Forcing emulation of natural human movement restricts the level of advantage. Wallhacks/ESP and radarhack can all be hunted for the same way on server side. They turn out to be a simple one a human player has quite a error rate. Private Rust server admins have videos show you how they catch rust players using ESP without client side heck without server side. They set traps. If a player responds to a location the human operating the client computer could not never see they were using Wallhacks/ESP or radar.

Do you need to really know if a person is using wallhacks/ESP or radarhack to ban a player using these answer is no. All you need to know is the player is responding to information they should not know. Is it possible to server implement what the private rust admin do server side yes. Yes some FPS games really do. Nothing really forbids servers from intentionally sending clients a percentage of fake data.

There are games without client side anti-cheat that have had very low cheating rates.



Server side anti-cheat is a lot more effective than one would think. Yes the above paper is done with CS:GO. Turns out players using a aim bot of any form don't have natural human player performance values server side. Even they way a person with a aimbot or used aimbot moves though the map is different to a player who has never used aimbot software. Yes horrible reality you can detect a player who currently has the aimbot disabled who regularly plays with a aimbot due to the signature movement/behavour using aimbots cause. The alteration in play behavour that aimbots cause is part of the reason why players who cheat this way find it so hard to give up using aimbots as the reality is they have learnt to play the game incorrectly. Yes learnt to play the game incorrectly is also why those who use aimbots who decide to play in the in-person competition get wrecked so badly. Yes games with integrated aim assists consoles also have the same side effect of causing a particular style of play because of the aim assist and it explains why a player on console of those games is no good with the PC version of that game that does not have integrated aim assists. Aimbots and aim assists both can cause human player to learn how to play the game wrong/in a particular way that is server side detectable.

Yes your game collects the right stats on players you can in fact catch aimbot users that way even when they are not using the aimbot software. If they are not using the aimbot at the time you might as well let the play as they are going to be one of the weakest players in first person shooter game. Yes being able to detect aimbot users while their aimbot is off means that you can flag them for more detail monitoring and trap place.

Client side anti-cheat is not designed to locate players who in the past have used aimbots who are currently not using them. Yes on your good players at times server side anti-cheat will false positive for aimbot usage but this is under a particular condition of the game. When a good player as a false positive with server side anti-cheat for aimbot it is they are playing against player who are too low of a skill level for them. The reality here is when these false positives on aimbot usage happen all documented cases with a good designed server side anti-cheat the skilled player and the under skilled players are not really having fun and worse for the good player is their skills can degrade if they regularly do this. This is why server side anti-cheat does need a review logic when it trips to work out if it a case of a miss match of skill or if person is cheating.

Reality here playing like a player using a aimbot for a general human player is playing the game poorly when it comes to first person shooters. So if you want you first person shooter game to have a collection of good players who can make good streams in live events you don't want them playing like a aimbot player at all.

That's all very well and good, but the example you mention with Rust requires substantial game developer effort developing their own solution, while something like BattleEye is an off-the-shelf solution they can just roll out and monitor. And spend developer time on improving gameplay instead.

Except that logic does not hold up. The generic client anti-cheat solutions end up with generic solution to render them useless. Server side anti-cheat has the advantage its away from the users ability to tamper. The BattlEye system does not detect at all the modern day automated control hacks. If there is going to be generic solutions in future they need to change. We are needing more server side anti-cheat tech developed.

The example I gave with CS:GO the automated server anti-cheat was not developed by the game developer. Rust it would be possible to joint project with those also running servers so bring the developer time cost down. There is already work done by different server groups running rust to add admin plugins to the rust servers to add server side style of cheat of anti-cheat. Yes this does include adding trap items for cheaters to find that normal players would normally never find.

royce the world of cheaters vs anti-cheat systems is not a static world.

Client side anti-cheat is serous-ally coming swiss cheese. made worse by the likes of the Cronus Zen that alone allows macros to allow faster and more controlled inputs than what are humanly possible include perfect recoil cancel. Yes Cronus Zen allows a lot things without installing any software into the client/console. When it is combined with a second computer that AI controlling it turns even worse.


Yes game fortnite using battleye anti-cheat. Has a plague of cheaters using Cronus Zen alone and also have cheaters using Cronus Zen + a computer to cheat and absolutely no detection. The only way Cronus Zen users with fortnite are getting banned is people reporting them and manual review. Yes this manual review is costing hours after hours of cost that could be going into development as well if they had a better anti-cheat.

High cheater number do reduce sales over time. Remember games with server side anti-cheat done right will detect and ban items like the Cronus Zen because the macro input of a Cronus Zen does not match human input speeds.

How people cheat has changed. Lot more cheats are done without modify the computer/console that the game is running on. Instead you are modify the output or input devices. Like some games that SRGB when playing in what should be dark on a HDR monitor horrible calibrated can result in players being able see in the dark. Again this something someone might have done with a texture pack in the past but they get the same result doing a monitor calibration that items like battleye cannot detect. Remember server side anti-cheat look at player behavour would detect this that a player has a unfair advantage because they are attacking stuff they should not be able to see.

The hard reality the way anti-cheat has been done up to now has to change. The modern technology for cheater to use is ahead of most of the anti-cheat software. The only ones that are keeping up are the less common but also exist and commerial addon options server side anti-cheat that collect player statistics looking for abnormalities.

Yes running 100 percent confirmed not cheating competitions allows building base lines of what is normal action to be compared to find what is abnormal action.

What are you trying to see and why, what's your purpose ?
How do you know exactly what it's doing if you don't see the source code ?

One problem.

Seams safe enough right.
reports data which absolutely needs to be scanned
This is a statement that is big enough to drive a hell load though. Report data their means upload. And what defines absolutely need to be server side scanned. Love the joint and/or on each side tricks people in thinking choice to report has to do with all the other bits in the line when it absolutely does not. Yes the bit I cut out is legally the standalone statement not dependant on any other text in that complete paragraph.

By the EULA license if the USA government said your computer by law absolutely had to be scanned for of X file and asked battleye to-do they legally could do it by uploading your complete hard-drive contents and be conforming to their EULA.

The is a EULA license that is written way too broad in legalise that make seeing that it way too broad hard. Horrible common with client side anti cheat software to have EULA like this that after careful reading you spot that its written to give the appearance that is restricted but in the reality the wording is unrestricted on what it can do..

https://www.reddit.com/r/arma/commen...lao/?context=3
Next question have they ever used that section of the EULA the answer is yes and they have told us how in 2014.
However, it's true that BE can, from time to time, upload executable code (mainly .dll and .exe files) that have been flagged by certain hack-identifying scans to the BE master server for further analysis.
This is a direct admit in 2014 by a employee of the company that makes battleye that the use that section of the EULA.

Have battleye once the 2014 storm about privacy died down after 2015 remove this fact from their FAQ yes they have. Does battleye still do what they admitted to in 2014 yes. By want is admitted to you might want to keep battleye enabled games off development PCs at the least just to avoid the possibility of uploading a .dll/.exe that contents are protected by some NDA agreement . Could it be possible they send other things because they have been order to with the EULA yes it could.

The reality here Turbine majority of your common client side anti-cheat are quite a privacy risk with EULA that means it legal for them to invade someones privacy. Please note they are mostly smart enough to keep what they take not in fact a privacy breach at this stage but they have the legal framework in place that they can without breaking the law.

Turbine really i would prefer if these anti-cheat companies were more truthful about this stuff in their FAQ and write there EULA better so what uploaded and be legal to the EULA cannot be any random crap.

You don't like it? You are free to not use it. But then you won't be able to enter multiplayer servers with mandatory BE requirement either. Can't hold the cake and eat it.
"Scanning system" means it would scan your running process table, graphics driver state/version hardware identifiers and so forth. "Just scanning files" doesn't suffice for what it needs to be doing - find hacking players and blocking their access. It's more than just stupid process verifying file hashes.

My problem is how many client side Anti-cheat software not truful to end users over what they do. I would prefer the players to have in fact made informed consent to be monitored.and in fact know how they can be monitored. Like knowing that the anti-cheat software may decide to copy files would allow a person to make the informed choice to keep their gaming computer and their work computer as two different computers.

This free not to use it arguement I don't see it as a good one. People are not making the free choice to use the anti-cheats that can take copies of files off their system.

Taking copies files like BE does is one of the nicer ones. One of the nasty ones of client side anti-cheat opens up full remote desktop access. Yes this remote desktop access that can seen the screen while person its not playing the game. Your major client side anti-cheats are fairly much smart enough not to do this breach of privacy. Problem some of your smaller client side anti-cheats are not. We are in serous need to truth of risk as not all client side anti-cheats are created equal

I don't see how the effectiveness of client side anti-cheat will be undermined if those providing anti-cheat had a truth document declaring in plain english what the security risk is. Like you don't have to tell us what you scan for just what kind of data you will upload. Is it possible for you system to take random files from the system. Is it possible for the anti-cheat to open a hidden remote desktop to check you screen/hidden screen capture.

aht0 a lot of what I am wanting here is so people can make informed consent from having the information to understand the risk the client side anticheat provides.

Something also horrible here aht0 is that a lot of client anti-cheats in their faq and documentations to user try to play that they are only scanning files and send hashs that when you read their EULA it comes clear they are not only doing that. This is purely case we need more truth in this section of the market. Yes this would mean particular minor anti-cheats on particular games that people would not touch with a 10 foot barge pole.

The worst is ones in the minor used client side anti-cheat is a the remote desktops containing anticheat because it has the terms that admin of the anti cheat is allowed to take control of your computer and you agreed to it for diagnostic reasons. This is absolutely a privacy problem even worse this China based anti-cheat made by a China government owned company.

Client side anti-cheat is everywhere from just check summing stuff to being total breach of privacy. Of course not all client side anti-cheats are created equal. It would be useful if end users know what level of privacy they are giving up.

The Battleye one of uploading at times exe and dll off computer for deeper scan is not going to be a problem on a pure gaming computer . Now this comes a different fact when a person is developing a mod for that game the mode may not be a cheat but might be using something patented that the person making mod may not have right to distribute. So not know they they need to pull the network cable and the anti-cheat uploaded something could see person in breach of NDA and other problem. That a problem just with Battleye level of privacy invasion. Remember Battleye is not the worst here its one of the least for doing privacy invasion.

why not just send police to cheater house and put them to jail, for breaking "law"? assholes gonna learn not to cheat

Thinking its breach of contract for the terms of competitions the pro cheaters have won money by and also its technically getting money by fraud. I would personally prefer if the law was used against them that they had to repay all their competition winnings. Not here is a 12 months ban as long as you hand over your cheat software and cheat hardware setup as most currently get hit by. Yes here a 12month ban but you have had to hand over your cheats and return all the money you won and public admit to being a cheat and be stripped of all titles and when the ban is up only allowed to enter in person competitions for the next 10 years.

Currently the punishment does not fit the crime either.

BattlEye is separate software package accompanied with games, you'll need to agree with it's EULA before actually installing it. Isn't agreeing to it's EULA actually "consent"?

You don't like it? Fine, don't install it then. But like I mentioned don't also expect to get into game servers with mandatory BattlEye requirement. It's not just client-side. Servers requiring it themselves have server-side version running, client-side part of it works in tandem with server-side part.

Your "NDA mods"..? Steam has Workshop which is used for distribution of mods. If someone tries to infringe your copyright by taking your mod - changing it a bit and then reuploading it into Steam's Workshop - you can just flag it and report it - then Valve will remove it ASAP. BattlEye also in fact insures that nobody is cheating by using his/her own private mods to gain some sort of advantage by validating relevant hashes of the mods loaded in players game. When player is trying to enter your server with a non-approved mod loaded - BattlEye will remove him/her within seconds. Some games (like Arma 3) have additional methods for enabling "copyrighted" mods, they use encrypted mod packages people cannot open using standard extraction/unpacker tools.