Worth noting that part of the packet size appears to be due to animation data, which they’ve begun the process of transitioning to a more efficient system. [0]

With that being said: totally agree on the netcode.

[0]: https://old.reddit.com/r/GlobalOffensive/comments/1fwgd59/an...

CS2 is 64 tick under the hood, with interpolation between the ticks. In the beta, server operators could modify the tick rate by patching the server binary, but when that revealed inconsistencies (which was meant to be avoided with the "subtick" system), they hard coded the client side tick rate to 64 [0].

[0]: https://twitter.com/thexpaw/status/1702277004656050220

One thing that has nicely developed there is a set of submission-only websites for viewing servers.

All feedback on the latter point appreciated :).

Maybe op isn't familiar with counterstrike servers as they were back in the day. For me it was a very easy read.

Glad to hear it was an easy read for you! I did do some refactoring of the article based on the feedback here, so that might have also helped.

Not what I meant to convey, I need to adjust some wording there!

I figured you knew that and it was just awkward wording :)

As someone pointed out (and I should’ve mentioned earlier in the article): yes, Valve have a system for registering servers with Steam IDs.

But there’s two problems: they haven’t done any enforcement action ever, and server owners have access to massive amounts of burner accounts.

edit: I've now updated the article to mention that in the main body of the text.

If they start banning everyone that does it even those operators will rapidly run out of burner accounts. Can’t keep justifying $30 for every CS purchase if it’s going to be banned a day later.

Agreed. With that being said, the price isn't $30 for the spam creators, they're buying shady accounts for far cheaper.

Honest question: do you segment your activities on your computer on different users?

No? In which case, what practical spyware risk does a kernel level driver add that user mode software can’t do?

User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system. That spooks me enough that, if I don’t trust a software manufacturer, I don’t install it. Kernel mode makes no practical difference in my security posture.

For starters:

- Creating a unique ID that is directly bound to hardware.

- Accessing the memory of any process, including browsers or messengers.

- Installing persistent background processes that are hidden from the rest of the system.

But I think that's the wrong question. Talking about the kernel driver is a distraction.

The abuse scenario that I think is most likely would be that the game and/or anticheat vendor uses the hardware ID for user profiling instead of just ban enforcement, and that the "logging" functionality is coopted to detect software or activities that aren't related to cheats at all, but are just competition of the vendor or can once against be used for profiling, etc.

None of that strictly requires a kernel driver. Most of that stuff could be easily done with a usermode daemon. But under normal circumstances, there is no way I'd install such a program. Only in the name of cheat prevention, suddenly it gets permissible to make users install that stuff if all they want to do is play some game.

The point it, you don't need a kernel driver to access most of your data. Just a user space process can go read all your files and memory of processes of the same user.

Like a game?

> User mode software can spy on your clipboard, surreptitiously take screenshots, and take data out of your system

Not on any properly secured Linux machine. But yes, it's generally a bad idea to install software you don't trust, a category that anticheats slot nicely into, given their resistantance to auditing and analysis.

A properly secured Linux machine is a unicorn. The Linux desktop ecosystem is struggling a lot with putting software in namespaces. People still install software with their package managers outside Flatpak, there is no isolation of data, not to say many workflows depend on the whole user directory being available to access.

This is adjacent to how Linux users claim their default system is inherently more malware-resistant than Windows, when either way you're trusting anything you run in user space with almost everything important.

Some* Linux users

> Honest question: do you segment your activities on your computer on different users?

Yes.

This is a really old idea. It was implemented in CS:GO in ~2015 [0], although community anti-cheats like SMAC have implemented it for years before then [1]. Riot have an article about their implementation of the same idea in VALORANT's that a good read from a technical perspective [2].

Sadly, CS2, from what I've gathered, broke this.

[0]: https://www.reddit.com/r/GlobalOffensive/comments/35zwwy/opt...

[1]: https://www.youtube.com/watch?v=qkhQgYB4lAA

[2]: https://technology.riotgames.com/news/demolishing-wallhacks-...

SMAC certainly predates Valve’s official implementation, wouldn’t be surprising if something else also did it.

> like EA's Battlefield series, that utilize a degree of statistical modeling to detect cheaters

Battlefield started out using PunkBuster, one of the earliest kernel-level anti-cheats. With Battlefield 4, they used FairFight, a statistical server-side solution, alongside PB.

With Battlefield 1, they dropped PB, and operated with just FairFight.

And now, EA have decided to create their own kernel-level AC, called EA AntiCheat, and are implementing it on BF5 and BF1, largely because FairFight was not enough.