I have found over the last 5 years that it is impossible for me to take online multiplayer gaming serious in any capacity anymore. Cheating has become so rampant and so ubiquitous that I have no confidence in any online gaming match to be cheater free. If people are cheating then what am I even playing for? It's only fun for me when I know there is some semblance of integrity between the players, but nobody else seems to care. I don't even particularly care about being good or winning. You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
I also have no trust in any sort of gaming related records of feats of ability. I've been deeply involved with gaming communities in the past where people would show off their world records. I would question such scores only to be flamed and then years later it is discovered they were cheating after all.
Really my only point is that I despise cheaters and any game that isn't single player or only between friends may as well not exist for me anymore.
I used to play competitive Search and Destroy on PC in Call of Duty. I clocked up a few thousand hours of online multiplayer play during a mis-spent 5 years as a student. I’d often get accused of cheating in casual online games - to the point where it became tedious to even acknowledge the accusations.
My point is: often people think others are cheating when in reality they are just really good because they have spent thousands of hours playing.
Big agree on this. I play a lot of Team Fortress 2, because it's absolutely timeless
Valve in their "infinite wisdom" decided to funnel the bulk of players into a matchmaking style multiplayer system, while relegating decades of player-run (and previously Valve run) dedicated servers to a "Community" tab that opens the old school server browser
Consequently the game has been absolutely infested and overrun with bots for the last couple years. They all play Sniper and aimbot instant headshot players on the enemy team, they're also programmed to steal a players username and steam avatar (because there is no throttling on changing that information live, even when connected to a game server)
Consequently the paranoia of most players means that even if you're just a "good sniper" (as someone with about 8,000 hours in the game over the last ~14 years) you'll almost immediately be the subject of a votekick. To which you have to get on microphone and plead "I'M HUMAN, I'M HUMAN!" and hope players don't automatically just vote to remove you
Back when I played Counterstrike and Team fortress classic in the late 90s I would occasionally get banned from a server. The only cheats I used were headphones and way WAYYY too many hours of play time. I couldn't even tell you how many tens of thousands of times I've been accused of cheating because "no one could do that legit". One person's skill is another person's cheater.
Having said that I've run into plenty of "hackers" and cheaters over my decades of online play. I steer clear of certain types of games as the player base seems more inclined to cheat.
Found an old screenshot of Counterstrike after I got auto balanced.
It's also frustrating when you're not particularly skilled are just having an unusually good performance. My K/D ratio hovered somewhere just under 1, but I had outlier moments in CoD where I would rack up kill streaks and end games 16-0 or 27-1. Being accused of cheating and then follow-through harassed via PMs was just exhausting and ate up some of the joy of performing well.
The absolute best I've ever felt in online gaming was when someone accused me of cheating after a particularly good round of TDM. Rode that high for at least a week.
Do you still play ? Cheaters are a whole different league now compared to 10 or even 5 years ago.
It used to be script kiddies with aimbots downloaded from somewhere, nowadays it's cheat developers making hundreds if not thousands of dollars per month from renting cheats or selling carry services.
I remember joining games of Dark Forces: Jedi Knight in the '90s and finding someone playing as a TIE fighter. Like, a full size TIE Fighter, not a model scaled down to person-size. And insta-killing anyone who came near. Mind you, this is a (mostly) first-person shooter that doesn't normally have player-drivable vehicles of any kind.
That and similar ridiculousness were fairly common.
I actually didn't mind that stuff, it was funny enough to outweigh the irritation of not getting to play a real match. The ones cheating without making it overt were the ones who'd truly ruin a match.
> You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
I don't get it, but people do cheat. They cheat in online games, they cheat at board games, they cheat at tabletop RPGs(?! and no, I don't just mean the DM fudging some roles in the name of fun—they have a screen for a reason) [EDIT] What I mean is, there must be some impulse to do it, even when the stakes are nonexistent and it might even ruin the fun for everyone. It's not even uncommon. I don't get it either, but it must be there.
Reminds me of joining a lobby of the original Modern Warfare 2 only to find that there was a cheater, but a generous cheater. All players were flying around in noclip mode, armed with pistols that shot giant explosive rounds. It was a blast.
If there are gonna be cheaters, I'd rather they do silly shit like that than just be using wallhacks, radar, or aimbots.
Some people get joy out of making other people unhappy. It’s not about winning, it’s about making others lose. Cheating in games is a very low stakes and easy way to achieve this. I’m no psychologist, but this is the only explanation I’ve been able to convince myself of.
Some people play for the socialization, some people play for the challenge, and some people play to win (ie, display their “dominance”). It’s just different personalities and values.
The latter group will often cheat if necessary as winning is the need and the priority. The talented ones usually end up in profitable pursuits like business and poker rooms. The losers (pun intended) will gravitate toward friendly competitions where people have their guard down and cheating is easy. At least that’s what I’ve seen.
The best strategy is to detect these people and ban them because appealing to values won’t work.
I suggest having a look at Deep Rock Galactic (http://deeprockgalactic.com). It's a coop-first game (that is, it's meant to be played with others, but can be played solo) that is PvE (that is, you & others are working together, against "the environment").
Missions are arranged into five difficulty levels ("Hazard 1", a.k.a "Haz1", the easiest, through "Haz5"). I've found that, when playing with random people, Haz2 or Haz3 gets you a good combination of players. Of course there are toxic players, but the proportion of them (that is, the number of toxic players as a percentage of the playerbase online at any given time) is low.
I think Haz4—more difficult than Haz3 but not Haz5—has a higher chance of toxic players. I avoid Haz5 as it's _extremely_ difficult for my skill level, but I understand the players who regularly do Haz5 missions are good folk.
Sadly co-op PVP is still no guarantee the game won't be ruined by cheaters. I love Monster Hunter: World, and you'll run into random players who have hacked gear that one shot the monster. Playing with friends, or running a dedicated server where you cultivate a community, are the only options.
I've played 3000+ games of competitive Halo Infinite over the last year while climbing to top 1% and only had 1-5 games with noticeable cheating. It's nowhere near "ubiquitous and rampant". In the singular game with blatant aimbotters, it was actually a really close and exciting game because while their aim was perfect, their strategy and game sense was atrocious. So with good communication and coordination on our side, we were able to outsmart them and win.
Most people have no idea how to detect basic non-blatant cheats. Even simple low-FoV aimbots sneak past the vast majority of players. Good enough cheats are virtually undetectable by just human inspection.
The few people you saw cheating were probably frustrated enough with the game they decided burn their accounts and ticked enough boxes in their cheat menus to let them go out with a bang. It may of course be that you are particularly good at spotting cheats and Halo Infinite is just blessed to be relatively cheater-free. (I've not played it.) But I'd expect 1-2 orders of magnitude more games to have cheaters than your estimate.
You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
That’s the difference. The stakes are way higher in video games. People pour thousands and thousands of hours into these games. They dream of going pro and joining one of the big teams. They dream of winning the big tournament for real money. They dream of having a popular Twitch stream with many thousands of viewers throwing even more money at them.
Most fall far short of those dreams. Instead they throw temper tantrums and rage at their teammates over voice chat. Some get so frustrated about their lack of progress that they search for alternative means. That’s where cheating begins. It’s really no different from sports.
There's the cheating, and then there's the fact that there are far too many man-children everywhere these days. They whine, complain, throw tantrums worse than toddlers do. It is absolutely painful to hear a grown man whining about something in a GAME.
For instance, I played a free to play game. The servers just went live and it was the VERY FIRST MATCH of the game. It wasn't soon before one guy on our side was crying because we all sucked. I see this type of behavior everywhere.
When I was younger I probably would have thought it would be awesome to make money from playing video games, but now I feel like the activity changing from a hobby for fun into a livelihood has only been for the worse. This trend may exist for many other hobbies as well such as blogging or making internet content.
Some of the most cheat infested games are nowhere near having an "esports" competitive scene. I'd think that in actual esports games, where it can ruin your career to get caught cheating even if it was years ago in casual games, there'd be less "everyday" cheating.
It is, at least, supremely satisfying to pwn a blatant cheater.
One time there was a blatant hacker on the Markov server in the original PlanetSide (a TR player with a name like iIiIiIiiIiii) that was using some sort of time/speed hack to move and shoot at some large multiple of normal.
They were having a lot of fun camping inside towers to kill people spawning there, so I managed to camp out in one before they arrived and held a good corner with my trusty bolt driver (sniper rifle). I managed to pop them once on their way up the tower, and I think they were moving so fast that they didn't realize it'd happened until they got to the top. Just enough time to reload and switch angles for them to come back down.
I know the hacker was there to enjoy ruining fun for others, but they gifted me what was unambiguously the most exhilarating, triumphant, and memorable of the 25K+ bolt driver and 40K+ total kills I recorded.
IMHO, the only reliable solution is community-managed or "dedicated" servers where there are trusted admins that have the power to ban cheaters at their own discretion. I don't think this problem is solvable "at scale" in the general case. Unfortunately the gaming industry has spent the last decade taking power away from gaming communities and replacing it with proscribed matchmaking and map rotation - so the tools for community policing haven't advanced much beyond a "report" tool.
Another solution is the console approach where the platform is secured so people can't cheap. This approach does scale. The PC platform is still playing catch up. Someday multiplayer PC games will be able to prevent cheats from reading / writing its memory or injecting come into the process. They will be able to use remote attestation to prove that they are using the actual game client on not cheater operating system.
If you think of the headcount for "private servers", and assume 0 overlap, then private servers tend to have in worst case, 1 staff member per 100 players. Can you imagine any large developer employing a team 1% of the size of their playerbase for community moderation? Wouldn't happen. More likely they have like 10 support people and 3 devs on their anti-cheat team for their million player game, so they need to rely on their technical measures and stick their fingers in their ears as to the existence of false positives and the inevitable loss of that cat and mouse game in long running titles.
I think the future of gaming is to get rid of mechanics that computers are good at. Aimbots in an FPS are a common cheat, and they are pretty much undetectable with video analysis + a modded usb mouse providing the inputs. What I take away from that is that the next generation of first-person-kill-the-enemy games will simply rely less on aim and more on tactics and strategy; "press E to apply this debuff to this enemy" instead of "click the enemy's head to kill them". Overwatch is a good example of this style of game; you can be a top 10 player with garbage aim. (Aim is still a mechanic and people do cheat, of course.)
Wall hacks are another common hack; getting information that the game client has but that you aren't supposed to know. I think games will have to evolve to being "perfect information", just let all players see behind walls.
All in all, I don't see cheating as ruining gaming as a whole. Game designers will design games that are more difficult to cheat at, and hopefully there will be less cheaters ruining your matches. I would definitely play the can-see-behind-walls-and-aim-doesn't-matter FPS!
"I think games will have to evolve to being "perfect information", just let all players see behind walls."
Just don't send the data to the game client until the last moment. Currently the game server is literally telling your computer where the enemy is located behind the walls. Wallhacks can be made to be impossible with enough development effort.
In CSGO, there are HvH servers dedicated to cheaters where everyone cheats with their favourite software making it impossible to cheat as everyone is in the same conditions.
These cheats Valve banned for only give a small edge. Much less than the variance in skill between players. It's more like turning graphics low for better fps than an aimbot. If you don't care about being good or winning, you can just consider the cheaters to be better skilled players and be unaffected by them.
I enjoy cs go, and I can't recognize a difference with good aim and aimbot. So there is no difference with a cheater or a smurf for me.
All strategy games are like that. Cheating barely gives an advantage because the best cheats just reveal the fog of war but good players already know what's in the fog of war due to game sense, communication and scouting. So cheaters still lose.
The better you get, the less 'cheaters' you spot.
they are honestly rare, or very subtle.
Mostly because actually spotting cheaters takes a lot of game knowledge and experience. In FPS games anyone can spot a spinbot, but how you can be sure that someone uses wallhack? or aimbot that just slightly corrects the aim?
Without proper game knowledge you wouldn't be able to distinguish a wallhack from someone listening to footsteps, having info from teammates, and having a good map awareness.
It is very easy to cry 'cheater', especially without any actual proof.
Without knowledge that, for example in CS: spray patterns exist, even someone correcting them would look like a cheater to a newbie.
I spent about 300 hours lately playing new COD, and there was only one case where i suspected someone of cheating. One.
And i do play a lot of FPS, and played them for good 25+ years.
Try playing TF2. The cheaters aren't exactly subtle - instantly snapping from looking vertically upwards to headshot the instant you walk round a corner.
> You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
It takes a minimal amount of study, training, effort to be a perfect tic tac toe player. If you put a small amount of effort into it, you can get skilled enough at tic tac toe to never make any mistakes, to never end up with a result less than a draw. No amount of improvement will ever give you a better result.
Not so with nearly any online game, especially one with as high a skill ceiling as Dota2. You can always get better, there's always room for improvement, there's always someone better than you. If you could get just a little bit better, you will win more games, no matter how good you are.
I don’t like online multiplayer but instead of cheaters it’s because I just suck: most of the time almost everyone is just better than me, and it seems like I lose way more than 50% even with SBMM. I think it’s not just cheaters that are the problem, it’s skilled players who artificially lower their ranking so they can play against less skilled players and win more.
A really smart SBMM would solve both problems. One that not only prevents players from artificially dropping rank, but also hiding their skill and maintaining a lower rank; and perhaps instead of an ELO, also matches players with similar play-styles. Because then cheaters will quickly end up in a rank with other cheaters, and won’t be able to leave unless they buy another copy of the game.
Another problem with multiplayer is that if you don't cheat but play well, people who lose to you can be so whiny and abusive. Not jut in game, but following up with nasty emails on the platform etc.
It sucks and I suppose things will only get worse as AI improves. The unfortunate thing with computers is once easy automation is available and there is a reward for winning, then these systems will attract cheaters, spammers, etc. Spam email, online game cheaters and the most recent example Clarkesworld Magazine that had to close submissions because so many people were using AI systems to generate low quality stories.
