Title: On non-technical video-games cheat mitigations Date: 2024-01-12 20:15 Cheats are as old as video games, and will be there as long. There are a couple of high-profile players in the anti-cheat market today: [BattlEye](https://en.wikipedia.org/wiki/BattlEye), [Valve's VAC](https://en.wikipedia.org/wiki/Valve_Anti-Cheat), [PunkBuster](https://en.wikipedia.org/wiki/PunkBuster), [Epic's EAC](https://easy.ac/en-us/), [Blizzard's Warden](https://wowpedia.fandom.com/wiki/Warden_(software)), [Riot's Vanguard](https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard-), [Activision's Ricochet](https://callofduty.com/en/warzone/ricochet), … as well as in-house ones. To try to keep up in the race, both sides are resorting to more and more invasive technical privacy-invasive measures: streaming virtualised shellcodes, hardware fingerprinting and locking, [stack-walking](https://secret.club/2020/01/05/battleye-stack-walking.html), bootkit-like kernel drivers, [TPM](https://en.wikipedia.org/wiki/Trusted_Platform_Module)/ secure boot/ [HVCI](https://learn.microsoft.com/en-us/windows-hardware/drivers/bringup/device-guard-and-credential-guard)/ [IOMMU](https://en.wikipedia.org/wiki/Input%E2%80%93output_memory_management_unit)/ [VBS](https://learn.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-vbs)/… [shenanigans](https://support-valorant.riotgames.com/hc/en-us/articles/22291331362067-Vanguard-Restrictions), hypervisors [detection](https://secret.club/2020/04/13/how-anti-cheats-detect-system-emulation.html)/usage, [exfiltration of suspicious materials](https://secret.club/2020/03/31/battleye-developer-tracking.html), external [DMA](https://en.wikipedia.org/wiki/Direct_memory_access) hardware, or other [more exotic things]({filename}/paper_notes/paper_notes_hallucinations.md). Yet anti-cheats are still routinely bypassed, less in a public manner, granted, but private and closed-community cheats are still flourishing, since it's a losing game by nature. And since games and anti-cheats are software, they're of course riddled with [hilarious](https://vice.com/en/article/d7y5wj/street-fighter-v-rootkit) bugs leading to [stupid](https://unknowncheats.me/forum/anti-cheat-bypass/614682-eac-dll-loading-method-eac-forcer.html) [bypasses](https://unknowncheats.me/forum/anti-cheat-bypass/503052-easy-anti-cheat-kernel-packet-fucker.html). But this isn't what this blogpost is about. Nowadays, cheats are considered as part of a larger problem: abuses and toxicity. Cheats aren't (only) hunted down because they're morally questionable, but because they disturb the way the game is meant to be enjoyed. Toxic and abusive behaviours lead to the very same results: A game that isn't fun to play because of cheating/abuse/toxicity issues will see its players number decrease, have poor reviews, … and won't make money. I'm sure there is a parallel to be made about the current state of our society, but I digress. For this article, we'll consider cheating and abuse/toxicity as a single issue under the term *abuse*. Now, because abuse isn't a purely technical issue, but also a social one, it can't be solved by technical solutions only, so let's have a look at what non-technical mitigations game developers are coming up with to curb this issue. The most obvious mitigation is to make cheating expensive, money wise. Having to pay 60EUR for a game is a steep investment, especially if one has to buy it again every time they get banned. This of course doesn't apply for free-to-play games, but can be emulated by having a cosmetics ecosystem, either to pay for, or to grind. The other expensive thing when playing video games is the hardware, and bans can be tied to it. ## Global measures The *big* mitigation at this level is reputation systems. They're based on people who know best how a fun and fair game should go: players. After a match, they're encouraged to cast votes on how fair it was, on a match level, but also directly at players level: "Bob was really looking out for others", "Bob was a team player", and so on. For negative behaviour, reports don't have to wait the end of the match, players can report cheating, being offensive in the text/voice chat, [griefing](https://en.wikipedia.org/wiki/Griefer), queue dodging, [smurfing](https://www.urbandictionary.com/define.php?term=smurfing), … Of course, slanderous reports are penalised. Peer pressure is a good lever too, by taking action not only against cheaters, but from people benefiting from the cheat, like regular teammates. [Bug bounty programs](https://en.wikipedia.org/wiki/Bug_bounty_program) are now commonplace, so it's only logical that there are now [some](https://hackerone.com/riot) rewarding anti-cheat bypasses/exploits. The rewards are a bit cheap for now, but will likely rise up as the programs mature. The positive effects are multiples: 1. It increases the incentives to report issues to get them fixed: a player finding a glitch/exploit can now get some cash for the discovery 2. As more abuse vectors are killed, the reward prices will rise, and it might become more profitable to report bugs than to sell them to cheat providers. This isn't unheard of, with [Google's kernelCTF](https://google.github.io/security-research/kernelctf/rules.html) paying two times more than Zerodium. 3. If the bug bounty program is correctly managed, the probability of getting a given amount of money for reporting an issue will be higher than using it in a cheat for an unknown period of time until it gets fixed. 4. It will likely increase the amount of people looking for issues and willing to report them. Community managers can also regularly spread [FUD](https://en.wikipedia.org/wiki/Fear,_uncertainty,_and_doubt) post updates about ban waves, anti-cheat measures, reports, … to make it clear that abusive behaviours are something being taken care of, and a dangerous gamble for players to take part in. I think I have seen some people spending time proving that some cheaters streaming live were in fact recycled pre-recorded footage from an earlier version of game, because some of the game details have been updated in the meantime. ## Accounts-level measures Some game stores, like [Steam](https://en.wikipedia.org/wiki/Steam_(service)), have an account-level "cheater" mark, meaning that if someone gets banned from a game for cheating, other games can know about it. But more importantly, [achievements](https://en.wikipedia.org/wiki/Achievement_(video_games)) and cosmetics are also tied to an account, and as mentioned previously, those are non-zero time and/or money investments. Getting banned means losing them. This of course only deters opportunistic cheaters, as people can simply create other accounts to cheat, but this can be made harder via purely technical means. Most *competitive* online games have ranked and casual game modes, with the former being only accessible after having spent a certain amount of time in the latter one. Meaning that one has to do it again every time they get banned, or [pay someone to do it](https://en.wikipedia.org/wiki/Boosting_(video_games)). Some studios are even making player go through more hoops to be able to play, like requiring [MFA](https://en.wikipedia.org/wiki/Multi-factor_authentication), or playing a couple of matches against [bots](https://en.wikipedia.org/wiki/Video_game_bot) branded as a tutorial, before being able to play with other people. There is a course a fine balance to keep to annoy abusers but not legitimate players. ## Player-level measures The goal of non-technical measures isn't to make it impossible to be abusive, but to make it not worth it. Moreover, issuing instahwpermabans to [edgelords](https://en.wikipedia.org/wiki/Edgelord) seems a tad heavy-handed, so having a large panel of measures against abuser makes sense: one might want to allow people to rectify their behaviour, to isolate them to cool down, and so on. It might include textual warnings, temporary bans, kick from the current game, chat/voice mute, losing access to ranked play, reducing the amount of earned experience points, … Players are abusive for various reasons, but I'd argue that most do because it's fun. Ruining the fun for them is thus a good way to curb such behaviours. A simple way to do this is to make them play together, by grouping players by reputation, or by having servers with technical anti-cheat measures explicitly disabled. But there are even more creative measures, like [disabling their parachute](https://www.callofduty.com/en/blog/2023/11/call-of-duty-ricochet-anti-cheat-modern-warfare-III-progress-report), reducing their damage output to ridiculous levels, taking away their weapons, [making other legitimate players invisible to them](https://www.callofduty.com/blog/2023/06/call-of-duty-ricochet-anti-cheat-season-04-update), randomly drop some of their inputs, [hallucinations]({filename}/paper_notes/paper_notes_hallucinations.md), … and while this costs a bit more engineering time than simply grouping them together, it has a couple of high-value returns on investment: - allowing game developers to spend more time collecting data on how cheats are working on a technical level, - reducing the impact cheaters have on a game make is possible to significantly defer banning them without impacting other players too much, making it harder for cheat makers to pinpoint how and why a cheat was detected. - it's absolutely hilarious ## Examples ### [Rainbow Six Siege](https://en.wikipedia.org/wiki/Tom_Clancy's_Rainbow_Six_Siege) - It uses BattlEye, and in end-2022 early 2023 banned around [5000](https://ubisoft.com/en-us/game/rainbow-six/siege/news-updates/2g7hT2NNuOqrj35RfgsFxN/anticheat-status-update-march-2023) accounts per month, which is a lot, but also shows that it doesn't deter cheaters. - The game costs [$8](https://store.steampowered.com/app/359550/Tom_Clancys_Rainbow_Six_Siege/), but if you want to have access to all the operators, it's $70. One can also unlock operators by playing, which takes several hundreds of hours. - To play ranked, one need to reach [level 50](https://ubisoft.com/en-gb/game/rainbow-six/siege/news-updates/4hShcX2HZTG2ttIi3IIN9Y/matchmaking-rating), which takes around 50h, give or takes. - The game has a rich ecosystem of cosmetics than can be [purchased for steep prices](https://store.ubisoft.com/us/dlc-type-skins-cosmetics), and painstakingly earned by playing, that would be lost in cast of an account ban. - Friendly fire will result in the damages being applied to the shoot should it be reported as voluntary by the player at the receiving end. - It's developing a pretty involved [reputation system](https://ubisoft.com/en-gb/game/rainbow-six/siege/news-updates/22JLMFeayzuamhb7YKbAjm/reputation-system-activation-more), where people with a "positive" behaviour gets rewarded (more experience points, cosmetics, …), while those with a "negative" one might be prevented from playing *ranked*, get less experience points, … ### [Call of Duty: Modern Warfare II](https://en.wikipedia.org/wiki/Call_of_Duty:_Modern_Warfare_II_(2022_video_game)): - The game costs [$70](https://store.steampowered.com/app/1962660/Call_of_Duty_Modern_Warfare_II/). - ["Players must be at least Level 16 to access Ranked Play"](https://callofduty.com/blog/2023/02/call-of-duty-modern-warfare-II-ranked-play-features-challenges-rewards), but this can be done in a couple of hours. - Cheating results in account-wise permaban across all Call of Duty titles. - Banned accounts have their records purged from leaderboards. - Players engaging in "negative" behaviours might get muted on chat/voice, … and interestingly, cheaters are going to get paired with other cheaters in matchmaking. [Players who are often playing with the same cheaters](https://support.activision.com/articles/call-of-duty-security-and-enforcement-policy) (boosting), will also get their reputation tanked. ### [Valorant](https://playvalorant.com/) Its developer even published a [great series of blopost]( https://playvalorant.com/en-us/news/tags/game-health-series/ ) on what it calls "game health" - The game is free-to-play, but comes with _a lot_ of [cosmetics](https://valorantstrike.com/valorant-store/). - Cheaters get a permaban, but people benefiting from them might get a 6 months one as well. - Players joining games and [idling to reap out experience points](https://playvalorant.com/en-gb/news/dev/valorant-behavior-detection-and-penalty-updates/), doing nothing but kneecapping their team will [get penalised](https://playvalorant.com/en-us/news/dev/valorant-systems-health-series-afk/). - Players are encouraged to report toxic behaviours, and to not engage, since engagement might be penalized as well - Players using, [certain words](https://support-valorant.riotgames.com/hc/en-us/articles/360044791253-Inappropriate-In-Game-Names) whether in chat or as username, will be flagged as toxic. - Penalties come in various size, shapes and durations, allowing to fine tune according to behaviour: warnings, voice/chat restrictions, reduction in experience points gain, reduction in raked rating, increased queue waiting time, ranking game ban, global ban. - Valorant [published](https://playvalorant.com/en-us/news/dev/valorant-systems-health-series-smurf-detection/) their approach to mitigate smurfing; acknowledging that while having multiple accounts to smurf/trade/evade bans/… is not desirable, some people are using them to to play with friends with a better/worse ranked level. So while they took measures to detect and mitigate having multi-accounts, they also relaxed the maximum ranks difference for players to play together, which significantly reduced the number of alt-accounts usage, but also didn't alter match fairness in a measurable way. ## Conclusion This is all nice and dandy, but is it working? According to data from [Rainbow Six Siege](https://www.ubisoft.com/en-us/game/rainbow-six/siege/player-protection): [Valorant](https://playvalorant.com/en-us/news/tags/game-health-series/), [Call of Duty: Modern Warfare 2](https://www.callofduty.com/blog/2023/06/call-of-duty-ricochet-anti-cheat-season-04-update), … those measures are indeed working pretty well, and are likely providing better results than technical-only measures. They are also cheaper, since steering people away from toxic behaviours doesn't reduce the number of players as much as banning them outright. It's nice to see that the video game industry realised that cheating and abuses/toxicity could be addressed in similar non-technical ways, and that both approaches are complementary. This is a stark contrast to other ones, where techno-solutionism is seen at the only possible remedy, even more so in our machine-learning-all-the-things era. ## Sources and resources - [Anti-Cheat for Multiplayer Games](https://youtube.com/watch?v=hI7V60r7Jco) - [Secret Club](https://secret.club/) - [UnKnoWnCheaTs](https://unknowncheats.me/)