• Riskable
    link
    fedilink
    English
    arrow-up
    15
    ·
    1 year ago

    The first rule of network programming: Never trust the client. How does anti-cheat software work? It trusts the client.

    All clientside anti-cheat is fundamentally flawed and broken by design. It doesn’t actually prevent cheating it just creates an illusion that it’s preventing cheating. The fewer people that believe in that illusion the better off we’ll all be.

    Besides, you can train AI to play any game via MITM in USB (plug the mouse and keyboard into the Raspberry Pi or similar which then pretends to be a mouse and keyboard to the computer playing the game). The simplest method is to just point a camera at the monitor but there’s much lower latency ways where you use some cheap Chinese HDMI decoder/encoders to feed the raw video signal right into the AI.

    With methods like that becoming cheaper and easier every day the whole client-side anti-cheat bullshit kinda seems pointless, yeah?

    • MJBrune@beehaw.org
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      We’ve already established you have to trust the client to some extent in a typical game.

      Also do you lock your front door despite people being able to lockpick it? Most people do because it raises the barrier to entry.

      • msage
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        Do I lock my door? Absolutely.

        Do I let strangers into my home? As little as possible.

        • MJBrune@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Most people put security cameras in their homes despite them being able to be remotely hacked. Lots of people have an Alexa which could also be seen as letting a stranger in. A lot of people use tools that could be used to compromise their direct use but trust they don’t as for things like anti-cheat being malware. That’s all FUD. There has not been a single large anti-cheat company known to be sending unneeded or personalized user data.