Quoting: ShmerlIt's designed to enforce something as an expression of that lack trust. You can call it "spy" in a sense that this policing tool monitors something in your private space (up to the kernel) becasue it doesn't trust you. That fact alone (regardless of what exactly it's monitoring) I think is a good enough reason not to trust it in return and assume that it could do more than it declares it wants to do.

Well, sure. That's a choice that everyone can make by not installing a game with anti-cheat (or declining its license, which is the same). Unfortunately, as of now there aren't good middle ground options, as we discussed in earlier posts.

View this comment - View article - View full comments

Quoting: Purple Library GuyBut it is not just very likely but an absolute certainty that, if that calculation were to shift such that they thought there was a net gain from such action, they would do it in a heartbeat. And Sweeney would cheerfully lie his head off about it.

No. It is a very, very wrong view not just about the company, but about Tim personally. Please don't say that if you're trying to talk to me. While I am not a close friend, I know him enough to not allow such opinions of him.

View this comment - View article - View full comments

Thanks for elaborating, BTW, much easier to understand where you're coming from. I agree with most of your stances, except maybe the below (although I can still understand it):

Quoting: ShmerlBut anti-cheat? It's explicitly designed to spy on you (though formally just for the narrow purposes related to the game). I'd say in regards to trust it's like in a whole worse category than other blobs above due to that.

I guess I am a bit biased because I have _some_ idea what anti-cheat usually does and what it doesn't, so it's easier for me to see it as more benign. Yes, the kernel part of an anti-cheat (if it has such) usually hooks up to sensitive syscalls like process creation, library loading etc, which can raise a lot of suspicions. However, they are concerned with a particular process (the game), and what happens to it. E.g. they flag stuff like an unfamiliar dynamic library being mapped to the game's address space or certain parts of the process memory not being the same as they expect - that's usually the extent of their "spying". They have no interest to "spy" on things that a user would be concerned about (like e.g. files or what not), and try to filter out everything not related to the game as fast as possible, because they need to not slow down the game they are trying to protect. (Note that this is a difference between the anti-cheat and anti-virus software in that regard, as AV tries to "cure" the system and rid it of the virus, AC doesn't care about "fixing" a game that was tampered with).

But I totally understand that this can all sound very abstract. And especially if there's no trust towards the developer, the very fact of allowing their software to hook up to the kernel can be a big no-no.

View this comment - View article - View full comments

Quoting: ShmerlUsers also need to accept the rules of the service, yet they can cheat right? I.e. the company doesn't trust the user despite the EULA. And not only doesn't trust, but deploys spyware-like capabilities on user's system, meaning treating all users as suspects by default.

Well, this is a grim way to look at things, although I don't blame you for taking that POV. However, IMHO the situation is more analogous with, say, airport security. Both sides assume the good will of the other, but it needs to be enforced. However, the enforcement isn't arbitrary - there are accepted limits what can be checked and what cannot, and everything is done in a respectful manner. Similarly, anti-cheats (at least ones I am aware of) don't do keylogging, screenshotting, disk searches, or other sketchy stuff that indeed could put them into the malware category. Everything that they can possibly do is laid out in that legal agreement (which, granted, few people read carefully), and all these activities are limited to enforcing the integrity of the game. Pretty much the only thing that the anti-cheat prevents the user from doing on their machine is modding the game - which IMHO is a reasonable "price" to pay for playing it. For many players of online games, their account and its integrity, fair play during the prized competitive tournaments and such, is more important than the ability to run Reshade.

Of course among the Linux users, especially typical users, there's very little, if any, trust to closed source in general, and to closed source kernel components in particular. However, Linux gamers are crossing the boundaries - a lot of us do not mind running many closed source components on the system (the games themselves), including the drivers. Again, in that case anti-cheat doesn't stand out that much.

View this comment - View article - View full comments

Quoting: ShmerlBut I just don't see lack of current solution as a reason to erode users' privacy.

While I agree with you, I want to stress that anti-cheat isn't a malicious software that has no boundaries. Anti-cheats are governed by EULAs which sets the limits of what they are allowed (by the user accepting the EULA) to do (e.g. https://www.easy.ac/en-us/support/cardlife/account/eula/ [External Link]). In principle, the situation with trusting the anti-cheat does not really differ from trusting the closed source kernel you're running on other platforms, or closed source binary drivers (or firmware) you might be running on Linux. In all these cases the trust between the user and the vendor is enforced via legal agreements that both sides accept as a reasonable compromise between the system's functionality and their control over the system. Different platforms (PC vs console) offer a different degree of that control, but in all cases they are based on the mutual agreement.

View this comment - View article - View full comments

Thanks! I have been around for a while here, mostly lurking though.

The problem with AI isn't insufficient investment IMO. While I'm not an AI expert either, I assume that it might be similar to the situation with self-driving cars - the whole industry pours tons of money on that problem yet no reliable solution is coming out. It's not like it's a new problem, it's at least as old as multiplayer games, and server-side solutions have been brought up years ago, but I am not aware of any breakthroughs there. Whereas current games need reasonable protections to be enjoyable for the masses right now, because otherwise it's just too easy for a minority of toxic players to spoil them for everyone, even with the anti-cheat measures in place it is a constant battle on platforms like PC. So it is what it is...

View this comment - View article - View full comments

Quoting: ShmerlThere is. Develop an AI that will analyze user behavior while running server side and will detect patterns that will be deemed as "illegal" by the game.

This is indeed an open area of research and work. However, as far as I am aware - and I'm not an anti-cheat specialist - there isn't enough robustness as of now yet, to avoid false positives or missing the cheaters, and more importantly, the current solutions have a fairly long lead time, which cheaters can beat by recycling the accounts faster (in a free-to-play game at least). So while a promising area, this is far from a solution that can be enabled "right here, right now" to combat today's cheaters, unfortunately.

View this comment - View article - View full comments

Quoting: Cyba.CowboyYour comments imply that you work for - or have some direct involvement with - Epic Games, @RCL...

Yes, I do work there, not on the anti-cheat though. And here I'm privately, as just another Linux user.

Quoting: Cyba.CowboySo how then, is it that Fortnite: Battle Royale is available on Android-based operating systems

I don't run the numbers, nor if I were I could disclose them, but my hunch is that Android is still a much more locked down platform than a regular desktop Linux. Or at least the proportion of the players on that platform who are willing to seriously mod their systems for cheating is low enough. Again, I trust the judgment of the anti-cheat people who are experts in their area.

View this comment - View article - View full comments

Quoting: ShmerlIt is bold and based on a simple idea - messing up user's privacy and security becasue developers don't want to spend effort on proper solutions is unacceptable.

Arguing from this position (that Linux shouldn't have any kind of DRM) would make any non-DRM-free game distribution platforms on Linux a non-starter, would it not? I though it is a commonly accepted position here on GOL that _some_ DRM is acceptable as a trade-off, otherwise why we're even discussing Steam Decks which aren't DRM-free.

Abstracting away from that, there's a deeper philosophical issue here. Freedom of one user ends where the other's freedom begins. In a multiplayer game, be it commercial or not, there exists a shared trust that needs to be enforced. You are trusted to obey by game's rules, and the others need a way to enforce or at least confirm that. There's no good solution for that (as far as I know) in a FOSS OS, except, as you said - "doing everything on the server". Which, if you try to actually implement that, will result in either a _very_ thin client (like a video player to replay the stream rendered on the server), or an extremely unresponsive, unplayable except on the LAN, game. You seem to maintain that there's the "proper" solution that avoids both of those downsides and yet doesn't limit the user's freedom. I am afraid that if that solution truly existed, it would have been found by the industry already... So far all anti-cheating solutions in current practice involve a compromise, i.e. some form of the DRM on the client. Respectful of the users' privacy and not overstepping what's not needed to protect the game, but limiting some of their freedoms nevertheless.

View this comment - View article - View full comments

Quoting: ShmerlNo one said you need to have a preventive anti-cheat.

This is a rather bold statement to make, without having the data or likely even an idea about the health of the game. I don't know what grounds you have to state this, but I trust people in the trenches whose full time job is fighting cheaters, and they say otherwise. If you have relevant experience in the area, you're welcome to apply and join the anti-cheat team...

Quoting: ShmerlOr to put it differently, the elephant in the room is that you don't need it to make the game good enough. But good reactive anti-cheat is a hard and expensive problem to solve. Not impossible.

As I said before, there is a server-side anti-cheat and it works in conjunction with the client-side one. Contrary to what is assumed here in the thread, the client isn't absolutely trusted. However, limiting the attack surface is essential to keep the scale of issues small.

Quoting: Cyba.CowboyWhat I don’t understand, is how there are so many online games throughout the world – including for many, many Linux-based operating systems – that operate their own, respective solutions to prevent cheating… Yet Epic Games is adamant that there is absolute no possible way they could do the same?

There are multiple possible explanations for this. First, the games vary wildly in their player base. Cheaters tend to attack popular games where they can make money selling the hacks, if the market for the hacks is small they won't care about the game. Game distribution model matters a lot, too, if the game is behind a paywall, it makes cheating naturally more expensive than when it's free to play. Last but not least, Fortnite security is one of the best in class, as exemplified by statements like these:
https://www.reddit.com/r/FortNiteBR/comments/ftqic7/muselk_speaking_facts/ [External Link]
https://www.reddit.com/r/pcgaming/comments/b1giwg/why_didnt_fortnite_have_a_major_hacker_problem/ [External Link]
https://www.essentiallysports.com/fortnite-keeps-cheaters-at-bay-unlike-valorant-and-call-of-duty-epic-games-esports-news/ [External Link]

All in all, I understand the emotions in this thread, but it doesn't help anyone when people go for the simplest explanation possible - "oh, it's because they are stupid | evil | cheap". Cheating in online games is a serious problem even on consoles, where it is mostly contained (I again encourage watching this video to see how this was achieved: https://www.youtube.com/watch?v=U7VwtOrwceo [External Link]), much worse on Windows, which is still a relatively open platform (although it moves to become more sealed, which isn't something I personally like), whereas Linux is not even designed to limit their users' freedom, which poses a fundamental and philosophical issue - how to prevent bad behavior on a platform that trusts their users completely? People who are smarter than me are working on this and don't have a good (or economical at least) solution so far.

View this comment - View article - View full comments