[kaetemi]

Or they could just not trust the clients, instead of throwing the problem over the wall. A lot of these games with fancy anti cheat protection the cheat tools basically just tell the server "spawn me a vehicle right here" and the server just does it. Garbage.

[yatac42]

> A lot of these games with fancy anti cheat protection the cheat tools basically just tell the server "spawn me a vehicle right here" and the server just does it.

Citation needed. I'd be quite surprised if it were common for servers of professional games to trust the client in that sense (i.e. allowing it to decide game logic like what gets spawned where).

As far as I'm aware the most common types of multiplayer cheats are

* wall hacks, which you could probably prevent by not sending the client any information about objects that the player can't see, but that would require the server to calculate the line of sight for every player/object, * and aim bots, which I don't think you could prevent at all on the server side since they don't rely on the bot having access to any information that the player isn't supposed to have. They just rely on the bot being better at aiming. I suppose if you did all rendering server side and only sent the rendered graphics to the client (i.e. streaming), that would make it harder for the bot because it'd now have to do image recognition to find the target, but that just makes it harder, not impossible. Plus, game streaming wasn't well received for a reason and anyway, I don't think that's what you had in mind when you talked about "not trusting the client".

[kaetemi]

Look up BF2. Cheat tools would just disable limits locally on ammo requests, vehicle requests, artillery strikes, and so on. Server didn't check anything. It had fancy anti-cheat tech. Which was bypassed by just writing and restoring executable memory changes faster than the anti cheat detected.

Things are certainly not always as professional as they appear to be.

Visibility test is definitely feasible against wallhacks, it's not that expensive.

Aimbot is an assist cheat, which technically does not violate the physical rules of the game, so you are right that it's more difficult to detect. One solution to detect this class of cheating is to record the player's movement, and rely on a combination of outlier scores and outlier movement behavior to detect abuse. It's not watertight, but neither are any of these client side anti-cheat detection schemes.

[doublepg23]

Wow, it’s awesome you’ve solved the entirety of multiplayer gaming. Here I was thinking anti-cheating measures was a complex topic but it’s great you’ve elucidated me.

[kaetemi]

Well, it's definitely not solved by throwing the problem over the wall and praying that anti-cheat tools aren't broken as easily as your game.

[thaumasiotes]

> Here I was thinking anti-cheating measures was a complex topic

It isn't. If you play with people you don't know, some of them will cheat. If you don't want that, stop playing with strangers.

[j1elo]

"just" is (tongue in cheek) a forbidden word in HN. Next thing you might find yourself claiming is that Dropbox is a worthless idea because it's "just" FTP.

Btw tell me exactly how an aimbot that takes the visuals from the player's screen and tilts the player's cursor so (or not so) slightly towards identified moving targets, are to be avoided from the server. Modern cheating is already a hard-ass problem to solve, much more so if no client-level monitoring is desired.

[kuschku]

> Btw tell me exactly how an aimbot that takes the visuals from the player's screen and tilts the player's cursor so (or not so) slightly towards identified moving targets, are to be avoided from the server. Modern cheating is already a hard-ass problem to solve, much more so if no client-level monitoring is desired.

The very same way that you'd do it on the client. If I run an aimbot on an nvidia jetson devkit, using HDMI in to get the screen image and USB emulation to send inputs, your anticheat has to do the same work regardless if it's on the client or the server.

[j1elo]

I think that makes sense; but doing it on the client means that your computer has to do the work for you, thus distributing the load among all clients. Doing it on the server would mean that their machine has to do the work for all players.

If we complain about companies being too quick closing up their servers when games are not as successful as they hoped... imagine if those servers were x10 or more expensive, due to that kind of analysis for all players. Companies would be much quicker to pull the plug, I guess.

[kaetemi]

Dropbox is a worthless idea (long term) because it's not running on my own server. :')

And exactly. You cannot detect that with client-side anti-cheat nonsense either. Record on the HDMI and output a fake USB mouse, why not? Botting doesn't break the physical rules of the game, so you're right that it's hard to detect. One "solution" is to record player movement on the server and detect outliers in behavior and scores. Not perfect (and also very difficult), but just as unreliable as client-side anti cheat nonsense.

[dijit]

Realistically some trust has to be in the client, otherwise your game will feel horribly sluggish and the corrections will drive you crazy.

I can make a game with full server trust to show you if you like.

[charcircuit]

That is the way things are going with cloud gaming.

[MrNeon]

If my cheat puts my crosshair on the opponent's head automatically what about that information is untrustworthy that would make you throw it out?

[kaetemi]

It's the same problem as detecting AI generated content from human made.

Automation and assist botting differs from outright cheating in that it still obeys the actual rules of the game.