Hacker News new | comments | ask | show | jobs | submit login
Guild Wars 2 distributed spyware in order to detect cheaters (reddit.com)
129 points by flowergrass 10 months ago | hide | past | web | favorite | 86 comments

> They will then deobfuscate two strings that they use together with LoadLibrary and GetProcAddress to obtain the address of the QueryFullProcessImageName function from the Windows kernel32.dll library. You can already kind of see where this is going.

The wordiness and begging the question is highly suspect. Any [Windows] developer who reads this should know how to enumerate processes, find their binaries and hash them (without having to "deobfuscate" and other scary words for non-technicals).

No working set information is included in the hash (not that it would be much use) and so the leakage of information here is extremely low. The author then complains about the hashes being sent over an "insecure protocol" but, suddenly, all information regarding which protocol is missing - that would have been genuinely useful to know (unlike the prior wordiness).

> It most certainly will be problematic once the GDPR gets into effect and Arena will definitely get a data request from me so I obtain a list of all data they have about me and my account.

The disclosed information cannot be used to identify you as a natural person.

This just sounds like someone who got caught and is trying to avoid responsibility.

I'm not a gamer at all, so this would normally escape my view, and I don't know if what you say is true and I can't evaluate yet.

But, to me, it sounds like you are saying this potential bad actor is intending to use the GDPR to determine the 'secret sauce' used to detect bad actors?

In other words, "Be transparent in your evaluation methods!" with the subtext of, "then I can subvert them."

That's one thing I hadn't considered. Pretty clever, almost like an oracle attack.

What I'm saying is much simpler. Cheaters are a very interesting crowd. In first person shooter games it's absolutely possible to dominate cheaters (because cheats only help with raw mechanical skill, not strategy or tactics) and the cheaters will often be the first to complain about cheaters when you kill them. Despite their unfair advantage, they lash out when things don't go their way - which seems to be happening here: they truly believe that they are above reprimand and that Anet must be punished for reprimanding them. The threat of GDPR is being used for this. In the broad category of shifting blame, it's very very consistent behavior and would probably make for a fascinating study.

There is always a chance that the author is being honest (having cheated in other games, but never GW2) but it's slim. I have my doubts as to whether GDPR would cover this (as it cannot be used to identify a natural person), but IANAL.

So, the GDPR actually says two things

- personal data is any data about a person which could, in combination with other data that you may not have, identify a person. That's much broader than your definition. In this case, I think the claim would be that if you knew all programs installed by a person, you could figure out who that person is. It's still probably a stretch. It's good that they prevented themselves from knowing what the program is, because that could sweep up health data. ie imagine they knew you were running a blood sugar tracking program, they could infer you had diabetes. Health data is in a heightened protection class under the GDPR.

- The game would still have to service data requests, ie give me all your data about me.

Doesn't seem that slim a possibility. I honestly can't see the need for bots or cheats in GW2 when there's so little that's grindy in quests or dailies and there's shortcuts through most of the dungeons simply with class skills not wall hack cheats. The only rare drops I can think of are the dungeon recipes which aren't that rare compared to drops in other games.

In other games, the grind is clear, and the appeal of bots painfully obvious.

It's a few years since I played GW2 so things may have changed.

Posting an analysis most definitely does not make you a bad actor. He works at an AV company and analyzes malware for a living. Malware uses the same techniques as this kind of spyware, and it’s pretty natural for a curious person who works with these tools to see what it was doing, especially after a ban. The GDPR won’t make that any less difficult.

> but, suddenly, all information regarding which protocol is missing - that would have been genuinely useful to know (unlike the prior wordiness).

And might be a reason for ArenaNet to sue.

From what I have read, reporting about shortcommings in MMORPGs can get expensive quickly. There is a reason the Defcon 25 talk by Manfred was cut short. ZeniMax Online wasnt amused

edit: I did remember correctly, the very same video was taken down from youtube by Arenanet


>"DEF CON 25 - Manfred - Twe..." This video is no longer available due to a copyright claim by ArenaNet, LLC.

