this post was submitted on 17 Jul 2024
547 points (97.1% liked)

Games

16800 readers
509 users here now

Video game news oriented community. No NanoUFO is not a bot :)

Posts.

  1. News oriented content (general reviews, previews or retrospectives allowed).
  2. Broad discussion posts (preferably not only about a specific game).
  3. No humor/memes etc..
  4. No affiliate links
  5. No advertising.
  6. No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
  7. No self promotion.
  8. No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
  9. No politics.

Comments.

  1. No personal attacks.
  2. Obey instance rules.
  3. No low effort comments(one or two words, emoji etc..)
  4. Please use spoiler tags for spoilers.

My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.

Other communities:

Beehaw.org gaming

Lemmy.ml gaming

lemmy.ca pcgaming

founded 1 year ago
MODERATORS
 

you are viewing a single comment's thread
view the rest of the comments
[–] notfromhere@lemmy.ml 14 points 4 months ago (2 children)

Isn’t there some way to design the multiplayer to not trust the client? Assume the client has aimbot and all can see through walls, etc. Design it with those things being expected instead of all this draconian pwn the user’s system nonsense.

[–] Revan343@lemmy.ca 17 points 4 months ago* (last edited 4 months ago) (2 children)

Server-side anticheat is more complicated to implement, so companies go with the lazy client-side rootkit instead

[–] conciselyverbose@sh.itjust.works 11 points 4 months ago (1 children)

Server side anticheat also requires trusted servers.

A lot of games are mostly P2P with minimal stuff actually happening on their own hardware.

[–] Revan343@lemmy.ca 2 points 4 months ago

Good point, I hadn't thought about that

[–] Azzu@lemm.ee 3 points 4 months ago (1 children)

Server side anticheat is mostly implemented in all popular games. An aimbot however can't be detected on the server side, it could just be a user moving their mouse perfectly. There's lots of client cheats like that, which is why clientside detection still makes sense.

[–] Nibodhika@lemmy.world 4 points 4 months ago

You should read about statistics. An aim-bot will be consistently accurate, humans are not consistently accurate. If your aim-bot is purposefully inaccurate then it's useless. Long story short, your cheating has to be indistinguishable from human, which is HARD to accomplish, and if you do you'll lose 50% of the matches against other humans.

Not to mention a game with server side anti-cheat could purposefully send fake data, e.g. send a position for an "invisible" enemy, if you aim/fire to it you get tagged. It can do lots of similar stuff that would make the aim-bot less accurate than a human, e.g. every time an enemy enters line of sight add another enemy just outside of the frustum culling, or send an enemy behind a wall that has no visible parts. Cheaters will act on that information, regular users won't. At that point the only way to bypass that is with external hardware that acts on the same information an actual user does (which also bypasses client side anti-cheat anyways), at that point you have a robot playing the game for you and losing 50% of the battles....

[–] tiramichu@lemm.ee 12 points 4 months ago (1 children)

Exactly, and that's why I expressed the sentiment that client anticheat is a poor solution. If you really really want to stop cheating, you have to do it on the infrastructure that you as the game developer have guaranteed and trusted control over, and that is the server.

[–] Azzu@lemm.ee 2 points 4 months ago (1 children)

How do you suppose to block an aimbot on the server side?

[–] FooBarrington@lemmy.world 7 points 4 months ago (1 children)

Primarily by not sending non-visible information and by detecting unrealistic/impossible motion. If the aimbot has to limit itself to what humans can do, it doesn't really matter anymore.

[–] Azzu@lemm.ee 2 points 4 months ago* (last edited 4 months ago) (1 children)

It does matter though. If you program the aimbot to act as if they were the best human, the aimbot is still going to beat everyone else, same as if it was behaving unrealistically superhuman. But you can't simply ban the best human from your game.

[–] FooBarrington@lemmy.world 7 points 4 months ago (1 children)

No human has perfect consistency, and it's always an option to manually review data if it's questionable.

What good is client-side scanning, when you can just run the aimbot outside the client and send the inputs directly through hardware?

[–] Azzu@lemm.ee 3 points 4 months ago* (last edited 4 months ago) (1 children)

Then program some inconsistency into the aimbot. it'll still win against everyone most of the time, still being a problem.

Manual review is always possible, but this requires a lot of people. And if someone really looks at the best players, they seem like an aimbot all the time.

Client-side scanning forces hackers to run the input through hardware, which increases the level of entry and investment necessary to start cheating. Of course everything is always avoidable, but it's about reducing the amount of cheaters by detecting the lazy/stupid people. If you just don't client-side scan at all, there will be a lot lot lot more cheaters. It's about reducing the volume so much that the amount is not that bad anymore and can better be dealt with manually.

It's about forcing cheat developers to spend time/money finding new ways to hide, reducing the value of trying to create cheats.

Of course there are privacy and security concerns. But client side detection in a limited manner does make sense.

[–] Nibodhika@lemmy.world 4 points 4 months ago

I'm not the person you were talking with, but I mostly agree with them.

Here's the thing, client side anti-cheating is a losing battle, it's the equivalent of adding spikes to your key so you can give it to someone so they won't be able to open your door, once they have the key they can remove the spikes. Client side anti-cheat can ALWAYS be bypassed, they rely on security by obscurity to prevent people from removing the actual check, but it's a losing battle, no exceptions.

Server side anti-cheat is the only method that has the possibility of being accurate. Like you said, you can make your aim-bot be indistinguishable from human, but then you're going to be on a human level and other humans might beat you. Any game that worries about this already has a skill based matchmaking, which means that cheaters will end up playing with other cheaters or humans with a similar level of skill, so who cares?. You might get one cheater that's still ranking up on a match, but on the long run they'll cluster together.