61
submitted 19 hours ago by beep@piefed.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] neatchee@piefed.social 4 points 19 hours ago

Open source competitive multiplayer games would be catastrophically compromised.

[-] tabular@lemmy.world 2 points 2 hours ago

Do you suppose games only using obfuscation as security? In turn-based games you have the time to not trust client infomation and real-time games could give the client less info until it's actually needed. There would still be cheating via outside communication or outside tools.. as cheating isn't technical issue solved by denying user software freedom - it's a social issue.

[-] tabular@lemmy.world 1 points 2 hours ago* (last edited 2 hours ago)

Invested players tolerate a level of cheating and banned cheaters often re-buy the game again. There is a monitary incentive to have some cheaters in proprietary multiplayer games.

Open source client/server multiplayer games permit endless redistribution - new server hosters can exist. A server that falls to a bad temptation can be replaced by players migrating elsewhere.

[-] squaresinger@lemmy.world 4 points 15 hours ago

Not really. Games have very similar security implications as any other server/client software.

You are right now reading on exactly such a system, which is open source, and still you don't see massive amounts of hacks targeting lemmy or piefed.

The premise is simple: Never trust the client. The border you have to defend isn't the border between the client software and the user, but the one between the client and the server. Always treat the client software as compromised.

In terms of games that means:

  • All game state calculation happens on the server. The client sends to the server what it wants to do, the server sends what happens. So instead of the client sending "The player is now at position XY", it sends "The player is walking forwards". The server calculates the speed, distance and new position and returns that to the client.
  • The server only sends the client things the player should know. If the enemy unit is not visible, it is not sent to the client.
[-] neatchee@piefed.social 3 points 11 hours ago* (last edited 11 hours ago)

Are you a videogame networking engineer? Because you've just handwaved away one of the most difficult challenges in gaming as if it were "duh that's easy" level simple.

I can link you some GDC videos that talk about how hard this problem is if you want

ETA: Also you've only addressed memory modification attacks. This does not address external aimbots that read memory to determine enemy player position and then send legitimate-but-automated inputs to aim and shoot. How do you stop cheaters from doing this when they can see exactly how data is structured in memory, how values are obfuscated, etc?

[-] DaleGribble88@programming.dev 4 points 10 hours ago

Different person, but isn't this already a problem with closed source games? My game dev experience is more hobbyist than professional, but I've spent a few lonely hours on ghidra. I also teach secure coding at my university, but I focus more on how to patch legacy systems and audit code for vulnerabilities. My point is that closed source vs open source, I see this as an issue in both systems and therefore irrelevant. Pardon my ignorance on this exact topic.

[-] Doomsider@lemmy.world 4 points 16 hours ago* (last edited 16 hours ago)

Why?

If you can't write your game in a way to prevent cheating it really doesn't matter.

I would argue that the only way to ensure trust in the competitive arena is to open source.

Could you imagine sports being played without defined rules?

Cheating is about a design challenge related to how clients and servers communicate and has nothing to do with the source code being public.

[-] neatchee@piefed.social 1 points 11 hours ago

Cool. So tell me how to write a game engine that cannot have its memory read to determine enemy player position with precision and then automate aiming and trigger pulls in a first-person shooter

You have no idea how hard anti-cheat is or how determined attackers are because of the profit incentive.

[-] Doomsider@lemmy.world 2 points 10 hours ago

It really depends on your goal. Obviously you can eliminate most cheating by a server model that never trusts the client.

This does not eliminate other possible client side cheating such as wall hacks or aim bots.

As I said, there is a logical problem to solve here because in the case of wall hacks (ie seeing enemies through walls) the client needs enough information to be able to show an enemy around a corner quick enough to make sense for a FPS. Visibility calculations are entirely possible and I am sure you could find creative ways to limit this as much as possible.

Aim bots or trigger bots are a lot harder, but for competitive games heuristic based anticheat shows a lot of promise without having to hook the kernel in a losing game of cat and mouse.

this post was submitted on 06 Jul 2026
61 points (95.5% liked)

Technology

86110 readers
3706 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS