All Discussions > Steam Forums > Steam Discussions > Topic Details
Anmheda Jul 11, 2024 @ 12:19pm
Kernel anticheat, data collection and privacy within games.
I'm so tired of seeing PvE games using kernel level Anticheats these days. I mean, PvE games... Players versus environment... And they decide to include kernel level anticheat systems... that is just so stupid! These kernel level anticheats getting all that root access just to avoid potential "cheaters" from a PvE/Co Op game its beyond stupid, imo. They cant even prove that kernel anticheats works better than non-kernel server side anticheats, if you disagree - then show me some real statistics. My problem with these kernel level anticheats is their elevated access levels, anti cheats should never ever have root/kernel access to any system just to catch potential cheaters. Server side anticheats and non-kernel anticheats like VAC does the job good enough. Just look at Dota 2, a competitive game with lots of tournaments and money involved, do they use kernel level anticheat? No they dont.

And then you have all these games (most of them being online games) doing lots of data collection, and if you dont agree to some of those game company's terms, then you cant play those games (which is okay, to be honest).

I see lots of people complaining about data collection and bad privacy practice on certain games leaving negative reviews, and I totally understand and support that. Then I see people reply stuff like "why complain when google/microsoft/steam already collect data", or comments like "people complaining about data collection when big corporations already collect the same, they not interested in your life" bla bla. I think that is an ignorant way of thinking, people thinking like that will never understand what privacy and security is about. Why should we be okay with games collecting so much data? I understand why facebook collects a lot of data, but why should games do that? And its even worse when they collect a lot of data also being personal data. Why do they need all this data?

And what data does the kernel anticheats collect? I mean, they have root access so they could collect anything. I know Windows and Steam already collects data (not on the kernel level though, and it depends on your settings and firewall), but that doesn't make it okay for game companies to just mass collect data without giving consumers options to opt-put. I really hate the fact that more and more games go online these days collection more and more data without including options to opt-out/in, I hate it.
Last edited by Anmheda; Oct 30, 2024 @ 1:58am
< >
Showing 91-105 of 139 comments
Anmheda Jul 13, 2024 @ 1:12pm 
Originally posted by RiO:
Originally posted by Ben Lubar:
People are not worried (or at least should not be worried) about the anticheat destroying their computer.

What people should be worried about is that a piece of malware could use the anticheat kernel driver as a means to get more access to the system it normally wouldn't be able to get on its own.

Precisely.
Well -- with the added note that while people shouldn't be worried about anti-cheat outright destroying their computer, they should be aware that any time a kernel module fails, it's not like a normal program which fails. A normal program will just crash back to desktop. A kernel module failing might, and more often than desired actually does, result in the entire system hanging, requiring a hard reboot and suffering potential data loss and data corruption on hard drives.
Exactly.
#91
Lystent Jul 13, 2024 @ 1:12pm 
Originally posted by Tito Shivan:
...
Easier and more straightforward than getting kernel level to then try to steal the same content.
...
Part of the argument was in regards to these sort of anticheats unwittingly providing a backdoor for third parties of lesser legitimate causes.
#92
Anmheda Jul 13, 2024 @ 1:18pm 
Originally posted by Crashed:
Is it worth however pushing for massive, aggressive, and rude boycotts of any and all games that use anti-cheat?

Of course its worth it, and its not even rude. Whats rude is game publishers/companies pushing kernel level anticheat into customers PCs. Im okay with games using user-level anticheat (or server sided), but not kernel-level anticheat, I rather boycott those games.
#93
Anmheda Jul 13, 2024 @ 1:28pm 
Originally posted by Crashed:
Originally posted by BlackBloodRum:
I would argue it's more rude to demand more and more control over the customers computer for a video game there is no user friendly reason why a video game should have the capacity to take full and total control over your computer, and what you do with it.

It is plainly hostile against the customer and their device. That is what is rude.
It's reasonable for an online game developer to say you can't run certain programs known to hack the gameplay when the game is running and/or connected to multiplayer. Not doing anything about cheats creates a dire risk to reputation for the game developers.

Consider yourself lucky you aren't playing a game console which uses strict DRM to prevent you from running anything other than software the manufacturer has explicitly licensed for use on it, regardless of whether or not you are in-game.
.... you dont need kernel-level anticheat to stop hackers/cheaters. Even games using kernel-level anticheat still have problems with cheaters/hackers in their games. Competetive pvp mp games needs a anticheat, but not a kernel-level one.

Secondly, why are you comparing a game console with a PC? There are no problems with strict DRM on game consoles, a game console is only meant to be used for ... gaming.
A PC is used for much more than just gaming, it can contain personal files, bank information, business plans, personal pictures, etc etc.
#94
Anmheda Jul 13, 2024 @ 1:30pm 
Originally posted by BlackBloodRum:
Originally posted by Crashed:
It's reasonable for an online game developer to say you can't run certain programs known to hack the gameplay when the game is running and/or connected to multiplayer. Not doing anything about cheats creates a dire risk to reputation for the game developers.
To the point of demanding complete control over your computer?

Originally posted by Crashed:
Consider yourself lucky you aren't playing a game console which uses strict DRM to prevent you from running anything other than software the manufacturer has explicitly licensed for use on it.
Different case and reasoning. A console is purchased primarily as a single-use device. You're aware of this before you buy it. A computer is not, and will hold a lot more personal information/files than the console ever would.
I agree.
Last edited by Anmheda; Jul 13, 2024 @ 1:59pm
#95
Crashed Jul 13, 2024 @ 1:37pm 
Originally posted by Tito Shivan:
Originally posted by RiO:
The privacy concern is a lesser concern wrt kernel modules.
And not exclusive of them. I mean, if a dev was really interested in private content they can just ask access to it. And if you don't you don't get to play the game.

Easier and more straightforward than getting kernel level to then try to steal the same content.

Originally posted by BlackBloodRum:
To the point of demanding complete control over your computer?
And this is the kind of thing I refer when talking about 'disinformation'.
Exactly.

Originally posted by Anmheda:
Originally posted by Crashed:
Is it worth however pushing for massive, aggressive, and rude boycotts of any and all games that use anti-cheat?

Of course its worth it, and its not even rude. Whats rude is game publishers/companies pushing kernel level anticheat into customers PCs. Im okay with games using user-level anticheat (or server sided), but not kernel-level anticheat, I rather boycott those games.
When you go around insulting those who do not join your boycotts it's rude.
#96
Anmheda Jul 13, 2024 @ 1:40pm 
Originally posted by Crashed:
Originally posted by BlackBloodRum:
Do you know what kernel-level access is? The kernel is the core of the operating system - with that level of control, you can do anything.
If you install a driver for your webcam, does that mean the webcam has complete control? You are speculating, not giving any actual examples of the privilege being abused.
You misunderstand the issue at talk here. Of course we need to trust the drivers we install when we buy hardware components, but just because our GPU needs drivers to work, that doesn't mean its okay for video game companies to bundle kernel-level anticheats along with their games. Its just unnecessary, and creates unnecessary risks of privileges potentially being abused.
In my opinion, its lame and rude to every consumer when games bundle kernel-level anticheat (for PC gaming).
#97
Anmheda Jul 13, 2024 @ 1:50pm 
Originally posted by Crashed:
When you go around insulting those who do not join your boycotts it's rude.
Huh? I dont know what you are talking about, no one insulted anyone. I think most people are okay with others having different opinions, its okay to disagree. But im fine with people insulting game publishers and/or devs making decisions to bundle kernel-level anticheat or doing mass collection of data without user consent or opt-out options.
#98
Crashed Jul 13, 2024 @ 2:02pm 
Originally posted by Anmheda:
Originally posted by Crashed:
When you go around insulting those who do not join your boycotts it's rude.
Huh? I dont know what you are talking about, no one insulted anyone. I think most people are okay with others having different opinions, its okay to disagree. But im fine with people insulting game publishers and/or devs making decisions to bundle kernel-level anticheat or doing mass collection of data without user consent or opt-out options.
And why are you saying the two are related?
#99
Crashed Jul 13, 2024 @ 2:26pm 
Originally posted by BlackBloodRum:
I think we're going to have to agree to disagree here to be honest. I will continue to not purchase those products - as is my choice - even if that's 'rude' to those companies, and you may continue to use those products. No judgements, no hardships, just a mutual agree to disagree. :-)
Ever heard the following? This isn't an airport. You don't have to announce your departure.
#100
Tito Shivan Jul 13, 2024 @ 2:38pm 
Originally posted by Lystent:
Part of the argument was in regards to these sort of anticheats unwittingly providing a backdoor for third parties of lesser legitimate causes.
Third parties will have at any given moment way more venues than a kernel level anticheat to do their bidding.

When discussing privacy we often focus on the very complex and specific scenarios than over the most usual and plausible ones.

A kernel-level ACS having a backdoor that cound be exploited is an issue. Likewise for any of the drivers in your machine, unpatched 0-day vulnerabilities on your OS or installed software that may allow privilege escalation...
#101
Tito Shivan Jul 13, 2024 @ 3:14pm 
Originally posted by BlackBloodRum:
At the end of the day, I must prioritise the security of my system overall, over games.

Thankfully; for the time being such modules are not available for Linux. (So for now, if we have purchased their products before, they simply update the product and block us from using the product - which I prefer.)

But, if it ever got to the point of it being a thing on Linux? I would not permit it on my system. It's a simple matter of principle and trust.

For me, I will always stand by my personal beliefs, standards and morals over anything else.
I totally understand that. And it's the kind of decisions that make some people have a 'gaming machine' (like others may have a 'browsing machine') given the necessity.

Most people who fear for 'rootkit anticheats' however fall way away of such a level of dedication and are for the most part parroting fearmongering things they heard and could invest their efforts elsewhere.
#102
Crashed Jul 13, 2024 @ 3:27pm 
Originally posted by BlackBloodRum:
For me, I will always stand by my personal beliefs, standards and morals over anything else.
Beliefs are not the same as facts.
#103
RiO Jul 13, 2024 @ 3:28pm 
Originally posted by Tito Shivan:
A kernel-level ACS having a backdoor that cound be exploited is an issue. Likewise for any of the drivers in your machine, unpatched 0-day vulnerabilities on your OS or installed software that may allow privilege escalation...
The major problem with anti-cheats is poor maintenance and software support.
Basically, you have to hope that the anti-cheat's vendor can and will issue proper patches and it doesn't have to flow through the game publisher.
Because after a game's initial support window, which can in some cases be as short as only a few weeks before patching stops, you're not getting anything done that route anymore, because they simply don't care.

Case in point: the well-known RCEs in earlier Call of Duty titles? Never fixed.
The RCEs in the network code of the Souls series? Took forever to be acknowledged as a problem and be fixed.

And that's, probably, just the tip of the iceberg.


Originally posted by Anmheda:
Originally posted by Crashed:
When you go around insulting those who do not join your boycotts it's rude.
Huh? I dont know what you are talking about, no one insulted anyone.

Well, technically Crashed themselves actually did, so their statement there to you is quite ironic:

Originally posted by Crashed:
Do you have any evidence that kernel-mode anticheats are cloaking themselves? Wouldn't that be grounds for their signatures to be revoked?

Or perhaps you use cheats that do rootkit behavior like that?

When arguments brought forward don't personally align with your own view, there are different and more polite ways to ask for clarification than off-hand disingenuously insinuating the person bringing those arguments forward has to be a cheater themselves that's lying because they didn't initially corroborate every component of their argument with hard cited references.

That's not just insulting, that's slander and defamation.

Originally posted by Crashed:
Originally posted by BlackBloodRum:
For me, I will always stand by my personal beliefs, standards and morals over anything else.
Beliefs are not the same as facts.

Neither are empty platitudes aimed at attacking the author rather than their argument.
And taken as a whole, the reasons BlackBloodRum has for not wanting to trust anti-cheat kernel modules and not finding them of great enough import to risk the security of their own system, are sound.

There have been plenty of cases in the past with sordid DRM or anti-cheat kernel modules taking a role in potential or concrete exploit scenarios featuring privilege escalation and remote code execution. The Mihoyo thing in 2022. The Streetfighter V piece of trash that literally had RCE and privilege escalation baked in as a feature. Heck, we can even go back to the turn of the century and the Sony XCP rootkit in the early 2000s. Remember that one?
Last edited by RiO; Jul 13, 2024 @ 3:43pm
#104
Anmheda Jul 14, 2024 @ 8:49am 
Originally posted by RiO:
Originally posted by Anmheda:
Originally posted by Crashed:
When you go around insulting those who do not join your boycotts it's rude.
Huh? I dont know what you are talking about, no one insulted anyone.

Well, technically Crashed themselves actually did, so their statement there to you is quite ironic
Yeah I was aware of that, but I was too lazy to keep replying. Its better to ignore trolls, there is no point in arguing with them.
Last edited by Anmheda; Jul 14, 2024 @ 8:55am
#105
< >
Showing 91-105 of 139 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Discussions > Topic Details
Date Posted: Jul 11, 2024 @ 12:19pm
Posts: 155
Start a New Discussion

Discussions Rules and Guidelines