Consumer activity and protest does work from time to time. One lesson to learn about these sort of statements here is not to make them during weekend. In the end backing down here at least for a while is a sensible action.
I just wish that people actually would do something about the (far worse imo) requirement to give the game kernel access for anti cheat. But nobody gives a shit about that, so they're never going to change it. It's not really acceptable in my opinion for any game to have these rootkits, but it's especially bad for a co-op game where you're going to be playing most of the time with people you know.
Especially when the anti-cheat has a tendency to cause BSoDs. For a while the anti-cheat that came with Fortnite caused my machine to BSoD over and over. I googled and a ton of people were having the same problem. There didn't seem to be a good solution just the standard "Try reinstalling everything" advice. At one point the situation caused my windows installation to corrupt and I had to completely reinstall. It's ridiculous.
It did but it wasn't a choice. The system just wouldn't boot. Repairs didn't work, trying to replace files didn't work. The only thing that would was a wipe and reinstall of the system drive.
I can't believe this hasn't been a bigger issue. Other than a handful of comments on steam about this when the game was first released, most people have either ignored this or don't care.
There’s a lot of posts about the anticheat and the issues it causes players on the steam forum, dozens if not hundreds a day still. But you’re right; enough people don’t care so the developers do nothing.
Interesting side effect of this has been that it has driven a substantial amount of people to play the game under a Linux distro using Valve’s proton wrapper for Windows emulation (same as is used on Steam Deck) because the anticheat version for Linux doesn’t have the rootkit element.
Conversely most of the cheaters that this system is designed to stop seem to also use Linux, making the entire endeavour pointless from the developer’s side, yet they remain adamant in keeping a system that harms many and doesn’t even prevent cheating anyway…
Welcome to gaming drama. Just like everything else, it's all about timing and vitality. That's why so much legal stuff that actually makes gaming worse gets through. Law isn't sexy, it's not instant.
But yea, "victory for gaming" that they don't need to log into an account... As they log into an account to boot the game up. But TWO accounts, absolutely not. Unless it's Call of Duty. Or Diablo. Or Assassin's Creed (which isn't even an online game?).
I can't even feel sorry. They bring it all on themselves.
An account that you can only have in 73 countries, while the game was originally sold in ~190. The PSN ToS is pretty awful, but what got a lot of attention was Sony just retroactively making the game unplayable for over half the globe. Yes, you can lie and give them a fake address, but in the ToS they can demand ID to prove your identity and location.
When I moved from one country to another, PSN wouldn't allow me to pay for things with the card issued by my new bank - I ended up having to open a new Sony account
I'm not sure if things are the same now - that happened in the era of transition from PS3 to 4
Don't know if you are still playing on windows the OS itself is now basically a spyware, so if people don't care about that a potential rootkit is not much.
More importantly imo is that the game is working well in the flatpak distribution of Steam.
Oh trust me, I ditched Windows a long time ago. I keep a Win10 install around for occasional games which refuse to work under Proton, but it's very rare I use it. A few years back when they got caught "testing" ads in Windows Explorer, I switched.
Anti-cheat is physically an uphill battle, because, in the end, it's all just numbers. Anti-cheat is basically trying to say "you can send these numbers but you can't send those numbers". But I can send "those" numbers. I can send any numbers I want. You can make it difficult to send the right numbers, but I've got your numbers that describe how to send the numbers right in front of me, which is a rather large help.
That's not to say it's hopeless. Sibling comments point out various options that can be run purely server-side. But there's no perfect solution. Even cloud gaming can't prevent cheating because I can take the resulting video stream and run computer vision algorithms on it and still send wrong-numbers back up as my input stream. This may not let me see through walls but is still plenty to implement an aimbot, for instance. Push it into a DRM'd device and I can grab the HDMI stream and hack apart my controller to directly apply voltages to the controller. DRM the HDMI stream and I can point a camera at my TV. Detect my aimbot through machine learning and I can put together a machine learning network with a few hundred of my buddies to precisely characterize the thresholds the server is using and stay below them while still having a cheat system that plays better than I do. And so forth.
(And do not underestimate the extent that people will go to to cheat. I don't really consider "get together with a hundred of my buddies and use machine learning to characterize your machine learning ban algorithm" to be something that could not happen. The amount of effort people will put into cheating is not bounded by your credulity. Weirder things have already happened.)
The deck is fundamentally stacked against preventing cheating. You can certainly take a bite out of it but precisely hitting the exact right contour to exactly nail the cheaters and never hit anyone by mistake is effectively impossible.
It always seemed strange that anticheat wasn’t based on statistics. If you send too many number Ns, then you get banned. Then tuning the false positive rate is an exercise for an ML model.
It won’t work perfectly, or perhaps even well, but maybe it’d work well enough to avoid rooting your customers’ PCs.
The ones I'm familiar with (e.g. Riot's) do use statistics, along with just about anything else you can think of. Code that does nothing but act as a honeypot for cheaters? Of course that's a thing. I'm actually surprised that people focus so much on the kernel part given the scale of the data collection, though the collected data is pretty innocuous.
I don't know if you can solve everything in an alternative way, but after watching the drama in Tarkov last year, I think the game companies are leaving a lot of low hanging fruit. For example people who can see through walls will track someone coming from behind the wall, before they can be seen. The server has the record of it. In the specific case of Tarkov, people got more information about other players by pointing at their wallhacked silhouettes. Again, the server knows. So did external people have to make videos about "the wiggle" to cause any change?
There's so much that could be done through basic behaviour analysis and injecting false data. Yet, instead of that, games just come loaded with anti-cheats that barely work.
I still don't understand why Microsoft just hasn't made a generic kernel anti-cheat driver yet with restricted scope and permissions, and then allowed commercial entities like Vanguard to integrate with that driver.
Theoretically, such a driver could allow anti-cheat systems like Vanguard the same permissions as before, but provide information to the user on exactly what it is doing and accessing. Even that would be an improvement. (And in the future, if the driver had a stable API surface, it would make Linux porting easier.)
For years I have wanted hardware level anti-cheat in CPU's, memory, and GPU's that came in optional "anti-cheat" editions that would get their own servers in games.
Yes, there are still possible ways of getting around this, but it becomes much harder than "Download this cheat, install, and you're aimbotting"
Yes. It's called moderation, and it's what we were doing for decades.
The problem is that multiplayer game servers aren't run by players anymore; which means they aren't moderated by players anymore. Game studios have monopolized the responsibility of moderation, and tried (utterly failed) to replace it with a rootkit.
It's really funny. They took a system that was essentially free to them (player run servers and moderation) and replaced them with expensive, in house run servers, such that if your game is more popular than you expected, everyone has a miserable time because your infra dies.
But they """had""" to, because they want to sell cosmetics and "microtransactions", nevermind that a digital costume that costs as much as a candybar or soda shouldn't be called a "micro" transaction.
You can't sell anything if you give away the authoritative server software. Valve tried to get around this by having third party servers contact an official server with a "who actually owns what" style api but nobody gives a fuck.
Ah man, it's almost like a costume that took your character artist a week to put together when they would have otherwise been sitting on their hands shouldn't cost $5
100% this. VAC remains one of the more effective anti-cheats out there while retaining relatively few privileges on the client machines.
A gaming youtuber, 3kliksphilip, made a 10-minute rundown of the state of VAC and where it may be going from here: https://www.youtube.com/watch?v=6DHMAwAeRMA. I'm unaffiliated with the channel.
The video front-loads some information that many readers here will already be familiar with (along the lines of "what's a kernel and who decided to put so many rings on it") but overall it's a nice light watch.
VAC is laughable. The state of cheating in CounterStrike has always been one of the worst games in the industry. VAC doesn't even stop blatant spin botters.
This is especially bad because in CounterStrike, a "game" is a one hour commitment with the same group of people, and most people near the higher levels of rankings report getting a match with a cheater in about 1/10 matches or more. It's so bad, there are MULTIPLE third party companies whose entire product is "we install a rootkit style anticheat software so you can actually play counterstrike" like Faceit.
Counterstrike official servers are unplayable because of cheating.
I mean, christ, Warowl literally had a video last week about how it's impossible to play the new counterstrike because of cheating! Philip should definitely be aware of that situation.
Holding it up as some sort of pillar of achievement is absurd.
I know. :( I care, obviously, but there are Dozens of Us (TM) so nothing will ever change. Most people simply do not see it as an issue to begin with, and even those who care somewhat think it's an acceptable tradeoff.
That's old school marketing. Sony knew this wasn't going to be popular, you release bad news on Friday and good news on Monday. The problem is that 1. this is a game, we get more engaged with it on weekends; 2. the internet exists; 3. the entire premise of the game is to band together against unlikely odds, the sentiment of camaraderie is there.
> People did not buy the game with that requirement
That requirement/disclaimer was present on the Steam store page the entire time the game was actually available for purchase.
The main issue was that it was not actively enforced due to server issues at the time - which the studio CEO acknowledged:
> I do have a part to play. I am not blameless in all of this - it was my decision to disable account linking at launch so that players could play the game. I did not ensure players were aware of the requirement and we didn't talk about it enough.
We knew for about 6 months before launch that it would be mandatory for online PS titles.
> The main issue was that it was not actively enforced due to server issues at the time - which the studio CEO acknowledged:
I'd say the bigger issue is that Sony listed the game for sale in many countries in which the requirement to have a PSN account could not be met because Sony doesn't offer PSN there.
If PSN were available in all of those countries then having the requirement listed (which of course nobody reads, because we're programmed to ignore that sort of thing) would be a reasonable out and I'd be fine with telling people to suck it up and make a free PSN account, but the unrestricted selling in regions in which that requirement can't be met was a huge fuckup that's entirely on Sony (and likely why Steam rightfully started giving people no hassle refunds).
The biggest issue is that the game was being sold in countries where people couldn't make an account in that country (and where making an account in a different region would be against the ToS and there's no customer support for these people). You can't sell a multiplayer only game in 177 countries that people aren't allowed to make a required account in, then not expect people not to be extremely upset.
In fact, it's insanity that Sony can sell consoles in all these countries without allowing them to make accounts when they literally require it for significant functionality. How is that okay?
Idk about Steam but even if that's true, some people bought physical copies of the game not expecting that bullshit. Many were not in countries where PSN even operates. It's bad business for sure. If it needs PSN then that needs to be the first thing you see in the description, like "Now available exclusively on PSN..."
Idk, that's what I heard. I looked around and the standard $60 edition comes with PS and PC versions. I can't say if one of those is digital only, but even if it is some people were not happy campers about the PSN requirement not being advertised. I assume the PS versions of some games can be played offline with no account, but idk. I don't have a Playstation or a PSN account.
All non-free PlayStation games require both a PlayStation Network account and an active PlayStation Plus subscription for online play. Free games don't require a subscription but still require an account as far as I know. And seeing as Helldivers 2 is online only, you need both an account and a subscription to play it at all on a PlayStation.
weekend / Friday changes are really the pandora's box. It's really enticing to publish on Friday because usually it's a slower business day, and you have time to really monitor the publishing / do the talk to make decision, but it comes with a big risk that you won't feel the impact until Monday.
You're both right and wrong. You'd be surprised how much impact 100k people can have in national changes. The whole stop killing games initiative is a lot less and it's at least getting a little bit of buzz.
But the thing is you gotta do more than downvote on steam to do that. That's where you lose people. I'm sure many web devs here can attest to how much traffic is impacted by an extra click. Ironically, logging into a new website to fill out a form may be enough to kill so much momentum.
