[stavrus]

You don't have to sacrifice your computing freedom and privacy. These anti-cheating modules tend to be explained to you upon game installation, so if you're not comfortable with what they do then just cancel the installation. You're not forced to play the game, but the modules are part of the game's rules and you have to adhere to them if you want to play it.

All the participants of a game agree to a common set of rules required to make the game fun, fair, and enjoyable. And this is true of any game, from online games such as LoL to offline games like poker and soccer. Unfortunately the prevalence of cheating has made the anti-cheating modules another bullet point on that set of rules for online games. There's still plenty of games out there that you can play with people you know personally and can trust, but I certainly cannot find and organize 59 other people to play Battle Royale shooters with me within minutes of wanting to play a match on my schedule, so I'm ok with the trade-offs involved in making that possible. Just please don't force your principled stance on others.

[soraminazuki]

Have you ever wondered why the user/kernel split in modern operating systems even exist in the first place? And no, it’s not to annoy the heck out of game developers. Kernel programming requires much more care and effort than userspace programming, and if you grant kernel access to any application that asks for it, you're bound to make the whole system unstable, insecure, and underperformant. Operating system developers spend a lot of time designing interfaces that are safe to use, and applications should strictly stick to those. Taking a “move fast and wreak havoc on the whole system” approach with your customer’s devices is not acceptable however justified you think you are.

This is all assuming that the developers of anti-cheating software have any sense of self-restraint and strictly limit themselves to anti-cheating, which is obviously not the case given their track record. The reality is much, much worse and no amount of legal gibberish they stick in front of their users before installation would make it any better.

[matheusmoreira]

> Just please don't force your principled stance on others.

I'm not forcing it on anyone. Users are free to install and use the invasive software if they don't care about the implications. They're also free to circumvent the software and play the game without it. It's an individual decision. People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

The point I'm making is game companies shouldn't be shipping invasive software at all regardless of what it's used for. They need to come up with better ways to detect cheaters. Methods that work on the server side. For example, traffic analysis can be used to detect bots:

https://www.iis.sinica.edu.tw/~swc/pub/bot_identification.ht...

[nkrisc]

> They're also free to circumvent the software and play the game without it.

They're free to do it, but then they should also fully expect to be kicked out of the game for doing so.

[stavrus]

> They're also free to circumvent the software and play the game without it [...] People shouldn't have to abstain from playing a game they bought because the game company doesn't have total access to their machine.

Imagine we're playing soccer. We both know the rules. However I don't really like how those rules restrict me from using my hands when I'm not a goalie. You could say that I feel like the rules shouldn't have total access to dictate what I can and can't do with my body. But you want to play soccer and the rules that go with it. Who should abstain from playing the game?

For the sake of this example, please don't suggest saying that the rules should be changed by the players to accommodate both. This isn't a possibility in video games for the players. They can either choose to play with the existing ruleset or not play at all.

If your suggestion is to just avoid players that don't want follow the rules, with the game providing this as an in-game mechanism, please be aware this doesn't really work and is very ripe for abuse. There was a case early on in Overwatch where they had a top player complaining that they were no longer getting into games successfully. An investigation revealed that they were so good at the character they were playing -- a sniper -- that their opponents didn't want to play against him/her and thus used the in-game avoidance feature to do so. This had the net result of the match-making system not finding enough players for him/her to play against anymore.

> They need to come up with better ways to detect cheaters. Methods that work on the server side.

But they are coming up with better ways to detect cheaters, and it's through these kernel drivers. Ultimately, differentiating between a regular player and a cheater is a matter of how many signals you can analyze. The quality of the model you can build for identifying cheaters increases as you add more signals. And with a good enough model you can reach a certainly level that allows you to comfortably start issuing bans. You can see it with the link you provided, where the researchers found a way to add more signals to the model by analyzing the network traffic patterns.

Unfortunately, server-side detection can only get you so far. If a player turns on a wallhack, what signal can the server use to figure out what's going on? If my LoL champion has a defensive ability that I can use to dodge attacks, and my cheat program can detect incoming attacks that'll hurt me and activate it for me, with it programmed to have a minimum time to activation in order to pretend the reaction time is human, what can the server do to detect this?

Ultimately, to answer these questions you have to start asking the client to assist you by providing more signals, but when the client is under user-control it's trivial to lie to it. Hence the need to move some of the anti-cheat code to driver-space.

By the way, server-side detection doesn't really account for the reality of how cheaters actually cheat. Fancy detection methods like dynamic Bayesian networks for statistically analyzing shooting accuracy in FPS's sound great in theory, but aimbots don't really snap to player's heads anymore. Instead they guide the player's aim when toggled on and only do this gently, so that even human reviewers have a tough time seeing what's going on. The intent there is to increase the uncertainty level of the model declaring the player a cheater, as companies fear banning players accidentally and will only issue bans once they are positively sure the player is a cheater.

I'm sure Riot and many other game companies are using as many server-side detection methods as they can, so what exactly do you expect the game companies to do when they run out of available server-side detection methods and still have a cheater problem to deal with that affects their bottom line?

[matheusmoreira]

> You could say that I feel like the rules shouldn't have total access to dictate what I can and can't do with my body.

Depends on what they have total access to. There is no problem with having total access to the playing field and monitoring it. I would object if they came up with a brain implant that could figure out whether players were diving and made it mandatory for every player to wear it in order to play.

> For the sake of this example, please don't suggest saying that the rules should be changed by the players to accommodate both.

I'm not saying that. My problem is purely with the invasive detection software.

> please be aware this doesn't really work and is very ripe for abuse

> This had the net result of the match-making system not finding enough players for him/her to play against anymore.

This is a problem but it's a match making problem. People prefer to play with others of similar skill since being beaten over and over again is too frustrating. The better the player gets, the harder it is to find others of similar ability. I don't know the answer to this problem.

In this case people are still playing with strangers they don't know or trust, players who could be cheating. I think people should play with real life friends who they know and trust in real life. Much smaller groups that can police themselves. I've met competitive players who are part of local groups and who play only with each other so there are people doing this.

> Ultimately, to answer these questions you have to start asking the client to assist you by providing more signals, but when the client is under user-control it's trivial to lie to it. Hence the need to move some of the anti-cheat code to driver-space.

Kernel mode is still under the control of the user. Their detection software got way more invasive but it still can't make any guarantees.

They are trying to secure their game client against an adversary who has full physical and logical access to the entire system. Nothing they do can take control away from the user. They can only make it hard enough to prevent most people from trying.

> so what exactly do you expect the game companies to do when they run out of available server-side detection methods and still have a cheater problem to deal with that affects their bottom line?

I don't have an answer. I just hope they can come up with something that doesn't require me to place so much trust in them.

[AnIdiotOnTheNet]

> The better the player gets, the harder it is to find others of similar ability. I don't know the answer to this problem.

Make it fun to lose too.

In the before times, in the long long ago, there was a Half-Life mod called Natural Selection that I played entirely too much of. It was an asymmetrical FPS/RTS hybrid. In the earlier versions (pre 3.0, I think), Aliens were considered to have a slight advantage over Marines, however this was ok because losing as Marines was a lot more fun than losing as Aliens because they got to roleplay the Alamo by locking down their last base with ludicrous defensive measures and holding out against wave after wave of Alien attacks. This strategy would actually rarely result in a sudden turn around in the game as it was possible for a skilled Marine to escape through the Alien horde and find a quiet spot to begin construction of a stealth hail-marry base, or get in position to just barely kill a hive before they could be taken out. For mechanical reasons, this strategy was not possible on the Alien side and consequently losing as Aliens was an exercise in waiting to be curb stomped and no fun at all.

[ta999999171]

> If a player turns on a wallhack, what signal can the server use to figure out what's going on?

Don't take this the wrong way...but, is this serious?

[Fr0styMatt88]

I would go as far as arguing that if anti-cheat is so important to a game, they should figure out how to do it server-side. I think the trade-off they're trying to make us accept here is terrible. It's as disrespectful as Sony's rootkit from back in the day.

We don't expect to just be able to start a random game with untrusted strangers in real life and be assured they're not going to cheat.

Could you imagine if any time you wanted to play sports in real life you had to consent to wearing something that could read your mind so that it could determine you weren't cheating? That seems as ridiculous as the end-game of client-side cheat prevention.

I understand there are competitive settings where money is involved and that's where you need referrees. Otherwise, I think we've gone down this road where we take cheating far, far too seriously. I say this as someone that absolutely loves videogames, so I'm not meaning to disregard them.

Trusting strangers is ultimately a problem you'll never solve completely. I just don't think there's a technical solution to it.

Also, far out I hate some of the big companies in gaming. The attitude that Riot is displaying here just sucks.