This violates GDPR, no?
Edit: It sounds like this took place before GDPR was being enforced.
This violates GDPR, no?
Edit: It sounds like this took place before GDPR was being enforced.
Fraud prevention is listed as an example of a "legitimate interest."
So no, by my layman's interpretation, they would not have been bound by GDPR to notify the user of cookies or other fingerprinting used solely for anti-cheat. They'd run into trouble if they use that same ID for marketing/advertising without consent, though.
As far as I'm aware, you can get away with disclosing the fact that you are tracking "unique identifiers for the purpose of anti-cheating" in the terms and conditions, without explicitly explaining the technical details that it's a cookie.
Also, this is a server covering the Australia/New Zealand region, so it doesn't have to worry about GDPR compliance.
A person can requests to delete their data at any time, and also can request to provide all the personal data collected.