Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is a great link. Perhaps even more interesting is this: Valve is working with anti-cheat vendors for Linux (Proton) support. So one of the biggest remaining obstacles to Linux gaming may soon be addressed as a side effect of this.


I hope they put some effort into anticheat on Linux for their own games. Team Fortress 2 has been barely playable for the past year because of cheaters running bots using widely available software which Valve seemingly can’t detect on Linux.


With YOLOv4-based aimbots on the rise, it's really a losing battle even for the most anticheat infused games.


I had never considered an ML-based aimbot until now. That's both amusing and infuriating.


Not sure what the connection is between YOLOv4 and difficulty of detection? Isn't YOLOv4 about object detection? No matter how good your object detection is, you need to read the game and influence the input which is the part an anticheat is trying to detect, no?


There is no way to defeat an aimbot that just reads the screen, detects enemies, and moves a mouse.


There are probably plenty of ways to tell "fake controller input from a bot" from "actual human controller input" today.

Sounds like a scary arms-race, though. At some point the bots will probably be very hard to distinguish from "skilled human."

It will be sad if online play becomes only enjoyable with people you already know. I'm surprised how gleeful some people seem to be about this sort of "soon cheating will be undectable!" tech advancement.

Or you just go all-in on the surveillance path and there are models that look at your performance in the game over time, your performance in other games over time, etc. Mediocre player suddenly amazing? Probably a cheater! etc... Not great sounding privacy-wise, but Steam probably has access to the data to do this.


There's a form of cheating I've heard about a while back called softaim. Basically the cheating software doesn't aim for you, but it can tell if you're aiming at the person and pull the trigger for you.

The YOLO stuff combined with softaim is going to be pretty hard to detect. The game can't tell if your video is going into the cheating device. Even if it can tell if there's a secondary input coming in for the trigger... people could just mod their mouse to take external input for the button. Someone pathetic enough to cheat absolutely would do this.

I honestly don't know how multiplayer will even work in a year's time or maybe even less!


> I honestly don't know how multiplayer will even work in a year's time or maybe even less!

It's easy, IMO: remove the incentives for cheating. If this is the only way forward, I might be more likely to actually participate in the industry, because it'll put the focus back on intrinsically-fun games, instead of treating games as merely a vehicle for chasing status/rankings/items/etc.


Multiplayer FPS (PvP) games are my favorite - could you explain how they can remove the incentives therein? Almost the entire incentive behind PvP games is beating the other person in any given battle/arena/skirmish. Even if ranks/bonuses/items were detached from "skill", most of the incentive still remains for PvP. Having encountered a number of cheaters over the years, I know they still get joy out of winning the objective of the game with no obvious side benefit.


I used to love playing multiplayer FPS games, without worrying about collecting rare items or my global ranking, because they were fun (e.g. Quake 3). Yeah there's still a "local" ranking (within a game), but the incentive to cheat is a lot lower since it's so localized. Yes people will still cheat, but some of these insane cheating methods won't be worth the effort.

I stopped playing most modern games because they stopped being intrinsically fun. I'd like to enjoy them again.


Often they get enjoyment from ruining other people’s fun, too.


It's easy, just destroy the entire esports industry?


It's an easy concept. A lot of people might not like it. But I would like it.


Just play the games you like then and stop commenting how other types of games that you don't even play need to change


Some people will cheat in any multiplayer game, even when there are no persistent "rewards" for winning. They are just maladjusted losers who get off on being the center of attention at everybody else's expense.


Competitiveness is never going away its as human as breathing.

The way to defeat cheating is giving users exaustive options to watch and monitor other players and report them effectively. Half the damn games dont even have this sorted out.

You have a report system that weights users honesty based on usefulness of previous reports - so people.who just report good players get downweighted and their reports count for less, then its just a statistics exercise. Combine this with easily identifiable data for things like headshot % to help highlight players for closer review.


I don't have insider info and it's been a long time since I've played, so I apologize if my info is wrong, but my understanding is Riot Games tried to do this with League of Legends and ended up implementing a kernel mode anti-cheat system instead. Presumably, the reporting system either wasn't very effective or it was too expensive to run.


I would hate playing a game like this.


Millions do play games like this. But if you don't want to, then just... Don't


Is that really a way forward for the people who play games most affected by cheating? I can’t imagine CS:GO players flocking to Animal Crossing just because there aren’t aimbots in that game.


