[Animats]

> Why can't the servers distrust the clients? What should a 'client side anti cheat' actually prevent?

There are two issues. One is the user seeing things that the server is hiding, such as enemies hidden behind obstacles, by going into "wireframe mode". The other is superhuman performance via computer assistance, or "aimbot hacks".

The first is a performance issue. The server can do some occlusion culling to avoid telling the client about invisible enemies, but that adds to the server workload. The second is becoming impossible to fix, since at this point you can have a program looking at the actual video output and helping to aim. (You can now get that in real-world guns.[1]) Attempts to crack down on people whose aim is "too good" result in loud screams from players whose aim really is that good.

[1] https://talonprecisionoptics.com/technology/how-it-works/

[sadeshmukh]

The only feasible solution is to have high-level players compete in physical tournaments or at verified centers, where the authenticity of the player is replaced with some authority. At a high enough level, there is no way to distinguish a really good player from a cheater.

[Xeamek]

Disagree.

But it's not really feasible to argue since you need to be on such high level in the first place to honestly engage in 'is this player chesting' conversation. And it's on case-by-case basis

[Draiken]

Can you expand on the disagree?

I've watched professional games in SC, CS and DOTA for decades and I definitely agree that pros are indistinguishable from a good cheater (not a rage hacker).

One of the issues around this is cheating within pros too. People that are actually good at the game, but use cheats to get even further ahead. These players are already statistical anomalies and even from an experienced player's perspective, you can't tell if they have an amazing game sense (many really do) or he's wall hacking, as an example.

[cdogl]

Competitive games are unlikely to reach the market share necessary for a competitive gaming tournament if their casual scene is inundated with cheaters. Only a tiny handful of games even have a viable competitive scene.

[BlueTemplar]

But are cheaters even an issue in unpopular games that don't give out real money for tournaments ?

I have never seen cheaters being an issue (even the few times people set up tournaments with prizes), which makes me think that this might be limited to very few games (in very specific genres) ?

[forrestthewoods]

> But are cheaters even an issue in unpopular games

Yes. Every game has cheats. The cheat packages are pretty easy to adapt to new games and people pay money for them.

Why do people cheat? Because it’s fun! If you’ve never cheated it’s honestly worth trying. It’s hilarious. It also utterly ruins the game for everyone else in the lobby.

If games had reliable anti-cheat you’d be shocked at the percentage of lobbies that have a cheater. It’s wildly rampant.

[BlueTemplar]

I'm not talking about developer tools - cheats that come with the game, available in single player (and multiplayer if the host allows it).

But a lot of games do also have accessible to everyone replays that show every order given by every player, so catching a cheater that acted on information not available to them (because for instance they had buddies in other team(s)) isn't particularly hard, especially in tournaments with a lot of eyeballs on those replays.

[forrestthewoods]

> isn't particularly hard

At scale it’s incredibly hard. Impossibly hard even. So hard no one has successfully solved it! Ever!

But what you’re describing is Valve’s Overwatch system for Counter-Strike. It’s a key component of the anti-cheat ecosystem. But cheating is still rampant in CS and one of the biggest complaints.

[rpgwaiter]

I’m big into competitive Call of Duty. On that game (and any other shooter that uses a controller), the biggest undetectable cheat is auto recoil adjust. People call it a “chronus” for the same reason people call it Kleenex. You download profiles for the gun you're using and it basically does the recoil pattern in reverse, turning every gun into a laser beam. It’s undetectable because it modifies inputs from a legit controller while appearing completely normal to the console/PC. No computer vision needed, and it’s destroying the integrity of the game.

In the future I kind of hope the handshake from controller<->console becomes a lot more robust, maybe working in a similar way to HDCP.

[perillamint]

I don't think it will work. Nothing can prohibit users from desolder the stick and putting a microprocessor with DAC in place of them.

Actually, those kinds of mod is frequently performed by gamers, because lots of people wants to replace analogue potentiometer with hall-effect sensor with microprocessor, which provides much more durability compared to the Alps potentiometer stick. (and no one likes to play with a drifting Dualsense or Joy-Con)

[Xeamek]

At the end of the day, as long as there is player input, cheaters always can simulate it/enchance it.

But the deeper your anticheat detection, the higher friction there is for cheater.

Having to get extra hardware/modify existing one is a huge leap in friction, and probably filters out an overwhelming majority of wannabe cheaters

[msnkarthik]

your point about "chronus" or auto recoil adjust cheats is a perfect example of how cheats evolve to bypass detection. By modifying controller inputs at the hardware level, it’s nearly impossible for traditional anti-cheat software to identify such exploits. It shows that as long as there is an incentive, people will find creative ways to gain an advantage, often blurring the line between legitimate skill and unfair advantage. I think moving forward, a hybrid approach is essential—one that leverages both server-side logic to prevent information leaks and robust client-side monitoring that can detect anomalous behavior patterns. Perhaps more sophisticated machine learning models that analyze player behavior in real-time could help in distinguishing between legitimate skill and enhanced performance due to cheats. It's a constantly evolving battle, and staying one step ahead is always going to be a challenge.

Would love to hear more thoughts on how to effectively balance these aspects without compromising the player experience!

[maccard]

Cheating isn’t a binary thing , it’s a spectrum. The number of people who are willing to install a random script that they drop into a folder that lets them win every Br game is vastly higher than the number who will install a kernel level driver, which is more than will _pay for_ and keep updated with a kernel level driver. Currently, “expensive dedicated hardware that replaces the gaming mouse that I like using” is significantly less of a problem than “install rootkit”

[maccard]

The performance issue you talk about has a little more to it too. If the server is 30ms away from you and the other player, and the server runs at 30Hz there’s 90ms between the enemy pressing a key and you seeing it. That’s before you add real world networking conditions into the mix and have to start adding client side prediction in which adds a few more MS to boot, or errors. But in order to do this prediction the client needs a little more state than is visible on screen - players that are around corners that are about to appear, that sort of stuff. So the client needs that information in order to actually function meaning it’s hard/impossible to tell the difference between good game sense (I know the reload time of this gun is X and that peeking lasts Y frames and they will appear here) and cheating (we’re 2 frames away from showing the player on screen but he’s going to be right here so shoot here)

[perillamint]

I think someday, almost all aimbots will be undetectable by anti-cheat systems.

Thanks to the neural network, we have made enormous progress in the computer vision domain. As a byproduct, it invalidates the method we use to separate machines from humans (the image-based CAPTCHAs).

I guess aimbots will switch to CV-based systems to detect enemies rather than dumping game memory to find the enemy's position. This change will force anti-cheat systems to perform an automated Turing test, which is hard. (Telling the bot and human apart only by watching the replay is much more challenging compared to the above CAPTCHA problem. And we are currently losing at the CAPTCHA frontline, too.)

[msnkarthik]

@Animats, you’re spot on about the two main issues—visibility hacks and aimbots. The concept of hiding enemy positions server-side through occlusion culling does present a performance challenge, but it’s essential to balance between ensuring fair play and maintaining server efficiency. And you're right; the rise of external programs that can interpret video output makes preventing aimbots significantly harder.