This reads like privacy-invasion propaganda directly from the Chinese state. "Look how great we are at having full control over your PC. You know, to battle cheaters!".
Kernel-level anticheat is ridiculous. Especially when your data becomes a gaping would ready for the chinese state to stick their fingers into and twist around. It's like the police installing mandatory cameras in everyones house to catch thieves (if society here is games with kernel-level cheats).
I want to go back to the days of Windows 7. When there was minimal corporate bloat in the ecosystem, no ads in the startmenu, and when game studios actually knew what they were talking about and had some balls to stand up for their values.
Riot Games is a morally bankrupt and extremely profit-driven company. If they're not abusing Vanguard to provide MSS actors access to user's machines (free VPN to cover your tracks!), then they're mining data from your computer - perhaps for market research or to sell to adtech.
As a player of some of their games - they not only don't care about their players, but have a deeply abusive relationship with us.
Yes! I've already gotten about 2/3 of my friends to stop playing their games. I'm working on the last third - after I get a couple key people off I can quit for good.
- penalizing a pro player for picking a particular champ and rune combo due to it being bugged (which is their fault) even though the player didn't abuse the bug
- the CEO of the company doxxing the developer of a competing game
- the insane AI-powered "zero tolerance chat filter" that regularly catches comments that, upon human review, are clearly inoffensive
- the "lane swap detection" anti-feature
- autofill
- client and server crashes being blamed on the players
Crazy you think Riot Games is extremely profit driven. I have played League of Legends for 13 years and not once have they required or requested a single penny from me. I have given them 0$.
An extremely profit driven company wouldn't allow that.
It's invalid to say "a profit-driven company wouldn't do x" for almost any value of x.
It's also invalid to suggest that a company that doesn't require money isn't profit-driven. There are thousands of free-to-play games run by greedy companies that push monetization on users (even if they don't require it). There are tens of thousands of companies that use ads to monetize their games.
There's also ample evidence of Riot's greed over the past few years - $500 skins, progressive removal of more and more free cosmetics from the game despite record revenue, encouraging and enabling smurf accounts (which absolutely ruin the experience for other players) because they buy more skins, and many, many more instances.
This isn’t a given since there’s still a way to give them money directly for cosmetics (which makes them a ton of money). Many freemium business models give away a lot product for free with the goal of convincing a minority of users to pay and subsidize the rest.
Yes. Riot doesn't really care about cheating - else they would use identity verification to permanently ban cheaters - this is about something else. They either want that kernel-level access to harvest data, or else it's about modders making mods for custom skins that cut into their revenue.
Lol, this wasn't Windows 7 days. This was 98/XP. The real fall of multiplayer gaming is from player support of F2P and a lack of legislation against the absolute predatory gambling tactics these games use.
By the way, kernel level anti heat has been around for a LONG time. Battle Eye was introduced with Battlefield Vietnam in 2004.
Riot doesn't use a kernel anticheat on mac os because Apple provides sufficient security from their OS. Once Microsoft eventually catches up Riot will not need a kernel level anticheat for Windows. The ridiculous thing is how Microsoft has failed to secure Windows from cheaters despite it being a problem for such a long time.
> The ridiculous thing is how Microsoft has failed to secure Windows from cheaters despite it being a problem for such a long time.
The problem is, it's gotten hard to do drivers for custom hardware on macOS as a result for everything that can't be done with libusb as a result - and it's also gotten harder to patch over deficiencies of macOS.
You can't have an OS that you can tinker around with and an OS that is secure from cheaters, software pirates and malware at the same time. Android is the best example - either you run an OS that passes Play Integrity/SafetyNet and is blessed by Google and thus can use games, Netflix, banking or a whole lot of other apps that require non-rooted phones these days, but you lose e.g. the ability to do an actual full-device backup, or you run a phone that's rooted or runs a custom OS (say, aftermarket once the manufacturer ceases providing even security updates) but you lose out on about 2/3rds of apps because they just refuse to run.
>You can't have an OS that you can tinker around with and an OS that is secure from cheaters
But do these need to be the same OS? Or is it possible to have them be partitioned off from each other that way you can have a game run with full integrity and then also be able to have a customized experience for things which don't care about integrity.
Dual-booting utterly sucks experience-wise, and the very second you allow any kind of "untrusted" code on a device - even if it's another OS nominally "separate" from the main OS - you multiply the attack vectors that are possible.
That's part of the reason why Apple is so against not just jailbreaks for mobile devices but also any kind of non-Apple-sanctioned access to anything they deem safety critical.
I was referring to virtualization. The experiences doesn't have to be bad. For example on Windows 11 you can double click on a shortcut to a Linux app and when it opens it looks like a regular window like any other program on the computer, but it's actually running on Linux.
This is mostly true. You can run a VM in the trusted OS to do untrusted stuff. For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.
That resolves the tinkering vs intrusive vendor issue. However it doesn't address the privacy, autonomy, or user freedom angles.
By autonomy I mean (for example) the inability to perform a proper backup on a "secure" android system. By privacy I refer to the fact that the vendor can see everything you do even in the VM. User freedom is only an issue when you can't boot an "insecure" OS on the platform, but if nothing will run when you do that the situation isn't much different. For example, technically I have the freedom to run DOS today but in reality I won't be getting much done if I do.
Addressing the privacy issue we've at least got confidential VMs now. However at that point we've just pushed all the issues down a level and the same drama plays out again with the hardware vendor.
>For stuff like 3D graphics you will likely need a second GPU to pass through to the guest if you want reasonable performance.
No, a single GPU can support virtualization and be shared among multiple visitors.
>the inability to perform a proper backup on a "secure" android system.
This is by design as a "proper" backup violates Android's security model. Instead a backup system that respects Android's security model was built. Autonomy is given up but in exchange the high level functionality remains the same and there is better security.
>By privacy I refer to the fact that the vendor can see everything you do even in the VM.
What does this even mean? There is no fundamental reason for spyware to exist and even if there was that is independent to using virtualization.
>User freedom is only an issue when you can't boot an "insecure" OS on the platform
User freedom and security are orthogonal, but due to Turing completeness almost everything will support booting insecure operating systems.
>but if nothing will run when you do that the situation isn't much different.
If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.
> No, a single GPU can support virtualization and be shared among multiple visitors.
Do you really think I'm unaware of that? Have you tried it lately? Most (nearly all) consumer level hardware doesn't support it and (I might be wrong about this next bit but IIRC) you won't get full performance because most solutions partition the hardware rather than multiplexing it.
> This is by design as a "proper" backup violates Android's security model.
I'm aware. That doesn't address the problem.
> the high level functionality remains the same
Absolutely false. Apple at least built a solution that appears to perform as advertised even if I vehemently disagree with the underlying security model and believe that it is actively making society worse off in the long run. Google has failed miserably at that (at least last I checked, which was a few years ago TBF).
> and there is better security.
By whose definition? The officially sanctioned security model does not provide anything of value to me (from a technical perspective) relative to having full control over my device.
> What does this even mean?
It means that if someone else has control over the software on my device then outside of a truly unusual end-to-end code auditing arrangement I can never be confident that I'm not being watched.
> There is no fundamental reason for spyware to exist
What sort of drugs are you on over there? Ad tech is a massive industry. There are all manner of motivations to hoover up user data from market research to selling it to authoritarian tendencies.
> User freedom and security are orthogonal
Notice the quotes. By "insecure" I mean not provided by BigTech and system state attested by a whitelisted HSM.
> due to Turing completeness almost everything will support booting insecure operating systems.
Have you tried customizing the OS on a vendor bootloader locked mobile device lately?
> If there is no market demand for running applications on insecure platforms then perhaps that's an okay situation to be in.
Sophistry. It's user choice due to a combination of lack of awareness and understanding, a preference for convenience even when that's detrimental to society in the long term, and the resultant network effects.
>Most (nearly all) consumer level hardware doesn't support it
Some cards are just limited by the firmware and have hardware support. Microsoft can work together with GPU vendors to get the ecosystem into a state where things will work.
>The officially sanctioned security model does not provide anything of value to me (from a technical perspective)
What about things like malware not being able to steal all of your accounts from your device?
>I can never be confident that I'm not being watched.
Most operating systems have implemented features to let you know when the camera is being used.
>Ad tech is a massive industry.
Adtech is not spy tech. And it doesn't work by seeing everything you do.
>Have you tried customizing the OS on a vendor bootloader locked mobile device lately?
If it's locked then you can't change the operating system that initially loads up, but you can still run a second operating system within the other.
>detrimental to society in the long term
I fail to sympathize when these "detriments" are antisocial things like being unable to cheat in games or being unable to pirate copyrighted works. We already experienced a reality where there was 0 security and it turned out that it was extremely abused inspiring the next generation of computing platforms that offered security and were able to partially mitigate antisocial behavior.
> What about things like malware not being able to steal all of your accounts from your device?
The android (or apple, or whatever) security model doesn't stop that. Malware will perpetually be one zero day away from having root.
It is true that those security models do a decent job of stopping users from shooting themselves in the foot, at least in certain ways. The way they go about it isn't of value to me though.
> > I can never be confident that I'm not being watched.
> Most operating systems have implemented features to let you know when the camera is being used.
Obviously I am referring either to the author of the OS or to the device vendor here (which one depends on the scenario being considered). In either case you can't rely on that party to voluntarily report their own wrongdoing. Hence my reference to a code auditing arrangement.
> > Ad tech is a massive industry.
> Adtech is not spy tech. And it doesn't work by seeing everything you do.
I don't know if you're delusional or interacting in bad faith but either way it doesn't seem we're going to get anywhere when you're saying things like this. It is plainly obvious that there are all sorts of motivations for spyware to exist.
A fairly simple proof is it currently exists, it was created, someone was motivated to do that.
> I fail to sympathize when these "detriments" are antisocial things like being unable to cheat in games or being unable to pirate copyrighted works.
The long term detriments are things like living in an authoritarian panopticon and needing permission from unelected corporate overlords to run any particular app, all on a device that (in the future) you absolutely depend on to perform even basic functions in society. Computer security and the BigTech anti-user security model are entirely different things that you are intentionally conflating here. Your world view resembles a cardboard cutout manufactured at a business strategy meeting.
You're still running untrusted code on the same devices. IOMMUs aren't enough, not since side-channel attacks entered the field, not to mention the consistent availability of IOMMU and Secure Enclave bypasses, or exploits for the GPU to access data from other contexts.
Linux does support Secure Boot, and I believe Red Hat offers RHEL with signed bootloaders, kernels and kernel modules. However, I don't know how secure the secure boot environment is in practice, and I'm pretty sure Secure Boot support on most distros is stubbed to be good enough to boot with Secure Boot enabled, but not good enough to meaningfully verify the integrity of your environment.
I wouldn't be surprised if Valve started making serious innards into improving Secure Boot support on Linux for the sake of Steam Deck compatibility. However, I'm not sure that would work with the lack of stable driver ABI on other platforms that aren't a known quantity.
The mainstream GNU/Linux/whatever software stacks fully support secure boot on a technical level.
> not good enough to meaningfully verify the integrity of your environment
That depends entirely on whose perspective you take. There are tools to do pretty much anything you can think of and you always have the freedom to extend them yourself. So for the end user it's significantly better at that task than proprietary competitors because the end user has full control over the process.
From the perspective of an entity like Riot it doesn't offer anything of value because (AFAIK) none of the distros choose to provide releases that verify the environment binaries match official releases built by the maintainers. I imagine the majority of maintainers would consider providing such a thing to be an anti-feature.
Valve could easily provide an attested system if they wanted to. I'm glad they choose not to (at least so far). If a studio is turning to kernel level anti-cheat they screwed something up to arrive there.
The answers and broader philosophy are all over this comments section so I'm not sure there's much point to my answering you but why not.
The tl;dr is that you largely don't. It's a fools errand.
First you need to recognize the general behavioral pattern and motivations behind it. Once you do that you'll realize that the same people snooping on RAM right now are going to turn to ML botting if they can't do that. Those bots are usually already superhuman, are only going to get better, and the hardware to run them is quite cheap (a video camera and a fake keyboard and mouse).
It's the same problem online chess has. Snooping RAM doesn't help you in online chess but that doesn't mean there aren't cheaters.
Remember catbot? That certainly managed to ruin people's day.
A workable solution has to be end-to-end. Identification based on behavior, competent moderation to review those cases, a model that ensures the moderation efforts are sustainable in the long term, and some way to make sure that bans are sufficiently sticky so that there's actually a point to the whole thing.
Score based methods like Valve employs are a reasonable alternate approach. If cheaters all get thrown in the same pool then who cares if they cheat? Let them have their fun!
Community servers instead of centralized matchmaking are another option. Those once again group the cheaters together, shift moderation costs away from the publisher, and give you a stronger community.
There is precisely zero Sinophobia in the parent thread. Conflating criticism of a country's government with discrimination against that country's people is a very old state propaganda technique that is deeply evil and you should be ashamed of yourself.
This thread is actually about criticism of Riot Games, not any country's government. But for some reason, whenever Westerners do things to other Westerners, they call each other Chinese. In the not-racist way that one does that.
> This thread is actually about criticism of Riot Games, not any country's government.
And, as anyone remotely familiar with the situation would know, Riot Games is a wholly-owned subsidiary of Tencent, a Chinese company, and all Chinese companies are subject to arbitrary amounts of control by the Chinese government.
> they call each other Chinese. In the not-racist way that one does that.
You just committed the same fallacious propaganda technique of the parent. It's extremely dishonest and malicious. Don't do it.
Id go for a "RealID" anticheat service that takes my passport info or some other photo ID along with a video of me saying some junk to prove I am that person.
honestly, html can include css and javascript via link and style tags. there's no reason for it to not have an <include src="" /> tag, and let the browser parsing it fetch the content to replace it.
most of these combinations actually have legitimate use-cases. and, kind of like what the article is pointing to; it's really only confusing if you learnt it the bad way from the start.
that said, I think the more extreme examples probably come from C codebases, where these kinds of declarations are actually highly useful as well as highly logical, compared to C++ which usually tones these kinds of things down via STL and higher level abstractions.
i'd also argue both C and C++ still have their place as legitimate tools for their purposes, and especially C still has no real competitor that can match it for its purposes.
I would argue that if you need to learn it the right way in order for it to make sense, then what that really means is that you just get used to it and it's not very intuitive to begin with.
Take the simple example of a pointer. It's just a data type, but it gets its own symbol. Ints or floats do not get their symbol, and pointer similarly could just be a keyword and not a symbol to be consistent. Pointer could be a type keyword for declaration, and * (asterisk) could be the operator to retrieve a pointer value. This disambiguates it easily and intuitively.
But again, I still like C++ and consider all of these inconsistencies as side effect of its longed lived legacy. It needed to change and evolve and making comprises is hard when it's already part of so many systems. I'm also not sure there's anything better. I have not yet learned Rust but it seems it's aiming for a different kind of experience alltogether. Not sure what could be the real successor to C++ while still remaining compatible in the way C++ is to C.
Kernel-level anticheat is ridiculous. Especially when your data becomes a gaping would ready for the chinese state to stick their fingers into and twist around. It's like the police installing mandatory cameras in everyones house to catch thieves (if society here is games with kernel-level cheats).
I want to go back to the days of Windows 7. When there was minimal corporate bloat in the ecosystem, no ads in the startmenu, and when game studios actually knew what they were talking about and had some balls to stand up for their values.