←back to thread

We outsmarted CSGO cheaters with IdentityLogger

(mobeigi.com)
379 points mobeigi | 1 comments | 16 Oct 24 18:18 UTC | HN request time: 0.208s | source
Show context
Retr0id ◴[16 Oct 24 19:30 UTC] No.41862899[source]
> Wonderful, we have found a way to silently persist a cookie for each player as they join the server.

This violates GDPR, no?

Edit: It sounds like this took place before GDPR was being enforced.

replies(2): >>41863024 #>>41867747 #
1. red_admiral ◴[17 Oct 24 09:06 UTC] No.41867747[source]
IANAL, but there is a "Legitimate Interest" exception, which gets abused a lot when a consent popup has about 50 of those pre-checked on a hidden tab, but this looks like a valid case to me.

The UK DPA (basically a fork of GDPR) has this to say [1]: "the following purposes do constitute a legitimate interest [...] fraud prevention; ensuring network and information security; indicating possible criminal acts".

Under the Computer Misuse Act 1990 [2], there's a possible reading under which "hacking" to cheat (even if someone else does the hacking and you jsut install the program) could actually be a crime.

[1] https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-re...

[2] https://www.legislation.gov.uk/ukpga/1990/18/section/3