[raizer88]

Unless they are cooperative games giving copies of the server data model to the client inevitably leads to wild cheating. I give you the example of Escape for tarkov, where not only the data model is shared, but the client is authoritative over the server. A beautiful game ruined by the incompetence of the network-side development team.

[Hikikomori]

Tarkov like most games uses client side prediction with some server side checks on actions, it can be hard to see the difference between a predicted action and client authority, they've been slowly increasing checks over the years as cheat developers finds new things to exploit. Since checks can be costly for performance you don't want to check things you don't have to, so doing it incrementally as you need is ok, for a game that is in a heavy development stage.

Unfortunately they are not doing lazy loading of loose loot and containers (including player/scav), so ESP is extra powerful in this game. But since Tarkov has complex maps there's little point in trying to hide players that are not visible, CSGO and Valorant are the only FPS games that does this but they also have simple and small maps with fewer players. So player-ESP and aimbot will most likely always be possible as long as you can bypass Battleye, so instead of cheaters rushing for loot they can see you might just go and kill you.

[raizer88]

I agree on most of it. I think the way to do server side check is not in real time during the game, but after the game session ended. You should unload every gamestate on a secondary server that process everything and rate what could be manipulated with a degree of confidence. After this rating drop a lot on a player it should trigger a manual/automatic ban.

[loup-vaillant]

> After this rating drop a lot on a player it should trigger a manual/automatic ban

I once heard of a game that instead of banning cheaters, isolated them together in a separate bucket. Cheaters could still play… amongst themselves.

[DizzyDoo]

This went pretty terribly for Fall Guys[0] because the moment a false positive slips through, and then that player posts their clip of a game with close to 100% cheaters on Twitter or Reddit, it exacerbates their image of a game with a serious cheating problem. Everyone saw a game taking place jam packed with cheaters and it became a PR problem they had to overcome.

[0] - https://www.pcgamer.com/fall-guys-once-had-a-secret-cheater-...

[whizzter]

Giving state isn't the problem, the client being authoritive is the problem.

What I'm describing is so-called rollback based netcode, the server should always keep an canonical state and deviating from it is at a clients peril.

[raizer88]

Giving full state is still a big problem. Aimbot, ESP, wall hacking are possibile only due to giving full state to the client. Most competitive games avoid this as much as possibile, eg. Dota2, Valorant, etc.

[whizzter]

Right, I agree there but from a development perspective it's a problem that can/should be tackled later if you know you have a hit, and the Ambient design should have no issue in fixing it later.

- Aimbots is a problem regardless of state it, as long as you can see/shoot at it then aimbots can exist, stopping that is a separate issue.

- On ESP/Wall hacking you're right, it can be an issue

  - Full snapshot/heap shipping as emulators and Kettlewells WASM sample is hard to patch here.

  - an DoD ECS grounded design like Ambient could selectively withhold entities (ie out of sight), however I think for starting development it shouldn't be an initial worry as long as you don't design yourself into a corner in such a way that it's impossible to implement later.

[raizer88]

At the theoretical level I agree with you about creating an MVP first and then solve these kinds of problems the moment you hit the jackpot at the ROI level. The problem is that in 20 years I have never seen a single game do that. Because revisiting the whole network/data stack in a game that has come of age is a nightmare and the PM probably doesn't see value in it. By now you are a hit. The problem is that instead of milking the cow for 10 years because you have a cheat proof product, you make money for 3-4 and then you close. (possibily damaging your brand as a cheater infested game)

[whizzter]

Right, and that's why I like this approach (that I'm doing and it seems the Ambient lib is built for from the examples I looked at) because there is an actual architecture that is designed for networking from day one and visiting netcode isn't as bad an issue because it's mostly just regular game-code as long as the core principles are followed.

We've had generations of games that was built as webs-of-objects (and popular engines that still default to it), and yes, adding and maintaining netcode with that is like pulling tooth because you need to manually keep track of so much.

This puts netcode mostly as an automatable task with clear default rules, stuff like hiding players/entities out of sight becomes filters (in the same way as not updating far-away stuff).

[dgb23]

Only a couple of years ago I played an incredibly fun game with an open multiplayer aspect to it. You didn’t really know who was friend or foe. Alliances and rivalries formed ad-hoc and betrayal was always around tge corner.

It was very well made but had a couple of power balance issues, which is it bo expected.

The problem was that it didn’t get its network code right from the very start. After a fun honeymoon period that was way too short, we would see cheaters all over the place. Not even “just” wallhacking but also teleporting around and dramatically increasing gun RPM.

This sucked out the whole fun in just a few days. My friends and I never played again even though they might have fixed it down the line.