Considering Uninstalling the Game

I don't like cheaters either, but when I read this on MMORPG

https://forums.mmorpg.com/discussion/comment/7315838/#Comment_7315838

It raised concerns and red flags.

Then I found this.

https://reddit.com/r/Guildwars2/comments/8c2j0y/a_technical_analysis_of_the_spyware_arena_used/

and this

https://en-forum.guildwars2.com/discussion/comment/476255/#Comment_476255

So basically to my understanding Arena Net, released an update with Spyware designed to scan a persons memory for Cheats / Hacks, or perhaps even installed Software not related to Guild Wars 2, or being used to cheat Guild Wars 2 in any way?

Currently I have "Cheat Engine" "Keybot 2" "Tiny Task" "Auto Hotkey" "Logitech g910s Software" "Asus Armory" installed on my PC These can all be used to bot or Cheat Guild Wars 2, as well as other games but I don't use them to cheat GW2, and I don't think its Arena Net's business to be scanning my memory without permissions threatening my account that i've had since 2005 without any bans just because I choose to have Cheat Engine installed for example I think its an inviasion of privacy.

Now an Anti-Cheat such as XingCode, or proper one would simply tell you the name of the program and block it from running or the game from running without banning the user unless they were aimbotting for example in an online game but would not ban a user for using Cheat Engine outside of the specified game.

Not so sure I trust to even Launch this game given I leave 2-3 games running in the background and I also don't want my perforamnce degraded.

Well, you did give permission when you agreed to the Terms of Service/EULA.

Regardless, for an individualized response, you can contact the CS Team via the 'Support' link.

Good luck.

It could be much easier.

The executable just should prevent anything from injecting any DLL or memory from other programs. Really ANYTHING*. You're having a d3d9.dll? Fine, I ignore it! The game executable has been changed? Great, I won't start at all!

Because as much as I have read ANY cheat program uses this kind of DLL to inject the malicious code into the games memory and make the cheaters characters run faster, fly, etc.

Sure, shaders won't work then as well in the beginning. But hey, ArenaNet should just deliver their own way of adding mods to the game. Or something like everyone has to send in their program and ArenaNet checks it and either approves it or not.

@Inculpatus cedo.9234 said:Well, you did give permission when you agreed to the Terms of Service/EULA.

Regardless, for an individualized response, you can contact the CS Team via the 'Support' link.

Good luck.

I did this. And of course the first answer was totally unrelated to my text. Then I was told, I should post it in the forums. I don't know why the support does not want to see my examples of how they could harden the game client.

*Yes, I know, the coherent browser would still need to be able to access the game...

Nothing was installed, it was built-in to GW2 and was only there for about 2 weeks. What GW2 did was very basic. Any program can query a list of programs that you currently have open. GW2 basically sent that list to ArenaNet, who then checked what you were running. They did nothing more, so they don't even know for sure if anyone was cheating, only that they had the program open. CheatEngine was one of the targets, so since you're using it, you could be banned regardless of what you're using it for if they ever try this again. They won't be able to easily do this again however, except for targeting legitimate tools like CheatEngine, whereas all the actual cheats will now have protection against this method.

This is all based on the CHANCE they might do anything with it. Doing it this way is not illegal anyway. Many sites and games do this. Data, once checked, gets deleted automatically. I highly doubt they'd want to load their servers with that junk.

People are blowing this way out of proportion and the cheaters who did get punished are salty as hell.

@"Nokomis.5076" said:It could be much easier.

The executable just should prevent anything from injecting any DLL or memory from other programs. Really ANYTHING*. You're having a d3d9.dll? Fine, I ignore it! The game executable has been changed? Great, I won't start at all!

It is literally impossible for the game to do this. Aside from anything else, the code that determines if the game executable has changed is ... part of the executable that was changed. Uh-oh. Guess we can't trust that to self-report.

Because as much as I have read ANY cheat program uses this kind of DLL to inject the malicious code into the games memory and make the cheaters characters run faster, fly, etc.I did this. And of course the first answer was totally unrelated to my text. Then I was told, I should post it in the forums. I don't know why the support does not want to see my examples of how they could harden the game client.

They likely don't care because (a) their job is technical support, not implementing technical solutions, and (b) your ideas didn't work thirty years ago, let alone working today.

...and before you get there, the way that anti-cheating "solutions" work is they literally do the same things that rootkits do: hack the kernel, make it harder for the process to be detected, etc. This is cough a little intrusive, you might say, especially since they necessarily grant the power to bypass literally any protections the kernel has on what the game client could do, but also, still not a full solution.

I usually wouldnt agree a measure like that, but given this season Im so pissed about too much "suspicious" player behaviours (instant res, combos that does +26k in a second, ppl that moves at a non reasonable speed among other things...) I think this is totally necesary for keeping the game out of cheaters, or soon this is gonna be like fortnite or pubg, if its not already.

Considering I pvp ALOT... Im happy as hell... I dont mind the intrusion one bit

@"Renoaku.4189" said:So basically to my understanding Arena Net, released an update with SpywareNot exactly. They released a version of the game that interacted with Windows API to identify what programs were running on our PCs. It's only spyware if you consider Windows to be spyware (and I suppose, there's an argument to be made that it is, but that's not something that ANet can address).

designed to scan a persons memory for Cheats / Hacks, or perhaps even installed SoftwareJust active programs; it doesn't look at installed software.

not related to Guild Wars 2, or being used to cheat Guild Wars 2 in any way?How do they know that a player isn't cheating when software designed to cheat games is running at the same time as GW2? They have a legit interest in cheat prevention, not just post-fact detection. Like suspending someone's gym access after finding them in the locker room with lockpicks.(I don't mean to suggest that ANet should do this, only that it's easy to see why they would choose to.)

Currently I have "Cheat Engine" "Keybot 2" "Tiny Task" "Auto Hotkey" "Logitech g910s Software" "Asus Armory" installed on my PC These can all be used to bot or Cheat Guild Wars 2, as well as other games but I don't use them to cheat GW2,Of those, only some are designed primarily to be used to cheat (notably Cheat Engine). Either make sure you aren't running it (as in, double check before launching GW2) or remove it from the PC that runs GW2 (to avoid any ugly accidents).

I don't think its Arena Net's business to be scanning my memory without permissions threatening my account that i've had since 2005 without any bansThat's a reasonable position, although, again: the scanning is built into your OS for a variety of reasons besides detecting cheatware. Maybe they shouldn't. On the other hand, some people feel that maybe ANet let people get away with cheating for too long and they need to be more proactive about it.

just because I choose to have Cheat Engine installed for exampleInstalling it is fine; the issue is whether it's active while GW2 is running.

I think its an inviasion of privacy.While I can relate to that opinion — and at the very least, it makes a lot of us feel slimed upon learning this happened — it's not anything new for gaming or windows. Other programs have been doing this for ages. What's different is that we weren't aware that ANet might ever do this.

Now an Anti-Cheat such as XingCode, or proper one would simply tell you the name of the program and block it from running or the game from running without banning the user unless they were aimbotting for example in an online game but would not ban a user for using Cheat Engine outside of the specified game.Wouldn't it be far more intrusive to let ANet put software on our machines that restricts what software we can or cannot run?

Not so sure I trust to even Launch this game given I leave 2-3 games running in the background and I also don't want my perforamnce degraded.You're running (sometimes, anyhow) Cheat Engine, Keybot 2, Tiny Task, AutoHotKey, Logitech Gaming Framework, and Asus Armory. I think the "I don't want my performance degraded" ship has sailed.

I'm not suggesting that anyone in particular should blindly accept what ANet chose to do here. I only ask to make sure folks understand just what circumstances we are dealing with before working ourselves into a panic about the situation. ANet used Windows API to expose programs running alongside GW2. They suspended a mere 1600 accounts for, in effect, being caught with cheat tools, in effect saying, "don't walk into our house with mud on your shoes; I don't care how careful you are."

@Inculpatus cedo.9234 said:Well, you did give permission when you agreed to the Terms of Service/EULA.

Yes, you did. But it's against the law to pull data from your system like this in some countries. In those cases agreeing to the ToS doesn't matter.

Edit: Personally I'm astonished how easily people are waving their rights here just to catch some cheaters.

Well, if you have nothing to hide then let them do it. I would rather have them scan my other programs running during playing GW2 than have x10 cheaters in the game. They're clearly using it to get rid of the cheaters not to check if you're watching adult videos while waiting for world boss respawn.

@"Inculpatus cedo.9234" said:Well, you did give permission when you agreed to the Terms of Service/EULA.For anyone wanting the detail about this:Article 7d on th https://www.guildwars2.com/en/legal/guild-wars-2-user-agreement/

@"sitarskee.5738" said:Well, if you have nothing to hide then let them do it.I don't buy that argument.

First they came for the Hackers, and I did not speak out—Because I was not a Hacker.Then they came for the Cheaters, and I did not speak out—Because I was not a Cheater.Then they came for the AFK farmers, and I did not speak out—Because I do not farm while AFK.Then they came for me—and there was no one left to speak for me.

(with apologies to Martin Niemöller)

The first defense of privacy has to come long before you have something to worry about.For example, does Windows have a legit interest in exposing what software is active on our machine to anyone at all? Even to Microsoft?

The problem is that genie has been out of the bottle for 30 years; it's not something new or unusual for a gaming studio to do. ANet is not the first (and they are far from the worst). I'm not endorsing ANet's choices of methodology, security, or what they chose to do about what they found. But neither can I endorse the view that there's something inherently upsetting (let alone wrong or immoral) about what they did. I don't like it, but I can imagine why they did it.

@Nezekan.2671 said:In the EU its illegal to gather information without your contest,But you DO know that ANet gathers the information. You have agreed to the User Agreement, so you must have read it, didn't you?

@SlippyCheeze.5483 said:

@Nokomis.5076 said:It could be much easier.

The executable just should prevent anything from injecting any DLL or memory from other programs. Really ANYTHING*. You're having a d3d9.dll? Fine, I ignore it! The game executable has been changed? Great, I won't start at all!

More to the point, Windows has a chunk of entries in the registry that name DLLs that are loaded into EVERY program as it loads, and (as a consequence of how DLL loading works) those DLLs get to run their code before any code in the program runs. No changes to the actual executable itself (i.e. the GW2 client) are needed.

@Illconceived Was Na.9781 said:For example, does Windows have a legit interest in exposing what software is active on our machine to anyone at all? Even to Microsoft?

If Task Manager can read the running software, well, any program can. Task Manager is just a program - there is nothing special about it in that respect.

@Nokomis.5076 said:

@Nezekan.2671 said:In the EU its illegal to gather information without your contest,But you DO know that ANet gathers the information. You have agreed to the User Agreement, so you must have read it, didn't you?

Illegal acts cannot be legally binding. If I agree to sell you illegal drugs and you don't pay me money, I can't go to courts for that. Those terms of agreement are made for US citizens and not revised for EU citizens. Moreover it depends on the information being processed. For example Blizzard warden only scans processes attached to wow and nothing more, and it does not actually gather the data. It either deletes everything OR flags the account for further investigation.

Actually, there are special terms for the UA for EU/Germany. Just need to scroll to the bottom of the document.

It actually confirms what is being discussed. And its not specific to Germany but all of EU. Germany is just prime example since EU citizens can opt to allow EU courts decide these types of things as long as the case is not specifically related to their own country, which in this case, its not.

@Steve The Cynic.3217 said:

@Illconceived Was Na.9781 said:For example, does Windows have a legit interest in exposing what software is active on our machine to anyone at all? Even to Microsoft?

And therefore, given that we've allowed MS to make this data available beyond our PC, it's not that surprising that ANet has decided to make use of it; they aren't the first (and won't be the last).

@Illconceived Was Na.9781 said:Of those, only some are designed primarily to be used to cheat (notably Cheat Engine).

And here you are completely wrong. Dont let yourself be fooled by the name, its mainly used for modding and debugging. It is a user-friendly debugger, probably the only one, and therefore especially used by programmers that "just" want to debug their own software and/or create mods/addons for other software. The other debugging tools are infinitely more useful for cheating btw, so putting CE on that list isnt only stupid because its main purpose isnt even cheating (especially not in mmos), it is inconsequent because then they would have had to ban PE, x64dbg, ollydbg, IDA etc also.

@Illconceived Was Na.9781 said:Installing it is fine; the issue is whether it's active while GW2 is running.

And on the same note, Anet could have put in a bit more effort into their spyware and checked if CE was used on gw2. Not that difficult tbh. They could also have used a whitelist to look only for specific programs, or a blacklist to at least not gather all data.

@Illconceived Was Na.9781 said:Wouldn't it be far more intrusive to let ANet put software on our machines that restricts what software we can or cannot run?

I dont agree with that sentiment. It would be upfront instead of behind my back.

@Illconceived Was Na.9781 said:You're running (sometimes, anyhow) Cheat Engine, Keybot 2, Tiny Task, AutoHotKey, Logitech Gaming Framework, and Asus Armory. I think the "I don't want my performance degraded" ship has sailed.

Actually, most of those just idle. What Anet put in gw2 in layman terms, is... they called several windows api functions to get to the filename of EACH active process (no blacklist!) and then opened those files, created an MD5 hash of the file and uploaded said hash to their servers. This is significant activity and impacts performance.Personally, I noticed the increase, but I thought it was because of buggy living story. Silly me. Just shows I trusted Anet WAY too much.

@Illconceived Was Na.9781 said:[...] ANet used Windows API to expose programs running alongside GW2. [...]

No, the point is: Anet went behind my back and installed spyware that gathered information about all active programs and then uploaded that data to their server, where for all I know it still sits, waiting to be used for whatever shady business Anet decides. Anet did NOT have my explicit consent to do this, and imo uploading and storing that data onto their server is NOT part of the UA. In the least this whole thing was widely out of proportions, dilettantish and unsavory.