[matheusmoreira]

Yes. I don't see how that is relevant though.

It doesn't matter how bad the cheating gets. Sacrificing our computing freedom and privacy is simply not okay. These principles are far more important than having an online gaming experience that's free of cheaters. It is better to crack and remove the game's invasive modules than to let it run freely on our machines.

The truth is online multiplayer gaming is fundamentally broken. We're playing with strangers we don't know much less trust. We must play only with people we know personally and trust.

[stavrus]

You don't have to sacrifice your computing freedom and privacy. These anti-cheating modules tend to be explained to you upon game installation, so if you're not comfortable with what they do then just cancel the installation. You're not forced to play the game, but the modules are part of the game's rules and you have to adhere to them if you want to play it.

All the participants of a game agree to a common set of rules required to make the game fun, fair, and enjoyable. And this is true of any game, from online games such as LoL to offline games like poker and soccer. Unfortunately the prevalence of cheating has made the anti-cheating modules another bullet point on that set of rules for online games. There's still plenty of games out there that you can play with people you know personally and can trust, but I certainly cannot find and organize 59 other people to play Battle Royale shooters with me within minutes of wanting to play a match on my schedule, so I'm ok with the trade-offs involved in making that possible. Just please don't force your principled stance on others.

[soraminazuki]

Have you ever wondered why the user/kernel split in modern operating systems even exist in the first place? And no, it’s not to annoy the heck out of game developers. Kernel programming requires much more care and effort than userspace programming, and if you grant kernel access to any application that asks for it, you're bound to make the whole system unstable, insecure, and underperformant. Operating system developers spend a lot of time designing interfaces that are safe to use, and applications should strictly stick to those. Taking a “move fast and wreak havoc on the whole system” approach with your customer’s devices is not acceptable however justified you think you are.

This is all assuming that the developers of anti-cheating software have any sense of self-restraint and strictly limit themselves to anti-cheating, which is obviously not the case given their track record. The reality is much, much worse and no amount of legal gibberish they stick in front of their users before installation would make it any better.

[matheusmoreira]

> Just please don't force your principled stance on others.

I'm not forcing it on anyone. Users are free to install and use the invasive software if they don't care about the implications. They're also free to circumvent the software and play the game without it. It's an individual decision. People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

The point I'm making is game companies shouldn't be shipping invasive software at all regardless of what it's used for. They need to come up with better ways to detect cheaters. Methods that work on the server side. For example, traffic analysis can be used to detect bots:

https://www.iis.sinica.edu.tw/~swc/pub/bot_identification.ht...

[nkrisc]

> They're also free to circumvent the software and play the game without it.

They're free to do it, but then they should also fully expect to be kicked out of the game for doing so.

[stavrus]

> They're also free to circumvent the software and play the game without it [...] People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

Imagine we're playing soccer. We both know the rules. However I don't really like how those rules restrict me from using my hands when I'm not a goalie. You could say that I feel like the rules shouldn't have total access to dictate what I can and can't do with my body. But you want to play soccer and the rules that go with it. Who should abstain from playing the game?

For the sake of this example, please don't suggest saying that the rules should be changed by the players to accommodate both. This isn't a possibility in video games for the players. They can either choose to play with the existing ruleset or not play at all.

If your suggestion is to just avoid players that don't want follow the rules, with the game providing this as an in-game mechanism, please be aware this doesn't really work and is very ripe for abuse. There was a case early on in Overwatch where they had a top player complaining that they were no longer getting into games successfully. An investigation revealed that they were so good at the character they were playing -- a sniper -- that their opponents didn't want to play against him/her and thus used the in-game avoidance feature to do so. This had the net result of the match-making system not finding enough players for him/her to play against anymore.

> They need to come up with better ways to detect cheaters. Methods that work on the server side.

But they are coming up with better ways to detect cheaters, and it's through these kernel drivers. Ultimately, differentiating between a regular player and a cheater is a matter of how many signals you can analyze. The quality of the model you can build for identifying cheaters increases as you add more signals. And with a good enough model you can reach a certainly level that allows you to comfortably start issuing bans. You can see it with the link you provided, where the researchers found a way to add more signals to the model by analyzing the network traffic patterns.

Unfortunately, server-side detection can only get you so far. If a player turns on a wallhack, what signal can the server use to figure out what's going on? If my LoL champion has a defensive ability that I can use to dodge attacks, and my cheat program can detect incoming attacks that'll hurt me and activate it for me, with it programmed to have a minimum time to activation in order to pretend the reaction time is human, what can the server do to detect this?

