Anti-cheat ideas

[Thomas A. Fine]

• Don't ban players.  Silently place them on cheaters-only servers.
  • This is about vendor incentives rather than player incentives.  Vendors continue to make money from cheaters, and don't have to be so adversarial.
• Input devices (mice, keyboards, gamepads) that generate private key signatures on data packets (based on embedded tamper-proof hardware to store the key), which are passed on to the server. Mouse movements that are not signed by a vendor-published public  key are a sign of cheating.
• Vendors should hire someone to cheat, so they know how to detect cheating, both at the user level (the wiggle), and at the lower software level (how does the code work, what mistakes might it make).
• Vendors should implement traps in their code designed to catch cheaters.
• Smarter tracking of mouse aiming statistics.
• It seems like a cartridge could be designed that makes it more difficult to cheat, without having to put the entire game processing engine (CPU/GPU) on the cartridge.  A tamperproof private key, and a fast encryption engine, for direct comms with the game servers that can't be intercepted or read from system memory.
• Anti-cheat needs to be a cross-vendor, cross-platform, cross game effort.  It could be prohibitively expensive to try to do some of these things one game at a time, but becomes much cheaper when that person you pay to cheat is learning about 20 different games.  it is also much more of a disincentive if getting banned on one game gets you banned on all the games.

 

Ultimately it's about having someone who's full time job it is to maintain and constantly improve anti-cheat methods.  Paying someone to cheat so you can learn the cheating approaches would be key.

 

Regarding smarter tracking of mouse aiming statistics, I did actually write a quake aimbot years ago.  It was a quake proxy server that would inject aim-corrected mouse movements.  After I got bored with it I changed it to track how accurately other players would aim.  Kind of interesting.  But with more details you could detect cheaters.  Instead of just accuracy, keep track of how often insanely rapid mouse flicks end with a kill shot.  Or how often sudden mouse position changes land squarely on another player, whether there's a kill shot or not.  It would depend on observed behavior of existing cheating software.

 

Regarding traps, there's all sorts of possibilities.  Luke mentioned a game that detected impossible memory accesses.  You can make random protocol changes that appear to work fine with a cheat client, but trick it into revealing itself.  Or duplicate memory locations of data the cheat program accesses, and then change it some minutes into gameplay.

 

The main point is that, while yes, anti-cheat is hard, if vendors really gave a shit, or were forced to give a shit, there's a lot that could be done.

 

And a side note about Luke's claim that you can't stop cheating, because someone can just put a camera on a video screen and a robot arm on a mouse.  It's true... but if anti-cheat reduced cheaters to only that method, I submit that you will have effectively killed cheating as a rampant problem.  For one thing, such a system can not give you an information HUD that adds anything extra.  No X-Ray vision, or secret player stats or anything. All you have is a very expensive aimbot for slightly improving your aim of things that are onscreen.

[jaslion]

1. Ton of games do that already

2. Dont add drm into mice, keyboards,... this goes wrong every single time and forces planned obsolescence more

3. they know and have access to it

4. there are plenty

5. Plenty of people using non standard mice and different ways of aiming this will be basically useless data. Besides we have smart cheats

6. Thats drm and encryption. It always fails if the game gets popular enough. Also adding more drm is only going to hurt people more and do little for cheaters

7. Denuvo is that. Its a really shit piece of software that brings big performance impacts with it and other issues. Usually the cracked version of the game with it disabled or even removed is by far the better running game and more stable

[mononymous]

2. How would you make sure that you get coordination between hardware vendors and software developers, it's going to be a nightmare. 

 

I do use cheats whenever possible. Although not for online games if it defeats the fun of other players. 

[Thomas A. Fine]

Pubkey encryption is not DRM.  Pubkey encryption is personal security.

 

DRM can be based on pubkey encryption.  But secure web browsers are based on pubkey encryption and that's not DRM.

And it's coming to more and more products, because it has to.  There are specialty cameras with pubkey encryption that add digital signatures to photos, for forensic use, because you can prove the photo was not tampered with.  it is literally the only way to accomplish this.  With image and video manipulation becoming common and trivial, they're going to have to start putting this into consumer imaging products.