The only positive thing is maybe gamers will push for more local multiplayer options.
AI has actually been working against cheaters. Using server side measurements fed into an AI like OSRS does has drastically cut down on the number of cheaters. Mass amounts of data can be collected of users mouse movements that when fed in can detect cheaters using aim botting in FPS. Valve actually does some of this already as well to reduce the number of blatent cheating overwatch candidates in CS:GO.
Bots have been improving a lot in recent years. It may be that the future is not multiplayer but single player with excellent bots... maybe Sliders got the end times wrong :)
Agreed - I haven't played against real people for years. I've even developed bots for a few older games without much of a player base any more so I can continue playing them.
That's not exactly what I mean by serious. I only play games for fun and don't consider anything that occurs in said games important to my life. But I am not going to spend the time playing something that has cheaters as it reduces the value of the experience to nothing for me.
To me personally, this is a solved problem: Bring back peer-to-peer servers that you can set up to play privately with your friends and online social group. No more rampant cheating and easy remediation.
Game publishers won't allow this again because it they can't "control" it and it won't make them money. Fortunately, opensource games still exist :D
And then they push increasingly user-hostile things to try and solve the problem. No Windows passthrough VMs for those of us who don't want Windows touching our hardware, accidental bans because someone reports you for cheating when you weren't, and the team didn't analyze it well enough.
Personally, I'm mostly referring to Tarkov. I don't play anymore. I used to love it and try to convince my friends to get it, but that was years ago. I only play the single player mod on top of it now.
I've generally moved on to single-player and coop games now. Everything else is excruciating. And part of that is that I have less free time, so wasting it on being angrily competitive and anxious just isn't appealing to me anymore. I don't have time to be on-par with sweatlords.
I like to believe consoles fare better, so I disable cross-platform multiplayer on the PS5 for games that have this option. In any case I think it's better to be matched with people with the exact same hardware anyhow.
Based on what do you feel it has become rampant?
There are many people who feel that way because they haven't reached a level of expertise where they can understand why they are losing. I see this all the time in recaps where streamers die to me in game. They could clearly be seen or heard or inferred but to them its a total mystery and they report cheating.
I have run into cheaters but most games are fine, sometimes you even manage to kill a cheater, fun times.
All sports are like this. Welcome to Earth. Sorry.
I've known gamers that laughed at console gamers because of how much slower the systems were. Now, I have to wonder if they just weren't PC gamers for the sole reason of being able to run these hacks? Know the personalities of some of them, it would not shock me at all
I feel like I've "aged out" of online multiplayer gaming. I could pick up COD for maybe the hour or two of gaming time I have a day and immediately be dominated by those younger who have a vast amount of more time to hone their techniques. Or I could play something single player (or something that can easily be played single player like an MMO) that relaxes me after a stressful day at work. I choose the latter.
Except, ten years ago "older folk" COULD enjoy much less competitive online multiplayer experiences. I place the moment Call of Duty started spawning you randomly during team deathmatch as the marker. Instead of spawning in a safe zone with clearish "Fronts" to approach and attack and plan around. Instead, you spawn randomly, often with your back to an enemy, and half the time you spawn you instead have an enemy's back to you. I hypothesize that quick "yeah I got a kill" made the game more attractive to kids, and not allowing you to plan and implement any sort of individual strategy other than "click heads faster than the other guy" made online games more demanding in ability.
> This patch created a honeypot: a section of data inside the game client that would never be read during normal gameplay, but that could
be read by these exploits. Each of the accounts banned today read from this "secret" area in the client, giving us extremely high confidence that every ban was well-deserved.
Any speculation as to how this worked on a lower level ?
There are multiple ways to detect this. Hardware breakpoints were already mentioned, but they only work per thread, so if one is sniffing on your memory from another process or the kernel then these won't help.
The most stealthy and evil way I found was to allocate a page but never actually use it.
Windows lazily allocates physical memory for fresh memory pages when they are first used.
The detection is to periodically poll the page map from your process and check your canary pages via NtQueryVirtualMemory. If your unused page suddenly is backed by some physical memory then something happened to read from it! Bonus-points for putting such canary pages into places previously used for real game data.
This method is not foolproof: Anti-virus programs can read memory of all programs (but don't, Overwatch e.g. does not like this and crashes randomly due to this exact protection method). A bug in the program could also read from the page accidentally (e.g. out-of-bounds array read). But it's a /very/ good indicator that something is wrong when other cheat detection mechanisms also trigger.
Once you know how this works it's pretty easy to defeat unfortunately: Read the page map first, then avoid reading pages that have no backing physical memory, because those contain no useful data at best and are canary pages at worst.
Love this topic. I remember Everquest used to checksum areas of memory that were commonly modified from cheats. World of Warcraft used to (possibly still does, it has been forever since I looked at this) inject anti cheat code at runtime.
Obfuscation and deobfuscation is also super interesting. I think overall reverse engineering and figuring out how things work is one of the most interesting things in computer science.
Kind of sad but funny to imagine like two or three nerds who got banned because they had messed with their kernel page fault readahead settings which just so happened to fault a sentinel page.
I imagined the secret area contained fake details about the game, like adding an invisible fake street to a map. If the client refers to the fake street or any location within it, you can be certain the details about that fake street were obtained using cheats.
This trick is used to catch cheaters on minecraft, by spawning in fake diamond blocks that would only be visible to specific cheats (xray). If a user suddenly were to dig to these blocks, you can be reasonably certain there's something fishy going on.
Other way to think about it, is adding an invisible field to a contact form that is only hidden through CSS
VAC probably sets up a hardware breakpoint conditioned to trigger when the start of that memory region is read. When triggered, a function registered via AddVectoredExceptionHandler will be called. It probably just sets some flag somewhere indicating that the memory region was accessed before resuming flow. You can guard entire pages of memory using a similar approach (https://dzone.com/articles/memory-access-breakpoint-large).
Windows lets you configure guard pages where you get notified on access, normally used to detect stack growth and such. Although that should be an easy and normal thing to avoid for av/cheats.
I don't think it needs something deeply clever involving hardware breakpoints, sniffing for virtual pages backed by real memory or something like that. And probably that's why it is described as a honeypot.
It can just be something exposing a data structure that gives the player some unfair advantage and them watching the players that could only have achieved some very unlikely advantage in the game by exploiting this information.
In a FPS for example, if a player consistently anticipates their adversaries sneaking behind a wall, well beyond what would be dictated by probability laws, there's a very high chance that he is cheating in a way that allows him to "see" their adversaries behind walls.
Implementing what you describe sounds to me way more "clever" and less robust than the canary page approach described above.
Specifically - I wouldn't fancy writing the "consistently anticipates their adversaries sneaking behind a wall" heuristic you describe but the earlier post describes the API that already exposes the "has read canary page" functionality.
How does that work with latency? For example, if someone has extremely fast internet and a low ping, they are going to "see" around walls more often than opponents.
You can mark a page as inaccessible (not present), and then, in the page fault handler, note somewhere that it was accessed and then allocate it/make it readable.
you might not trigger the cheater-flag on a single access (because of, as mentioned, antivirus etc.) but if your page gets accessed over and over again, you can be quite certain that someone is reading it who probably shouldn't...
there was a convar in the game for 6+ years that let you see particles in the fog of war; 99% of cheats forced this convar on. source lets you request CVars from the client and the value, so they simply did that.
to be clear, this was not a honeypot, but they claimed it to be
I'd do it by read-protecting the page, and install a fault handler that records the access and then unprotects the page (to avoid detection when the cheat causes the game to crash).
You could possibly query the OS for whether physical pages have been allocated or not. Physical pages would only be allocated on the first page fault, when the pages are read.
and dump in something like `report_when_accessed<std::list<player_info>> oops_here_are_all_the_other_players_and_their_position_i_am_only_for_debug_please_remove_me`. Your client will never, ever access this list: it's your honeypot. The moment you get any access on list[i], it gets noted down and reported (like sudo does, straight to the naughty list). Cheat makers will see this and, if it doesn't smell of a too obvious honeypot, cannot pass such a golden opportunity: literally free maphack, just locate where the player struct is in memory and read it all!
It doesn't necessarily have to be useful information. They mentioned they understood how the cheat application worked, so it's possible it was doing something like indiscriminately accessing certain memory regions; this would make it possible to detect without any changes to the cheating program.
This suddenly reminded me of how I was “cheating”.
Before the game starts each of the ten players gets to pick a distinct hero for themselves out of a pool of about 120 choices. This is over 10^20 distinct combinations! Each hero has some unique capabilities that combo with allies or counter enemy heroes.
I tried to train a “hero recommender” based on tens of millions of games.
It turned out that this is obscenely difficult because even the best AI training algorithms struggle with such highly noisy labels. A good hero combo might shift win rates by some positive percentage but have a single sample data point, which is a loss because of one stupid kid in the team throwing the game.
You also can’t naively simplify the problem into 2-hero or 3-hero combinations because this misses the “total team composition” metrics.
I found some research papers that were just a few months old at the time which covered this corner of the AI training space. Their conclusion were: “We don’t know either but it’s an interesting problem!”
I wanted to do this but never figured out where I could get access to the data. I think with setting up the inputs correctly to handle 0-5 heroes chosen per team it could work. Once you have a model you just need to rank remaining heroes by the expected win probability if they are included with the team. If you have a way to get data I would be interested.
There's a free API endpoint, you can get an API Key based on your Steam logon.
The problem is that it has been highly throttled, throwing 429 errors after just a few dozen calls. When I looked at it before it was "soft" throttled and would return data at a pretty decent rate. If I remember correctly I got something like 80 million game results downloaded in about a week.
The "ID" is the game ID, which is 570 for Dota 2. Hence the actual API endpoint is:
GET https://api.steampowered.com/IDOTA2Match_570/GetMatchHistoryBySequenceNum/v1
[1] It would be ever so nice if Steam provided daily batches in gzip files. That would be thousands of times cheaper for them to host, and much more useful for AI researchers.
Limit the problem to actual hero roles and positions and the problem becomes actually tractable and much less noisy. I seeded a crf with my own potentials and had it learn and it was pretty good on a random test set. Never tried it live tho
Does anyone remember when Warcraft 3 was in beta and got leaked? Pirates created an emulated Battle.net that could work with the beta assets and had matchmaking, ladder, etc. working.
Hundreds of thousands played. Blizzard released patches in beta that would, for example, spawn infernals to attack your town hall if it detected you were on the emulated server. This reminds me of that. Blizzard lost their battle, by the way, and people pirated WC3 all the way until release.
Along the same lines I loved the Serious Sam solution to piracy. They let you play but spawned an invincible enemy occasionally to ruin the experience.
The creator of Game Dev Tycoon, a game where you play as a small indie studio owner, created a patched version of the game and released it in piratebay. In this version after a while you would get an event that your latest game creation was cracked and uploaded to a pirate site and as a result your revenues would tank and you would go bankrupt.
C&C Generals had a thing where if you had multiple clients with the same CD key in a multiplayer game everything would be fine for a while, but 10 minutes into the game all the buildings of the people who duplciate keys would explode.
This happened a few times at LAN parties to my friends, some of whome gave each other the game by copying the install directory across. Took us a while to work out what the hell was happening.
These sort of protections are fine until they trigger on legitimate installations. Red Alert 2 has a copy protection mechanism that destroyed all of your buildings a minute into the game, but it is notorious for triggering on legitimate installations of the game. I've seen it happen in the original release (even on a fresh Windows install when I was attempting to resolve this issue), The First Decade rerelease, and the Origin release.
Don't really get the idea behind fighting cheating in SP games - you just destroy the game for yourself.
In MP on the other hand you destroy it for others. Maybe some kind of telemetry + ML analysis could help here as the current methods seem to have holes in them that get found out eventually.
EarthBound took a similar approach with it's anti-piracy measures if you work around the obvious ones. There are far, far more enemies to make the game less enjoyable. They also added random freezes when entering certain areas. If you managed got to the final boss despite everything else, it freezes and deletes your save.
I had a pirated copy of WC3 available to me via a vulnerability in my school's AD setup which allowed me to access another student's directory where it was installed.
I would play it almost exclusively in a web design class I took. That class was where I learned HTML; that wasn't the focus of the class, not by a long shot, but it was the thing that captured my interest the most. I ignored everything else in that class in favor of the Wintermaul Tower Defense custom map.
Blizzard didnt lose the battle in terms of customer experience. Those people mostly played in servers like ggarena with low populations, kinda like WoW.
Custom games and ladder were usually clear, besides map hackers in custom games. Every few months things would be wack (remember the enemy workers are sheep hack?), but it was pretty fair
> Blizzard didnt lose the battle in terms of customer experience. Those people mostly played in servers like ggarena with low populations, kinda like WoW.
They most certainly did in this case. This was for the private beta of WC3, not the fully released game. Most people migrated to official Battle.net when WC3 was released, I know I did. They really wanted to keep their private beta private and polish it without the entire world looking in on it.
I was wondering about this as well. What exact mechanism did they use to detect the read? Something like mprotect would only trigger for the game process, not another process that snooped the game's memory remotely. I wonder if the cheat tool was really dumb enough to run in the same process as the game itself? That would be pretty amusing.
Or a use after free bug from an unlucky player. With millions (billions?) of account-hours over the honeypot period surely at least a few bans are outrageous coincidences
I imagine they'd probably agree with that assessment; they didn't say they were 100% positive that every single ban was deserved, just that this gave them a very high degree of confidence. I think this method is probably more accurate than most other anti cheat methods for online games out there, and it definitely is less invasive than most of the ones I've heard of. I have trouble thinking that this is a worse way of doing things than not addressing cheating at all or relying on much more invasive methods.
