[HN Gopher] Terms of Service: Monitoring and Anti-Cheat
___________________________________________________________________
Terms of Service: Monitoring and Anti-Cheat
Author : daneel_w
Score : 178 points
Date : 2021-12-12 18:18 UTC (4 hours ago)
(HTM) web link (www.riotgames.com)
(TXT) w3m dump (www.riotgames.com)
| nyuszika7h wrote:
| When I read the title I thought this was about the Matrix client
| at first.
| authed wrote:
| Anti-cheat should be on the server... not on the client.
| Otherwise, it will never work (probably still won't because no
| one figured out perfect software, but it would be a start).
| NtGuy25 wrote:
| One thing to remember, is just like AV's, it's the norm for them
| to literally upload random archives, documents and whatever else
| to "Scan". There's a reason pretty much every Anglo country
| doesn't recommend Kaspersky for this reason. It makes you wonder
| the risk of China owning 100 % of Riot and the data gathering
| potentials. And since it's the standard industry practice, the
| American engineers won't even blink an eye when designing it.
| It's truly a national security and IP risk that alot of people
| don't realize.
|
| Now I will say as someone who makes tools for and reverses their
| products(All in fairy land in the kingdom of tacobell in my
| dreams). They have pretty unobtrusive anticheat in League of
| Legends and mainly only hammer a whitelist. For example if you
| install Itunes, they will get really obtrusive with anything
| related to Bonjour. As well as with anything that injects into
| the module list.
|
| With Vanguard, they get EXTREMELY intrusive and scan network
| drives, and I found VM memory pages being scanned, but i'm unsure
| if it's intentional or not as I didn't go to deep into it, since
| I don't really play shooters and mainly did it as a quick audit,
| unlike League of Legends. They do shut it off when you say shut
| it off though.
|
| EDIT:
|
| One thing to keep in mind. Is if they make a kernel driver which
| subverts the OS's control schemes(For example making a
| CreateFile, ReadFile, Memory write primitive, Memory read
| primitive. If you see this, REPORT IT. Microsoft bans these types
| of implementation and you can do that here.
| https://www.microsoft.com/en-us/wdsi/driversubmission . It's a
| MASSIVE security risk and they will REVOKE the driver
| certification and deny loading it on Windows! Do not let them
| rootkit your system, know what Microsoft allows and doesn't. They
| do care, they've fucked over AV products before, and they will do
| it again. The OS Security team at Microsoft is extremely good and
| genuinely cares about you as a user.
| mikeiz404 wrote:
| So it's been a long, long while since I've explicitly run AV
| software but doesn't signature, heuristic, and behavior based
| detection all run locally on the machine?
|
| I suppose the exception might be sandbox but from what I
| understand this is usually in a corporate environment where
| connections are MitM'd any way and potentially harmful files
| are run in a sandbox.
|
| Am I missing something?
|
| That being said I'm not sure very many would even notice files
| being exfilled by an AV especially if it were user targeted.
| ev1 wrote:
| almost every AV uploads files
| NtGuy25 wrote:
| It depends, but most consumer AV's upload. And alot of EDR's
| are implimenting cloud based detections, with the option for
| companies with IP risks to run an on prem version of their
| cloud server.
|
| A good example is this hackernews post from not long ago
| detailing how Windows Defender uploaded a beacon he made from
| a VM with no internet access (But connected to a LAN with his
| main computer) and exfiltrated it from there to Redmond and
| ran it, most likely in some automated scanner.
| https://news.ycombinator.com/item?id=21180019
| mikeiz404 wrote:
| Wow that's kind of alarming; I wouldn't have expected that
| behavior from an OS provided AV (I would have assumed it
| would be more conservative) but maybe I shouldn't be too
| surprised given the trends these days (and microsoft's
| decisions with their recent OS's too).
|
| Thanks for sharing.
| jenscow wrote:
| Perhaps there are some heuristics/behaviours that cause a
| file to be uploaded for further investigation, to identify
| new threats.
| cfcfcf wrote:
| I played Valorant for a month until I was banned for no reason.
| They said it was for running unauthorized software but they
| wouldn't say which. No recourse.
| wnevets wrote:
| Could be a rumor but I recall reading a story that claimed Valve
| monitors their user's DNS connections looking for known cheat
| host.
| foolfoolz wrote:
| this will all go away once the client runs in the cloud. we are
| probably one more generation of consoles away. stadia has not
| been the moving force it appeared to be. but its only a matter of
| time
| throwaway744678 wrote:
| Probably not. Some hacks would not work anymore (eg.
| wallhacks). Yet, how would you detect, say, an aimbot
| identifying the pixels on the screen and simulating mouse
| moves?
| jeroenhd wrote:
| How would you detect that, anyway? Behavioural analysis and
| neural networks?
|
| It's not that hard to point a smartphone at a screen and have
| it send fake keyboard and mouse commands through USB, the
| challenge is in interpreting the pixels themselves. This is
| the analogue loophole all over again, for a different kind of
| DRM.
| scrose wrote:
| I understand that this probably isn't popular opinion, but I
| believe we need hackers/exploiters in games, and we need
| recognized communities for them in those games.
|
| People cheat in games for almost an endless amount of reasons.
| But many times, I've seen that it usually comes down to wanting
| to 'be the best' or just a general interest in understanding how
| things work. Creating a 'safe space' for people to cheat in games
| becomes a net plus for everyone because it keeps a lot of the
| non-malicious cheaters out of legitimate player's games. It also
| helps developers understand where some flaws are in their systems
| that they wouldn't ordinarily catch because they'll end up with
| communities openly discussing their latest exploits, or specific
| servers where they can look to see what bugs or hacks people are
| coming up with now. It also means the people who are cheating so
| they can 'be the best' will get bored of it very fast once they
| finally have everything and move to the next game. A cheater
| that's in a designated server is someone that is not interrupting
| a legitimate game.
|
| There will, of course, always be malicious hackers and trolls
| that won't want to stick to designated servers or openly discuss
| exploits so they don't get patched. But this is going to happen
| regardless of whether or not there's a recognized community, and
| it doesn't make sense to punish everyone because of this. Popular
| cheating communities also tend to be self-enforcing. It's not
| uncommon for people to get blacklisted from these groups or
| reported in games by other cheaters if they cross a line(ie.
| Caught cheating in non-designated servers, DOSing servers,
| etc..).
|
| Disclaimer: I was an admin and regular on a couple popular
| cheating/exploit communities over 15 years ago at this point. It
| was my first introduction to how computers actually work but also
| should put in perspective how this is a never-ending battle
| TulliusCicero wrote:
| IIRC some games do this with "low trust" users.
|
| But yeah the sticking point is that cheaters wanna "be the
| best", even if that requires cheating, and if they're
| surrounded by other cheating users that doesn't really work
| anymore, so why would they stick to those servers?
| scrose wrote:
| > But yeah the sticking point is that cheaters wanna "be the
| best", even if that requires cheating, and if they're
| surrounded by other cheating users that doesn't really work
| anymore, so why would they stick to those servers?
|
| There's so many different games so there's no single answer.
| But from my own experience, in FPS games, people love
| building better aimbots, or augmenting different abilities to
| get a better edge, or adding overlays to their visuals to
| better calculate trajectories. Being a better cheater becomes
| its own competition.
|
| The end-goal of this wouldn't be to move all cheaters to
| designated servers, that will never happen, it's to make it
| more obvious and easier to take action when there's a cheater
| in a legit match.
| Der_Einzige wrote:
| Yeah, the number of people who go from cheating on games to
| interested in programming cheats to FAANG engineer is non-
| trivial and means that cheating ends up as a value add for
| reality, even if it hurts the enjoyment of the other gamers in
| the moment.
| gkhartman wrote:
| I can't bring myself to install their client with these practices
| in place. Even if I trust Riot not to abuse their root privilege,
| how long will it take before their anti cheat service running on
| my machine is hijacked by a third party? I'd love to play their
| games again, but it's way more risk than I'm willing to take.
| StreamBright wrote:
| Riot may not. One more reason to never install anything from
| them. I understand that cheating is bad but it is pretty easy to
| create a system that monitors behaviour at Riots infra instead of
| the gamer's and filter out bad users.
| tentacleuno wrote:
| > but it is pretty easy to create a system that monitors
| behaviour at Riots infra
|
| Could you expand on this approach, please? Quite interested in
| what you have to offer, technically speaking.
| StreamBright wrote:
| Imagine the two sides of user behaviour, one side you can
| observe on the client while the other side is observed on the
| "server" (more like the infra where the servers are running).
| There are several ways of monitor traffic (that is sent by
| the client to the server) and identify patterns (good or bad
| patterns). I have seen machine learning based network
| intrusion detection projects that quite successfully
| identified bad user behaviour in HTTP traffic for example.
|
| Riot has 100M+ users, it is probably the most statistically
| significant user base on Earth. You could start to map out
| user behaviour parameters that you need to monitor to have
| them as "features" in your machine learning model. There is
| also a ton of historical data where they identified bad
| behaviour somehow (reported by other players, etc.) that you
| can use to train the ML models.
|
| Let's say you are trying to catch people with aim bot or in
| Riot's case farm bot (helping the player last hit, if you
| know LoL you know what I mean, if you don't nor problem, the
| example is probably understandable anyways).
|
| There is the way to catch this guy by observing what is
| running on the client and see if there is a last hit bot
| process or not.
|
| Or, you could come up with a number (or multiple numbers)
| that represent a typical player behaviour (CS / min adjusted
| by ELO, I am just making this up though) and you could try to
| build models around this try to see if the data to have is
| giving you any meaningful accuracy of predicting cheating.
|
| I know, this is more work, more resources, probably more
| challenging, but it does not violate the user's privacy and
| it does not require the good users also having to install
| rootkits on their devices.
|
| I would be a big surprise for me if it was not possible to
| achieve ML based user behaviour monitoring when the rest of
| tech companies implemented this years ago. I know that Amazon
| done this for sure (probably 10-15 years ago).
| aleksiy123 wrote:
| If it was easy it would have been done. So far no game has
| successfully implemented such a system that cheaters haven't
| been able to evade.
| minimaxir wrote:
| This may be tied to Vanguard: https://support-
| valorant.riotgames.com/hc/en-us/articles/360...
