[caminante]

Regarding Counterstrike (game) example, there were already a lot of cheaters and a cheater ecosystem that still exists to this day. I suspect Valve could address it if it wanted to, but the gameplay/development cost trade-offs aren't enough.

Valve pivoted to server-side anti-cheat and toleration because someone probably did the math on max(profit) with lootboxes.

[mobeigi]

Valve's VACnet solution is definitely interesting. It uses AI, deep learning and is server side. It's hard to tell how effective that has been for them compared to traditional client side detection systems; I don't imagine they'll share any results.

The fact that it's completely hidden from cheat developers gives them a huge advantage though. In the past, any client side algorithm or detection method could be reversed engineered by cheat developers and patched before lunch time. Now they're working against Valve completely in the dark.

[pona-a]

Which is a the power of not relying on obscurity. The server not sending you its complete source code is not any more obscure than a secret key.

Security through obscurity is about obfuscating easy-to-recover trivia thinking it buys you any margin, like the client-side anti-cheat handing attackers everything they need to defeat it while trying to then obfuscate that code.