>The disclosed information cannot be used to identify you as a natural person.

What alternate GDPR reality is this?

GDPR doesn't automatically cover everything that can be harvested from your machine. It has to be demonstrated that the data can be used to identify you as a natural person (which is different to PII, which is an American legal term). You might be able to identify a natural person with this information, but it's incredibly variable as it only includes running processes (unlike browser plugins used for browser fingerprinting, which may not change for months).

Assuming you can figure out how to reliably fingerprint someone with this information, GDPR allows collection of data that is reasonable for providing the service you are offering: a bot and cheater free game is part of the service that Anet offers. If you request this data, then what?

MMO characters often become the embodiment of their players or visa-versa. There is also your CC and billing information, which in combination with your character name (often your nic/handle) could be used to identify you on other social media. This is far more threatening than a list of running processes on your machine.

Anet may include these hashes in their GDPR compliance, but rest assured - forgetting someone means deleting the lot.

This kind of behaviour is very standard in the anti cheating world. Some go much further like inspecting the Windows DNS cache for evidence of cheat servers. Calling this spyware is rather misleading.

Cloud based antivirus services are even worse in this regard.

>Calling this spyware is rather misleading.

No, it's clearly spyware. They are enumerating lists of software loaded on client computers without explicit permission other than what's granted broadly in their ToS/EULA, and without speaking of the feature.

The component got removed right after their use of it -- indicating either sneakiness or internal qualms about the use of such methods -- and if one believes the guilty , it affected legitimate users, too.

>Some go much further like inspecting the Windows DNS cache...

Why is looking at DNS caches 'going further' than enumerating all software into hashes for remote analysis? DNS might have more embarrassing shit to expose on a personal level, but generally a glimpse into installed software is much more exclusive/rare/uncommon . DNS gets' discussed between your machine and a million others down the line; it hasn't been considered very private for some time now.

One of the largest Korean "anticheat" companies also sells cloud antivirus and reuses the same code signing certificate for their anticheat rootkit. I've seen a few outright change DNS resolvers to themselves instead of just looking at cache too.

> Calling this spyware is rather misleading.

Does its ubiquity invalidate the term? It is software that spies on me, and its presence is, at best, less-than-explicitly communicated. That seems like spyware to me.

It’s not misleading at all to call most client-side anticheats spyware.

so you're saying I can simply bypass detection by having a remote proxy? Simple and cheap ($5 Digital Ocean server)

Bruce Schneier has also written on this with Blizzard: https://www.schneier.com/blog/archives/2005/10/blizzard_ente...

It's not a new topic, and not one with great answers. On the one hand, any PC gamer knows cheaters ruin multiplayer games, and developers need to participate in the cheat/anti-cheat arms race to ensure the integrity of competitive play. On the other, it's the definition of spyware.

Unfortunately, the state of the art answer is "if you don't like it, you don't have to play the game." It will be interesting to see how this plays into the inevitable changes to law that will happen.

This is similar to what competitive Counter Strike has become. Even though Valve has been talking about some interesting anit-cheat methods [1], third party matchmaking services rely on such client software to try to combat cheaters [2].

[1] https://www.pcgamer.com/vacnet-csgo/

[2] https://www.faceit.com/en/anti-cheat

Might be worth noting that one of those third party matchmaking services (ESEA) deployed a bitcoin miner along with their client not that long ago. Caused a huge uproar.

IIRC it was in early 2013, so 5 years ago? CS GO was only released 6 or so months before hand.

People still bring it up, but no way would they pull that move again.

True. Hard to believe that was already 5 years ago, but I think you're right. I was pretty furious at the time. I also seem to remember that ESEA got hit with _super_ heavy fines for way more than they ended up earning in bitcoin. Probably a fairly strong deterrent.

As our operating systems become more and more security conscious, I'd expect the ability to iterate other processes on the machine to go away.

When I've installed ethereal/wireshark I've needed to face down big warnings, and properly so. A promiscuous packet sniffer is something to be wary of.

With few exceptions[1] there seems to be no good reason for any application on my machine to see what else is running.

[1] - Good candidates include Anti-virus for those who run it, and those tools that help you keep your applications up to date.

Don't forget sysinternals, and the like for other platforms. Also debugging, profiling and monitoring tools. Granted this is a very developer/admin focussed perspective, but they're still valid use cases.

The response from Arenanet [1] is noteworthy, as they specifically gave a list of programs that they banned for. If they weren't spying on the programs users have running, I'd expect them to ban on less specific factors than exactly this list of five programs.

[1] https://en-forum.guildwars2.com/discussion/comment/476255/#C...

It's an interesting response because it shows that not only were they tracking program usage over a period of time ("significant number of hours during a multi-week period earlier this year"), but _also_ shows that they quite possibly could have banned people who _weren't_ cheating ("We targeted programs that allow players to cheat and gain unfair gameplay advantages, even if those programs have other, more benign uses."). I use Cheat Engine all the time to mess around in single player games, and quite often leave it running in the background or forget to close it -- that in no way means I'm cheating at other types of games. Further, it's just a memory editor -- unless GW2 is trusting the client where it shouldn't, would it even work on an MMO?

> would it even work on an MMO?

CheatEngine is a great first step in developing any bot, for any game.

GW2 doesn't have to trust the client for CE to be useful, it's just that the usefulness is different than what you're using it for currently. The goal of CE in developing an MMO bot is to figure out where in memory things like player location, party members, linked list of all nearby objects, etc, are. This allows the user to write the bot in a way that's pulling information directly from memory. CE is a great way to back into this data (coupled with a debugger/disassemble, of course).

What's fun is that GW2 even gives you an API you can use to get information like player location. Used it a few years ago to automatically switch maps in my map event timer:


My understanding is that even with a perfect server side simulated game you can read memory to find out extra information even if the game logic is on the server, i.e. that's how X-Ray in UT99 and Minecraft works.

This is also hardly the first such incident (unfair bans or borderline spyware anti-cheats), it'll end without any long term echos as always.

If you were sure you were banned unfairly and went to the support they'd just link you to some ToS or other, saying that all bans are 101% sure, confirmed, irreversible, etc. If you went to forums you'd get insults, told that you deserved it, that you're making excuses, that there are no legitimate reasons to run CE, etc. or at best told that you were an idiot to have CE running in the background and thus deserve a ban for being so careless.

Eventually you might get unbanned automatically, with an apology and a freebie - or not. It depends on the specific company, how many people were banned, how big of an issue it is, does the company bother to fix it, is it reported by the media as a problem, etc.

It's kind of a crapshoot and a circus but then again - it's just games (except for the 1% of esportsmen) and they don't have such a bad track record compared to important companies (Facebook, Equifax, etc.) that leak or sell people's life affecting data.

> unless GW2 is trusting the client where it shouldn't, would it even work on an MMO?

MMOs have to trust the client, to a large extent, in order to avoid janky gameplay on ~150ms connections.

> We understand that your Guild Wars 2 accounts are important to you and we take that trust very seriously. Our goal is to continue to foster a safe and fair community for all. We believe that everyone deserves transparency, which is why we're providing this additional information.

Wow, what a non-apology.

A large segment of gamers hate cheaters with such a passion that nearly any measure is justified in fighting them. It's quite possibly even the majority of gamers. The reality is that Arenanet is not going to see a large backlash from this. A minor course-correction is all that the gaming community is going to demand from them.

I count myself among the group I believe you're alluding to, though not as you've described it. If I'm spending my time playing a game, I don't want to waste queuing time only to discover that I've been placed in an unplayable match because someone is cheating. When this becomes prevalent (always seeing a cheater if you play > 1 hr), I'll quit the game, because it's taking the fun out of it for me, and potentially giving satisfaction to cheaters, which I'd rather avoid.

