- cross-posted to:
- pcgaming@lemmy.ca
- gaming@beehaw.org
- privacy@programming.dev
- cross-posted to:
- pcgaming@lemmy.ca
- gaming@beehaw.org
- privacy@programming.dev
Thank you for the list of games to avoid.
Related: https://areweanticheatyet.com/
Anti-cheat should be server side. Cheats are done on external hardware now as kernel AC chased them into the undetectable zone, well played.
No game is worth sacrificing your entire PC to play.
There’s so many cheats that are only possible because the game’s net code is just weirdly implemented.
Like wall hacks, why can I see this other player on the other side of the map, why you sending me their position.
it’s for speed. if I tell you they’re out of sight now, but will be visible in 50ms, it’ll be faster than waiting 50ms to recv their new position that’s visible and waiting on network latency which could be another 50ms in addition
I’ve been working on a PvP game for the last few months.
Visibility checks aren’t needed in all cases. Most RTS/2D/2.5D games don’t have this problem, or it is minimal.
For games that do need them, they tend to be AAA FPS, which have the budget to make simple changes like lag compensation.
Right but we’re talking about 100s of ms of human reaction time (faster reaction time is around 200ms for ultra pros). Wall hacks where you only get 100ms of warning aren’t much good. So they absolutely could do something with it.
Server side anticheat can’t detect lot of client side anticheat. Ideally you want to have both, if you want to catch most cheaters. One is not a full replacement for the other method. Local anticheat has the advantage of being much cheaper for the developer / publisher.
Depending on the implementation, client side anticheat isn’t needed at all. Take the game Speedrunners for example. There is zero need for the server to do anything other than accept player inputs, process them, and return them to the clients.
So if coded correctly, where the server trusts nothing and does the math itself, it is impossible to cheat while having zero anticheat on the client.
It’s more costly to the developer when I dont buy their kernel AC game.
Unfortunately we are in the minority. Most people don’t know the difference or even care. So like with physical media, they only care about the majority.
Kernel anticheat is a virus. There are zero reasons a video fame should have full access of your system.
There are zero reasons
There is a reason. The idea is that a cheat probably have higher rights than the regular user and therefore would be undetectable by an anticheat system with regular rights. Doing it in Kernel mode means it has the highest power to detect even admin level cheats. That is the reason. Many anticheat systems are completely useless without Kernel mode, at least according to the devs (I don’t have numbers to compare them with or without Kernel mode, nobody has probably). So they don’t even bother if they cannot access the Kernel.
Now I agree with you a videogame shouldn’t have this much power over my system. And it doesn’t even catch them all. But stating it has no reason whatsoever is wrong. I do not want shady companies like Riot to do whatever they want on my system.
Edit: typo corrected, nothing to see here
Privileges and rights an application has has little to nothing to do with whether said application will be able to hide from an anti-cheat software or fool it or whatever. It’s more about being able to access different secure parts of the system, like memory, which is where everything lives basically, including game data that the cheats are supposed to manipulate in some advantageous way.
This is what leads many to plea for server-side anti-cheat that doesn’t invade the privacy of the end user (the client).
The games that use kernel anti-cheat are still largely infested with cheaters of many sorts. At this point, defending such deep access sounds like letting some security people live with you, totally at your expense, all the time, even in the bathroom and watching you sleep and masturbate and everything, in the name of safety, because they’ll supposedly be there when some criminal comes to do some crimes, only for them to turn the blind eye when that criminal comes with proper disguise and a gun.
There are zero reasons
To stop cheaters is the reason lol
Except it doesn’t work you knob
A video game is not a test you take in an exam room with a proctor monitoring you.
If these developers want to make billions and billions of dollars on slop micro transactions and loot boxes, they can figure out how to detect these things and run more of their infrastructure server side.
That’s not a justified reason. To each their own, but no game is worth compromising my entire system.
I don’t know why you get down voted. It is not zero reason, there are reasons why Kernel anticheat is implemented. Yes, its incredible dangerous and invasive for the local player. Yes it does not catch all of them. But there is a reason why its being done.
Nuance? In my discourse?
Does it tho?
We’re really going to kill this planet running algorithms against algorithms and it’s the stupidest way to go.
To understand why the requirements keep escalating, follow the arms race. Cheats started in user space, so anti-cheat moved into the kernel to see them. Cheats followed into the kernel, and then below it into hypervisors - so anti-cheat added hypervisor detection and began demanding a verified boot chain. Every time the cheat drops a layer deeper, the anti-cheat has to demand more privilege and more hardware trust to keep watching. That is what TPM 2.0, Secure Boot, remote attestation, IOMMU enforcement, and now forced firmware updates actually are: anti-cheat chasing cheats further down the stack.
-–
Wonderful day!
I’ve been into the subject a few times already, and just in case, if interested, in short, the TPM is a specific module with its own API in modern motherboards that has inside a key pair known as Endorsement Key (EK) which is a permanent unique identifier burned into the hardware. It’s used to create signed EK certificates.
To clarify, similar to the asynchronous cryptographic we may see in the general TLS certificates in HTTP traffic ( “green” lock), the TPM , as mentioned, has API to create public keys from its private key inside.
The private key is burned-in by the manufacturer inside the module, which is also normally protected from physical damage to be self-destruct, by its standard requirements.
Systems like Denuvo may create and encrypt their own data using the public key, and send it to the TPM to decrypt, verify, and therefore identify the hardware on their servers as an identity.
The Endorsement Key (EK) is an asymmetric key pair consisting of a public and private key stored in a Shielded Location on the TPM.
The public part of the EK can be read from the TPM while the private part MUST never be exposed.
The public key of the EK is included in the EK certificate…
However, the EK provided by the manufacturer MUST be defined as a non-duplicable key.Though, I believe, the TPM specifications were actually designed by Trusted Computing Group with privacy in mind to prevent the EK from being used as a “global tracking ID”, some vendors or organizations may use it for undefined reason, and hence please do consider the opportunities your operating system and motherboard provide.
Also, if interested in experimenting, and haven’t yet, in Linux, TPM is accessed via character devices (created by the Kernel module), and normally support different operations to read/write to, and located at
/dev/tpm*, though these devices’ permissions are set torootonly in all the Kernels I’ve seen yet. There are CLI software packages as tpm2-tools for the protocol.So I actually disabled TPM the other week because as it turns out it was preventing my pc from entering sleep a significant portion of the time, I think the GPU wasn’t being allowed to save the framebuffer anywhere because the drivers weren’t proprietary Nvidia ones.
More enshittification, pvp gaming is going in a direction I won’t go. Maybe if I had a dedicated computer for it, but there are no games that are worth it to me right now.
Absolutely! It‘s completely insane already but apparently you can still get around it sometimes by starting the game offline, then going online once you‘re inside and play online matches like normal without anti-cheat. Like, all these risks they burden their customers with just to be sloppy with the execution and rendering it useless. That‘s not malpractice anymore that‘s malicious.








