Attestation-gated anti-cheat is invasive, and the direction it points is grim.
But "covers for incompetently designed netcode" doesn't hold at all.
Netcode and cheat-resistance are mostly orthogonal. Netcode is latency-hiding — prediction, reconciliation, interpolation. Cheating is the client being an endpoint you don't control. You can have flawless netcode and still get wallhacked, because a wallhack touches the renderer, not the wire. You have to ship that data for the client to draw the level.
Server-side validation kills the cheats that surface as state: speedhacks, teleports, impossible positions; but it's blind to the ones that don't touch state at all. A wallhack reads memory the client holds. A vision aimbot runs on a second machine reading the screen- nothing crosses the network for the server to reject.[0]
That's why the kernel and attestation stuff exists. Not lazy devs papering over a bug: a class of cheat that server authority structurally can't reach, because the cheat never lies to the server.
I understand the dystopia argument, and it's a decent one. "Just write better netcode" isn't.
I'd humbly request that you spend time trying to actually grapple with the problem, there are some exceptionally well paid and talented programmers who are working on this non-stop in the large publishing houses (EA, Ubisoft, Tencent, Activision) who would do anything to avoid paying royalties to shitty software that breaks the performance and reliability of their games: yet for some reason year over year they can't seem to manage it.
Worth understanding why that is, instead of assuming incompetence or malice; perhaps its a harder problem than you think.
> Cheating is the client being an endpoint you don't control.
No, cheating is enabled by the client being trusted despite of inherently not being trustable. The solution is to design the architecture of the game server in a way that makes it not rely on untrusted inputs and doesn't distribute knowledge the player isn't supposed to possess, rather than try to force the clients to be trustable by eliminating general purpose computing from the society. It's not always possible, but IME these cases where it's not are exceptions rather than rule.
Instead, more and more games just reuse some general purpose netcode for $engine to synchronize state between clients and eventually attempt to paper over the issues with that approach using anticheats. I've recently played a multiplayer game where I (accidentally, while messing around for benign reasons) noticed that I could control the global state of the entire map just by sending commands to the server that referred to various objects and they were accepted and broadcast regardless of whether my character had actually possessed them. That's the kind of code that, once the game gets popular enough to attract enough cheaters to cause actual pain, gets an anticheat slapped onto it the most eagerly, as nobody's going to rearchitect their game's entire netcode from scratch if they can just not do that.
Remember Fall Guys? A relatively big budget game with absolutely no reason to trust the client over anything other than the player's own key presses, where you could teleport over the map to instantly win the match? Solved with, of course, EAC.
I know it's frustrating, I really don't care. They can play or do something else. GTA Online from those comments actually does look like a case of bad netcode btw, and it does have kernel anticheat already.
As a reminder, GTA Online is the kind of product that made news here because players had to reverse engineer it to fix basic performance issues: https://news.ycombinator.com/item?id=26296339
But "covers for incompetently designed netcode" doesn't hold at all.
Netcode and cheat-resistance are mostly orthogonal. Netcode is latency-hiding — prediction, reconciliation, interpolation. Cheating is the client being an endpoint you don't control. You can have flawless netcode and still get wallhacked, because a wallhack touches the renderer, not the wire. You have to ship that data for the client to draw the level.
Server-side validation kills the cheats that surface as state: speedhacks, teleports, impossible positions; but it's blind to the ones that don't touch state at all. A wallhack reads memory the client holds. A vision aimbot runs on a second machine reading the screen- nothing crosses the network for the server to reject.[0]
That's why the kernel and attestation stuff exists. Not lazy devs papering over a bug: a class of cheat that server authority structurally can't reach, because the cheat never lies to the server.
I understand the dystopia argument, and it's a decent one. "Just write better netcode" isn't.
I'd humbly request that you spend time trying to actually grapple with the problem, there are some exceptionally well paid and talented programmers who are working on this non-stop in the large publishing houses (EA, Ubisoft, Tencent, Activision) who would do anything to avoid paying royalties to shitty software that breaks the performance and reliability of their games: yet for some reason year over year they can't seem to manage it.
Worth understanding why that is, instead of assuming incompetence or malice; perhaps its a harder problem than you think.
[0]: https://arxiv.org/pdf/2512.21377