Comment by fracus

Comment by fracus 9 days ago

47 replies

View on Hacker News

There must be some statistical method or honeypot method to reliably detect cheaters. Like present the players with a bot who's purpose is to be un-hitt-able unless the player is cheating. I don't know, there has to be a way. Cheaters are disease in online gaming. I know that sensible people won't want to sacrifice their anonymity to provide ID to play a video game but if it is in the competitive scene and they are playing for money, surely it isn't a stretch to ask for ID and thus ultimate accountability.

amalcon 9 days ago

This is a thing, yes. Statistical cheat-detection methods are more or less required for online chess, for example, because anyone can run Stockfish. A lot of that came out of academia, so you can just find papers like this: https://cse.buffalo.edu/~regan/papers/pdf/RBZ14aaai.pdf

The techniques they use will always be a little secret-sauce, though, because anti-cheat is adversarial. The best public anti-cheat mechanisms I know of are not technical anyway:

- Play with friends or a small community that you trust not to cheat

- Structure the game to remove incentives for cheating. This is the entirety of how daily games like Wordle prevent cheating, but limits how competitive your game can be

- Closely control and monitor the environment in which the game is played. This is sometimes done at the ultra high end of competitive esports: "We provide the computer you will use. You don't have the unsupervised access necessary to install a cheat." The most common version of this, however, is in casinos.

Reply View 22 replies
  • rcxdude 9 days ago

    Also, have tools to record and replay games, and knowlegable moderators who can identify signs of cheating and ban offenders. This will count for a lot, even if someone can cheat well enough to appear highly skilled naturally (which almost always requires at least moderate skill at a game), it won't be quite so rage-inducing. This doesn't scale very well, though.

    Reply View 14 replies
    • stevage 9 days ago

      > knowlegable moderators who can identify signs of cheating and ban offenders

      Oh boy, this absolutely does not work for chess at high levels. Endless debates and arguments.

      Like this:

      https://www.reddit.com/r/chess/comments/1ctj85n/viih_sou_upd...

      A very good player invented a stupid opening and then somehow won a lot of games against top players with it, and chess.com decided he was cheating (without presenting evidence) and banned him. It really seems like he wasn't.

      Reply View 9 replies
      • NitpickLawyer 8 days ago

        > Oh boy, this absolutely does not work for chess at high levels.

        Magnus himself said this. If he were to cheat, he'd only get 1-2 moves per game, and sometimes not even the moves explicitly, but merely the notion that "there is a very good / critical move in this position". That would be statistically impossible to accurately detect.

        Reply View 4 replies
      • SOLAR_FIELDS 9 days ago

        Top reply there:

        > It sounds like if you want the answers you desire then you'll need to contact a lawyer and figure out if you have any right to them.

        What legal recourse would there even be here? Some sort of civil action?

        Reply View 3 replies
    • KennyBlanken 9 days ago

      These days aimbots are so sophisticated and able to include fuzzing, that it's virtually impossible to tell because they can mimic a player's movement, miss occasionally, etc.

      About the only cheat you can really identify is glass-walling, because usually people who do it eventually slip up and aim/shoot perfectly at someone they plainly cannot see.

      Reply View 3 replies
      • xmprt 9 days ago

        Really good players can get lucky pretty often because of game sense so even glass walling is hard to detect for certain if a player shoots through walls and kills their invisible opponent. We see this often even in pro play for tactical shooters.

        Reply View 2 replies
  • TheAceOfHearts 9 days ago

    In the WarCraft 3 community they have a custom client and third-party ladder called W3Champions. It adds a few quality of life improvements like allowing you to not get matched against the same player again for 8 hours. But where it really shines is in the ability to moderate the community by banning bad actors. Some popular Twitch streamers tried out WC3 recently and in the official battle.net ladder they got players trolling them by making swastikas with towers or deliberately deboosting in order to snipe them. Once they switched to W3Champions the trolls all went away, but if any showed up they would get banned pretty quickly. One of the biggest benefits of building smaller communities is that it's actually possible to moderate them and elevate the gaming experience of everyone involved.

    Reply View 1 reply
    • skydhash 9 days ago

      Another example is Apex Legends. Watching creators on Twitch and it's a massive quality of play (and stream) change going from random matchmaking and playing matches with a small selection of people.

      Reply View 0 replies
  • mrbonner 9 days ago

    Is this what happens with Call of Duty? My observation is I would play very good for a couple of days, often 1st or 2nd player in the 12 people group. Then, next few days I am placed with a bunched of assumed cheaters (seemingly seeing thru wall, headshot but not dead, jump slide then shoot mid air with a gamepad...).

    Reply View 2 replies
    • schumpeter 8 days ago

      Activision CoD uses EOMM, engagement optimized match making. They’re optimizing for your to stay on, much like a gambler playing slots. You allow one win where the player is matched with lesser opponents, and then the next X games, you’re the lesser opponent.

      It’s all tuned to keep you playing and want that dopamine hit of a win that’s always just around the corner.

      Reply View 0 replies
    • BoorishBears 9 days ago

      If you're doing so well that you're saying CoD starts treating you as a cheater, then what's probably happening is you're playing people below your skill level until the matchmaker adjusts.

      Then once the game puts you with people closer to your skill level, the best of them feel like they're cheating (and to be clear, some definitely are, but to the people you were stomping you also probably seemed similarly clairvoyant with impossible aim and movement)

      Skill based matchmaking is controversial, but the truth is more games have been killed by an infinite loop of skilled players stomping new players so badly that the new players never become skilled players, than the opposite.

      Reply View 0 replies
stevage 9 days ago

Reminds me many years ago I was playing online poker. The site I was on did this special anniversary giveaway thing. Every million hands or so, there would be a massive (in relative terms) jackpot. If you win the hand, you get the jackpot. It was so large, that you should never fold any hand, at all. (At these microstakes, normally a big hand was $5. These were like $300, so risking your whole stack of $2 was totally worth it).

At the start of the hand, the rules were announced, and there was a very long wait (10-20 minutes), so everyone had a lot of time to process what was going on.

I was dealt into two of these hands. In one, I raised all in and everyone folded. In another, someone else did this, and everyone except me folded.

That convinced me that almost everyone was a bot. There was no rational explanation for this behaviour.

Reply View 1 reply
  • fn-mote 9 days ago

    Once they get you hooked, they can match you with the other whales. Until then it's just training your reponses even when it costs them 300 fluffmarks.

    Reply View 0 replies
ultimafan 9 days ago

With how bad it's gotten in some games I honestly just don't even bother playing PVP game modes anymore unless it's on a private server with close friends. The only modes I play public multiplayer on are coop or pve ones. The cat and mouse games from a developer vs cheat developer perspective from what it seems like is basically unwinnable outside of drastic actions like requiring ID/camera that no one is going to be willing to do for entertainment.

I can't really blame game developers for giving up on trying to fight cheaters for that reason. In an ideal world they'd be able to dedicate all their time/resources to game content itself giving us more to enjoy instead of having to waste an unreasonable amount of man hours and money on anticheat solutions that are only temporary anyways.

Reply View 5 replies
  • TheAceOfHearts 9 days ago

    Game devs take on the problem by themselves by not releasing a server component. Older games used to release the server component, so people could self host or make their own ladder system. That allowed each community to come up with their own set of rules and restrictions for how much moderation was desired. But in the modern era where the game developer controls the server everyone is subject to a single set of rules.

    Reply View 4 replies
    • droopyEyelids 8 days ago

      I don't think you intended to be that specific, but the developers don't make any decisions at the level of "releasing a server component" thats an upper management/production leader decision.

      Reply View 1 reply
      • moregrist 8 days ago

        I read “game devs” here as referring to studios/publishers/etc.

        I would hope that we all know that the person who wrote the A* pathfinder code probably isn’t making choices at the product level.

        Reply View 0 replies
    • kibibu 9 days ago

      It used to be standard practice for ISPs to host a bunch of game servers too, to minimize latency and cost.

      Reply View 0 replies
    • ultimafan 9 days ago

      That helps but there's still a huge burden on the community who end up having to self moderate. I think one of the biggest issues today is that cheating is not so easy to uncover anymore. It could just be rose tinted glasses or just lack of knowledge among the public about what cheat developers were up to but 20 years ago I don't really remember it being such a prevalent issue. I'd see rage hackers, spin botters, people blatantly using god mode or flying out of bounds or wall hacking but never heard much in the way of the kind of culture that seems to be prevalent now. It feels like there's plenty of extremely subtle cheats out there today and even "microcheats" that don't do much other than tweaking certain values by 10%~ in a way that gives a significant advantage to players with enough skill to leverage their play style around that without it being obvious that they are in fact cheating. And you'd go paranoid trying to catch them out because people are much more clever about how they use them.

      Reply View 0 replies
s09dfhks 9 days ago

> present the players with a bot who's purpose is to be un-hitt-able unless the player is cheating

Escape from Tarkov had/has something vaguely similar to this. They'll put a very valuable piece of loot in an inaccessible room under the map or inside a locked car and monitor which accounts pick it up. I think Call of Duty warzone did it as well with the fake enemies that only accounts suspected of cheating will see

Reply View 0 replies
nitwit005 9 days ago

The problem with a statistical method is you can't ban the best players. For most cheats, you can dial the cheat down until it's at a human level.

Reply View 7 replies
  • bee_rider 9 days ago

    That seems… like, fine, right? Who cares? Most games do skill-based matchmaking anyway, so if players are using cheats to play at higher but still human skill levels, they’ll just get boosted up to higher ranks.

    The main issue, I guess, is they’ll have lopsided aiming proficiency (due to the boost) vs game knowledge. But that’s basically a crapshoot anyway in mass-market “competitive” gaming.

    Reply View 2 replies
    • KennyBlanken 9 days ago

      That's not how matchmaking works in many games, especially the huge multiplayer arena games.

      Games "feed" less skilled players to higher skilled players - just enough that the less skilled players don't ragequit. Higher skilled players don't actually want to play in a lobby full of people their skill. They want a few people their skill, and then a lot of people they can stomp.

      Reply View 0 replies
    • samplatt 8 days ago

      >Most games do skill-based matchmaking

      <Bitterly laugh-cries in Rocket League>

      Reply View 0 replies
  • reaperman 9 days ago

    The statistical methods can detect things orthogonal to performance KPI’s. Automation has “tells” - little things they do differently from what humans would do. Reliably discriminating those signals is a hard problem.

    Reply View 3 replies
    • bob1029 9 days ago

      > Automation has “tells” - little things they do differently from what humans would do

      This tends to stand out like a sore thumb once you start looking at things from the perspective of the frequency domain. Even if you use an RNG to delay activity, the properties of the RNG itself can be leveraged against it. You may think taping a pencil to a desk fan and having that click the mouse button is being clever wrt undetectable RNG, but you must realize that the power grid runs at 50/60hz and induction motors are ~fixed to this frequency.

      There is also the entire space of correlation. A bot running on random pixel events with perfectly human response times, while appearing "random", is not correlated with anything meaningful outside that one pixel being monitored. You could check for what are effectively [near] causality violations to determine the probability that the player is actually human.

      Reply View 2 replies
      • Joker_vD 8 days ago

        But... humans kinda behave the same? Your FPS is 50/60 Hz and your reactions are pretty much tied to it; and human behaviour is a pretty lousy RNG, that's been known for ages.

        > A bot running on random pixel events with perfectly human response times, while appearing "random", is not correlated with anything meaningful outside that one pixel being monitored

        So would a human who is tunneled-vision at the center of the screen.

        Reply View 0 replies
      • kisper 8 days ago

        What if one were to train a neural network of sorts based on your response times and mouse paths toward on screen stimuli?

        I’ve thought that trying to make a bot for personal fishing use would be a delightfully fun project, and this is how I pondered evading such anti-cheat heuristics.

        Reply View 0 replies
bob1029 9 days ago

I think statistical methods are the best primary option. There are a lot of other tools you can use but this is the most impenetrable from the outside.

The chances that the cheater is able to anticipate the statistical state of everything logged server-side is negligible. There is no way to "sandbag" performance on purpose if you don't know how your performance is being measured.

There is also the problem (solution) of sample size. The players' performance in one or ten games is ideally not relevant to the heuristic. There is a threshold that is crossed after hundreds of rounds of dishonest play. Toggling cheats within a match or tournament series would be irrelevant.

Reply View 0 replies
efilife 9 days ago

Whose purpose. Who's means who is

Reply View 1 reply
  • fracus 8 days ago

    Thanks. I wish I could correct it but it won't let me.

    Reply View 0 replies
MaxikCZ 9 days ago

Theres plenty of what you suggest going on all the time, loot spawning in unlootable places etc.

Problem is, theres always some difference between valid and invalid target, and if the game knows it, cheat extracts that information and acts "dumb" around those honeypots. It wont shoot targets that the game doesnt render because the bot checks that attribute. It wont loot that honeypot because its in manualy upkept white/blacklist.

Its just another level of cat and mouse game.

Reply View 2 replies
  • pixl97 9 days ago

    Yep, the cheat engine designers get thousands and thousands of test cases. If the designer screws up your account gets banned, but quite often they can detect what did it.

    Now, good cheat detection won't ban you immediately, it will allow you to build up a novel of sins and then ban so it's difficult to determine what action provoked it. Unfortunately that does mean those people are on the servers for some amount of time.

    Reply View 0 replies
  • bob1029 9 days ago

    > theres always some difference between valid and invalid target

    This information does not necessarily need to be made available to the client. Latency compensation can treat the phantom just like the real deal and the server can silently no-op any related commands (while recording your naughty behavior).

    Reply View 0 replies
_bin_ 8 days ago

Yeah this would be my instinct even if someone somehow got a leaked TPM root EK and spoofed it with a bootkit. Your timings/latency/variance are still going to be different from a hardware chip, almost certainly. Yes you might be able to measure this and attempt to replay it but that gets hard, then you have to figure out e.g. how can you pin your hypervisor/mock TPM to a core so timings don't vary under load, etc. It's getting measurably harder to write good cheating software at this point.

Reply View 0 replies