Legal issue
Author
Hi,
I am a small-time developer of anti-cheat technology for online games. I have been talking with the heads of some gaming tournaments regarding ways to ban players who are caught cheating.
Players connect through the MSN Gaming Zone to play online in these tournaments. Some ideas have been going around about ways to ban people when the technology catches them cheating. Currently the ac technology merely closes their connection to the server and/or closes the game''s windows process.
Ideally, we would like to have a notification of certain information about this user from their computer when they are caught cheating while using the a/c patch. Some of the information we would like is the name/path of all running processes on person''s computer, name/path of all modules attached to the game process, copies of certain areas of the game''s memory, and the user''s multiplayer name. MSN Gaming Zone stores all of the user''s Zone names in a folder that is easily accessible.
There are a few possible scenarios for retrieving this information.
A) When the cheat is detected, the information is gathered, encrypted, compressed and transmitted to the anti-cheat server with no user notification.
B) When the cheat is detected, the information is gathered, encrypted and saved in a file, and the user will be notified that his gaming privilege is being suspended, and ask the user''s permission to transmit the information if he believes that it was a glitch.
C) When the cheat is detected, the information is encrypted and saved to file, the user''s gaming privilege is suspended, and the user is notified via an error log file to contact one of the head ladder administrators, who will ask them to send in the encrypted information.
The ladder administrators, and possibly myself, will then review the information, to see if there is any way it was a false detection, and determine whether to renew the user''s privileges or to further penalize them.
My concern is primarily what would constitute an invasion of privacy, whether a notice when downloading and installing the patch is enough, or whether we would need to acquire some sort of explicit permission.
Any input would be great, if not a solid answer, then perhaps point me in the direction where I can have this answered without spending a lot of money. Currently the technology is licensed for free, so there is not much budget for legal representation.
Thanks
Krippy
Well you should have a prominent notice when they sign up for the ladder and when they install the ac application. After that I doubt it matters what you do. If you auto send the info then they get banned for cheating (or let off if it is a glitch). If you don't then they get banned if they send it (and it shows cheating) and banned if they refuse to send it.
However one thing you might want to consider is "random dope testing". Instead of waiting for the ac to catch someone the server should randomly select people for checking. Two reasons to do it this way.
i.) If you only check suspected cheats they will know not to send info because they only get tagged when the system thinks they are cheating.
ii.) Someone will doubtless hack your system so if it does random checks for mods/running processes it will show what is running even if that mod is engineered to avoid detection as a cheat.
Dan Marchant
Obscure Productions
Game Development & Design consultant
[edited by - obscure on November 7, 2003 7:33:30 AM]
However one thing you might want to consider is "random dope testing". Instead of waiting for the ac to catch someone the server should randomly select people for checking. Two reasons to do it this way.
i.) If you only check suspected cheats they will know not to send info because they only get tagged when the system thinks they are cheating.
ii.) Someone will doubtless hack your system so if it does random checks for mods/running processes it will show what is running even if that mod is engineered to avoid detection as a cheat.
Dan Marchant
Obscure Productions
Game Development & Design consultant
[edited by - obscure on November 7, 2003 7:33:30 AM]
Author
Hi Obscure,
Thank you for your input. I figured that a prominent notice should suffice, since the information is not extremely personal in nature. Good to have a second opinion on that
That is a good idea re: random dope testing. I think I will add that I can then have the server first analyze the information, and anything that is not immediately tagged by the server can go into a bin which can be reviewed by ladder administrators at their leisure.
Thanks again
Krippy
Thank you for your input. I figured that a prominent notice should suffice, since the information is not extremely personal in nature. Good to have a second opinion on that
That is a good idea re: random dope testing. I think I will add that
I can then have the server first analyze the information, and anything that is not immediately tagged by the server can go into a bin which can be reviewed by ladder administrators at their leisure.Thanks again
Krippy
I think you should use option A. As long as you give a full warning on what information you will be collecting and sending.
Also make sure you send the information be for you close the connection, just in case the user can stop the process.
First make it work,
then make it fast.
--Brian Kernighan
The problems of this world cannot possibly be solved by skeptics or cynics whose horizons are limited by the obvious realities. We need men and women who can dream of things that never were. - John Fitzgerald Kennedy(35th US President)
Do not interrupt your enemy when he is making a mistake. - Napolean Bonaparte
Also make sure you send the information be for you close the connection, just in case the user can stop the process.
First make it work,
then make it fast.
--Brian Kernighan
The problems of this world cannot possibly be solved by skeptics or cynics whose horizons are limited by the obvious realities. We need men and women who can dream of things that never were. - John Fitzgerald Kennedy(35th US President)
Do not interrupt your enemy when he is making a mistake. - Napolean Bonaparte
Author
Yes, I think I will use option A. The other options that were thrown out were entertained just incase for some reason option A would constitute an unacceptable invasion of privacy.
It will first send the information, on a typical system the file won''t be more than 10k in size, so unless the user is on a very slow modem they probably won''t even notice that it''s being sent. After the information is sent, it will exit the process and/or close the connection.
Peace
It will first send the information, on a typical system the file won''t be more than 10k in size, so unless the user is on a very slow modem they probably won''t even notice that it''s being sent. After the information is sent, it will exit the process and/or close the connection.
Peace
If you have a notice when the software is isntalled/started up you shouldn''t have any problems.
BTW keep up the good work, I''m always happy to see people making third party anti cheat software.
BTW keep up the good work, I''m always happy to see people making third party anti cheat software.
Author
Just thought I would follow up and mention that these aspects have now been incorporated into the anti-cheat software.
The 'random dope test' has already been quite successful, within the first hour of the new server going live it discovered 6 people using cheats that were not discovered by the in-game detection previously, simply by having an administrator reviewing the names of files in their game directory (luckily game hackers dont seem to be too interested in obfuscating the names of their cheat files), which were collected from a random dope test. 3 of them so far have sent me their cheats to get unbanned, which is contributing to the evolution of the core cheat prevention.
I have decided to give them one free ride, in order to collect these cheats, getting caught a second time will be a permanent ban.
Regards,
Krippy
[edited by - krippy2k on November 13, 2003 12:10:28 AM]
The 'random dope test' has already been quite successful, within the first hour of the new server going live it discovered 6 people using cheats that were not discovered by the in-game detection previously, simply by having an administrator reviewing the names of files in their game directory (luckily game hackers dont seem to be too interested in obfuscating the names of their cheat files), which were collected from a random dope test. 3 of them so far have sent me their cheats to get unbanned, which is contributing to the evolution of the core cheat prevention.
I have decided to give them one free ride, in order to collect these cheats, getting caught a second time will be a permanent ban.
Regards,
Krippy
[edited by - krippy2k on November 13, 2003 12:10:28 AM]
Good to see the cheaters getting caught out 
Dan Marchant
Obscure Productions
Game Development & Design consultant
Dan Marchant
Obscure Productions
Game Development & Design consultant
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
