[Rohansi]

> You must combine client-side with server-side AC either way.

I should have clarified - this is exactly what I meant. Client-side anti-cheat cannot be replaced by server-side anti-cheat. You need both.

I work on an FPS game that is heavily targeted by cheaters (Rust). We do both but we are probably limited with what we can do server-sided because it's a PvP sandbox game. There is no matchmaking and no defined winner or loser to simplify ranking players against each other. It's also high stakes because a cheater can ruin a legit player's hours of preparation in moments. Drawing a line in the data to detect cheaters will catch outliers but there's a world of "legit cheaters" out there who use cheats but limit it to not stand out and avoid being banned.

[rollcat]

Oh that's interesting! I've never played Rust (or any PvP shooter outside of Quake 3...), so forgive me my ignorance. Questions, out of curiosity:

- Why no matchmaking, why no win/loss condition? What's the incentive structure / stakes for the participants? Is that a differentiator in the genre?

- Other than raw mechanics (aiming), what other kinds of skillsets affect gameplay / success?

- What are you allowed to share about the mitigations?

I don't wanna try any further backseating, just curious.

[Rohansi]

It's a sandbox game. You play on the same server over the course of a wipe (up to one month long) and then the server's map is cleared/changed. Hundreds of players gather resources, build bases, craft weapons, etc. to fight each other and defend themselves from others. Players often team up but you never know who you can really trust unless you're actually friends with them.

Other than aiming there's just game and map awareness, including understanding the current meta. Base design is a whole other area relevant to defending against raiding while you aren't online or away from your base.

We use EAC but also have our own layers of protection. We do some of our own anti-tampering in the client, a player reporting system with staff to investigate, server-side antihack to guard against all kinds of weird state modified clients send, and a lot of data collection+analysis. If you look up Rust or any other popular FPS game up you'll see it's still not enough.

The most effective anticheat tool really is game design. Games can be designed to limit or even eliminate the worst of cheating... but only by significantly changing the games. It'd be simple if everything was like the Civilization games because they're turn based and have well-defined actions. All input can be 100% verified without the need for tolerances and hidden state (fog of war) can be networked only when necessary.

[rollcat]

OK so it's like Minecraft, but with a lot more combat. I can see the appeal.

> The most effective anticheat tool really is game design.

Yep, that's always been my idea, and why I brought up Elo.

IMO second most effective is to play with people you already trust. Or like on many public Factorio servers: strangers get limited permissions until proven trustworthy. But none of this works in a game with just a couple hundred players.

Thanks for sharing.