Not possible. Sure, it might be possible to detect a player instantly snapping to the center of an opponent's head and clicking, but cheats could easily make the aim move over the course of several frames, and make the target off of the center of the head by a couple pixels to simulate someone just being really good.
I've watched some really good gamers in person. People's ability to quickly flick their mouse and pop shot to a target only 1/4" inch wide on their screen in a tiny fraction of a second is insane to me.
So being able to differentiate between a cheat that tries to behave like a god-like player (rather than simply aiming to a head in a single frame) and an actual god-like player is not possible.
> a working report system.
Also not possible because of the sheer number of reports. There are people that will report 100% of the time they lose a firefight, even if a replay makes it very obvious that the person they lost against was not cheating.
And again, even with a replay, it can be impossible to differentiate between a cheater and a really good player, except in the case of OBVIOUS cheats, like shooting through a wall with 100% accuracy, or firing into nowhere and scoring hits on targets a mile away.
At best, you could ban people from using the report system when it's obvious they're abusing it, but evaluating reports has to be a manual process, but manual processes doesn't scale when you've got a player base of 7 figures or more.
But if a cheater really is subtle enough to be indistinguishable from a highly skilled player, is it really a problem? I mean, I guess it's "unfair" to genuinely skilled players but come on, it's just a game.
Never thought about that approach before, that is super interesting. Tying it entirely to rank isn't the best, but placing you in lobbies on an axis that is independent (but correlated with) rank would achieve the same effect without clogging high-ranks with cheaters and giving cheaters a reward.
Then the cheaters organically get placed in lobbies with other cheaters, ruining the fun for them. If the system doesn't work the best right out of the box, that's fine, because you are still gravitating those cheaters upwards in rank, which will most guarantee that they get reported from other players.
I've tried to write a bot for a website and it caught naive bots and just put them in the same lobby as other bots. If wasting time of abusers is your goal it's a pretty effective strategy.
Plenty of games have a server-side checking system that works on reports and statistical checking and it's a bit of a joke, like you say, it's an impossible fight. A pro-player of an FPS game is statistically so far beyond even fairly hardcore players that they trigger that constantly, so quite a lot of the most popular pro-players have their accounts and their alt-accounts whitelisted by the devs or the esports tournaments that host private servers. Which, of course, undermines the system entirely.
The problem with "a working report system", by which I take it to mean you have actual humans reviewing reports, does get you somewhere, but it doesn't touch 'humble' cheats, ie: rather than headshotting everyone 100% of the time, a cheat that lowers your recoil 15%. For an already very good player, -15% recoil in CS:GO or PUBG is a crazy, crazy advantage... and yet you couldn't notice it by looking at a video.
Even though it's an impossible fight to win completely, I don't think the answer is to "give up early".
1. Not all cheats are aimbots. In a game like Warzone where you are playing with 99 other plays, wallhacks are a very valuable cheat. There are server side mitigations, but they aren't perfect in very situation
2. Ideally you want to prevent cheaters from playing a single game. Reporting cheaters does nothing as legitimate customers still have to deal with cheaters and cheaters will just make new accounts.
The point of most anti cheat is not %100, but a significant enough reduction. If you make it super annoying and expensive to cheat, it's not going to happen that much in practice.
I mean, this is already happening! Have a Google for "Hardware CS:GO aimbot" and there are some crazy things people are doing to cheat in video games. Stuff that attaches to the CPU, ones that attach to the mouse to fake input that way, it's really quite ingenious. The market for these devices is enormous.
I guess radar cheats where the ethernet cable to split to a second computer could also be considered a hardware cheat, since it's running between an airgap.
Definitely already exists. I've seen external aimbots that monitor what's on screen and input specific keyboard/mouse commands.
Incredibly difficult to detect, you basically need to model the way users behave differently from bots... but at the high end of competitive play people tend to approach more bot-like behaviors.
From what I understand there are already cheats that work at the hardware level (read video output, modify mouse input) with all software running on another machine.
100% this. Coming from someone who made one myself :p if everyone had to do it to cheat, cheating would be OVER at a casual level, and a minor issue at semipros/pros (even irl tourneys can be hacked! see forsaken).
But why would it cost hundreds or dollars? I can see why a DIY solution might, but if there's demand for it, surely it can be packaged as a plug-and-play device, and manufactured at scale for a lot less?
Camera + beefy computer + input device, maybe an external motor based thing if controllers are crypto locked by manufacturers in the console case.
Even if you made a specialized item it would still cost a lot mostly due to the ML requirements. Maybe smartphone + a specialized input device would reduce the 'cost', but you still need to buy a several hundred dollar cell phone.
I can't see that taking off at scale, but certainly in the semipro level it would be used.
Besides, I know like 90% of cheaters are 14 year old kids who used the first google result because it's so easy to. Any resistance and that'll stop a majority
By not relying on client side protections to prevent hackers from messing with your game... This is just another flavor of the DRM fight and its not effective.
> Easy: code your game correctly and check for impossibilities server-side. But that costs money in development and infra.
Do you have any experience developing networked multiplayer games? I do it for a living, and it's not that easy, at all. In a situation where I shoot at your head on my screen, but you were already around the corner on your screen, what happens? This happens _all_ the time due to latency, and has nothing to do with development costs or infra. There's no way to avoid the problem when you have people with varying levels of connection quality, and different distances to the game server.
Could you expand on "code your game correctly"? Let's say I'm playing your (correctly coded) game and I've got an aimbot, that snaps onto someone's head, how do you detect/stop that from the server-side (the only place you can trust)?
You look for aim that is too perfect. E.g. humans nearly always overshoot their target before correcting, aimbots never do (unless they are trying to imitate humans)
Great, so now we'll adjust our aimbot to slightly overshoot the target, and swing back. Give it a little bit of randomness. A random delay of 50-100ms. Make it flat out miss a small percentage of the time.
It'll still be better than 99.99% of human beings at clicking on heads, and will still win you 99% of fights against non-cheaters.
Now what do you do, in your correctly coded game?
Keep in mind, as a cheat developer, I can keep moving these goal posts.
I actually think the worst thing about the suggestion you're replying to is that it is an over-generalisation. "Most players will do X", "they nearly always do Y"... yeah, okay, but what about the 10% who don't? The 1% or the 0.1% who don't? What about the ones who do as you describe, except for 5% of the time when they don't, or when they get lucky? I've hit genuinely lucky shots in a game, accidental good plays, for the receiving player they probably thought I was cheating, and yet I wasn't. The potential for false-positives is horrible, and you end up outlawing legitimate behavior based on a poor understanding of play.
It's not the impossibilities I'm worried about. Those are easy to see and report. It's the slight corrections which look "natural" but are actually the work of cheats "assisting" players.
If the hackers are no longer rampantly ruining the game and rendering it effectively unplayable as someone instantly headshots everyone on sight; if the hackers or botters have become indistinguishable from other competent players, then... Well, excellent! Mission Accomplished. All you have remaining is a matchmaking problem, which they're already, separately trying to solve.
(As an aside, we already have games using built in assistance/cheats as an accessibility feature to level the playing field for people using certain hardware or controllers e.g. games with PC and console crossplay, so perhaps there's some approaches and lessons from that which we can apply here as well.)
The only thing at stake then is the integrity of leaderboards or tournament brackets, which is a problem that already had some different, separate approaches to solve. But IMO that a problem is absolutely subservient to the integrity and playability of the base game.
"if the hackers or botters have become indistinguishable from other competent players, then... Well, excellent! Mission Accomplished"
"... that a problem is absolutely subservient to the integrity and playability of the base game."
If you use hacks/cheats to help you play higher than your natural skill/ability, doesn't that ruin the integrity of the game? The mission is not accomplished in this case. Instead it's just tricky to determine who's hacking.
Headshotting everyone on-sight also sounds like the old days of hacks in games. In my experience, there is more nuance to the way these cheats are used these days. Most people aren't trying to be obvious about it.
It's really not given the state of how bad cheating is in CoD. This is sorely overdue and has been requested by the userbase for some time. While it is a pretty significant change, it's for the betterment of the user experience.
It's the logical conclusion. The clients machine is inherently untrusted. So how do ensure integrity? Best you can do is try to get to try to get as few layers between you and the machine as possible.
It's essentially the same problem as DRM, which generelly can only hope to prevent piracy for a few weeks. The solution of the movie industry there was to add there garbage directly to the hardware.