So I'd appreciate a warning that I'm being spied on, and perhaps a description of ways they're avoiding sensitive data. But the game I'm going to quit is the one where I can't get away from cheaters: not the one where the game makers are being overzealous in watching for them.

I apologize for the negative tone. I should have tried to make my point more neutrally, with less exaggeration. I have major complaints with how single-player games have been given minor online integrations that have justified locking them down completely in the name of anti-cheat. It has left me a little jaded.

But, that's neither here nor there. Regardless of my personal feelings, the average gamer agrees with you. Arenanet had pure intentions. They were trying to fulfill the wishes of their fans, so the mistake in how they rolled this out will be forgiven.

sounds like how politicians act, exploit anger to get what you want all the while convincing others its good for them.

however with all the talk about privacy it never ceases to amaze me how fast people will give it up if they get what they want or worse, if something bad or inconveniencing happens to people they don't like. what does that say about society when people will give up something just to punish or deprive others.

> what does that say about society when people will give up something just to punish or deprive others.

There's literally zero point to competitive online gaming if cheaters run rampant, you might as well not bother. Of course people interested in competitive online gaming support countermeasures.

> what does that say about society when people will give up something just to punish or deprive others.

I also believe in a police force and laws. Giving up my ability to rob without legal consequences in order punish and deprive others.

I'm not to convinced that says many bad things about me though.

Nobody invested in a competitive game is going to want cheaters running rampant.

That's a shame.

I liked how GW2 was free forever after the initial purchase. I would come back every now and then to check out the new content.

Sadly, I don't keep any spyware on my computer. No exception. Even if I love the game, that's an instant uninstall for me.

For consistency, you should uninstall Steam VAC and Battle.net games. I'm pretty sure Fortnite and League of Legends also do something similar.

Steam is a game library manager. It manages all 300+ games that I have purchased. I expect it to be scanning my computer entire computer.

They even told me so when I installed it: https://support.steampowered.com/kb_article.php?ref=7849-RAD...

This is not spyware, this is a platform I chose out of trust.

Guild War 2's spyware is exactly that, a spyware. I never agreed to it, or if I did it was out of some legal black pattern.

While I understand this sentiment, I think saying that you expect it to be scanning your entire computer is a bit of hyperbole. You expect it to be scanning your temporary internet files? Or DNS cache? Or your personal documents and pictures? I would expect those to be off-limits to a game library manager.

If you are saying that Steam was very upfront with its anti-cheat measures and that you agreed to it then so be it.

Steam provides a platform for a lot of developers and allows them to leverage the VAC. It's existence is improving our privacy. Instead of having each individual games try and scan our computers, they can call the VAC and request for the status of users.[1] When a game has a third party anti-cheat system, you can often choose to opt-out on install/launch and it simply cuts off online features.

This is one of the multiple reasons I don't mind Steam's scans. They are doing it on the behalf of thousands of games.

When people are worried about their privacy due to the VAC, they are quick to respond. Even better, they don't simply throw a legal team at the community but take the time to address fears and trust issues. [2]

I am not saying that Valve is perfect. They might mess up in the future. But so far, they have yet to breach my trust.

[1] https://partner.steamgames.com/doc/features/anticheat/vac_in...

[2] https://www.reddit.com/r/gaming/comments/1y70ej/valve_vac_an...

Too bad they got your money already :/ I had to take the same action, for the same reason, with Windows 10. Though, in my case, there was a far superior alternative. Not sure you'll be as lucky with GW2.

So, guy who admits to cheating, gets banned for cheating. I don't think it's particularly interesting that he claims he only cheated in other games, and never Gw2.

Invalid argument. That the guy admits to cheating in other games has absolutely zero bearing or relevance to Arena secretly installing this kind of invasive spyware on players' computers.

Regardless of his background his analysis states pretty plainly what happened. And he is correct that anyone involved in security research can be falsely caught by such tools.

