The fact that companies think client side anti cheat is a good idea is so insane. Maybe try designing your server better instead of blaming the operating system for not letting you control your users
Aside from better server side detection, which is I agree is severely underdeveloped, I’d say that the next big step should be a much bigger reliance on reputation-based matchmaking, ideally across games. It would need to be built in a way that’s not abusable by devs or trolls and should be as privacy-respecting as much as possible (as in, not having to validate with your ID South-Korean style), which isn’t an easy task. Working properly however, it would keep honest players from seeing any cheaters at all with no client-side anticheat required at all, which would be nice.
Genuinely curious, because this isn’t my area of expertise, but how do you design a server to be “better” if it has to trust data from a remote client?
Example, if the client is compromised - because as they’ve said, they have no way to “attest” that the kernel is not compromised - how would the server know any better?
If my Apex client tells the server I got a perfect headshot, how would the server know I didn’t fake the data? Is there a real answer to this problem or are we just wishing they come up with an impossible solution?
My general understanding is that EA is 100% correct. Now, on the other hand, maybe the should just limit plays between Linux <-> Linux so people can at least still enjoy the game (I’m moving to Linux soon so I’ll basically no longer be able to play the game, which is, as my primary gaming addiction, a huge loss I’m willing to take).
There’s compromises EA could take, but I think the Linux market share is just too small for them to care to spend any resources - even though they’re raking in billions (~$3.4 Billion) and could spare a few resources to find a good middle ground. Capitalism at it’s finest.
How do they know you haven’t trained an AI to get headshots? The cheats often break the bounds of what is realistic in games, whether it is allowing you to see through walls (server shouldn’t be sending enemy positions that aren’t in view), going too fast (server should speed check pplayer positions), getting items they shouldn’t have (server should do inventory sanity checks), etc. Other than that, look for signs of automated movement/things unrealistically precise for a human to do. Eventually the cheating will just be moved to a separate air gapped computer running AI on the video feed. Client side is an invasive, broken, and malicious concept.
Just tracking trended data in general would be sufficient to defeat a LARGE number of common cheats. One of the very few use cases “AI” might actually work for in a positive way. But that puts the burden on the developers and server hosters, and it’s much easier to just burden the players directly instead.
I’m fairly confident that developers already do this. When the “ban hammer” comes down it is probably after analysing data trends for players.
Yeah, they don’t ban immediately. They collate a huge amount of data and then do it in waves.
That way cheaters know what software got them banned, but not the exact behaviour that gave it away.
do you expect them to use data to fix their problems?
God I was pissed when riot did it for league. They didn’t even have a terrible cheating issue, it was rare and they suuslly caught it and parched it quickly. If blizzard can do it so can they.
Servers often don’t send player data that is outside of the immediate area of the player, but they have to for enemies that are nearby. If they walk around the corner and your client didn’t know about it, then you’ll be waiting for your ping time to even render the enemy. I.e. they walk around the corner and already shot you, then you see them suddenly appear a full players width away from the corner, and you die. Aka peekers advantage amplified.
Same deal with footstep sounds, bullet tracers, a player’s shadow, etc. Your client needs to know where all this is coming from and it can’t do that if it doesn’t know the enemy exists and where. And that is a buffer zone for hackers to derive wall hacks from.
So basically, the overwhelming majority of servers do do all those things, since the late 90’s. Hacks tend to work within those bounds. The most common, impactful and hard to detect cheats are based on providing perfect mechanical inputs. Aka aim hacks. Nothing about limiting info from the server can prevent that unless you also want the legitimate player to be unable to see their enemies.
The obvious solution is to make wall hacks an intended game mechanic.
Eventually the cheating will just be moved to a separate air gapped computer running AI on the video feed.
At that point it isn’t cheating anymore; the AI would be legitimately playing the game!
Well thank god this computer genius is on the scene. Don’t worry, EA can solve everything as soon as they hear about these great and very original ideas.
Because the actual calculations aren’t done by the client but the server, or they should be
Right, but the server is still receiving data from the client. If the client sends a plausible head shot, even though it was actually a miss, how would the server know? You still need client-side “police”, AKA anti-cheat software to mitigate a significant type of software-based hacks.
Now that I’ve typed it out, cops are actually a great analogy to anti-cheat software. Cops play the exact same role. Nobody wants them around until a crime has been committed. Cops/anti-cheat software don’t catch everyone, but the threat of being caught mitigates some crime/hacks, and for the cases where criminals/hackers are caught, society/gamers are better off for it.
In closing ACAB - I completely understand why we don’t want anti-cheat software on our computers, but there really is no better way; or if there is, I still haven’t heard it.
how do you design a server to be “better” if it has to trust data from a remote client?
Because it doesn’t have to.
But according to that article it’s still trusting the client. It’s just validating that the action was within the realm of possibilities, not that it wasn’t faked.
From the article (highlighting from me):
Here’s how it works:
- When you shoot, client sends this event to the server with full information: the exact timestamp of your shot, and the exact aim of the weapon.
The article continues to state:
The enemy may be the only one not entirely happy. If they were standing still when he got shot, it’s their fault, right? If they were moving… wow, you’re a really awesome sniper.
But what if they were in an open position, got behind a wall, and then got shot, a fraction of a second later, when they thought they were safe?
Well, that can happen. That’s the tradeoff you make. Because you shoot at him in the past, they may still be shot up to a few milliseconds after they took cover.
What’s stated above already happens in Apex, telling us that they already do everything this article is talking about. This article mentions nothing new and doesn’t solve the problem of clients sending fake data that is within the realm of possibilities - e.g. a headshot when you were actually off by a bit.
The question was about client trust, which the server doesn’t. If the shot wasn’t possible, it’s not valid and did not happen.
If my Apex client tells the server I got a perfect headshot, how would the server know I didn’t fake the data?
Any game that works like that is fundamentally flawed and AC is nothing but an attempt at a cheap bandaid at best.
The client should be doing nothing but rendering and sending player actions to the server and the server should be managing the game state as well as running its checks on those actions. And when one client sends actuons that are weird and doesn’t line up with it’s internal game state it should kick the client immediately always deferring to what ITS game state is telling it, not the client.
The cheat in this case would send legitimate actions. Like maybe you, the human, would have missed the headshot, but your cheat corrected to the inputs that would have landed one.
And when one client sends actuons that are weird and doesn’t line up with it’s internal game state
What if my hacked client sends actions that are not weird, completely plausible, but didn’t happen and instead were faked? E.g. I take a headshot and would have missed, but my client sends data that I actually shot them dead center, because I wasn’t completely off? How would the server know it wasn’t me?
The fact that this thoughtful comment was downvoted, while the computer illiterate reply was upvoted, speaks to the hive mind in this subreddit. We all detest EA, but this guy has a legitimate point. Seriously, do none of you have any principles at all?
“In this subreddit”
Yeah I have a hell of a time remembering what Lemmy things are called as well.
Damn, what are they called?
Communities or “comms”. Reddit would be quick to legal action if someone started using their trademarks.
I think they’re supposed to be magazines, but I’ve been saying subs for.like 12 years. Mags, I guess.
Maybe çubs?
Communities. Magazines is what kbin calls them though.
That makes a lot more sense. I was wondering why c/ stood for magazine.
Sublemmys
Genuinely curious, because this isn’t my area of expertise, but how do you design a server to be “better” if it has to trust data from a remote client?
Check the data on the server (“oh no, incredibly expensive”). Don’t give any data to the client it doesn’t need, like enemies around the corner (“oh no, now my game is so very laggy because caching and future position assumption just became impossible”)
Example, if the client is compromised - because as they’ve said, they have no way to “attest” that the kernel is not compromised - how would the server know any better?
Now the server doesn’t need to care. There’s input? Validate and use it.
If my Apex client tells the server I got a perfect headshot, how would the server know I didn’t fake the data? Is there a real answer to this problem or are we just wishing they come up with an impossible solution?
Now the client can go pound sand. Server decides if it’s a headshot. Client only sends coordinates of origin and target. Lag? Sucks to be you, with or without cheat.
My general understanding is that EA is 100% correct. Now, on the other hand, maybe the should just limit plays between Linux <-> Linux so people can at least still enjoy the game
That would only create more work for the developers, all for the defacto expulsion of Linux users (Way less players at all times). The best course of action here would be the actual expulsion of Linux users. Also, EA is at most 25% correct. (Not a rational argument, I just very much dislike them)
(I’m moving to Linux soon so I’ll basically no longer be able to play the game, which is, as my primary gaming addiction, a huge loss I’m willing to take).
Damn, sorry to hear that. It’s always bad to leave something one knows because something’s become unbearable. I wish you best of luck on your journey! (I’m assuming a lot, but why else would you switch despite your choice of use of free time?)
There’s compromises EA could take, but I think the Linux market share is just too small for them to care to spend any resources - even though they’re raking in billions (~$3.4 Billion) and could spare a few resources to find a good middle ground. Capitalism at it’s finest.
On the other hand: I quite like it. It forces them to keep their grubby little hands from my kernel.
I do not like anything anti cheat. But I also don’t really like cheaters, especially in online games, so anti cheat could be tolerated. The only thing is: nothing trumps my systems integrity. Definitely not online player satisfaction.
Check the data on the server
I believe this already happens to some degree.
Don’t give any data to the client it doesn’t need, like enemies around the corner
Enemies around the corner still make noise/peek/shoot/etc. You can’t just hide data of nearby enemies from the client because their actions still have in-game consequences that need to be reproduced across all active/nearby players.
Now the server doesn’t need to care. There’s input? Validate and use it.
How do you validate data that is within the realm of possibilities? if my head shot would have been 1 pixel too far to the left to hit and my hacked client sends it 1 pixel to the right so it makes a hit, how does the server know this isn’t fake?
Server decides if it’s a headshot.
If my fake data doesn’t look out of the ordinary i’m still hacking the system and tricking the server-side validation.
Client only sends coordinates of origin and target. Lag? Sucks to be you, with or without cheat.
The math to send the perfect headshot isn’t difficult if you know where you are, where the enemy is and you can only send origin & target coords, I’m not sure this solves anything.
That would only create more work for the developers, all for the defacto expulsion of Linux users (Way less players at all times). The best course of action here would be the actual expulsion of Linux users. Also, EA is at most 25% correct. (Not a rational argument, I just very much dislike them)
Agree with you 100%.
Damn, sorry to hear that. It’s always bad to leave something one knows because something’s become unbearable. I wish you best of luck on your journey! (I’m assuming a lot, but why else would you switch despite your choice of use of free time?)
Thanks! I’m a huge open source supporter and only ever installed Windows on my desktop to play games, still using Linux on my laptops. Thanks to Valve, Proton, and Wine, I’ll be able to go back to Linux and maybe discover some new games.
On the other hand: I quite like it. It forces them to keep their grubby little hands from my kernel.
I do not like anything anti cheat. But I also don’t really like cheaters, especially in online games, so anti cheat could be tolerated. The only thing is: nothing trumps my systems integrity. Definitely not online player satisfaction.
Kinda agree with you on this. Although I have my desktop as a strict “gaming” machine, I wouldn’t mine an EA rootkit on my Desktop Linux system if all I did on it was game. But yes, they can keep their hands off my kernel on my “work” devices.
The server already determines if a shot’s valid or not though. Once a client receives information on where the enemy is at, then the client can send message to the server that they are shooting exactly at that location.
Well, the server acts mostly as a single source of truth. The clients are the ones registering the shot, the server confirms or denies it.
My approach would be prohibitedly expensive, as I suggested the registration would also happen on the server. It would also result in bigger lags
Your core premise is broken. Relying on trusting anything from a remote client cannot possibly result in a fair game.
It’s not that simple. Especially not for real time shooters, latency is a killer.
It is that simple. You already have to account for latency because everyone but one player (who you also can’t trust no matter how many rootkits you install) is not the server.
Client side validation cannot possibly provide any actual security, but even if that wasn’t the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.
Client side validation cannot possibly provide any actual security
Except it already does.
but even if that wasn’t the case and it was actually flawless
Nobody is claiming its flawless. This is the same anti-seat belt, anti-air bag, anti-mask, anti-vax argument. It “DoEsn’T WoRk iN eVeRy CaSe!” - that was never the intent. It’s about harm reduction.
it would still be unconditionally unacceptable for a game to ever have kernel level access.
Anyone with a technical background would agree with you, as do I, but the reality is anti-cheat software with kernel level access already exists and it works specifically because it has kernel level access.
No, it doesn’t. Cheating is still incredibly common on games that install malware. If people care enough to cheat, they will cheat whether you have kernel access or not. It doesn’t make a dent. They use it for the exact same reason they use DRM. Because they can.
It also can’t possibly theoretically “reduce harm” when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.
No, it doesn’t. Cheating is still incredibly common on games that install malware
I never claimed it’s flawless or that it works in all cases. Think of it like antivirus software. Does it catch every and any malware that has and will ever exist? No. Does it still work to minimize all kinds of “bad shit” for normal end users? Yes.
If people care enough to cheat, they will cheat whether you have kernel access or not.
Lets rephrase that: If people care enough to commit crimes, they will commit crimes whether you have cops in your city or not - Your statements logical conclusion would be to get rid of police and crime investigators. Does that sound reasonable? It shouldn’t, and it doesn’t make sense against anti-cheat software for the exact same reason.
They use it for the exact same reason they use DRM. Because they can.
They use it because it solves a real-world problem that’s unsolvable by other means. There’s no real alternative because you have to trust the end-user, who, although may not be very likely to cheat, makes it extremely easy for a bad person to spoil the fun for everyone else.
I would love to live in a fantasy world where we don’t need cops, a government, rules, regulations, and anti-cheat software, but there are bad apples that will spoil the fun for everyone.
It also can’t possibly theoretically “reduce harm” when every single installation on every individual computer is many orders of magnitude more harm than all cheating in every game ever made.
I mean “reduce harm” in the strict sense of spoiling the fun in gaming. vulnerabilities happen with all software, this isn’t unique to anti-cheat.
Too bad the server at least needs the player input data.
Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.
But that’s entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.
There are ways to detect and stop that, but they can and should happen on the server, not on the client.
Only if you’re OK banning real people.
There are lots of options such that you can tune your false positive/negative rate. 🤷♂️ Tons of ways you can structure this depending on your game’s tech.
They should just use the same approach big minecraft servers use, the game itself has no anticheat, but the server makes sure the data it’s getting from the client makes sense and kicks clients sending weird data. Doing any checks client side will always be insecure and a nuisance to players
Yeah there’s no Minecraft cheats /s
I see you all over this thread and I want to share something you might find interesting.
You keep mentioning the server can’t handle the anti cheat because it needs to trust client data. Here’s an interesting thought: how is client anti cheat supposed to work when it needs to trust input data?
Look up direct memory access cheats. TL;DR Two computers are hooked up such that PC 1 runs the game, PC 2 reads memory from PC 1, and can then output keyboard/mouse inputs, as well as wallhacks/esp. How is the client side anti cheat supposed to know that the keyboard and mouse inputs are legitimate? How is the client side anti cheat to know wallhacks are being used when they are being rendered on an entirely different machine?
how do you design a server to be “better” if it has to trust data from a remote client?
By minimising the trusted data exchanged and checking it against server side data.
They already do this, so this doesn’t solve the problem.
Keeping untrusted clients in their own ecosystem is an interesting idea, and would let people access the game without affecting anyone in the “trusted” chain, but you will all be lumped in with the obvious cheaters with blatant speed/flying/aiming bots.
If you were playing without cheats on Linux, I’d imagine you’d stop soon after.
The best idea would be to let people run their own servers and then allow or IP ban cheaters themselves, but I guess with everything needing to make money from skins and paints or whatever the fuck Apex sells, that’s out of the question and has been since about the Xbox 360 era.
Careful what you wish for because the next step after killing physical is cloud gaming only.
Just a reminder you can add a publisher to your steam ignore list such as EA or Ubisoft.
Whaaaaaaat!?
Added a video I found showing where to do it.
Many thanks !! 😍 🥰
Wtf. I did not know this. Thx
Someone did the math on Twitter.
There is about 2900 Linux gamers playing Apex.
So even if 100% of Linux gamers cheated it could in no way be the majority.
What I think happened is the dev team struggled to solve the problem so they used Linux as a scapegoat when leadership came down on them.
This sounds likely. Unfortunately, when the problem doesn’t go away a few months from now, it’s not like they’ll reenable Linux support…
GET THAT REFUND!
NO TUX, NO BUX
you gotta contact EA about it, and something’s telling me they’re just going to quote some part of their ToC telling us to get fucked.
alright then flood them CC charge backs, let them explaining to their payment processor why everybody decided to do this all at the same time ;)
Its a free to play game
It’s free to play.
Uh, I’m losing access to everything I bought with apex coins though…
Yeah, but your first mistake was buying apex coins.
Counterpoint - Devs need to eat. Especially devs that are thoughtful enough to enable their anti-cheat to work on Linux. So yeah, they had my attention, my support, and my money. In return I got to play a fun game and rock some cool skins and accessories - it certainly seemed like a win-win. Now they’ve retroactively backed out of their support, and I’d like to back out mine as well.
You are not paying devs… you are paying a corpo parasite who fucks you over every few months.
Agreed to a point. I don’t care so much that “the devs need to eat” because these are AAA corporations, not indie devs. The moderate gains and losses aren’t directly affecting the people that actually made the game, they’re just affecting the bonuses the CEOs get. What does matter though is that if we as Linux gamers want them to care, they need to see that Linux users are generating revenue. They’re greedy corpos and revenue is all they give a shit about. I’m OK contributing a small amount to games that continue to support Linux. I’m OK spending $5 every few months to buy the Overwatch 2 battle pass if it means Blizzard sees that someone who only plays on Linux is generating income. I’m certain they looked at the money coming in from Linux players more than the actual number of said players when making this decision. The only way to make corporate monsters care about you is to feed their greed. Sometimes, feeding them a small amount can potentially help your cause.
What does matter though is that if we as Linux gamers want them to care, they need to see that Linux users are generating revenue. They’re greedy corpos and revenue is all they give a shit about.
I appreciate you mentioning this, I agree. If linux made a blip on a chart, executives would prioritize figuring out a solution.
Me too… I bought one Apex pack solely because the introduced Linux support a month after I switched to Linux.
Ah yes, “the devs”. What percentage of the profit do you think goes to the gameplay developers, the backend developers, the designers, the character artists, the environment artists, the QA team, the writers, the voice talent, the localization teams, and the other roles too numerous to list but too important to ignore, that actually create the game? In contrast, how much do the executives, managers, and
parasitesshareholders pocket?Even if you assume a fair division between all people, just look at how long the credits list is. The average developer employee won’t go hungry because a couple hundred players stop buying gamble coins.
You know what? Developers that work at studios that are baby punching evil don’t need to eat. I’m not feeding any of them.
Shit take. Not everyone can be Eric Barone or Daisuke Amaya.
Go work at Coffee Stain or their ilk. They’re a games studio employing multiple developers working on a few games at a time, and they’re not baby punching evil.
I’m not sure what your point is? Perhaps I incorrectly assumed this was obvious but yes - if players do not financially support a game, even “free to play” games, those games disappear. There is not a single company on the planet that is going to continue investing in a negative revenue project for funsies. The teams working on the game are relocated to other projects or laid off, and the game shuts down.
If you believe I’m in the wrong for supporting a game that, until this point, was friendly to linux - then so be it.
I think you’re wrong for supporting EA, regardless of any other variables.
If you accidentally ban linux users in three[1] different[2] banwaves[3], then linux was only halfway supported in the first place, even if they overturned (almost) all of those bans.
I think the real reason they did it was EA’s financial situation. Since money is tight, the amount of resources they were willing to put into real linux anti-cheat probably dropped to “none at all,” and now we’re here. Otherwise other cheater-prone games like Counter Strike, Overwatch, Halo, The Finals, DayZ, Hunt Showdown, etc would have probably dropped/blocked linux by now too.
I would be so upset if Hunt Showdown did this.
Hell, I’m mad Apex Legends did it and I have very little time invested in that game.
I really wish game developers would stop with this kernel level anticheat nonsense that doesn’t even work. Everyone in every gaming community just points the finger, people that play games using Easy Anticheat say Battleye sucks and vice versa.
If kernel level anticheat actually worked, there would be a definitive answer to which games have good anticheat.
Fuck EA
I’ve been praying for an Open source Apex clone that can be self-hosted. A man can dream.
Xonotic is a thing
Thanks for the reminder! I’ll have to revisit. I wonder if that can be tweaked to play more like Apex.
Also try the finals
If this works on Linux this is probably what I’ll switch to. I’ve played it and liked it, the pace is a bit too fast for my taste, but I can get used to it.
It worked for me when It launched and was pretty fun, especially the destruction and the way tha shooting feels
fr, Apex is one of their nicer products that felt a bit like new battle royal version of abandoned Unreal Tournament
This is really going to validate the anti-Steamdeck/anti-Linux gamers. It shouldn’t.
“You can’t play shitty MMO Battle Royale games if you’re on a Linux PC!”
Fucking good. That’s a feature.
Why is it a good thing that people can’t enjoy the games they like on Linux?
It’s also keeping people from even considering linux for gaming so I don’t share your sentiment. Like it or not, these games are insanely popular. My gaming buddies won’t even think of switching to linux until 100% of the games they play are working on it, and that include “shitty MMO Battle Royale” I’m sorry to say.
People still play Apex?
Not people on Linux.
Yes* unfortunately. It’s very popular.
I’ll never understand why people enjoy P2W games.
It’s not P2W though, right? I thought they only sell cosmetics w/o competitive advantage (outside a mistake here and there), everything that actually impacts competitiveness is provided equally to everyone.
If that’s not the case, could you link something that indicates that?
I would say you are right, because all the playable legends are able to be bought with the free currency you can get by just playing the game.
I guess some people could make the argument that paying players have faster access to new legends and legendary finishers, etc. I would say this is more like “pay to skip some grinding” than “pay to win”.
Yeah, if it’s unlockable in a reasonable amount of time (say, 5-10 hours per hero), then it’s basically the same as those stupid F2P mobile games where you can pay to “speed up time” or whatever. Or if there’s a rapid churn where you lose access to heroes after some amount of time (i.e. even if you pay, they’d disappear).
But if you can grind for a few hours to get the hero you want, then yeah, not P2W.
You have to pay to unlock heroes, many of which can improve your performance once you find one that best matches your playstyle. I consider that P2W.
Oh no
Anyway
Wasn’t Apex Legends the game, that run better in wine than natively on windows?
Lame. :/ Guess I’m changing my review then.
They just can’t stop killing this game, the last few updates have been dog shit and now they do this.
Would’ve cared… If the game had gotten any good updates for the past… Year? Probably more at this point.
Is this not the game I saw an article about like yesterday saying EA had missed revenue forecasts and EA stated a major overhaul is needed?
I guess step one is to restrict the player base more.
Classic “the beatings will continue until morale improves” corporate energy.
How much fucking harder/extra work is it to maintain a Linux version of something? God damn, I don’t even really use Linux outside of servers and I still think it’s bullshit how little support it gets because it’s like a Catch 22. Nobody works on it because nobody uses it; but nobody uses it because nobody works on it! (For gaming, anyway)
It’s amazing how much actual change this one piece of hardware has done to bolster Linux’s share of things, but it’s still also just kind of a drop in the bucket.
Ohh my god true, these companies are massive but man for a while many games are windows first.
