Perhaps I’m naive about the programming of video games, but why isn’t anti-cheat for live service games handled on the server side? We already send mouse movement and keystrokes to the server to display in multi-player environments, why not just do anomaly detection on top of that data stream?
It feels like anti-cheat isn’t my problem to solve, or to accommodate for.
If the game state of every player at any time can be simulated entirely on server then yes, to some degree. This isn’t the case for many games that have some degree of client authoritativeness, like Apex Legends. As the other poster mentioned, this doesn’t eliminate seeing through walls still, or other cheats that expose game state that players can’t normally see but are required for the game to work.
If all games were streamed over the network, like in GeForce Now, then we would perhaps require far less client anticheat.
i’m a proponent of server-side anticheat, but there is a few reasons games do it client side.
server-side anticheats depend on heuristics and “checks” determining if a player is doing something “impossible”.
one example would be checking if the player somehow has perfect accuracy on every player before even shooting, or if the player moves further than is possible in a given timespan (these are very simple examples).
this is MUCH more difficult to make accurate, since these checks are fallible to network conditions or other hiccups.
most online games opt for client-side anticheat since it lets the devs just “trust the client” easier. it can also detect things that would be impossible server-side, like X-ray (seeing other players through walls. this is impossible to detect server side).
Seeing players through walls can be solved in other ways, though. At least partially. One fix is to only draw models that the player has line-of-sight to, often with out of LOS models drawn behind the camera. Then, pop them back into place a frame before they are expected to be in LOS. That eliminates a lot of the advantages of wall hacks and model hacks. (Model hacks add a giant stick out of the front of player faces so you can see what they are looking at and, from the size/colour/whatever, how far away they are.)
Server side, you can also measure reaction time net latency to determine overly consistent or superhuman reaction times. If players aim to headshots in under 0.3s consistently, then they’re hacking.
And rootkits can be beat anyway, so they’re pointless, like by ruining a VM or by injecting the cheat at the bootloader, before the kernel.
And there are hardware man-in-the-middle cheats, with video capture cards sending a video stream to a companion computer running an image processing model that injects mouse commands back to the host computer.
I could keep going. There are so many ways. Trusting the client is impossible, trying to force it is unethical (requiring rootkits), and it doesn’t even stop cheating! Just give up and move to server-side detection, or go back to community servers that can self moderate with human admins.
And, imho, don’t even ban the cheaters—instead, flag their account to be exclusively placed into cheater-only games (with bots for filler, if needed to keep queue times roughly matched to avoid player detection). ngl, younger me (who had more time for this kind of thing) would have loved the challenge of trying to out-hack other players using cheats.
Perhaps I’m naive about the programming of video games, but why isn’t anti-cheat for live service games handled on the server side? We already send mouse movement and keystrokes to the server to display in multi-player environments, why not just do anomaly detection on top of that data stream?
It feels like anti-cheat isn’t my problem to solve, or to accommodate for.
If the game state of every player at any time can be simulated entirely on server then yes, to some degree. This isn’t the case for many games that have some degree of client authoritativeness, like Apex Legends. As the other poster mentioned, this doesn’t eliminate seeing through walls still, or other cheats that expose game state that players can’t normally see but are required for the game to work.
If all games were streamed over the network, like in GeForce Now, then we would perhaps require far less client anticheat.
i’m a proponent of server-side anticheat, but there is a few reasons games do it client side.
Seeing players through walls can be solved in other ways, though. At least partially. One fix is to only draw models that the player has line-of-sight to, often with out of LOS models drawn behind the camera. Then, pop them back into place a frame before they are expected to be in LOS. That eliminates a lot of the advantages of wall hacks and model hacks. (Model hacks add a giant stick out of the front of player faces so you can see what they are looking at and, from the size/colour/whatever, how far away they are.)
Server side, you can also measure reaction time net latency to determine overly consistent or superhuman reaction times. If players aim to headshots in under 0.3s consistently, then they’re hacking.
And rootkits can be beat anyway, so they’re pointless, like by ruining a VM or by injecting the cheat at the bootloader, before the kernel.
And there are hardware man-in-the-middle cheats, with video capture cards sending a video stream to a companion computer running an image processing model that injects mouse commands back to the host computer.
I could keep going. There are so many ways. Trusting the client is impossible, trying to force it is unethical (requiring rootkits), and it doesn’t even stop cheating! Just give up and move to server-side detection, or go back to community servers that can self moderate with human admins.
And, imho, don’t even ban the cheaters—instead, flag their account to be exclusively placed into cheater-only games (with bots for filler, if needed to keep queue times roughly matched to avoid player detection). ngl, younger me (who had more time for this kind of thing) would have loved the challenge of trying to out-hack other players using cheats.