Ok like, what the actual fuck? How is this ok with any privacy policy? I have never noticed this because any game I played ever showed this menu to me. Is there any way to not let this fucking “anti-cheat” (looks more like a trojan) to steal every single data from my activity?
Yeah, most anticheats are actually just rootkits (running at kernel level with unlimited privileges). This is also a big security issue, some games like genshin impact have also been used to create botnets since there is only one privilege escalation from the game itself to the kernel.
Whenever you use an anticheat, you just have to take the company’s word for what they are doing with that kernel-level access.
Ouch, so the Sony root kit scandal just showed how it should be done for companies…
even Roblox?
ESPECIALLY Roblox
as far as im aware, roblox’s new anti cheat is not kernel level but rather user level, besides it would scare me if it could run at kernel level considering that it never asks for admin permissions
I hope that’s all it is
sure?
Seeing how unethical the company is in general, it would’n’t surprise me if the anticheat was just the worst. Even forgetting the anticheat part, I would NEVER play it.
(Unethical is actually a pretty big euphemism here)
Someone on Lemmy wrote the modern anti-cheat systems are essentialy rootkits.
And after reading that list, I wholeheartdly agree.
Geshin Impact and Valorant are two of the worst offenders at this. Their anticheat runs at an absurdly high level.
I think you mean low level, no?
Well high as in a program running off the OS as the lowest.
high level or low level?
Whatever you call ring 0
This made me think, if whatever company runs these kernel-level rootkit anti cheats get hacked, and since these anti cheats are absolutely proprietary can’t the hackers modify the code to, basically, create a giant genshin impact gamer botnet?
That sounds EXTREMELY unlikely.
deleted by creator
Have you tried uninstalling this game and play something else?
You’ll never be rid of Destiny.
Sucks to be you I knew it was shit once I played the demo on my Xbox 360.
Did quit it at the arrival of the last extension after non-stop play since launch.
Best decision I took in the last 3 years…
Lightfall has been pretty fun.
Yeah, anticheats are a privacy and security nightmare that most people don’t even think about. You’re effectively giving their proprietary software extremely invasive kernel level access to your system. They can access and do pretty much anything they want on your device with really nothing stopping them. Anticheats like this are extremely dangerous and should certainly be avoided where possible.
I understand the problem of cheating in games, but I feel like there has to be a better solution to this problem, as making users install an extremely invasive rootkit isn’t acceptable at all imo. I’d recommend avoiding games that include invasive anticheat or DRM like this. Best way to get across that this isn’t okay is through the wallet.
VAC is pretty good on that reguard, it checks anything it can on user level and uses ai serverside to detect esp and aim hacks wherever possible.
…isn’t this how they always worked? How every anticheat worked? At leaat it doesn’t install to your kernel…yet.
Ummm… how do we tell him?
Riot’s Vanguard does at the very least
Yes, that’s how anti-cheats work
If you want privacy while playing games with anti cheat, you better have a separate SSD with its own Windows install and nothing on it but the game.
My Windows partition is basically just games and audio software for this very reason.
Or use a virtual machine
Anticheats block VMs faster than a social media user recieving an unsolicited message 😳
While true, the things they usually check for are easily modified; VM-named drivers and virtual hardware, 2 or fewer CPUs, a few registry paths.
Linky for more info/ how to do this?
The useful guides aren’t publicly available because if they were, antivm checks would just get updated.
But using VirtualBox as your VM is the first step; you can’t easily rename the components in the closed source VMs. Then compile it yourself, but first do a search and replace through the code replacing occurrences of vbox and VirtualBox with something else.
Oh duh, this makes sense. What about GPU passthrough?
Qemu can also easily evade anti-cheat, iommu passthrough or not. Lots of great guides over at the level1techs forum.
Not necessarily but you need to configure it to behave like a real machine
And no decryption keys for other attached drives.
Lmao, did you think anti cheats worked on fairie dust?
While I haven’t dug into anti-chest specifics, I’m pretty sure they all function this way. Not that I like it either, but if you don’t want games accessing this information, you’ll probably want to avoid games with anti-cheat.
Eg Denuvo, which is widely used and recognized (recognized as shit that causes lots of issues, too), gets kernel level access, which means it can do anything it wants.
Is kernel level access granted by Microsoft? I mean for stuff like Denuvo.
Or do you accept it when you install it? There are so many weird levels of security on windows.
The Denuvo kernel driver is signed by Microsoft; in order to install it you have to enter your admin password when installing the game. But once it’s registered with the system, it has full access thanks to being signed by MS.
Client-side anti-cheat should die. Learn to write good netcode and serverside culling instead (maybe also ai anti-cheat like how valve is doing and some other company I don’t remember)
No, i don’t care how your internet sucks, dial-up is outdated.
The client is NEVER to be trusted, no matter the scenario. Get your shit straight.
