let it run freely on our machines.

The truth is online multiplayer gaming is fundamentally broken. We're playing with strangers we don't know much less trust. We must play only with people we know personally and trust.

[stavrus]

You don't have to sacrifice your computing freedom and privacy. These anti-cheating modules tend to be explained to you upon game installation, so if you're not comfortable with what they do then just cancel the installation. You're not forced to play the game, but the modules are part of the game's rules and you have to adhere to them if you want to play it.

All the participants of a game agree to a common set of rules required to make the game fun, fair, and enjoyable. And this is true of any game, from online games such as LoL to offline games like poker and soccer. Unfortunately the prevalence of cheating has made the anti-cheating modules another bullet point on that set of rules for online games. There's still plenty of games out there that you can play with people you know personally and can trust, but I certainly cannot find and organize 59 other people to play Battle Royale shooters with me within minutes of wanting to play a match on my schedule, so I'm ok with the trade-offs involved in making that possible. Just please don't force your principled stance on others.

[soraminazuki]

Have you ever wondered why the user/kernel split in modern operating systems even exist in the first place? And no, it’s not to annoy the heck out of game developers. Kernel programming requires much more care and effort than userspace programming, and if you grant kernel access to any application that asks for it, you're bound to make the whole system unstable, insecure, and underperformant. Operating system developers spend a lot of time designing interfaces that are safe to use, and applications should strictly stick to those. Taking a “move fast and wreak havoc on the whole system” approach with your customer’s devices is not acceptable however justified you think you are.

This is all assuming that the developers of anti-cheating software have any sense of self-restraint and strictly limit themselves to anti-cheating, which is obviously not the case given their track record. The reality is much, much worse and no amount of legal gibberish they stick in front of their users before installation would make it any better.

[matheusmoreira]

> Just please don't force your principled stance on others.

I'm not forcing it on anyone. Users are free to install and use the invasive software if they don't care about the implications. They're also free to circumvent the software and play the game without it. It's an individual decision. People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

The point I'm making is game companies shouldn't be shipping invasive software at all regardless of what it's used for. They need to come up with better ways to detect cheaters. Methods that work on the server side. For example, traffic analysis can be used to detect bots:

https://www.iis.sinica.edu.tw/~swc/pub/bot_identification.ht...

[nkrisc]

> They're also free to circumvent the software and play the game without it.

They're free to do it, but then they should also fully expect to be kicked out of the game for doing so.

[stavrus]

> They're also free to circumvent the software and play the game without it [...] People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

Imagine we're playing soccer. We both know the rules. However I don't really like how those rules restrict me from using my hands when I'm not a goalie. You could say that I feel like the rules shouldn't have total access to dictate what I can and can't do with my body. But you want to play soccer and the rules that go with it. Who should abstain from playing the game?

For the sake of this example, please don't suggest saying that the rules should be changed by the players to accommodate both. This isn't a possibility in video games for the players. They can either choose to play with the existing ruleset or not play at all.

If your suggestion is to just avoid players that don't want follow the rules, with the game providing this as an in-game mechanism, please be aware this doesn't really work and is very ripe for abuse. There was a case early on in Overwatch where they had a top player complaining that they were no longer getting into games successfully. An investigation revealed that they were so good at the character they were playing -- a sniper -- that their opponents didn't want to play against him/her and thus used the in-game avoidance feature to do so. This had the net result of the match-making system not finding enough players for him/her to play against anymore.

> They need to come up with better ways to detect cheaters. Methods that work on the server side.

But they are coming up with better ways to detect cheaters, and it's through these kernel drivers. Ultimately, differentiating between a regular player and a cheater is a matter of how many signals you can analyze. The quality of the model you can build for identifying cheaters increases as you add more signals. And with a good enough model you can reach a certainly level that allows you to comfortably start issuing bans. You can see it with the link you provided, where the researchers found a way to add more signals to the model by analyzing the network traffic patterns.

Unfortunately, server-side detection can only get you so far. If a player turns on a wallhack, what signal can the server use to figure out what's going on? If my LoL champion has a defensive ability that I can use to dodge attacks, and my cheat program can detect incoming attacks that'll hurt me and activate it for me, with it programmed to have a minimum time to activation in order to pretend the reaction time is human, what can the server do to detect this?

Ultimately, to answer these questions you have to start asking the client to assist you by providing more signals, but when the client is under user-control it's trivial to lie to it. Hence the need to move some of the anti-cheat code to driver-space.

By the way, server-side detection doesn't really account for the reality of how cheaters actually cheat. Fancy detection methods like dynamic Bayesian networks for statistically analyzing shooting accuracy in FPS's sound great in theory, but aimbots don't really snap to player's heads anymore. Instead they guide the player's aim when toggled on and only do this gently, so that even human reviewers have a tough time seeing what's going on. The intent there is to increase the uncertainty level of the model declaring the player a cheater, as companies fear banning players accidentally and will only issue bans once they are positively sure the player is a cheater.

I'm sure Riot and many other game companies are using as many server-side detection methods as they can, so what exactly do you expect the game companies to do when they run out of available server-side detection methods and still have a cheater problem to deal with that affects their bottom line?

[Fr0styMatt88]

I would go as far as arguing that if anti-cheat is so important to a game, they should figure out how to do it server-side. I think the trade-off they're trying to make us accept here is terrible. It's as disrespectful as Sony's rootkit from back in the day.

We don't expect to just be able to start a random game with untrusted strangers in real life and be assured they're not going to cheat.

Could you imagine if any time you wanted to play sports in real life you had to consent to wearing something that could read your mind so that it could determine you weren't cheating? That seems as ridiculous as the end-game of client-side cheat prevention.

I understand there are competitive settings where money is involved and that's where you need referrees. Otherwise, I think we've gone down this road where we take cheating far, far too seriously. I say this as someone that absolutely loves videogames, so I'm not meaning to disregard them.

Trusting strangers is ultimately a problem you'll never solve completely. I just don't think there's a technical solution to it.

Also, far out I hate some of the big companies in gaming. The attitude that Riot is displaying here just sucks.

[tinus_hn]

Consider real life athletics where you have to submit almost 24/7 ‘whereabouts’ and consent to unannounced blood and urine tests, or you’re banned.

[chopin]

This would end quickly if every honest athlete abstained (being part of the game). Or even a majority.

Professional sports is corrupted so far that the best move is not to play.

[tinus_hn]

You should be on the WAADA council. Stop doping by just not playing, except for the honest athletes. There, you fixed it.

[kick]

Sacrificing our computing freedom and privacy is simply not okay.

The anti-cheat kernel driver is already just going to be for Windows, so bringing this argument up probably holds less weight than you intended.

[matheusmoreira]

Yes, these drivers are likely to be Windows only. Linux users will probably be left unsupported. I've seen posts on reddit from players who say they have already been banned for tampering with the game. All they did was log into it from Linux without the third party anti-cheating software running.

Lack of Linux compatibility means people have to choose between playing the games they enjoy and running a free operating system. They will indirectly sacrifice their privacy and freedom in order to get access to the games.

There's also the fact that, just like the hardware manufacturers, the company will eventually stop supporting old version of its proprietary drivers. Eventually, they will no longer run even in newer versions of Windows. The games may be rendered unplayable due to lack of maintenance. Installing old versions of user space libraries like DirectX isn't going to help in this case.

[craftinator]

Yeah! We don't negotiate with terrorists! I want to install this game, except for the parts I don't like, even though they do what I want them to! It's wrong of them to include stuff I don't like in their thing I want to use!

Seriously man, it's a game. If you don't like their methods of anticheat implementation, feel free not to play! It's easy. You won't be missed by those millions of internet strangers. I like that Riot was so upfront about this. They did a great job of describing what they were doing, why they were doing it, how it was being done, and did it in a way that wasn't dry as a chalk ball in the Sahara... So don't "sacrifice your computer freedom". Freedom to choose what's running on your OS is the same freedom they have choosing to use kernel level anticheat. Your attack of that freedom is pretty distasteful.

[matheusmoreira]

> We don't negotiate with terrorists!

It's not like they're open to negotiation either. They only offer the game on their non-negotiable terms.

Fighting back without compromising is actually the only way to deal with these one-sided take-it-or-leave-it deals. It worked for obnoxious pop-up ads on the internet, it's likely to work for invasive ads and tracking and there's no reason to believe it wouldn't also work in this case.

> I want to install this game, except for the parts I don't like, even though they do what I want them to! It's wrong of them to include stuff I don't like in their thing I want to use!

Nothing wrong with any of this. If I don't like something, I should be able to get rid of it. It's software.

Anti-cheating software actually used to be optional. I used to have the option to host or search for servers with anti-cheating disabled. During installation, many games offered me the option to install the anti-cheating module. Battlefield 2 comes to mind.

Once installed and in use, it was still pretty invasive. However, it wasn't straight up forced on players like it is now.

> Freedom to choose what's running on your OS is the same freedom they have choosing to use kernel level anticheat.

People also have the freedom to get rid of the anti-cheating software and make it look like nothing's been tampered with. Banning someone who did this and proceeded to play without cheating would be a false positive. People are already getting banned for the crime of running an online game on Linux.

[claudiawerner]

>Anti-cheating software actually used to be optional. I used to have the option to host or search for servers with anti-cheating disabled. During installation, many games offered me the option to install the anti-cheating module. Battlefield 2 comes to mind.

It was the same with Enemy Territory, you could choose not to enable PunkBuster. It worked quite well, since when PunkBuster stopped providing anti-cheat servers for ET, server admins had to be more proactive with banning - and it worked (and works) pretty well. The issue with games like Overwatch is that you don't host your own server, and you therefore can't choose to ban a certain player if you know they're a cheater.

If Blizzard were to implement host-your-own-server, like older MP games, it would fundamentally change their game dynamic, which is balanced matchmaking with other people in the queue. I'm not a fan of the random matchmaking model (it has destroyed the local community spirit of MP servers), but it does solve some problems - I can now be confident that I'll only be playing with people ranked similarly to me, and it provides a region ranking system where you can gain a higher skill rating and play against more experienced people. In ET, you could join your favourite server and spend a long time getting rolled by a really good player, consistently, and your only recourse would be to abandon that server and find another one, and hope there's not a really good player there either. It's not fun to consistently play against people miles ahead of you.

[rcxdude]

Yes. I've found that games with lots of 'anti-cheat' technology suffer from them much worse (because for a start, they don't normally ban immediately because that makes it easier to 'evade' them, so usually they get bored and leave before any ban occurs). Best anti-cheat is a moderator with enough tools to investigate and who can just kick them as soon as a problem starts (as a bonus you can also deal with a bunch of other bad behaviour, like throwing or abusive chat), but of course games companies don't want to pay for this or to empower users to run their own servers for this.

[jsjohnst]

Say you’re at a board game night and the other party decides to openly cheat, do you pull out a gun and shoot them, or maybe instead simply play the game with different people next time?

[knolax]

Yes, it's pretty amusing when it happens.

[vb6sp6]

They went the snarky route instead of the professional one. It may be the correct choice considering their core demographic

[Andhurati]

I don't think any of the management of that company respects its fans.