The increasing number of players reporting problems with players hacking or cheating, including speed hacks, teleports and walking though solid objects is worrying me because these kinds of exploits should not really be possible in the client-server model of game design that ArenaNet once thought out for Guild Wars 1. (Where only inputs like keystrokes and mouse clicks are sent over to the server) Of course, not all cheating can be prevented. For instance, there always will be software that mimics the input of a player to automate gameplay (bots). But the above cheats are of a different kind.

I haven't seen much of these in-game, except for one time where I witnessed an enemy player moving straight through a wall and gate of a tower in WvW. I videotaped it with shadowplay and sent the link to Exploits@Arena.Net but never got a reply. But this makes me wonder how these cheats are possible and what ArenaNet is doing design-wise to make the game resistant against these problems.

For information: Here is an old design article from ArenaNet about the anti-cheating design of GW1.

Game Cheats and Cheat Prevention

By Mike O'Brien & Gaile Gray

Introduction

Cheating is one of the most hotly debated issues in gaming today. What is cheating? Is a cheat ever “not really a cheat?” Does all cheating affect the game world in which you play, or are some cheats totally benign? Does “everybody do it?”

A cheat is defined as a process, a code tweak, an exploitation of a glitch, or a hack that allows the player to engage in behavior that isn’t intended within the context of the game. Cheating is exploiting weaknesses in the game’s architecture to, for example, allow a player to kill another player’s character where or when he should not be vulnerable; to have items that the character isn’t supposed to have, either through duplication of legitimate items or by means of taking items belonging to another player; or to know information that isn’t intended to be known, which gives the person using the cheat an edge in competitive play.

In this article we'll examine how players are able to cheat in online games, and how game technology has progressed over the years to address this problem. We'll explore in-depth how cheating affected some of the very games that we helped to develop. Naturally, our observations about cheats in these games would apply equally to other games that use the same network architectures.

Early Games: Townkill in Diablo

How susceptible a game is to cheating is largely defined by its network architecture. The easiest type of multiplayer game to program, and also the easiest type to cheat in, is an “asynchronous peer-to-peer game.” In this network architecture, each player’s computer is responsible for modeling his character and all of his character’s interactions with the world, and notifying other computers of the results.

One can compare playing an asynchronous peer-to-peer type of game to playing a game via the telephone. If a player says, “I hit you for 20 points of damage” and there are no means by which that amount of damage can be verified as possible and reasonable for the attacker to inflict, the other player has no choice but to register 20 points of damage. So if the would-be cheater finds a way to send a message claiming he has inflicted greater damage than is actually possible for his character to inflict, he can quickly gain experience points and reach godlike character levels.

A famous example of this was the Townkill cheat in Diablo. The starting town in Diablo was intended to be a safe zone where players couldn’t attack each other. However, even though it wasn’t possible to attack other players through the game’s user interface, hackers were still able to force the game to send a message over the network saying essentially “I hit you for 20 points of damage”. With Diablo’s network model, other computers in the game would simply accept the message and dutifully subtract 20 hit points from their character.

There were a few reasons why people used this cheat. One gamer we talked to explained, “Pking was so easy in Diablo, it got old. But when Townkill came out I loved killing them in town, it’s just totally unexpected, they’re like ’WTF?’” Another, referring to the fact that characters in Diablo drop their equipment when they die, stated, “It’s a way for me to get good stuff without the hassle of finding it myself.”

What is the solution to this sort of cheat, or how can it be prevented? This particular cheat was possible for Blizzard to address. Since players weren’t supposed to be able to do damage to each other in any way in town, Blizzard made the receiving computer ignore any incoming damage messages while it was in town. However, the hackers quickly adapted and created other types of cheats that Blizzard couldn’t address, such as the ability to walk into any dungeon level and kill everyone on that level. As the cheats became more sophisticated, the receiving computer couldn’t know for sure whether the message it was receiving was generated by a cheat or by a legitimate action of another player, so it had no choice but to accept the result.

Eventually, as most gamers know, cheating destroyed Diablo’s economy, and forced honest players to avoid playing with strangers. There were many games released around the time of Diablo that used the same networking model, and they were all susceptible to this type of cheating. Diablo merely had the distinction of being one of the most popular online games, which made it one of the most popular targets for cheaters.

The Next Generation: MapHack in StarCraft

Blizzard’s Warcraft and StarCraft games use a different network architecture known as ”synchronous peer-to-peer.”’ In this architecture, every computer models every player in the game. The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

As you can probably imagine, programming a synchronous peer-to-peer game is tricky. When one player clicks on another player to attack him, both computers must model the attack in exactly the same way and produce exactly the same result. If they don’t, then the game will diverge to the point where it’s playing differently on the two computers, and it will never get back in sync because the two computers never share any information except mouse and keyboard clicks. To keep the game in sync, both computers must start the game at the same moment and with identical starting conditions, and then they both must process mouse and keyboard input from each player at exactly the same time. This makes synchronous peer-to-peer games slightly more susceptible to lag than other types of games, because if one computer is not able to communicate even for a moment, the other computers can’t continue the game until they re-establish contact.

Unfortunately, even a synchronous peer-to-peer game does not solve cheating. It prevents players from taking actions that they couldn’t have taken legitimately, because the only messages they can send over the network are mouse and keyboard input. However, it requires that all computers in the game share their mouse and keyboard input with all other computers in the game, and this means that hackers can develop means to expose information that the player isn’t supposed to know.

For example, a common cheat in StarCraft is called MapHack. This cheat takes advantage of the fact that your computer always knows what the other players in the game are doing, even though it doesn’t normally display that information to the player. The MapHack cheat modifies StarCraft so that it displays the position and action of every unit on the entire map, whether the player has explored that part of the map or not.

There are those who argue that since MapHack doesn’t involve actual “damage” to the opponent it could be called harmless. Unfortunately, the truth is that map hacking creates a severely unbalanced playing field which is as damaging to the play experience as any other type of cheat. If a player has a full map view, he can look into his enemy’s base and judge precisely what the player will be sending his way in the form of an attack. In StarCraft, if you see a few Stargates going up, you can anticipate that your opponent is going to attack primarily by air, whereas if you see a couple of Robotics Facilities and their Support Bay, you might anticipate a Reaver Drop. What’s even worse is that with map hacking, the victim often doesn’t know that the reason he lost the game was due to cheating.

Why do so many gamers use MapHack? As Patrick Wyatt said in his article last month, this seems to be another of those “I had to hit you first, before you hit me” situations. Many players seem to believe that “everyone uses it,” and feel that if they are going to compete on a level playing field they should use it, too.

We asked a StarCraft ladder observer how MapHack has affected the community. He told us that top players have adapted by playing games on local area networks instead of on the Internet. When players compete on a LAN, there are often observers watching them play, and “if the player uses MapHack, it will be seen at a glance.” When asked about the official StarCraft Ladder, his response was, “Oh, nobody cares about the StarCraft Ladder any more… it’s all rigged.” This is just one person’s opinion, of course, but others have speculated that without observers, it is possible that any or all ladder players could be using MapHack and there is little that can be done to prevent its use.

Any game that uses a synchronous peer-to-peer network architecture is susceptible to map hacking. Since Blizzard can’t prevent map hacking in StarCraft, some have proposed that they level the playing field by including it as an option in the game setup screen, like “shared vision” or the choice of map. However, playing with the map revealed removes much of the strategy from the game. Blizzard may not be able to stop MapHack, but they’re not willing to embrace it, either.

Another concern with peer-to-peer games is that, since the computers communicate directly with one another, each player’s IP address is revealed to everyone else in the game. A sophisticated hacker can trace these addresses to find the real life identities of his opponents, sometimes even to the point of obtaining an address or phone number. Furthermore, if the victim’s computer hasn’t been patched with the latest security updates from Microsoft or Apple, a malicious hacker could attack the computer with the goal of crashing it, destroying important data, or accessing personal files.

This privacy concern has caused many companies to reevaluate the viability of producing peer-to-peer games. For Warcraft III, Blizzard is using a modification of the synchronous peer-to-peer architecture called “hosted peer-to-peer”, in which messages from one player to another are bounced off one of Blizzard’s servers rather than being sent directly between computers. This change doesn’t impact cheating, but it does prevent players from seeing each other’s IP address, which eliminates the privacy problem.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Of course, the server can now do anything and see everything, so all of the players in the game must completely trust the person running the server. Games like Quake and Half-Life use a client/server network model and place no restrictions on who may run a server. When players connect to a server they haven’t used before, they will sometimes discover that the server operator is cheating. He may engage in obvious cheats, like summarily killing players he doesn’t like, or he may engage in subtle cheats, like giving his friends a slight advantage in combat. Either way, it is up to the players to discover that the server operator is cheating and stop playing on that server.

It would be much more damaging if a role playing game used the client/server networking model without restricting who could run a server. Role playing games usually center around character development, where players play the same character over many games, advancing his skills and finding new items for him to use. If a player connected to a server that was being run by a cheater, then the server operator could potentially steal all his items, or otherwise destroy his character, before the player was able to identify that the server was cheating and disconnect. Because of this possibility, when role playing games use the client/server networking model, they typically do not allow untrusted players to run their own servers. Instead, they use what is called a “hosted” environment, in which the game publisher uses its own computers as servers.

As you can imagine, setting up a hosted environment is both challenging and expensive. Depending on the popularity of the game, it may involve purchasing hundreds of computers, and operating them in data centers around the world. In addition to buying all the computers and hiring a staff to keep them all running, the game publisher must also pay for all of the bandwidth that they use. Despite the effort and expense, the industry is moving more and more in this direction, because it’s the only way to approach the ideal of a cheat-free environment. Examples of games that use a hosted client/server architecture include Diablo II, EverQuest, Ultima Online, Asheron’s Call, and Dark Age of Camelot.

Even when the game developer uses a well-written client/server networking model and controls all of the servers, it is still possible for cheating to occur, simply because games are written by humans, and human programmers will always make subtle mistakes that malicious users can exploit.

The most notorious type of cheating that takes place in hosted client/server games is item duping: taking a valuable item in your inventory and making an exact copy of it. To do this, players find and exploit a bug in the program. For example, they may try unusual combinations of actions that they don’t think anyone has ever tested before, hoping to find something they can do that will crash the game server. If they can find a way to consistently crash the game server then they can often use that knowledge to duplicate items. To do so, they simply hand a valuable item to an accomplice, who then immediately logs off, causing his character to be saved to disk. Then they crash the server before it has an opportunity to save their own character to disk. When the server comes back up, both players should have the item in their inventories.

In an online role-playing game, the most involving facet of character development and item acquisition might be rarity. It is rare to see a character over level 100 in Asheron’s Call. It is unusual to come across someone who has the entire Astrilite Set in Dark Age of Camelot. You don’t usually spot a character with +500% Magic Find in Diablo II. Being able to develop special characters, and having the ability, time and luck to acquire items that are rare and unusual, are two of the more rewarding aspects of a game. These two things set a player apart from the norm, and give him certain “bragging rights” in the game world.

When duping runs rampant in a game, suddenly the rare item that a player acquired legitimately is nearly valueless. Everyone in Diablo had the Royal Circlet; everyone had an Obsidian Ring of the Zodiac. In Asheron’s Call, the original Greater Shadowhunter Armor was removed by the developers because it was determined to be too powerful for the game. The removal created an even greater demand for this rare item, driving prices on eBay up to $500. However, heavy duping eventually destroyed the rarity of this item and forced the developers to return it to the game, so that the cheaters would not have a continuing unfair advantage.

So the greatest injustice perpetrated by those who cheat is that they destroy the game world’s economy for all players. And once corrupted, it is impossible to salvage the delicate balance of a game world’s economy and return to character development and item acquisition the value and the significance they once held.

Item duping can be solved. At one level, since it relies on players exploiting bugs in the software; it can be solved by fixing those bugs. At a more fundamental level, game designers can change the way characters are saved to disk, or the way items are assigned to characters, so that even if a player can crash a server, he can’t exploit that fact to duplicate items.

This is typical of the types of cheating that are possible with hosted client/server games. The client/server network model is the most secure that we as game developers have available to us. It isn’t fundamentally susceptible to cheating like other network models are. At the same time, it doesn’t guarantee a cheat-free game.

Mistakes in game design and implementation can always creep in and enable unforeseen types of cheating. At the end of the day, game developers need a lot of experience with network gaming so that they can foresee and avoid these problems, and they need to be able to quickly react to and fix problems that crop up after the game is released. At ArenaNet, we are committed to keeping cheat prevention and cheat resolution as one of the primary objectives of our game development process.

Written by ArenaNet:https://web.archive.org/web/20060703092205/http://www.arena.net:80/news/articles/mikearticle040802.html

As I have said before.. talk is cheap.. actions speak louder than words and that is what's lacking with GW2 imo - not just by trying to fix code or write nice essays on the issues.. but actually banning them proper for it not just warn them or send them to Coventry for 24hrs..Get rid and then the warn the whole community, but mean it. Only then will the ToS really become the deterrent.

^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

Its not possible to ban someone from playing an MMO forever.Anyone can buy a copy of the game, and logon with a differant IP and differant email address than they used last time they played.Many people who play now have an ISP that uses dynamic IP so their IP addresses change periodically , or people play using ISPs that use double NAT so banning that IP also bans many other players as well.

Its' nice.. really good read.. but does not say anything helpful or offer any comfort in regrades to Anet dealing with hacks in this game going forward.

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

I see no reason to refund them the purchase.

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

refund? lol...

@ReaverKane.7598 said:

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

Well if they give out permanent bans they really should, just to cover their backs.

@Blude.6812 said:

@ReaverKane.7598 said:

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

So, spend freely, play until bored, do something ban worthy, collect refund and find a new hobby? Brilliant....

@Blude.6812 said:

@ReaverKane.7598 said:

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

No ...when you buy the game you are buying access to it and use comes only possible after agreement to the Tos.If you then wanna go off and abuse and exploit the game I some way shape or form you are breaking that agreement and no refund is necessary as long as you can hold up the reasoning for the ban.If refunds are the results of perma bans then it defeats the object and will just become something else the players can abuse...add to that they will simply go buy another copy with their refund and rinse repeat the process. Goldellers would have a field day

Another game that I play stays on top of issues like these and frequently fixes the game to lock out programs that help them cheat. After that, they ban thousands of people using them, no refunds. No mercy.

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

Why refund? They have to suit them self for breaking the rules. I've never heard of someone getting refund from being banned from their local bar for missbehavior.

Screw a refund keep their money, if they want to cheat to win a game when anyone who put in some work could obtain the same results keep their money and permanently ban them. Unchecked cheaters only ruin fanbase and games anyway, moreover what about getting on top of the websites that they are obtained from instead of letting such sites exist to begin with?

Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

-

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

How can a player use speed hacks or walk through walls when only keyboard/mouse inputs are sent to the server? It should be technically impossible, but apparently it is not. it looks like there IS a way for cheat programs to send messages like the server like "My character Anna is currently moving with speed X on coordinates XYZ". This is fundamentally different than a client just sending keystrokes and mouse movement to the server.

@Blude.6812 said:

@ReaverKane.7598 said:

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

AhAhAhAhAhAhAhAhAhAhAhAHAH

@"TheQuickFox.3826" said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

That's for GW1. You have to understand that article by MO was for GW1, not GW2.> @Shirlias.8104 said:

@Blude.6812 said:

@ReaverKane.7598 said:

@Blude.6812 said:^ yep--refund their purchase and ban (forever)everything about the account (IP/e-mail/provider etc.)

^ :+1:

@ReaverKane.7598 said:

@"TheQuickFox.3826" said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Of course I understand this. But why would a company who clearly made great efforts to design GW1 right, not use the same fundamental design decisions for GW2?

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Because GW1 was completely instance based. They could create individual server instances with a maximum of 12 players per map (or more like 50 for town/outpost maps) This means that individual latency is less of an issue than when 150+ players are all communicating with the same server instance. When you move to a less instanced game like GW2, you have to rely more on client side positional data... so if someone's client says the character's position is one place, when the server thinks it should be another, you start to see some corrective actions being taken to make up the difference. A lot of times it will side with the client over the server but when it doesn't that's when you see rubberbanding, other players jumping around, etc. (The massive amounts of de-sync over the last week or so is an example of this). The anti-cheat coding is based on whether a player is getting from point a to point b faster than he should be able to walk/run/glide/mount (based on the data the server recieves on character state). Speed hacking is much easier to spot, and easier to ban than short distance teleports, and as a result, as long as you preserve the speed data that the detection software thinks you should maintain, there's no reason you couldn't send positional data that puts you, say, on the other side of a wall... or floating in the air. I imagine mounts have made this infinitely more complicated for ANet.

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Because GW1 is essentially a single-player game. It's more diablo than WoW, GW2 on the other hand isn't.Also it's easier to restrict that data if players can't jump, hence you can establish constraints to where the player character can be positioned. In GW2, especially with gliding involved the lag between server and player can (and did in the past until they changed it to be client side) mean that you'll fall flat on your face and die before the server acknowledges your glider's deployment.

@Sojourner.4621 said:

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Yes, also GW1 was mostly Peer to Peer connections, which reduced the load immensely. So much so that they still have the game running with 4 servers iirc, on a corner of the GW2 infrastructure.

The need to start doing more client-side computations began with gliders, not really mounts, mounts just carried over what was there for gliders.

@ReaverKane.7598 said:

@Sojourner.4621 said:

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Well for sure it started with gliders, but mounts allowing movement in the general world (especially griffon and springer come to mind) that was just not possible before , and particularly at SPEEDS not possible before has probably made the cheat detection algorithms THAT much more difficult to make reliable.

@Sojourner.4621 said:

@ReaverKane.7598 said:

@Sojourner.4621 said:

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Not really, well griffon is basically a better version of the glider, and the other mounts don't do anything that wasn't in the engine before HoT. The springer is just a re-skinned version of the blue zephirite crystals, skimmer is a faster version of the flying carpet, with a bit extra Y (or Z idk what kind of axis system they're using) numbers, the raptor and jackal aren't very different from the purple and orange crystals.The speed at which you move isn't the issue per se. The issue is that to trigger gliders smoothly without having major delays due to lag, they had to move that trigger from server-side to client-side. With mounts its possible that more of that was moved because there's also less margin for latency when triggering jumps and such due to races and whatnot being done at a faster pace. Although that's also true of sanctum sprint for example.

@ReaverKane.7598 said:

@Sojourner.4621 said:

@ReaverKane.7598 said:

@Sojourner.4621 said:

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

Again we're talking about detection issues here. While Springer is not a "new" mechanic, it was previously limited to very specific areas of the game. If someone suddenly and rapidly reached that height in areas of the game where those items didn't exist, then it could be assumed by an algorithm that they are cheating. Raptors, even Springers and Skimmers, Jackals, and especially Griffons, now move much faster than what the previous "cap" for maximum player movement was. Before this point, if player gets from point a to point b faster than should be allowable by that cap, they are probably hacking (or using a mesmer portal/shadow step which game data would account for). Now it would be harder to distinguish between someone moving very rapidly from point a to point b through the sky using a hacking program vs someone doing it on a Griffon. It means you have to put extra checks in to place for the detection algorithm, and still would be less of a guarantee. I'm not talking about WHY more got moved client side, I'm just saying that by moving more client side, and then introducing game wide mechanics that could, to the old algorithms, look like cheating... can cause detection problems without finding a new better way to detect, and might help explain the upswing of speed hack/teleport hack reports.

@Sojourner.4621 said:

@ReaverKane.7598 said:

@Sojourner.4621 said:

@ReaverKane.7598 said:

@Sojourner.4621 said:

@TheQuickFox.3826 said:

@ReaverKane.7598 said:

@TheQuickFox.3826 said:Well, refund of not (I think not, never heard of a refund after a well-deserved ban) banning should be the last line of defense. If the game design is vulnerable for cheating, you can keep banning players but cheaters will come back with new accounts and new IP addresses and more existing players will be tempted to cheat. Nothing against a well deserved ban, but the real solution should be in the architecture of the game to make cheating as as hard/impossible as possible. The kind of cheating that has been reported makes me wonder in what degree ArenaNet implemented their own design recommendations:

The computers don’t send messages over the network like “I hit you for 20 points.” Instead, they send only mouse and keyboard input, such as “I right-clicked on your character.” This makes it fundamentally impossible to use the same types of cheats that were prevalent in Diablo. You can’t send a message to another computer saying “I killed you” because no such message exists. You can only send a message saying “I clicked on you.” There’s no point in writing a cheat program to do that, since you could just as easily click your mouse to send the same message.

A New Kind of Architecture

The synchronous peer-to-peer networking model comes close to solving the cheating problem. Since computers only send mouse and keyboard input over the network, there is nothing that a player can do to give himself greater abilities than the game intended him to have. The remaining problem is that computers see too much information about what the other players in the game are doing. Is there a type of network model that would address this? Yes there is, and it’s called client/server.

In a properly written client/server game, computers still send only mouse and keyboard messages over the network, but they now send that information to a single server, rather than sending it to every other player. The server is the only computer that knows what all players in the game are doing, and knows the entire state of the game. The server then sends back to the clients just those events that they should be able to see. This way, the clients can’t do anything they’re not supposed to do, and they can’t see anything they’re not supposed to see.

True, assuming we actually know what and how the anti-cheat detects/works. I'm mostly addressing why it can't be compared to the old system of having everything work server side, not really how or what the cheat detection does, because we don't really know. But one thing's for sure the no-clipping should still be easily detected, and, well...I'm pretty sure that movement speed and positioning aren't the only factors at play. I mean you could break out of the map before, and use a lot of glitches to go to places you shouldn't. If player position was the determining factor, i'm pretty sure that would cry foul immediately. Same can be said for speed, with stuff like ride the lightning, blinks, portals and whatnot, the speed at which you go from A to B isn't really something that would individually track.You can say they could wrap the detection with flags so that it would detect abnormal speed, then check if your speed increase is from skill A or B. But that is true for mounts as well.So either the hacks are bypassing a flag there (like telling the server the player is using a GM tool) which can't be caught by the anti-cheat algorithm. OR (more likely) they're working on preventing the hack from working before starting to ban users, otherwise they'd be spending more time banning than fixing.

@"PuppyMonkeyBabyJosephSayer.3601" said:what about getting on top of the websites that they are obtained from instead of letting such sites exist to begin with?