This seems like a pretty grass roots effort to me: mothers horrified that nude pictures of their 12yo daughters are being created with generative AI. These young girls (not yet women) are indeed victims, no narrative construction required, and stories like this can easily spread virally among parents, esp. mothers of girls, without any push needed. I'm not even sure tech regulation is needed or sought: a few lawsuits making this unprofitable as a mobile-first service will probably reduce the barrier-to-entry enough to protect most youngsters. Only the most motivated zoomers can use the command line.
I am suspicious of the fact that this appears to stem from a free service: I assume they are collecting data, but I thought using or storing images of minors required consent from a guardian in Europe?
The mass media (including social networks) get to pick and choose what they broadcast. No matter how hard you try or how despicable something that happened to you is, if the mass media don't want to give you coverage, no one will ever hear of you.
So yes, this is getting publicity because the government wills it.
Imputation is a fairly common technique that would be familiar to most molecular or computational geneticists, especially those used to working with poor samples. There are software packages to assist in the calculation.
The point is imputation is used regularly in genetics, just not on forensics. And for good reasons. This case is old enough to be a curiosity, an amusing reading. But 70 years ago it was a potential murder case.
Imagine a forensinc lab using imputation to identify some samples and arresting someone based on them. It takes only a slighly interested lawyer to destroy that evidence at trial, saying that imputation is, literally, making up a good amount of data. In fact, defendant lawyers put a lot of effort in invalidating evidence, and imputation is quite easy to attack.
This case is a good sample to build upon it, to try to introduce imputation as a victim identification. But forensics move slowly.
The claim that the real value in art is in the idea rather than the execution seems to be as true as the claim that the real value in a startup is in the idea. Artists are constantly in dialogue with their tools to produce and define their idea, and to discover new ideas and capabilities along the way, in the same way the Intel head Andy Grove advised technologists to be involved in the engineering & production processes.
A game whose popularity & longevity has become a cliché, Skyrim, is usually played in 1st person. Myst & Doom were both known for their ability to engage players in a flow state in their heyday.
I take your point about narrative, but I think first-person games are giving players a different experience -- agency & flow -- compared to the identification you experience in a 3rd-person game.
Joel Spolsky used the dilemma of being ambushed on a minefield (to make a different and almost orthogonal point) in a way that illustrates how norms that are not individually useful -- or even rational -- can be essential for group survival. [1](https://www.joelonsoftware.com/2006/08/08/the-command-and-co...)
Right now we're in a transitional phase where DNA data is integrated with traditional police work, where there may be a priori reasons to suspect someone before invoking DNA data to strengthen the case. Even this raises serious questions about privacy (the BTK killer even moreso than this case: they found him using his daughter's pap smear).
What is more worrying is the incentive to go straight to DNA in the future, entangling lots of innocent people in DNA dragnets because of the birthday problem at scale.
Modern anticheats are basically kernel rootkits which go even to the point of trying to checksum your drivers and inspect how they work. They're basically as invasive as they get.
They obviously can't hook into Linux kernel so they react by just banning the player.
This is why I have a separate Windows PC for gaming, that I do not ever put personal information into, or use even to sign into my personal, non-gaming accounts (e.g. Gmail). Perhaps not a good solution for everyone, but I think that's what the world has come to.
This is why I settled with a PS4 last year. Even on a Linux PC, I would feel "dirty" with games and steam installed, and I can't afford a PC exclusively for gaming. A PS4 costs 300€ and runs Skyrim, so I am quite happy. I am also speculating that the PS4 will become completely owned by the community and ultimately runs Linux without anything missing.
At one point I built a "Steam Box" that ran Windows (because, at the time anyway, lots of things didn't run on Linux), and hooked it up to the TV. The only problem I ran into was that lots of games don't do controllers well, either.
I have the same setup and controllers aren't really issue on modern games anymore - they're all released for consoles as well so they usually feature good controller support.
I did the same thing. It ended up being used mostly for watching streaming services instead of gaming for social reasons (the TV is in a shared area). I ended up buying an even bigger more powerful gaming PC with dedicated gaming keyboard and mouse and no controller. Linux for work, Windows for streaming TV, Windows for gaming.
Something that I find interesting is that anti-cheats are needed when either 1) the input can be somehow enhanced (think fps aim hacks) or 2) more information than the player should have is being sent to client (think fog of war or wall hacks). That's hard to avoid in shooters, where you need that behind-the-scenes information to reduce perceived latency. But games that don't have that low-latency-hungry "twitch" element, like strategy games, turn-based, etc., can make do without information that would enable hacking (and they usually don't benefit from input hacking either). I'm currently working on a pvp strategy game that uses an exaggerated input delay as a game mechanic, which also gets rid of the need to send information that the player shouldn't have: ground-truth is computed server-side and after pruning and transforming according to each player's perception, streamed to the clients. That's unhackable in the game hacking sense.
While technically correct, first person shooters might be the most popular multiplayer genre. In practice it's more accurate to says special cases are the games which do no qualify to the categories you outlined above.
As for turn-based games, they work better as board games unless you have a pandemic going on. In theory simultaneous turn games are possible but rarely observed in practice. Dominions games, Laser Squad Nemesis, etc. Sequential turns (A/B/C/D) scale very badly and human face to face contact makes up for that.
Also, if you're going to automate bots on a large scale (for resource farming or just interfering with other players), Linux makes more sense for the same reasons it makes sense for other server based software. Combined with a lower player count, devs decide actual Linux gamers are acceptable collateral damage sometimes.
Or anti-cheats looking for unusual factors of the execution environment that might indicate cheats using DLL hooking, or just something wine does differently to windows.
Now I'm biased because I'm an anti-cheat developer, but I really can't see how checking the integrity of your installed kernel device drivers is at all invasive.
I use a generic xbox 360 wireless receiver for my PC. The device drivers are an unsigned version of microsoft's drivers. Should I really have to buy the identical dongle for double the price, so that developers can dig into the depths of my OS to confirm that I'm not using a clone receiver?
I honestly see both sides of it, but at the end of the day, I am always hesitant to trust software with black-box functionality deep access to my computer. When I see a sudo command
We are already at the point of computers being able to balance a ping pong ball on a flat surface using just cameras. I can't imagine we are far from cheaters using entirely decoupled computers to physically control devices.
It doesn't seem those take the game output into account, maybe I missed something but they just seems to be controllers with scripting capabilities.
The idea of a decoupled cheat would be to acquire the game state from outside the computer running it, either by filming the screen or taping into the video output or the network input, then analyze it and run some aimbot (or any other kind of cheat) on it and finally send the cheat commands as if it came from a legitimate controller, through usb.
I have a similar generic receiver, with some "not genuine" hardware ID.
I just force select & install the signed microsoft drivers. The trick works in all versions of windows that I tried.
It's none of the game's business what other software my computer is running.
These checks have in the past been notoriously buggy, and can interfere with other operations.
This kind of crud is what remote attestation is for, and Microsoft should be responsible for developing it, not every different gaming company competing with each other for kernel access.
I agree, but at some point you have to decide if the tradeoff between the freedom to run whatever you want is worth the invasiveness of having an anticheat software analysing your system in-depth for cheating softwares is worth it.
In a way, it's true that it's none of their business which softwares you use, but it's also their business to make sure the multiplayer experience is fair for the entire userbase.
I guess that's the beauty of games consoles, where the execution of softwares is tightly controlled to minimize piracy and cheaters.
Maybe that trade-off should be more flexible and dependent on the "league" a given player wants to play in. The criteria could be more strict for the "pros" where cheating can lead to significant gains, like professional athletes who have to pass regular anti-doping tests, but you wouldn't expect the same invasive checks from (for example) people participating in a charity run.
Years ago I read about some game service that detected cheating and put cheaters into games with other cheaters. The author said it was pretty effective.
Reminds me of Game Dev Tycoon's clever anti-piracy trick, where they released a "cracked" version of the game on file sharing sites shortly after launch. The "crack" disabled the copy protection but also changed the gameplay so that NPCs would pirate your products in-game and drive you out of (virtual) business.
Good point, I haven't played games much since the late 90s and I'm returning to gaming only now (partially thanks to Proton), so my experience with multi-player is based mostly on modem or LAN parties with friends, where the social aspect helped to prevent cheating. I guess it's very different now when you can play with random people on the other side of the world.
Fwiw, my solution does actually take advantage of remote attestation, and if that is validated, a large part of kernel integrity checks are skipped. The problem is that many “gaming” consumer motherboards don’t ship with TPMv2 or secure boot, and we still have to support those computers.
I understand that, fundamentally, anti-cheat involves taking some form of control away from the player. But when the solution involves deeply embedded hardware modules that take that control away globally, introducing their own host of problems, I think that goes too far, and the cure might be worse than the disease. As a player, I wish there was a way to make sure that the anti-cheat only runs when the game runs, and only checks stuff related to the game and nothing else.
When you can remotely prove that the entire boot chain has not been tampered with, it’s much harder to load cheat software in the kernel layer. Of course, still possible, just harder and easier to detect.
How does this address the fact that windows has 100s of badly written drivers that allow r/w to kernel? This seems to only stop the most advance cheats that actually execute at or before boot.
Secure boot addresses other specific security concerns that are unrelated to exploitable drivers. For instance, it eliminates a whole class of PatchGuard bypasses.
Sorry to derail, but how often does anti-cheat development involve buying access to a cheat just for the purpose of reverse engineering it? Is that pretty much most of the time or is there enough evidence collected from logs to be able to infer what was happening?
This is largely dependent on the passive collection capabilities of a particular anti-cheat. Sometimes getting a copy is useful to just to make 100% sure the detection you wrote works as intended. Sometimes it's because the techniques used are novel. Most anti-cheat vendors do this.
> It's none of the game's business what other software my computer is running.
I get the sentiment here but we're specifically talking about a mechanism specifically designed to detect other software that is used for cheating.
The alternative is a world where games will only run on machines with SecureBoot, a signed kernel with kernel security on, and only whitelisted signed modules.
There isn't a good solution for how to run games where the clients have to be semi-trusted on a hardware and software stack controlled by the user. If you give me total control over the environment in which a program runs I can make it do and believe anything.
Maybe the game servers could not send the whole game state to each client and validate input it receives from each client? Banning blatant aimbots is just a pure statistics thing. Also, you could just train ai to detect patterns of cheating via an adversarial model where you pit normal ai against ai that uses the cheats you currently detect via rootkits.
Games should not be part of my ring 0.
Game companies do take a similar approach to what you're describing, but still feel the need to run anticheat. If you ban aimbots based purely on statistics, you'll just encourage cheat developers to change the statistical properties of their aimbots. Cheats are a fairly big business — even detecting them with anticheat software in ring 0 doesn't seem to be a surefire guard against cheating.
Well, if an aimbot is only statistically as good as a good human player, does it matter anymore whether the player actually plays or a good bot?
If it is only as good as a real player than it won’t be invincible and will be equivalent to playing with a few AIs in a multiplayer game - which already happens.
Also, I believe the exact mouse movement will not be the same for a human and an aimbot - so not only statistics can be used to ban players
If a player consistently has a sub 100ms response time, it is a bot. There are plenty such values to be found that have clear superhuman markers (100ms on average is already realistically too low, so I'm being mild), and you can use those to detect cheaters.
I remember playing a first person shooter called Red Faction on PC maybe 15 years ago. Through some poking around I (and many others) discovered that when a client joined a multiplayer game, the server would instruct each client to load a large .dat file local to the client containing presumably a bunch of global assets. Within that were numerous object, physics and game state variables in plain text ripe for the picking. The server would proceed to accept any .dat file that contained the necessary declarations regardless of their value.
I recall seeing players hovering in the air and spinning while shooting rockets out at hundreds of rounds a second. There was also a way to modify your files such that you could crash a game just by joining it. The experience was as interesting and fun as it was awful.
I play various games where they developers try hard to prevent cheaters and they still get through and ruin a small but significant percentage of the games. I can't imagine how crappy an experience it would be if there was no cheat protection at all.
I'm going to point out that if you want to go down this route, it is insufficient to just check that the base drivers are untampered with and signed by Microsoft or whatever vendor still.
You now maintain a list of potentially vulnerable drivers that can be used as a jumping off point (such as virtually every motherboard RGB or fan control system), and ban users that have these or hard-disable them at boot. There are some games that have caused machines to overheat by disabling cheat-jumpoffable fan controllers.
On top of that, you effectively have to maintain a whitelist of acceptable drivers, because cheat vendors are registering limited companies by the thousands (only $20 in the UK), getting an EV/codesigning cert, and signing their own drivers. Higher end cheats cost enough to offset this, and there might be less than 5-6 people using a particular certificate. Some of the people behind these also release vaguely-useful legal tools signed with the same certificates to get a large install base for them so they don't stick out.
That being said, IMO as a player, this is invasive as hell, and you should not be crawling through my flash drives, identifying my mouse, killing LogitechMacroSoftware.exe, etc. I'd rather you just collect snap/targetting/click timings server-side and run anomaly analysis on those rather than digging an asshole into my computer.
Also, now I have 5 different "kernel anticheats" running 24/7 simultaneously, half of them are horrifically written and known-insecure, and the other half need to figure out how to not explode spectacularly when the broken half tries to probe and kill it.
Korean MMOs are particularly bad for this and when forcefully uninstalled might permanently destroy disk access, make Windows non-genuine and deactivate it, and send all their data over plaintext (no TLS) with a bizarre, homegrown "encryption" method that is trivially breakable to a bare IP somewhere.
With KMMOs as an example (many of these reward you for staying logged in, have daily rewards, and similar; the game itself is fairly low resource when minimised), GameGuard and HackShield and XIGNCODE constantly have slap-fights where they bluescreen or flop over or die if you try to run multiple of them simultaneously and they try probing and killing each others' services for trying to tamper with themselves. It's like that ridiculous "what happens if three programs all try to demand Always On Top for their window", except give all of them heavy weaponry. These also have severe NIH syndrome for things like homemade shitty crypto and plaintext everything.
Before I “switched sides” to anti-cheat, I used to write and sell cheat software for CS:GO. I had a registered company and purchased an EV code signing certificate just as your post suggests, even getting my cheat drivers signed by Microsoft. I am very familiar with the process given than I’ve seen both sides now.
While other anti-cheats maintain white lists or blacklists of vulnerable drivers, I’ve chosen a different route that doesn’t have the same pitfalls you suggest. Our anti-cheat also doesn’t run 24/7, only when the game is running.
I'm guessing this is a mix of attestation and inspecting what they actually do instead of just blindly checking the certificate and that the signature is verified? I'm curious how well executed that works when it comes to less well behaved anticheats (like Riot's Vanguard generally stays hands off, but GameGuard will immediately heartbeat a "ban me" and intentionally cause a bluescreen to cause you to "lose any data collected by your debugger" when it notices it's being looked at).
This type of BS is super common in Asian countries/published MMOs and a bit less acceptable in the west (you still have EAC and battleye, but at least they make an attempt to use TLS?)
Another insane example: xigncode has long since advertised a feature that the game developers can remote control into your PC like VNC. I don't know whether any developer has chosen to actually enable it, but the fact that they push it as a feature is some serious clown-egg-face.
I’m not going to comment on the specifics of what we do besides what I’ve already said. I will say that I’m really pushing to change the perception that all anti-cheats are bad and are user-hostile. I’m trying to build a product that shows that anti-cheats can actually respect user privacy and provide a positive player experience. And I’m trying to do it by better engineering.
Vanguard I believe would intentionally bluescreen you if it detected you’ve disabled PatchGuard. They had very good reasoning to do so, but I wouldn’t do something like that since I believe it’s user-hostile. Battleye I believe actually doesn’t use TLS last time I checked, using some sort of home brewed XOR cipher which is a bit scary. And of course remoting into computers is unacceptable under any circumstance.
I appreciate that you are trying to do this with respect and hope you succeed.
I've done both sides (largely MMO-stuff as a kid), and for me, I'm done dealing with all this invasive garbage, and just spin up a fresh EC2 GPU instance when I want to play something, and simply don't play the games that choose to disrespect and abuse players to the point of not even allowing GPU passthrough (I can somewhat understand banning emulated GPUs; have dealt with people farming referral accounts a hundred at a time each queuing for games at <5 FPS).
As a guy who plays games that have a lot of cheaters, it is incredibly frustrating. Riot's rootkit shit is a small price to play enjoyably with friends. I care more about the experience than I do about the risk of Riot fucking up my Windows install.
Keep doing what you're doing. Just, if you'd leave the anti-cheat off friend-to-friend-PvP games, that would be cool. I don't care if my younger brother 'cheats' against me. He's not going to and if he is 'cheating' it's probably some mod or something.
The problem with Riots anti-cheat (at least to me) was that it runs all the time not just when you're playing the game. This is completely unnecessary and a pretty huge security issue.
They've sort of fixed this now by letting you disable it, but it requires a reboot so I'm still avoiding Valorant for now.
Assuming you mean Dota 2 I haven't played for some time but it used to be somewhat common 3 or 4 years ago for people to run scripts to instantly cast hex as soon as opponent appeared on their screen this effectively gave people inhuman reflex times.
You could tell they were cheating because if you watched replay from the cheaters point of view their mouse cursor would jump from current position to hovering over the target instantly and then immediately jump back to cursors original position all within a frame or two.
It is still a problem, although admittedly I haven't seen cheaters myself. Valve will soon™ take Overwatch's replay analysis aproach[1] for anti-cheating, though.
Because anti-cheat software is buggy, triggering a kernel crash which makes the whole machine unusable is a real possibility, additionally by running in kernel mode, the software bypasses all the OS protections, this can end up terribly if there's an exploit.
Most drivers suffer from this. There's nothing special about anti cheat drivers. It's probably much better tested than the random driver that a hardware manufacture might provide to control some random fan LEDs.
What if I use open source drivers? How are you going to do that? What business is it of yours that I might write my own? Or (more likely) patch my own? What about my HID drivers? Sensitive keystrokes?
Yeah, I just don't see games needing access to such kernel level items.
There’s nothing stopping you from using open source drivers, actually. Plenty of open-source projects like Dokan will typically run fine with an anti-cheat (ours will, certainly). What stops you from running a patched version is actually Windows itself, since Windows requires drivers to be signed with an authenticode codesigning certificate. Plenty of open-source projects and people have one, though. So it’s not an anti-cheat blocking you, it’s Windows itself. Of course, if you go out of your way to disable driver signature enforcement, most anti-cheats will prevent you from playing, but this is a mode strongly discouraged from Microsoft and does weaken your computer’s security.
If anti-cheat is the thing that cares about whether windows is running without driver signature enforcement then anti-cheat is the thing that's blocking me.
My own example: I have an xbox 360 dancemat, which is unusable with the official drivers (they map the arrows as axes, so treat left + right as nothing). So I have to use the open-source XBCD, which frankly I'd treat as more reputable and better code quality than most signed drivers. But since no-one's paying the $100+/year to sign it, it's not signed. And while I understand why Microsoft wants someone to have skin in the game before they issue a driver signing certificate, they really need to find a way to ensure that reputable, established open-source driver projects get signed if they want users to accept driver signing; I wouldn't even mind being stuck on an old "certified" version or something.
I sympathize with you and wish it was possible to support your situation and those similar situations like yours. It’s just disabling signature enforcement effectively removes a key security boundary between kernel and user space, something that that would just be too easy for cheats to exploit.
> What business is it of yours that I might write my own?
If they're providing online servers for you to play on with other people, under the condition that you aren't cheating and they are responsible for stopping cheating for everyone, they very much do care and it is their business, if you want to use their servers.
Having custom drivers is how you get wallhacks or custom mouse control macros that eliminates some of the challenges imposed by the game (e.g. automatic recoil control).
For a single player game, I agree, who cares, but for online games that live and die by competitive play and stopping cheaters so people can enjoy it, there's only so many options of how to find cheaters and so much resources to put towards it, so you get stuff like this.
Because the preferred deployment method of a lot of these cheats is via drivers so they look transparent to the game and are harder to detect from a userspace application.
Unfortunately, your model is just fundamentally broken. Non-system software should never have that level of access to the whole system, and a good operating system should block it for stability, security and privacy reasons, just like any other malware.
No doubt there will continue to be intrusive anti-cheat software in use with some games for a while because some people are disturbingly desperate to play those games and they use operating systems that are junk. Some people still pre-order games too, even though it's illogical to extend that old physical world idea to downloads.
But in the long run, this kind of software is a liability. Better operating systems and more gamers moving to them will eventually kill it for that reason if nothing else does first.
Given that cheating only matters if it actually affects gameplay unfairly, it has always made far more sense to look for cheating through its effects on gameplay anyway, which is something you can observe server-side in an online PvP game. Trusted client-side security checks make no more sense in this context than any other. So it's not even as if killing off the intrusive client-side anti-cheats will lose anything of value in the long run.
I think the reason why anticheat gets a very unsympathetic hearing is because it's frequently buggy or unpermissive, and people fundamentally don't like being locked out of their games. As a Linux gamer who's just unable to play some titles that run fine on my PC because the anticheat doesn't, any perceived flaw in anticheat immediately winds me up.
On Linux, you can check to see if the kernel is operating in lockdown mode to verify the integrity of the system. Lockdown mode forces all modules to be digitally signed and trusted by the kernel keyring before they can be loaded. This would functionally be equivalent to what you do on Windows.
No, that's something completely different. The kernel is tainted when you load out of tree modules and only means they won't look at your bug reports. Lockdown mode is something similar to the Windows driver signing https://www.phoronix.com/scan.php?page=news_item&px=Linux-5....
https://www.reddit.com/r/VALORANT/comments/g3yqxd/comment/fn... when the anti-cheat developers dictate what you can install and run on your computer, i would argue thats invasive. Running kernel level rootkit for this purpose is also insane. These things are very easy for cheaters to bypass anyways, and only cause problems to the honest players ironically , in addition to blocking out players using wine.
The best way to handle cheating is to give the players moderation powers.
Players have a hard time telling if someone is cheating or not. Especially in game when you're not spectating. Did they see you through a wall, or is it just good game sense? Did they use an aimbot, or is their aim that good, or they did they get lucky?
Has worked well ages for games that had replay and spectating capabilities. MMOs are usually slower paced than fps games so in those server-side checks alone are enough. (Most asian mmos are lazy though and just trust the client and hope their shitty anti-cheat keeps cheaters away, of course it doesnt)
Games for some reason today want single central server, instead of dedicated servers with user maintained communities is part of the problem. (E.g. cs:go vs older cs)
User maintained communities are not friendly to new users. CS:GO has user maintained communities, but most players do not use it. You can't build a community without new users, and new users want to play the game, not build a community.
Especially with team gameplay, players want proper skill based matchmaking. So that they don't have someone on the other team who destroys them. Or someone on their own team that is dead weight.
CSGO relatively heavily suppresses "user maintained" community servers, the entire experience from onboarding to client launch prioritses the Valve-run official matchmade servers for casual/competitive/etc and any special game modes.
Server browser is a hidden afterthought behind a dropdown.
I was active player during CS 1.6 era. I really didnt see the issues you mention and rarely actually met cheaters. When i did they were quickly vote kicked or banned out.
And times have changed. The spread of skill levels has increased with better players getting better, and more and more new players.
As well as more structured games that are not 10v10, but rather smaller 5v5 or 6v6 games, where each player can make a difference.
Cheaters are better at hiding too. Toggling aimbot for a quick kill or two isn't enough to arouse suspicion, and can be passed off as a lucky headshot. Just because you think you've never run into a cheater doesn't mean you haven't.
On the other hand, a really skilled player might be good enough to make you believe he is cheating. Getting vote kicked or banned out for that is not good either.
And anti-cheat doesn't really help the problem either at all. They are easy for cheaters to get around, and it's possible to even have cheat that the anti-cheat can't detect at all as it would use the same inputs normal player would use. Anti-cheat is same as DRM, the only people that suffer are the actual players, not the cheaters or pirates.
It's another social problem that engineers try to solve with technology.
I would like to ask you to present some proof for those numbers. There's also tons of legitimate players that can't play at all since the anti-cheat system thinks their install is not good. At which point is it okay for anti-cheat developers to tell customers to get a new PC (with their approved hardware and drivers) and install nothing but clean copy of windows and their game on it?
Consider game like Dark Souls 3, it has very simple anti-cheat system and trusts the client completely. Yet you rarely see actually cheaters online, this is purely a social problem.
You can search any rootkit based anti-cheat software and find just how many people have issues with them. Just some examples from the infamous riot vanguard which developers boast it being "user-friendly" rootkit.
Anyway, it seems to me that most of those people just need to update their fan control programs. One example I saw was CPU-z which had a CVE in their driver a few years ago. They are using drivewrs with known vulnerabilities. You also need to consider that some cheaters will also spread mis-information.
"Anti-cheat" making their AIOs or fans stop seems more like virus like behavior instead of telling the user maybe they should update or buy different hardware (which even then is shitty behavior just for some damn game).
You literally have rootkit privileges and exist by the grace of most people not realising you get installed. Most EULAs that concern "anti-cheat" have big explicit entries in them about transmitting personal information. Anti-cheat software is the condoned malware of the modern age, similar to browser toolbars a decade or so ago.
Does anyone know a PC gaming website that regularly reviews anti-cheat software? I know review websites get free sample copies and stuff from game publishers... are there any review websites which serve gamers first??
Modern anti-cheat platforms can be pretty invasive and tie very closely into the operating system - ie, if designed for Windows, they often simply won't work at all through some other layer like Proton/Wine.
This is interpreted by many game companies as an attempt to cheat, rather than simply an unsupported use case.
Typically people who write bots will host them on linux servers, so it's easy to blanket ban linux as a whole, that will catch most bots.
Also, some multiplayer games's servers trust their game client's inputs - if that game client suddenly runs on a system that has full control over the game (like linux and the kind of tech savvy people that knows how to use linux to it's fullest), it makes it harder for them to trust that the 1000 players online are not exploiting the game by manipulating network requests right before it goes over the wire.
This is a compromise that devs have to make when integrating network code with their game: if you click the mouse, does it immediately update the server in a synchronous fashion and introduce latency but having guaranteed consistency of your world (while the game state lives on the server and the client is "dumb") OR do you make the game client smart and hold some portion (or whole) of the game world on the client and just send small updates to the server. In the last case there will be less latency but you have an occasional glitch when packets drop and it is more susceptible to attack, since more work is done locally (Path of Exile have/use to have this setting and you could choose which way you want the game to talk to the server - depending on your connection - I think it's automatic now, haven't played in a while). Why do I mention this? I'd argue it's easier to attack this compromise from a linux box or a compromised linux game client - so again, game devs just outright ban linux since that is the path of least resistance.
Another thing with multiplayer: some games, esp older ones, have to have some minimum fps to keep the game world consistent for all connected players. So between fps and network latency and the mitigations/compromises that the devs have to make here, the code becomes realllly messy/complex and can easily turn into a blackbox - a blackbox that maybe only work on Windows, or a windows specific gfx stack or network stack to guarantee the minimum conditions to make multiplayer playable. I mention this because there are quite a few differences in the network and gfx stacks between Windows and linux, add on top of that different windowing systems and compositors (X11, Wayland etc).. the devs will spend triple the amount of work to get their game stable on both platforms. And again, easiest path is to just ban linux since it is harder to guarantee that the game client behaves in a specific way. This is a hard pill to swallow but its true.
And this is why something like Proton exists: it is better in this case to emulate a Windows environment than it is for each game dev to write 2 implementations for their network/gfx stack in their game, and then hope that the two game clients have similar performance/behaviour traits that keeps the game stable (never mind safe against exploits).
Luckily for us things are getting better, esp in the indie space and in some single player games. Some game engines has also made it waaay easier to build to linux so that has become a non-issue at this point. I'd argue the main stumbling block is in the game clients as described above - the compromise between a stable game world in multiplayer games and possible exploits that can originate from linux hosts.
Anyone else have thoughts on this or want to correct me, please raise it. These are just off the top of my head, I'm not a game dev.
edit: another silly thing that differs between Windows & Linux: font rendering. Your gfx might work fine and when you start rendering text you realize you need to rebuild some portion of your gfx stack, which then maybe breaks on linux... so easier to skip linux then you know your text renders correctly.
I think the removal of agency and oversight from the public that is often coupled with "solutionism" - not lack of faith in technology - is a primary reason solutionism has met public resistance. People are willing to sacrifice efficiency for accountability & involvement, and they do not want to hand off priority-setting to technocrats.
I am personally hesitant to embrace a model where "governments have also found success in working together with the private sector to manage information flows during the pandemic", as the author describes Taiwan, especially when coupled with oversight by a bureaucratic cryptid like Marshall at the ONA. The current US versions of a misinformation "Fact Check Center" and "Meme Engineering Team" [0] have not inspired confidence. The list of top Marshall protégés may hint at tradeoffs associated with broader deployment of the ONA approach [1].
