[Starz0r]

What an interesting day when you see a site you've worked on for the past 2 (3?) years get posted to HN! Except I tried submitting this site years ago when I had just finished it, but it did not seem like HN was that interested at the time, and I don't blame them. It was very niche and video game related, and the site also looked a lot worse. It's come a long way to the point where there where I collaborated with someone else to do a redesign, which I think has done great for the project at large.

I originally created the site as a way to track which games would be supported on Linux, since at the time the Steam Deck was releasing, and some games were turning to support it. And it has since blossomed into a larger project, which some other tools even pull from! I would have never even imagined that when I first started making this.

I do want to address something I see being talked about in the comments, which is the fact people say that anti-cheats are snake oil, or useless. This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing. But, just like DRM, it can be cracked, and that's why it's more of a constant arms race, rather than a one and done thing.

I'm writing out a longer post about this for the future, but just know that without anti-cheat clientside, it would be far too easy for an attacker to cheat in these games. We're still ways out from letting AI (see VACnet [1] and and Anybrain [2]) determine if someone is cheating server-side, so for now we have to rely on heavier client-side techniques and server-side decision making.

Also if anyone has questions about the site (or for me), I'll try to answer them here when I see them. If not, have a nice day!

[1] https://youtu.be/kTiP0zKF9bc

[2] https://www.anybrain.gg/

[lousken]

I disagree with the onclient kernel stuff. Just like with any website, any checking MUST be server side. Kernel stuff not only makes clients inherently less secure and stable, but also for cheat coders it's only a matter of finding vulnerable driver they can use to avoid being caught.

[soerxpso]

Empirically, it works. Look at Vanguard as an example. There's obviously a privacy tradeoff, but a lot of people would rather avoid cheaters than maintain tight control of their computers. It would be great if anticheat could all be serverside, but I'd love to hear a proposal for how to prevent aimhacking with serverside anticheat alone.

[kurikuri]

> There's obviously a privacy tradeoff, but a lot of people would rather avoid cheaters than maintain tight control of their computers.

I don’t agree. Instead, a lot of people allow the install because they have no say in the matter if they wish to continue playing the game. Even if it weren’t effective, I’m pretty sure most people would allow the installation of some form of not-yet-proven-to-be-dangerous malware if the alternative is cutting ties and accepting the sunk cost (be it in terms of in-game purchases, proprietary file format, etc).

[Cloudef]

Vanguard is good example of blocking even honest customers from playing. You basically need clean install of windows, clean drivers, no third party apps and modern hardware to even launch the game.

[Aerroon]

>This is a big misunderstanding, and I feel like those more technically inclined should understand that anti-cheat is a "defense-in-depth" type of approach. Where it is just one of many lines of defense. Some anti-cheats are pretty useless, and don't do much, but some actually do try and protect the game you're playing.

As a serious player of many multiplayer games I disagree. All it takes is one cheat to circumvent the protections and soon enough every cheater will use that circumvention.

Meanwhile, I, the legitimate player suffer from degraded performance, disconnections (looking at you Amazon Games - you've not been able to fix your (most likely) Easy Anticheat disconnection issue in 2 years!), or outright inability to play.

Perhaps the cheating situation would be worse without anticheats, but considering how rampant it seems to be in fast-paced or grindy games I play, I kind of doubt it.

[devwastaken]

Anti cheat is DRM. It's added specifically to make it so modifications are DRM circumvention and therefore copyright infringement. This isnt to protect the player, but forced by big suit investors to "protect their investment".

The best anti cheat is proper net code. Games rarely do this because it's expensive and difficult. Consumers will buy it anyways.

Anti cheat overtop is like calling an open window with a loud Weiner dog guarding it "defense in depth".

[Hikikomori]

What's this magic netcode that stops aimbotting?

[azthecx]

It does not, I assume the writer had some other game type in mind.

I presume it's also your point, netcode is irrelevant when the cheat is manipulating inputs.