I get there are a lot of people who care about that, and that "remove the incentives" might be unpalatable for them. But it's definitely desirable for me, because I don't enjoy chasing social statuses in a gaming universe.


bring back lans

You know, the Steam Deck might be good for that.


I bet at some point in the next 20 years we will be going back to game rooms, so you go to a place where you pay to sit in a fixed PC with no available USB ports or any way to use cheats, including cameras to catch anyone whose hands movements don't match his digital input, and there you play against other people in the same network/brand of game rooms (not necessarily the same physical location).


» "I bet at some point in the next 20 years we will be going back to game rooms" …

I bet at some point in the next 20 years we will all have much more important concerns than anything related to gaming.


Just some of us, meanwhile the wealthy ones will live in semi-closed environments free of most damage made by climate change and other environmental issues.


> There are probably plenty of ways to tell "fake controller input from a bot" from "actual human controller input" today.

Only in the "do these movement patterns appear human-like or not" sense. These aim bots can use assistive devices to input mouse movements and there's no way to tell whether or not there's a human hand moving the mouse.


There might be for now. You just have to train a second model that actually moves the cursor towards the target on normal player behaviour, eventually it becomes essentially perfect, and what then?

As far as performance improvements, oh it's going to make the cheat programmers even more money as they implement a skill ramp up period and get to charge more.

The only way in which I'm "gleeful" is that it might finally put an end to the spyware when we realize that controlling someone else's computer is a losing proposition. Otherwise yeah it does suck.


> "It will be sad if online play becomes only enjoyable with people you already know."

Already long since passed that point for me quite a couple few years back.

Thankfully, it's not that hard to build up a little circle of gamer friends who are fun to play with these days. The messaging options alone currently available are many and featureful, making it dead easy to gather a little group and keep in contact with them to organize a game session any ol' time.


> It will be sad if online play becomes only enjoyable with people you already know.

For me this has always been the case. I've felt the same since the days of Kali. There's enough jagoffs running around in games to spoil playing with the normal people. To the jagoffs, they're playing the metagame of cheats/trolling and the game itself is incidental.


> Sounds like a scary arms-race

Or a GAN


Also, there is enough variance amongst human that eventually the generator network can actually slip under the noise floor and become 100% undetectable.


https://www.youtube.com/watch?v=ObhK8lUfIlc

They are using deep learning to detect hackers, since 2018


And it's not working too well.


Yep. At least for simracing, it is only enjoyable with the same people race after race.

Random drivers are just too stupid/reckless.


How about: every time you snipe someone from an implausible distance, you have to identify some crosswalks and traffic lights before the score is counted.


Don't forget to monetize that CAPTCHA with an ad banner and a popover streaming video ad for a different game you can "[Install Now!]"


Yeah, didn't think that'd be a popular idea. LOL


That's kind of beside the point. Classic aimbots work by reading the game's memory, which means that you can aim at things that are on the other side of walls, or behind you, or obscured by smoke or darkness, or so far away that they don't even render. "Only" being able to aim at things that are actually visible is a significant step down from what we have today, which is the tradeoff for being almost impossible to detect.


Actually, no, that's incorrect.

You're thinking of wallhacks or wallhacks+aimbot

Aimbots only aim at things you can see, it's one of their main features. That way you won't snap into someone's head through a wall which would make everyone know you're hacking and get you banned.


I'm no expert here but surely aimhacking originally implied wallhacking? The alternative requires doing actual image analysis in realtime, which AFAIK has only become feasible in the last decade and is way more processor-intensive than just reading coordinates in memory and doing some trig to adjust your aim height. Maybe this is selection bias talking, but I see plenty of videos of cheaters who are obviously just snapping to heads through walls.


You don't actually need image analysis. There are tricks you can use to decide if an enemy is visible or not without it - obviously the game itself does it already to decide if it should draw the enemies to begin with :)

Also yes these were invented a long time ago because people got caught snapping through the wall when CS servers started recording demos.


Since you can check in memory where the enemies head is, you can obviously also check if theres a wall inbetween. Cheats for video games have had humanizing/cloaking forever.


Modern FPSes like CS:GO don't even send you data your client can't see/hear, so wall hacks are effectively near-impossible.


That's not true. They don't send data in _regions_ your client can't see/hear, but if an enemy is for example close to a corner or on the other side of a door, you can have a wallhack see that as the client is still receiving it.

Thanks to latency & the realities of the internet, the server has to bias towards sending data the client can't strictly see/hear at that exact moment, but potentially _could_ see if they move. Which is enough to give a wallhacker a meaningful advantage still.

But what you can't do anymore is see where all the enemies are going at the start of the round and run to the weaker part of the map or whatever. So reduced effectiveness, but still a thing.


While that's true, being able to see any enemy that you could theoretically hear at all is huge.


Only if it’s running on a separate computer and you’re passing your own mouse movements through that computer. I think it’s still typical for the ML aimbots to run on the same computer?


There was a recent demo of one that didn't. With modern hardware you can run Yolo on an RPi 4 with an 8$ capture card and a Teensy as USB HID for like 50$, you could definitely charge 200$ for it as a cheating appliance.

BRB I'm gonna ask for VC funding (just joking)


> "BRB I'm gonna ask for VC funding (just joking)"

I dunno … Mebbe you should run do that right now, before someone else does … Get that price down by around half and most every gamer everywhere can afford your shiny new "modern game genie"; Once everyone can cheat, the original cheaters have nowhere left to hide. They're on even footing with everyone else.

Cheater problem solved! ;)


Captcha in games, oh no :O


Non-gamer here: what’s the point of these bots? Is there money as stake? Or just a leader chart? But if you get your bot to #1, but you’re not able to do anything with it and it’s a bot, what’s the incentive?


Depends a lot on the game. If there is nothing to be 'earned' by being competitively better then it is nothing more than street cred. Think simple games or older games. CS 1.6 before rewards, knifes, and skins. A small few players might make some comp scene to get to some incentive but most are ultimately found out.

The bigger issue, and I believe the primary reason for the rise in popularity of these bots, is when your performance does 'earn' you something. As the OP was speaking of TF2, this comes in the form of hats and custom weapons. Today's counterstrike game has weapon skins and knifes that go for pretty extreme real world dollars.

Almost every modern shooter has some sort of rank up system tied to rewards. Some of the worst examples would be PUBG's real world money trading of loot box items or Diablo 3's real world money auction house.

In my mind, these kind of systems turn video games meant for enjoyment into some weird NFT mining system where normal players are manually mining them with pen and paper while the bots have built ASIC devices.

In cases where the items themselves cannot be sold, you have people selling the whole accounts. There are entire middlemen businesses set up around this stuff. It's crazy but there is your primary driver for incentive.


> Today's counterstrike game has weapon skins and knifes that go for pretty extreme real world dollars.

I don't know about TF2, but for CSGO weapon skins & knives (and all drops) never come from gameplay wins. So there's no motivation at all to cheat for any monetary-related reason. Botting was a thing to farm for drops, but those literally just joined a server and spun in place to avoid being AFK kicked - that's it.

So CSGO cheating is purely about the human interaction components (eg, feeling good about winning, taking pleasure in making people angry, the thrill of getting away with it, etc...)


Gotcha. Haven't played CS since source so I wasn't sure. Are aimbots a common thing there nowadays? I don't remember seeing them much back in the day. Sure some of that is due to selection bias from good private owned servers. I would suspect that they exist but are not common.

On the other hand, PUBG does have Battle Point rewards linked to performance. And there it is very common. Almost guaranteed to see a cheater every 10 matches or so. And there was an easy means to sell those rewards. Contrast that against Sea of Thieves. A game specifically about PvP and stealing loot from other players. I don't know that I have ever encountered a cheater there. But there is very little incentive to do so. There just isn't many vectors to turn virtual work into real world profit.

Seems to me that the lower the barrier of entry together with the higher the real world value of the rewards\drops gives you a clear scale of the cheat potential\incentive\effort. I think there will always be a small percentage of those doing it for the LULZ. You can combat that by raising the barrier to entry. F2P games seem to have a higher rate of these types.

When the reward system cultivates an environment ripe for abuse, it moves from occasionally annoying to game killing epidemic.


China and it's 50k USD cap per capita restriction (probably lower and harder still now) practically become in infinite demand side pressure for these too.

They can buy players /cheat to farm, then sell the virtual goods over to those with USD; with healthy discount as profit for the other end. Thereby transfering their asset out of China.


For some people, causing frustration and annoyance in others is all the incentive they need. But in this case also, possibly hats.


Most of the TF2 bots seem to be about trolling. They just kill players, spam chat and voice, and some have racist names (because Valve don’t check for Unicode characters in player names)


Look at this 5 years old video that explains the economy of game cheating. https://www.youtube.com/watch?v=hI7V60r7Jco


Same reasons you'll see some kids (and some grown-ups) cheat at Monopoly or any other game.


Some men just want to watch the world burn


I expect the anti-cheats to require an unmodified SteamOS.

Though the FAQ says the following, so it might not be quite as bad as I feared:

> We recommend using user-space anti-cheat components for best results, as they can typically run in the Wine environment and provide the same level of functionality. Kernel-space solutions are not currently supported and are not recommended.


It's just a pc, you can install any OS you want on it, if anti cheat already works on that OS then it will also work on the Steam Deck.


I'm totally out of the game scene nowadays and I don't understand how anticheat software should be installed locally. How does it work? I thought it was done on the server level.


On Windows, anticheat runs as root and scans processes like an antivirus would. As is par for the course with DRM/License management/anticheat systems it is more about making a token effort to increase the difficulty of the most primitive attacks than it is about actually stopping anything.


It's gone way past that. Some anticheat software runs in the kernel now. They are doing crazy things like looking for PCIe devices trying to DMA game memory.

https://github.com/ufrisk/pcileech/blob/master/readme.md#har...


I find it really difficult to see the value proposition for anti-cheat companies in spending time developing that functionality. Is it really worth spending dev hours on catching what I imagine is a tiny population of people, who you already know are prepared to use hardware modifications to circumvent anticheat? Or is it just a good marketing point?


I'm not a heavy gamer so don't have great insight, but it seems like you might be undervaluing the problem.

> I find it really difficult to see the value proposition for anti-cheat companies in spending time developing that functionality.

Let's say 1% of the population cheats. Maybe that's high (or low, but I could easily see 1% of the real world population having less than stellar morals w.r.t. cheating). So you play an online game with 20 people in it. That means on average one out of every 5 games there is a cheater in it.

That ruins the experience for you (and everyone in it). Not to mention now because there are so many legit cheaters, people start mistaking really talented players of cheating. Accusing them, starting back and forth arguments online which worsens the experience even if they're not cheating. This adds to the frequency of assumed cheating. Then one of those 20 people decides the way they'll fix it is they'll download a cheat a next time someone on the other team cheats then they'll start cheating too. And so they do, but sometimes they do it when someone is actually just good an not cheating and so they worsen the game.

Overall if you're a company, trying to run an online game you need a positive environment where people will want to return to play. Cheaters very quickly ruin the trust in a game, and that leads to real financial impact.


Perhaps I wasn’t clear, I’m specifically talking about detecting PCIe cards that modify RAM, as the parent comment mentioned. I appreciate the need for anti-cheat software, but surely the number of people who will not only cheat, but also do that kind of modification is vanishingly small?


Maybe the use of that kind of hardware also makes it easier for them to develop software-only cheats that are sellable?


Apparently its cheaper than cost of infrastructure that would allow properly implementing server side checks, like validating if the player supplied entity data is within possible parameter limits aka why the fuck is this dude flying all over the map and server letting him do that?!?!?!


They've already pretty much gotten all that low hanging fruit.

Modern cheats essentially can give a player inhuman reflexes. "See, aim, shoot" all mechanized, or even "see, dodge, aim, shoot". Some of them even use sound to locate other players, so it's "hear, dodge, turn, see, aim, shoot".

The cost of of infrastructure to reliably detect that on the server across thousands of players is a lot more than running some cheap process on the user's machine to look for other strange things going on (why does the user have two mice and only uses one to shoot?).


No, you seem to not understand. Modern games dont do the _most basic_ validation on player submitted input - you can use cheats to fly in Apex Legends, Fortnite, PUBG, Fall Guys. None of those games check something as basic as feasibility of submitted player position/physics. Hell, even something as basic as Among Us doesnt run any server side checks and rudimentary cheats let you see everything, move thru walls, or even impersonate other players.


https://www.youtube.com/watch?v=SnRgW54EWwA

Valve is already using machine learning to analyze player mouse movements across all games to look for "inhuman" patterns and send those directly to the community-staffed manual review process called overwatch.


A competitive game without the typical flood of cheaters sells much better, because hacks and bots can really destroy your experience as a player.


Cheaters in online games can ruin the game, and drive the playerbase away. It's a really big issue, and ultimately impacts the game developer's ability to continually sell the game to new players.


This presentation from Valve on VACNet touches on this: https://www.youtube.com/watch?v=ObhK8lUfIlc

Specfiically, at about 7:50 into this, he talks about the propensity of encountering cheaters in CS:GO. The tl;dr is that in a 5v5 multiplayer game the percentage of cheaters required to ruin 9 other players' games at once is not high. It only takes 7% of people to cheater to encounter 1 every 2nd game, and a 2% cheating rate gets you a 20% cheater-encounter rate.

I'd also touch on the point that cheating ruins an online-only game. Like, it is the #1 way a game falls apart.

Take a look at a game like Escape from Tarkov, where a cheater will ruin a good block of time for a lot of people just by existing in one game. It's especially bad in that game because the distinction between 'being caught by someone in a position you didn't check' and 'being killed by a cheater' is so unclear, and the consequences of losing are so high (and thus losing to a cheater is so much worse). It creates an environment where the players have to be absolutely 100% confident cheating doesn't exist, or it will very quickly sour people to the game.


Ok but then you cannot log into an online gamr using Windows without having an anticheat installed saying that your machine is good to go? Is it something like this?


Yes, that's correct. It launches as part of the game.


It would be impossible to catch all cheaters just from server side. Game clients for example need to have the location of other players but as the gamer it would be cheating to know this information. Moreover you can have assist clients installed which can do something as simple as image processing on what’s on screen and highlight the visible enemies - this would also be considered as a cheat for which you don’t even need to change the game client code


You absolutely could design a multiplayer game such that the client only has access to what the player should be able to see. Whether such a game would actually be performant is obviously a different question, but as Internet bandwidth continues to improve on average I wouldn't be surprised if the server ends up becoming much more involved - both for anticheat reasons and to reduce the client-side workload.


It's not a problem of bandwidth, it's a problem of latency. What a client sees at any point in time is actually a client-side prediction.

If this wasn't the case, and the server wouldn't send player positions until they were actually visible, players would pop out of thin air when turning corners or crossing doorways.

This leads to a different kind of disadvantage called "peeker's advantage", where the peeking player shows up later at the peeked player's screen... but this is generally accepted as a tradeoff. Players like their object persistence apparently :)

Latency isn't getting any better soon, and there will always be an impassable limit on link latency due to distance.


Good points. I'd also add that the server would need to send enemy positions (albeit not with the same precision) for the audio system to play sounds (gunfire/walking/etc) even when player models are not visible.


Good catch! It's one of the variants of ESP cheats.



An excellent article, cheers! For those scrolling through, the article is written by a developer of Valorant, a recently-released FPS. He talks about his efforts to implement a system to prevent wallhacks and the challenges he encountered while doing so.

>Cheaters use wallhacks to see opponents through walls. In a tactical shooter like VALORANT, this gives them huge advantages when it comes to individual combat encounters as well as strategic decisions for the round as a whole. Wallhacks are especially insidious because they give an advantage that isn’t always obvious - your enemies could be using wallhacks... or maybe they’ve just figured out that you rush B every round. We really wanted to prevent that sense of doubt which lingers with players, poisoning their experiences long after the match.

>At the beginning of development, when we were talking about security goals for the project, the two things that came up over and over again were wallhacks and aimbots.

>League’s Fog of War system works because the game server withholds information about the positions of enemies until a client needs to display it. I knew if I could implement something like this for VALORANT we could solve the problem of wallhacks because there would be nothing for the wallhack to see. If an opponent was behind a wall, we wouldn’t send their location to enemy players, keeping them hidden until they decided to peek the angle. If we could pull it off, this seemed like the ideal solution - but we had no idea whether this would be feasible in Unreal Engine.


> You absolutely could design a multiplayer game such that the client only has access to what the player should be able to see

E.g. rocket league or online chess. No need to hide anything. Can't have wallhacks if there are no walls.


You _must_ have server-side anticheat if you have any at all because client side can (eventually) be bypassed - however client side anticheat is better at catching subtle but low effort/obvious cheats.

Also some types of cheats such as wall hacks can only be detected client side.


God I hope not. I don't want invasive proprietary kernel modules screwing up my system.


I really hope this happens for all current anti-cheat software. With Windows 11 coming, I was looking into the state of gaming on Linux and anti-cheat seems to be one of the main blockers right now.


It's really discouraging honestly. Wine/Proton finally gets to the point that nearly everything works and now all of the anticheat systems move to injecting kernel mode drivers.


Here are a few good videos about the subject and Linux gaming. I don't know anything in article format or I would have linked that instead.

https://www.youtube.com/watch?v=o8apCPN56PU

https://www.youtube.com/watch?v=B35XhcmBDDI

https://www.youtube.com/c/Collabora/videos


do you think anti-cheating is ultimately solvable? it seems likely to me that eventually bots just take in a video stream, running on an otherwise separate device. what happens to gaming then?



Personally, I don’t really want some invasive anti cheat running on my Linux system that I probably will not know about


Anti-cheat is not exactly consumer-friendly.

They should design their games such that the client is not trusted, and then the only possible cheats would be UI/AI assistants to the human players, which is not really cheating.


It'd be great if clients could be completely untrusted, but the reality is that it's impractical--if not impossible--to have the server dictate what's visible. Games rely on client-side rendering to determine if you can see something. In milliseconds-matter FPS games, there's no way that the server can calculate whether you can see someone poke their head around the corner or whether you're using wall hack to see them in advance. Human reaction time is way too fast, and even great networking is too slow for that to be effective, even if there were enough computing power server-side to run all the numbers. I can't even think of a way that things like aimbots could be prevented server-side; it's hard enough just to detect them.


> but the reality is that it's impractical--if not impossible--to have the server dictate what's visible.

Gamestreaming (Stadia etc) shows that this absolutely is possible. It might not be feasible due to players on bad connections and hardware cost (in fact, the reason that games do so few checks serverside is hardware cost), but it's not something impossible anymore.

> I can't even think of a way that things like aimbots could be prevented server-side; it's hard enough just to detect them.

Pattern detection can, things like following enemy movements through walls or extreme precision. I agree that it's easier to check for running software on the client, but this is error prone as well and can also be defeated by a sophisticated enough hacker.


> Gamestreaming (Stadia etc) shows that this absolutely is possible. It might not be feasible due to players on bad connections and hardware cost (in fact, the reason that games do so few checks serverside is hardware cost), but it's not something impossible anymore.

That's a fair point, and maybe we're closer than I think, but I don't think that fully-streamed games demonstrate that we're there yet. At the risk of sounding too elitist, those games aren't "hardcore". The things that streamed game players expect and will put up with are a far cry from the things that hardcore gamers expect.

A serious Counter-Strike player wants things to operate as close to the limits of human reaction time as possible. People can typically react (as in press a button) in response to visual stimuli in something like 150ms, and to audio stimuli in something like 50ms (I don't have good links for these, so don't hold me to the numbers; there are studies out there).

While this may seem like it's slow enough that processing and network delays don't matter too much, when you add those in, you're well into the territory of perceptable delays. Advanced/pro gamers (especially younger ones) are even faster. I don't know that it's possible for fully server-side systems to compensate for this. Anecdotally, I can't tell the difference between 20ms and 70ms latency while gaming (at least not now that I'm old), but I can tell the difference between 20ms and 120ms. If everything had to happen server side, I think it'd be noticeable.


Well, to be fair, simply throwing Stadia at you was a bit of a strawman without further explanation.

I fully agree with you that game streaming platforms, as of now, are not usable for pro FPS players (or any players where tens of ms of latency are important). You're not elitist, that is the truth of it :-) But, if a developer would really want to, there would be options:

1. You could go for datacenters in all major cities. With this, you could probably get <10ms roundtrips for a lot of people. It would still be bad compared to local, but if you control the stack, you could easily get those ms back on other fronts. Bad keyboards and mice, for example, might add a lot of latency. Same for USB hubs and non-gaming monitors. If you supply your own optimized hardware you can easily save quite a few ms compared to a "normal" setup to counter out the network latency.

2. Stadia is the concept driven to its maximum - the client is just a video player, everything is done server-side. For cheat safety, this is actually not necessary - by just sending render instructions (i.e. which object is where), you can let the client do the actual rendering, with only culling being done server side. This would not only reduce the server hardware requirements, but also drastically reduce the required bandwidth (especially at 4K) and latency (since you can skip video en-/decoding and a bit of compression). If cheat safety is the only goal (instead of not requiring hardware, which game streaming optimizes for) this would probably be a superior solution.

Stadia (and NVidia Now and the other ones) prove that the technology is close enough that this would be doable, even though they themself optimize towards other things. However, the reality of it is that this would cost an insane amount of money and still not catch everyone [0]. Cheaters do cost games something, but as long as there are reasonably few (and they're kept out of tournaments), it's fine with developers. This is far cheaper to do with client side anti-cheat right now. So you are probably even right with the prediction that we won't see this for a long time - it's just not for a technological reason.

[0] You could do [Game Console of Choice] -> HDCP Stripper -> Cheat-PC w/ HDMI capture card -> Faked gaming mouse/keyboard via USB host -> [Game Console]. This setup works with everything available on the market right now and is virtually undetectable on the client and the server, at least without analyzing user behavior.


> Gamestreaming (Stadia etc) shows that this absolutely is possible

Aimhacking is still fully possible on Stadia. You have the problem here of even if the client only has visibility into what they strictly should, machine reaction time & precision is vastly superior to humans. So aimhacks will always be viable, regardless of how little the client is trusted.


> Aimhacking is still fully possible on Stadia.

That's why I specifically quoted the part about the server being able to specify what is rendered client-side - this part is possible via game streaming.

> So aimhacks will always be viable, regardless of how little the client is trusted.

Fully agreed. In the end, the platform can only do pattern detection, but this is really, really hard to do. LAN tournaments where the hardware is fully controlled is really the only option where one can be reasonably sure that no cheating is going on, but it has happened even in these circumstances.


An "assistant" that generates input to move your player in a sports game, or aims for you in a shooter, is absolutely cheating.

You can't make the client untrusted to the point of "I don't trust that the human really pushed the button" or you don't have a useful multiplayer mode anymore. Cheaters are truly ruining everything, here.


You are right of course.

Like so many seemingly intractable moderation problems maybe this is why we shouldn't scale to infinity. YouTube is literally too big to moderate. Maybe this is a feature of humanity. What's wrong with more, smaller communities that have a dang to keep everyone in line? Other than the unfortunate lack of dangs in the world.

Back in my day CS servers were mostly privately run. If you were caught cheating you got banned. If you appeared to be cheating (you were too good) you also got banned. From the perspective of the players on the server those are the same thing. Communities formed on servers with similar skill levels and recognized players. Cheating in that kind of environment becomes extremely risky from a social perspective. You could piss off your actual friends.

There wasn't a need for rank-based matchmaking or anti-cheat or anything like that, you just eventually found a place you fit in and could have fun. Valve tried to replace that with algorithms but maybe they should "crowd source" so to speak, like we did 20 years ago.

This is all a lot of words to say that there is a "right size" for a community to form and enable everyone to have a good time. When you get to the point that "technology can't help us" I think that's an indicator that your community is too big.


> There wasn't a need for rank-based matchmaking or anti-cheat or anything like that, you just eventually found a place you fit in and could have fun. Valve tried to replace that with algorithms but maybe they should "crowd source" so to speak, like we did 20 years ago.

They're doing that too.

https://blog.counter-strike.net/index.php/overwatch/


Overwatch is not "how we did it 20 yeas ago". It just happens to also be crowd sourced.


True, but I guess it's worth mentioning that OW is the primary method of cheater controls nowadays. In-game report button, VAC, VACNet, Prime MM, Trust Factor, etc... are the other systems they use, but replacing the community with algorithms didn't really happen.


This system is not good either, according to that model, highly skilled players would have no choice but to end up relegated to communities where cheaters run free.


This is not true, as they can also ban cheaters. Also, anti-cheat software can still be used with private servers.


There is a legit phenomenon in chess of "assistants" that are literally just Stockfish telling you which moves to play. People still want to play chess against untrusted opponents. Real-life chess tournaments generally make people surrender their electronics at the door for this very reason.

Fortunately, most cheaters don't know how or are not trying that hard to hide, and are identified by pattern recognition. It's not that big a problem in practice. It's still universally considered cheating.


How would you apply those rules to say, chess? Games should be computers against computers or they are badly designed? That's quite a lot the biggest games of all time that you consider badly designed.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: