Comment by soloridindan 2 days ago
I think the moment you accept data from the client as truth you've lost the battle already, everything else is just damage control. Loads of games have realized this and kept checking game rules on the serverside and reveal data on a need-to-know basis. This makes it nearly impossible for cheats to be made because anything you know you should know, and everythin you act is parsed by the backend according to rules already present
You could probably detect those kinds of cheats heuristically on the server. There are limits to human ability. It’ll take more time to catch the cheaters, but I’m sure it’s possible.
This player is posting 30 auctions per second. Bot.
This player is turning at a rate of 500 radians per second to make perfect headshots. Bot.
this is already running in production for Counter-Strike since 2018 [0][1].
to be honest, it isn’t particularly good - all serious CS2 games operate on a third party provider with a kernel-level anti-cheat. also, the cs2 update banned people for spinning their mouse too fast [2].
[0]: https://www.reddit.com/r/GlobalOffensive/comments/5u2xly/eli...
Aimbots will just add delay and variance then. Guess its a bit fairer but if they're better than shroud level then it's still not great.
Which they do already, because slamming all of the aimbot settings to max is a fast track to getting mass reported and escalated to human review, which will immediately see what's going on. Any cheater with an ounce of desire to preserve their account is going to try and maintain the pretense that they're just very skilled, not impossibly skilled.
I think anything that relies on reflex alone is flawed design. You can design around this, by for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen. MMO scripts that use information already given by the game just seem like the MMO should invest in UX instead of trying to ban people for using the tools the game already gives them.
>for example in Dota2 it doesen't matter how fast you click an entity, because the turnrate of your character is limited, so a person clicking reasonably fast and a bot clicking in 0.01ms both arrive there at the same time. Precision also doesn't matter, because a player can click the icon of the enemy instead of trying to match the pixels on screen.
Even with turnrate, reaction time is very relevant. Reaction time allows you to silence enemies midcast, or to pop a shield, or a BKB, or some other instant measure. Turnrate doesn't mean reaction time doesn't matter, it means the direction you are facing matters.
As for precision, yes it does matter, ask any Phoenix player who gets hexed mid-flight.
People cheat in Dota in these very terms, it's absurd to argue it doesn't matter.
Unless DOTA2 is running at a ~3 tick rate (Which it's not), even taking account processing delays and action batching, a bot will always have faster reaction times than an actual player. It will also never misclick.
This problem is magnified in a shooter game, which would be unplayable with that kind of batching, but where a cheater with an aimbot is actually impossible for a legitimate player to beat.
After you click, the character will begin to turn, which can take several hundred ms. A delta of couple ms compared to the time it takes to turn is completely negligible and even an inch better positioning of a character, or having a character with items or stats that makes them turn faster (because picks are asymmetric) will make several magnitudes more of an impact.
If your game allows your sights to just teleport on people's heads and take that as the winning condition then that just sounds like bad design, there's no reason to allow infinitely fast movement and omitting strategy even from a shooter
There is rampant cheating in online chess and poker as well, you know? You can have an opinion about what constitutes a better game for humans: should it be about making better decisions, arriving at them faster or being fast and precise with your mouse but the reality is bots/assistance can make you unplayable in all of those domains.
However, this only solves the cheat problem to a minimal extent. There is a lot of important data that players should not be directly aware of, but which is important for the game. For example, it is important for calculating sounds to know where enemies are nearby, even though you cannot see them, which makes wall hacks possible, etc.
Sounds are core to shooters and very much within the expected abilities of the players to hear them. If anything, I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
> I'd incorporate this kind of indicator in the game itself, allowing for deaf people to "hear" footsteps as well
That's just discount wallhacks. Fortnite has it and you're basically forced to use it even if you have no hearing issues, because it provides a massive advantage.
Eventually you have to send data to the client and they have to send you back what they did. Assuming you’re running a game server with 240hz updates, on a 120hz monitor with no buffering, on a low latency connection in the same location to your data center, the absolute bare minimum amount of latency you can plan for is about 15ms from server to on screen, and back again) - 8 ms each way, 4ms for the server tick, and 5ms each way for networking. Now move 100 km from the server, or add in double buffering, and you’re closer to 50-60ms. That means at any given time you know there’s a deviance of between 0 and 50ms between your state and the clients - and a client can and will exploit that.
> Doing everything server side does prevent cheating.
No. Server side only protects against some types of cheats, such as telling the server that your bullet in an FPS is actually a grenade.
It cannot prevent snapping your aim to a target on screen.
That only solves half of the cheating problem - illegal inputs from clients.
The other half is much harder to solve. For a simple example - my client knows that there is an enemy player around a corner. It knows exactly where that player is, because that player is walking, and making noise. A cheats could allow the cheater to see his opponent's player's model through the wall.
For a more blatant example, consider cheats in a first-person shooter that just snap your aim to the nearest enemy's head. This involves zero violation of the game's logic, and also makes the game completely unplayable for everyone in a lobby.
You already know where an enemy is if you hear them behind the wall, you don't need a cheat to tell you that there is noise coming from other side of the wall. The server also doesen't need to tell you they are behind it if they're sneaking. A game that allows zero home-in time sounds like a flaw in the game and something solvable on the serverside.
You can replace a playermodel with wider "sound coming from around here" if you want to make it even harder for a cheat to pinpoint a sound
> The server also doesen't need to tell you they are behind it if they're sneaking
This requires the server to calculate line of sight checks for every player, which is costly, requires loading the entire geometry into the server and would be horribly prone to latency. Then you're looking at potential performance problems on the client due to only knowing about a player the second its in view and having to stream the assets to the GPU, which if don't happen in time for the frame you'll experience as hitching.
> You already know where an enemy is if you hear them behind the wall
Yes but this requires using your brain rather than just seeing them straight up through a wall.
I don't think those performance concerns are really much of an issue with any sensible implementation. You'd do line of sight checks against simplified geometry first to handle the vast majority of cases, and you'd load character models/textures in advance (game/match startup) rather than only when they first appear on screen.
One non-trivial part seems to me that if you walk around a corner you don't want to wait 50ms (your ping) for the server to send enemy locations you can now see. Ideally every tick the server would be sending all enemies that you could potentially see before the next tick depending on what your movement packets that it hasn't yet received turn out to be. Wouldn't entirely eliminate advantage from cheating (e.g: a cheater walking around a corner could still see enemies up to a tick/~15ms in advance) but would hopefully make this form of cheating significantly less worthwhile.
Cs2 and Valorant does this, but start sending positions around corners before they're visible.
> You already know where an enemy is if you hear them behind the wall,
You know they are somewhere behind the wall, you don't know which exact angle they are behind the wall, because headphones and our ears don't work with that degree of accuracy.
The cheater can just swing the corner with his cursor already pre-positioned exactly on his target. Between peeker's advantage (inherent to any online game with latency) and human reaction time, there's not a lot you can do to fight that.
Some kinds of cheating can be mitigated that way, but it can't really stop cheats which just play the game more optimally than the user is able to, using the same inputs and outputs that a legit player would use. Aim assistance in shooters, automatic parries in fighting games, economy-breaking levels of automation in MMOs, and so on.
There's also practical limits to how much data you can filter out in complex 3D games, both due to performance constraints, and because culling information too perfectly can cause things to pop into existence too late under real-world network latency. The effectiveness of ESP cheats can be reduced, but not eliminated in practice.