Don’t blame the cheater, blame the game? Why we need a new approach to fighting cheats.
As cheating has become a critical issue to the viability of online multiplayer games, studios are engaged in an arms race with hackers to try to minimize it. But rather than compelling gamers to install ever more invasive monitoring software at the kernel-level, perhaps we should be looking for more creative solutions to the problem?
Background — the pre-internet era
Since the early years of the computer games industry, there have always been players that have attempted to skirt the rules. In the pre-internet era, game developers used to include cheat codes in games that unlocked benefits like extra lives, weapons, or invincibility. These codes were swapped on school playgrounds and published in the printed games magazines of the day.
Later, third-party companies got in on the act. The Game Genie was a pass-through device for Nintendo that sat between the game cartridge and console and patched additional code to the game to give the player extra benefits such as skipping levels or invincibility. Known for zealously guarding its intellectual property, Nintendo did not take kindly to the product, going as far as suing the device’s North American manufacturer Lewis Galoob Toys in 1992 for copyright infringement. Ultimately, the judge sided in favor of Galoob Toys, ruling that cheating in a game was similar to skipping a few chapters of a book or fast-forwarding parts of a movie.
Cheating affects far more players in the online age
But from the vantage point of the current video games industry, these historical debates seem almost quaint. Online multiplayer gaming has radically changed our perception of cheating. Rather than affecting one gamer’s journey in an isolated playing environment, it can now affect the fun and enjoyment of thousands of others. And with the rise of competitive esports and play-to-earn game mechanics, there could be real money on the line too. From the perspective of game companies, cheating has a negative effect on the jewel in their crown — the online multiplayer experience, a mode which is key to the appeal of many of their most profitable titles.
One of the most common scourges on games like Fortnite, Call of Duty, Overwatch, and Team Fortress 2 are aimbots, which enable cheats to automatically target and kill other players from large distances without any skill. Wallhacks are another prominent staple of cheat packs, which remove the textures from a level to enable players to see enemies through walls. So-called “lag switches” pose yet another means of cheating, by enabling players to deliberately reduce network bandwidth to a game to create lags. These delays can then be used by players to gain an advantage, sometimes simply by disrupting the other player’s rhythm, or by having more time to react to moves made by opponents.
Detecting cheats — a dangerous arms race
So what can be done to minimize cheating in the modern era? Just as before, most cheating typically relies on patching game code to confer additional powers or benefits to a particular player. The most common countermeasure against cheating involves installing additional software that monitors each player’s computer and flags any anomalous code running in the background. One of the most prominent is the Valve Anti-Cheat system that comes preloaded with Steam. Players who attempt to connect to a server on a computer with identifiable cheats installed will be handed down a so-called “VAC ban” which prevents that user from accessing the server again.
However, as games have grown massively in complexity and size, so has the cheat software. Hackers are constantly playing a game of cat and mouse with video game companies, with some even taking advantage of kernel-level exploits to gain an advantage. This means embedding the cheat code deep within the core of the system, making it undetectable to higher-level processes running at the standard user level. In response, game companies like Riot Games and Activision are deploying their own kernel-level processes to detect low-level cheat codes. This arms race poses some worrying implications for ordinary gamers, however, who face the risk that hackers could find an exploit in one of these kernel-level drivers and use it to gain wide-ranging access to the rest of their system.
If it’s too easy to open a new account, bans are ineffective
Once a player is unmasked as a cheat, their user account is typically banned. But this may not be a particularly onerous punishment if it is easy to set up a new account and keep cheating. In the traditional games sector, a number of solutions have been proposed to this problem such as introducing time delays in activating new accounts, banning entire devices based on their hardware fingerprint, or requiring registration with a valid mobile phone number.
In the Web3 gaming sector, staking could play a role in this sort of scenario. Players might be asked to stake a certain number of tokens to join a gaming server and if they are found to be cheating, their stake could be slashed. This would create a disincentive to cheating, without imposing any delays on opening an account or requiring personally identifiable information to be uploaded. The size of the stake could be tailored to the importance of the event, so the stake required to join a competitive esports match would be higher than a casual game with friends, for instance.
Is there a Web3 alternative to cloud gaming?
Some analysts are predicting that the advent of cloud gaming services like Playstation Now and Google Stadia could lead to a significant reduction in cheating. The thinking goes that in order for cheats to be effective, they need access to certain in-game information. An aimbot requires data about the precise coordinates of other players in the level to be effective, for example. If the vast majority of the game code is run on a cloud server and the player only has access to a “thin client”, however, many cheats would become useless.
While this solution sounds alluring, it comes at a cost. Firstly, it means that the player is no longer in control of the hardware running their own games. Secondly, it introduces additional fees — users typically have to pay a monthly fee to access such platforms, in addition to purchasing each game. Finally, there is no transparency for gamers about how the game engine operates when it runs on an isolated, closed system.
At Ajuna, we are using trusted execution environments (TEEs) to strike a balance between these priorities in the Web3 space. Developers can process certain game data, such as player moves or location coordinates, confidentially within a TEE linked to our blockchain network. This solution provides transparency to players about how the game operates while keeping specific data points that could be used by hackers secret. This provides an effective countermeasure to cheats, without forcing gamers to install invasive surveillance software with kernel-level privileges on their computer.
The role of social dynamics
An often underestimated factor when it comes to cheating is social interactions. A South Florida University study compared the social dynamics of cheating in video games to cheating in organizations. Enron, for instance, was one of the most high-profile corporate bankruptcies in history. Staff was divided into different groups based on their measurable performance. The top 15% of staff would receive additional bonuses, whereas those in the bottom 15% would be segregated into an isolated area and fired within a few weeks if they couldn’t improve. This hyper-capitalist management system of publicly celebrating one group while humiliating another created irresistible incentives to cheat. Workers began to exaggerate the profitability of their projects and falsify the numbers to avoid slipping down the rankings, which ultimately led to the downfall of the firm.
The study’s authors point out that just like corporations like Enron, many games divide players into very public categories of winners and losers. Gamers may face monetary consequences as a result of poor performance if their digital assets become less valuable. But the social stigma of having a lower public ranking and no longer being able to enter the same matches might be even worse. Perhaps one approach to dealing with cheating is creating games with more multifaceted objectives and a less clear distinction between winners and losers. Some games might even choose to dispense with public leaderboards entirely and let players simply play for the fun of it. But there is also considerable social prestige in not being a cheat. In the Web3 space, tokens can be used to celebrate gamers who play by the rules and have friendly rivalries with their opponents. At Ajuna, we are using our dedicated TrustScore token for this purpose.
Wrap-up and conclusion
In the post-internet era, cheating has moved from a niche copyright concern to an issue that affects the enjoyment of millions of players daily. As hackers become increasingly sophisticated in their techniques, the anti-hacking systems deployed by studios have become more invasive and privileged, with considerable security risks for gamers. By using measures like staking and trust tokens, and leveraging technologies like trusted execution environments, Web3 game platforms like Ajuna can help to minimize cheating while protecting the autonomy of gamers.