• @conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        5
        edit-2
        7 hours ago

        It is exactly that simple. You already have to account for latency because everyone but one player (who you also can’t trust no matter how many rootkits you install) is not the server. Having a proper server doesn’t change that in any way.

        Client side validation cannot possibly provide any actual security, but even if that wasn’t the case and it was actually flawless, it would still be unconditionally unacceptable for a game to ever have kernel level access.

      • @conciselyverbose@sh.itjust.works
        link
        fedilink
        English
        915 hours ago

        Yes, people can still cheat with a camera and manipulating inputs. There will never be a way around that.

        But that’s entirely unchanged by adding malware, that, even if it could theoretically work, should be a literal crime with serious jail time attached. Client side validation is never security and cannot resemble security.

        • andyburke
          link
          fedilink
          015 hours ago

          There are ways to detect and stop that, but they can and should happen on the server, not on the client.

            • andyburke
              link
              fedilink
              113 hours ago

              There are lots of options such that you can tune your false positive/negative rate. 🤷‍♂️ Tons of ways you can structure this depending on your game’s tech.

              • @conciselyverbose@sh.itjust.works
                link
                fedilink
                English
                113 hours ago

                No options that resemble legitimate or evidence based in any way.

                If a computer has the exact same input and output tools as a human, you cannot possibly do better than guessing. It is a literal certainty that you will ban legitimate players doing nothing wrong for being too good if you try, and it’s unconditionally not acceptable to do so.

                • andyburke
                  link
                  fedilink
                  113 hours ago

                  Client side anti-cheat faces similar issues, and there unlike your server you don’t control the hardware.

                  • @conciselyverbose@sh.itjust.works
                    link
                    fedilink
                    English
                    113 hours ago

                    I’m not sure why you think I’m saying client side is better when I called it malware.

                    There is no approach that is theoretically capable of doing anything at all to impact a camera and automated inputs, and there is no way of trying to do so that is acceptable. It’s simply a reality of online gaming.