Also, in game reports like Valve Overwatch
But then how can we stop people from cheating offline? /some companies
And let x-ray cheats run wild?
Just don’t have personal info on you gaming PC/dual boot if you care
Just don’t send data the player can’t see
All client-side anti-cheat systems are invasive, to varying degrees. Some restrict themselves to game files and data, others snoop on external processes and memory, and the worst (and most dangerous) even require administrator/root access or kernel drivers.
Yes, it’s terrible.
It’s also a divisive subject. Some gamers feel that cheating must be minimised at any cost. Others feel that their privacy and security are more important, and realise that only server-side measures can prevent circumvention anyway.
Unfortunately, there’s money being made selling client-side anti-cheat systems to game publishers, and implementing it is cheaper/easier than server-side, so it’s likely to continue until enough of us reject it or we make it illegal.
implementing it is cheaper/easier than server-side
In many cases, 100% impossible. Take a first person shooter for example, how can you prevent wallhacking server-side? The only way is to not tell clients positions until the enemy is very close by, and then you get big problems with any kinds of lag interpolation etc.
In many cases, 100% impossible.
No, it is not.
If a particular kind of cheat is impractical to prevent in real time on the server, it is sufficient to detect it and issue consequences. (These can be banning, handicapping, isolating with other cheaters, or any number of other approaches.)
What is impossible is reliably preventing it on the client. Even the most invasive anti-cheat rootkit can be circumvented by a smartphone with a video input and mouse/controller output.
it is sufficient to detect it and enforce consequences
So how do you propose detecting that a client is rendering a model that shouldn’t be rendered (because it’s behind a solid wall for example) without some client-side anticheat?
Sigh…
Rather than endlessly nitpicking special cases that you assume are unsolvable, I suggest you spend some time reading about the topic. The answers might not be obvious to you, but they do exist.
(And while I would like to believe that you’re genuinely interested, rather than just posturing on the internet, I’ve already spent as much time here as I can spare.)
nitpicking special cases
Wallhacking isn’t a special case…? It’s one of the most common cheats and gives an enormous advantage.
that you assume are unsolvable
So again, what’s your master method? The server doesn’t send player positions until nearly within the other player’s sight, but even that already gives a huge advantage and is nothing the server can do about it via non-LAN networks, otherwise people will be “popping out” / managing to attack the other player before their position was even received by the player being attacked.
Certain genres of games can work well with only server-side anticheat, but FPS isn’t one of them.
Only send updates of position of the players that are likely to be visible ?
And then you read my previous message about that working very badly due to lag interpretation for example?
The other user didn’t answer your question fully, but heuristic algorithms are very good for this purpose! if you’re able to identify some specific things in players behavior that only occur when they are cheating, you can easily create a machine learning system to identify that behavior, incorporating things like batch punishment (such as VAC or Hypixel’s Watchdog) to make it more difficult for cheat devs to identify the reason, or a manually-reviewed appeal process to account for errors in the model.
Dear Bungie,
Go fuck yourselves.
Signed,
Everyone with a modicum of common sense
Bungie…?
Most of it is perfectly reasonable.
-
IP: Simplest identifier for smurf accounts, also very ineffective since you can just reset router. But public info anyway.
-
Game identifier: Obviously
-
Hardware dev info: More effective identifier for smurf accounts and more effective form of banning (and decent way to check if you’re in a VM, depending how hardened it is)
-
OS info: Different OS’s require different functions
-
Game and system files: Don’t agree with this one unless you’re incredibly deep into e-sports (professional). For casuals, checking game files: Fine. Checking system files: Fuck off.
-
Running processes: Checking for running non-hidden cheats
-
File names: Not quite sure what they mean here
The text at the bottom also states that it only collects this if it detects potential for cheats, which obviously is going to include false positives, but it isn’t constantly mining the data like other ACs.
BattlEye isn’t the greatest AC so should be fine anyway.
About file names:
Let’s pretend the anti cheat detected a software that’s screen recording the game.
If the software file that triggered the alarm is obs.exe (and it’s digitally signed accordingly) then it’s a pass. If the filename is autoaim.exe then it starts some sort of investigation.
I’m just theorising here.
Unlikely, they would use checksums for this, not the filename.
I hate modern ac software for automatically banning VM usage. Don’t know if this is the case with BattleEye, but coming from someone who uses a VM as a daily driver - This sucks.
-
You don’t need to play that game. You either allow it, or not.
The problem is they dont tell you this before you buy it and try to install it.
Most online storefronts I’m aware of would have no issues with giving a refund if the play time shows that the game was clearly not fully installed.
Only issue would be if you bought it as a key from a key site.
Steam does - warns you about anticheats, additional DRM, whether the game requires an additional account (ea/ubisoft/origin/whatever)
0
Want privacy? Don’t play games with internet requirements. It’s that easy. All of the other games are sucking whatever info they can get their hands on. It is not about anticheat - it is about money and data=money
