Defeating remote attestation will be a key capability in the future. We should be able to fully own our computers without others being able to discriminate against us for it.
Thank you for that link, that's super interesting! It looks like it's actually an architectural vulnerability in modern fTPMs, and considered out of scope by both Intel and AMD. So that's a reliable way to break attestation on even the most modern systems!
Sure, but the exploit presented doesn't really look practical for the everyman. And I'm not sure if it can be patched in HW/SW, and in any case this is just the first step to a fully fake secure boot.
Yes, a literal privilege escalation as a service "anticheat" driver.
Trusting these companies is insane.
Every video game you install is untrusted proprietary software that assumes you are a potential cheater and criminal. They are pretty much guaranteed to act adversarially to you. Video games should be sandboxed and virtualized to the fullest possible extent so that they can access nothing on the real system and ideally not even be able to touch each other. We really don't need kernel level anticheat complaining about virtualization.
The privacy points in general are valid, but what irritates me is using this rationale against kernel mode anti cheats specifically.
You do not need kernel access to make spyware that takes screenshots. You do not need a privileged service to read the user’s browser history.
You can do all of this, completely unprivileged on Windows. People always seem to conflate kernel access with privacy which is completely false. It would in fact be much harder to do any of these things from kernel mode.
Kernel access is related to privacy though, and its the most well documented abuse of such things. Kernel level access can help obfuscate the fact that it'a happening. However, it is also useful for significantly worse, and given track records, must be assumed to be true. The problem is kernel level AC hasnt even solved the problem, so the entire thing is risky, uneccesary and unfit for purpose making an entierly unneccesary risk to force onto unsuspecting users. The average user does not understand the risks and is not made aware of them either.
There are far better ways to detect cheating, such as calculating statistics on performance and behaviour and simply binning players with those of similar competency. This way, if cheating gives god-like behaviour, you play with other godlike folks. No banning required. Detecting the thing cheating allows is much easier than detecting ways in which people gain that thing, it creates a single point of detection that is hard to avoid and can be done entierly server side, with multiple teirs how mucb server side calculation a given player consumes. Milling around in bronze levels? Why check? If you aren't performing so well that yoh can leave low ranks, perhaps we need cheats as a handicap, unless co sistently performing well out of distribution, at which point you catch smurfing as well.
point is focusing on detecting the thing people care about rather than one of the myriad of ways people may gain that unfair edge, is going to be easier and more robust while asking for less ergregious things of users.
Counter Strike is a pretty good example that the statistical analysis alone doesn't work at all...at least not now. Valve has been collecting data since at least 2017 for their VAC Live system and it still doesn't work well enough to prevent or decrease the amount of cheating. The model only gives a cooldown of 20 hours if it flags your gameplay as irregular, and that cooldown resets over time.
It usually takes months, if not years for cheaters to get banned, but it takes a couple of dollars for a cheater to get a new account and start cheating again. Every time Valve fine tunes their models, they end up accidentally banning more innocent players in the process, so nobody has trust in that system anyways. There's too many datapoints to handle in competitive games, and there is no way to set a threshold that doesn't end up hurting innocent people in the process.
>This way, if cheating gives god-like behaviour, you play with other godlike folks.
Anti-cheat is not used to "protect" bronze level games. FACEIT uses a kernel level anti cheat, and FACEIT is primarily used by the top 1% of CS2 players.
A lot of the "just do something else" crowd neglects to realize that anticheat is designed to protect the integrity of the game at the highest levels of play. If the methods you described were adequate, the best players wouldn't willingly install FACEIT - they would just stick with VAC which is user-level.
> There are far better ways to detect cheating, such as calculating statistics on performance
Ask any CS player how VAC’s statistical approach compares to Valorant’s Vanguard and you will stop asserting such foolishness
The problem with what you are saying is that cheaters are extremely determined and skilled, and so the cheating itself falls on a spectrum, as do the success of various anticheat approaches. There is absolutely no doubt that cheating still occurs with kernel level anticheats, so you’re right it didn’t “solve” the problem in the strictest sense. But as a skilled player in both games, only one of them is meaningfully playable while trusting your opponents aren’t cheating - it’s well over an order of magnitude in difference of frequency.
i searched "hacking in valorant" and found hella complaints about aimbotting and wallhacking. I can give you a simple way to make that work right now in a way that completely bypasses KLAC. Vanguard hasn't meaningfully solved the problem, and so my point stands. Something as simple as a webcam, a virtual controller, and a cnn can be used to construct a fully isolated aimbot. No memory inspecting anticheat will get that, klac or otherwise. Don't need to go that far though, since streaming means you can simply capture video output realtime, and better than realtime vision/action models exist. Its a project a skilled and motivated highschool student could easily finish in a weekend, in fact, im sure if you search something along these lines you'll find someone doing a video series on exactly this.
There is no need for irritation. I condemn all sorts of anticheating software. As far as I'm concerned, if the player wants to cheat he's just exercising his god given rights as the owner of the machine. The computer is ours, we can damn well edit any of its memory if we really want to. Attempts to stop it from happening are unacceptable affronts to our freedom as users.
Simply put, the game companies want to own our machines and tell us what we can or can't do. That's offensive. The machine is ours and we make the rules.
I single out kernel level anticheats because they are trying to defeat the very mitigations we're putting in place to deal with the exact problems you mentioned. Can't isolate games inside a fancy VFIO setup if you have kernel anticheat taking issue with your hypervisor.
> As far as I'm concerned, if the player wants to cheat he's just exercising his god given rights as the owner of the machine.
By this same logic: As far as I'm concerned, if the game developer only wants to allow players running anticheat to use their servers then they're just exercising their god given rights as the owner of the server.
This is just yet another example of the remote attestation nonsense where your computer is only "trusted" if it's corporate owned. If you own your machine, you "tampered" with it and as a result you get banned from everything. You get ostracized from digital society.
My position is this is unfair discrimination that should be punished with the same rigor as literal racism. Video games are the least of our worries here. We have vital services like banks doing this. Should be illegal.
This take sucks. The anticheat software in this context is for competitive games. No one cares about people cheating in isolation in single player games. The anticheat is to stop 1 guy from ruining it for the 9 others he's playing with online.
You can argue about the methods used for anticheat, but your comment here is trying to defend the right to cheat in online games with other people. Just no.
PvE shouldn't need it either, and yet games routinely ship with anti-cheat applied to everything (including single player).
I rather suspect that the reason for this is the current gaming economy of unlockable cosmetics that you can either grind for, or pay for. If people can cheat in single player or PvE, they can unlock the cosmetics without paying. And so...
Multiplayer PvE can still be ruined by cheating. In many such games, such as MMORPGs, you are still competing for resources such as rare spawns.
Spending hours setting up conditions for the rare spawn to appear, and then before you can get to it having someone using a tracking cheat and a speed cheat get to it first is very annoying.
That is not the solution if you want to play competitively of whenever you feel like it.
Kernel level AC is a compromise for sure and it's the gamers job to assess if the game is worth the privacy risk but I'd say it's much more their right to take that risk than the cheaters right to ruin 9 other people's time for their own selfish amusement
Cheating may not be moral but it's better to put up with it than to cede control of our computers to the corporations that want to own it.
If it kills online gaming, then so be it. I accept that sacrifice. The alternative leads to the destruction of everything the word hacker ever stood for.
I'm sorry but you are fighting a crusade you can not win by definition. If I am free to use my computer for anything I want then I am also free to lock it down to enjoy my favorite game. If I care about my freedom I will have a dedicated machine for this game that I accept I will not have control over.
You are hijacking this thread about VOLUNTARY ceasing of freedom as if the small community even willing to install these is a slippery slope to something worse. You have a point when it comes to banking apps on rooted phones and I'm with you on that but this is not the thread for it
Valve drives significant development of compatibility layers for Linux for the sake of gaming. Their customer base is anything but small. There is potential for this kernel stuff to spill into the entire Linux ecosystem. It was bad enough having to deal with nvidia. I really don't want other companies screwing up the kernel.
Realistically I don't see how Valve can avoid this. They want all those games on Steam Deck and the new console. Game devs want KAC. Therefore Valve can either provide them with some way to implement KAC - which effectively requires a "signed kernel / drivers only", same as on Windows - or tell them to go away. Why would they do the latter?
Mind you, it doesn't mean that the Linux kernel will be "infected for everyone". It means that we'll see the desktop Linux ecosystem forking into the "secure" Linux which you don't actually have full control of but which you need to run any app that demands a "secure" environment (it'll start with KAC but inevitably progress to other kinds of DRM such as video streaming etc). Or you can run Linux that you actually control, but then you're missing on all those things. Similar to the current situation with mainline Android and its user-empowering forks.
> we'll see the desktop Linux ecosystem forking into the "secure" Linux
> Or you can run Linux that you actually control, but then you're missing on all those things
We cannot allow this stuff to be normalized. We can't just sit by and allow ourselves to be discriminated against for the crime of owning our own devices. We should be able to have control and have all of those nice things.
Everything is gonna demand "secure" Linux. Banks want it because fraud. Copyright monopolists want it because copyright infringement. Messaging services want it because bots. Government wants it because encryption. At some point they might start demanding attestation to connect to the fucking internet.
If this stuff becomes normal it's over. They win. I can't be the only person who cares about this.
I wish that is an option. Nowadays many non competitives games that you play with friends you trust still use EAC (yet accept non-kernel mode operation on Linux). I suppose other than VAC you can't buy a usermode anticheat middleware now.
This is the most asinine take I've seen on the subject in a while.
You may think it's your "god-given right" to cheat in multiplayer games, but the overwhelming majority of rational people simply aren't going to play a game where every lobby is ruined by cheaters.
I don't like cheaters either. I just respect their power over their machine and wouldn't see that power usurped by corporations just to put a stop it.
The computers are supposed to be ours. What we say, goes. Cheating may not be moral but attempts to rob us of the power that enables cheating are even less so.
Game compagny have to have those kernel anti cheat because MS never implemented proper isolation in the first place, if Windows was secured like an apple phone or a console there wouldn't be a need for it.
Anti cheat don't run on modern console, game dev knoes that the latest firmware on a console is secure enough so that the console can't be tempered.
Consoles and phones are "secure" because you don't own them. They aren't yours. They belong to the corporations. They're just generously allowing you to use the devices. And only in the ways they prescribe.
This is the exact sort of nonsense situation I want to prevent. We should own the computers, and the corporations should be forced to simply suck it up and deal with it. Cheating? It doesn't matter. Literal non-issue compared to the loss of our power and freedom.
It's just sad watching people sacrifice it all for video games. We were the owners of the machine but we gave it all up to play games. This is just hilarious, in a sad way.
And if we embraced instead of feared remote attestation and secure enclaves, the days of game companies having this level of access would come to an end.
That's arguably even worse. Remote attestation means you get banned from everything if you "tamper" with "your" computer.
Remote attestation is the ultimate surrender. It's not really your machine anymore. You don't have the keys to the machine. Even if you did, nobody would trust attestations made by those keys anyway. They would only trust Google's keys, Apple's keys. You? You need not apply.
Nobody said anything about lynching anyone. I simply don't recognize idiotic laws bought and paid for by corporations as legitimate. Lobbying is just legalized corruption.
How other people respond is largely unrelated to principled notions of justice -- it will mostly depend on what benefits them. Populism, in other words.
I can't be an anarchist because I don't believe anarchy exists. In every group of humans, power structures and hierarchies form spontaneously from normal social interaction. Even if you abolished all forms of government, they would simply reform. A state of anarchy is impossible.
> Any man who breaks a law that conscience tells him is unjust and willingly accepts the penalty by staying in jail to arouse the conscience of the community on the injustice of the law is at that moment expressing the very highest respect for the law out of all other freedom struggles.
Civil disobedience is wrong. Society has established ways to change the rules. Breaking rules instead of changing them is disrespectful to the society that has been built. Just because you quote someone, that does not mean what they are advocating for is just.
Society is wrong. It allows trillion dollar corporations to simply buy the laws that they want to impose on you while conveniently leaving loophopes for themselves. Why the hell would you want to "change" this rigged system through the system? That's mind boggling.
There is absolutely no reason at all to even so much as recognize these laws as legitimate. Society can go to hell if it thinks otherwise. They were supposed to be working for us, not the corporations. Since they aren't, we simply revoke their power over us. It really is that easy.
Power isn't something you have, it's loaned out to you, and it can be revoked. People give you power because they believe you'll act in their best interests and solve their problems for them. Once it becomes clear that's not happening, there is absolutely no reason at all to defer to some corrupt "authorities" who are doing nothing but enriching themselves at our expense.
The book of Isaiah tells us to denounce unjust law. And the book of Matthew tells us to recognize Caesar’s secular authority. Anarchism is not the only explanation.
We live in a deeply unjust world where laws are literally bought and paid for by corporations. This age verification nonsense is just the latest example. They aren't going to sit idle if we attack their lobbying efforts, they're going to come after us. God only knows what a surveillance company like Meta can do to you if they really hate your guts.
OK, so then you think the entire system is corrupt, and you should reform/replace it.
Selective rejection of laws based on your own personal morals is wrong in every circumstance.
Either you believe the system is just and you follow all the rules (and work through the system to changes the individual rules you believe are unjust), or you believe that the system is fundamentally unjust and you take drastic action to fix it. If you don't, then you're a hypocrite - you don't really believe that the system is unjust, you're just using that as an excuse to selectively ignore laws you disagree with.
> Either you believe the system is just and you follow all the rules (and work through the system to changes the individual rules you believe are unjust) [...]
I believe the system is just. That does not change in the presence of those unjust rules that you listed above, because those laws can be changed and are changed regularly, and because they're not egregious enough to constitute a failure of the system.
I understood you perfectly, but you didn't understand me. You're trying to create a false binary between "follow every law as written, until it gets changed" and "drastic action." Nobody wants to take drastic action, so (you say) we should follow the laws.
You seem to agree that there are unjust laws, but you don't realize the scope of the problem. There are many unenforceable laws, with drastic consequences if they were enforced, which are not being fixed[0]. A just system would not perpetuate unjust laws indefinitely, and so under your framing, everyone who disagrees with these laws and is not willing to follow them should take "drastic action."
In fact, there's no such binary. We live under a flawed system which contains unenforceable laws; we can just ignore those laws (which law enforcement already does) even if they are not changed, without needing to overthrow the system, emigrate, or whatever it is you meant to imply by "drastic action."
This is a way to reform it. If nobody obeys a law, is it really illegal? It's more like a custom.
> Selective rejection of laws based on your own personal morals is wrong in every circumstance.
So if your so called authorities passed a law saying you're required to participate in some atrocity such as genocide, you'd do it with a clean conscience? Okay.
> you believe that the system is fundamentally unjust and you take drastic action to fix it
I don't have the power to do so. Also, people who try "drastic" actions are called terrorists.
> You've started calling me names so I won't bother trying to engage any further. Thanks for the discussion.
A note to future readers of this thread: observe the inconsistency between the poster's stated positions and decide whether you believe that their words are genuine (and their positions/advocacy are worth taking into consideration) in light of that.
Resolving inconsistencies between my ideas is the entire reason why I come here to discuss them. I'm just not willing to do it while being accused of bad faith and of having no reading comprehension.
Factually, you do either have bad reading comprehension or are operating in bad faith, because otherwise you could not have made this statement:
> So if your so called authorities passed a law saying you're required to participate in some atrocity such as genocide, you'd do it with a clean conscience? Okay.
No need to respond. This is just documentation for future HN readers.
Would be better if they simply made it free for open source developers. I can barely justify spending time on my hobby projects. If I paid for this, I'd be paying to work for them since they're using our data for training.
It is fraud but nobody cares anymore. Laws only matter if you're defrauding rich corporations with pockets deep enough to actually pay lawyers to sue you over it.
It's unfortunately the norm for hardware companies. My laptop's manufacturer shipped a "control center" app so bad it takes around a minute to display a window on screen. Words can't describe how aggravating it was to use. Reverse engineering that piece of crap is one of the best things I've ever done.
The control center apps are always the worst offenders. It's bizarre that a company can nail the hardware engineering and then ship companion software that feels like it was written as an intern's first project. At least with open source alternatives like Mouser you can just bypass the whole thing. I wonder how many people have switched mice entirely just because of bad software.
I used libusb for my laptop's keyboard LED driver and it absolutely does require root access. At least it works instantly and exits afterwards, unlike the manufacturer's shitty app.
Pointless and deceptive. A real "right to compute" law would ban remote attestation, would ban discrimination against users based on the "trustworthiness" of their systems, would force companies to allow custom software and firmware as well as provide technical documentation and specifications to users so they can repair and modify the systems they bought.
You have the right to not provide custom software and firmware and technical documentation, the right to enforce remote attestation, and the right to refuse service to whoever you wish.
> Just like all food sellers have the right not to provide documentation on the ingredients and nutrition of their products?
I agree that they should have this right. My personal anecdote explains that the citizens of other countries do have this right without the world falling apart.
> Just like all food sellers have the right not to provide documentation on the ingredients and nutrition of their products?
I agree that they should have this right. My personal anecdote explains that the citizens of other countries do have this right without the world falling apart.
Your right to do all that should be taken away. Our freedom to own our computers is more important than your right to punish us for trying to do so by banishing us from digital society via remote attestation. Your only option should be to accept that we own our computers and deal with us on those terms. Refusing to do so should be criminalized on the same level as racism.
Disagree, sometimes you'll see real people on this website advocating for racism to be illegal. It wouldn't surprise me at all if that's what they truly meant.
https://tee.fail/
Defeating remote attestation will be a key capability in the future. We should be able to fully own our computers without others being able to discriminate against us for it.
reply