Comment by Rohansi
3 months ago
How would a server-side anti-cheat work? You wouldn't be able to detect ESP or other information leaks. Best you can do is see how good they are vs. everyone else but how do you know if someone is cheating or just really good? Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
SSAC is already widely deployed for many games. I'm not a professional backend gamedev (just an enthusiast), so I don't know all the approaches / tricks, but here's off the top of my head:
> [...] see how good they are vs. everyone else [...]
It's called Elo or MMR. You match players with a similar rating. An unfair advantage in one area (e.g. aimbot, map hack) turns into a significant disadvantage in all of the other areas (strategy, team play, mechanics, situational awareness, decision making). In SC2 you can regularly see mid-high masters or low GMs play against map hackers and just destroy them. Match making simply works as intended.
As a cheater - aside from being a different (not more difficult, but different) kind of a challenger, how do you gain material advantage from this? Streaming the game? If you attract a community that cherishes cheaters? Well.
This is of course on top of normal AC.
> [...] how do you know if someone is cheating or just really good?
In versus - it will surface, as noted above. You will plateau, just like any other player. If you're "really good", you will become an outlier and get attention.
In a game like Warframe (PvE, you can farm goods that you can sell for in-game currency), the main limiting factor is your time. A very good loadout will shorten an exterminate mission from 4 to 3 minutes, and you can build a decent loadout within ~2 months of starting to play the game. To further shorten it to 2min, you need good mechanics, or - as noted - to cheat. That's assuming you run solo - but since this is a co-op game, there's often someone on your team who will clear the mission for you in 2min anyway. Choosing to cheat is your own risk.
I'd consider AC a core part of game design.
> Most cheaters are not blatantly cheating so it is hard to know for sure. Even something like aimbotting is almost always adjustable in cheat software to have varying levels of accuracy.
It depends on how high you want to go - you don't know where the radar is, and it only needs to spot you once. The problem space isn't just aimbotting, it's highly multidimensional. An arms race like any other, except your "enemy" (the host) has significantly more information.
You must combine client-side with server-side AC either way. A CS exploit will circulate the same way a regular aimbot will.
> You must combine client-side with server-side AC either way.
I should have clarified - this is exactly what I meant. Client-side anti-cheat cannot be replaced by server-side anti-cheat. You need both.
I work on an FPS game that is heavily targeted by cheaters (Rust). We do both but we are probably limited with what we can do server-sided because it's a PvP sandbox game. There is no matchmaking and no defined winner or loser to simplify ranking players against each other. It's also high stakes because a cheater can ruin a legit player's hours of preparation in moments. Drawing a line in the data to detect cheaters will catch outliers but there's a world of "legit cheaters" out there who use cheats but limit it to not stand out and avoid being banned.
Oh that's interesting! I've never played Rust (or any PvP shooter outside of Quake 3...), so forgive me my ignorance. Questions, out of curiosity:
- Why no matchmaking, why no win/loss condition? What's the incentive structure / stakes for the participants? Is that a differentiator in the genre?
- Other than raw mechanics (aiming), what other kinds of skillsets affect gameplay / success?
- What are you allowed to share about the mitigations?
I don't wanna try any further backseating, just curious.
2 replies →