| daneel_w wrote:
| Yes, it is. It's still not acceptable.
| oj2828 wrote:
| I'd recomend you not download the game then
| georgyo wrote:
| A lot of comments are talking about cheating, but there are so
| many "free" games that have launchers that auto start at boot.
|
| Several of my friends recommended genshin impact. It registered a
| background service that starts at boot and runs as Administrator.
| This is a PvE game! Uninstalled quickly.
|
| It's to the point that I will _only_ install games from steam,
| however that even that is not solid as it used to be with many
| games installing their launcher service at first run (origin,
| epic, etc)
|
| Android games also regularly install services well, the games are
| always running _something_ in the background.
|
| Free games, even those with many in game purchases, seem to not
| care at all about running their software even when you are not
| playing their game.
| barnabee wrote:
| I don't care about playing games online against strangers, I
| should be able to opt out of this crap. No access to multiplayer
| servers would not be a problem for me.
| DiabloD3 wrote:
| That is just telling me that Windows Defender should start
| flagging Riot executables used as part of this malware injector.
| This does not, and cannot lead, to an improved user experience.
| dangrossman wrote:
| Not having cheaters ruin my online games is an improved user
| experience.
| sweetbitter wrote:
| What about communities of gamers and hackers who get their
| fun in environments where everyone spends their time hacking
| away at game code to use against each other? This is pretty
| common in many Minecraft servers, for example- hundreds of
| people developing the best cheats to use against opposing
| factions in said communities.
| ejj28 wrote:
| Those people don't play on the same servers as regular
| players.
| jevoten wrote:
| Are you being glib, or do you genuinely believe the OS should
| subvert its user to appease a different group of people?
|
| For many artists, not having their art copied would be an
| improved user experience, so should the OS prevent you from
| copying files tagged as copyrighted? Windows Defender already
| removes torrent software and gives scary warnings for
| LibreOffice [1] so it's not a big step.
|
| [1] https://baronhk.wordpress.com/2021/09/13/microsoft-
| defender-...
| ejj28 wrote:
| This is not a case of the OS subverting it's user, the user
| is installing Riot's anticheat of their own will. If you'd
| like Windows Defender to stop that, then you should be fine
| with the warnings it gives with those other apps too.
| dangrossman wrote:
| I'm choosing to install anti-cheat software into MY OS, on
| MY hardware, to improve MY gaming experience. The OS isn't
| subverting anything by allowing me to do that. I can't see
| how that's anything like your hypothetical. The anti-cheat
| software isn't being rolled into Windows for everyone in
| the globe, it's part of a voluntary, user-directed game
| installation on a specific computer.
| nyuszika7h wrote:
| If it's voluntary, then obviously cheaters are not going
| to install it. _You_ choosing to install the anti-cheat
| software on your own computer will not magically stop
| people you play with from cheating. Therefore your whole
| argument goes out of the window.
| alkonaut wrote:
| It's voluntary as installing the game is voluntary. You
| can't opt out of the anti cheat tech yet opt into playing
| the online game. One might disagree with a part of the
| product (the anticheat part) but then one has to choose
| not to buy or use the product at all. It's _voluntary_.
| jevoten wrote:
| Are you being deliberately obtuse? You can still choose
| to install a rootkit on YOUR hardware after clicking
| through the antivirus warning. What is subverted is the
| expectation that the antivirus won't whitelist rootkits
| without even informing the user of what is happening.
|
| Don't you think users have a right to know, to make an
| informed decision, instead of Microsoft deciding for them
| that Riot is so trustworthy they can have root on the
| user's device, without requiring so much as an "Are you
| sure?" clickthrough?
| onelovetwo wrote:
| I'm sure you don't want Apple allowing people to have illegal
| images on their phones, are you willing to have all your
| photos constantly scanned to improve that?
| dangrossman wrote:
| I don't see how this is related. I'm installing a game with
| anti cheat software on my computer to improve my
| experience. This is my choice, my hardware, and is for my
| own benefit.
| gruez wrote:
| It really isn't when you're forced to install the
| anticheat software to play the game. The corresponding
| phone analogy would be saying that it's "your choice" to
| have your pictures scanned for CSAM, because you made the
| choice to buy apple instead of a pinephone or whatever.
| dangrossman wrote:
| The anti-cheat code is an integral part of an online
| game. I can choose not to install and play that game if I
| don't want the anti-cheat code on my computer. I can't
| choose not to run iOS on an Apple phone. These are not
| analogous situations.
| gruez wrote:
| So you draw the line at hardware/software? Why there? Can
| you not treat iOS as a bundle of software + hardware?
| judge2020 wrote:
| Malware is subjective, as everyone who's made any new
| executable and sent it to a friend knows as Defender
| immediately destroys the program and quarantines it.
|
| Surely many, many people are willing to pay the price of
| running this anti-cheat that 'runs in the background' (not
| consuming many resources, mind you - the vgc executable isn't
| constantly running, only vgtray which is the tray icon and it's
| sitting at 640K), so this obviously isn't malware to them.
| syspec wrote:
| At 640k it's using all the available ram any computer would
| ever need
| jevoten wrote:
| > Malware is subjective
|
| Torrent programs get silently deleted, LibreOffice and other
| FOSS installers get big scary warnings [1], installing an
| open-source audio package pops up no less than _seven_
| warning screens [2], but Riot can install a _literal rootkit_
| to only a single "this program will make changes to your
| computer" notification, in a friendly blue color.
|
| It's painfully obvious Microsoft is looking out for its own
| interests, and those of its corporate partners, instead of
| their users, when they subjectively determine what is
| malware.
|
| [1] https://baronhk.wordpress.com/2021/09/13/microsoft-
| defender-...
|
| [2] https://www.theregister.com/2020/06/05/windows_10_microso
| ft_...
| judge2020 wrote:
| It's not a rootkit, it's a kernel-level driver. The same
| goes for any other driver that can be installed via just
| UAC - for example, Corsair installs their kernel driver[0]
| and cpu-z as well[1].
|
| 0: https://i.judge.sh/illegal/Tempest/InstalledDriversList_
| HbYV...
|
| 1: https://i.judge.sh/fickle/Aloe/InstalledDriversList_7NIt
| hyI6...
| mantaraygun wrote:
| > _It 's not a rootkit, it's a kernel-level driver._
|
| That's like saying _" It's not a vehicle, it's a truck."_
| einarfd wrote:
| Somewhere at the end of last century, start of this one. I
| personally gave up on playing games on non dedicated hardware.
| One of the main reason I did that, was that it was becoming clear
| that games, was shipped with something that looked a lot like a
| root kit or a virus, and if you didn't want that on you computer,
| you couldn't play games on it.
|
| So for me, I went with a console for games, but a dedicated PC
| works as well. But from my point of view, a PC with games on it,
| that is security hazard, and should never run anything you want
| to keep private.
| stjohnswarts wrote:
| I made the exact same choice about 10 years ago. For security
| and privacy reasons. Also every couple of years I get the need
| for a new rig when obviously I didn't really need one. It's
| definitely better over here in the dedicated hardware world
| stjohnswarts wrote:
| It's definitely a lot calmer and safer using dedicated
| hardware. I made the exact same decision about 10 years ago
| EastSmith wrote:
| Anyone tried to run games in Windows Sandbox?
| thatguy0900 wrote:
| This is really the endgame of cheating and anti cheat wars. The
| anti cheat has to basically become root kits. I wonder if they
| will eventually offer a unprotected server to people who refuse
| to install the root kits or not.
| [deleted]
| daneel_w wrote:
| It's interesting; their anti-cheat already is a root kit that
| runs as a ring-0 (or lower?) kernel module in Windows, yet they
| keep having to ban cheaters every month. But this goes beyond
| root kits. It's now apparently acceptable to operate arbitrary
| applications on users' PCs even when not playing the game.
| Utter spyware.
| jeroenhd wrote:
| The very dedicated cheaters use special PCIe hardware to
| alter and monitor memory through DMA, there's always a step
| up.
|
| The only way to prevent cheaters is to control the hardware.
| With modern Xbox and PlayStation being basically a PC that
| you control with a controller, I can imagine a future where
| you buy special online gaming consoles that you control with
| mouse and keyboard to play competitive games. Even that can
| be foiled, of course, because hardware can be manipulated as
| well, but it's the furthest PC gaming will go.
|
| What I wonder about it why people put so much effort into
| cheating. I don't see how playing more than a few games with
| an aimbot is any fun. What are these people even getting out
| of it? Is it just having their name on a board somewhere?
| mise_en_place wrote:
| You don't even need special hardware. The hacker will use a
| bootkit to load driver to read and write memory. Vanguard
| is trivial to bypass.
| Strom wrote:
| > _What are these people even getting out of it? Is it just
| having their name on a board somewhere?_
|
| Based on my observations (during 20k+ hours of playtime in
| multiplayer games), I don't think a leaderboard is even
| necessary. It often seems to be more about asserting
| dominance. Very simple and very primal. No deep thoughts,
| just imposing your will over others. It's satisfying. [1]
|
| --
|
| [1] Of course there's a spectrum of reasons one might have
| to cheat. Some might be temporary cheaters who are just
| curious about the possibilities, others might be aiming for
| a specific prize in a contest. With the dominance angle I'm
| characterizing a certain kind of obsessive regular cheater.
| jamesgeck0 wrote:
| Xbox and PlayStation games can already use keyboard and
| mouse. Not many developers make use of them. Partially
| because consoles aren't installed used at a desk, partially
| because the difference in precision between a controller
| and a mouse makes it difficult to balance competitive
| games.
| fsdjkflsjfsoij wrote:
| > yet they keep having to ban cheaters every month
|
| It's not perfect but the cheaters generally get banned fairly
| quickly and it's far better than the alternative. I've played
| tons of games of Valorant at Radiant (the highest rank) and
| it's extremely rare to even run into someone that I suspect
| is cheating. In comparison, I get extremely blatant cheaters
| in about 25% of my games of CS and far more than that in CoD:
| Warzone.
| tentacleuno wrote:
| > and it's far better than the alternative
|
| There is, of course, a substantial issue re: privacy with
| this approach. A ring-0 driver can essentially do
| everything the system can (it's running in kernel mode).
| It's a two-sided coin.
| fsdjkflsjfsoij wrote:
| Basically everything of interest on the average user's
| computer can be obtained without a ring-0 driver. Riot's
| incentive for the driver is extremely clear and it's not
| in their financial interest to abuse it.
| daneel_w wrote:
| Yes and no. In the case of e.g. Windows 10, without a
| kernel module, access depends on UAC specifics.
| indigochill wrote:
| > This is really the endgame of cheating and anti cheat wars.
|
| I'm of the opinion the eventual endgame is game streaming like
| Google Stadia (though I don't think Google Stadia itself is the
| final answer). Can't compromise a local client if there is no
| local client.
|
| > I wonder if they will eventually offer a unprotected server
| to people who refuse to install the root kits or not.
|
| Absolutely not, for one simple reason: that segment of their
| audience is insignificant to the bottom line.
| digitallyfree wrote:
| There is still the possibility of computer vision based
| cheats, but a streamed game would pretty much make current
| cheats impossible. Even with a hardened OS specifically for
| running games (I think this has been proposed before) or a
| locked-down game console it is still possible, albeit
| difficult, for someone to exploit it.
| justinlloyd wrote:
| Have built computer vision based bots for Diablo III, World
| of Warcraft, Bookworm (make words from letters), a real-
| life Scrabble solver on a phone, a real-world jigsaw puzzle
| solver on a phone, various online poker games, a proctored
| online test and a match 3 game on an iphone. Computer
| vision cheating is surprisingly easy and just getting
| easier.
| digitallyfree wrote:
| A computer vision system is still disadvantaged in that
| it can only see what the player can see, and no more than
| that. For example a wallhack won't work well as the cheat
| simply can't get the locations of all the enemies, and
| can only highlight them when they actually appear on
| screen. Also most of the games you listed above are
| relatively simple to work with both in terms of rules and
| graphics - it would be much harder to have a functional
| bot for the many variables involved in a 3D FPS game with
| fog, bullet drop, friendly fire, and so on.
| slaymaker1907 wrote:
| That is definitely the endgame for cheating. I know in WoW,
| they explicitly ban hardware input broadcasting for
| multiboxers yet actually detecting that can be quite
| difficult.
|
| At the end of the day, we are trying to find technological
| solutions for social problems. What I think would really
| help would be to decrease the ease of duplicate account
| creation for services which care about cheating. Without
| that capability, punishing cheaters socially (i.e. bans) is
| never going to be particularly effective. I think social
| solutions can work because you don't need to stop 100% of
| cheaters like some people seem to believe. All you need to
| do is prevent enough cheating that people believe the game
| is honest overall. Locks only make sure honest people stay
| honest, but that actually works pretty well since most
| people are honest.
| genocidicbunny wrote:
| Camera pointed at screen with some image recognition and a
| bit of code to synthesize controller/kbm input. No need for
| compromising any sort of local client. Wouldn't be terribly
| hard to make a little rpi-based solution to sell.
|
| As long as there's money to be made, cheating will continue.
| In fact, making it harder to cheat in games can make it more
| lucrative to develop cheats for them.
| eertami wrote:
| > In fact, making it harder to cheat in games can make it
| more lucrative to develop cheats for them.
|
| Sure, but I don't see how that's a bad thing. More
| lucrative means higher prices means fewer cheaters can
| afford it.
| thatguy0900 wrote:
| Screen reading cheats have existed for a long time, I
| remember using this in like middle school
| https://www.robotzindisguise.com/
| gitgud235 wrote:
| EAC does this already which is among the most popular anti-
| cheats. How are you supposed to make an effective anti-cheat
| without accessing the kernel?
|
| wait this is also old-news? Terms of service: Last Modified:
| April 30, 2021
| NotPractical wrote:
| The operating system should not allow Riot to do stuff like this.
| Sandboxing on the desktop is badly needed. Flatpak may have its
| problems but it's probably the best effort so far.
| circularfoyers wrote:
| I'm not sure this is even enough, when these anti-cheat systems
| rely on kernel driver implementations.
| setpatchaddress wrote:
| It's really unfortunate that Apple's blown gaming so badly. I
| built a mid-high range gaming PC during the first year of the
| pandemic. The awful software that PC gamers have to put up
| with, from the basic stuff like NVidia's driver software
| updates that they seem to want to be a social network to the
| ASUS labyrinth of random apps + UI just to update various
| bits of motherboard support where it's not clear what you
| actually need and what's actually cosmetic to the MSI daemons
| to support RGB lights on RAM modules that cause some games to
| crash at launch Just Because.
|
| Windows gaming is a real shitshow. But that's where the games
| are. You can avoid running most of this crap. But you
| wouldn't have to put up with it in the first place on the
| Mac, because there's an assumed baseline of non-scummy
| software and vendors would get called out and shunned.
| tapoxi wrote:
| Counter argument: The operating system should do this instead.
| PC gaming would be better off if Windows shipped with "Xbox
| Anti-cheat" that had similar protections but was baked into
| Windows instead of relying on a half dozen third party
| implementations.
| jamesgeck0 wrote:
| Microsoft did ship the Windows 10 "TruePlay" anti-cheat
| component for sandboxed UWP games. I believe it was removed
| because game developers largely ignored the UWP format.
| Barrin92 wrote:
| I think the operating system should allow users to do whatever
| they want with it, as long as they consent to it.
|
| I'm honestly a little bit baffled how the discussion swings the
| other end when it comes to software like this, compared to say
| the Google Manifest V3 debate. If people value having fewer
| cheaters in their video games and they're willing to accept the
| trade-off of having software run at a low-level to be effective
| at detection that's their choice.
|
| Flatpak's are a great choice to have but I don't want to have
| the operating system force them on me.
| nyuszika7h wrote:
| This is the exact opposite of consent. People are being
| forced to install the anti-cheat software. While you may
| personally find it acceptable, you do not have the authority
| to consent on behalf of all other players, therefore it is
| not consent but simply an opinion.
|
| Installing the anti-cheat software on your own computer will
| provide you absolutely no benefits. It needs to be installed
| on the cheaters' computers for it to be effective. Obviously
| if there was actual consent involved and people were allowed
| to not install the anti-cheat software, then cheaters would
| simply not install it.
|
| There are plenty of valid reasons to be concerned about this,
| even for people who have no intention of cheating at all.
| While you may trust Riot, others may not. Even if Riot won't
| do anything nefarious with it, all software has bugs. It's
| only a matter of time until someone finds a vulnerability in
| Riot's anti-cheat software and actual malicious actors start
| to exploit it.
|
| I hate cheaters as much as anyone else, but an anti-cheat
| program running with kernel-level privileges is simply a
| ticking time bomb and should never have been approved by
| Microsoft. But of course, it's easy for gaming companies to
| brainwash the masses who have no awareness of security and
| privacy risks with "you don't want cheaters in your games, do
| you?" These are the same people who get brainwashed by
| arguments like "if you're not doing anything illegal you have
| nothing to hide, therefore you should have no issue with your
| communications being surveilled 24/7 because it will help
| reduce terrorism".
| Barrin92 wrote:
| > you do not have the authority to consent on behalf of all
| other players,
|
| I don't, I'm not forcing anyone to play League of Legends
| at gunpoint and I don't force them to install anything on
| their machines. If you don't trust Riot there's a simple
| solution, don't install their software on your computer.
|
| The basis of consent isn't that Microsoft gets to dictate
| security standards to both users and third parties, it's
| you getting to decide what you run on your own machine.
|
| >But of course, it's easy for gaming companies to brainwash
| the masses who have no awareness of security and privacy
| risks
|
| This securocrat mindset is the exact problem. To you every
| user who makes choices that you don't approve of is part of
| the mindless and brainwashed masses, and you'd prefer if an
| operating system owner gets to dictate conditions to
| everyone else likely because they align with your own. That
| is the opposite of user freedom and it is paternalistic.
| It's extremely ironic you don't realize that you want
| Microsoft to act like a sort of discount nanny state that
| interfers in every decision between users and third parties
| because you're afraid of security threats. In this analogy
| you have chosen, _you_ are the guy who smells sinister
| plots on every corner and wants to move control from the
| user to the operating system manufacturer. It is the same
| walled garden bs that Apple forces on everyone.
| NotPractical wrote:
| I agree. I want sandboxing technology that increases user
| control, not the other way around. I don't accept the trade-
| off you described and I don't think anyone else really wants
| to either, they're just forced to if they want to play the
| game. We shouldn't let this invasive kernel-level anti-cheat
| technology become normalized.
| Strom wrote:
| Now when you say _want to play the game_ , do you mean
| getting instantly killed on spawn by cheaters?
|
| More specifically, given that you want the game to be
| playable without anti-cheat, do you imagine that the
| cheaters will just agree not to cheat?
|
| I think it's pretty clear that the choice in popular games
| is between a strong anti-cheat vs a strong cheat. For some
| types of games a lot can be enforced by the server (think
| chess), but for other types of games it is just inevitable
| that there is an arms race at the point of input. Nevermind
| rootkits, soon enough we'll have mandatory webcams
| monitoring that you're actually physically moving your
| mouse in a way that matches the signal coming out of your
| mouse.
| seoaeu wrote:
| What people want are to only play games with other people
| running this anti-cheat software, and are more than willing
| to run it themselves to achieve that. Seems really like
| missing the point to argue that running or not running
| anti-cheat is a personal choice that doesn't impact anyone
| else. It totally impacts other people. In fact, that's
| precisely why folks want it!
| paxys wrote:
| Disagree. Users should be able to do whatever they want on
| their PC, including installing a rootkit. Leave this walled
| garden bullshit on iOS.
| NotPractical wrote:
| I should rephrase: the user should have control over whether
| or not Riot is able to do stuff like this, and the operating
| system should enforce the user's decision.
| alkonaut wrote:
| They are. They can choose not to install the game (which
| obviously has several parts, of which the anti cheat is
| one).
|
| I'm sure if someone feels tricked into buying it as they
| disagree with that part and only found out at install time,
| they can ask for a refund.
|
| Users are free to block the anticheat from running - but
| obviously the game should then not allow them to enter an
| online server.
|
| I mean how is this different from say, the users tampering
| with the game files? Of course no one stops users from
| manipulating the texture files in the game. It's their
| system. They do what they want. But obviously the user that
| tampered with the textures will be blocked from joining the
| multiplayer game.
| friedman23 wrote:
| The user does by not installing riot software or
| uninstalling it.
| ncann wrote:
| I don't get your point, if you don't want the anti-cheat on
| your machine then don't install and play the game, it's
| that simple. You can't have your cake and eat it too.
| __s wrote:
| But you can have your cake & eat it too: install on a VM.
| OS level sandboxing ideally would allow running a program
| in a non-VM sandbox
| rcoveson wrote:
| You can indeed "have your cake and eat it too" if the
| platform is on your side. Take ad blocking software, for
| example. A browser that really works for you will let you
| visit websites that want to force ad views on visitors
| and will not display those ads. The same should be true
| of an OS. It should do its best to help you run software
| the way you want to run it. If that means gratuitously
| violating the TOS of some online game, then that matter
| can be settled by a legal team. The OS should just be a
| tool-- _your_ tool--throughout the whole ordeal.
| phantom_oracle wrote:
| Counter-intuitively, I wonder what gaming would be like if
| everyone ran the same cheats/mods? Would it be the same as "if
| everyone is rich, then nobody is" or would it devolve into such a
| state where cheating/modding gets so boring that people just go
| back to casual play ...
|
| On the other hand, gaming is now a big commercial entity,
| including 'pros' and 'streamers'. With money involved, fraud and
| cheating ain't far behind.
| seoaeu wrote:
| If you look at what's happened to certain games without anti-
| cheat you can actually answer that question! It turns out that
| it mostly devolves into a bunch of AIs playing against each
| other with the actual humans just passively watching. Perhaps
| exciting to see your aim bot beat the others, but overall not
| much of an interactive experience anyone
| sweetbitter wrote:
| Here's an example from Minecraft, in which duplication exploits
| enable the emergent gameplay of 'crystal PvP'.
| https://www.youtube.com/watch?v=LYMd2sIBlDU
|
| And a hell of a lot more where that came from. There was one
| instance where players had exploited a popular no-rules server
| to spawn in items that dealt 32,000 damage, the administrator
| attempting to patch it and the players playing the cat-and-
| mouse game of trying to keep using them for as long as
| possible. The creativity is really something else. As for their
| music choice in that video- par for the course when dealing
| with the 4chan of Minecraft.
| slothtrop wrote:
| I wonder if console use with a mouse and keyboard will grow in
| popularity owing to this issue. People hate cheaters, but also
| don't want to run anticheat on their primary OS. At this point it
| seems like Sony, MS and Valve machines are pretty locked-down and
| aren't as easily tampered with.
| beebeepka wrote:
| Haha. Aren't they the same people with the rootkit anticheat
| bullshit?
|
| Freemium. "mium" is Latin for not really. So sad a stupid
| Warcraft 3 spawned this horrible moba genre.
|
| What a horrible group of people
| dieortin wrote:
| I don't think the game genre, or even the game itself, has
| anything to do with what's being discussed here.
| beebeepka wrote:
| What's being discussed here is presenting spying on your user
| base as a good thing because "it stops cheating". They simply
| want more dirt on the kids who play their games.
| TulliusCicero wrote:
| Do you have any actual evidence of them behaving in bad
| faith here? Or is this the usual internet hypercynicism?
| beebeepka wrote:
| Installing spyware on people's computers is not enough
| for you? I guess I am done here if I am being hyper
| cynical. Dqmn, we have apologists for everything
| PradeetPatel wrote:
| It is apparent that many modern anticheat mechanisms are almost
| indistinguishable from root kits, which may pose additional
| security risks of their own.
|
| Realistically, as potential consumers of those products, is there
| anything we can do to make a meaningful change for the positive?
| Education and raising awareness can only do so much...
| yur3i__ wrote:
| >meaningful change
|
| not really, the vast majority of players care far more about
| having less cheaters than they do giving Riot/Activision etc
| higher levels of access. Personally I play on consoles for the
| most part to avoid having to install things like Riot Vanguard
| and whatever the new Call of Duty anti cheat is called.
| [deleted]
| jquery wrote:
| Don't play games that install root kits. Most games don't.
| ev1 wrote:
| Unfortunately, this only applies to single player
| games/indies/etc.
|
| Almost every major game installs a rootkit of some sort. The
| only one I can think of that doesn't is FFXIV, but they do
| fingerprint your devices somewhat aggressively.
| somebodythere wrote:
| The reason anti-cheat penalties don't really do anything is
| because people can just create a new account (on a free-to-play
| game) or play 20-60 dollars when they get detected. Video game
| developers usually won't ban cheaters for several weeks because
| it makes it harder to tell what program caused the ban. But it
| also gives you basically a guaranteed period of time to ruin
| other people's games.
|
| I think in the future we might have a shared player registry for
| competitive video games, where people link their BrightID,
| basically proving that they are an individual without disclosing
| any additional personal information about themselves. And when
| they are banned for cheating, the ban is applied to their
| BrightID account, so they can't evade by changing IP/game
| account/etc. And other games by other companies can choose to
| look at this registry and reciprocate the ban as well. It seems
| like an effective, but less dystopic solution than throwing
| people in jail for in-game cheating.
| Kuinox wrote:
| For those complaining here: It's for the anti cheat.
|
| The anticheat has to start with the OS, or it cannot trust the
| current OS instance.
|
| This is the (current) price to pay if you want a cheater-less
| game.
|
| I predict it will worsen, and soon, controller, mouse, keyboard
| and screen will be needed to be trusted to avoid new neural
| network based cheats.
| ricardobayes wrote:
| RIOT's anti-cheat is one of the strongest I have seen. Even if
| you close the service and enable it again, it won't let you
| open the game. Only after a restart.
| daneel_w wrote:
| Strong, stronger, strongest... Valorant is rife with
| cheating.
| donkarma wrote:
| Their anti-cheat is carried by the boot time service, after
| which it becomes mediocre.
| watermelon0 wrote:
| I assumed that TPM + Secure Boot would be enough to ensure that
| current OS instance was not tampered with, at least on the
| kernel level.
|
| > I predict it will worsen, and soon, controller, mouse,
| keyboard and screen will be needed to be trusted to avoid new
| neural network based cheats.
|
| You can capture what screen is displaying, and physically move
| the mouse/controller, and this seems a lot harder to detect.
| Kuinox wrote:
| "physically moving the mouse/controller". Yes you can do
| that. It cause 2 issues: In competition, cheating will be
| impractical (cheating would imply bringing it's own
| hardware). Cheating will be harder, because you need to buy
| physical hardware (and will be far easier to stop). It will
| cause the amount of cheater to drop signifiquantly.
| somebodythere wrote:
| Time to require trusted webcam ;)
| zamadatix wrote:
| By this logic you couldn't have 2 different anti-cheats on a
| system because only one could start first. The truth is the OS
| always starts before the anti-cheat(s) and can't be trusted
| regardless of how early the anti-cheat loads in.
| Kuinox wrote:
| Thats totally false. Moderns OS have a chain of trust, on
| windows, the drivers starts and all drivers know the other
| loaded drivers, and they whitelist the drivers.
| errantspark wrote:
| This wasn't near as much an issue when you had actual servers
| run by actual people. Too bad the technology to implement a
| server browser has been lost to time. : ( Perhaps one day we
| will rediscover it.
| ethbr0 wrote:
| This. "Favorite servers" with admins generally took care of
| all of this.
|
| You'd have a few public servers hosted by a group. You'd have
| a few private servers you could be invited to. Generally,
| everyone was happier.
|
| And most importantly, once exploit didn't break the entire
| game, everywhere. Because you could get arbitrarily banned
| from servers for being an ass.
|
| (And yes, you could hide your IP and redirect. But at some
| point trolling gets old, and trolls move on)
| hdjjhhvvhga wrote:
| I don't get the past tense used here. The creators of the
| biggest game in the market are using the same model right
| now, making the sever available for free, with people
| creating their own server modifications etc. There is a
| whole culture around it.
| dieortin wrote:
| What it the "biggest game in the market" you're referring
| to?
| tentacleuno wrote:
| He is possibly referring to Minecraft? You can self-host
| your own server and connect to it via Minecraft, although
| I am unsure as to whether the server-side component is
| open-source.
| Crespyl wrote:
| IIRC the server isn't technically open source, but has
| been heavily reverse-engineered and, for customization
| purposes at least, might as well be. Most/all of the
| major extension/plugin frameworks are open source as
| well.
| maccard wrote:
| Roblox presumably.
| antiterra wrote:
| In the days of 'aim sporadically improved by a slight
| percentage' style cheats, I wouldn't be so sure.
|
| I played on an active Battlefield server with a community
| constantly ripping itself apart with cheating allegations.
| This even extended towards well established supporters who
| donated significant money to the server operation and
| graphics cards to other players.
|
| Then they'd demand videos and then videos showing mouse
| movement and pore over them for hours. I know someone who
| absolutely didn't cheat (and wasn't particularly exceptional
| at playing) but whose movements in game were subject to hours
| of scrutiny and suspicion.
| judge2020 wrote:
| The entire point of a ranked matchmaking-based game is to
| assess your skill, including implementing teamwork with four
| other players you've never seen before (for solo
| matchmaking). Server browsers are still a thing if you want
| to play some rotating game modes in games built for that sort
| of thing, but way more people want to play ranked
| CS:GO/FACEIT than CS:GO's custom servers.
| errantspark wrote:
| Ranked matchmaking is worse at delivering a competitive
| experience than a community of people who want to have a
| competitive experience. Don't kid yourself, competitive
| gaming existed long before ranked matchmaking.
| fsdjkflsjfsoij wrote:
| The issue then was that anyone that was even half decent
| would get banned off the majority of servers because most
| admins can't actually distinguish between someone that is
| cheating and someone that is actually good. I use my Windows
| computer to play games and I don't really care what level of
| access Riot needs to provide a good experience. I'd bet the
| majority of people that play online FPS games don't care
| either.
| NGRhodes wrote:
| Yes and also it was the tight nit communities that hung
| around on the more popular servers that helped monitor and
| deter cheaters and even have rights to kick users as needed
| to assist the server operators.
| Kuinox wrote:
| Ah, yes, I remember clearly, server run by actual people that
| kicked you because you were "too good" and "obviously
| cheating".
| danShumway wrote:
| I don't have the energy right now to have yet another big
| debate about it, but I've long held that we make our cheating
| problems in the gaming industry significantly worse and
| harder to solve by focusing on a very narrow and limited view
| of competition: https://news.ycombinator.com/item?id=28635316
|
| The situation reminds me a lot of piracy. The difference is
| that it's generally accepted by a large portion of the tech
| industry that design choices and product offerings can
| increase piracy, and in contrast there seems to be a lot of
| denial in the games industry that forcing everything into
| global ranking systems that teach players to prioritize
| winning over anything else _might_ exasperate cheating
| incentives, and make cheating more annoying to normal
| players, and might make it harder for us to moderate and ban
| cheaters.
| TulliusCicero wrote:
| Nah, even without global rankings or whatever you'd have
| tons of people wanting to cheat just so they can win
| encounters.
| danShumway wrote:
| The more subtle point I'm getting at here is not even
| that global rankings are bad, it's to question: is it
| good for us to rank people in our games primarily based
| on whether they win, or does it make more sense to build
| player-facing mechanics that reward people's ability to
| create fun matches?
|
| A few other people here commented that the problem with
| individual servers is that people would get banned for
| being too good even if they didn't cheat. But why is that
| a problem? What practically is the difference between
| getting sniped at spawn by an aimbot and getting sniped
| by an expert player? Does one feel better than the other?
| Not really, they both stink for the same reasons. Neither
| is competitive, neither gives you the opportunity to
| learn and get better as a player, both feel like you're
| just getting picked on.
|
| This could be a much, much longer conversation, which I
| just don't have the time/energy right now to get into in
| extensive detail, but one very narrow aspect of it is
| that we optimize for player "legitimacy" when I suspect
| even many players who love global servers care a lot more
| about having a competitive game with matches that they
| win roughly 50% of the time, and with a community that
| tests their skill and that pushes them to get better at
| the game.
|
| So why are players cheating just to win random
| encounters? Well, we optimize for that, we build games
| that teach players that winning is the primary thing that
| matters even when there are a lot of other metrics in
| multiplayer games that are just as valid and just as
| surfaceable to players. We ignore the fact that our
| design often creates incentives to cheat. And in
| contrast, if we stop treating winning as the only primary
| player motivator, not only can we hopefully reduce a
| little bit of incentive to cheat, but more importantly we
| can start to get a lot more direct about combating
| griefers or players who are spoiling the game in public
| ways.
|
| I don't expect that literally every game could work this
| way, but if you can that gives you an advantage while
| moderating users. If you have an expectation that great
| players shouldn't be stomping new players just in
| general, then you don't really need to check if someone
| is using a cheat to do that, you can monitor for the
| behavior directly without caring about the method. If you
| have an expectation that players shouldn't be trolling or
| griefing each other, you don't need to install a rootkit
| and check to see if they're using an aimbot to troll, you
| just ban them for trolling. I would encourage multiplayer
| developers to think more about optimizing for outcomes
| rather than methodology.
| chrischen wrote:
| How do anti-virus software differ?
| potench wrote:
| For anyone looking to jump to the part about background programs:
|
| > 9.2. Does Riot run programs on my device while I'm not using
| the Riot Services?
|
| > (We may, for limited anti-cheat purposes.)
|
| > In order to prevent cheating and hacking, we may require you to
| install anti-cheat software. This software may run in the
| background of your device.
|
| The language here implies you will be notified and consent to
| install the anti-cheat software - it doesn't seem like these
| programs will install and run without your approval but that's
| just based on the very brief summary here which might not be
| accurate.
| ev1 wrote:
| For valorant (FPS), Vanguard starts at boot, and you can
| disable it from userland/tray icon. Disabling it blocks your
| ability to play the game until the next reboot.
|
| For lol, Packman/stub is not kernel mode and starts with the
| game and exits with the game.
| TulliusCicero wrote:
| Many comments in this thread are of the form:
|
| > I don't play this game and I don't approve of the anti-cheat
| measures!
|
| This seems to be a common pattern. People who actually play the
| game hate cheaters and are okay with more extreme measures, while
| outsiders tut-tut that acceptance. Don't you know that's bad for
| you, gamers?
| Permit wrote:
| One thing that may surprise HN readers is the widespread support
| some of these tactics have among the gaming community. I
| distinctly remember Shroud (a popular Twitch streamer and former
| CS:GO professional) asking for this (for PUBG) in 2018. I
| remember Chocotaco (another popular Twitch streamer) voicing
| support for South Korean laws[1] that criminalize cheating in
| video games.
|
| It's harder to quantify support among typical players, but I
| imagine it's much higher than we might expect. People _really_
| hate cheating in videogames.
|
| [1] https://www.gamedeveloper.com/console/south-korea-cracks-
| dow...
| swinglock wrote:
| Cheating is a denial of service attack, affecting users and
| providers. It's like spam.
| asdfasgasdgasdg wrote:
| I would definitely support criminalizing cheating in video
| games. I also do not view Riot's running programs at times
| other than when I am playing in a negative light. What is the
| threat model? I've already let them own my computer via their
| rootkit, and their incentives are largely aligned with mine.
| Why should it matter when exactly their programs run?
| laumars wrote:
| If you are a professional gamer then of course you're going to
| hate cheats. It's no different to professional athletes hating
| peers who take performance enhancing drugs.
|
| If your money and reputation comes from you being good at
| something, you're going to dislike people who cheat.
|
| Edit (for clarity): the more senior you are in a sport, the
| more likely you are to support invasive countermeasures
| compared to hobbyists.
| seoaeu wrote:
| You say that like amateur athletes think more highly of
| cheaters. I'd say almost anyone would be unhappy about
| competing against opponents who don't play fairly
| laumars wrote:
| I say that because the GP seemed confused why pros were in
| favour of anti-cheat software.
| bytehowl wrote:
| Everyone who has at least two brain cells to rub together
| hates cheaters, in video games and otherwise.
| laumars wrote:
| My point is: the more serious you are into a sport, the
| more severe measures you're likely to support to counter
| cheats.
|
| Hence why pros will support anti-cheat software while those
| who just play causally are more likely to find it abusive.
| dogma1138 wrote:
| I actually have no problem with criminalizing cheating to some
| extent, I'm not actually sure you need new laws for that since
| it should fall under existing computer misuse legislation and
| arguably you can also make a case for harassment and public
| nuisance.
|
| Even without it being a full on felony in jurisdictions that
| have that distinction it should expose you to civil suits
| because you are degrading a service and costing the company
| money.
|
| If you break into a paintball arena for example and start
| running around shooting everyone with your own gun you probably
| will get the cops called on you and they'll drag you out and
| charge you with something. And heck even without breaking in if
| you simply disregard the rules and don't leave when asked the
| cops will be called.
|
| That said you can support all of this without supporting being
| forced to install root kits and handing over the control of
| your devices to the game developer or publisher. The same goes
| for DRM, I honestly don't see a problem if someone goes to jail
| for piracy I do care when companies use terrible DRM to protect
| their products.
| gruez wrote:
| >If you break into a paintball arena for example and start
| running around shooting everyone with your own gun you
| probably will get the cops called on you and they'll drag you
| out and charge you with something.
|
| "your own gun" meaning a gun that fires bullets, or a
| paintball gun that's more powerful than that's allowed by
| regulations? If it's the former the police would be dragging
| you away because you're literally putting holes in people,
| but the latter case I'm skeptical they'll do anything. Are
| they going to arrest a competition bicyclist when they find
| out that they had a hidden motor in their bike?
| johnny22 wrote:
| One could warn them to stop using their own equipment and
| then tell them to leave. If they don't, then you might
| start thinking about calling it Trespassing.
| gruez wrote:
| Right, but even in that circumstance I doubt the police
| (or any part of the justice system) is going to punish
| you for it. At worst you'll be asked to leave and the
| police will only show up if you refuse to do so. You're
| not allowed to bring your own snacks/beverages at a movie
| theater either, but the police isn't going to arrest you
| for it unless you refuse to leave.
| Der_Einzige wrote:
| Do you know how many unintended consequences that
| criminalizing cheating in video games are going to have?
| Many, many things can be defined as though it is a "game" or
| even a "video game".
|
| This is such a terrible policy decision, that I very much
| hope that no old fart in the US house or Senate ever has this
| idea. I worry every time that AOC plays league because she
| may run into the xearth scripter who causes here to have this
| very same "insight".
| dogma1138 wrote:
| Again I stated that I don't think new legislation is
| required computer misuse acts and civil litigation is more
| than adequate currently, ban cheaters find a way to issue a
| restraining order to prevent them from using your service
| and if they disobey it they are facing contempt which is a
| criminal offense.
|
| For the people that make money off selling cheats and or
| are disrupting the service at scale current laws that cover
| computer misuse should be sufficient.
|
| I am perfectly happy to have the book thrown at someone who
| hacks say a Minecraft server to fuck with someone just as
| I'm happy to see someone who breaks into someones property
| and ransacks it.
|
| Computer misuse, trespassing, public nuisance and property
| damage are already criminal offenses.
|
| Cheating in an online video game can easily fall into one
| or more of those categories.
| DanteIlPoeta wrote:
| I think you should touch grass.
| rightbyte wrote:
| > I actually have no problem with criminalizing cheating to
| some extent
|
| If it is criminal to cheat it is not a game anymore.
|
| On the other hand I would welcome hazard game regulations for
| all games with lottery ticket like products for sale, like
| "loot boxes".
| dogma1138 wrote:
| I'm pretty sure it's already criminal to use "hacks" to
| cheat. Abuse of game mechanics shouldn't fall under that,
| tho I have no issue with banning people who do it knowingly
| and repeatedly after it's been made clear it's not an
| intended mechanic.
|
| We do (try) prevent cheating in sports and other games and
| ban players and in fact whole countries for cheating. Try
| cheating in a casino for example, card counting may get you
| thrown out, hacking a slot machine would land you in jail.
|
| Loot boxes are another issue they should be regulated as
| gambling I have no issue with thst.
| Teever wrote:
| I'm okay with criminal laws that punish people for
| cheating in games that have cash prizes but I really
| don't want to see that applied to everyday games.
|
| Let's so for old times sake I organize a lanparty with my
| friends from HS and during this event someone decides to
| turn on no clip to surprise their friends. Should this be
| criminal?
| tylerhou wrote:
| It depends on the harm done. Obviously if you're playing
| with your friends there is likely no harm done.
|
| If you're wasting 50+ other people's time (e.g. FPS
| battle arenas) then you might want a harsher punishment.
|
| Of course there are degrees; I don't think people should
| be thrown in jail for cheating in casual matches/pubs.
|
| But then if you cheat in a tournament where there are
| hundreds of thousands of $$$ at stake, jail time might be
| appropriate.
| rightbyte wrote:
| > But then if you cheat in a tournament where there are
| hundreds of thousands of $$$ at stake, jail time might be
| appropriate.
|
| Please no. I mean athletes are not thrown in jail for
| doping in most places. If cheating are to be illegal, it
| needs gambling regulation and supervision, even if just
| for pros. And I don't think that would end well.
| dogma1138 wrote:
| If you paid to attend an event and someone was disrupting
| it are you happy with the venue calling the police to
| come and deal with them so the event can resume?
| nix23 wrote:
| >I'm pretty sure it's already criminal to use "hacks" to
| cheat
|
| Server-side yes...client-side NO. You can do with you
| computer and the software running on it ~whatever you
| want...and you can throw TOS is the bin...TOS are not
| laws, more like unsigned contracts.
| tentacleuno wrote:
| > On the other hand I would welcome hazard game regulations
| for all games with lottery ticket like products for sale,
| like "loot boxes".
|
| ... _especially_ with all the YouTube advertising. I see
| advertisements for these (what is essentially) gambling
| games quite frequently on YouTube. "One free spin if you
| use code XXXXX, guys! Go download it now!" type of stuff.
| They obviously get a kickback from these ads.
|
| The audience for these types of channels are mostly going
| to be young / teenage boys. They know _exactly_ what they
| 're doing, and personally I find it despicable and
| harrowing that YouTube entertain this.
| smoldesu wrote:
| Try Googling "gachapon" to get an idea of how bad the
| epidemic is globally. These games have existed for a good
| while in Japan and China, and their sole purpose is to
| extract value out of people with obvious impulse problems
| (in both the real-life and digital incarnations). It's
| really just the abuse of capitalism driven to it's
| extremes; game companies will go "whale hunting" to try
| and create situations where limited-time assets can only
| be acquired through _insane_ spending, and repeat it
| until their users either quit or run out of money. Seeing
| all this talk of incorporating Web3 into everything only
| makes me afraid of our gacha-ized future.
| MomoXenosaga wrote:
| I often cheat, modify and use other people's save game file
| in single player games. Technically this is already against
| the ToS.
|
| Of course videogames aren't just a game anymore, they are a
| billion dollar entertainment industry.
| Barrin92 wrote:
| >If it is criminal to cheat it is not a game anymore.
|
| It never has been a game in the sense you're implying here,
| that's to say as an informal arrangement, you're literally
| signing a TOS for a piece of software you're going to use
| abiding by some rules, it just happens to be a 'videogame'.
|
| And I don't just mean it it in a pedantic sense, but a lot
| of these games involve money, either by paying for the game
| or by paying for content, not just gambling, and if someone
| ruins a product you paid for that's pretty bad.
| rightbyte wrote:
| But it is in no way worse to cheat in eg. Fortnite than
| in a board game like Monopoly.
|
| Also, the TOS is not legally binding in a contract sense,
| especially since minors are "literally signing" it, which
| they have no power to do.
| Barrin92 wrote:
| I'm not sure concerning the details in regards to minors,
| but terms of service are legally binding contracts,
| although enforcement depends on the details of any given
| contract. Terms of service lawsuits absolutely do exist,
| both by companies as well as by customers. You may
| remember the George Hotz / Sony lawsuit over jailbreaking
| the playstation.
|
| https://www.americanbar.org/groups/business_law/safeselli
| ng/...
| aleksiy123 wrote:
| Another thing that may surprise HN readers is people are
| willing to pay for a stronger os level anti-cheat. When I used
| to play CS:GO a lot of higher level players would play on ESEA
| [1] or FACEIT [2] specifically because they had better cheat
| detection. Essentially an anti cheat, ladder, and matchmaking
| service provided by a 3rd party for a subscription.
|
| Players want cheater free games.
|
| [1] https://play.esea.net/ [2] https://www.faceit.com/
| dleslie wrote:
| I'm a game developer; the demand from players for these
| measures is loud and persistent.
|
| The thing is that they're reasonably effective tools, and the
| harm, pain and misery caused by griefers and cheaters is real
| and widespread.
|
| And there's not really much of a technical alternative; the
| only other response to something like an aimbot is to design
| such that good aim isn't an advantage, and now you have a
| totally different game.
| ryukafalz wrote:
| I think most people don't fully understand the implications of
| things like this - it's not obvious in normal usage, so how
| would they? Cheating in online games is salient, but if you
| told the average person they had a program running on their
| computer, I imagine their answer would be "so?"
|
| But if it was clearly pointed out in the OS, and the OS said
| something along the lines of:
|
| "Riot anti-cheat is running in the background. This program may
| monitor all of your activity on this computer and track your
| physical location while you use your computer."
|
| ...more people might have some second thoughts.
| fsdjkflsjfsoij wrote:
| > This program may monitor all of your activity on this
| computer and track your physical location while you use your
| computer.
|
| What incentive would they have to do that? They currently are
| making ridiculous amounts of money and you think they're
| going to risk all of that to know trivial details about you?
| Most people aren't that interesting and the information that
| could be obtained is worth far, far less than the money they
| make by keeping their player base happy.
|
| A remote exploit in Vanguard is a much more reasonable
| concern.
| thingsgoup wrote:
| I don't think anyone is suggesting Riot would do anything
| underhanded.
|
| Ironically, the idea that only Riot will ever be able to
| leverage the capabilities of this software service is
| probably why many don't mind running it.
|
| Unfortunately, that idea is flawed for the much the same
| reason the idea of backdooring encryption algorithms is
| flawed.
| nyuszika7h wrote:
| > Ironically, the idea that only Riot will ever be able
| to leverage the capabilities of this software service is
| probably why many don't mind running it.
|
| Just wait until someone finds a vulnerability in Riot's
| anti-cheat software and abuses it for more sinister
| purposes. No software is ever completely bug-free.
| sjtindell wrote:
| Some of the most profitable companies in the world today
| are in the business of collecting seemingly menial metadata
| about you, creating a profile, and leveraging/selling it.
| pmoriarty wrote:
| _" They currently are making ridiculous amounts of money
| and you think they're going to risk all of that to know
| trivial details about you?"_
|
| I hear this argument for the unlikelihood of corporate
| malfeasance all the time.
|
| But look all throughout history and you'll see countless
| examples of very rich and powerful people and corporations
| taking extreme risks, including doing massively illegal
| things or risking consumer outrage and loss of good will.
|
| It doesn't help that the real-world consequences of such
| acts are often just slaps on the wrist, no matter how
| illegal/immoral/reputation-trashing the acts might be. Very
| rarely do the rich and powerful suffer severe personal
| consequences... usually they can buy their way out or exit
| with a big bonus and just get hired somewhere else that's
| happy to turn a blind eye to their past (or might even
| prefer to work with sleazy/corrupt types)... and the
| public's memory is short.
| asdfasgasdgasdg wrote:
| Yeah, although wrongly. The "may" there is a bit of a weasel
| word. Literally, it only indicates possibility, but lay-
| people read "may" as indicating probability. To a nerd,
| whether something is technically possible is interesting, but
| what ordinary folks want to know is whether Riot is likely to
| be acting against their interests (i.e. selling location or
| activity information to third parties, vs. simply conducting
| whatever monitoring they deem necessary to ensure cheats are
| not being deployed).
| ryukafalz wrote:
| Fair - replace "may" with "is able to," and my statement
| still stands.
| Negitivefrags wrote:
| > This program may monitor all of your activity on this
| computer and track your physical location while you use your
| computer.
|
| This is just disingenuous.
|
| If you are talking about what could _technically_ be done,
| then sure, they could do that. But if they wanted to own your
| machine then they _technically_ could do it the moment you
| installed any software that they provided regardless of what
| it says in the EULA.
|
| So then you must be talking about what they are _legally_
| allowed to do. And guess what, they also have a privacy
| policy that limits what information they are allowed to
| collect and for what purpose they may collect it. Them
| carving out the legal ability to run programs on your machine
| for anti-cheat purposes doesn 't change any of that.
|
| Now I'm not saying you might not have other reasons for not
| wanting to run their crap on your machine (I certainly don't
| want it either) but this here is just FUD and not a good
| argument.
| Bancakes wrote:
| Caveat emptor allows me to assume the worst. Plus nobody is
| actually reading the EULAs every month to find the legalese
| clause that allows them to collect and sell even more of
| your data.
| ryukafalz wrote:
| >If you are talking about what could technically be done,
| then sure, they could do that. But if they wanted to own
| your machine then they technically could do it the moment
| you installed any software that they provided regardless of
| what it says in the EULA.
|
| Yes, I am talking about what could technically be done, not
| what could legally be done. That's the only thing the OS is
| in a position to know about.
|
| Yes, they technically could do all of this the moment you
| install any software, on current desktop OSes. Don't you
| think that's a problem? Is that the best we can do for OS
| security?
| Negitivefrags wrote:
| You said earlier: > I think most people don't fully
| understand the implications of things like this
|
| The "things like this" of which you speak were presumably
| to do with the topic at hand, which is a legal text.
|
| You didn't provide any reason to suspect that your
| complaint was generally about OS security. But sure. It
| would be great if desktop OSes were capability based.
|
| It just doesn't seem relevant to the issue at hand.
| ryukafalz wrote:
| It's relevant insofar as granting a program that level of
| access in a capability based OS would be the exception,
| not the norm.
|
| Today's OSes aren't in a position to make such a
| statement at all as they don't keep such tight control
| over a program's authority. But in a capability based OS,
| it would be - so a program that's in a position to
| monitor all your activity on your computer can be easily
| called out as such.
|
| In other words, the notifications I mentioned that I'd
| like to see are only really practical in a capability-
| style system.
| elliekelly wrote:
| Criminalizing cheating _in a game_ is insanity and I am shocked
| and appalled that this idea has so many supportive comments
| here. Here in the civilized world we should only be
| criminalizing conduct that causes actual harm. Not conduct that
| causes occasional frustration. What's next? Shall we send the
| slippery fingered Monopoly Banker to actual jail, too? We're
| talking about a _game_ FFS.
| TechnoTimeStop wrote:
| It certainly causes actual harm. Thousands of hours people
| spend in games to have it completely stolen away. I imagine
| the victims pay level x the hours required to achieve what
| was stolen should be at least the severity level of the
| cheating and punishment.
| [deleted]
| Bancakes wrote:
| You only cheat because you suck and that's the only way you
| enjoy the game. It takes time to get into the gaming flow,
| and enjoy the pastime, and cheating ruins this investment.
|
| When I pay $100 for a game, and cheaters make me stop
| playing, I have been harmed with a wasted $100 plus hours of
| frustration. If you're too shallow and emotionally
| unintelligent to pick this arithmetic up, it's on you I
| guess.
| krapht wrote:
| Define actual harm. You don't seem to hold the time of people
| who play games very highly.
| AnIdiotOnTheNet wrote:
| If wasting people's time is a crime, pretty much every
| advertiser and marketer in existence is commiting a
| crime.... Actually I might be able to get behind this idea.
| djoldman wrote:
| In the federal US courts it's usually defined like this:
|
| (A) General Rule.--Subject to the exclusions in subdivision
| (D), loss is the greater of actual loss or intended loss.
| (i) Actual Loss.--"Actual loss" means the reasonably
| foreseeable pecuniary harm that resulted from the offense.
| (ii) Intended Loss.--"Intended loss" (I) means the
| pecuniary harm that the defendant purposely sought to
| inflict; and (II) includes intended pecuniary harm that
| would have been impossible or unlikely to occur (e.g., as
| in a government sting operation, or an insurance fraud in
| which the claim exceeded the insured value).
| elliekelly wrote:
| I'm a gamer. I value my time a lot. I hate cheaters. But I
| don't think anyone's civil liberties should be curtailed
| because they cheat in a game. And if we're all going to be
| so outraged by people wasting gamers' time then 95% of
| mobile games would be criminal.
|
| Do you want to fine people for cheating? Whatever. But
| branding someone a _criminal_ (for life!) over a game is
| ridiculous.
| thoraway66 wrote:
| Go feed yourself without a job network that requires some
| people to be janitors forever and others to be copy-paste
| coders who live high on the hog
|
| Granting privilege to ephemeral success narratives is on
| the way out with religion (<50% follow religion and belief
| in tales of past success dictating current stature)
|
| Behavioral economics is revealing people take jobs because
| they pay. Not because they're satisfied. The idea a janitor
| is choosing that is an outdated bias.
|
| Just because you're insulated from the effects of this
| economy does not mean others are.
|
| This is all very "gay people bad, what my niece is gay? gay
| people good!" Your lack of connection to other peoples
| situation is telling.
|
| You're not the main character in this shared reality
| celeritascelery wrote:
| If wasting time is a crime, we should also make long
| checkout lines and traffic jams illegal while we're at it.
| SpicyLemonZest wrote:
| But imagine if someone built purpose-built software for
| causing traffic jams, and a large community of regular
| users make traffic jams 5 times more common than they
| used to be. I don't say this out of any personal animus,
| I don't drive very often myself, but I think it would be
| reasonable to start talking about criminal penalties. At
| some point you have to be able to defend the commons, no?
| gruez wrote:
| >But imagine if someone built purpose-built software for
| causing traffic jams, and a large community of regular
| users make traffic jams 5 times more common than they
| used to be.
|
| What's the difference between that and someone who simply
| drives bad/slow? Do they get a pass because it doesn't
| have "purpose-built software"? Or is it because they're
| not acting as a group? If cheaters are not acting in a
| coordinated way, do they get a free pass as well?
| krapht wrote:
| The difference is intent, and this is a core
| consideration of our justice system.
| gruez wrote:
| So people using excessive amounts of coupons and/or
| change at checkouts should be sanctioned as well?
| 1123581321 wrote:
| I haven't seen excessive coupon use banned, but I
| actually have seen a store make that person wait until
| the rest of the shoppers cleared the line. _Very_
| satisfying.
| sokoloff wrote:
| Can you not tell the difference between someone intending
| to save money (or pay their bill) and intending to slow
| others down?
| gruez wrote:
| You could make the argument that cheaters are trying to
| "have fun"/"win" as well, albeit in a way that negatively
| affects others.
| seanp2k2 wrote:
| I was thinking about this too, given recent events like
| Titanfall being pulled from sale due to the rampant
| cheating (which also led to many players abandoning the
| game before, leading to very low sales).
| TulliusCicero wrote:
| Cheating in professional sports sometimes gets addressed by
| Congress, and that, too, is cheating in a game.
|
| While I don't think we should be putting cheaters in jail, I
| wish bans could stick harder, even across games. VAC does
| this to a certain extent, but only for some games. A shared
| database of cheaters that companies could use would be nice,
| but of course the sticking point is identity.
|
| The current setup is a bit like if getting DUI's only
| suspended your driver's license in the particular town or
| stretch of highway where you got the DUI, and you were free
| to continue driving anywhere else.
| Bancakes wrote:
| PBBans does this.
| jbnorth wrote:
| I may be wrong, but I believe South Korea has a centralized
| identity system that game companies use so this kind of
| thing can be tracked and enforced. I wouldn't be against a
| similar system being used in the USA.
| TulliusCicero wrote:
| I wouldn't be either, except that IIRC in South Korea you
| use your social security number, and I don't imagine
| Americans (or other Westerners) will be comfortable with
| handing that over to gaming companies.
| ev1 wrote:
| Yes - all players in SK essentially require identity
| verification. Using other's is a crime. Cheating is
| generally not directly prosecuted, but in other part of
| fraud/gang activity such as illegal match fixing,
| betting, fraudulent gains (tournaments), etc.
|
| At least in the US I cannot think of any cheats that _don
| 't_ violate the CFAA/DMCA.
| seanhunter wrote:
| People cheating (and especially people making and selling
| cheats) cause actual harm to the publisher of the game for
| starters, by making the game worse for all legitimate
| players.
| mantaraygun wrote:
| Only for very particular kinds of games. And the meaning of
| "cheat" isn't even clear, different communities have
| different standards for what is permitted. Codifying any
| particular communities standard for video game cheating as
| the law and forcing all others to abide by it under threat
| of state violence is abhorrent.
|
| I'll give an example: I play minecraft on a server with a
| group of a few dozen friends. On this server, some forms of
| client mods are permitted while others are frowned on. One
| mod I use, ItemScroller, has the ability to mass craft lots
| of items at once. This is great for avoiding RSI, try
| crafting a chest of dispensers without it and you'll have
| to click thousands of times, instead of holding down a
| single button for a minute or so. Other minecraft
| communities might think this is cheating, and they are free
| to think that and play without it. But why should they have
| any right to impose their viewpoint on me?
| fnord77 wrote:
| I'm not advocating criminalizing it, but it is essentially
| fraud in some contexts, especially where there's direct or
| indirect compensation for the players.
| arcticbull wrote:
| Would that then not be covered by extant laws?
| _delirium wrote:
| Yeah, and it is sometimes prosecuted under existing laws
| in that case. For example several people were
| successfully prosecuted in 2013 for a match-fixing
| scandal in English football: https://en.wikipedia.org/wik
| i/2013_English_football_match-fi...
| seanp2k2 wrote:
| With gaming NFTs going they way they are, cheating in games
| may become actual financial crimes in the near future.
| hellotomyrars wrote:
| At the highest level of play, players who cheat to gain and
| advantage could be causing actual financial harm to others.
| The professional scenes of these games involve non-trivial
| amounts of money.
|
| The sad thing is that in the professional scene you have a
| lot of players who are legitimately very good, but who still
| use the cheats to gain an edge.
|
| The solutions to these problems are mercurial and at some
| point unless you get the players in one physical space with
| controlled/organizer supplied hardware it's impossible to
| keep things clean but it is a real problem and it has real
| consequences for players who compete at that level.
| aasasd wrote:
| I mean, players' standard advice for modding and such is:
| download this executable mentioned in a forum post off some
| janky site or a filesharing service, disable the antivirus, run
| the thing with administrator privileges. Older people tend to
| see those who grew up in 2000-10s as proficient in computing,
| but I'm now sure that gamers' understanding of security is on
| the level of the famed "where's the 'any' key" secretary.
|
| Checksums for the linked files on our site dedicated to mod
| sharing? Dunno what you're talking about.
| daneel_w wrote:
| _" I distinctly remember Shroud (a popular Twitch streamer and
| former CS:GO professional) asking for this (for PUBG) in 2018.
| I remember Chocotaco (another popular Twitch streamer) voicing
| support for South Korean laws[1] that criminalize cheating in
| video games."_
|
| And what are the 99.9999% other players' opinion on this
| approach? Surely their collective voices weigh heavier than
| those of a handful celebrities.
| zucker42 wrote:
| The point is that the celebrities' opinions are to an extent
| representative of the communities within which they are
| famous.
| JadeNB wrote:
| > The point is that the celebrities' opinions are to an
| extent representative of the communities within which they
| are famous.
|
| I think there's no particular reason to assume that the
| loudest and best-known voices in a community reflect the
| view of the broader community. (That's not to say anything
| about whether it's true here, just that I think it's far
| from a given, and, if true, is an additional data point
| rather than a consequence.)
| ncann wrote:
| If you visit the subreddits for these games, most people
| support it as well. No one wants to have cheaters in their
| game.
| pugets wrote:
| Too many people have a thought process that is along the
| lines of "[Bad thing] happens? They should make a law
| against that." That's the end of it, to them. They're not
| necessarily thinking about the Nth order effects that that
| their approach would have on society.
| klabb3 wrote:
| It's really the middle school teacher approach to
| cheating. It's also fascinating to see the sentiment
| difference between online gaming and remote education.
| Not that proctor malware isn't worse, it is, but that the
| arguments in this thread would have been aggressively
| downvoted in those other threads.
| gruez wrote:
| That sound suspiciously close to how we got the PATRIOT act
| after 9/11.
| daneel_w wrote:
| True, no one wants that. It's an entirely unsurprising
| sentiment, really. But it's in no way whatsoever mutually
| exclusive with disliking this specific approach.
| lkjdsklf wrote:
| Most people in the gaming communnity don't think about
| the implications of software like this. They just see it
| as more effective anti-cheat and don't consider the
| security and privacy concerns that come with something
| like this
| vkou wrote:
| They think about the implications, and have accurately
| judged the risk to be worth it. Riot games isn't going to
| steal your banking info, your nudes, or your super-secret
| startup idea. It's not going to post pictures of MAGA
| hats on your facebook, and it's not going to take over
| your web browser. It's not going to drone strike your
| location, or kidnap you into a concentration camp because
| you're ______. It doesn't have the power of pit and
| gallows over you.
|
| If you're being repressed, what you have is a political
| problem, not a technological one. If you're being robbed,
| you should probably only install binary blobs that come
| from legitimate enterprises.
| lkjdsklf wrote:
| You're kind of proving my point.
|
| The implication of this software isn't that Riot is going
| to steal your banking info. What would they possibly do
| with it? They're a legit business. They can't just
| starting selling bank credentials or billing people
| randomly. There's potentially lots of less sensitive
| information that most people would consider "not Riot's
| business" that they can get at with this software. Will
| they? probably not. It's how much do you trust Riot.
|
| And none of that even begins to address the security
| concerns of having software running with elevated
| privileges.
|
| I'm not saying it isn't worth it to some people or that
| it's unreasonable to decide that it is worth it. I'm
| saying most people don't understand or consider the
| implications.
| vkou wrote:
| > And none of that even begins to address the security
| concerns of having software running with elevated
| privileges.
|
| Laymen are even more paranoid about it than techies. Most
| people incorrectly assume that a malicious program can do
| just as much damage to your system as a rootkit. They are
| already willing to accept the maximum possible risk, just
| from installing a binary blob.
|
| But unlike techies, they spend less time wargaming all
| the ways in which vendors of these programs seek to wrong
| them.
|
| This doesn't make them ignorant - at least, it doesn't
| make them ignorant in the way that you imply.
| [deleted]
| [deleted]
| amalcon wrote:
| It's hard to overemphasize how weird the gamer threat model
| is compared to the average HN user's threat model. Another
| example: Peer to peer chat is considered less secure than
| something mediated by a server regardless of other features,
| because the threat model is "my opponent finds my IP and
| DDOSes me" rather than "the chat provider does something like
| publish my messages".
| lemmsjid wrote:
| I was intrigued by this, because I always wonder if people
| who are calling for death or life imprisonments in the heat
| of the moment will think better when they are considering an
| issue in a relative state of calm.
|
| I did a quick survey of Reddit threads that had to do with
| cheating criminalization itself, rather than people
| commenting on instances of people being caught cheating.
| Fortunately the vast majority of upvoted comments (besides
| jokey commentary) are anti criminalization. Representative
| highly upvoted comments: "Cheating is shit and shows no
| integrity but making it a crime in online gaming?... Idk
| man..." Or: "This is asinine, I have NEVER been in a game
| with a hacker and thought that they deserved to be in the
| same place as a rapist or murderer." I think you'll find a
| lot of in-the-moment raging over hackers, but when people are
| considering it as an issue they are more cautious.
|
| But it could also be that different populations are
| interacting with different types of topics.
|
| Caution: extremely unscientific five minute study above :)
| ok_dad wrote:
| I just use consoles now, because cheating is annoying and it's
| harder on a console. I only play games on my PC that are single
| player or where I only have to play with friends. I don't like
| anti cheat software like this on my PC.
| mensetmanusman wrote:
| It would be funny if this is the software that ends up finding
| all the nation state botnets dormant on our computers.
| squarefoot wrote:
| If that's what is needed to fight against cheating, then it will
| only escalate. The bottom line then is _don 't do anything else
| with your gaming machine_: no work related stuff, no banking, no
| email, no social networking, no personal data or any access to
| the home NAS, no projects, nothing but games. Connect it to a low
| latency firewalled network plug on the router that would let it
| see only the outside and that's it. Use then a lower power
| machine for everything else, and treat the gaming machine as
| already compromised out of the box.
| Arcsech wrote:
| The shortcut to implementing this technique is buy a gaming
| console. Gaming companies seem very committed to their desire
| to root your box, so might as well just get one pre-rooted and
| use it for nothing else.
| DangitBobby wrote:
| Games on PC are very cheap, though. I spend less for more
| games now than when I used consoles growing up.
| kbenson wrote:
| There's lots of cheap indie games and game pass services on
| the consoles too, from what I understand. I'm not sure
| games on PC are much cheaper. Do you have examples of what
| you're talking about? Are big titles like $10 more on
| consoles for licensing fees or something?
| stnikolauswagne wrote:
| I think there are three arguments to be made for PC being
| overall cheaper
|
| 1) XBox Gamepass offers a huge library of often new games
| for a cheap rate. That service is also available on Xbox
| consoles but those are much less popular than their
| competition.
|
| 2) Epic Games offers a bunch of games for free to entice
| people into switching over from steam, not sure about the
| current situation though.
|
| 3) Steam often offers very deep discounts on games and
| due to the relative ease you can buy keys from resellers
| you can get games for super cheap.
|
| As an annectode I was able to get my girlfriend 250EUR
| worth of expansions for sims for less than 40EUR,
| discounts this deep are hard to get on console.
| nathanvanfleet wrote:
| Uh okay
| chlorion wrote:
| This is exactly what I have been planning on setting up when I
| can save enough money for a new system, and when hardware is
| available again.
|
| It would be very unwise to entrust your main system to any of
| these companies, which is exactly what you are doing when
| installing modern anti-cheat software.
|
| Another option I have considered is setting up a gaming VM with
| GPU pass through. A totally separate system would be more
| secure, but the latency may be better with a VM, and working
| with VMs might be a bit more convenient I think.
|
| I have been curious about the security of hardware (or just
| GPU) pass through with VMs though, I am not sure how safe or
| dangerous giving direct hardware access could be in the worst
| case. There is the issue of some anti-cheat software detecting
| when it's being ran inside of a VM also.
| forrestthewoods wrote:
| How much random open source code do you compile and execute?
| How many programs do you run?
|
| At the end of the day it's about trust. If you don't trust Riot
| to run lol.exe then you definitely shouldn't run their service!
| But if you trust Riot enough to run lol.exe it can do anything
| to your computer. The difference between lol.exe running in the
| foreground and something else running in the background is
| negligible from a security standpoint.
| Crespyl wrote:
| Foreground or background I can agree with, but there's
| definitely a different level of trust involved if Riot wants
| to run something in the kernel instead of just userland.
| forrestthewoods wrote:
| I somewhat agree. Realistically I'm not sure it actually
| matters. In user mode they can do anything to my computer
| and steal any data they want. In kernel mode they can do it
| slightly more sneakily? Feels like one those things that
| sounds scarier than it actually is.
| chlorion wrote:
| Regular user mode software can be sandboxed by running
| the games in their as their own user and graphical
| session dedicated to that specific game. Kernel mode
| software can by pass all security features implemented in
| the OS however.
|
| If you run everything in a single account what you say is
| true, but at least some people do use basic sandboxing
| methods like described above, which makes kernel-mode
| anti-cheat much more invasive.
| NtGuy25 wrote:
| It's not. Binary protection is easy and you won't be able to
| stop high level attackers. It's similar to the EDR field where
| it's monitoring heuristics and trying to correlate those to
| attacks. And it's also similar in that normally it functions
| off of a whitelist, but they get a bit more coverage since they
| only care about a singular program which they control.
|
| Companies get most of it from either filter drivers or ETW.
| Which effectively give a callback and notification for every
| handle or handle operation (So Networking, File, Registry,
| InterProcess, etc...). The good way to do this is ETW which
| gives you events and doesn't allow changing of these events,
| unlike a filter driver that can modify these requests. And this
| stops 99 % of people. ETW even runs in usermode as opposed to a
| driver.
|
| They also do malware techniques such as loading shellcode over
| the wire so it's difficult to audit the actual malicious stuff
| they're doing.
|
| There's zero reason for them to need anything like what Riot
| does with Vanguard and it's a joke that consumers allow this.
| It's them trying to jump to the top of the stack and abuse
| Kernel. But they're engineers are to stupid to realize this
| opens up complexity in the architecture and makes it easier to
| break and bypass.
| kbenson wrote:
| They already have locked down special purpose gaming machines.
| They're called gaming consoles.
|
| Really, if keyboards and mice were more accepted components of
| those that developers always accounted for, I would just buy a
| console for gaming (except all my old games, but really, that
| wouldn't be hard to handle on a console either).
|
| It's already a little concerning to me that I play games on my
| main PC for the same reasons you most likely are worried about
| it. As it is, I try to keep it to things on Steam and the
| occasional old dosbox game from GOG, so at least I don't have
| to be hyper aware of all the different individual launcher
| capabilities.
| zeta0134 wrote:
| This is precisely why I own several game consoles. If I really
| want to play a game from known shady publishers (Ubisoft
| especially), it goes on the PS4 which has nothing on it that I
| actually care about. Go ahead, mess with Sony's OS, I don't
| care. But that nonsense does not _touch_ my workstation.
| andrepd wrote:
| You can always stop playing LoL :)
| StreamBright wrote:
| Many of us did. :)
| dang wrote:
| The submitted title was "Riot may run programs in the background
| on your PC when not using the service". We might have let that
| pass if it were a quote from the article (even though that is
| already editorializing and against the site guidelines - see
| https://news.ycombinator.com/newsguidelines.html and
| https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...).
| But it's not a quote from the article and it's too hard to assess
| whether it's strictly accurate or not.
|
| If you want to say what you think is important about an article,
| that's fine, but do it by adding a comment to the thread. Then
| your view will be on a level playing field with everyone else's.
___________________________________________________________________
(page generated 2021-12-12 23:02 UTC)