Meanwhile, Riot Games issued a warning to League of Legends and Teamfight Tactics players earlier this year that new cheats could be developed after source code for both games and the legacy anti-cheating software they use was stolen in a data breach.
As a past fan of League of Legends and Riot, this is a very typical response from them. Zero effort; meaningless notices. After years of playing, I quit permanently after reviewing my games and finding I was the only one not cheating in about 10 games in a row (that means I encountered about 90 cheaters in a row). This was before the code leak. God help the remaining legitimate community now. It's so obvious that Riot sees people as an obstacle to their money.
Seeing this news for Dota 2 warms me up inside. I don't play Dota 2 because I don't want to allocate the time to it, but it seems like they truly care about their community, at least to a much greater degree. Very happy news.
DotA 2 has got a system where each person has a community rating, based on some aggregate of your reports and interactions. If you have a good rating you get placed with others who have a similar rating. It's not perfect but my score has never not been maxed out and would say that solidly over 60% of my games are jovial and cooperative with people being communicative and friendly. I have friendships going on decades that started in that game, but also I continue to make friends to this day. I've got people in my book club I met on DotA last year.
I've played some league and it's definitely a very different community feel.
I also think that the fact that in DotA you are not able to surrender is incredibly important when it comes to the feel of the game and community. I think the single biggest mistake Riot made is allowing teams to surrender, it makes the game so much worse to even give people the possibility of giving up. DotA is a game you can win off a marginal mistake even till the bitter end, I'm glad the mechanics reflect that.
"after reviewing my games and finding I was the only one not cheating in about 10 games in a row" how did you know that all the other 90 people were cheaters?
I'm not sure if "cheat" is the exact word to use here. They were all bought accounts or in the process of being boosted.
One way to tell is by looking at a player's match history and seeing their account plays one or two champions for a while repeatedly getting MVP with 20/0/x, and then suddenly switches champions and either plays significantly worse or somehow playing even better depending on the ELO. The opposite is also true--consistently playing horrendously, then suddenly switching to different champions and steamrolling beyond their ELO.
There are networks of boosters and account sellers. Some people spend full time hours farming hundreds of accounts to level 30 for ranked play, and these accounts are purchased by other boosters who spend full time hours getting to Diamond+, to then resell. This is how you can find fresh level 30 accounts at the highest ranks--it's account farming.
When you analyze closely, the majority of the community is composed of these bogus Chinese account farms. Hardly anyone is actually playing the game. This problem goes all the way even to the Challenger level; streamers constantly deal with this problem and Riot doesn't do anything.
Even when League was having betting problems at the Grandmaster/Challenger level, of people betting against their own games and then "soft throwing" to make money, it wasn't Riot that did anything about this. It was the betting companies themselves that banned League from being gambled on their platforms.
I use comments like this to remind me not to start playing League, despite really enjoying all the music Riot puts out and having Arcane on my watch list still.
It's really really really not bad outside of the top couple percent of players. Nobody cares much about the game in lower tiers, and the cheaters tend to rise through the ranks and/or banned pretty quickly.
> it seems like they truly care about their community
I continue to get good vibes from so much of what Valve does. It might just be good PR work from them but it seems like it goes beyond that.
- They maintain an online service which is used by millions, if not billions, of people around the world. They actually(!!) provide customer support for this service.
- They sell computer hardware, admittedly for the primary purpose of using the aforementioned service. I've never heard about any serious complaints about this hardware that are left ignored (this might exist but I haven't heard of it).
- They develop an online multiplayer game with community support. I almost never hear bad things about how this community is managed from members of the community. I guess this is the most likely to be just "good PR" but again, I don't tend to see these issues escaping community discussion as I would expect for hot-button topics.
In some sense this news was surprising and great (40k is I'd estimate, ~0.5% of the unique monthly players!), but the release was also a bit misleading. The part "With that goal in mind, we released a patch as soon as we understood the method these cheats were using" is just outright false - there are numerous open-source Dota cheat engines which have been around and in working order for many years.
The average Dota 2 player count over the last 30 days was around 396,000[1] so am I correct in understanding that at least 10% of all Dota 2 players were cheating in some way?
Since Dota is a free to play game I would point out that it is likely that cheaters almost always have more than one account to evade bans so I don't think 1 account = 1 irl user is always true.
Even for non F2P games it is usual for cheaters to use phished or hacked accounts that they buy for a few cents. There are also accounts that are tradebanned because they were used as bots for 3rd party trading websites and they are basically worthless after getting tradebanned.
This always seems obvious to me with F2P games. They create more and more complicated measures to detect cheats, but when it cost nothing (except an SMS service now I guess) to spin up a new account you aren't getting anywhere.
The old business model of just charging a lot of money up front for the game seems like it wouldn't have this problem to the same extent. You just ban their key and they're out $20-60. But that business model is less popular now I guess.
396k is the average number of players during. The peak is seemingly 680k in last 30 days. Peak is the least number of players(accounts) there was during last month.
Million to two million would be my estimate of players. Still leading to 2-5% of player base. Which itself isn't small either.
It's also possible some of those accounts were created to be sold on on a marketplace. Online gaming marketplaces have traders with in-game items, credits, and even accounts for sale. It's especially big for online games where item duplication glitches allow some players to hoard hundreds-thousands of hot commodities. Accounts that have maxed out levels, achievements, and/or rare rewards (possibly via this cheat) can sell for hundreds of real world dollars.
Imagine a multi-player first person shooter game. There are complaints that some players are cheating to win matches. Many of these complaints include a common description in the experience: the alleged cheaters seem to "know" where the other players are, even when not within direct line of sight.
In this hypothetical game, there is a feature where, in specific circumstance, one player can in fact see on a map where the enemy players are located. Maybe this feature occurs when enemies are within a specific distance and shooting a weapon. Or maybe it occurs for a limited time when somebody on one team activates a drone and then that team can see the positions of everyone on the enemy team.
Regardless, there exists some function called "DisplayPlayersEnemy" that provides this feature. It's only supposed to be running in specific circumstances and otherwise is not active.
Unless, of course, some players figured out how to always have Function "DisplayPlayersEnemy" constantly running. This gives those players an obvious advantage.
So the developers decide to quietly release an update to the game to test this theory.
They create an alternative function called "DisplayEnemyPlayers". It does the same thing as the older "DisplayPlayersEnemy". And all the processes that had previously initiated the old function now initiate the new function instead. So the game continues to function just the same as it did before.
The developers keep the old function in the game, even though there's no longer any legitimate way to initiate it. It will still do all the things it did before, so if the function is initiated, it will seem to work as it did before. Except that the developers added a process to that function to identify when and by whom the function was initiated.
The developers release the update and then wait.
From the players' perspectives nothing has changed. Except that the cheaters are now about to fall into a trap. Some players did in fact modify their game with additional code that caused the old function to initiate when it wasn't supposed to. Since the old function is still in the game, their modifications have continued to work. Many of the cheaters did not notice that the old function had been modified and that a new function had been added. So these cheaters did not know to update their modifications to use the new function.
But since there's no legitimate way for the old function to initiate after the update, and since the old function now reports data to the developer, the developer knows who modified their game to cheat.
That also sounds like a classic mistake on the behalf of the developers: never trust the client.
The client should never be able to call a "DisplayEnemyPlayers" function, like _ever._ That should be calculated entirely server-side. The client should only ever know what the player could possibly know, and the inputs limited, checked, and sanitized to ensure that they're valid inputs based on the server's known player state, not the client's reported player state.
Of course, there's limited situations where the client can still do cheaty things despite your best intentions, like refusing to display smoke particles that should partially obscure another player and make it difficult to hit them (if they fully obscured the other player, the client should not receive updates about that other player), but aside from that and other "partial knowledge" problems, what you describe is a completely solved problem.
Often the design of the gameplay requires trusting the client.
Ie, foliage that partially obscures an enemy. There's no way to have this as a feature that doesn't require trusting the client to render the foliage properly.
Readit News
I also have no trust in any sort of gaming related records of feats of ability. I've been deeply involved with gaming communities in the past where people would show off their world records. I would question such scores only to be flamed and then years later it is discovered they were cheating after all.
Really my only point is that I despise cheaters and any game that isn't single player or only between friends may as well not exist for me anymore.
Valve in their "infinite wisdom" decided to funnel the bulk of players into a matchmaking style multiplayer system, while relegating decades of player-run (and previously Valve run) dedicated servers to a "Community" tab that opens the old school server browser
Consequently the game has been absolutely infested and overrun with bots for the last couple years. They all play Sniper and aimbot instant headshot players on the enemy team, they're also programmed to steal a players username and steam avatar (because there is no throttling on changing that information live, even when connected to a game server)
Consequently the paranoia of most players means that even if you're just a "good sniper" (as someone with about 8,000 hours in the game over the last ~14 years) you'll almost immediately be the subject of a votekick. To which you have to get on microphone and plead "I'M HUMAN, I'M HUMAN!" and hope players don't automatically just vote to remove you
Having said that I've run into plenty of "hackers" and cheaters over my decades of online play. I steer clear of certain types of games as the player base seems more inclined to cheat.
Found an old screenshot of Counterstrike after I got auto balanced.
https://i.imgur.com/AUFE0zo.jpg
It used to be script kiddies with aimbots downloaded from somewhere, nowadays it's cheat developers making hundreds if not thousands of dollars per month from renting cheats or selling carry services.
As in, maybe people are often wrong when accusing cheaters, but with numbers like this they’re often correct too!
That and similar ridiculousness were fairly common.
I actually didn't mind that stuff, it was funny enough to outweigh the irritation of not getting to play a real match. The ones cheating without making it overt were the ones who'd truly ruin a match.
> You wouldn't cheat at tic tac toe despite the inherently low stakes of the game so it doesn't seem any different in any other video game.
I don't get it, but people do cheat. They cheat in online games, they cheat at board games, they cheat at tabletop RPGs(?! and no, I don't just mean the DM fudging some roles in the name of fun—they have a screen for a reason) [EDIT] What I mean is, there must be some impulse to do it, even when the stakes are nonexistent and it might even ruin the fun for everyone. It's not even uncommon. I don't get it either, but it must be there.
If there are gonna be cheaters, I'd rather they do silly shit like that than just be using wallhacks, radar, or aimbots.
The latter group will often cheat if necessary as winning is the need and the priority. The talented ones usually end up in profitable pursuits like business and poker rooms. The losers (pun intended) will gravitate toward friendly competitions where people have their guard down and cheating is easy. At least that’s what I’ve seen.
The best strategy is to detect these people and ban them because appealing to values won’t work.
Deleted Comment
Deleted Comment
Missions are arranged into five difficulty levels ("Hazard 1", a.k.a "Haz1", the easiest, through "Haz5"). I've found that, when playing with random people, Haz2 or Haz3 gets you a good combination of players. Of course there are toxic players, but the proportion of them (that is, the number of toxic players as a percentage of the playerbase online at any given time) is low.
I think Haz4—more difficult than Haz3 but not Haz5—has a higher chance of toxic players. I avoid Haz5 as it's _extremely_ difficult for my skill level, but I understand the players who regularly do Haz5 missions are good folk.
If you play DRG on Steam, and you ever see me online (http://steamcommunity.com/id/CaliforniaKarl/), feel free to ping me for a mission!
The few people you saw cheating were probably frustrated enough with the game they decided burn their accounts and ticked enough boxes in their cheat menus to let them go out with a bang. It may of course be that you are particularly good at spotting cheats and Halo Infinite is just blessed to be relatively cheater-free. (I've not played it.) But I'd expect 1-2 orders of magnitude more games to have cheaters than your estimate.
That’s the difference. The stakes are way higher in video games. People pour thousands and thousands of hours into these games. They dream of going pro and joining one of the big teams. They dream of winning the big tournament for real money. They dream of having a popular Twitch stream with many thousands of viewers throwing even more money at them.
Most fall far short of those dreams. Instead they throw temper tantrums and rage at their teammates over voice chat. Some get so frustrated about their lack of progress that they search for alternative means. That’s where cheating begins. It’s really no different from sports.
For instance, I played a free to play game. The servers just went live and it was the VERY FIRST MATCH of the game. It wasn't soon before one guy on our side was crying because we all sucked. I see this type of behavior everywhere.
One time there was a blatant hacker on the Markov server in the original PlanetSide (a TR player with a name like iIiIiIiiIiii) that was using some sort of time/speed hack to move and shoot at some large multiple of normal.
They were having a lot of fun camping inside towers to kill people spawning there, so I managed to camp out in one before they arrived and held a good corner with my trusty bolt driver (sniper rifle). I managed to pop them once on their way up the tower, and I think they were moving so fast that they didn't realize it'd happened until they got to the top. Just enough time to reload and switch angles for them to come back down.
I know the hacker was there to enjoy ruining fun for others, but they gifted me what was unambiguously the most exhilarating, triumphant, and memorable of the 25K+ bolt driver and 40K+ total kills I recorded.
Wall hacks are another common hack; getting information that the game client has but that you aren't supposed to know. I think games will have to evolve to being "perfect information", just let all players see behind walls.
All in all, I don't see cheating as ruining gaming as a whole. Game designers will design games that are more difficult to cheat at, and hopefully there will be less cheaters ruining your matches. I would definitely play the can-see-behind-walls-and-aim-doesn't-matter FPS!
I enjoy cs go, and I can't recognize a difference with good aim and aimbot. So there is no difference with a cheater or a smurf for me.
Probably why competitive fps games are at the top of the list for cheat makers.
They are hard to detect by eye and can be easily made to look human-like.
hard to spot because it doesnt give as big advantage due to game mechanics/dynamics.
Majority of cheaters that I've met were when I've been leveling new account
Also:
Today on HN we complain about cheaters
Tomorrow we will complain about kernel rootkit from anti-cheat software and someone will argue that server-side should be enough :)
Mostly because actually spotting cheaters takes a lot of game knowledge and experience. In FPS games anyone can spot a spinbot, but how you can be sure that someone uses wallhack? or aimbot that just slightly corrects the aim?
Without proper game knowledge you wouldn't be able to distinguish a wallhack from someone listening to footsteps, having info from teammates, and having a good map awareness.
It is very easy to cry 'cheater', especially without any actual proof. Without knowledge that, for example in CS: spray patterns exist, even someone correcting them would look like a cheater to a newbie.
I spent about 300 hours lately playing new COD, and there was only one case where i suspected someone of cheating. One.
And i do play a lot of FPS, and played them for good 25+ years.
It takes a minimal amount of study, training, effort to be a perfect tic tac toe player. If you put a small amount of effort into it, you can get skilled enough at tic tac toe to never make any mistakes, to never end up with a result less than a draw. No amount of improvement will ever give you a better result.
Not so with nearly any online game, especially one with as high a skill ceiling as Dota2. You can always get better, there's always room for improvement, there's always someone better than you. If you could get just a little bit better, you will win more games, no matter how good you are.
A really smart SBMM would solve both problems. One that not only prevents players from artificially dropping rank, but also hiding their skill and maintaining a lower rank; and perhaps instead of an ELO, also matches players with similar play-styles. Because then cheaters will quickly end up in a rank with other cheaters, and won’t be able to leave unless they buy another copy of the game.
https://www.penny-arcade.com/comic/2004/03/19/green-blackboa...
The only positive thing is maybe gamers will push for more local multiplayer options.
I've played many competitive games over the years, many to a decent level in the top 5-10%. Thousands of hours of play.
Cheating is almost non-existent.
I've been accused of cheating though, especially in CS:Go + Overwatch, when I wasn't even that good. I couldn't hold a torch to professional players.
I've seen orders of magnitude a more complaints about cheaters in chat, than I've ever seen actual dodgy behaviour.
Sometimes you're just on a streak, or lucky.
You're just bad at losing.
I'm a gamer but I don't think that they're meant to be taken seriously.
Game publishers won't allow this again because it they can't "control" it and it won't make them money. Fortunately, opensource games still exist :D
Personally, I'm mostly referring to Tarkov. I don't play anymore. I used to love it and try to convince my friends to get it, but that was years ago. I only play the single player mod on top of it now.
I've generally moved on to single-player and coop games now. Everything else is excruciating. And part of that is that I have less free time, so wasting it on being angrily competitive and anxious just isn't appealing to me anymore. I don't have time to be on-par with sweatlords.
I have run into cheaters but most games are fine, sometimes you even manage to kill a cheater, fun times.
All sports are like this. Welcome to Earth. Sorry.
Deleted Comment
There's your problem right there.
Dead Comment
Dead Comment
Any speculation as to how this worked on a lower level ?
There are multiple ways to detect this. Hardware breakpoints were already mentioned, but they only work per thread, so if one is sniffing on your memory from another process or the kernel then these won't help.
The most stealthy and evil way I found was to allocate a page but never actually use it.
Windows lazily allocates physical memory for fresh memory pages when they are first used.
The detection is to periodically poll the page map from your process and check your canary pages via NtQueryVirtualMemory. If your unused page suddenly is backed by some physical memory then something happened to read from it! Bonus-points for putting such canary pages into places previously used for real game data.
This method is not foolproof: Anti-virus programs can read memory of all programs (but don't, Overwatch e.g. does not like this and crashes randomly due to this exact protection method). A bug in the program could also read from the page accidentally (e.g. out-of-bounds array read). But it's a /very/ good indicator that something is wrong when other cheat detection mechanisms also trigger.
Once you know how this works it's pretty easy to defeat unfortunately: Read the page map first, then avoid reading pages that have no backing physical memory, because those contain no useful data at best and are canary pages at worst.
Obfuscation and deobfuscation is also super interesting. I think overall reverse engineering and figuring out how things work is one of the most interesting things in computer science.
https://github.com/obfuscator-llvm/obfuscator/tree/llvm-4.0/...
https://blog.quarkslab.com/deobfuscation-recovering-an-ollvm...
This trick is used to catch cheaters on minecraft, by spawning in fake diamond blocks that would only be visible to specific cheats (xray). If a user suddenly were to dig to these blocks, you can be reasonably certain there's something fishy going on.
Other way to think about it, is adding an invisible field to a contact form that is only hidden through CSS
https://en.wikipedia.org/wiki/Trap_street
Watch out for autocomplete though.
https://learn.microsoft.com/en-us/windows/win32/memory/creat...
It can just be something exposing a data structure that gives the player some unfair advantage and them watching the players that could only have achieved some very unlikely advantage in the game by exploiting this information.
In a FPS for example, if a player consistently anticipates their adversaries sneaking behind a wall, well beyond what would be dictated by probability laws, there's a very high chance that he is cheating in a way that allows him to "see" their adversaries behind walls.
Specifically - I wouldn't fancy writing the "consistently anticipates their adversaries sneaking behind a wall" heuristic you describe but the earlier post describes the API that already exposes the "has read canary page" functionality.
I know it only from stories, so forgive me mistakes.
So basically
action X at patch Y sends instruction Q1
and then
action X at patch Y+1 sends instruction Q2
but cheating/botting software when ran straight after the update still sends old instruction Q1,
which is now impossible to be generated by legit player and this way you can instantly mark player as botter.
but I think it cannot be it since modern cheaters wouldnt be this stupid, right?
you might not trigger the cheater-flag on a single access (because of, as mentioned, antivirus etc.) but if your page gets accessed over and over again, you can be quite certain that someone is reading it who probably shouldn't...
to be clear, this was not a honeypot, but they claimed it to be
Before the game starts each of the ten players gets to pick a distinct hero for themselves out of a pool of about 120 choices. This is over 10^20 distinct combinations! Each hero has some unique capabilities that combo with allies or counter enemy heroes.
I tried to train a “hero recommender” based on tens of millions of games.
It turned out that this is obscenely difficult because even the best AI training algorithms struggle with such highly noisy labels. A good hero combo might shift win rates by some positive percentage but have a single sample data point, which is a loss because of one stupid kid in the team throwing the game.
You also can’t naively simplify the problem into 2-hero or 3-hero combinations because this misses the “total team composition” metrics.
I found some research papers that were just a few months old at the time which covered this corner of the AI training space. Their conclusion were: “We don’t know either but it’s an interesting problem!”
The problem is that it has been highly throttled, throwing 429 errors after just a few dozen calls. When I looked at it before it was "soft" throttled and would return data at a pretty decent rate. If I remember correctly I got something like 80 million game results downloaded in about a week.
You can get 100 matches at a time[1] via this API: https://wiki.teamfortress.com/wiki/WebAPI/GetMatchHistoryByS...
The "ID" is the game ID, which is 570 for Dota 2. Hence the actual API endpoint is:
[1] It would be ever so nice if Steam provided daily batches in gzip files. That would be thousands of times cheaper for them to host, and much more useful for AI researchers.Deleted Comment
Hundreds of thousands played. Blizzard released patches in beta that would, for example, spawn infernals to attack your town hall if it detected you were on the emulated server. This reminds me of that. Blizzard lost their battle, by the way, and people pirated WC3 all the way until release.
https://www.thesixthaxis.com/2011/12/08/how-to-get-rid-of-th...
This happened a few times at LAN parties to my friends, some of whome gave each other the game by copying the install directory across. Took us a while to work out what the hell was happening.
I remember in Settlers 2 or something (before Ubisoft ruined it) the iron smelter was producing pigs in pirated versions.
However, it wasn't extremely good at detecting them leading to pissed off legit players.
I would play it almost exclusively in a web design class I took. That class was where I learned HTML; that wasn't the focus of the class, not by a long shot, but it was the thing that captured my interest the most. I ignored everything else in that class in favor of the Wintermaul Tower Defense custom map.
Custom games and ladder were usually clear, besides map hackers in custom games. Every few months things would be wack (remember the enemy workers are sheep hack?), but it was pretty fair
They most certainly did in this case. This was for the private beta of WC3, not the fully released game. Most people migrated to official Battle.net when WC3 was released, I know I did. They really wanted to keep their private beta private and polish it without the entire world looking in on it.
One thing about Blizzard is they’re extremely litigious wrt to piracy and emulated servers. See WoW, etc..
I wonder how many non-cheating users of some obscure AV solution that scans memory they banned.
Seeing this news for Dota 2 warms me up inside. I don't play Dota 2 because I don't want to allocate the time to it, but it seems like they truly care about their community, at least to a much greater degree. Very happy news.
I've played some league and it's definitely a very different community feel.
I also think that the fact that in DotA you are not able to surrender is incredibly important when it comes to the feel of the game and community. I think the single biggest mistake Riot made is allowing teams to surrender, it makes the game so much worse to even give people the possibility of giving up. DotA is a game you can win off a marginal mistake even till the bitter end, I'm glad the mechanics reflect that.
One way to tell is by looking at a player's match history and seeing their account plays one or two champions for a while repeatedly getting MVP with 20/0/x, and then suddenly switches champions and either plays significantly worse or somehow playing even better depending on the ELO. The opposite is also true--consistently playing horrendously, then suddenly switching to different champions and steamrolling beyond their ELO.
There are networks of boosters and account sellers. Some people spend full time hours farming hundreds of accounts to level 30 for ranked play, and these accounts are purchased by other boosters who spend full time hours getting to Diamond+, to then resell. This is how you can find fresh level 30 accounts at the highest ranks--it's account farming.
When you analyze closely, the majority of the community is composed of these bogus Chinese account farms. Hardly anyone is actually playing the game. This problem goes all the way even to the Challenger level; streamers constantly deal with this problem and Riot doesn't do anything.
Even when League was having betting problems at the Grandmaster/Challenger level, of people betting against their own games and then "soft throwing" to make money, it wasn't Riot that did anything about this. It was the betting companies themselves that banned League from being gambled on their platforms.
Thanks :P
I continue to get good vibes from so much of what Valve does. It might just be good PR work from them but it seems like it goes beyond that.
- They maintain an online service which is used by millions, if not billions, of people around the world. They actually(!!) provide customer support for this service.
- They sell computer hardware, admittedly for the primary purpose of using the aforementioned service. I've never heard about any serious complaints about this hardware that are left ignored (this might exist but I haven't heard of it).
- They develop an online multiplayer game with community support. I almost never hear bad things about how this community is managed from members of the community. I guess this is the most likely to be just "good PR" but again, I don't tend to see these issues escaping community discussion as I would expect for hot-button topics.
https://steamcharts.com/app/570
Even for non F2P games it is usual for cheaters to use phished or hacked accounts that they buy for a few cents. There are also accounts that are tradebanned because they were used as bots for 3rd party trading websites and they are basically worthless after getting tradebanned.
The old business model of just charging a lot of money up front for the game seems like it wouldn't have this problem to the same extent. You just ban their key and they're out $20-60. But that business model is less popular now I guess.
Monthly active users should be in the millions.
Million to two million would be my estimate of players. Still leading to 2-5% of player base. Which itself isn't small either.
It's also possible some of those accounts were created to be sold on on a marketplace. Online gaming marketplaces have traders with in-game items, credits, and even accounts for sale. It's especially big for online games where item duplication glitches allow some players to hoard hundreds-thousands of hot commodities. Accounts that have maxed out levels, achievements, and/or rare rewards (possibly via this cheat) can sell for hundreds of real world dollars.
And, you don’t offer any data or evidence for this.
There are thousands of businesses and million of users who don’t care about and don’t need this.
You have to fundamentally alter how you serve these experiences to customers if you really want to solve it.
In this hypothetical game, there is a feature where, in specific circumstance, one player can in fact see on a map where the enemy players are located. Maybe this feature occurs when enemies are within a specific distance and shooting a weapon. Or maybe it occurs for a limited time when somebody on one team activates a drone and then that team can see the positions of everyone on the enemy team.
Regardless, there exists some function called "DisplayPlayersEnemy" that provides this feature. It's only supposed to be running in specific circumstances and otherwise is not active.
Unless, of course, some players figured out how to always have Function "DisplayPlayersEnemy" constantly running. This gives those players an obvious advantage.
So the developers decide to quietly release an update to the game to test this theory.
They create an alternative function called "DisplayEnemyPlayers". It does the same thing as the older "DisplayPlayersEnemy". And all the processes that had previously initiated the old function now initiate the new function instead. So the game continues to function just the same as it did before.
The developers keep the old function in the game, even though there's no longer any legitimate way to initiate it. It will still do all the things it did before, so if the function is initiated, it will seem to work as it did before. Except that the developers added a process to that function to identify when and by whom the function was initiated.
The developers release the update and then wait.
From the players' perspectives nothing has changed. Except that the cheaters are now about to fall into a trap. Some players did in fact modify their game with additional code that caused the old function to initiate when it wasn't supposed to. Since the old function is still in the game, their modifications have continued to work. Many of the cheaters did not notice that the old function had been modified and that a new function had been added. So these cheaters did not know to update their modifications to use the new function.
But since there's no legitimate way for the old function to initiate after the update, and since the old function now reports data to the developer, the developer knows who modified their game to cheat.
The client should never be able to call a "DisplayEnemyPlayers" function, like _ever._ That should be calculated entirely server-side. The client should only ever know what the player could possibly know, and the inputs limited, checked, and sanitized to ensure that they're valid inputs based on the server's known player state, not the client's reported player state.
Of course, there's limited situations where the client can still do cheaty things despite your best intentions, like refusing to display smoke particles that should partially obscure another player and make it difficult to hit them (if they fully obscured the other player, the client should not receive updates about that other player), but aside from that and other "partial knowledge" problems, what you describe is a completely solved problem.
Ie, foliage that partially obscures an enemy. There's no way to have this as a feature that doesn't require trusting the client to render the foliage properly.