i cant see a lawyer, at least yet cus i have no money (been saving for my new comp for ages :(), I will just let everyone know about it for now
Thanks for the input guys, much appreciated
The first rule is to make sure you only collect as much information as you need and no more…and that you get rid of it as soon as possible. Sending screenshots of their computer (especially when not running Starcraft) would probably breach that.
In this sort of case where people have agreed to and installed it specifically as an anti cheating measure rather than you are sneaking it onto their computer you are in reasonable shape but you still need to be really careful - and unless one of us is an undeclared lawyer then legally none of us can actually give any legal advice 
@madjack said:
@zarch
The program could self-authenticate by calling home and getting the original CRC or a sturdier checksum. But I guess that's something @wezrule2 should worry about.
@wezrule2 said:
Nice idea :)
It still doesn't work. If they hack the monitoring program then they can hack the verification code and it all turns into an arms race. There are even cheat engines out there that run the program inside a virtual machine and then modify the behaviour of that virtual machine - so even if your monitoring program is running and checking processes/whatever it can't see anything outside the VM so everything looks fine.
The client is under the full control of the player, so if that player is a cheat/hacker then you cannot trust anythingyou run on the client.
The only way to totally stop map hacks is to never send the client information it is not displaying on the player.
For bots there is no foolproof solution but a combination of stuff in the client to make it harder and then pattern recognition server side is pretty much the only options going at the moment.
Having said all that, for a small Starcraft tourney the incentive for hackers isn't great so a program like this is effective at stopping people just running the various 5 year old hacks that they otherwise might be tempted to use.
1 Like
@wezrule2 said:
^_^ i cant see a lawyer, at least yet cus i have no money (been saving for my new comp for ages :(), I will just let everyone know about it for now
Thanks for the input guys, much appreciated :)
a) I believe there are sites that will give out limited free legal advice... though you probably get what you pay for it will be a lot better than a bunch of Java hackers answering your question.
b) This is not a "just get sued" area of law but a "go to jail for an extended period" area of law. Though I guess you could get a lot of coding done in jail if they were lenient. ;)
Would make for an interesting scenic background for his webcasting thing 
3 Likes
hopefully they got wireless but seriously I probably wouldn’t mind going to jail, as you’ll appreciate what u have in life a lot more when u get out, but I never been so can’t say for definite
@wezrule2 said:
hopefully they got wireless :) but seriously I probably wouldn't mind going to jail, as you'll appreciate what u have in life a lot more when u get out, but I never been so can't say for definite
So in order to appreciate life better, your only option is prison? What about... trying to appreciate life.... right.... now?
When did I say its ur only option? I’m just saying a lot of people don’t realise what they have till its taken away from them, I.e a loved one, ur freedom or whatever. I’ve learned this the hard way as I’m sure other people have to. Those are the things that remind you of what u have and appreciate your life even more. You guys are more fortunate than other people, so don’t be so serious, let loose n have fun, u only live once after all
You can close this now, think its deviated enough from the original intention. I’m out for a week, need to get away from here 
pce
If you can’t block cheating in server side or without invading a user’s privacy, then let the players cheat. Doing manual control like taking screenshots, or watching running process, analyzing installed programs and follow up user’s rotine is, at the best perspective, anti-ethic. If developers aren’t competent enough to make games anti-cheat wihout invading user’s privacy and banning innocent people, just don’t do it at all. That’s just my thoughts.
What @Madjack said.
The client is running on the players hardware, so even if you block everything else they can still run bots/aim assists/whatever. The only way to block it is a controlled situation such as a tournament running on a LAN using supplied hardware - and even then you need to block internet access and USB ports/etc on those computers.
Even in the extreme case where you stream the game to them over the internet as video it’s still theoretically possible although it would certainly make the bots life harder.
ACtually quake ect you can just calculate serverside the amount of reaction a typical human has (3-10ms) + ping. Then the boundings of the objects. If a player kills another that was visible for less time than this (can all be calcualted serverside) you count a cheting point for him. if hes over a limit terminate him from tournament. (Especially in unreal with the ability to serverside scripting you have many tools doing similar approaches).
WallhacK? developer fault, if he cant see them he should not even know where they are. (again this could be done serverside witha simple ray casting to the other players boundingbox from eye positions)
The problem is mroe that this all adds up and especially mmos want as much per server as possible to keep costs low, so they leave everything but the most fundamental checks out.
Like I said, statistical techniques server side.
You can’t read anything into one lucky hit though. It needs to be consistently too fast and build up a pattern over time. But again this just limits but doesn’t eliminate the cheat. An aimbot that made me consistently equal to the best shooter in the world would not break the limits (because its humanly possible) but would certainly be me cheating. I used to run a text based PvP game back in the 90s and we had a long discussion on one guy as to whether he was cheating or not and in the end decided he most likely was as he was moving across the map twice as fast as anyone else could - and when we tried what we thought was the most likely way he was doing it it did look almost identical…but I did always wonder if we made the right call or not when we banned him.
If you think cheating can be stopped you are fooling yourself. What you can do though is make it as counter productive, hard and expensive as possible. You are absolutely right for example that the server should never send anything to the client that the client can’t see. The problem with that though (particularly on twitch games) is that the client needs the ability to pre-load stuff, etc. Imagine the situation where someone runs across a doorway. If the server only sends the message when they appear in the door then in a moderately laggy environment you would see them appear already half way across it and never get a chance to shoot them. So the server needs to send a bit in advance…so again the client has the potential to cheat.
On a related note I’ve been watching CCP’s latest anti-RMT tactics with interest and early signs are encouraging that they are having some impact:
http://community.eveonline.com/devblog.asp?a=blog&nbid=28581
http://community.eveonline.com/devblog.asp?a=blog&nbid=28628
I’ve said what I had to say on the subject. I certainly don’t want to start a flame-induced “discussion”.
@zarch
Your point on doorway is irrelevant though. That’s a static entity, and as such, the client should know where it is. But, anything player-controlled (or bot-controlled), or if you prefer dynamic, shouldn’t be sent to the player unless it’s visible/audible, I’ll agree with that.
@madjack
The doorway is static, someone crossing it is not.
Example:
You
####
X—>
You are standing by a wall looking through a doorway.
X is not visible to you but is moving in the direction of the arrow and is going to cross the doorway and become visible to you.
In order for the client to start displaying that correctly then as soon as they become visible in fact it needs to be sent to the client slightly before so the client can start the predictive tracking and movement etc. Otherwise due to latency etc X could already be half way across before you actually see them appear.
And in fact you can’t make the assumption that static entities should be known about. Fog of war could theoretically cover both static and non-static features. (Think civilisation for example).
I think you’re mixing things up @zarch or I’m misunderstanding.
That X is visible or not is irrelevant to its loading and displaying. At the game start, the server should send the mesh info, the texture info, everything related to “drawing” that player so that when encountered, it’ll be displayed without a load hitch.
If things are hidden by a fog-of-war then they’re dynamic, not static. BUT, if the door is visible to you even though it’s still in the fog-of-war (sniping, long-range vision, etc), it should be visible. At that point it becomes static and is drawn when visible. As for player X, the door’s asset is loaded at map-creation time.
He means the delay between player visible and data of that sent to client. (if you use a predicitng network system)
Visibility data should only be sent on a fact, not predictability result imo. But @zarch was speaking of loading time, so I’m not sure if that’s what he was talking about or not…
The term “loading time” was a bit vague I’ll agree but there isn’t really a short term I could think of for “the time between the server detecting that an object has become visible and sending that data to the client and the client receiving and acting on that data to display the object to the player”.
And yes for certain situations (i.e. a 16 player FPS match) you can pre-load everyone’s models. For an MMO though you wouldn’t want to have the dragon model and textures loaded in memory all the time just in case you walked around the corner and found one. However sending the “preload dragon” command to the client would be enough for a hacker to write a “dragon alert” alarm (so the arms race then has you send preload dragon commands at random … and so on and so forth).
That’s all I’m trying to say really: there are optimisations you can make for specific situations but there is no simple solution to the general case.
I absolutely agree that the general rule should be to send no data to the client that it shouldn’t know about. However sometimes for whatever reason (server load, efficiency, preserving quality for the client, etc) then you have to make compromises to that.
The key thing though is to be aware of that compromise and evaluate the consequences, risks and benefits and make sure it’s the right thing to do. Not to blindly just go ahead and then realize later that all your starcraft tournies are full of map hackers.
And none of them has competent developers to stop cheaters. You must understand that the computer area is not developed yet. Our machines are merely a prototype about what will come. This is total trash. IBM stated that it has quantum computers running since 2006. If they annouced that, imagine when they really had those computers running. In out kind of computers there will be cheaters in every game, and the only thing a game developer can do to avoid that is to give a good game for them. A good immersive game is the solution.
Find a cheater at Heroes of Newerth for example. They solved the problems of cheaters. What do exist in this S2 Games game is a mod exploitation that they fix from time to time, when discovered. Or you accept the fact you can’t make a PC game and launch it for the consoles.
Solutions exist for things, they just didn’t find it yet. How they are going to do it, I have no idea. Maybe invading everyone privacy like CISPA was approved and ACTA was signed by the governamments. That’s a really good way, just hack into everyone’s computer/link and see what they are doing.