The real takeaway here is the lack of care and regard that Anet exercised in the implementation of this anti-cheat system, and the callousness and ego demonstrated by the programmer posting his updates to Twitter.

So what, the end justifies the means? "Who cares if they installed spyware on everyones computers, it's okay because they caught some cheaters"

I assume the agreement the user accepted allowed them to do this.

Kind of like walking into Target. They are scanning you even before you enter the doors now days, and tracking everything you do or buy. Even more so if you use their credit card. The reason they can do that is because you agree to their terms...

This is also a reason why I would never log on to a Corporate companies "free WiFi" ...

One thing to note is that one of the programs they flagged accounts for, Cheat Engine, is basically a memory modifier similar to what you find in console emulators (or what GameShark or similar used to do).

It should have limited effect on any competently written online game as the game state would be decided by the server, not the client.

Cheat engine can be used to automate various in game actions either directly via macros or by identifying the memory addresses involved which you can then abuse via other means.

So in essence it can be constitute as cheating even if you don’t break any game mechanics directly but simply automate actions which most online games prohibit.

Well, yes, online games should be resilient to memory modification, but few are coded perfectly to prevent this (and many games, even AAA MMORPGs like WoW, let the client get away with way more than it should).

The smart thing to do is to look for when tools are actually injecting themselves into your process, not just looking for the presence of the process itself. That is just a completely inept way of going about it.

That's not what I read to be the point of the post. The way I read it the question becomes: is it acceptable for a game to spy on you in a way that violates your privacy? Are your programs private? Is it reasonable for a cheat detection system to upload all of your running processes?

Doesn’t windows show you a “allow access” dialogue box somewhere and you have to agree on order to install/plAy game ?

Argument ad hominem: The author's character and actions bear no relevance to his arguments' validity.

I have a really hard time equating botting with cheating. I don't do it myself, but in my opinion if your game can be botted you botched your game design. Also, MMO cheating implies for me some damage to other players which I don't see either with botting.

Anyway: Whether he botted or not is not the point of the thread. Even if everyone they caught would have cheated (according to their and your definition) that's still a pretty significant privacy intrusion from ArenaNet.

>but in my opinion if your game can be botted you botched your game design.

That has nothing to do with the commonly accepted definition of cheating. Using in game mechanics which harm the player base in some way is considered cheating in every competitive game ever made. "The devs messed up" is not an OK to do whatever you like, that would ruin these games.

> if your game can be botted you botched your game design

So Starcraft, Counter Strike, and PUBG all have botched game designs? Please..

MMO cheating implies for me some damage to other players which I don't see either with botting.

The more you participate, the more stuff you get (for various values of 'stuff') is the central design conceit of just about all MMOs. Breaking it is one of the most drastic and damaging ways to cheat.

Agreed. And GW2, like other MMOs, has a trading post where players can sell to other players. If you're cheating, you can crash the in-game economy which certainly does have an impact on other players.

Hasn’t anybody invented a cheating method that uses a separate computer which looks at the target computer screen through a camera and provides mouse and keyboard input through USB?

Something like this could probably be built with a Raspberry Pi and some image pattern-matching software. If you just wanted to record some statistics in order to give an edge in certain games, you could probably build a phone app to watch you play.

Sure, systems like this have been used at least 15 years by online poker bots. Poker software has some of the strongest anti-cheat systems in the world. The arms race didn't stop there, I know PokerStars moved on to behavior modeling about a decade ago. Now with machine learning being mainstream, mainstream games are starting to do behavior modeling as well. [1][2]

However most games either don't have any anticheats at all, or have very limited ones. Specifically you can run most games under a normal user and run the cheat under an administrator user. Let Windows help hide it.


[1] Valve has used deep learning for CSGO https://www.pcgamer.com/vacnet-csgo/

[2] Third parties have done work for Dota 2, with hints of official Valve variants coming as well https://www.reddit.com/r/DotA2/comments/8816oh/12_of_all_mat...

I've heard rumors of such prepackaged systems being sold on the high-end (for people willing to spend ~$1000 just to cheat in a video game...). But VAC and similar anticheat aren't even at the level of being able to worry about such attacks yet; they're still desperately trying to solve the 99% case of free-to-download cheat software on the first page of google search results.

That's more like "bots", rather than "cheats", but yes.

I remember something similar for Eve Online bots many years ago. That solution was capturing video frames straight from the video card(so, detectable), but that's basically the same idea.

Monitoring in game behavior can easily detect naive bots, which are most of them(you are logged in 24/7 doing the same thing).

No but it used to be pretty common to intercept/modify UDP packets bi-directionally and build simple aim bots/etc.

Sure, this approach is used, but the main problems are latency and relative development cost.

Isn't this exactly like Blizzard's Warden? Things like this are sort of necessary to police a large scale game because of how damaging cheating can be to the integrity of the game. You give informed consent by continuing to play.

[NB: this leads into it because GW2/Arenanet is a subsidiary of NCSOFT, a Korean company; NCSOFT uses all this stuff on all their games too]

Virtually every single multiplayer/MMO-like game does this. All of Asia does it - every country there, for instance, and a lot more invasively and insecurely.

Hackshield and XIGNCODE outright read through your process memory for content and keyword searches, not just hash matching - I've been issued bans for browsing security forums because of a freetext process title match in Firefox.

Gameguard, hackshield, xigncode (all 3 are Korean) send data insecurely, unsigned, over plaintext HTTP including PII across the public internet, run boot-mode driver rootkits, and are leaps and bounds worse than anything like Warden. They are also insecure and provide holes for actual malware to hide in with their awful client side rootkit process/file-hiding hooks.

League of Legends, for instance, runs outside of Asia perfectly fine, with a reasonable anticheat that detects its own processes being screwed with, not very invasive, not insane.

In League of Legends Korea, a Korean company basically installs one of these invasive rootkits - and even requires browser plugins to log in.[0] The founder of that company previously run for president in Korea and have virtually a monopoly on this crap. Some of it is required by local law.

[0] http://static.leagueoflegends.co.kr/common/js/aosmgr_common.... - note the plaintext http everything too

Riot KR is really bad. Idk if its a KR thing or if its isolated to Riot, but being in that community for the better part of 6 years now, the horror stories of the shenanigans that Riot KR pulls are notorious. Recently they banned a popular western streamer for criticizing them.

KR is ..KR. The people are nice, but the aggregate culture and laws are interesting.

They are equally bad in other companies, other games. For some reason they are horrifically toxic even when publishing a completely Western made game.

Of course, it's incredibly difficult to impossible to "run a game" from outside the country, their structure effectively forces you to open a subsidiary or separate company inside the country and give up control / be subject to those laws.

>You give informed consent by continuing to play.

The average player, even if they consent, is in no way informed enough to understand what having such a system installed means. They don't understand the value of the information they are leaking, and thus they are not in a position to give informed consent.

Many of those installing this kind of software are literal children, and thus quite incapable of giving informed consent.

Agreed. What I would like to know is how to ban cheaters without using these methods?

Because I would much rather play a cheat-free game and have well-intentioned programs scan for foul-play than the opposite.

I wonder if this is why Blizzard has refused to port Overwatch to the Mac; even though there are more graphically-intensive games available for macOS, and all other games by Blizzard themselves, but why are they holding back on Overwatch? Is it maybe because they can't implement their "anti-cheating" [spyware] as easily?

Hmm, i recall reading something similar about Steam's VAC.

Simply having Cheat Engine running is enough for VAC To flag you and lock you out of any multiplayer via Steam.

Used to play GW2 quite actively until they released their first expansion, as i got kinda tired of their "episode" cadence and that future "episodes" would require the expansion.

Having worked in the similar industry ~10 years ago, with all of the debug tools installed in the system, even then I have had a separate Windows bootable system for gaming, since nearly all of the protected games were interfering with debugging tools in different ways.

So pretty strange author is surprised by that.

This game and arenanet have always been pretty shady either way. I noticed that when a couple of years ago I bought power leveling and got a maxed level character in less than 6 hours. I wouldn’t be surprised that this is done by people from arenanet. So, the news about them using spyware to ban bots is kind of expected I guess? So people keep buying powerleveling.

I've been playing Guild Wars since 2005 and can tell you, there is nothing shady about the game or ArenaNet. And the idea that they are powerleveling characters and selling them to you is ridiculous. This is a competitive game. They care if you're cheating, they don't care what level your character is. Hell in the original GW you could make a character at the max level without that character hitting the story at all. In GW2 you can buy a max-level character right from the game.

What they care about is if you're cheating to get max-tier weapons/armor and if you're cheating in the PvP tournaments.

> So, the news about them using spyware to ban bots is kind of expected I guess? So people keep buying powerleveling.

In the in-game store they sell an instant max character boost that's 100% legal within the games terms. Why would they also be selling powerleveling or botting services?


> I noticed that when a couple of years ago I bought power leveling and got a maxed level character in less than 6 hours.

You can get a character to max level very quickly if you already have access to a few max level characters.

There's no reason to pay for a shady power leveling service either; you can buy a level 80 boost directly from ANet. Max level boosts are a pretty standard MMO thing these days.

Are you saying that because you cheated and didn't get caught the company running the game is shady? That seems backward.

There are two issues here.

- First, the spyware angle. The software actively spied on the user and sent back everything. No other anti-cheat does this and no company ever betrayed users like this. (Except for ESEA who implemented a bitcoin miner in their client at some point. And yes, people including me remember.)

- The fact that people got banned for not even cheating! This is the ridiculous part. First, ArenaNet or Guild Wars 2 has NO RIGHTS to ban users for cheating in any other title. Valve has no right to ban me, because I install a mod for GTA V. Blizzard cannot ban me, because I use a trainer for FFXV.

Second. Other companies like Evenbalance makes sure there is a valid signature, and they even do screenshots, etc. It's not just a blind ban "because I think so".

I hope, some at least, see the pattern/point here. Third. I, for example, had MMOMinion's framework installed, and of course, I may have launched it by mistake, I cannot remember. It was pinned in my start menu but I have not used it in a year or so. I did NOT have the bots installed for either GW2 and FFXIV - so the program by itself had zero capability to even attach a cheat.

So basically, I had zero cheats installed, but had a software that COULD BE used for cheats. This is beyond ridiculous. It's like banning everyone for using Windows, because Windows is capable of running cheats. This is just utter nonsense, there are no words to describe such level of stupidity.

- To top this all off, Anet still did not post anything, still have not accepted that they just pulled a huge blunder. Their "chief of security" (some weaboo with "excellent skills" as he has just demonstrated) should have been apologizing ever since the spyware was found. But no, to hell with that. Their only response is "you accepted the eula."

tl;dr: The bans are false positive. Lots of them. It's a messed up ban, it should not have stayed active, it should have been reverted a long time ago until they come up with a better solution.

It's very hard to call this spyware.

It's transmitting a trivially-decoded schedule of what processes you have running when, without your consent - in what universe is this not spyware?

(sarcastic, but not completely) when you paid for it.

well, when its the 'good guys' doing it...


I seriously hope that this is a joke comment. Otherwise, you may want to step away from video games for awhile...

At the same time, you can't expect to understand what people are willing to give up until you understand how bad cheaters ruin something they care about.

"But privacy!" is going to fall on deaf ears otherwise. Just like "it's just video games lol."

I'm sure their last bit was in jest. If you've never wanted to upload a punch through the internet, you probably haven't experienced cheating.

I've never understood having sympathy for people that go out of their way to ruin the enjoyment of up to millions of other human beings. You honestly think those people add value to society?

I haven't actually played competitive online games for close to 10 years but no, it definitely wasn't a joke. If you think that's crazy, you should see what I think should happen to people who litter when they hike!

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact