Now that Stop Killing Games is actually being taken seriously - maybe we need to take a look at Stop Fucking Around In Our Kernels
I haven’t really been personally affected by it before - I don’t play any competitive multiplayer games at all. But my wife had her brother over, and he’s significantly younger than us. So he wanted to play FortNite and GTA V, knowing I have a gaming PC. FortNite is immediately out of the question, it’ll never work on my computer. Okay, so I got GTA V running and it was fun for a while, but it turns out all of those really cool cars only exist in Online. But oh look, now they’ve added BattlEye and I can no longer get online.
While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot), it’s really not. Even if I wanted to install Windows ever again, I do NOT want random 3rd party kernel modules in there. Anyone remember the whole CrowdStrike fiasco? I do NOT want to wake up to my computer not booting up because some idiot decided to push a shitty update to their kernel module that makes the kernel itself shit the bed. And while Microsoft fucks up plenty, at least they’re a corporation with a reputation to uphold, and I believe they even have a QA team or 2. CrowdStrike was unheard of outside of the corporate world before the ordeal and tbh nobody has ever heard of it afterwards again.
So I think this would be a good angle to push. That we should be careful about what code runs in our OS kernels, for security and stability reasons. Obviously it’d be impossible to just blanket ban 3rd party kernel modules to any OS. However, maybe here in the EU at least we could get them to consider a rule that any software that includes a component running in the OS kernel, MUST justify how that part is necessary for the software to function in the best possible way for the user of the computer the software is running on. E.g I expect a hardware driver to have a kernel module, and I can see how security software needs to have a kernel module, but I do NOT see how a video game needs to have an anti cheat with a kernel module. How does that benefit me, the customer paying to be able to play said video game?
I usually solve this issue by… just playing something else.
It sounds hard, but I assure you, nothing is impossible.
There’s about 5 games a decade that are exciting anymore even, unfortunately. I might just have to give up gaming then.
I can cite way more than 5 excellent games from this decade from the top of my head, We’re almost in 2025, so I’ll limit to games released in or after 2015:
- Factorio
- RimWorld
- Stellaris
- Fallout 4
- Overcooked 2 (and all you can eat)
- Life is Strange
- Cyberpunk 2077
- Before your eyes
- Dead Cells
- Shadow Tactics
- Cities Skylines
- The outer worlds
- Two point hospital
I can keep going, but this is just from the top of my head, there are always good games getting released, and very rarely they’re AAA.
You’re obviously looking in the wrong place for games then…
I encourage you to explore the wonderful world of indie games, and free yourself from the shackles and shitty anti-cheat implementations of the AAA/AAAA gaming industry
Baldurs Gate 3
That’s one yeah
There are tons of good games always coming out even recently, unless you only like multi-player games.
If you spend a little time on the dark alleyways of Steam, you will occasionally come up with hidden gems. The indies scene is currently thriving.
False.
There us no need. CrowdStrike was such a disaster for Microsoft that they are already on the path to locking down the kernel. Noboby but MS will have kernel access eventually. Give it a few years (and 1-2 Windows versions)
Apple has already done the same with macOS 10.15 Catalina in 2019. No more kernel extensions = much better kernel-level security
This will become the industry standard
This will take a rogue agent to send malware or otherwise brick all machines by kernel injection. The crowd strike event poked a hole in the dam. This needs a full exploit to get major traction beyond game studios moving to the next kernel level drm/exploit engine.
Now that Stop Killing Games is actually being taken seriously
600k signatures to go. Link for EU citizens.
Arguing that buying something means you own it is much more digestible for the general public. Arguing that the video game codes run slightly different on your machine than you would like is esoteric and a non-starter. This is not a matter for the government, just don’t buy shitty games. Literally no game is required to be bought.
This is not a matter for the government, just don’t buy shitty games.
This IS a matter for the goverment. “just don’t buy shitty X” is “just use magic” argument.
The point is not enough people understand it to gain any momentum
On the contrary, I think kernel level anticheat should be illegal
On areweanticheatyet.com it seems like the percentage of denied/broken keeps getting higher and higher :(
I guess it makes sense, new games come out with anticheat, and rarely do new games come out without anticheat.
While this seems like a trivial issue (Just buy a third SSD for Windows and dual boot)
That’s not trivial at all. Don’t let anyone let you think otherwise.
Yes
deleted by creator
EAC and BattlEye absolutely are kernel level on Windows.
There’s a warning on Dauntless’s store page saying that it uses EAC for kernel level anti-cheat.
Those both have a Ring 0 component, which is essentially presented as required for the crap to even work.
The argument being that you have to have that level of access for the anti-cheat software to be able to actually be able to do it’s thing, since if you just ran it with a normal user’s permission, it’d be subject to numerous ways you could have a cheat tool simply bypass it.
They’re probably not wrong about that, but doesn’t mean that we should have to essentially install a rootkit on our hardware to play online games.
I was boycotting it before it was even in the news.
I’m late to the thread but am I understanding this correctly? The issue is gaming on a Linux or non-windows pc, right? Also, the general sentiment in this chat room is to not buy the games requiring windows, right?
Are you all high or just idiots? What cinpany is going to give a flying fuck if 1% of their customer base stops buying. 100% of all Linux gamers would have to commit to even make the 1% dent. 🤣🤣🤣
You mean like the “multi-million units sold” Linux based Steam Deck?
Not, the problem is that kernel level ACs are a security and privacy risk, a violation of what I do and what I am willing to share, and a bullshit way to enforce fair play. They already suck at detecting cheats, it is a cat and mouse game, and the mouse has always been ahead.
Next thing is they will require for me to stream my face, hands, and feet to ensure I am not cheating…
No, you’re not understanding it correctly. The issue is that kernel-level DRM is a terrible thing on Windows, the fact that it doesn’t work on Linux is also a side effect.
“Spy on me harder Daddy”
I wasn’t buying their games because they suck.
Anti-cheat was way down the list of reasons. It’s not like even on Linux that there’s a drought of games to play.
I guess they just can’t handle Team Fortress 2.
It should be said that I’m not against games detecting cheaters and banning them from online play. It’s very specifically kernel-level anticheats that I can’t stand on principle.
The one downvote from a cheater 👌
I’m against them being able to ban you from playing online in its entirety, which is something they can do because most online games don’t let you run the servers yourself anymore. Sure, if someone cheats on official servers, ban them from the official servers. They should still be able to play, cheating or not, on the server they run themselves, but that’s not an option we even have most of the time.
This one is such an overlooked part of this whole dilemma. The problem is NOT THAT the official servers not allowing clients without kernel level anti cheat. It’s just we don’t have an option to host our own servers anymore and we’re confined to following the rules.
It is “overlooked” because it is a non-answer.
Nobody wants to play with all the cheaters and the people who got banned because they couldn’t stop talking about how much they love CSAM in the lobbies.
I mean, look at twitter. After the recent mass exodus to bluesky there is anger because they are realizing their quarantine zone is REAL shitty.
I do wish more games would provide player run servers as an option. but I am under no illusion that that is going to be good for anything other than “Hey, remember when we all played Chivalry 2 for a few years? What say we play that on Friday night and then ignore it for another decade?”
That’s a strawman argument. First of all, plenty of people would be happy to self-host a game for their friends, if they were still allowed the option. Second, even people who want to run a public server would still be free to ban people (for whatever reason they wanted). We’re not talking about being forced to tolerate antisocial fuckwads.
First of all, plenty of people would be happy to self-host a game for their friends, if they were still allowed the option.
Exactly! Me and my friends often play on modded Factorio servers that one of us hosts. This is only possible because the developer doesn’t lock things down to only the first-party (official) servers.
We don’t play with cheaters either (you aren’t getting invited to our server if you are). We play with our friends because it is fun, in a way no official server could hope to work.
As something nice to have? I fully agree (and said as much)
As an alternative to anti-cheat solutions/“solutions” as was being presented?
No, it is not an answer. Because it would indeed be forcing people to tolerate “antisocial fuckwads” or forcing people ti find private servers to play with each other like in the good old days.
or forcing people ti find private servers to play with each other like in the good old days.
No shit, Sherlock. That’s exactly what I was advocating for.
I wouldn’t call it “forcing,” though – that’s another strawman. It’s “allowing” the option.
Cool
Also, it isn’t a straw man if you are arguing a completely different topic than the one the thread is about. But cool. You learned a word.
In my experience with TF2, many popular community servers have common-sense rules like no slurs, cheats, etc. The great thing about a player-run server is that, if you want, it can be stricter than official guidelines, as Valve for example is pretty hands-off beyond the obvious in-game cheats. It allows pockets of the community to shape the experience they want to have more adeptly than official servers ever could.
The problem is “pockets of the community”.
Back in the day, I LOVED Unreal Tournament (… I still do actually). And a lot of that is because I found servers with people who became friends I still chat with (hell, one of them is even in the same Warframe clan as I am).
But that is INCREDIBLY unapproachable and I know plenty of people who never “got int” UT or Quake or TF2 because they never found those communities and instead got stuck with random pubs full of assholes.
That said: That is not about anti-cheat. That is about matchmaking versus player run servers. Which is a very different discussion with nuances in all directions.
That is a perfectly valid use case for a video game that I paid for though. I do exactly that with games like 007: Agent Under Fire (in split-screen), and I played games like Rainbow Six 3 long after the official servers weren’t there anymore. Agent Under Fire in particular is a lot of fun with all of the modifiers on, like moon gravity, and I wouldn’t mind playing some multiplayer games with friends with cheats like that one on; things that you wouldn’t want on in a ranked queue, but things that I should 100% be able to do with the product that I paid for.
Yes, that’s part of the StopKillingGames agenda as well. Allow us to control our own servers! For fuck’s sake, it’s CHEAPER for them, because WE’RE paying for hosting. A dedicated server costs money! And it keeps people buying into the ecosystem after the initial sales high because you form communities and then tell people IRL how awesome the game is. Assuming you have time for real life friends of course.
I’m not against the existence of a matchmaking system, or even against it being the default. Just give us a tiny menu item “Dedicated Servers” somewhere and keep that one around forever, even when the publisher is long bankrupt because the CEO blew all their profit on sculptures of oddly shaped penises or something.
A dedicated server costs money!
Game company: “Why don’t you give that money to us and we will give you a server?”
They see it as a threat to their business model. Without any other option, you have to be on the latest version, seeing the latest skins, and you’re unable to bypass their store and mod them in yourself. If I can help it, not giving me the option to run the server myself will be a threat to their business model.
Make a cheater pool and put anyone you detect using cheats in a separate matchmaking system that only matches cheaters with cheaters.
And never ban anyone, ofc.
“Butbutbutbut server side anticheat is haaaaaaard and requires us to actually think about what values are actually valid and understand our own internal game states. Kernel level anticheat
lets us be lazycosts us less and requires less development time!”Look if companies could implement successful anticheat without kernel access they sure as hell would, regardless of cost or effort. There is a TON of money to be made in competitive fps games alone, and they’re pretty much all overrun by hackers
requires less development time
Here, step into this 200GB repo with about 50 third party plugins and someone else’s game engine and find all the states that aren’t exactly like they are on the design docs, and do it at scale, across a cluster of servers that all have to interact.
20 years ago, i’d be right there with you.
It’s actually hard for a big game to do those things. The people making the cheats are as good as the developers and only need to find one nick it the armor every time.
FWIW, I’m against kernel-level anticheat, and I didn’t downvote you :)
Unless they deviate substantially from how they build games in genres like shooters, server side anti-cheat isn’t going to catch everything that kernel level anti cheat does. However, kernel level anti cheat doesn’t catch hardware cheating anyway, so if cheating is always going to be imperfect, we ought to stop short of the kernel.
Was it Delta Force that made everyone lose their shit because it “accidentally” warned people would be banned for usb thumb drives?
Because… that is coming. No, not the thumbdrive. But scanning your various devices to detect hardware based cheats. Which… is likely also going to be pushed by logitech and razer to get ahead of the crowd that are sick and tired of needing their bullshit software to properly use mice and are looking toward alternatives.
That’s the thing, you’re never going to catch everything. But anything important can be sanity checked by the server when the client checks in, all without opening a vulnerability in your customers’ systems.
So much kernel level anticheat is about offloading the processing power to the customer, and unreasonable desires for control over the systems involved and overall game environment (and probably a decent amount of data mining).
A lot of cheats send completely legitimate information back to the server, and that’s what they’re seeking to stop with the client side implementation; I don’t think it has anything to do with costs. I haven’t heard of any data mining happening, and surely someone would have caught it with wire shark by now, but there are enough things that we know for sure about kernel level anti cheats to make it offensive.
I think the way to go about detecting cheats server-side would be primarily driven by statistics. For example, to counter wallhacks one might track how often a player is already targeting an enemy before they become visible. Or to counter aimbots one could check for humanly impossible amounts of changes in the direction of mouse movement, somewhat similar to how the community found out a bunch of cheaters using slowmo in Trackmania.
Add in a reputation system that actually requires a good amount of playtime to be put into the highest tier of trust for matchmaking and I think one could have a pretty solid system that wouldn’t have to rely on client-side anticheat at all.
That’s the thing, you’re never going to catch everything
The problem is that the things that aren’t caught? People don’t say “Ugh. Easy Anti-Cheat suck”. they say “Ugh, fucking Battlefield is un fucking playable. BOYCOTT IT!!!”
There are alternative methods that may be even more effective (I personally think this is a genuinely great use case for “AI” to detect things like tracking players through walls and head snapping). They also have drawbacks (training and inference would get real expensive real fast since it needs to be fairly game specific).
Whereas kernel level bullshit? It clearly works well enough that the people who have the data (devs and publishers) are willing to pay for it.
And if it reduces the risk of a particularly bad exploit hurting the reputation of the game and tanking it harder than Concord?
Which is why “fighting back” is so difficult. We, as players, are asking for the devs/publishers to trust us. But we have also demonstrated, at every fucking step, that we won’t extend even an iota of trust back and will instead watch thousands of hours of video essays on why this game sucks because of a bad beta.
I think it should also be noted that the games industry is not audited for security to the same degree as a lot of other industries. So vulnerabilities may not be found until years after launch and then go unpatched indefinitely because the company has already moved on to the next thing.
Hell, one of the older CoD games had an RCE vulnerability that as far as I’m aware is still not patched.
Plus, major publishers like EA are now pushing to create their own kernel-level anticheat in-house. Why should anyone trust them to create a secure piece of software that runs with the highest permissions possible when they can’t even be trusted to create stable, functional games?
Someone discovered Dark Souls games had a RCE but they never responded to the person that kept emailing them about it for months. The security guy then started invading streamers and crashing the game while doing fun stuff like showing text on the screen. Only then did Fromsoft take down the servers and patch things up - which took a few months.
Yes, game companies really don’t take security seriously.
oh, so that was what it was about. they sure were really quiet about not caring about it in the first place.
Money talks.
Don’t buy the game.
This doesn’t work. It will never work. You can’t shame conscious consumers into voting with their wallets while the other 99% keeps buying the bad practices.
Thing is, if nobody on Lemmy, and literally nobody in general who cares about anticheat, buys GTA 6, you know what effect that would have on the company’s bottom line? None, they’ll make record profits.
So now you try to convince the 99% of players that are buying the bad practices, that a magic (to them) program that prevents cheaters is bad (since “has too much access” doesn’t really explain anything). They don’t care and won’t care.
They applaud it even.
…still not buying it, tho.
Exactly.
It’s like promoting Linux to people: Why would I care that my operating system is open source? Or free for that matter if I pirate it anyway?
Some people never will care.
Absolute dogshit strategy. 99% of people will always buy the game so you not buying won’t matter in the slightest. Unfortunate but true.
Why would they listen to your personal complaint if you, singular, are going to buy it anyway? Your voice only matters to a company if it means you won’t buy their product otherwise. Don’t buy the game, then tell them why you didn’t.
You’re not listening to what I said. I said that most people will buy the game and there is not a damn thing you can do about it. Most people are fucking idiots. You can morally decide not to support it by not buying the game, and that’s perfectly reasonable. But it won’t do fucking shit because all the idiots will still buy the game. That’s just how the world works because most people don’t give a fuck. Unless you can personally convince millions of people to change their behavior and agree with you, you not buying the game doesn’t matter.
There is a network effect to popular games.
However as more people stop buying the network effect gets weaker.Its happening visibly with the new Call of Duty. Many i know bought it and then stopped playing shortly after because much of their friends are waiting for sales now or just find the game bad.
Those people will be thinking twice before buying next year.
Exactly, every time I say ‘I’m thinking of putting up a Factorio server, you want in?’, they are significantly less likely to be playing (or paying for) the newest game that has kernel-level access. Why, because we are playing Factorio for the next few weeks together and Factorio is fun.
Factorio isn’t the only game we play, but the point is to reinforce yours. If you are playing fun game x, your friends are more likely to play x instead of something else. Even if they have no care about Kernel-Level access, the fact you do affects their buying (and playing) patterns.
Right, well they are trying to start a campaign to popularize the comment you just made. Or at least that’s my understanding
Money mumbles. Don’t buy the game, and also actively notify the company of your decision and why. Twitter, feedback form, steam review, whatever channel lets you get that message across.
So do mega-corporations with more money than God, like Microsoft.
And they already said no to root-level anti-cheats.
