Browse Source

Publishes a post about the new Riot Games anti-cheat policy

master
Samuel FORESTIER 3 months ago
parent
commit
85a9a3b792
5 changed files with 97 additions and 0 deletions
  1. +85
    -0
      _posts/2020-04-18-possible-hot-take-about-the-new-riot-games-anti-cheat-policy.md
  2. BIN
      img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png
  3. BIN
      img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png
  4. BIN
      img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png
  5. BIN
      img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png

+ 85
- 0
_posts/2020-04-18-possible-hot-take-about-the-new-riot-games-anti-cheat-policy.md View File

@@ -0,0 +1,85 @@
---
title: "Possible hot take about the new Riot Games anti-cheat policy"
date: 2020-04-18 13:01
url: possible-hot-take-about-the-new-riot-games-anti-cheat-policy
layout: post
category: Articles
image: /img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png
description: "No, shipping and executing proprietary low-level code is a terrible idea"
---

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)

### Introduction

> As an introduction to the _League of Legends / Riot Games / Tencent Holdings_ environment, I will only paste what I have written for an other unpublished post :

[League of Legends](https://na.leagueoflegends.com/en-us/) (below, "LoL") is a [MOBA](https://en.wikipedia.org/wiki/Multiplayer_online_battle_arena) still developed by its original publisher : Riot Games (USA).
Riot Games is, and has been for some years now, [owned at 100% by Chinese (Tencent Holdings)](https://www.polygon.com/2015/12/16/10326320/riot-games-now-owned-entirely-by-tencent).
There are **still** [some serious working conditions issues at Riot place](https://kotaku.com/riot-employees-prepare-for-walkout-today-1834553458).

### The Subject

Some weeks ago, I've come across this click-baiting-but-technical blog post from Riot : [/dev/null: Anti-Cheat Kernel Driver](https://na.leagueoflegends.com/en-us/news/dev/dev-null-anti-cheat-kernel-driver/).
The main goal of this _solution_ is to load their anti-cheat in a more privileged environment than the cheats' one.
I was not very keen about the idea (and I am not alone), but I naively thought that we would have some months ~~of idealogical struggling~~ ahead before really dealing with such an intrusive technology.

But more recently, it finally appeared ["Project A" has been renamed to "VALORANT"](https://www.newsweek.com/project-riot-games-reveal-date-what-valorant-leaks-1489735) and is already "available" through a really odd process, including another third-party platform (one more obscure partnership ?) :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)

Anyway, VALORANT, running in BETA with currently only few players, is acting as a _production-grade_ testing environment for their new [Vanguard anti-cheat solution](https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard-).

Now look, let's check again what an operating system kernel is _supposed_ to do (from the [Wikipedia page](https://en.wikipedia.org/wiki/Kernel_(operating_system))) :

> The kernel performs its tasks, such as running processes, managing hardware devices such as the hard disk, and handling interrupts, in this protected kernel space.

Please help me, I can't manage to find the part specifying it gives a special access to vendors for shipping their [BLOB](https://en.wikipedia.org/wiki/Binary_large_object), running in a privileged and dangerous environment :roll_eyes:

In computer science, if engineers happened to separate what is a matter of **applications** from what is a matter of **system**, there were (and there still are) good reasons.
Intel _thought_ it could mix those, [it ended up very badly](https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/).
And I mean, what could be _more_ "applicative" than softwares developed by a video games company ?

> And guys, I don't expect the world to get [a C.S. degree to remove an **application** from their system](https://support-valorant.riotgames.com/hc/en-us/articles/360044648213-Uninstalling-Riot-Vanguard) :cry:

The point is, and I'm looking at you Riot, your code **will** contain vulnerabilities. It's a fact, as [it contains code rendering a "service"](https://github.com/kelseyhightower/nocode).
And you can argue it might be the most legitimate BLOBs Earth would ever known, it **will** anyway.

What would happen if a [0-Day](https://en.wikipedia.org/wiki/Zero-day_attack) is (un)discovered ?
You would have (maybe) prevented a _minority_ from bothering _a part_ of the community, and greatly exposed _tens Millions_ of players.
Is it worth the risk ?
If I were a company's CSO, I would not accept it.

> Personal two cents about cheating in LoL : In 7 years and thousands of games played, I only encountered a _scripter_ **once** and, thanks to him, it wasn't even in Solo Queue :smile:
> Personal two cents direct comment : Maybe we (EUW players) are relatively _spared_ from _cheaters_ ? Do [your statistics only address NA](https://na.leagueoflegends.com/en-us/news/dev/dev-removing-cheaters-from-lol/) ?

List of (not-so)naive advices for Riot Games in their difficult fight on this (important) matter :

* Abandon this idea (yeah, I know, sunk costs and friends) ;

* Prefer the "human" approach by enhancing the `Report` feature if it requires to ;

* [Restore the Tribunal](https://nexus.leagueoflegends.com/en-us/2018/08/ask-riot-will-tribunal-return/) if you have to (??) ;

* If you **really** want to keep your low-level stuffs being used, please [make them Open-Source and publicly audited](https://protonmail.com/blog/bridge-open-source/).

I do **hope** too that you know you will ~~f\*ck~~ impair _all_ LoL GNU/Linux users once the official public client will be "patched" (and [Lutris is already discouraging new players from "picking up League"](https://lutris.net/games/league-of-legends/) :ok_hand: :joy:) :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)

> By the way, how are you gonna handle MacOS players ? Are you on the verge of coding a BSD kernel module too ?

Anyway, I hope you also well-comprehend the problem of being **owned** by a Chinese group.
If, one day maybe, [Tencent](https://en.wikipedia.org/wiki/Tencent) decides to take over Riot's games development back to China, players would end up having a **ring-0** piece of software [(in-)directly handled by the Communist Party](https://gizmodo.com/5-things-to-know-about-tencent-the-chinese-internet-gi-1820767339#h209798) :100:

> Note to Epic Games shareholders : Don't be stupid, [keep those determinant 10% to stay you out of this contingency](https://www.polygon.com/2013/3/21/4131702/tencents-epic-games-stock-acquisition).

So here we are, just wanted to add my two cents on the subject from my own PoV, hoping that divergent thoughts are the way forward to a better world, and that we _cannot_ let [those news handled by business vendors](https://steelseries.com/blog/valorant-anti-cheat-how-will-it-work-188) :

[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)

> Yes, the link refers to a store page to **buy** a product.
> No, it's not a joke (click on the link above if you don't trust me).

To conclude, I'd refer to this [Reddit thread](https://www.reddit.com/r/VALORANT/comments/fzxdl7/anticheat_starts_upon_computer_boot/), like often, encountered **after** the post redaction...
... and good luck to Riot that will have to deal with [all of these users (well-)thinking that their computer is spying on them](https://www.videogamer.com/news/riot-rebukes-allegations-that-valorants-anti-cheat-system-is-spying-on-players), because that's definitely what their new "driver" is doing.

BIN
img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png (Stored with Git LFS) View File

oid sha256:1d1e3e8e427917414e9a344ed21f49c22517717b7c3a6809138b6927d8843bc4
size 22855

BIN
img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png (Stored with Git LFS) View File

oid sha256:89fe16d966fec16c02b2271c29a5d85f45030591eab2461891877b13305a5543
size 347567

BIN
img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png (Stored with Git LFS) View File

oid sha256:1ceb8cfcdd82bb8c02cd130c3bf4887f4ee2db198fcd51dfe2dcd1e26f8315a4
size 34664

BIN
img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png (Stored with Git LFS) View File

oid sha256:58c532012d97295d60aeea562521472616a523c8d2b0c60cad4da7d47a6d5539
size 17549

Loading…
Cancel
Save