Most active commenters

    ←back to thread

    Anticheat Update Tracking

    (not-matthias.github.io)
    124 points not-matthias | 12 comments | 29 Jun 25 21:06 UTC | HN request time: 0.744s | source | bottom
    1. varun_ch ◴[30 Jun 25 08:54 UTC] No.44420989[source]
    Forgive my ignorance, but why don’t game developers put more effort into limiting the amount of data accessible to the client (restricting it only to what’s reasonably necessary)? For example, couldn’t more movement physics be validated or handled server side? Cheats might still be able to read some data from the game process, but ideally, they’d be limited to issuing inputs like any other player, based only on the same visible output everyone sees. Is it cost? Does this model just not align with how the client/server split looks in games?
    replies(7): >>44421072 #>>44421118 #>>44421970 #>>44422049 #>>44424067 #>>44425711 #>>44427400 #
    2. Boltgolt ◴[30 Jun 25 09:07 UTC] No.44421072[source]
    That's exactly what's being done, but you do not want everything server side over a network delay that is almost always more than the time between frames. Only server side physics would mean a lot of visual jank. It's now usually a model where the client and server make the calculation and the server "rolls back" the client of they do not match.

    Data is being limited though, like not sending opponent location data unless the client can see them

    replies(1): >>44424897 #
    3. lvturner ◴[30 Jun 25 09:13 UTC] No.44421118[source]
    It's been a while and it never was my exact area so forgive the high level and any innacuracies! (hopefully someone smarter can chip in further!)

    It begins to fall down when you think in terms of interpolation and movement, if the server had to confirm your every movement it'd end up very jittery and feel awful as you ping back and forth between where your client state thinks you are and the server state thinks you are.

    Even the client is kind of guessing (visually) where it is a lot of the time, at least until the next physics or update tick comes in and all this means that the server is going to be doing a hell of a lot of guess work about the state of the clients.

    This article helps with reasoning around what a game is doing per-frame: https://gameprogrammingpatterns.com/game-loop.html

    Certainly though, I think in this day and age, for slower games you could probably do a better job of this on the server though -- and I'm sure people are working on it.

    4. CJefferson ◴[30 Jun 25 11:29 UTC] No.44421970[source]
    Making sure that movement is validated on the server really is a reasonable requirement.

    There are two main issues:

    1) You typically want to let player's machines have a little knowledge the player doesn't, because if they peak around a wall, they should see an enemy, without having to wait for a round-trip before getting the information of the enemy they can see. Games often give out too much of this kind of information, but that's because it is computationally hard to figure out if a player can "almost" see an enemy.

    2) Aimbots are basically impossible to check for on the server -- you can play a cat+mouse game (and games do) of seeing if players are consistently too accurate (or more likely, consistently too mechanical), but it's very hard, and player-side anti-cheat is part of trying to control this.

    5. brainzap ◴[30 Jun 25 11:40 UTC] No.44422049[source]
    too much effort, since you also want to play sounds from hidden sources
    6. tekla ◴[30 Jun 25 14:50 UTC] No.44424067[source]
    You don't want clients suffering a bad experience because they don't have gigabit internet
    replies(2): >>44424412 #>>44424432 #
    7. jeroenhd ◴[30 Jun 25 15:20 UTC] No.44424412[source]
    Games hardly eat up more than a megabit of bandwidth in practice, unless you start streaming. Even streaming games from the cloud to your computer will usually take less than 20-30mbps.

    Latency is the real killer, though. A 10ms round trip + a few ms of simulation time at 144Hz will have physics objects "correct" their position after 4-5 frames have already been rendered. Bump that up to 30ms (still a perfectly common amount of latency) and you're reverting objects after 10 frames of animation.

    8. Workaccount2 ◴[30 Jun 25 15:22 UTC] No.44424432[source]
    The true killer is latency; the dominance of WiFi, and now the rise of home 5G internet.

    People who play Counter-Strike with their wifi router 3 floors below them in the basement under a pile of laundry will go on a crusade to complain as loudly and relentlessly as possible for Valve to "fix the fucking hit reg".

    People have -zero- technical knowledge and get incredibly angry that they died to someone they didn't even see.

    9. zamalek ◴[30 Jun 25 16:06 UTC] No.44424897[source]
    > Data is being limited though, like not sending opponent location data unless the client can see them

    So far as AAA games go this is pretty rare in practice. I guess there could be some problems to solve, e.g. you'd need to be conservative because a player could appear around a corner between server ticks, or the fact that RTS games usually operate by running a shared simulation[1].

    [1]: https://www.gamedeveloper.com/programming/1500-archers-on-a-...

    replies(1): >>44425689 #
    10. Hikikomori ◴[30 Jun 25 17:14 UTC] No.44425689{3}[source]
    Csgo and Valorant has done it for years, but they have fairly simple maps. Scum also did it and had the pop in problem.
    11. Hikikomori ◴[30 Jun 25 17:16 UTC] No.44425711[source]
    Doesn't work because of the delay.
    12. whoisyc ◴[30 Jun 25 20:20 UTC] No.44427400[source]
    Validating input and physics is easy and is effective against some of the crazy cheats people ran on eg PUBG. But it’s much harder to “limit information”. For example in CS if someone is 95% hiding behind a smoke screen with just one foot sticking out, do you tell other players about this player or not? If you don’t, then you are depriving them of information they should have been able to see, if you do, then it still gives a cheater an edge because even if you do spot the foot you will probably have a hard time actually shooting at the player because his body is still hidden.

    And even if you can 100% accurately decide when to hide or show information or if you are outright just streaming the game to the players there are still cheats that you cannot detect this way because they only enhance player capabilities within what is possible for an honest human player. For instance a simple cheat can detect if another player’s head is under your crosshair and fire automatically (with a randomized delay to game anticheat systems.) Realistically cheats these days are more complicated and do way more to emulate human input. It’s not easy to conclusively tell if a player is cheating thus way or not just looking at his inputs in one game. Maybe he is just fast, maybe he has lower latency, maybe he is just pre firing at spots he knows an enemy is likely to come from. You can’t know for sure unless you know what’s actually going on on his PC and his peripherals. And if you start banning people using just statistics you will likely end up with many false positives.

    At the end of the day there is no silver bullet to cheating. Even if you fully control a player’s PC there are still ways to cheat in hardware [1]. You need to find the balance between annoying too many players with your anticheat and your game getting overrun by cheaters.

    [1] https://www.counter-strike.net/newsentry/6500469346429600836