Ultimately, to answer these questions you have to start asking the client to assist you by providing more signals, but when the client is under user-control it's trivial to lie to it. Hence the need to move some of the anti-cheat code to driver-space.

By the way, server-side detection doesn't really account for the reality of how cheaters actually cheat. Fancy detection methods like dynamic Bayesian networks for statistically analyzing shooting accuracy in FPS's sound great in theory, but aimbots don't really snap to player's heads anymore. Instead they guide the player's aim when toggled on and only do this gently, so that even human reviewers have a tough time seeing what's going on. The intent there is to increase the uncertainty level of the model declaring the player a cheater, as companies fear banning players accidentally and will only issue bans once they are positively sure the player is a cheater.

I'm sure Riot and many other game companies are using as many server-side detection methods as they can, so what exactly do you expect the game companies to do when they run out of available server-side detection methods and still have a cheater problem to deal with that affects their bottom line?

[matheusmoreira]

> You could say that I feel like the rules shouldn't have total access to dictate what I can and can't do with my body.

Depends on what they have total access to. There is no problem with having total access to the playing field and monitoring it. I would object if they came up with a brain implant that could figure out whether players were diving and made it mandatory for every player to wear it in order to play.

> For the sake of this example, please don't suggest saying that the rules should be changed by the players to accommodate both.

I'm not saying that. My problem is purely with the invasive detection software.

> please be aware this doesn't really work and is very ripe for abuse

> This had the net result of the match-making system not finding enough players for him/her to play against anymore.

This is a problem but it's a match making problem. People prefer to play with others of similar skill since being beaten over and over again is too frustrating. The better the player gets, the harder it is to find others of similar ability. I don't know the answer to this problem.

In this case people are still playing with strangers they don't know or trust, players who could be cheating. I think people should play with real life friends who they know and trust in real life. Much smaller groups that can police themselves. I've met competitive players who are part of local groups and who play only with each other so there are people doing this.

> Ultimately, to answer these questions you have to start asking the client to assist you by providing more signals, but when the client is under user-control it's trivial to lie to it. Hence the need to move some of the anti-cheat code to driver-space.

Kernel mode is still under the control of the user. Their detection software got way more invasive but it still can't make any guarantees.

They are trying to secure their game client against an adversary who has full physical and logical access to the entire system. Nothing they do can take control away from the user. They can only make it hard enough to prevent most people from trying.

> so what exactly do you expect the game companies to do when they run out of available server-side detection methods and still have a cheater problem to deal with that affects their bottom line?

I don't have an answer. I just hope they can come up with something that doesn't require me to place so much trust in them.

[AnIdiotOnTheNet]

> The better the player gets, the harder it is to find others of similar ability. I don't know the answer to this problem.

Make it fun to lose too.

In the before times, in the long long ago, there was a Half-Life mod called Natural Selection that I played entirely too much of. It was an asymmetrical FPS/RTS hybrid. In the earlier versions (pre 3.0, I think), Aliens were considered to have a slight advantage over Marines, however this was ok because losing as Marines was a lot more fun than losing as Aliens because they got to roleplay the Alamo by locking down their last base with ludicrous defensive measures and holding out against wave after wave of Alien attacks. This strategy would actually rarely result in a sudden turn around in the game as it was possible for a skilled Marine to escape through the Alien horde and find a quiet spot to begin construction of a stealth hail-marry base, or get in position to just barely kill a hive before they could be taken out. For mechanical reasons, this strategy was not possible on the Alien side and consequently losing as Aliens was an exercise in waiting to be curb stomped and no fun at all.

[ta999999171]

> If a player turns on a wallhack, what signal can the server use to figure out what's going on?

Don't take this the wrong way...but, is this serious?

[Fr0styMatt88]

I would go as far as arguing that if anti-cheat is so important to a game, they should figure out how to do it server-side. I think the trade-off they're trying to make us accept here is terrible. It's as disrespectful as Sony's rootkit from back in the day.

We don't expect to just be able to start a random game with untrusted strangers in real life and be assured they're not going to cheat.

Could you imagine if any time you wanted to play sports in real life you had to consent to wearing something that could read your mind so that it could determine you weren't cheating? That seems as ridiculous as the end-game of client-side cheat prevention.

I understand there are competitive settings where money is involved and that's where you need referrees. Otherwise, I think we've gone down this road where we take cheating far, far too seriously. I say this as someone that absolutely loves videogames, so I'm not meaning to disregard them.

Trusting strangers is ultimately a problem you'll never solve completely. I just don't think there's a technical solution to it.

Also, far out I hate some of the big companies in gaming. The attitude that Riot is displaying here just sucks.

[tinus_hn]

Consider real life athletics where you have to submit almost 24/7 ‘whereabouts’ and consent to unannounced blood and urine tests, or you’re banned.

[chopin]

This would end quickly if every honest athlete abstained (being part of the game). Or even a majority.

Professional sports is corrupted so far that the best move is not to play.

[tinus_hn]

You should be on the WAADA council. Stop doping by just not playing, except for the honest athletes. There, you fixed it.

[kick]

Sacrificing our computing freedom and privacy is simply not okay.

The anti-cheat kernel driver is already just going to be for Windows, so bringing this argument up probably holds less weight than you intended.

[matheusmoreira]

Yes, these drivers are likely to be Windows only. Linux users will probably be left unsupported. I've seen posts on reddit from players who say they have already been banned for tampering with the game. All they did was log into it from Linux without the third party anti-cheating software running.

Lack of Linux compatibility means people have to choose between playing the games they enjoy and running a free operating system. They will indirectly sacrifice their privacy and freedom in order to get access to the games.

There's also the fact that, just like the hardware manufacturers, the company will eventually stop supporting old version of its proprietary drivers. Eventually, they will no longer run even in newer versions of Windows. The games may be rendered unplayable due to lack of maintenance. Installing old versions of user space libraries like DirectX isn't going to help in this case.

[craftinator]

Yeah! We don't negotiate with terrorists! I want to install this game, except for the parts I don't like, even though they do what I want them to! It's wrong of them to include stuff I don't like in their thing I want to use!

Seriously man, it's a game. If you don't like their methods of anticheat implementation, feel free not to play! It's easy. You won't be missed by those millions of internet strangers. I like that Riot was so upfront about this. They did a great job of describing what they were doing, why they were doing it, how it was being done, and did it in a way that wasn't dry as a chalk ball in the Sahara... So don't "sacrifice your computer freedom". Freedom to choose what's running on your OS is the same freedom they have choosing to use kernel level anticheat. Your attack of that freedom is pretty distasteful.

[matheusmoreira]

> We don't negotiate with terrorists!

It's not like they're open to negotiation either. They only offer the game on their non-negotiable terms.

Fighting back without compromising is actually the only way to deal with these one-sided take-it-or-leave-it deals. It worked for obnoxious pop-up ads on the internet, it's likely to work for invasive ads and tracking and there's no reason to believe it wouldn't also work in this case.

> I want to install this game, except for the parts I don't like, even though they do what I want them to! It's wrong of them to include stuff I don't like in their thing I want to use!

Nothing wrong with any of this. If I don't like something, I should be able to get rid of it. It's software.

Anti-cheating software actually used to be optional. I used to have the option to host or search for servers with anti-cheating disabled. During installation, many games offered me the option to install the anti-cheating module. Battlefield 2 comes to mind.

Once installed and in use, it was still pretty invasive. However, it wasn't straight up forced on players like it is now.

> Freedom to choose what's running on your OS is the same freedom they have choosing to use kernel level anticheat.

People also have the freedom to get rid of the anti-cheating software and make it look like nothing's been tampered with. Banning someone who did this and proceeded to play without cheating would be a false positive. People are already getting banned for the crime of running an online game on Linux.

[claudiawerner]

>Anti-cheating software actually used to be optional. I used to have the option to host or search for servers with anti-cheating disabled. During installation, many games offered me the option to install the anti-cheating module. Battlefield 2 comes to mind.

It was the same with Enemy Territory, you could choose not to enable PunkBuster. It worked quite well, since when PunkBuster stopped providing anti-cheat servers for ET, server admins had to be more proactive with banning - and it worked (and works) pretty well. The issue with games like Overwatch is that you don't host your own server, and you therefore can't choose to ban a certain player if you know they're a cheater.

If Blizzard were to implement host-your-own-server, like older MP games, it would fundamentally change their game dynamic, which is balanced matchmaking with other people in the queue. I'm not a fan of the random matchmaking model (it has destroyed the local community spirit of MP servers), but it does solve some problems - I can now be confident that I'll only be playing with people ranked similarly to me, and it provides a region ranking system where you can gain a higher skill rating and play against more experienced people. In ET, you could join your favourite server and spend a long time getting rolled by a really good player, consistently, and your only recourse would be to abandon that server and find another one, and hope there's not a really good player there either. It's not fun to consistently play against people miles ahead of you.