Vanguard takes screenshots of your PC every time you play a game. Every time you play a game a function is called to screenshot your PC’s screen, in case Vanguard thinks you might have something suspicious, it screenshots your ENTIRE PC screen (all monitors).
Edit: Not trying to spread false info this was shared to me via a friend and there is other data to back up that this is real https://www.unknowncheats.me/forum/anti-cheat-bypass/634974-vanguard-taking-screenshot-pc.html
https://www.unknowncheats.me/forum/valorant/484475-vanguard-screenshots.html
There should be laws against this everywhere (with other forms of data collection included). There’s no way preventing cheating is more important than the fundamental rights to security and privacy.
There is, this could have the potential to collect PII and its %100 they’re not storing this as encrypted data on their side. So it is %100 illegal to do, now if they’re fined for it is a different story.
Even if encrypted this doesn’t sound like something compatible with the GDPR.
It depends. There’s 2 different methods that I don’t think they’re doing that would make it legal:
-
Explicitly tell the user what data the anti-cheat collects when you install it, and what other companies have access to it.
-
Anonymize the data. Crop the screenshots in storage media to just the game screen, and have a list of which games need what sections of the screen blurred to remove usernames.
The first is far more useful for them than the second, but it also undermines it’s functionality as an anti-cheat because you’re telling the cheat creators what to guard against.
Of course, the real answer here is stop doing user-side anti-cheat at all, do it server-side, and trust nothing the client says. That’s more difficult than user-side, but it also has the benefit of working, while also respecting the user’s privacy.
-
Which is why I’m almost certain it’s not happening. So far the only source is a cheat forum. I wonder what their motivation is.
Even in corporate dystopia where they monitor you every 15 seconds screenshots are frowned upon. You never know what kind of sensitive data that can reveal.
There’s no way Riot is doing it. The backlash would be immense, and they absolutely know it.
This agitprop stems from the makers of cheat software who are mad that the risk of using their hacks will go through the roof. Sure, you can still get around it. But now if you screw up it’s a hardware ban.
They’re gonna lose a lot of accounts that they sell at $10/pop.
I wouldn’t mind talking more about security, but I’ll save that for another comment.
I wouldn’t be totally surprised if it was taking a screenshot and analyzing it locally or maybe somewhere on the network, but I agree it’s really unlikely they’re storing it.
This is what I’m thinking as well, what’s the point of doing this? As you’re going to take and go through every image with a human checking it out? Just seems pointless.
I’ll take that bet. Even a standard S3 bucket is “encrypted”.
Sure but I doubt they’re sending these to aws storage, probably just sending them to their internal storage, and very few companies encrypt server data unless it’s at rest…or they’ve got it on someone’s laptop with bitlocker on it lol
The screenshots are awful, but your statement is pure speculation, and likely just wrong. It’s pretty easy to encrypt images.
First it’s not speculation, PII is protected information. As a company you cannot collect it without properly storing it, nor can you collect it without prior authorization. Second, the odds that they’re encrypting the images is pretty damn low as they’re not actively looking for PII and just cheating software.
I know PII is protected, and a company like Riot is audited. I’m sure something in their TOS says they can collect the information, as BS or unenforceable as it is.
They’re probably multi-cloud, but I know they are a huge AWS customer because they have a giant booth at re:Invent every year. AWS has pretty easy ways to encrypt data and even detect if it has PII. They’d encrypt or redact the images because the potential of capturing HIPAA or PCI information is too great a risk.
If anything, trust that the company is profit driven and will avoid that risk. They’re still garbage and kernel level anti-cheat sucks, but we shouldn’t be spouting that unencrypted stuff as fact.
Until otherwise noted, I am going to take the cautious route on this one. I’ve worked with a lot of fortune 500 companies and they love to do shit the cheapest way possible.
Just last year I was at a security conf and they said the biggest threat to security right now is anticheat software, especially that owned by state actors. The venn diagram for people with anti cheat installed and people with admin priveliges and SSH keys for work installed is almost a circle.
Anti cheat software. In other words a fucking virus.
It’s not really any different than any other application you run on Windows.
User level access is all that’s needed to upload the majority of your files. And we’re all trained to push yes to the admin access button all the time.
If you really want to be secure, you need to have a different OS/hard drive for your games, and not allow that OS to access your secure drive. I haven’t yet gone this far, but it’s reasonable. Lethal Company on Steam is much more of a risk than anything Riot, including Vanguard. Tarkov was enough of a risk that I wouldn’t install it at all.
In the future this is a change I might make, but Riot isn’t in the top five of reasons why.
OOTL what’s the risk of Lethal Company? The cray amounts of mods that people pull down or something else?
The mods for one, absolutely. Also it’s just a much, much smaller developer with much less oversight (even internal) and less to lose if they were caught.
And trying to sell this data for a price that would matter to Riot would make it even more likely to be caught, and maybe land someone in prison. Screenshots are not okay (and aren’t happening).
The game itself is probably fine. Most things are probably fine. The mods are absolutely more risky. And all of this is more risky than Vanguard.
Part of it is also the high profile. Part of it is the attention and pushback.
If you want real corporate spyware, check your car in your garage.
Windows is a virus itself.
Time to switch to Fidelity
Bruh
I thought it was weird when my investment portfolio started investing heavily into Bad Dragon. I’m remember to close those tabs next time I log in.
This was my first thought. Why is Vangaurd interested in what games I play and how are they doing this when I don’t think they have anything to install on my PC?
I’ve tried to see if this is real but I fail to find any source code leaks for Vanguard or if it has ever been leaked. The poster himself also doesn’t seem that credible unless your definition of credible is “THE TERROR OF RIOT GAMES”.
Am I missing something or is this post likely just bullshit?
EDIT: It’s does seem to be real, though in the same thread other people with higher reputation did chime in that it doesn’t take screenshots of your other monitors, just the one Valorant is on.
I’ve tried to see if this is real but I fail to find any source code leaks for Vanguard or if it has ever been leaked.
The variable names suggest it’s a decompilation.
I was sent this via a friend not sure if it is fake/bullshit I will remove. I did a quick pass on his twitter and such and seemed legit enough not sure
It’s fake/bullshit unless you have a source more reliable than “some guy on Twitter”.
Every time you play a game that uses vanguard or every time you play any game?
Both are bad, but one is way worse
I don’t play Valorant, so I can’t say. I do know, however, that it runs as a Windows service, so it’s always on and always keeping an eye on your system.
Yeah BC why shouldn’t they know you enjoy Asian ladies with big titties!
You aint got nothing to hide, or do you?!
the code posted in the forum is only pointing out the capture and send to server function exists, but not what calls those functions, so still don’t know if it affects other games until they posted the full article as promised. Btw, taking screenshots as anticheat is not new, they use this to catch overlays/cheat application UIs
Also any time you open a webpage in Windows, a nude photo is taken of you (whether you’re currently clothed or not) and posted on your mom’s Facebook.
My source for this is the same as OP’s.
A cheating website doesn’t like Vanguard. Big shocker.
Or MAYBE, people who enjoy “hacking” (the actual programmers, not “cheaters”) and go decompile/learn the inner workings of programs might have a better idea of what’s going on? Just a wild guess.
I’m a professional software developer. The people hacking league of legends are doing it for money. Guess what kind of activities make money.
As a fellow professional software developer, you are being silly if you don’t think people do this kind of shit for fun.
Okay, do YOU honestly think Riot is taking screenshots from regular players and sending them to their servers?
Or is it more likely that this is propaganda stemming from people who make money selling cheats (and those who are convinced by those rumors)?
Points at everything riot has ever done
Yes yes I think they do
How would that invalidate their findings?
Kinda weird that the top of the league subreddit isn’t filled with people complaining about their bricked PCs, isn’t it.
Its like, State Law, or sumthin…
Imagine being treated like this just to play a fucking game…
Which games use Vanguard?
Valorant, as of right now. I don’t think any other games use it.
League of Legends I think just started using it as well, breaking it’s linux support.
And why I stopped playing
good on ya!
A much more reasonable complaint than this bullshit.
Tbf it’s a compounding issue. It breaks Linux support because Vanguard demands access Linux will never give it which is kernel level.
Didn’t it just roll out to league of legends?
League of Legends recently adopted it.
Use Linux and say no if a package requires su.
Intriguing.
I don’t have any games that use Vanguard, but if I did, I’d be queuing them up for some TLS interception and analysis.Lmao I still cant believe the suckers who play this.
deleted by creator
Many people criticize that, but I can’t really think of any non invasive solution to draw away cheaters, except making specialized device to play the game (sort of PS4 to play one single game only?), but pretty sure it won’t take long for cheat providers to crack it as well… Sadly.
but I can’t really think of any non invasive solution to draw away cheaters
Server-Side Anticheat. The Minecraft community has been doing it ALL ON THEIR OWN for YEARS, effectively.
Yep, This is the way.
Yep, there are mods for Minecraft that warn you that certain of their functions will trigger anticheat if used on a server (so only use those features only in single player, where your server doesn’t care if you cheat)
Pretty sure it’s crazy expensive on a large scale, I don’t think that people will pay monthly fee to keep playing apex/val/insert game. And more than sure these companies will try to force players to pay for it :/ Previously I had a small chat with aimlabs devs about application of neural networks for it (detecting weird patterns and irregularities, that what NNs are good at as well) but as I understood it would be expensive as well since obviously you want to run the model on your backend’s side… It’s and endless war between both sides without silver bullet ATM and I don’t really understand why people are so mad about my comment lol
Hypixel is fucking massive and finances this purely of off cosmetics for the most part, with Hypixel having developed their own custom server-side anticheat solution
Oh, they also don’t use neural networks for this.
They’re big but not even close to goliaths, their 24h online is at 40k more or less, which is nothing like CSGO or apex… Their all time high is less than apex daily active sadly.
I’m not saying their system is bad, but I am saying that it is still not tested for a large scale though.
server side anticheat is the only ultimate solution.
all client side anticheat measures will have vulnerabilities that will be found and people will cheat. (look at DMA pci cards, for instance)
How would a server side anti-cheat prevent a DMA exploit?
Don’t send opponents location until they are visible for example. That way a wallhack won’t work.
That literally doesn’t work for faster fps games
it simply wouldn’t trust the client with anything the player shouldn’t know, to minimize cheating potential. valorant does this, and made a blog post about it. also, player movement could be analyzed server side to attempt to distiguish between cheating and legit.
I think client side invasive anti cheat is likely more effective than this, but its a cat and mouse game. if the anticheat was server side and good, there isn’t anything to attack
The problem is, most game devs are lazy and would rather offload the expensive compute required to catch cheaters onto the client instead of coming up with server side methods that work. I follow a game dev on youtube, and that’s one of the things he goes on about at times. Dude is a security researcher and had a lot of time doing that for Blizzard, so I’m pretty sure he knows his shit.
Also there’s a fundamental fog of war of what your anti-cheat can see. Valorant cheaters are using hardware cheats, that literally takes in a video output, analyzes it, and sends in mouse inputs, on a different computer, the anti-cheat straight up can’t see it, they only see there’s a video out and a mouse in. Ultimately, having physical access of a hardware and you can just tell the software whatever you want it to see.
Kernel anticheat also doesn’t work, Valorant is full of cheaters, and Apex Legends players had their game remotely hacked installing cheat software mid tournament match. And an increasing number of cheats bypass the computer/console all together, and replace inputs to the computer to allow macros or aim-botting. Recently a monitor was announced for league of legends that will track enemy players movement and location for you from the video feed alone.
The best way to prevent cheating are with good server side anticheat. Another possibility is that companies can offer secure computers through a live streaming service like Geforce Now, which would be more secure than kernel anticheat without any of the privacy issues.
As far as I know there is no evidence to support the fact that the hack was installed remotely. It’s much more likely that it was a targeted attack where they gained access to the compromised system some other way, then waited for the tournament to act.
But I agree with you that there is also plenty of evidence pointing to cheaters getting past kernel level anti cheat in games like valorant and continuing to cheat.
I’m not entirely clear, but it sounds like the hacked Apex games were on computers at different locations, which would make me think they were likely hacked remotely without physical access to the hardware. The hacker claimed he performed the hack by using a vulnerability in the game process, and that his hacking method only let him compromise the game and didn’t give him any access to the people’s PC itself. The developers said that it was EAC itself being exploited, but that the specific exploit shouldn’t allow him access to owner’s PC.
The combination of statements makes me think this was a remote hack that exploited vulnerabilities in EAC/Apex Legends. Thankfully there seeming wasn’t an escalation to give full access to the PC, but considering the level of access that kernel anticheat has I would be very concerned about the possibility for any future hacks that compromise anticheat systems.
I might be ootl, but as far as we know, wasn’t EAC ruled out? I recall watching Pirate Software’s videos breaking everything down, and iirc, it was more likely that the individual computers were compromised at some point than it was remote code execution. Though it was still up in the air what the hacker could do, as they seemed to be able to send commands the server would accept (eg, gifting thousands of packs to steamers live on stream). Been a while since I watched, and the vids are also hours long so I don’t expect anyone else to sit through it, but here’s the first if anyone’s interested. Apex Legends Vulnerabilities - Breakdown and Interview
I don’t know exactly, I was just referencing what was said in the article I linked above, which has quotes and statements linked from both the hacker and some apex/eac teams.