Hacker News new | past | comments | ask | show | jobs | submit login
EA is permanently banning Linux players on Battlefield V (lutris.net)
814 points by WoodenKatana 16 days ago | hide | past | web | favorite | 484 comments



Anti-cheat software is an absolute shit show of cat-and-mouse tactics. It’s often difficult to distinguish anti-cheat software from rootkits or spyware. They’re invasive and user hostile, and they frequently cause collateral damage that is swept under the rug and that support tacitly refuses to acknowledge.

This has happened on multiple occasions with Blizzard:

- https://www.phoronix.com/scan.php?page=news_item&px=Blizzard...

- https://m.slashdot.org/story/75350

Of course, although Blizzards initial response was to claim that the users cheated and were lying, they did eventually fix the problem the first time (although IIRC they never reversed all of the bans for the very first WoW Wine ban wave.) Now they have a bit more experience with the issue so it seems it is getting more attention.

However with EA I don’t really have utmost confidence they will pay any attention to this, so I’d guess it’s time to get loud if you want any hope of this being fixed.


> Anti-cheat software is an absolute shit show of cat-and-mouse tactics. It’s often difficult to distinguish anti-cheat software from rootkits or spyware. They’re invasive and user hostile, and they frequently cause collateral damage that is swept under the rug and that support tacitly refuses to acknowledge.

Sure, but I don't see a good alternative. Cheating is a real problem and will quickly destroy your online community (see other comments in this thread). Sacrificing a small percent of your playerbase in the name of having a functioning online system at all seems like a reasonable solution to me. It's unfortunate that it is necessary, but people are jerks.


>Sure, but I don't see a good alternative

Allow users to votekick and voteban. Provide the server software for players to host their own servers and provide their own solutions to these problems.

These are tools and approaches that we had in past games and while they are not perfect, they are better than these black box invasive anticheat solutions born from a desire to avoid giving community control to users.

>Sacrificing a small percent of your playerbase in the name of having a functioning online system at all seems like a reasonable solution to me

Only if you provide a robust and empowered support staff to quickly unban and resolve false positives. That is, actually take responsibility, which is something game developers and major publishers seem allergic to.


Seems to me the shift to "Matchmaking" style online multiplayer has caused a whole lot of problems that weren't that big a deal back in the "community server" days. I personally think one can blame the rampant toxicity of players on this removal of the community aspect.


> I personally think one can blame the rampant toxicity of players on this removal of the community aspect.

I think this happens way more than people realize. A great example is League of Legends, which is known for its toxic community.

They throw you in a game with 4 other people. If 1 of them decides to be an asshole you're stuck for a minimum of 20 minutes + the 10 it took for queue + lobby. So you're FORCED to stay in this game for 30 minutes because you got an asshole teammate.

Imagine playing a game of pickup basketball where one of your teammates started scoring for the other team and you were forced to continue playing the game out rather than simply leaving. Of course your community is frustrated.

And the response anytime people ask for changes to help with the situation is that they can't because someone might abuse it to save their rank.

If it were me, I'd create a system where you get free games and treat it like a currency. If someone is being an asshole, just turn in your token, you leave the game unpunished and you get to flag the player(s) that caused you to do it.

I stopped playing the game because of the completely lack of control over your own destiny.


>If it were me, I'd create a system where you get free games and treat it like a currency. If someone is being an asshole, just turn in your token, you leave the game unpunished and you get to flag the player(s) that caused you to do it.

The issue there is that the game has 10 players in it.

Say you have only 3 "leave" tokens per month. That's small and will probably only slightly address the issue.

If the average player plays 30 games a month, they can leave up to 10% of their games.

And if someone uses this "leave" token, can you really punish the other players for not wanting to play a broken match? You can't require them to burn their own leave token. So it's one leave token, and everyone can leave.

If 10 players leave 10% of their games... then on average, there's one missing person per game. And most of those games will simply end.

Then, when you have 5 losing players, they have 15 tokens between them per month. With 30 games a month, your players can leave very roughly half the games.

Matchmaking aims for 50/50 win/lose.

You could literally just leave every losing game. And the other team would do this if you were winning.

You would only really get a few serious games toward the end of the month when all 5 or 10 people happen to run out of coins.

This system would actually probably just make people scream death threats at their own teammates for doing too well because the only proper way to win a game would be to eke it out at the last second.

In other words, the toxicity is built in to MOBA gameplay inherently and can only be suppressed.


Actually, you just went into detail explaining why it's a good idea.

In chess you'll see one player or the other reach over and lay their king over. It's an admission that, while the game isn't technically done, it's unwinnnable. So out of respect for time they simply acknowledge the loss and move on.

If, as you say, most losses see someone use a token, great! That's the point. They use the token, everyone leaves the game. It's done. The winners win, the losers lose.

Now imagine that you're playing and you're winning, but you're an asshole because you're smurfing. One of your teammates tosses out his token, you lose. Now also imagine this keeps happening because you're an asshole. It incentivizes you to stop being an asshole.

Imagine you're playing and 10 minutes in one of your teammates disconnects. Lets assume they're in a storm and the electricity went out. at minute 12, you use your token and move on. You weren't forced to play out a 30-40 minute game. You just moved on.

Imagine that game where your team is literally dying once/minute at minute ten. You just use your token and move on.

---

The only real counter-argument to this is that it might affect people's ranks. People will have losses they may have otherwise won. Or wins that they might otherwise have lost.

This is true.

Do you know what else is true?

The game is riddled with smurfs. People will win or lose games by just being matched with a smurf. The game has autofill. For those not aware, autofill means the game forces you to play a position you don't normally play. People will win or lose games due to nothing more than an algorithm making a decision. The game has streamers who specialize in "bronze to challenger" streams. The people in those games will win or lose due to nothing more than matchmaking.

These are all basically random chance, and what they do is make the error in the ELO system larger. Riot enforces autofill in the interests of short queues. It explicitly allows smurfs and streamers in the interests of marketing.

So Riot has already accepted the random wins and losses.

The question is, can we do it in a way that decreases player tension. The answer is yes.

This isn't about creating a perfect system. This is about the fact that the game currently has a ton of variability from imperfections due to Riot making compromises. The question is how can do it while giving the players more agency over themselves?

And I haven't even spoken about how BAD riot's matchmaking is. It's seriously bad.

I remember a game I had where I was forced bot lane by myself because my support never connected. For those not familiar with the game, this means I was playing in a 1v2.

And I got huge. I took over the game. And not because the opponents went diving under my turret (note: turrets will damage the opponent), but because I just straight up punished them for positioning mistakes and killed them. I legitimately pulled a double kill with first blood in a 1v2 with no jungler help.

In postgame chat, someone on the other team asked me if I was a smurf. Technically no, but I sure as hell was smurfing in that game. Riot's matchmaking should NEVER have placed me in that game.

The fact that it does adds even MORE variability. It gives more random wins and losses to players. It increases the error rate of ELO in the game.

The community has a common sentiment: 80% of the games you play you have no agency in whether you win or lose. You just have to accept it and move on. But 20% of the games you do have an effect and to climb you need to be more consistent so that you're winning in that 20%.

The point is this: The issues of uncontrolled wins and losses already exist in the current system. It's just you're also forced to stay in a game for another 20-30 minutes, and that just increases everyones frustration.


>he only real counter-argument to this is that it might affect people's ranks.

No. The difference between chess and and MOBA is it's 1v1 instead of 5v5.

The counter argument I'm implying here is that nearly every game would go like this:

-Game start

-Lane phase begins

-Top laner dies at level 2

-Top laner tries to get revenge at level 3, dies again.

-Top laner unilaterally spends the token to jump into another game. It's game over. You spent 15 minutes getting a game together, and 5 minutes loading the game, and 3 minutes for the boring part of gameplay to start, so that you could experience 2 minutes of the boring part of gameplay. That will be every game. It's already a decent amount of games with the punishment.


I have to agree. There were good alternative approaches. For example, I used to play Battlefield 1942 a lot when it was current. A lot of the larger communities had public servers, but also private servers that only people who the mods got to know would be whitelisted for. In the more well-run communities, the mods would hang out and spend some time on the public server to keep order, or were at least accessible (via TeamSpeak, often) if they weren't actively on it.

Cheaters quickly got banned from the public servers and people who stuck with the community could enjoy the private server where they knew there'd be a good group of people and usually very little toxicity.


I made some really good friends playing 1942. Guys I met up with IRL, in other states even. The only probs we had were the “defeat the ceiling by flying upside down” pilots and trash talking with other clans could get a little spammy. The rivalry was welcome though and we mostly resolved it by kicking ass on various ladders. And occasionally getting our asses handed to us. WoW coming along and deflating our numbers made me sad.


Funny, it was the launch of WoW that got me to stop playing. A bunch of the folks I played with made a guild and left bf behind mostly.


The problem is that there's a huge skill difference in games like League of Legends. Matchmaking has made some players improve so much that if you throw them into community servers then other (weaker) players end up not having fun. This is less of a problem in a shooter, because there are no real penalties for dying (other than score), but in a game like LoL it quickly snowballs out of control.


I see what you mean but I do think in some ways the community servers also insulate and protect a lot of that toxicity and even allow it to be amplified. Being a new player and joining the "wrong" community server can be a pretty toxic experience.


There were plenty of toxic jerks online period with community lobbies. Although if you found a good server or set of them it mitigated the exposure. A big difference experience wise but the underlying problem was the same.

Ranked Ladder, PUG Teams, PVP, and especially "griefing mechanics" related to losses for the loser from the stakes can all cumulatively contribute to toxicity.


I can tell you that there were a huge number of cheaters back in the days as well.

The bigger problem now are f2p games were cheaters don’t have to re purchase a game after getting banned.


My hot-take as a smaller game designer is that I am skeptical that global competitive ladders are good design. I admit that's fringe, and I'm not going to fight people over it. But I can't imagine myself ever designing a system like that for any of my games.

First, I think these systems ignore technical realities, and design has to pay attention to real-world constraints. Blocking cheaters is insanely hard, and almost no real-time games that I know of do it at what I believe is an acceptable level.

It's a nice idea that I don't think is technically supported, in the same way that it would be a nice idea if my photorealistic MMO didn't have loading screens anywhere and loaded everything instantly. It's not good design to spend a bunch of effort hinging your game design on something that's not technically possible for you to do.

Second, I think these systems ignore player incentives. I think that global competitive ranking encourages the worst of playerbases, that skill is an arbitrary mechanism to optimize on instead of something like how close each match was, or player-reported satisfaction levels, or variety of play-styles, or any other of a dozen other metrics.

Third, caring about bots radically shrinks your design space. You can't have exploits, players have to have a "right" way to play, modding has to be more limited. It shrinks the game not only in the sense that it makes your systems more complicated -- it fundamentally shrinks what your game can do as a game, and how your game can evolve with the rest of the medium.

Finally, not only is skill not a particularly rewarding metric to optimize on when what you really want is for your players to have fun, most of the problems with automation explicitly only are a problem for competitive matchmaking. If you're optimizing for player-reported satisfaction, you probably don't care if people are botting your game, because successful bots will be optimizing for creating good matches instead of for just winning[0].

Personal plug, with my current project, Loop Thesis, LAN play is the only multiplayer. I only want people to play with friends, and I'm not trying to build some kind of community or network. That decision has simplified my architecture so much, the game is so much more modder friendly, the networking code is so much simpler, everything is nicer, and more stable, and more player friendly, because I don't have to care about bots and cheaters.

Future games that I make, even if they include global matchmaking, will not have global competitive rankings. My personal take now has become that 90% of the time these systems are a design antipattern.

It's counterproductive. I want players playing my game to have fun. I have to ban bots because they make the game not fun. The reason the bots make the game not fun is because all of my design hinges fun on giving players an optimization problem that I explicitly don't want them to solve in creative ways. The bots are solving the optimization problem too well. So getting rid of that optimization problem, getting rid of the rankings, makes so many other design/engineering problems go away. The bots aren't the problem, the optimization problem is the problem.

[0]: https://xkcd.com/810/


I agree with you wholeheartedly. I played countless hours of the first destiny. I loved exploiting all the glitches and finding new ones. The pvp was chaotic and random. Some matches I topfragged, others bottom.

I've tried going back to destiny several times over the past few years. It's too clinical. The good glitches get overnight patches. The bad ones last forever. The pvp is a non-stop sweat fest of me getting killed over and over and over and over. It just stopped being fun.

I game to escape the mundane reality of my relatively poor lot in American life. As soon as I start feeling that way when playing a game it's all over. I haven't found a game since the original destiny that gives me that escape. Games like pubg, fortnite, csgo, cod, battlefield, halo, all feel the same to me. I don't like most indie games, or 3ps, and don't have the time for games like ksp, factorial, civ and can't get immersed in single player games anymore. So my options are limited. It's been good though. With virtually no games worth investing money into a PC, console, or iaps, I've broadened my social circle and learned new skills. I imagine the market is going to swing back around to cater to the coop centered gamers when they realize that middle aged families with teenaged children or older have far more disposable income than the current demographic of school aged kids and young adults.


Something I've loved to prevent games from getting too clinical is when custom/modded maps are popular. It's fun when you're in a match on a custom map and gametype that no one has seen before and everyone is on a level playing field of trying to figure it out as they go. Halo has been one of my long-time favorites for enabling this sort of thing.


Been there. We just load up an old copy of openarena on our server and as a group play that. Simple FPS you can jump in and out of.


"The pvp is a non-stop sweat fest of me getting killed over and over and over and over"

Isn't this an argument for skill-based matchmaking rather than against it? (Since the OP whom you agree with makes a case against optimizing for SBMM, I presume you're also against it)


Before sbmm matches had a wider range of results for me. Last I played, with sbmm, matches were consistently average.

In other words. I love the idea, and the feel of overwatch which uses sbmm. However the game stacks teams to make matches frustrating.

Some games I'll be the highest rated player on the team and have an amazing game. Despite playing better than my average I will still lose skill rank points if my team loses. Conversely, I can spin in spawn for an entire match, get carried to a win and gain points. By naively averaging team vs team the fun is taken out of the game because too many factors are ignored when averaging leading to exploitable metrics. Exploitable metrics left unchecked causes a games community to splinter, shrink, and grow toxic as more players get frustrated and quit leaving behind a less savory group.


Space Station 13?


League of Legends doesn't seem to suffer from bots - if you don't want to believe me, check out https://www.reddit.com/r/leagueoflegends/comments/eieyz2/why... , and their regional rank system works well enough and not only useful and provide good values to the players, it is absolutely necessary at higher ranks.

Likewise, AFAIK, dota2 doesn't seem to suffer much from bots, and their rank system seems to work ok.

Arguably Fortnite / Overwatch / PUBG style games do suffer from aimbots, but whatever downside they bring, those games seem wildly successful. And the regional / global ranking system seems integral to their success.

Given that a large number of highly successful games do have it, I don't think your argument has much of a merit - it's surely a challenge to implement them but it seems like a worthwhile problem to solve, rather than avoid, at least if your goal includes global / regional success beyond small niche.


Not going to argue get into an argument on this, but I believe a large portion of both League and Dota's widespread community toxicity problems have their roots in the global ranking systems that they use. I also think that their ranking systems make them much, much less accessible to new players, and encourage their existing playerbase to experiment less.

To the extent that some games can legitimately get away with global competitive ranks without suffering bots, that doesn't mean it's a healthy choice for every (or even most) other games. Of course, no design rule is absolute, we're just speaking in generalities.

That being said, both League and Dota are investing massive resources to prevent botting on a system that arguably would be just as if not more enjoyable if it was redesigned. I feel the same way about games like Overwatch, even some inherently globalized systems like Pokemon Go that would be difficult to change -- I don't personally believe the ranking systems are making them better. I think they're there because they're expected to be there, not because they're reinforcing the core design of the game.


This is wildly offbase.

The toxicity, for the most part, doesn’t come from ranks. It comes from being stuck in a bad game for 20-60 minutes. Competition just exacerbates it because now ranks/points/money are on the line.

I’m talking about being stuck with an asshole that rages for any number of reasons, then decides to kill themselves the whole game to the enemy (feeding). Or people who flame you for any number of reasons. And you can’t quit because then you get a strike for being the first person to abandon the game, with penalties for doing it more than a few times.

Being 1 person down in a 5v5 can be incredibly hard to come back against. This is also why Overwatch is so incredibly toxic. A 5v6 fight is almost unwinnable, one person throwing is enough to lose the match. Dota handles this with comeback mechanics, but that’s only if a player actually disconnects/abandons. If they stay in the game purposefully throwing, you’re trapped and out of luck. Unlike Overwatch, TF2 isn’t quite as toxic because matches consist of 24 or 32 players, meaning each person’s actions aren’t as crucial as a 5v5. You can also freely leave and join casual matches. For the majority of the playerbase, that’s fine. Ranked introduces a bit of toxicity but that’s unavoidable in a team game. It’s also unavoidable whenever you have anything at stake- whether it’s money or points, etc. That’s just the nature of competition. No one forces anyone to play ranked matches instead of casual ones.

Competitive ranks and matchmaking can be fun, but you have to balance it right. With team games it’s very difficult, but it would be the same without a global rank system. Actually it would be worse because of imbalanced matchmaking.

And for many people, that rank is -why- they play. It’s fine to not be competitive like that, but understand that a lot of people are indeed competitive like that. Ranks are an indicator of skill and time invested, and there’s no reason to take that away from people just because one personally doesn’t care for ranked or whatever. Dota still has casual mode, and it’s still toxic, because of the length of the matches and having to rely on random teammates.


The game wouldn't work without a ranking system. At least you can't go from a matchmaking system back to one without, because there's a segment of the player base that is so good that if you throw them together with the average player then the average player won't have much fun. Games like LoL and Dota snowball too hard for it to be fun to lose at every stage of the game. It also wouldn't be much fun for the good player, because they won't face a challenge.

Also, I have some severe doubts about the origin of toxicity in that game being in the matchmaking system. Dota was the game where you were abused as a noob when you started out ("welcome to dota, you suck"). It's a niche game from 2003 after all.


If you think DotA2's matchmaking is unfriendly to new players, I don't think you ever experienced DotA1 matches. Every single game was wildly unbalanced, and as a result of one or so players, every single game was an absolute stomp where the losing team never had a chance.

The skill gap between good and bad players is ludicrous. It's like putting LeBron James against middle schoolers. There simply isn't a fun game when the game is determined by the singular best player, and the other nine players are being carried to victory regardless of their contribution, or being pounded into the dirt because they're less than exceptional.

I could never go back to random matchmaking after experiencing global rankings.


Of course, using a bad metric is often better than using no metric at all, but it doesn't follow that the current strategy is optimal.

It especially doesn't follow that global rankings should be a user-visible metric, or an explicit player motivator (a la seasonal rankings). People don't bot because they're unhappy with the players they're matched against. They bot because they want a publicly visible number to get bigger and because player rewards are locked behind competitive rankings.


But there are no bots available that can play the game for you competently. Even deepmind had to have quite a few restrictions to do so and such a system most likely can't even learn an evolving metagame.

People who join ranked want to compete. If you don't want to then there is another queue available that's not a public ranking.


> But there are no bots available that can play the game for you competently.

Then who cares whether or not players bot? Let them. Heck, go all the way and actively support it if it's not an issue.

On the design side, I'm seeing a number of people commenting on here that getting rid of a publicly-facing global ladder would mean that these games couldn't be competitive. I don't believe that's true. We have wildly competitive games in the physical space that don't use global ladders, and they don't suffer for it.

Global ladders are a very specific, very narrow mechanic -- they have some advantages for competitive play, and a whole lot of downsides. And we have options. At the very least, even if we do nothing else, we can shrink the size and make them regional. Or because things are digital we can throw out geography entirely and base them off clans.

Competition in small groups is often preferable to competition in large groups anyway, since that can foster rivalries, and because repeat matchups between competitive players are usually more interesting than random ones.


leagues toxicity has its roots in them not allowing players control over themselves. You can get stuck in a game with an asshole and they force you to play it out. That would put anyone in a shitty mood, and is why I stopped playing the game.


> League of Legends doesn't seem to suffer from bots

Depends on where you look. I used to see them a lot in certain game modes and when playing with friends that were new. As one commenter put it:

> To play devil's advocate here -- If you were to play summoner's rift AI games, ARAM, or even some summoner's rift on a sub-30 account late night EST you will be DROWNING in bots. They are EVERYWHERE. They also go almost entirely unpunished. You can track their summoner ID's through OPGG and watch them play the same champion 24 hours a day until 30, change name, and swap champions entirely.

> I tried to get some friends to come to league, and they all quit because their teammates were AI every single time. Not "lul ur bad r u a bot??" but a literal bot grinding exp to sell level 30 accounts. Sure, scripting Xeraths/Cassio's are much more rare -- but League has a huge bot problem sub-30.


See, this is just absolutely true. When 7 or so of the top 10 most successful games of the last decade all share features like global matchmaking, you can't tell me those features bring more trouble than value. I agree there are hard challenges there, maybe ones that cannot be solved perfectly, but for success at that scale they are clearly worth attempting.


7 of the 10 most successful games of the last decade listed here also offer in-app purchases.

I don't ignore success -- Overwatch, League, Dota, and Fortnite are all objectively well-designed games. But that doesn't mean that every decision they make is good design. If success was the only metric I used to judge design quality, I would have to conclude that Farmville was a better game than Hollow Knight.


I do agree Hollow Knight is a so much better game than Farmville (and most games, for that matter).

But in this case, global/regional matchmaking is an essential part of those successful games and their game experience (unlike in-app purchases which are essential for moneymaking but not essential for game play experience). If those games didn't have regional matchmaking, they would provide very different experience.

You keep saying you believe the global matchmaking is not important, but I'm afraid you have presented no coherent argument or evidence so far - hence it looks like you're simply ignoring the reality unfortunately. Given how much core part of the experience the global matchmaking is for those games, the onus is on you to prove the otherwise. So we'll likely have to agree to disagree.


Those online competitive team games are pretty unfriendly, though. If you try something new or fail to keep up with the latest flavor-of-the-month playstyle, people will flip out on you. You're suddenly preventing this guy from realizing his life goals of climbing to the top of the ladder and becoming a world-renowned player.

I love MOBAs, but I can't bring myself to try out LoL or DotA2 again since I don't want to deal with angry teammates


> I love MOBAs, but I can't bring myself to try out LoL or DotA2 again since I don't want to deal with angry teammates

I don't know about lol, but DotA 2 has a setting to mute all chat, so you're just playing with quiet teammates. They can still ping the map and use the chat wheel, but that stops pretty much all the chat abuse, especially if you're stuck with a 4 stack that picks on the lone player.


Value to the company is not necessarily value to the players.


They've shut down entire game modes PACKED full of bots.

Low level ARAM and TT you would often have out of 10 players, 1 = you, 9 = leveling afk bots that run around to prevent auto-kick.


What improvement can a cheat offer a League of Legends player?


I think the big one right now is dodging skillshots, or having the cheat make skillshots for you.


> Second, I think these systems ignore player incentives. I think that global competitive ranking encourages the worst of playerbases, that skill is an arbitrary mechanism to optimize on instead of something like how close each match was, or player-reported satisfaction levels, or variety of play-styles, or any other of a dozen other metrics.

I think you're totally missing the point. Computing a global competitive rating isn't intended to optimize for skill. Rating is a proxy for skill, sure, but generally it's being used in matchmaking because (a) rating gap is a not-completely-terrible proxy for closeness of matches (because skill gap is a decent proxy for closeness of matches), which contributes to player satisfaction, and (b) you can derive it from easy-to-measure data and while there are fiddly details, everyone is roughly on the same page as to what you're trying to approximate.

It happens that, once you compute that, it's really tempting to sort and report. Perhaps that's a mistake and invites the worst of people's instincts to make numbers go more and bigger.

This still has the constraint that all the players are playing the same game, but as long as you can somehow avoid ascribing value to rank placement then many forms of cheating just stop mattering; the cheaters self-sort themselves into a tier where they don't interact with anyone who can't deal with them.


I think my argument there would be that despite common assumptions, rating is actually a very poor proxy for skill, and an even worse proxy for a good match-up. Similarly skilled players won't always like to play with each other. Nor do I think that win-percentages are the only metric we have to work with -- most multiplayer games have reams of much better data to sort through, particularly in games with high variability of play-styles, player types, and team compositions and setups (games like League/Hearthstone/Overwatch, etc...)

That being said, I would be more amiable to a system that used player skill as a matchmaking tool if it didn't report those numbers to players.

However, I'm not sure I would say that sorting and reporting is usually a side effect or minor mistake on top of those systems, given that many of these games have seasons, rewards, an entire meta-game built on top of their rankings. The rankings aren't just serving the purpose of getting players matched together -- they're serving as player motivators. The responses that players have can't be seen as a purely accidental side-effect when designers are going out of their way to present this information to the player and to encourage the player to pay attention to it.

Hearthstone is a good example here. Hearthstone has brilliant design, but its ladder system is horrible and dumb. It explicitly encourages net-decking and grinding instead of experimentation. Fast decks are objectively better than slow ones with the same win percentage, because ranking is largely determined by win percentage combined with the number of games you can fit into a season.

Season rewards are then tied to rank, so the best way to get new cards if you want to experiment is to build a boring deck and grind. This is despite the fact that for most players, knowing within the first few turns whether or not they're going to win is not fun.

So of course people bot Hearthstone, because before you can build creative fun decks and play against interesting people with interesting strategies, you have to pay the "fun tax" of grinding on the ladder. Everything brilliant about Hearthstone is bogged down by being tied to this kind of toxic experience.

There's no way to say this about such a popular game without sounding naive, and I'll take the criticism, but I do not believe for one second it would be difficult to build a better public ranking system for Hearthstone, especially given the ludicrous amount of player data they have. Even something as simple as balancing rank with deck variety so players got fewer rewards the more times they played the same cards would go a huge way towards getting rid of net-decking.

These systems do increase engagement among very invested players, so maybe that's the only intention. But to heck with engagement -- is laddering at the higher ranks of Hearthstone fun? People do it, people say they enjoy it. Again, I'll take the criticism a statement like this warrants, but I don't believe them. I don't believe the experience of grinding a single 55% win-rate deck for hours and hours is an experience that is worth having or producing.

And when I think about why players do that, the only cause that comes to my mind is, "the game tells them to."


>That being said, I would be more amiable to a system that used player skill as a matchmaking tool if it didn't report those numbers to players.

Almost all of these games have an "unranked" mode in matchmaking that doesn't publicly report your rank.

>Hearthstone is a good example here. Hearthstone has brilliant design, but its ladder system is horrible and dumb.

Hearthstone is probably the worst collectible card game I've ever played. The actual gameplay of it is poor and heavily RNG reliant. It's not bad if you put in an inordinate amount of hours into it, because then you'll get a feel for what the opponent likely has and how likely you are to succeed, but this is generally not something you can just easily reason about without an absolute metric ton of experience. That's why net decking is so common - it's too difficult for most players to figure out near-optimal combinations, because they don't have as full of an overview of the game as the experienced players. The search space is just too large.


> Hearthstone is probably the worst collectible card game I've ever played.

:shrug:

I'm not going to argue about what games are good. Substitute out another online card game you like, I promise 90% of the time it will have the same problem. My experience with MTG Arena has taught me that net decking there is just as common, and I consider MTG to be a much more skill-based game than Hearthstone.

Like Hearthstone, MTG Arena has "unranked" modes, but like Hearthstone, the majority of rewards and design is meant to force you into ranked modes.

> it's too difficult for most players to figure out near-optimal combinations

Take a step back. Why do most players feel that they need to find near-optimal combinations? We have a ton of research on card-game archetypes going back over a decade. It is generally understood by every designer in the field that competitive optimizers are one player archetype of many, and often not even the largest one. But the design of our ranking systems explicitly encourages players to become competitive optimizers to the exclusion of every other archetype.

Of course, everyone wants to build good decks, but the experience of playing paper MTG with people even in semi-competitive settings is often very different than the experience of playing MTG Arena -- the "need" to optimize is on a whole new level. It's the same game, but the incentive structures of the metagame that surrounds it changes how the players act.

That's not to say that competitive players don't exist, but it is to say that in every area of card-game design, we recognize that the design space needs to be wider than that. And in our ranking systems, we don't. It's also not to say that stuff like tournaments are bad. It is to say that every online card game I have ever played suffers from these problems, and every one of them uses the same exact ranking system, and maybe the problems are related to that common element.


>Like Hearthstone, MTG Arena has "unranked" modes, but like Hearthstone, the majority of rewards and design is meant to force you into ranked modes.

Is it that the game designers sat down and deliberately designed a system to get you to play more ranked or did the players demand rewards for ranked (or the designers anticipated such a reward)? I've seen the latter happen in an online game. The players in World of Warships demanded more rewards after seeing the initial competitive game mode (team battles). Eventually the developers gave it to them.


That's very possible -- a lot of game features come out of that process.

But, I would say the responsibility of a designer is to be able to parse player feedback and disregard bad suggestions. If your players knew how to design a game, they would be game designers.

One of the big reasons design is so hard is because you're trying to understand another person's motivations better than they themselves do. Feedback shouldn't be ignored, but neither should it be implemented verbatim. Players just aren't good at sussing out their own motivations -- they'll tell you, "we want more rewards for ranked" instead of "we don't want to feel obligated to dip into unrelated game modes", or "we want to feel more like we're progressing towards something."

Players also aren't good at giving feedback about what feels wrong, their feedback instead takes the form of half-thought ideas of how to fix what feels wrong. Responding to that feedback means digging under it to find out the actual problem and addressing that specifically.

Note that this isn't just me talking. Rosewater himself has talked about this phenomenon a lot in his design blog on MTG, and he has a good quote on this[0]:

> The key is whether or not what the players want will in the end make them happy. Players ask for things all the time that if we actually gave them would make the game less enjoyable for them. We do spend a lot of time trying to understand what they players want, though, because when we are able to give players things they want, we do.

The point being, I have no doubt that if MTG Arena announced tomorrow that it was getting rid of ranked rewards and seasons, the playerbase would be livid. I still suspect an alternate system for rewards would be better in the long run.

[0]: https://magic.wizards.com/en/articles/archive/making-magic/s...


> I think my argument there would be that despite common assumptions, rating is actually a very poor proxy for skill

you can't know that without knowing the specifics of how that rating is generated.

I promise you ELO for chess is a hell of a lot more accurate than ELO for league.


I do know how the specifics of how these rankings are calculated because they're publicly visible[0]. I'm not arguing that behind the scenes Hearthstone's matchmaking isn't sophisticated enough (although it probably isn't), I'm arguing that publicly, the public mechanisms for determining rank are really bad and encourage bad play habits.

Hearthstone ranking is not a good proxy for skill, it's a good proxy for the amount of time you have to play and the speed of your deck. Objectively, the best strategy to get good ranks at Hearthstone is to build a fast, >50% win-rate deck and then to grind. That's not a good proxy for skill.

[0]: https://hearthstone.gamepedia.com/Ranked


I'd love to see the details on League of Legends ranking algorithm.


Sure!

https://dotesports.com/league-of-legends/news/league-of-lege...

> As players win games in ranked, they gain League Points, also more commonly known as LP. They also lose LP when they are defeated. Upon reaching 100 total LP in a given division, players enter a promotion series to try and get to the next available division.

> Players must win a majority of their games in order to advance to the next division. Promotion series within certain ranks, like Bronze III to II, are a best-of-three series. From one rank to the next, such as Silver I to Gold V, promotion series are best-of-five instead.

> If a player doesn’t win that amount of games, then they’ll need to get back to 100 LP to try again.

----

Yes, the exact details of how your MMR is calculated is kept secret, but it doesn't matter if you still know exactly what you need to optimize for: winning sequential games, often in chunks, and going out of your way to avoid losing streaks which can result in demotions.

Arguing that hiding the exact MMR formula means that players won't alter their behaviors to fit its approximate contours is like arguing that because Google's page-rank algorithm isn't public that SEO is not a thing.

(Some of) the consequences of this setup include:

A) losing matches becomes much more costly, which exasperates the problems League has with feeders and trolls, and lends itself to a more toxic environment.

B) Experimentation and learning new heroes is best done off of the ladder until you feel like you're competitive with that hero. Experimenting on the ladder is not only bad for your rank, it's also likely to get you reported by other teammates as a feeder (see the toxicity mentioned above).

Players are effectively optimizers. If you give them a system with a clear success metric (ie, a public rank going up), they will optimize their play-style to fit that system. Designers often assume players will stop doing this at some point. They won't grind in an RPG because that's boring. They won't bot a competitive game because that's not fun for other players.

Most players don't think in those terms during gameplay (myself included). Thinking that way is hard. As a designer, if you want a player to optimize for creating a fun experience for themselves and others, you have to explicitly build your publicly-facing systems to encourage that behavior.


That's an overview, not specifics and not details (verbiage that first you and then I used). It's a shitty sleight of hand, so I'm going bring this back around and then I'm done with you.

You stated that rank is a poor proxy for skill. https://news.ycombinator.com/item?id=21952133

I stated you can't know that without details. Knowing that winning gives you more LP and losing takes it away is not detail nor specifics.

You can't know, but you're going to hold onto that branch rather than be a little introspective and consider that you may be wrong.


> Personal plug, with my current project, Loop Thesis, LAN play is the only multiplayer.

What do you mean by this? A lot of game developers seem to be obsessed with the term "LAN" but I don't really understand how that has anything to do with application level network protocols that build on IP, which does not care about physical network topology.

It is very irritating because each developer seems to have their own made-up definition of "LAN." For example, there are games that won't let you connect to IP addresses outside the private ranges. There are games that won't let you enter an IP at all, and instead require the host to be found by broadcasting on your subnet. There are games that won't let you connect across subnets for other, arbitrary reasons. And then there are many games where they use the term LAN but it has nothing at all to do with LAN and works exactly like online multiplayer in any old game -- select the host (or enter its IP) and bam you're connected, whether the connection is local or intercontinenal is none of the game's concern (this is how it should be).

I have no idea what I'm buying whenever I see a game that sells "LAN multiplayer."


There are no centralized servers for Loop Thesis, and each server hosts one game.

The game ships with tools that allow players to very quickly connect to running games on the same network as them, even if they don't have anything installed. Anyone with a copy of the game can turn on hosting, and the game will not only handle being a server, it will also serve a web-based client for the game.

In practice what that means is that if you own the game, you can pull out your laptop, connect to someone's wifi, turn on hosting, and all they need to do is visit a local IP on any of their devices[0] and they are instantly playing with you.

Of course, networking doesn't force you to be behind a NAT, so there's nothing preventing you from hosting a server on Linode and exposing that IP publicly. But aside from some token authentication options, the game isn't designed to handle a bunch of public anonymous connections. The server also isn't persistent; it's assumed that once you're done playing you will shut the client down, which will also shut the server down.

Short version, you have a traditionally hosted server with an IP address, and it's not pulling any fancy tricks to force you to set that server up in a specific way. But it's not designed to be a persistent server with uptimes of like a month or something, and it's designed to handle a few connections from people that you know. The out of the box experience is going to give you a Intranet IP, not a public one, and if you want to get it working over the public Internet for some reason, you'll need to handle stuff like port forwarding yourself.

That means: no matchmaking (one game per server), no public server lists[1], only minor authentication and anti-spam options, and transient servers that disappear when play sessions are over. Loop Thesis isn't technologically restricted to a LAN, but the experience is designed for drop-in, friends-get-together LAN play.

[0]: No promises, but I am experimenting with touch controls for phones.

[1]: Unless the community builds them and maintains them on their own.


I agree with your points. I used to play online shooters with private servers when I was a teenager, and I actually enjoyed the fact that you had a mix of skills on a given server at a given time, as well as the feeling of running into the same people when you frequent certain servers (i.e. a feeling of community).


> Allow users to votekick and voteban. Provide the server software for players to host their own servers and provide their own solutions to these problems.

This might still be the best compromise but it is terribly frustrating to be accused of cheating because of different skill levels or tactics.


Not to mention the ease that that feature can be abused. What’s to stop the opposing team from just vote kicking the top players on your team?

I spent my entire middle school life playing Starcraft. When SC2 came out the same rush tactics I learned in SC1 worked. I was often accused of hacking simply because I had years of experience tweaking the fastest build method.


>Not to mention the ease that that feature can be abused. What’s to stop the opposing team from just vote kicking the top players on your team?

This is exactly what happened when they had this feature in Overwatch. One of the top (legit) Widow players could not find a game because everyone he played against vote banned him from their games. He was basically unable to play the game because he was too good at it.


Sure, but you have to expect that. So, you look at the votebans, and you zap the people doing it unfairly. Or, even better, a voteban, legitimate or not, always costs you something--so you think twice before swinging the hammer.

These systems always seem to fail because there is no accountability. You can't allow actions without accountability for those same actions.

The problem is that accountability means involving humans and humans don't scale.


people didn't want to play with him, I don't see the problem.


I hear ya. Everytime I show up at the elementary school basketball court down the street, all the little kids complain about my skills. They never let me play.


Assuming you need a majority to ban and teams are equal, everything?


I've seen this handled by not allowing the enemy team to initiate a votekick/voteban against a member of the other team.

This method has problems, but those could be rectified later via human moderation and other means.


Agreed. I play War Thunder and have had a couple times been accused of cheating. I would not risk my annual paid account to sit there and cheat. I have invested thousands of hours on that account and that alone is worth way more then any money. I do not cheat is my point. But at times I just blast a shot across the board and you hit a guy. So how do you distinguish between god shots and cheating?


There are some ways, but they are often somewhat invasive, and basically none are possible for a human player to use while in game.


True, but when you get accused of cheating for having a wicked hot streak, you know it's kind of one of the best compliments you can get :)


> These are tools and approaches that we had in past games and while they are not perfect, they are better than these black box invasive anticheat solutions born from a desire to avoid giving community control to users.

There are still games with votekick/ban. They work for cheaters, but the collateral damage that comes with votekick/ban is far, far greater than anticheat wave bans.

People votekick for very petty reasons and people often reflexively vote yes on the assumption that the votekick is done in good faith.


Reminds me of Rainbow 6 where you're kicked the instant you lose a gunfight or anyone just doesn't like you.


That depends on the community, if there is a mature group of people playing these aren't really big issues. Not that it's going to fix everything, but when I play games with these features they seem to help more than they are abused.


Vote kicks rarely seen to work because the rest of the players don't know what is going on. A vote starts and you think "wait what, what did they do" even if someone says "they were cheating" most people playing wouldn't have seen it and have no idea if this is true.


> Allow users to votekick and voteban.

This is usually just a band aid and can be pretty ineffective in a game like Battlefield where there are a large number of players in a single match. Specifically, a cheater has to be really obvious for enough people to notice and actually care enough to cast a vote.


If the cheater isn't obvious enough then they aren't having much worse of an effect than a really good player.

But that's why I mention giving server control to users; they can experiment with their own alternative anti cheat and moderation solutions.


I, for one, only notice when it's a real obvious cheater. And in those circumstances the perception of a fair game would go way up if we where able to ban the fool ourselves as players.


Back in my Halo CE days, I got tons of mileage out of a util called sightjacker. It'd basically allow for one to view exactly what the other player was seeing and doing in their client.

The cheats became quite trivial to pick out, because their aim was never natural. It was always pinned on the target and stuck like glue or smooth and natural until they got close to targets.

I'd just sit back and occasionally sight jack people I hadn't met who entered the server, and the banlist slowly grew over time. The other players would stick around, so it obviously at least resulted in good games.


Plus this is easily gamed - most games where voting has been enabled just had storms of vote requests being generated.

Some by butt-hurt snowflakes that can't handle better players but most by explicit trolls trying to cause mayhem, spam and hopefully getting someone kicked for fun. At some point the voting gets either ignored or disabled outright.


IMO this goes to how per-server "communities" were destroyed by the rise of new business models involving follow-on purchases.

Previously (e.g. CS 1.x) you could have a loose federation of privately-run servers, with a certain amount of darwinian-selection for good or bad communities.

However once GameCo starts selling exclusive skins and weapons and XP-boosters and things, they can't allow the possibility of rogue servers just unlocking everything, so everything was brought together under a corporate-hosting-only umbrella. This also destroyed the capacity to leverage volunteer admins, unless the company invested in a mechanism for "you pay we host" servers.


TF2 managed to have private server, and was the origin of HATS. I'm not sure I see that your logic is sound.


None of your solutions make sense. Which is obvious to anyone who has played a game with cheaters.

> Allow users to votekick and voteban.

People love to say others are cheating when they are losing. Not going to work.

Allowing users to provide their own solutions? That’s funny you say that. Tournaments and leagues on CS pretty much made you install software that would periodically take screenshot of your computer to prove you were not cheating.


> Allow users to votekick and voteban. Provide the server software for players to host their own servers and provide their own solutions to these problems.

I used to play Counter Strike starting at Beta 1.3, on a 56k modem. In NZ we had some team who went off overseas to represent NZ in a competition. They lost the first round. After they got back I found their practice server. They didn’t seem to mind if randoms joined. I got 3 headshots and they banned me for “cheating”

My point is, if you leave it up to the players. They will kick and ban anyone for any reason because they can. You simply cannot rely on such a system.


Your cheating guys lost in a real contest. Seems to be a working system.

And idiots are idiots, I don't want to play with them anyway. So if a server is full of them who kock people for the sake of it ... then I just choose a different server.


In many many games you don't have any alternative to "playing with idiots" so no, it wouldn't be a working system in any significant way.


> Allow users to votekick and voteban. Provide the server software for players to host their own servers and provide their own solutions to these problems.

How would that work in case of MMORPG with open world ? One clan would votekick competing clan? Any group votekick whoever they want? Or in case of FPS games lets vote to kick player X because he is just too good (killing us all) so he is cheating for sure?

> Provide the server software for players to host their own servers and provide their own solutions to these problems.

Dosen't apply for most MMO games.


> How would that work in case of MMORPG with open world ? One clan would votekick competing clan? Any group votekick whoever they want?

Checks and balances. It's a political problem at that point. MUDs had sometimes very traditional political institutions for bans/player behavior issues, and the same can directly apply to MMOs: "councils of multiple clans", for instance. You can already think of most corporations running MMOs as "BFDLs" (benevolent dictators for life) and there's good reason to ask them to add juries/trials for a more open democratic process to bans, as one common political solution to dictatorship. The same obviously goes the other direction that if players want more involvement in bans/kicks, they need structures like juries/trials to keep things transparent and to bubble up such issues as appropriate.

You can't always solve political problems with technical solutions, but more importantly sometimes technical problems have good political solutions.

>> Provide the server software for players to host their own servers and provide their own solutions to these problems.

> Dosen't apply for most MMO games.

Arguably it should. At the very least for long term archival, MMO games should feel more pressure to provide server software access to players to host their own servers. There's also a lot of interesting history associated with MMOs that had open servers (many MUDs), or reverse engineered server shards (things like various Ultima Online player-created shards). Even if most players would prefer a "canon" experience in BFDL hosted shards, that isn't necessarily a strong reason to avoid offering players a choice to host their own servers. Arguably most good MMOs hosting your own server cluster is a great amount of effort and would be A) self-limiting (only certain groups of players would have the combo of resources/interests/skills), and B) at least somewhat useful to the game owner themselves as a form of CI/CD test (if other people can reproduce your Production environment you are more resilient against possible mistakes/failures in your Production environment).


MUDs, while wonderful, occasionally devolved into closed ecosystems where RP enforcement and opinions ended up creating a toxic community with the playerbase eventually shrinking to nothing. MUDs are amazing but I think they're a bad example to call on in this case.


I don't know, I feel like that only mirrors/emphasizes/complements my point: yes, political solutions are hard (we still refer to the USA as a political "experiment" 200+ years on, for some good reasons), but they are possible (versus trying to handle things entirely technically that are by their own nature political; as other arguments in this thread and elsewhere point out, dealing with bad actors that are people will almost always be at least somewhat political).

Political solutions can clearly fail, and that becomes another reason to allow players to run their own servers as it is an "out" in the case of a political solution failing (a different sort of resiliency to the technical sort).

MUDs also have tales of successes. Times when political alliances defeated griefers and the community was stronger for it. Partly because of the relative ease of spinning up MUDs there are so many stories and experiments out there to choose from / learn from. MUDs were an early laboratory for what became MMOs in so many ways, and it will always be easier to reproduce studies done in that sort of a laboratory setting, including the failures. In science often the failures are the greatest learning experiences leading to the most interesting hypotheses.


The false positive of someone getting kicked for being too good is a better negative outcome than the false positive of a ban, especially in an opaque system with poor support staffing and resolution processes. When users can trivially provide and administrate and experiment with their own servers, then the effect of not being able to return to the same server is lessened.

>MMO games

They're a different beast entirely. But in the case of battlefield, you have a capped playercount that is orders of magnitude smaller than an MMO, and much more manageable.


You have no idea of how much a votekick system will get abused. Nobody would ever seriously consider such a system in 2020.

Teammates will kick you out for stealing kills from them. Teammates will leave bots on even if they are flagrant bots if they are helping the team. Enemies will kick you out if you are too good.


I play many games that still have vote/kick. (Most often, Insurgency). The 2 most common vote kicks are an idle player that is the last player left on a team, and the guy sniping with a 40/3 K/D ratio, and a ping of > 300ms, that doesn't respond to any chat or voice chat, etc.


I play in custom servers for plenty of games that have vote kick and ban systems. The games themselves may be old, but the players range from fresh to old guard. Valve FPS games were / are particularly good for this.

>Teammates will kick you out for stealing kills from them

Then you find another server that has fostered a better community. Or even start your own.

Even if the ratio of absolute mean-spirited jerks to decent players was 10:1, that's more than enough well intentioned players to foster good server communities. But I suspect the actual number is closer to a reversed amount.

Obviously MMOs would be a different beast, but the type of cheating you're trying to defeat - the threat model - is often different than wallhacking autoaimers.


Sorry, I am talking about MMOs exclusively. Some of those also have you compete not only against the enemy team but also against your own team for ranks


Why would it be abused more today? It was not abused that much back when I played Quake 1 and Quake 2.


I believe the loot system changes in WoW were inspired by occurrences of groups of people joining matchmaking together, then kicking a person after the boss died and taking all the stuff for themselves. I only saw this sort of behavior firsthand once or twice, but I’ve heard from others who thought it was widespread.


And in WoW too, given how the honor rank system works, imagine if people could kick others from battlegrounds: they would kick those with higher ranks so they could climb the ranks faster themselves.


So.. don't design systems that encourage toxic behaviour?

In the case of WoW, they realized their mistake and ripped out the global PvP ladder over a decade ago.


Classic has the ladder again :)


Then don't buy it! If the product is known to be defective, resist the marketing and be a savvy consumer who doesn't buy products known to be faulty!


> "You have no idea of how much a votekick system will get abused."

Votekick systems used to work great for many games. They don't work in games with global ranking systems because those ranking systems create toxic incentives. Once games become "serious business" instead of casual fun, the knives come out.



> Allow users to votekick and voteban. Provide the server software for players to host their own servers and provide their own solutions to these problems.

If you want to see a game where that effort fails, one needs not look further than Mordhau. It's an incredibly awful community where players will initiate votekicks simply for getting killed, and cause players to get kicked/banned because the community finds overabusing the feature to be funny.


> It's an incredibly awful community where players will initiate votekicks simply for getting killed

...lol, that's nothing, expect people getting kicked for having a feminine voice.


Well yes, that was more or less a benign example of the community issues in Mordhau. I wasn't too interested in getting into a deep argument on the issues of extremely toxic communities and the various *phobic issues within because that inevitably causes bad faith arguments here sadly.


Only if you provide a robust and empowered support staff to quickly unban and resolve false positives. That is, actually take responsibility, which is something game developers and major publishers seem allergic to.

It costs money to hire, train, and oversee said staff. Game companies don't want to spend that money.


They would be more inclined if gamers were willing to pay the additional cost. Unfortunately they rarely are. The gaming community, especially the hard core community, is one of the most oddly-miserly communities I’ve ever seen. Some of them will spend thousands on liquid cooling and high end graphic cards, specialized input devices, etc., but balk or even rage at paying an additional few bucks over the lifetime of a game for improved features and support.


Uh? Have you seen the price of AAA games?


They’re flat for years. Ten years ago a premium AAA title would typically release at $49.99 to $59.99 and still have expansions and other DLC for sale.

In constant dollars the retail price of top-end games is basically flat, or even lower now.


Your argument is disingenuous.

Most aaa titles have significant dlc that hardly expands the game. Gtav is an exception, and that's only because stupid/rich people whale on shark cards. Also repeat purchases from banned players.

Cod is now $120/yr. Without and iaps. If you don't buy the dlc you'll have a hard timemaking friends and playing pvp.

Most games are like that now. Looking at title prices is a flawed metric. A good metric total cost of all iaps. If there are unlimited purchases available then you can be sure that the game has been crippled to coerce vulnerable players into spending irrational amounts. This trend is unethical and everyone involved in allowing this to continue is no better than the sacklers.


Games ten years ago had DLC, too. Certainly not as much but it did exist, and often was priced on par with equivalent DLC offered today.

Also, it’s frequently the case that DLC today has development and maintenance costs that the base retail package simply doesn’t.


Ten years ago it wasn't common for dlc to have unlimited purchases or even for the cumulative price to double the base cost. Now, it's rather common for games to have gambling mechanics that put a floor on the cost of time limited items that is measured in the hundreds or thousands of dollars.

I have less of a problem with buying a game and its season pass for $120 than I do when I buy a game and season pass for $120 to find thousands of dollars in iaps required to get everything. This trend is disgusting and I for one have written off all companies with even a single product engaging in this. This includes Blizzard, rockstar, Microsoft's label, bungie, Activision, ea, etc. To earn my purchases they'll need to ditch all the unethical iaps and find an ethical and sustainable business model. Though I'd rather see them go bankrupt and firesale all their ip to indie studios.


The market exists in its current state because the gambling/loot box/DLC whales subsidize the rest of the market, because by far most of the rest of the market think they're entitled to $200 worth of content and support for $60 at retail and are very vocal about it.

I'm the last one to defend Big Business in any industry, but I've seen the gaming industry from the inside and as a consumer. Here's my opinion: gamers are absolutely the worst customer base I've ever seen.


That's easy to say. There's certainly no dearth of miserable people that play video games and try to being everyone there down with them too. But these peoplealso act these ways in real life too.

I don't feel entitled to a $n game for less than $n. However, if a company sells 0.5 of a $n game for the $n price I will take issue with them. There is no shortage of half assed games sold with dlc and gambling for aaa prices. No man's sky is the epitome of this. How they didn't get arrested and sued for fraud/false advertising boggles my mind. The industry is ripe with huge promises from the scummy advertising department, that turn out to usually be a shadow of what was promised.

Studios cut just about every corner, blatantly reuse assets yoy in dlc/new titles, skimp on infra, and have the audacity to complain about the players being cheap? The industry has pushed away so many deep pockets with these awful tactics. Try delivering good products first without selling me a bridge.


> This trend is unethical and everyone involved in allowing this to continue is no better than the sacklers.

This is one of the reasons I dropped out of the gaming market almost entirely. The way I see it, 'gamers' are some of the least savvy consumers on the planet. They continue to buy games from companies they know have burned them numerous times. In some markets, consumers are known for holding decades long grudges against companies that have wronged consumers, but not gamers. Gamers seem to be exceptionally forgiving and naive in this regard, and that lets games companies walk all over them.

Invasive rootkit DRM, games broken on launch, games broken forever with the expectation that community modders will donate their labor to fix it for free, games that don't facilitate community servers, games that are split in two before launch with half the game being labeled "DLC", thinly veiled skinner boxes designed like slot machines designed to encourage binge-play ("grinding for rare loot") and sometimes designed to extract even more money from players who've already purchased the game ("lootcrates".) A DRM company, widely beloved by gamers, being forced by the courts to revise their abhorrent returns policy (https://www.engadget.com/2016/12/23/valve-steam-fined-2-mill...) Shit, I've had 'gamers' get fuming mad at me before for not worshiping at the altar of Valve, as though it were religious heresy for me to criticize a for-profit American corporation.

Even when the 'gamer community' recognizes something as broken, they seem to forget by the time the next game comes around. Just look at the history of Bethesda releases. Morrowind was broken but somewhat novel. Oblivion was again broken, though perhaps with some of the edges rounded over. Next was Fallout 3, which was still broken. Skyrim was very broken, at this point the pattern should have been obvious to everybody paying attention, and to be fair to the gamers the brokenness of Bethesda games was becoming a meme at this point. Fallout 4 comes around and it's their most nerfed game yet, but still broken as fuck. How could anybody be surprised at this point? Yet people still bought that, and they even bought the next game, Fallout 76, which was the most egregiously Bethesda broken game yet. Currently the 'gamer community' recognizes Fallout 76 and Bethesda as dumpster fires, but will they buy the next Bethesda game? I'd bet on it. When it comes time to vote with their wallets, I wager they'll be compliant consumers and do as the marketing tells them to. Even when they learn, they don't learn. The lesson doesn't set in, a new game is released, and the cycle continues.


Games are games, game companies are games too. People want to be in this world where you can play with anything, broken and burned is part of the game. There's no difference between company, customer and product, it's all play.

A straight up and down company like IBM or Ford would not dominate in the games industry. Valve, ea, bethseda are leaders in play. They give you the opportunity to play religious heresy, or witness a fallout 76 firestorm. Where else do you get to play with a billion dollar company?


Those game companies could always exit the company-hosted company-moderated multiplayer space and go back to either privately-hosted servers or single-player games.

If you can't accept the costs of central servers, don't make them an essential part of your business model.


If that's the case then they can enjoy paying my refund, just like Blizzard did way back when.


Surely you can see how mob mentality makes vote kicking and vote banning a terrible idea


That would quickly turn into a popularity contest rather than a cheater elimination tool. I'm not really qualified to tell the difference between a cheater and a really good player on many occasions. I can vote for lack of fairplay of course but give the average player a chance to vote and they'll quickly vote out anyone they don't like.


Battlefield 4 had rentable servers. It wasn’t fun getting kicked for being good, despite playing on a PS4 where cheating didn’t really exist.


There exist good solutions, but none of these companies have the competence or will to actually solve the problem. It’s security theatre a la malware. “Hey everyone install this rootkit to pretend like we’re preventing cheaters. Don’t worry about the keylogging and screenshot uploading.”

What’s most surprising is that the vast majority of gamers aren’t outraged by this at all, despite repeated demonstrations of untrustworthiness by anticheat companies.

https://youtu.be/SnRgW54EWwA


> There exist good solutions, but none of these companies have the competence or will to actually solve the problem

Could you share what some of the good solutions are? As someone who works in games, (not in anticheat) it's a stretch to say that companies arent competent enough to implement good anticheat.


See the video above. It’s a condensed recap of Valve’s GDC 2018 presentation on VACnet. The actual presentation is worth listening to if you have the time.

https://youtube.com/watch?v=ObhK8lUfIlc

I disagree on the statement that developers, publishers, and/or anticheat companies are too incompetent to implement good solutions. They have not been putting serious effort into the problem or else the state of cheating in video games wouldn’t be as bad as it is today.


I have worked on some server-side anti-cheat detection for a game recently. Competence is not a problem, it's actually very difficult to even do detection some would think is "easy".


as someone who works in the gaming industry, i think anti-cheat exists in part because of the culture of game development. every games company i have worked with has valued releasing the content they want to release above everything else – they'll request API changes and the removal of security hurdles to meet their release deadlines. crunch culture is very real.

As a small, real and not at all outlier example I was asked once if the game's backend servers could establish a persistent mutual TLS connection to authentication servers so game clients wouldn't need to implement oauth / oidc, in which they'd request whatever data they wanted in essence.

Multiplayer games are only a continuation of this philosophy. For quite a few games, the 'multiplayer' aspect is created by simply replicating identical game state across all clients, meaning clients end up with a ton of information the player shouldn't be able to see being beamed to their computer.

most game UIs are literally flash, or embedded chrome instances that dynamically load their content from user input or straight from the web, often over unencrypted connections. These browsers also often have direct sandbox bypasses to the game engine.

Making games is hard. Making games secure is something games companies don't want to invest in, and they've largely just eaten the risk with bolt-on anticheat software. Games companies are in a similar but slightly worse position than the financial industries where, due to historically not valuing security talent they can't and don't acquire it, instead opting for whatever off-the-shelf solutions, mitigations and contractors they can use to help stem the bleeding with the exception of less than a handful of household name shops.

It is possible, depending on the game to take good steps to make games harder to cheat at. Dota 2, for example took steps (in their rather favourable context) to thwart cheating by not sending information to the player on objects they should not be able to see (though mistakes are made in this on a regular basis). For any other industry, such a filter would be the standard way to implement the server-client relationship but this is not a priority in game development as it stands.

There's simply no other non-security software one downloads to their computer that comes with a heavy and intrusive rootkit that attempts to try to see if you're messing with it, because no other industry as wealthy or influential as gaming considers security an afterthought.


Not sending info about objects you can’t see is a fairly standard thing to do. Not to big up the lack of security (which is a problem in some cases) but games often have to balance sending over to much information against other concerns. For example in an FPS you could theoretically determine exact visibility but tend to send everything within a certain radius because you want to avoid sending information late both because the client is predicting and a half-round trip of latency before an enemy that appeared round a corner showing up is bad for gameplay. Not to mention that you want the server to run reasonably quickly and visibility determination is expensive. Hence “ESP” hacks. Then you have the mechanical helpers like aimbots that can’t be solved easily even if you perfectly restricted data sent across the network to that which was visible. So we’re kind of stuck with invasive programs trying to spot hacks and broad strokes statistic analysis.


I agree with the gist of what you're saying, which is that it's not possible to fully 'solve' security in video games by good security architectural design – it's just that for 99% of games out there, there is not even an attempt to solve part of it. The discussion goes as you say – the gameplay would suffer if greater security is taken into account and due to this these problems rarely get the talent they might need if the problems were to be solved better.


In my experience that’s broadly unfair. Cheating is a big issue for the integrity of online games and something taken seriously. Although I’m coming at it from the other direction and might have been very lucky with the projects I’ve worked on. There is an obvious trade off between making a game that people want to play and making it secure. And that trade off gets stronger towards gameplay the more latency sensitive the game is.

I guess what I’m actually saying is that good security design has to extend to the client in those cases. Defence in depth.

I also think it’s unfair to suggest this is an issue due to lack of talent. Although I’d be open to knowing what you think is lacking in particular.


> I also think it’s unfair to suggest this is an issue due to lack of talent. Although I’d be open to knowing what you think is lacking in particular.

I mean talent in the sense of hiring. Games companies don't hire security engineers by-and-large to work on their systems.


Right but that suggests either there isn't a lack of talent and they don't need to hire security engineers or there is a lack of talent and hiring security engineers would fill that gap.

Since you suggest there is a lack of talent I'm just curious what you think the gap is.


Cheating is a real problem, but I don’t see why we need to solve it with what’s essentially invasive spyware. If it’s degrading the experience of other people, let them tell you about it, not your kernel hook buried deep in the computers of all your users.


It’s because cheating software runs at a level that only invasive software can detect. Without any detection software, it becomes a far more manual (and likely unscalable) problem of having to deal with individual player reports of suspected cheating.


The good alternative is good matchmaking. My experience, is that cheaters usually aren't actually very good. They tend to use things like wall hacks and aim bots as a crutch. With good match making it doesn't really matter. They're going to be at your general level, so you've still got an even chance at winning the game.

And if the matchmaking is really good, then all the cheaters just end up playing with themselves, and there's even less impact on the general community. I could even see people ending up in separate "augmented" tiers, and then you don't even have to feel bad for being lower ranked. In fact, you could end up with bragging rights if you end up in the augmented tier because you look like an aim bot (I've played with players that were almost indistinguishable from aim bots).


Having played in the counter strike competitive scene I can tell you that extremely good players were caught cheating online AND at lan parties during tournaments.


Yeah, but matchmaking only works if you have enough players per region and/or small matches. With 64 players per match this becomes difficult really fast. Battlefield has the additional difficulty that some pleople want to (only) play planes or tanks, so another dimension on which to match...


MM doesn't solve any problems in case of cheating.

Also there is no such things as "MM being really good" it's a tradoff between many criterias.


It depends on the game, but some communities loathe skill based match making. Apex Legends is currently up in arms about it because upper 20% players are being matched in with top 0.1% players and that means every single game has to be played at peak effort by everyone. There are no "casual" games any more and it's impossible to team up with friends who might have a lower skill level because they'll be matched in with that 0.1% and be decimated.


By far, the best approach I've seen is pooling players by metrics that cause the least controversy within said pools. Ban the hackers in waves for those extra sales, ala steam. In between just match them against each other and get the popcorn. Same for griefers, tryhards, casuals, children, etc.


The real solution? Send only information players are supposed to see. Sacrifice some speed for true cheat proof games.


That wouldn't prevent commonly used cheats such as aimbots.


Maybe the solution there is to stop making games be about the things computers are better at. They're better at aiming, fine, let them be. Put the aimbot in the game from the start.

Then instead you have a FPS with multiple weapons and it takes several seconds to switch between them. One has a high rate of fire but is useless against players with armor, another is the opposite. Cheaters don't know if the opponent is wearing armor (or what kind) because the server doesn't tell them that until they're in the same room, by which point it's too late.

Make certain weapons better against certain defenses, so it's a matter of predicting what your opponent will do and being ready for it. Make the humans do the things that humans are still better at, instead of trying to prevent a computer from beating them at things computers are better at.


You can't tell people to play something else other than what they enjoy just because it'll "make cheating harder".

Many of the very popular games now require good aim. Some people spend countless hundreds/thousands of hours just practicing their aim and muscle memory. It's part of the fun for them. CS:GO is a notable example.

The problem isn't really that it's impossible to ban such cheating. ESEA do it pretty well in CS:GO - their anti-cheat is practically a RAT.

It's that banning cheaters and making a bulletproof anticheat has two issues:

1) To do it properly you need to basically code a RAT, which has some privacy issues. If Valve do it, it could hurt activity, platform support, and be controversial. ESEA have done it since day one, but their player base is much smaller and more competitive. ESEA is also limited to Windows.

2) It's not profitable. That's the honest truth. They ban obvious public cheats and the cheaters will buy another account and come back, probably use another cheat again, get banned again, repeat. Some games don't have awful cheat protection because the company can't make a good one, they have awful cheat protection because it's not profitable to alienate all the cheaters in the game away from the platform (and their many purchases per person; legitimate players only buy once).


It's somewhat worse than that, because anti-cheat and anti-anti-cheat are basically two things in ring-0 fighting each other. So it's a resource war, whoever spends more development time trying to win does. But the economies of scale favor the cheaters.

If only one game has working anti-cheat, it may not be worth the cheater's time to break it because it's only one game, and they can go cheat in a different game. If all the games had it then more people would try to break it and more would succeed. And once they have a working method, it can be employed against any other game that uses the same kind of anti-cheating, even if it's not the same vendor's, as long as the mechanism is similar.

But having all the vendors get together to pool resources and design one good anti-cheating software makes it even worse, because then it might be a little harder to defeat, but the prize for defeating it is being able to cheat in every game without even having to translate the cheating method to each new game.

So you get small victories or nothing. There is no winning at scale because increasing scale only increases the number of adversaries and the gains from finding an effective way to cheat.

It's basically the same problem as keeping the latest Hollywood releases off of pirate sites. They count success as occasionally having a week before a new release is on the pirate sites instead of being there the same day, and even that doesn't happen very often.

It turns out it's more effective to make it so it doesn't matter. In their case by making it so easy and cheap to watch Netflix on your TV that it's not worth most peoples' time to figure out how to use BitTorrent even if it has 100% of their content. In this case by making more games that humans are better at than computers, so you can't use a computer to cheat.


> But the economies of scale favor the cheaters.

I feel like the concept of "ban waves" ought to help a lot here. Wait a couple weeks between banning people, and then randomly don't ban some people during the wave. Should make it pretty hard to test your anti-anti-cheat.


That's assuming the way they test is based on whether they get banned or not, instead of analyzing the anti-cheat code to see how it works so they don't get banned to begin with.


Shouldn't most of the cheat detection be happening server side for exactly this reason? Is that not feasible?


Is that actually a thing that happens routinely?


Whether things happen routinely depends a lot on whether other effective alternatives exist.

It's a thing that enables cheaters to not get caught. They may not need it if they have some other way to not get caught, but you can expect to see it if it is or becomes the easiest thing that works.


So no then.


The economies of scale actually favour the game makers. People build cheats for profit, every person that buys a cheat is also buying the game (and rebuying) the cheat makers are in competition, and further the number of people that cheat is generally a lot smaller than the game playing population. Because they are sold for profit the most popular cheats are easy to find and detect. As long as companies can keep cheating at a tolerable level for their audience they win as do a small number of cheat makers able to make a living in the space.


Scale here isn't the number of copies of the game sold (which is basically independent and for these purposes fixed), it's the number of games that have strong anti-cheating mechanisms. The more there are the more resources go into defeating them, the larger the community around defeating them grows etc.


Is there any evidence this is actually true?


Many more people will play the fun game with cheating than will play the game you make to be “secure”.

In your game design not only is it dull because you have a 50:50 chance of having the right gun equipped to take advantage of a situation even if no one is cheating. But it’s still very amenable to cheating both because the cheat would be able to switch weapon the instant the client was informed of the state of the opponent, beating a human where it actually matters and would still be able to have a mechanically perfect aim.

Most videogames actually have the sort of human reaction prediction you are talking about and that’s why people cheat because they are bad at it. So make it up by exploiting information sent but not displayed or through mechanical assistance. The interesting case there is that mechanically good players that have a good read can beat cheaters.

Stuff like the DeepMind successes playing Chess, Go and Starcraft ultimately show that even with an environment where things are fairly level that computers have the edge in games albeit with an unattainable for cheat makers level of technology.


> In your game design not only is it dull because you have a 50:50 chance of having the right gun equipped to take advantage of a situation even if no one is cheating.

Except that it's not random, because you can try to figure it out. You know what's in the map. If you go to where a particular weapon is and it's not there, now you can expect the opponent to have it, so you start looking for defenses against it etc. Or you know that you're playing against Bob and Bob always goes for the same weapon like a chump because he doesn't know what to do with any of the others. Or you get a weapon and then go around collecting every defense against it on the map so the opponent can't get them.

> But it’s still very amenable to cheating both because the cheat would be able to switch weapon the instant the client was informed of the state of the opponent, beating a human where it actually matters and would still be able to have a mechanically perfect aim.

Which is why it's not about switching faster, it's about making the right choice to begin with. The whole idea is if you have to switch at all you're probably already dead and switching a half second faster isn't going to save you.


I’d suggest you build this design and try it out because you have some really rosey eyed ideas about how this will work.


first person/multi-player rock paper scissors. would be an interesting game.

probably family friendly.

should make it.


It doesn't even have to be that arbitrary. You've got an opponent with a defense against all your current weapons, but you can run faster than them, so you can escape but you still need to find something that can kill them. They need to find something that can make them faster so they can catch you, or take their chances by giving up the defense which is slowing them down.

There can still be strategy in it without leaving any easy way to cheat.


We don’t even need those fancy things, just the angle of view. If someone come up behind without being seen they can still knife the player. Alternatively, the aiming would be slower if you are looking at the peripheral.


> Then you have the mechanical helpers like aimbots

I wonder if anyone had ever designed a completely external aimbot. A camera, a computer vision system and a hardware mouse or gamepad multiplexer/proxy that mixes real controls with the adjusting movements.

That won't be fun to use (except, maybe, for PvE, if manual dexterity is just a irritating mechanical hurdle - there are games like that, too), but surely fun to hack.

Heh. Sometimes I regret that I won't live long enough to see all the drama around cyborgs in sports and gaming...


if your turn speed is limited and the server only send you precise enemy position information within your field of view aimbot can only help so much, having a drop in the enemy will enable better player to overcome aimbotters

war thunder does it and it works well enough. it still has other problems, like p2w vehicles, but the system is solid


You’re right.


Game and console companies would love it if users only had dumb terminals with DRM protected input and output, and they're working towards that dream: https://www.ign.com/articles/2019/03/19/e3-2018-the-rise-of-...


That’s already often done at some level, but doesn’t eliminate the ability to cheat via aim bots (and other similar tools). I have worked on several server authoritative multiplayer games and while they were mostly immune to common types of cheating, there are always things that people can exploit/automate to their advantage.


You have to send more than that for the game to be playable, if your game involves fast movement or turning (which is pretty much any FPS). Otherwise the player would see empty spaces after e.g. turning around, before the server can catch up with the movement.

This problem is as old as competitive multiplayer itself, and various approaches have all been tried.


This would require a hardened OS and is outside the control of the game creator.

Transparent walls, for example, can be done via the graphics driver (or by replacing your graphics driver).


No, they’re talking about writing netcode in such a way that if you report to the server that you’re in position XYZ, then it’ll cull all player-events invisible to players at position XYZ out of the event stream being sent to your client.


I actually wonder why this isn't done.

Pre-rendering the scenes on the server and then sending those is just not really possible today due to latency -- even google can't get it right with Stadia so far.

But, if the game engine/server just crunched the line-of-sight numbers and didn't even send location data for rendering enemies that were out of LOS, then that would work and while it is heavier than doing nothing, it isn't really that heavy.

That wouldn't stop an aimbot, but it would prevent some classes of exploits.


It's not about server-side computation resources or bandwidth, it's about latency. If it takes 50ms to communicate your position to the server and 50ms for them to reply, that's 1/10 of a second for every position update, which is an eternity in high-level play. Netcode is really hard, anti-cheat is really hard, and mashing them together is really, really hard :)


I think it could be possible if you structured your FPS like an MMO: build the game out of "zones" with "rooms" in them, and then clients only get pushed events for the "zone" and the "room" they're in. (Unlike an MMO, the whole map and all relevant models would always stay loaded into memory, so there wouldn't be any latency in transitioning between rooms; there'd just be a moment where you'd be outside and not see anybody, before they popped in from your perspective and you popped in from their perspective. You could cover it up with a lens flare or something.)

Of course, people would then gyrate back and forth across zone/room thresholds as a way of protecting themselves, which seems obnoxious, but also seems like a very easy behavior for the server to detect and punish.


The top-down MMOs I've played have line-of-sight fog-of-war while in caves/buildings (with limited range smaller than the screen in caves), which has the same issue. The clients have access to invisible things so they can accurately predict when they move - including when they become visible - and correct a split second later if the prediction was wrong.


This is already how some first-person shooters work, notably Counterstrike. Maps are segmented into areas and you only get updates for things happening in the local area. This has actually been a source of bugs, where a grenade going off near the area never gets its sound transmitted to people in the area next to it as to those clients that grenade was never thrown.

Funny enough this was actually an issue in the earlier days of a hardcore bigworld MMO I used to play called Mortal Online. Reds (gankers) would hang out near the boundaries and pop in out of nowhere. This was largely more of an engine limitation of UE3 as I understand it, and was eventually mostly worked around. Now many of the UE3 painpoints are softened with UE4 they have started Mortal Online II.


> Pre-rendering the scenes on the server and then sending those is just not really possible today due to latency -- even google can't get it right with Stadia so far.

Ah, but Stadia (and Playstation Now, and Geforce Now) are trying to solve a different problem: moving all the compute to the cloud, so that the game console can be wimpy (or of a different/incompatible architecture, in PSNow's case.)

If you remove that requirement—or rather, impose the requirement that the client hardware must be just as powerful as if it were running a full game—then you can do something clever by splitting the game not into "renderer on the server, frame buffer on the client" but rather into "game and projection matrix on the server; display-list renderer on the client."

In other words, the server (or per-client server-side agent) would be responsible for doing all the evaluation of local physics (e.g. soft-body dynamics, constraint-resolution during rigging, etc.), lighting calculation, and all the other stuff that currently requires the client to "know stuff" about the world; and then it'd output to the client, on each tick, just a display-list—a bunch of loaded-model references, their positions in space and the positions of their rigged limbs, and the reflected-light amount on each of their polys; any temporary particles that exist for that frame, and their positions; etc. This would all be culled down to a virtual viewport.

The job of the client would then just be to receive this display-list, each frame, and draw it. It would also perhaps be responsible for doing client-side visual lerps between server ticks. (Probably each rigged limb would be annotated with linear+angular velocity properties.)

In other words, this would be a recapitulation of the X11 protocol, but where the primitives are 3D objects rather than 2D ones. (It'd kind of look like the protocol between games and OS display drivers, but at the same time higher-level in some ways and lower-level in others.)

This would be highly bandwidth-efficient (and jitter-tolerant!) compared to what Stadia is doing. You'd probably be able to play a decent game through this on 3G, even. But you'd need a computer that could do the final rendering passes.


Interesting idea that might work well for simpler games but what you call display lists on today's games can be very large. Modern video codecs are also very good, so the trade off is not as obvious as you make it seem.

And even then it wouldn't stop cheating. Bots would just look for triangles drawn with enemy uniform textures (very easy if you have the display lists) and aim at them.


> Bots would just look for triangles drawn with enemy uniform textures (very easy if you have the display lists) and aim at them.

I think you missed the "viewport culling" step in the above description. The server would only be sending the client enough information to draw what's going to be on the client's screen (since that's the only information that's naturally left after that step of the rendering pipeline!) So, on any frame where another player is obscured by a wall, data about that player wouldn't be in the display-list sent to the client, any more than it would be in the image Stadia sends.


And the during the first frame where the tiniest sliver of the enemy is visible around the edge of the wall, the bot running on the local computer will move the crosshair exactly over the visible area and shot.

This is ignoring things like player shadows which are rendered separately and need polygons which are not in the visible fulcrum.

Also we are both ignoring audio. Sounds like gunshots come from a specific place in the world.


> And the during the first frame where the tiniest sliver of the enemy is visible around the edge of the wall, the bot running on the local computer will move the crosshair exactly over the visible area and shot.

Well, yes, but I'd categorize that as "acts indistinguishable from theoretically-optimal human performance", rather than cheating per se. Or would you ban The Flash for cheating?

> This is ignoring things like player shadows which are rendered separately and need polygons which are not in the visible fulcrum.

No, not really; a shadow mesh is generated on the server, as part of the lighting step. The client then receives the shadow mesh, potentially disconnected from whatever's casting the shadow if the thing casting the shadow was culled. Just like what happens inside your GPU.

> Sounds like gunshots come from a specific place in the world.

In a paradigm like this, audio-cue triggers would essentially be "scripted particles" in the scene. If you can't see them, they're not rendered, so you can't hear them, either.

I'm not trying to describe something here that's a lossless approximation of how the game would work if run locally. I'm describing something with real effects on gameplay balance, but potentially good ones.

Mind you, I'm less picturing FPS games as the best use of this, and more picturing RTS games. Take the "fog of war" of a game like Starcraft, and implement it server-side, such that it's not the client not-rendering unexplored stuff, but the server.


Counterstrike aimbots have done what I describe for decades. They can aim and shoot in one frame, then aim and shoot at someone else as soon as the gun animation allows, exactly like playing against The Flash. The Flash might not be cheating per se, but he would be unsatisfying to play against as he decimates your entire team in a second.

Shadow meshes are often generated by rendering the scenes from the viewpoint of the light sources. This would have to be done on the server, so the server is already doing some rendering.

Sounds certainly need to be rendered, even for non-visible players. Otherwise you couldn't hear someone shooting behind you.

You ideas would work much better with a RTS. But so do solutions like Stadia.


Dota2 (more accurately the source2 engine) already does this. The cheats are then limited to acting on things at bot speeds instead of at human reaction speeds.


That's cool! Is there a deep dive somewhere into the architecture of Source2 (or any game built with it) that you'd recommend?


I think what the parent means is that if a player is behind a wall, don't send that player's position at all. Of course you could still have a hack which, say, visualizes sound origins.


Unless the server truly sent only what the user is meant to see - i.e. video; no hacks can reveal more than what's in a grid of pixels.


You can't replace the graphics driver in Windows unless you boot in test mode, and some games like Fortnite will refuse to run if the system is booted in test mode.


Transparent walls wouldn't help if the client wasn't even informed at all of players that were behind it.


I have a suspicion that the people who impulsively reach for cheats overlap a lot with those who impulsively reach for in-game purchases.


I don’t know how well it’d work for FPS games, but for MMORPGs I think a lot more could be done with serverside pattern recognition. Bots and cheaters in that genre behave very differently than real players do, often to the extent that real players can identify bots out in the open world within a couple of seconds of seeing them.

It’s a bit more difficult for other forms of cheating (like duping, wallhacking, etc) but still plenty doable — just create sets of rules to asynchronously sanity check every Nth player action against. No it won’t be free, but you’d likely make back the costs with happy players staying subscribed.


It is not a question of lacking good alternative, it is a question of lacking good solutions. Games like FPS that emphasize fast clicking can always be defeated by anything that can emulate clicks and keypresses and see the display.

If you take the problem to the limits: a camera looking at the physical screen and a robot actually moving the mouse and keyboard is going to be able to have users cheating.

You simply need a reputation system. Allow people to vote on someone being a cheater or simply refuse subsequent match with them.


There is simply NO excuse to use anti-cheat rootkits. Machine learning is starting to be mainstream and soon there will be bots interacting with HID like humans, with all anti-cheat running. You simply can't trust anonymous clients, never. Anti-cheat won't change that. You have to implement the game so that the actual players know each other and invite each other to the game, eventually kicking/blocking some themselves. Or simply play competition games on the local LAN. Or simply admit there will be cheaters on the public anonymous games. Blocking Linux is a terrible, terrible practice and they should be boycotted.


I hate anti-cheat software, because I had a lot more trouble with it than I had with cheaters.

After all, anti-cheat software is meant to solve just one problem (people modifying the technology), but there are other ways too to destroy the gaming experience of the other players (teamkilling, wasting resources, deconstructing buildings, etc.).

All those problems are not being solved by anti-cheat software. But the tools to solve them (IP-range banning, server-lockdown to known/trusted players, etc.), are also quite good at solving the cheater problem. In my experience, having a good admin community is a lot better than playing the cat and mouse game of developing an anti-cheat software.


>Sacrificing a small percent of your playerbase in the name of having a functioning online system at all seems like a reasonable solution to me.

That's like saying it's acceptable for innocent people to rot in prison as an acceptable price to pay for catching criminals.

Obviously this isn't as serious, but the comparison stands. Then again, I would argue that in an MMO context, banning a long-time player who's innocent could easily lead to their suicide.

>It’s often difficult to distinguish anti-cheat software from rootkits or spyware.

>It's unfortunate that it is necessary, ...

I don't think it is necessary. Virtually anything can be defeated, including invasive rootkits.

The best defense is simply updating the game on a regular basis, and in doing so changing up the game's internal data structures such that reversing it on any sort of ongoing basis becomes completely untenable.

To do this however, you would have to integrate anti-cheat into the very fabric of the software, and unfortunately nobody does this. Instead, anti-cheat is usually approached as a third-party add-on service after the fact.

Statistical analysis is another promising angle that's passive and has a very low false positive rate if used correctly.

In other words, a small amount of players end up fucked over because larger publishers are cheap and lazy.


DICE claims that they’ve only ever had a handful of false claims in 2018: https://www.ea.com/games/battlefield/battlefield-5/news/anti...

With regards to the use of Linux, I suspect there’s more to this that DICE is unwilling to disclaim. Possibly that there’s a lack of ability to differentiate cheaters in Linux vs non-cheaters on a software level? DICE never officially supported Linux and stated what the requirements of the game were (Windows). However, I couldn’t find anything in their EULA or elsewhere about a platform requirement to use the software (maybe I overlooked it?). Regardless, the notice players are getting for their reason is due to cheat software so I think that may be irrelevant.


>Sacrificing a small percent of your playerbase in the name of having a functioning online system at all seems like a reasonable solution to me.

Can those people then get full refunds for any game they purchased? Because they're paying money for the game, which they are banned from playing.


AI will save us. If a human can detect cheating by looking at the screen, it’s doable.


Humans are notoriously bad at this. See countless examples of people claiming “hax” when they’re against a player that’s much better than them.


Those people are not looking at the other players’ screens. CS Overwatch works by saving replays and is pretty accurate


I haven't played CS OW but based off the description I just read on the replays, it seems like they are probably storing the interactions as text data and then using it to show the visuals later. That can be fudged.


Back when I played a lot more, I would usually call it a bad day if I didn't get accused of cheating a few times.

I guess it's the Dunning-Kruger effect, where players think they're a lot better than they really are, so they can't imagine how someone can be _that_ much better than them.


This brings me back. When I used to play competitive BF2 in one of the tops clans in TWL, we'd start our thrice weekly practises by squading up in a pub server and play until we got votekicked and then switch to our private server.

IDK if it's still the same these days, but in BF2, 8 people in a squad all working together and doing their role within the squad could easily roll over 32 randoms on the other team.


That's a double edged sword though. Humans being bad at telling the difference between cheating and skill is not good for training your AI to spot cheaters but at the same time it lowers the bar for how good your AI needs to be. The metric for whether or not your anti-cheat works is "whether or not humans can tell others are cheating". It doesn't matter so much if it can't identify the subtler ones if the players can't either.


Valve is working on using deep learning to catch cheaters.

https://www.youtube.com/watch?v=ObhK8lUfIlc


Don’t join a server without an admin. Problem solved. I wouldn’t join some random server hosted by the game publisher where there are no admins and no votebans.


The only alternative seems to be things like Stadia. ;)

Users will forever have the ability (and the right) to inspect the memory on their own machine.


You can still implement images-based aimbots. I tried for fun, in less than 30h I had a working aimbot that use deep learning to get faces positions.


Also virtually all cheaters will try to claim that they did nothing and the system just failed.


cloud gaming only or enforcing signed code at the hardware level may reduce online cheating significantly.


cloud gaming has already been beaten by the cheaters

bots for wow now run on a different machine to that of the game client, process the game's visual output and send inputs to the game client in the same way a human would

the only way you can detect this is heuristically


> enforcing signed code at the hardware level

Consoles. I dropped PC in favor of Xbox/ps and won’t go back. Just NEVER having to deal with cheaters or people that buy more expensive hardware and/or drastically lower their settings for an advantage is well worth the lower visual fidelity.

I’ll take consoles because I can sit down and ENJOY the game.


Just what we need - removing any control from the users all together & peddling trusted computing. Marvelous.


Removing user control overlaps too much with other desired outcomes than just anti cheat.

It's too profitable to not be an inevitability.


Forcing malware on users is far worse than doing nothing.


I recall facing map-hackers in BW, SC2, and WC3...it was very frustrating, but at the same time, they were generally correspondingly worse at every game mechanic. If you played a solid, standard, scouting-based, conservative style, you could beat these players despite their handicaps.

On the other hand, maphackers totally counter risk-taking players who play secretive strategies like DT rush, DT drop, high-tech rushes, players who love big drops, hidden bases...players like that would get slaughtered by map hackers.

So, if you l2p, you'd be able to beat them with superior skills. Can't say the same for shooters, though, those games are ruined by hackers.


It's all based on finger printing like shitty old virus scanners (that are themselves an attack surface). I know people who get by them by writing their own programs instead of using ones found online; naming them "Google Chrome" and running them as the system user so they can read/debug game processes.


I wish


they never reversed all of the bans for the very first WoW Wine ban wave

This is really depressing. I can't imagine working on an anti-cheat moderation team would be a pleasant job.


Is there a book (or long blog post) on the underground history of anti-cheat software & DRM? I would love to read that..


Occasionally, some anti-cheat software gets dissected and the analysis posted publicly. Here is an analysis of BattlEye with some information on its development history: https://vmcall.blog/battleye-anticheat-analysis-and-mitigati...

Typically, anti-cheat is separated into a frontend and a backend. The frontend becomes active at an enumerated set of events/criteria and collects data (screenshots, keystrokes, directory listings, process lists, results of memory scans, if instructed by the backend also memory contents or file contents) to the backend for further analysis.

These criteria are often ad-hoc (such as "if processes are running out of a user directory, capture them") and usually accumulate over time.


I would be interested in this, too. I read an interesting write-up by the guy who wrote the first .dll to hook functions in some FPS, I forget if it was quake or counterstrike. Sadly I can't seem to find it, now

Detailed discussion of how cheats and anti-cheats work is somewhat lacking as all the experts on either side of the issue would prefer to keep their secrets. These days an anti-cheat team that's serious about their job will lurk cheat forums and even try to poach talent there.


> However with EA I don’t really have utmost confidence they will pay any attention to this, so I’d guess it’s time to get loud if you want any hope of this being fixed.

Or, stop buying games that are essentially rootkits...


I recently saw an interesting idea, put the game inside a lightweight container and give it a virtual GPU. The latency took a small but noticeable hit but you had verified code that you could verify that the game code hasn't been modified. Granted it wouldn't be perfect security since your threat model is someone with root access, but it makes the effort required to hack the game large though that it hopefully discourages some would be hackers


Not all cheats inject code. Many cheats use a set of offsets to find game objects in memory and draw an overlay or minimap. This data can also be tied to autoaim hacks that uses mouse input directly for aiming.


> give it a virtual GPU

That will be hard part As far I as recall, this is not something you can easily do with common consumer hardware. Real GPU virtualization is not possible on classic GPUs, and workaround methods are a bit hacky.

(As far as I recall OC)


Some hacks do run games inside a 'container' or VM because the host machine just modifies the guests memory from the outside.

(Take this with a grain of salt, I have heard some very expensive hacks work like this through word of mouth)


A container doesn't bring much but additional complexity.


Some context. This is running through Wine (and DXVK, a DX9-11 → Vulkan layer) on Linux.

Seems EA is doing —like a lot of very lazy anti-cheats— balls-simple stack inspection. They determine whether people are cheating by looking for known signed drivers, known hardware, known bad processes and input drivers. It's cheap and scales well but it's brainless. They have to know about a hack to detect it in the future. Version checks are constantly slackened off because legitimate updates come out all the time.

Battlefield is seeing Wine and the drivers Wine reports (which are a mix of real and fake) and baulking out. It's to be expected from such plastic anti-cheat software. Many games do this.

There are better options.

CSGO's overwatch allows the community to self-moderate by replaying a player's gameplay. They literally record the player's input and rebuild what the player could see in the reviewer's client. Reviewer determines whether or not their gameplay was possible. It sounds hardcore but it's simple, and adds no latency because it's done after-the-fact. Makes it super-simple to detect most wall-hacks and aim helpers.

So why isn't it everywhere? Logging data costs money. And EA, for all their moneybags are cheapskates.

And you could automate this. You could do a server-side render to determine whether or not a user is tracking players that are not physically visible to the player, or tracking impossibly tight hitboxes, or is triggering massive killcounts far too regularly (ie exploiting a bug). But that's more money.

But I'd expect a better response shouting into the wind than asking EA to be better. They're a trash company.


You are also comparing two different games in terms of popularity.

CS:GO is usually in the top 3 of most popular games on steam. Last time I checked, it was number 1. I would be surprised if Battlefield V has a quarter of the amount of players (across all platforms) versus CS:GO (which is just on PC).

I am not trying to make excuses for EA (Which has been nothing but a trash fire of a company for the last few years), but how could they justify putting those kind of resources behind a game like BFV?


CSGO is absolutely a bigger game, and there's money in it but I don't think BF's smaller scale would hinder efficacy at all. It takes a tiny fraction of players to review suspicious actions and collectively remove players from the community. This scales pretty linearly with your player count. From dozens, to millions.

Doing nothing, or doing the wrong thing has atrocious effects on the community. Just read some of the other threads in this post. Seasoned players who wait weeks for flagrant cheaters to be removed. It kills a game quickly.

Maybe that's actually what EA wants.


Saving the replay costs data though. It’s not only the reviewing.


Yes, I cover cost in the head comment.

It does slightly come down to what sort of multiplayer experience you want. Budget in the temporary archiving of ranking multiplayer games. Sell it as a feature. It'll keep the whole thing ticking over a lot longer.

The review cost is nothing. Really. Communities love to self-police so giving them the tools to do it completely, or to a point where they can identify flagrant cheaters for paid mods to verify... It's the Stack Overflow model. It works.


Not much data. You don't need to save actual videos, the server already has all the data so there's no network cost, and you don't need to store the data for very long. Developer cost to implement the feature would far outstrip the cloud costs.


We are talking a couple of hundred kB here. They store more in analytics.


For CSGO it's about 80MB/hour at 32Hz (apparently the current OW rate). Many servers run at 128Hz.

Logging a rolling week's activity at that higher rate requires 53GB but you could dramatically reduce the burden by only keeping things with in-game reports and then deleting recordings after the last issue was dealt with.

My point is it's not nothing, but it's nothing by modern standards if you've got more than two brain cells to rub together.


At that rate there's also going to be plenty of redundant information, so I think this data would compress quite well.


Then something is wrong with the logging.

If you only record player input: mouse movement, clicks and keystrokes, it should be much lower.


It's probably recording what amounts to a demo record, which basically contains everything you would need to reconstruct the player's point of view as if you were spectating them. This means the record must contain everything the server sends to that player (other players' locations, sounds, map state changes, chat, etc.).

Technically you could record only the players' inputs but to play back such a recording, you would then have to deterministically reconstruct the entire match from all players' inputs. That's a bit more complicated than just replaying the local part of the simulation that your client already does with what data the server sends to players during normal course of gameplay.

oliwarner's numbers amount to about 45 bytes per frame per player, which is not unreasonable.


Should it? What sort of density do you expect? 32 ticks a second, say 16 players. At least 512 state/event points to log per second, plus running game state/events.

As I said, it's not nothing, but it's not bad.


Except that the data logged isn't just "mouse moved x,y to x,y" but more like 'hid frame was X'. And empty hid frames are still hid frames.


you can inspect it yourself, I assume the format is the demo record which has been available in source games since decades


> but how could they justify putting those kind of resources behind a game like BFV?

Presumably to fulfill their end of their transactions? It’s not like the game is free; presumably you’re paying for something.


To add; Servers on FPS games used to be run by the players, who could handle cheaters any way they wanted. EA and others have removed this option and should take responsibility for running the only allowed servers.


Pretty much all EA games use Frostbite, so it's not like they would have to redo the work from scratch for each game.


Actually, CS:GO is also on Xbox 360!


Fortnite fails to launch due to anti cheat on the windows insider build. Though at least it fails to launch instead of resulting in an account ban.

It also doesn’t launch on Linux for the same reason. Is at least a touch more user friendly than getting bans I guess.


Since tools like DXVK (and ReShade on Windows) can allow people to see through walls, I would expect Valve to ban them, too. Even if they are not used in any blatantly obvious way, e.g. by shooting someone you shouldn't be able to see, they still give the cheating player a large advantage by letting them know where on the map the enemies are.


Except that Valve develops and promotes Proton for running Windows games on Linux, which also uses DXVK and other tools.


Maybe Valve will then whitelist the DXVK binaries that they themselves provide. But compiling DXVK from source will surely result in a ban because there's just no way to check what has or hasn't been added to the drivers.


I'd expect the same, especially given Valve's multiplayer games run natively on Linux ;)

To be honest, other than having better communication on the issue, I'm not sure how I'd handle this one differently than EA...


CS:GO also uses deep learning to automatically put cases into Overwatch, instead of relying on just user reports.

Some information in this talk: https://www.youtube.com/watch?v=ObhK8lUfIlc


> CSGO's overwatch allows the community to self-moderate by replaying a player's gameplay. They literally record the player's input and rebuild what the player could see in the reviewer's client.

That's literally wrong, the gameplay you see in OW is not based on recorded inputs of the player's client. You are watching a demo recorded by the server, which does not match the PoV of the player precisely. The demos are also 32 tick, which makes it hard to tell if the aiming of the player is legit [1], unless they are very blatant about it. Due to interpolation and lag compensation the PoV that the player saw is not what you see in the server's demo. If you record the player's PoV using screen capture and compare it to the demo recorded by the server, there are subtle and sometimes relevant differences.

tl;dr OW is only there to catch obvious cheaters.

[1] Because the server runs at 64 tick, but the demo is only 32, the crosshair snaps every time a shot is taken. The aim of everyone looks way snappier and suspicious in a 32 tick demo compared to their PoV.


That's a rather aggressive rebuttal. Its conclusion is also incorrect.

It was a slight simplification. You send your input to the server. Yes, filtered. Yes, not 1000Hz. But essentially what the client was doing. You could increase the resolution here but again, who's paying for it? I do agree that the rebuilt context is what the server saw, not what the user saw after network and screen latency, but we're talking about behavioural analysis.

And that's where I think you're flat out wrong. One kill could be a suspiciously-tracked headshot. But systems like this can compile hundreds of kills over dozens of matches from a single user. Its volume builds an accurate picture about whether a user is a cheater or not.

And it's a country mile better than games that have no repercussions for cheaters where the cheats haven't been detected by Gaming's answer to Norton AntiVirus 2003. Because zero-days still get by those.

(Edit: I'll also use my edit window to add that many servers run a lot faster than 64 - just as you can record at any speed you like - by Overwatch may be locked lower for disk space reasons)


Aggressive?

> And that's where I think you're flat out wrong. One kill could be a suspiciously-tracked headshot. But systems like this can compile hundreds of kills over dozens of matches from a single user. Its volume builds an accurate picture about whether a user is a cheater or not.

I don't know what OW does behind the scenes. But you and I as "OW investigators" only get to see ~eight rounds of gameplay with no rewind button and make a "beyond reasonable doubt? Yes/No" decision.

I stand by what I said - OW is to catch obvious cheaters, not people who cheat subtly.

> (Edit: I'll also use my edit window to add that many servers run a lot faster than 64 - just as you can record at any speed you like - by Overwatch may be locked lower for disk space reasons)

Overwatch only applies to Valve MM (which is 64 tick); community servers and non-MM game modes are not subject to OW.


Change "player's input" to "player's input to the server" and it checks out :)


> CSGO's overwatch allows the community to self-moderate by replaying a player's gameplay. They literally record the player's input and rebuild what the player could see in the reviewer's client.

Not particularly correct. It only works for official matchmaking, because you will have your match game demo stored on Valve's server, for future reference to you maybe. Valve simply took advantage to replay these demo by allowing volunteering moderators to access the private demo and hiding the names of the others (but actually these name & steamid are accessable through cheat client); it does not record precise movement, as part of the engine limits, demos are sampled in 16 ticks, or 16fps that sometimes even creates wrong artifacts that misjudged people. You can see that in some pro CSGO matches there are some fishy kills but in fact thats due to 128 ticks -> 16 ticks illusions


I'm part of a Battlefield V community and the state of anticheat on this game is absolutely horrific. We see players blatantly cheating for weeks, sometimes even months without getting banned. This has made one of the game modes (Firestorm) almost unplayable and drove most players away from this mode.

The shocking part is that we've compiled a list[1][2] of 380+ cheaters with video proofs and we've transmitted this list to some DICE community managers and employees. For a few months they checked this list from time to time and banned the offending people but they stopped looking at it entirely since around summer. We've tried to get in touch with other people but without any success.

The whole community is outraged by the apparent lack of care given to the cheating issues, and the fact that they seem to ignore all the reports made by the players through the platform Origin.

[1] https://docs.google.com/spreadsheets/d/172J_dqCTZpDpOBbhgvtT...

[2] https://docs.google.com/forms/d/e/1FAIpQLScmXAY-Q-QrfflsHrFX...


We handle cheating in our Battlefield 1942 server by requiring players to submit their public IP to admins to be explicitly whitelisted. There have been numerous cheaters and trolls we have easily banned over the years. http://ea117.com/access gets 20 players/night at 7PM.. It plays the “desert combat” mod — the makers of that mod were acquihired by DICE. It’s also really easy to reinstall... http://www.mediafire.com/file/v2dj55nwoxz84o8/BF1942DCF_setu....


Are player IP addresses stable enough to be used in this way? I've always considered my own IP to be dynamic, despite rarely changing.


>When your router receives a non-static DHCP assigned IP address from your ISP there is a pre-defined time limit built into the assignment, this time limit is called a DHCP Lease. The typical lease time for ISP’s in the United States is roughly 7 days. However in most instances your router will renegotiate this lease prior to its expiration. During the lease renegotiation, it is very common for the same IP to be reassigned to your router. In fact our research has discovered many homes that have theoretically dynamic IP’s, but have held the same IP for multiple years. Because of this recursive reassignment the typical location targeted by El Toro has held the same IP address for 7 months.

https://www.eltoro.com/how-long-does-an-ip-address-stay-atta...

It seems a typical location has the same ip address for around 7 months and can indeed have the same address for far longer if your service isn't interrupted, you don't change or reboot networking hardware, and you don't try to connect to the game from your laptop at your friends house.


No, they're not stable.

My current ISP in the UK and my previous one in France are changing IPs every few weeks or so in practice, or when the box is rebooted, or when the connection is lost for a while between the box and the ISP.

The game server would prevent many (most?) players by whitelisting IPs, but I bet they couldn't care less about blocking players or they wouldn't require whitelisting in the first place.


I assume you can't log in using a user/pass in that server, that's why they use IP addresses. But you could have a web interface where you can log in, and that would communicate with the game server to add your current IP to the whitelist.


I've had the same v4 address with ATT for over a year. It's technically possible for a dhcp server to deny a renew and have the client initiate a discover to be given a different IP but in practice that would break everyone's active connections each time so ISPs just let DHCP renew until you stop asking.

For something with the user population of a community game server you could also allow the full subnet and probably never run into a user collision.


Would be cool to just accept a DNS instead. Servers could poll it at a fixed interval to update whitelists and clients can run a DNS updater, i.e no-ip.


People are still playing the original BF ? Is Eod still being played ? Might be worth digging up the disc for an evening :-).


Yup. I'm in a gaming group, several members are modders and we have weekly "operations" every Saturday, complete with briefings, de-briefings, intelligence gathering...we get kinda ridiculous with it but yup


People are still playing half life 2 deathmatch.


People are still playing half life 1 deathmatch.


Aren't people still playing quake?


Quake Live, which is pretty close to Quake 3, still has a somewhat active player base https://steamcharts.com/app/282440


I'm still playing Quake 3 CPMA, so I guess people are still playing Quake, and Doom, and maybe even the original Wolfenstein 3D.


Wolf3D didn't have multiplayer.

But yes, people do still play the original Doom. There are a bunch of ports dedicated to it:

https://zandronum.com/

https://odamex.net/

https://www.zdaemon.org/


There is still a (small) competitive community around DOOM's deathmatch


I hope I can dig out my discs! By the way, the installation guide is super helpful. I haven't considered playing bf1942 for a long time and the detailed instructions on how to get everything running again is fantastic.

I haven't been this excited to play an old game in quite a while.


...you're still playing Desert Combat? Holy shit. I might have to join


Desert Combat was fantastic. I don't think it would be an overstatement to say that mod set the course of the subsequent Battlefield series. If I recall correctly, EA even hired its developers to work on BF2.


They dont care now the game is out, they are working on the next one. And will expect you to buy that one before its even finished.


This should be no surprise if you played the previous games in the series. I can only assume that it’s a high level business decision at EA to not do anything about cheaters.

The only way to play the game is on a server with admins in the game 100% of the time, or at least votebans.


They’ll still buy the next game though so their outrage doesn’t matter.


>sometimes even months without getting banned

Thats intentional.

Companies let detected hacks slide silently and then do waves of mass bans to prevent hackers working out what exactly triggered the ban.

That cat and mouse game has moved well beyond a simple "omg why can't ea ban this obv hack"


No, the sad truth is that the current anticheat is FairFight. FairFight mainly operates by monitoring the behavior of a player and it takes a screenshot if they are suspicious. Cheating tools[1] are aware of this and disable any visual effects (ESP hack e.g. see through walls, etc.) when it takes a screenshot and reenables them right after[2].

[1] https://overlayhack.com/battlefield-5-v-hacks

[2] https://overlayhack.com/battlefield-5-v-hacks#509


DICE doesn't just use FairFight obviously. They have their own in-house solution, also used by some other EA games.

And TBH you're complaining about 380 people which is a drop in a bucket compare to the number of players on that game, yes cheating sucks but I can assure you there are people actively working on that problem at DICE.


Incorrect, FairFight is their in-house solution and this is the only tool that they use client-side for Battlefield V[1]. They've dropped the third-party PunkBuster anticheat tool since Battlefield 1.

Other EA games use other anticheat tools for example Apex Legends uses Easy Anti-Cheat[2], which is much more efficient to track and ban cheaters.

> And TBH you're complaining about 380 people which is a drop in a bucket compare to the number of players on that game

The Firestorm mode has so few players now (I estimate 3-10 games running in parallel in the world depending on the time) that it has a huge negative impact on the game. You only need 1 cheater in a game to ruin it for everyone else.

[1] https://www.ea.com/games/battlefield/battlefield-5/news/anti...

[2] https://www.easy.ac/en-us/


You're asking EA to devote hundreds of thousands of dollars of resources to maintaining a game mode that apparently only a few thousand people engage with now. I know it sucks for the people dealing with cheaters, but from a resource-allocation perspective it makes a lot more sense to focus on new games and (I assume) Battlefront 2.


Ah, the American politician strategy.

> Sure we defunded it, but look how crappy it is! Nobody uses it! Guess we don't need it.


How is this an american strategy?


I’m sure it’s not uniquely American. It’s just a standard strategy for the GOP. Defund, then complain regulation doesn’t work and deregulate or allow regulatory capture.


Maybe, but the other side of the coin is "it's not working, so let's just blame lack of funding", irrespective of if there is actually enough funding to do something worthwhile or not. The goals are always nebulous and allows both sides to complain.


Can’t argue with that. Unfortunately there is no agile/“fail fast” in government.


This isn't government we're talking about here, this is a company that has every incentive to do their best to make money from the games they release.

I agree about the GOP though.


You don't know what you're talking about, FairFight is a third party solution that EA pays for but it's not the only anticheat technology used by DICE.


You're right my mistake. FairFight is a product of GameBlocks, which seems to be unaffiliated with DICE: https://opencorporates.com/companies/us_ca/201221610239


No. What you're talking about is deliberately ignoring evidence generated by an anti-cheat so it has time to catch more players

There are no circumstances where it makes sense to ignore player-submitted video proof of cheating. This should always be acted on quickly to reassure legitimate players and scare cheaters off.

Cheaters know there are different ways to get banned. When one gets caught rage-hacking (abusing cheats in a flagrant manner, without any effort to conceal their cheating) and they return to warn the hive, all it does is discourage other cheaters from rage-hacking. Very few cheaters will do something that they know will get them banned quickly


A curious idea, act on user submitted data or not. A recent reddit post[0] in their classic wow has a video linked where a group decided to take down known and obvious bot driven players that have been reported many times.

So they used in game mechanics that abused how the bots are known to operate; where certain dialog boxes pop and how they move and react to threats; to force the bot to join a group, accept being teleported, and then they sacrificed another of the groups score to drag down the bots score.

the current comment thread includes the cynic but likely true claim that blizzard would ban these players for harassment before banning the bot for cheating/breaking eula

[0] https://www.reddit.com/r/classicwow/comments/ej3l10/because_...


> There are no circumstances where it makes sense to ignore player-submitted video proof of cheating. This should always be acted on quickly to reassure legitimate players and scare cheaters off.

And if the net result of that strategy is that it catches many fewer cheaters? That wouldn't make much sense, and the community, far from being reassured, would be more frustrated because they would encounter many more instances of cheating that occurred because players were able to deduce the loop holes.

You have to balance "catch the most cheaters" vs. "catch cheating immediately". Especially when it may take many instances of suspicious behavior to make a confident decision to ban.


The net result would be that there is less blatant cheating, since that form is quickly found, which seems like a good outcome? Cheating that is only suspected is not at all as bad for the game experience, which is what matters.


But I'm guessing they catch more cheaters with a batch approach. I could be wrong,but if I'm right isn't the the better way?


>No

Yes.

Google it. All the major companies do hax bans in wave patterns. Valve, blizzard etc

>There are no circumstances where it makes sense to ignore player-submitted video proof of cheating.

Agreed. Not sure why you're bring it up though. I wasnt talking about user submitted anything???


>>Not sure why you're bring it up though. I wasnt talking about user submitted anything???

Then, respectfully... what did you think you were responding to? That's pretty much entirely what the OP & thread are about :-)


>what did you think you were responding to?

The part I was quoting. OP wrote multiple paragraphs.

I mean we can argue about whether "the state of anticheat on this game is absolutely horrific" refers to automated or reports but given article I was pretty certain the section I quote was automated. Anticheat is generally not understood to mean manual reports as best as I can tell. Its the well anticheat software

Besides the Linux bans are probably not user reports Driven..


> Anticheat is generally not understood to mean manual reports as best as I can tell. Its the well anticheat software

That's the thing though. Good games (CS comes to mind) do have some sort of ability to have human intervention.

Building a hack that can't be detected isn't easy, but it's also not _that_ hard with determination.


>I wasnt talking about user submitted anything

The OP you responded to was talking about that. That's the context of the conversation. Of the cheaters not getting banned; of those bans not happening in waves.

>The shocking part is that we've compiled a list[1][2] of 380+ cheaters with video proofs and we've transmitted this list to some DICE community managers and employees


This whole thread is like a bad case of broken telephones and one guy seems to be getting the bad end of the down vote stick.

1. Person A talks about submitting videos of hackers and being ignored.

2. Person B says that "detected hacks" are acted on in waves as part of arms race with hackers, says nothing of "user-submitted", instead generalizes about "detected hacks".

3. Person C gets uppity about companies ignoring hacks, irrespective of the potentially-valid reason as mentioned by person B.

4. Person B insists that the bans happens in waves. Says he wasn't talking about "user-submitted" stuff as he was talking in generalities.

5. Person D jumps in says "thread is absolutely about user-submitted stuff".

I paraphrased and generalized too for a bit of dramatic effect, but the thread is definitely broken and if someone stares at it for a bit, they would probably see how it went bad and that probably no one is technically wrong.

6. Person E jumps in with meta-commentary about the discussion that led to this point.

Edit: Formatting.


> Companies let detected hacks slide silently and then do waves of mass bans to prevent hackers working out what exactly triggered the ban.

The problem with this strategy is that it virtually guarantees that cheaters will get to have multiple months of fun before they get banned.

Discouraging someone from doing a destructive behavior requires preventing it when it happens. You need consistent, immediate enforcement. If you get banned the same day you start cheating, then that's a discouragement. If you're guaranteed a few months of fun on an alt account, then that's an encouragement.


The way to look at it are that cheaters are a constant factor of the player base that needs to be kept at an acceptably low level. Ban waves provide a trade off between hiding information and having a growing population of cheaters that will be occasionally culled. Most cheaters are buying their cheats, will look for ‘undetectable’ cheats to buy and will often find the most popular cheats. As such ban waves tend to catch up a lot of the cheating playerbase.

There’s also not much functional difference between banning as soon as a cheat is detected in the population and banning a few weeks later. Some players will have just started using it and others will have been using it for months unless it was found as soon as it was released.

The discouragement comes from losing progress, losing money (potentially having to rebuy an account and find and buy a new cheat) and distrust in the cheat author.

The downside to banning already detected cheats immediately is that cheat authors have a nice simple, repeatable test to see if their cheat is still detectable which makes development much more straightforward for them.


Idk if I agree with this. When I think of ban waves I instantly think of CSGO, and the ban waves mean nothing. IDK what data they have collected and what specific things they mitigate before triggering a ban wave, but it's completely ineffective. People are spin botting in MM lobbies the very same day as a ban wave. Especially with Valve where they rarely if ever auto-ban and rely heavily on user-reported cheats and Overwatch where actual community members vote (which is already very imperfect because you don't retain audio to know what calls are made and the tick rate of GOTV makes things look sketch that maybe aren't).

I could see waiting to ban a wave of people if you also release an update that addresses the exploit being used. But I don't know that I have ever seen that be the case. The hacks that existed before the ban wave are often equally effective if not the same exact cheats as the ones being used after the ban wave. The author updates a bit of detection bypass code, and they are done.

So if it's intentional, it's not a very effective methodology in my experience.


> Thats intentional.

It isn’t. An anticheat that bans months late is as good as no anticheat at all.


It "could" be intentional.

You don't know.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: