• conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    2
    ·
    edit-2
    23 days ago

    Your core premise is broken. Relying on trusting anything from a remote client cannot possibly result in a fair game.

    • Evotech@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      23 days ago

      It’s not that simple. Especially not for real time shooters, latency is a killer.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        10
        arrow-down
        3
        ·
        edit-2
        23 days ago

        It is exactly that simple. You already have to account for latency because everyone but one player (who you also can’t trust no matter how many rootkits you install) is not the server. Having a proper server doesn’t change that in any way.

        Client side validation cannot possibly provide any actual security, but even if that wasn’t the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.

        • ᗪᗩᗰᑎ
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          21 days ago

          Client side validation cannot possibly provide any actual security

          Except it already does.

          but even if that wasn’t the case and it was actually flawless

          Nobody is claiming its flawless. This is the same anti-seat belt, anti-air bag, anti-mask, anti-vax argument. It “DoEsn’T WoRk iN eVeRy CaSe!” - that was never the intent. It’s about harm reduction.

          it would still be unconditionally unacceptable for a game to ever have kernel level access.

          Anyone with a technical background would agree with you, as do I, but the reality is anti-cheat software with kernel level access already exists and it works specifically because it has kernel level access.

          • conciselyverbose@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            21 days ago

            No, it doesn’t. Cheating is still incredibly common on games that install malware. If people care enough to cheat, they will cheat whether you have kernel access or not. It doesn’t make a dent. They use it for the exact same reason they use DRM. Because they can.

            It also can’t possibly theoretically “reduce harm” when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.

            • ᗪᗩᗰᑎ
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              edit-2
              21 days ago

              No, it doesn’t. Cheating is still incredibly common on games that install malware

              I never claimed it’s flawless or that it works in all cases. Think of it like antivirus software. Does it catch every and any malware that has and will ever exist? No. Does it still work to minimize all kinds of “bad shit” for normal end users? Yes.

              If people care enough to cheat, they will cheat whether you have kernel access or not.

              Lets rephrase that: If people care enough to commit crimes, they will commit crimes whether you have cops in your city or not - Your statements logical conclusion would be to get rid of police and crime investigators. Does that sound reasonable? It shouldn’t, and it doesn’t make sense against anti-cheat software for the exact same reason.

              They use it for the exact same reason they use DRM. Because they can.

              They use it because it solves a real-world problem that’s unsolvable by other means. There’s no real alternative because you have to trust the end-user, who, although may not be very likely to cheat, makes it extremely easy for a bad person to spoil the fun for everyone else.

              I would love to live in a fantasy world where we don’t need cops, a government, rules, regulations, and anti-cheat software, but there are bad apples that will spoil the fun for everyone.

              It also can’t possibly theoretically “reduce harm” when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.

              I mean “reduce harm” in the strict sense of spoiling the fun in gaming. vulnerabilities happen with all software, this isn’t unique to anti-cheat.

              • conciselyverbose@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                21 days ago

                It doesn’t meaningfully impact the rate of cheating at all. You’re making the deluded assumption that it does something despite a complete absence of evidence to support it. It’s a complete fabrication with no connection in any way to the real world.

                It is not security. It does not in any way resemble security. It’s pure theater that catastrophically compromises the actual security of everything it touches.

                • ᗪᗩᗰᑎ
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  21 days ago

                  It doesn’t meaningfully impact the rate of cheating at all

                  So EA and every other anti-cheat software is paying developers to make software that does nothing? I don’t follow.

                  • conciselyverbose@sh.itjust.works
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    21 days ago

                    Yes. Exactly identically to them spending money on DRM despite an obscenely strong body of work showing that DRM doesn’t serve any purpose in any context. It’s pure theater.

      • conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        15
        arrow-down
        1
        ·
        23 days ago

        Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.

        But that’s entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.

        • andyburke@fedia.io
          link
          fedilink
          arrow-up
          5
          arrow-down
          3
          ·
          23 days ago

          There are ways to detect and stop that, but they can and should happen on the server, not on the client.

            • andyburke@fedia.io
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              23 days ago

              There are lots of options such that you can tune your false positive/negative rate. 🤷‍♂️ Tons of ways you can structure this depending on your game’s tech.

              • conciselyverbose@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                2
                ·
                23 days ago

                No options that resemble legitimate or evidence based in any way.

                If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it’s unconditionally not acceptable to do so.

                • andyburke@fedia.io
                  link
                  fedilink
                  arrow-up
                  3
                  arrow-down
                  2
                  ·
                  23 days ago

                  Client side anti-cheat faces similar issues, and there unlike your server you don’t control the hardware.

                  • conciselyverbose@sh.itjust.works
                    link
                    fedilink
                    English
                    arrow-up
                    2
                    ·
                    23 days ago

                    I’m not sure why you think I’m saying client side is better when I called it malware.

                    There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It’s simply a reality of online gaming.