[emptysongglass]

I don't think the point is to argue anti-cheat isn't effective, the point is to draw a line in the sand and say, this is where it stops.

Take the analogy of enabling better police work by granting unlimited access to our private communications. No one doubts it would be effective, but the cost and the threat is too much.

This is the line we draw in the sand: get out of the kernel, anti-cheat has no business being there. The cost and threat are too great.

This acceptance is the same situation that brought us the Crowdstrike incident. It's unacceptable.

We fail as an industry and as a society when we accept these compromises.

[nullc]

Putting a government monitored streaming video camera in every bedroom and bathroom in the country to detect sexual assault would also be "defense in depth". But it would be a terrible thing to do, both because it's easily evaded (do your rape someplace else) and because of the intrusion. Any kind of defense in depth argument has to consider how easily bypassed the defense is and the cost it comes at.

Believe it or not, most people don't play video games against strangers. Anti-cheat is not of any value to them. Even for people who do play video games against strangers even uncompromised anti-cheat doesn't stop many forms of cheating like macro-mouses. Especially now with all the success being shown at machine learning playing video games with nothing more than a video feed and the button inputs, the amount that anti-cheat can help is clearly quite bounded and getting worse over time.

And the cost? Anti-cheat comes at the cost of general purpose computing, at the cost of being able to control the computers with which you trust your most intimate secrets. It's a civil liberties nightmare, or at least a per-requisite technology for many such nightmares. Opposition to anti-cheat is opposition to RMS's Right to read dystopia (https://www.gnu.org/philosophy/right-to-read.en.html).

I don't think it's too far a leap that saying that anti-cheat or DRM technology that comes at the expense of the availability of general purpose computing is more of a problem for human rights than the farcical bedroom cameras I started with.

So when you advocate anti-cheating technology that locks users out of controlling their own computers, you're favoring an at-best incremental improvement which can still be evaded for a narrow application that most people don't care about... and this comes at the expense of imperiling the human rights of others.

Like with many things there is an asymmetry to the costs: Anti-cheat and DRM substantially fail if even a moderate amount of dedicated people still have a way to cheat. Yet the damage to people's freedom from the loss of general purpose computing is still substantial even when the lockdowns can be evaded.

If anti-cheat came at no meaningful cost the fact that it could be evaded wouldn't be a meaningful argument against it. But it's expensive to develop, intrusive, disruptive, and the more successful it is the more effective it'll be at being abused to deny people control of their computers in anti-social ways.

[Cortex5936]

To play the devil's advocate here, do you think enabling EC on Linux systems makes it easier for players to cheat ?

[Starz0r]

Yes.

But, in practice, it usually doesn't result in any new cheaters. There is a myriad of reasons for this, but I won't go over them here.

[asddubs]

Could I persuade you to reconsider going over them? I'm not expecting an essay or anything but it would be interesting.

One thing that comes to mind for me is that most cheaters probably don't code the cheats themselves but buy them off telegram channels or whatever (just a guess), and probably wouldn't want to install a whole operating system for them

[Starz0r]

This is indeed one of the reasons!

Cheating is a market, and most cheaters are not programmers themselves. But it goes deeper than that. Most players, and players who intend to cheat are already using Windows. Any portion of a game's player base that intends to cheat is usually small, any the portion of a game's player base that is also running Linux at the same time, is even smaller. So programming cheats for Linux (however easy it may be), is a nil-some game. Though I'm not going to claim it's never happen, there are cheats for CS2 on Linux for example, but this is an outlier and exception to the rule.

> Could I persuade you to reconsider going over them? I'm not expecting an essay or anything but it would be interesting.

Sorry, I didn't say that because I was trying to withhold this information, I just didn't want to spoil my future blog post. If you don't want to wait for the post and just want to hear it, I'm down to just giving a overview of the reasonings.

[Klaus23]

As Starz0r said, one of the main reasons is that the market is just very small. I think it was CSGO that had basically no protection on Linux for years, and the developers just ignored it because the small number of players didn't make much of an impact.