Citation needed. I'd be quite surprised if it were common for servers of professional games to trust the client in that sense (i.e. allowing it to decide game logic like what gets spawned where).
As far as I'm aware the most common types of multiplayer cheats are
* wall hacks, which you could probably prevent by not sending the client any information about objects that the player can't see, but that would require the server to calculate the line of sight for every player/object, * and aim bots, which I don't think you could prevent at all on the server side since they don't rely on the bot having access to any information that the player isn't supposed to have. They just rely on the bot being better at aiming. I suppose if you did all rendering server side and only sent the rendered graphics to the client (i.e. streaming), that would make it harder for the bot because it'd now have to do image recognition to find the target, but that just makes it harder, not impossible. Plus, game streaming wasn't well received for a reason and anyway, I don't think that's what you had in mind when you talked about "not trusting the client".
Things are certainly not always as professional as they appear to be.
Visibility test is definitely feasible against wallhacks, it's not that expensive.
Aimbot is an assist cheat, which technically does not violate the physical rules of the game, so you are right that it's more difficult to detect. One solution to detect this class of cheating is to record the player's movement, and rely on a combination of outlier scores and outlier movement behavior to detect abuse. It's not watertight, but neither are any of these client side anti-cheat detection schemes.
It isn't. If you play with people you don't know, some of them will cheat. If you don't want that, stop playing with strangers.
Btw tell me exactly how an aimbot that takes the visuals from the player's screen and tilts the player's cursor so (or not so) slightly towards identified moving targets, are to be avoided from the server. Modern cheating is already a hard-ass problem to solve, much more so if no client-level monitoring is desired.
The very same way that you'd do it on the client. If I run an aimbot on an nvidia jetson devkit, using HDMI in to get the screen image and USB emulation to send inputs, your anticheat has to do the same work regardless if it's on the client or the server.
If we complain about companies being too quick closing up their servers when games are not as successful as they hoped... imagine if those servers were x10 or more expensive, due to that kind of analysis for all players. Companies would be much quicker to pull the plug, I guess.
And exactly. You cannot detect that with client-side anti-cheat nonsense either. Record on the HDMI and output a fake USB mouse, why not? Botting doesn't break the physical rules of the game, so you're right that it's hard to detect. One "solution" is to record player movement on the server and detect outliers in behavior and scores. Not perfect (and also very difficult), but just as unreliable as client-side anti cheat nonsense.
I can make a game with full server trust to show you if you like.
Automation and assist botting differs from outright cheating in that it still obeys the actual rules of the game.
When I start a game and I see an Easy Anti-Cheat banner I think to myself "Great now I can be killed by an aimbot while simultaneously hosting a root-kit voluntarily."
Why do you think these systems are advertised like that, at the forefront of the game load? It's so that the developers create a false trust in the playerbase that they're doing their damnedest to prevent cheaters, when the reality is that they paid a small amount of cash to a third party to use a system that does a piss-poor job at everything aside from being a symbol of effort and adding incompatibilities where there shouldn't be.
eac bypassing is trivial to a laymen, that doesn't bode well as a defense against people that have made cheating their hobby.
and to be clear : I use EAC as the example because to me it symbolizes the 'security theatre' side of the effort. Real anti-cheat efforts exist, and those should be applauded. EAC ain't it, but it's the industry standard... worrisome.
Realistically these days with how expensive most of these games are to run and make, if you do not keep cheaters away it can tank the entire project, e.g. Cycle: The Frontier basically had to shut down because they couldn't keep cheaters at bay, in a system that heavily relies on player count to remain healthy and fun. Once the cheating gets bad enough, people stop playing the game, which leads to a death spiral: it starts with bad queue times, which leads to people playing other games, and that spiral further diminishes the playerbase beyond a point of no return. Cycle barely made it 12 months and the result was a multi-million dollar project getting flushed down the drain.
So players of those games are sacrificing privacy for no security at all by the sounds of it.
I am glad that Bungie is going with fog of war for Marathon. And heck, given the features Marathon is getting, maybe someday Destiny can have those nice things too. We'll see...
It's pretty hard to have fun when the server is full of cheaters.
I mean, hard to call cheating in a multiplayer game the same as cheating in a singleplayer game. The former ruins the experience of others, the latter just affects your own session. Hard to be against cheating in a singleplayer context.
