HorlogeSkynet
/
blog
1
0
Fork 0
Code Issues Pull Requests Releases Activity
blog/_posts/2020-04-18-possible-hot-tak...

86 lines
7.5 KiB
Markdown
Raw Permalink Blame History

---
title: "Possible hot take about the new Riot Games anti-cheat policy"
date: 2020-04-18 13:01
url: possible-hot-take-about-the-new-riot-games-anti-cheat-policy
layout: post
category: Articles
image: /img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png
description: "No, shipping and executing proprietary low-level code is a terrible idea"
---
[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_1.png)
### Introduction
> As an introduction to the _League of Legends / Riot Games / Tencent Holdings_ environment, I will only paste what I have written for an other unpublished post :
[League of Legends](https://na.leagueoflegends.com/en-us/) (below, "LoL") is a [MOBA](https://en.wikipedia.org/wiki/Multiplayer_online_battle_arena) still developed by its original publisher : Riot Games (USA).
Riot Games is, and has been for some years now, [owned at 100% by Chinese (Tencent Holdings)](https://www.polygon.com/2015/12/16/10326320/riot-games-now-owned-entirely-by-tencent).
There are **still** [some serious working conditions issues at Riot place](https://kotaku.com/riot-employees-prepare-for-walkout-today-1834553458).
### The Subject
Some weeks ago, I've come across this click-baiting-but-technical blog post from Riot : [/dev/null: Anti-Cheat Kernel Driver](https://na.leagueoflegends.com/en-us/news/dev/dev-null-anti-cheat-kernel-driver/).
The main goal of this _solution_ is to load their anti-cheat in a more privileged environment than the cheats' one.
I was not very keen about the idea (and I am not alone), but I naively thought that we would have some months ~~of idealogical struggling~~ ahead before really dealing with such an intrusive technology.
But more recently, it finally appeared ["Project A" has been renamed to "VALORANT"](https://www.newsweek.com/project-riot-games-reveal-date-what-valorant-leaks-1489735) and is already "available" through a really odd process, including another third-party platform (one more obscure partnership ?) :
[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_2.png)
Anyway, VALORANT, running in BETA with currently only few players, is acting as a _production-grade_ testing environment for their new [Vanguard anti-cheat solution](https://support-valorant.riotgames.com/hc/en-us/articles/360046160933-What-is-Vanguard-).
Now look, let's check again what an operating system kernel is _supposed_ to do (from the [Wikipedia page](https://en.wikipedia.org/wiki/Kernel_(operating_system))) :
> The kernel performs its tasks, such as running processes, managing hardware devices such as the hard disk, and handling interrupts, in this protected kernel space.
Please help me, I can't manage to find the part specifying it gives a special access to vendors for shipping their [BLOB](https://en.wikipedia.org/wiki/Binary_large_object), running in a privileged and dangerous environment :roll_eyes:
In computer science, if engineers happened to separate what is a matter of **applications** from what is a matter of **system**, there were (and there still are) good reasons.
Intel _thought_ it could mix those, [it ended up very badly](https://www.zdnet.com/article/minix-intels-hidden-in-chip-operating-system/).
And I mean, what could be _more_ "applicative" than softwares developed by a video games company ?
> And guys, I don't expect the world to get [a C.S. degree to remove an **application** from their system](https://support-valorant.riotgames.com/hc/en-us/articles/360044648213-Uninstalling-Riot-Vanguard) :cry:
The point is, and I'm looking at you Riot, your code **will** contain vulnerabilities. It's a fact, as [it contains code rendering a "service"](https://github.com/kelseyhightower/nocode).
And you can argue it might be the most legitimate BLOBs Earth would ever known, it **will** anyway.
What would happen if a [0-Day](https://en.wikipedia.org/wiki/Zero-day_attack) is (un)discovered ?
You would have (maybe) prevented a _minority_ from bothering _a part_ of the community, and greatly exposed _tens Millions_ of players.
Is it worth the risk ?
If I were a company's CSO, I would not accept it.
> Personal two cents about cheating in LoL : In 7 years and thousands of games played, I only encountered a _scripter_ **once** and, thanks to him, it wasn't even in Solo Queue :smile:
> Personal two cents direct comment : Maybe we (EUW players) are relatively _spared_ from _cheaters_ ? Do [your statistics only address NA](https://na.leagueoflegends.com/en-us/news/dev/dev-removing-cheaters-from-lol/) ?
List of (not-so)naive advices for Riot Games in their difficult fight on this (important) matter :
* Abandon this idea (yeah, I know, sunk costs and friends) ;
* Prefer the "human" approach by enhancing the `Report` feature if it requires to ;
* [Restore the Tribunal](https://nexus.leagueoflegends.com/en-us/2018/08/ask-riot-will-tribunal-return/) if you have to (??) ;
* If you **really** want to keep your low-level stuffs being used, please [make them Open-Source and publicly audited](https://protonmail.com/blog/bridge-open-source/).
I do **hope** too that you know you will ~~f\*ck~~ impair _all_ LoL GNU/Linux users once the official public client will be "patched" (and [Lutris is already discouraging new players from "picking up League"](https://lutris.net/games/league-of-legends/) :ok_hand: :joy:) :
[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_3.png)
> By the way, how are you gonna handle MacOS players ? Are you on the verge of coding a BSD kernel module too ?
Anyway, I hope you also well-comprehend the problem of being **owned** by a Chinese group.
If, one day maybe, [Tencent](https://en.wikipedia.org/wiki/Tencent) decides to take over Riot's games development back to China, players would end up having a **ring-0** piece of software [(in-)directly handled by the Communist Party](https://gizmodo.com/5-things-to-know-about-tencent-the-chinese-internet-gi-1820767339#h209798) :100:
> Note to Epic Games shareholders : Don't be stupid, [keep those determinant 10% to stay you out of this contingency](https://www.polygon.com/2013/3/21/4131702/tencents-epic-games-stock-acquisition).
So here we are, just wanted to add my two cents on the subject from my own PoV, hoping that divergent thoughts are the way forward to a better world, and that we _cannot_ let [those news handled by business vendors](https://steelseries.com/blog/valorant-anti-cheat-how-will-it-work-188) :
[![A missing blog post image](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)](/img/blog/possible-hot-take-about-the-new-riot-games-anti-cheat-policy_4.png)
> Yes, the link refers to a store page to **buy** a product.
> No, it's not a joke (click on the link above if you don't trust me).
To conclude, I'd refer to this [Reddit thread](https://www.reddit.com/r/VALORANT/comments/fzxdl7/anticheat_starts_upon_computer_boot/), like often, encountered **after** the post redaction...
... and good luck to Riot that will have to deal with [all of these users (well-)thinking that their computer is spying on them](https://www.videogamer.com/news/riot-rebukes-allegations-that-valorants-anti-cheat-system-is-spying-on-players), because that's definitely what their new "driver" is doing.
Reference in New Issue View Git Blame Copy Permalink