Anti-cheat without Trampling Digital Sovereignty

A lot of gamers have been in an uproar lately about an anti-user anti-cheat technique which has been in use for far longer than most of them even realize. That is, anti-cheat which treats its players as such enemies that it must commandeer their Ring 0, kernel level control of their own computers. Mind you, gamers only care about this in the first place because it has bubbled up into the normie-sphere while the vast pool of other tyrannical anti-cheat remain out of sight, out of mind as always.

But let's focus on something positive for a change. How can anti-cheat be handled in a responsible way which affords the player respect? There are some equally old tactics which stand imperfect individually, but can be combined into an effective and trustworthy strategy.

  1. The authoritative server model
  2. In a multiplayer game, there is almost always a server and the players must always connect to that server if they wish to play. The host therefore has the capability, and responsibility I assert, to run a parrallel game instance against which to fact check. Player A wants to move distance X? Player B wants to modify the HP of entity Y? Run it against a local copy in real-time and either pass along a yay or nay to said request. A client can have made any number of modifications to their game client and if it does not agree with the model being run by the server, it does not much matter.

    Granted, there are P2P game network models where the players take turns being the host. There are also timing and latency limitations this can impose on faster paced genres. Concessions in an authoratitive server design need to be made accordingly, and nothing is perfect... on it's own.

  3. Community run servers and moderation
  4. Community vetting is a model which has worked in the meatspace. Large welfare distribution networks cannot perfectly police against those trying to game the system for freebies, while localised efforts have a better grasp as to who is applying and what their situation is. Enforcement can only scale so high. Likewise, an online game which has a single monolithic master pool of players will always have non-insignificant numbers of cheaters falling through the cracks.

    When servers can be player hosted, it allows those operators to handle their own checking. Players are more likely to frequent a server and build familiarity with other frequenters. While cheating is possible, it can be identified and more quickly dealt with through conventional means. This does put the onus of trust on server operators, but relatively little stands in the way of unsatisfied players from simply participating on other servers or hosting their own.

  5. Minimal client side anticheat
  6. The barrier to cheating can be raised by client side checking. It does not have to be intrusive. It does not have to take over control of a section of the player's computer. The goal is not to make cheating infeasible, only to address the low hanging fruit. We want to minimize exploiting of the client as it ships from the game project, as most players will only ever run the official builds. Check against the obvious unlikelyhoods and scenerios which shouldn't exist under normal circumstances; player moving too fast? player is inside of a no clip region? These can all also be handled by the authoritative server checking, and should, making it an ideal complement.

    There are others, I'm sure. These are just the ones that I have seen implemented in games which appear to be effective without having to put the players inside a virtual prison. Most people are good. Most people are not going to try to break your game. Let's exploit that.