None of this has anything to do with DRM.

[Thomas A. Fine]

3 minutes ago, mononymous said:

2. How would you make sure that you get coordination between hardware vendors and software developers, it's going to be a nightmare.

I'm not sure where the nightmare comes in.  You just need some very basic software standards (like how to sign mouse events, for example), and you need a way for applications too look up public keys from vendors.  Checking signatures is trivial and foolproof.  Probably some USB protocol to tell an input device to turn on or off those signatures.

 

There may be an issue of introduced lag.  Generating signatures from a predetermined private key ought to be very fast though.  And checking them on the server doesn't need to be handled in a timely fashion, they can be checked infrequently and after the fact.

[Poinkachu]

28 minutes ago, Thomas A. Fine said:

Pubkey encryption is not DRM.  Pubkey encryption is personal security.

 

DRM can be based on pubkey encryption.  But secure web browsers are based on pubkey encryption and that's not DRM.

And it's coming to more and more products, because it has to.  There are specialty cameras with pubkey encryption that add digital signatures to photos, for forensic use, because you can prove the photo was not tampered with.  it is literally the only way to accomplish this.  With image and video manipulation becoming common and trivial, they're going to have to start putting this into consumer imaging products.

None of this has anything to do with DRM.

IMHO, it depends on implementation of the thing you suggested.

Is it applicable to existing product?
Will performance be the same in all application ?

What kinda numbers will it add to the price tag ?

Is it easily repairable if the special module breaks ( if it's hardware based )?

What if there's a counter-measure for this, will users have to buy a new one ?

 

Pro gamers & gamers that are serious enough might not mind buying special peripherals (if there's one that fits them well)

The rest ? not so much. It'll be like "If you don't want to risk being considered cheating, spend money for something that might not fit your hand well & pretty much acts like non "special" mouse outside of the game".
 

There's also : Will peripheral vendors be interested in making one & maintaining it ?

 

18 minutes ago, Thomas A. Fine said:

There may be an issue of introduced lag.  Generating signatures from a predetermined private key ought to be very fast though.  And checking them on the server doesn't need to be handled in a timely fashion, they can be checked infrequently and after the fact.

There'll be people ranting about it thats for sure.
We're in a world where people goes panic mode and/or ranting about 5 FPS difference. Or spend hundreds of dollars for 10 fps increase.

 

There's also peoples who drill holes or mod on their favorite mice just to reduce/add some weight or something.

For me, peripherals are pretty much "tailored" to each users. A lot of people likes G402 or something modeled after it, I don't.

As much as I need a lot of buttons, my hand is not that long, and I don't palm grip. :x

[Thomas A. Fine]

14 minutes ago, Poinkachu said:

IMHO, it depends on implementation of the thing you suggested.

Is it applicable to existing product?
Will performance be the same in all application ?

What kinda numbers it will add to the price tag ?

Is it easily repairable if the special module breaks ( if it's hardware based )?

What if there's a counter-measure for this, will users have to buy a new one ?

 

Pro gamers & gamers that are serious enough might not mind buying special peripherals (if there's one that fits them well)

The rest ? not so much. It'll be like "If you don't want to risk being considered cheating, spend money for something that might not fit your hand well & pretty much acts like non "special" mouse outside of the game".
 

There's also : Will peripheral vendors be interested in making one & maintaining it ?

All fair questions.

 

I think a lot of gamers would pay an extra twenty bucks for a gaming mouse that genuinely worked at drastically reducing cheating for supported titles.

 

If you don't think most people would pay that twenty extra bucks then... I guess cheating really just isn't a problem for most people.  But I don't believe that.

 

At the worst, the 1.0 version could just have a physical switch you turn on and off to make it work with compatible games, for situations where signatures messed up legacy software.  (I don't know anything about USB protocols, though I suspect you could generate a parallel stream that wouldn't interrupt anything, though resolving that would be harder than signatures directly embedded per event.)

 

Would vendors do it?  There's gaming chairs.  Gaming soft drinks.  There's probably gaming condoms out there somewhere (and if there aren't LTT should seriously start selling them.  RGB FTW.)  So my instinct says that yes, vendors would do it, if it would work.

The reality though thing though is that a mouse-only solution could solve auto-aiming issues but on its own it could not prevent the other, worse forms of cheating, like heads up cheater displays, seeing through walls, seeing an overhead map of where everyone is, etc.  So that CS:GO player would have to manually aim at my profile that they can see through the door.

 

So in this respect, the biggest criticism is that input devices like this are only worth doing if there's robust approaches to solving other issues too.

 

Although, it's a fair question to ask why gaming protocols give away positions of players that are not currently visible, and not even close to visible.  Part of the answer is the server-side computational expense in determining the visibility of things.  But this does not mean it's an intractable problem.  Just that vendors haven't spent much time working on it.

[Poinkachu]

4 hours ago, Thomas A. Fine said:

All fair questions.

 

I think a lot of gamers would pay an extra twenty bucks for a gaming mouse that genuinely worked at drastically reducing cheating for supported titles.

 

If you don't think most people would pay that twenty extra bucks then... I guess cheating really just isn't a problem for most people.  But I don't believe that.

 

At the worst, the 1.0 version could just have a physical switch you turn on and off to make it work with compatible games, for situations where signatures messed up legacy software.  (I don't know anything about USB protocols, though I suspect you could generate a parallel stream that wouldn't interrupt anything, though resolving that would be harder than signatures directly embedded per event.)

 

Would vendors do it?  There's gaming chairs.  Gaming soft drinks.  There's probably gaming condoms out there somewhere (and if there aren't LTT should seriously start selling them.  RGB FTW.)  So my instinct says that yes, vendors would do it, if it would work.

The reality though thing though is that a mouse-only solution could solve auto-aiming issues but on its own it could not prevent the other, worse forms of cheating, like heads up cheater displays, seeing through walls, seeing an overhead map of where everyone is, etc.  So that CS:GO player would have to manually aim at my profile that they can see through the door.

 

So in this respect, the biggest criticism is that input devices like this are only worth doing if there's robust approaches to solving other issues too.

 

Although, it's a fair question to ask why gaming protocols give away positions of players that are not currently visible, and not even close to visible.  Part of the answer is the server-side computational expense in determining the visibility of things.  But this does not mean it's an intractable problem.  Just that vendors haven't spent much time working on it.

Like I said, depends on a lot of things.
Their income, their willingness to spend, whether or not there's one that fits their hand/want, etc. Casual gamers might not be willing to spend that much extra, especially for something that will only reduce. Some of them will have this thought in their mind as well "So... the non cheater have to spend more ? WTF ?"

 

Do I hate cheater in an MMO game? yep. But yea, I'm not gonna spend money for something that doesn't fit my standard.

Also, extra $20 is if the module can be bought separately and added into existing one. If not, then the person need to spend more than $20, since s/he will be buying a new mouse with extra cost.

 

It is a problem for most non-cheater, but is it their responsibility to spend more money just to reduce cheat in that game ?

Reporting cheater doesn't cost extra money they are more than willing to do it. Spending extra is a whole other thing.

Maybe if the game give some extra freebies in the game for users of this "special" peripherals they'll be more willing. But yep, at that point people who doesn't even bother spending for skin or whatever that doesn't give them real advantage over other players won't bother buying these peripherals.

 

Then what of these groups that doesn't want to buy the special one? will they get flagged? if so.... there might be incoming mass outrage.

 

Vendors' main care :

1. Will it sell ? How much units ?
2. Will it cause us huge headache later ?

3. How much money will be needed to maintain it ?

There's a lot of interesting useful product that got discontinued due to low demand and/or a huge PITA to maintain.

Some even cancelled before release due to new projection making it look like it won't bring much profit or something.

 

Not saying your idea is stupid, but yep, the real-world application of it might not be so well. Especially if it consist of multi-platform, multi-vendor, cross-games coordination.

I mean... we're this long into RGB galore (Which already proven to be selling well), and each vendor's mostly still need their own damned software to control, even after there's a third-party project that can already control & sync all of them. Each vendors want users to use their own proprietary software, even if the said software is proven to be shitty, just to control some LEDs.

 

There's also PSUs & Motherboard in prebuilt that still uses proprietary connectors.

[leclod]

From my experience, it's no fun to cheat, not lasting fun anyway.

[ImorallySourcedElectrons]

1 hour ago, Thomas A. Fine said:

• Don't ban players.  Silently place them on cheaters-only servers.

Agreed, this could be pretty funny. For added fun, spawn in NPCs with super-human reflexes and slowly drive up their performance until the cheaters can't keep up.

1 hour ago, Thomas A. Fine said:

• Input devices (mice, keyboards, gamepads) that generate private key signatures on data packets (based on embedded tamper-proof hardware to store the key), which are passed on to the server. Mouse movements that are not signed by a vendor-published public  key are a sign of cheating.

I see major issues implementing this, beyond the fact that you're basically creating another opportunity for Ubisoft to come up with draconian DRM:

• The custom keyboard market is getting quite huge, and is very popular amongst some gaming communities.
• Loads of folks use a keyboard until it's ready for the scrap bin, folks are still typing and gaming on 30+ year old IBM keyboards with a conversion dongle.
• If you talk directly to the hardware from the game, the game's code will get targeted, if you do it through the OS, folks will just write their own drivers. This is literally what happened with the hardware security keys for software licensing.
• I can just register as a vendor, sell MCUs which implement this protection scheme, and make a quick buck, while I can simultaneously be lousy enough to enable folks to just steal my certificate. This has happened countless times before with hardware security schemes like this, to the point where no one in the electronics industry still wants to touch it with a barge pole.

1 hour ago, Thomas A. Fine said:

• Vendors should hire someone to cheat, so they know how to detect cheating, both at the user level (the wiggle), and at the lower software level (how does the code work, what mistakes might it make).

Just buy the commercially released cheats? I know that's what one of the local game developers here does.

1 hour ago, Thomas A. Fine said:

• Vendors should implement traps in their code designed to catch cheaters.

Agreed, but this requires skilled and competent developers. Because some of these honeypots can be triggered by things like antivirus software.

1 hour ago, Thomas A. Fine said:

• Smarter tracking of mouse aiming statistics.

It's very easy to implement randomness in automated movement, folks already do this for auto-clickers for web stores with detection systems like this, so I'm not sure how effective this would be.

1 hour ago, Thomas A. Fine said:

• It seems like a cartridge could be designed that makes it more difficult to cheat, without having to put the entire game processing engine (CPU/GPU) on the cartridge.  A tamperproof private key, and a fast encryption engine, for direct comms with the game servers that can't be intercepted or read from system memory.

Folks will just rewrite the driver, and some bots literally just grab the render output directly through the graphics card's API (or even an external capture card is possible) and generate input as a fake HID. And before you suggest it, realise that taking out virtual HIDs would make it impossible to use accessibility software. Hardware protection also doesn't work to protect against someone who has weeks and months to attack your device, I think consoles have proven that by now. And it's cost prohibitive to implement a custom solution for each individual game, so once the architecture gets attacked all the invested money is lost.

1 hour ago, Thomas A. Fine said:

• Anti-cheat needs to be a cross-vendor, cross-platform, cross game effort.  It could be prohibitively expensive to try to do some of these things one game at a time, but becomes much cheaper when that person you pay to cheat is learning about 20 different games.  it is also much more of a disincentive if getting banned on one game gets you banned on all the games.

If anything, folks will get a camera, point it at a TV screen as input and operate a console controller using servos. That's how far folks are willing to go to win at a game.

[jaslion]

2 hours ago, Thomas A. Fine said:

I'm not sure where the nightmare comes in.  You just need some very basic software standards (like how to sign mouse events, for example), and you need a way for applications too look up public keys from vendors.  Checking signatures is trivial and foolproof.  Probably some USB protocol to tell an input device to turn on or off those signatures.

 

There may be an issue of introduced lag.  Generating signatures from a predetermined private key ought to be very fast though.  And checking them on the server doesn't need to be handled in a timely fashion, they can be checked infrequently and after the fact.

Nothing here prevents someone from having a usb device or a spoof piece of software

 

Like take consoles they are locked down to hell and they have been bypassed to support mouse and keyboard since launch

[johnno23]

Games are a cut throat business.....

a fine example is how Devs are quick to trash other games but then go hide when the gamers are universally full of praise.

 

Also in online games where players attack each other it is often a vicious cycle. Some people just get a kick out of ganking others whilst some players are actually good players and kill the less experienced. Many players are often faced with cheaters and tired of getting wasted so they often revert to the choice of rage quit or FFS they cheat so I am gonna Cheat.

 there is no simple solution as people are just so diverse. How many games today exist where you have the irritating campers that sit in a chat session talking and laughing not actually playing but simply wait and annihilate anyone that spawns in....Spawn points for many games are fixed location not totally random so easy to camp out and snipe and this is something many games suffer from. Some gamers ruin games and thats a simple reality in the present world of gaming.

At the end of the day games are designed to make money for the most part...the olden days of games made for fun and enjoyment are becoming fewer as more of the smaller developer groups are consistently bought out by mega game corporations if they see or smell any indy developer that is making a profit.

 

[Thaldor]

You just forget that all of that will affect the performance. For a recent example of corporation "won't affect performance" you can look up Atomic Heart, some have got 14% more performance out of the leaked DEV build without "won't affect performance" DRM, or for good example how "little" storefront DRM affects you can check Cyberpunk 2077 and compare EGS, Steam and GoG, even in the catastrophic launch Steam version was doing OK but Epic version was stuttering like hell and GoG version was again OK.

 

That is just protection against illegal copying that has gone rampart but is yet to go to the extremes where cheat protection would begin. Like you are talking about proofing every mouse call, that is a ton of of stuff to proof, like I don't think anyone anymore should use less than 1000Hz polling rate which is 1000 mouse calls per second, that is a lot to validate without introducing any latency.

Then you get the problem of privacy and security, current anti-cheat measures are a bit in the grey zone because they are intrusive, BattleEye, EAC, Vanguard and probably few others incoming run in processing space where NOTHING can monitor or manage them, as in the kernel mode. Vanguard got a lot of flak for this because unlike BattleEye and EAC it takes a step longer and even buries itself into the Windows startup so it can monitor EVERYTHING you do with the PC, for a record that is a lot of trust you need to give a one company that isn't in an industry field known for being trustworthy, as in gaming industry is shit full of lying, scamming and deceiving from the small "scoop and run" scams made by single devs to the EA publicly stating that gambling is just "surprise mechanics" and none of the companies are in places of Apple of Microsoft where one slip would cause massive problems in the majority of the population.

Detecting cheating also isn't easy, it's like detecting bots, some people just are that good/bad and you basicly shouldn't right out make the call right then and there. There are clear things that give them out right away but the most problematic ones are those who are smart with them, as in not having the aim-bot 100% accurate but have it like 60% accurate where just a bit over every second round in the same situation is instakill. Like old CS players will remember the old blu tack trick with AWP and after sometime you didn't even need it because you knew where the aiming point is without any visual cue about it and you are pretty bad player if you didn't learn the height of the characters in certain positions, and so calling someone cheater after they headshotted someone with AWP became a bit of a meme because quite often it was just combining couple tricks and people being so bad they didn't even know the first one of them.

 

Then you have the extremely problematic side of things: developers. I presume this comes from the discussion going around with Tarkov and with that I say the same as with the Wargaming and World of Bots, if the developer isn't willing to deal with the problem, then deal with the developer and walk away. It also comes down to developer if some of the features of the game can be misused to get this "kind of cheating" but it's not really cheating because you aren't doing anything the game doesn't allow you to do and if developer doesn't do anything about it, then deal with the developer and walk away.

[mononymous]

How about using a government ID/passport for verification so it is much more difficult to create duplicate accounts?

[Arika]

7 minutes ago, mononymous said:

How about using a government ID/passport for verification so it is much more difficult to create duplicate accounts?

FUCK NO.

[Poinkachu]

33 minutes ago, mononymous said:

How about using a government ID/passport for verification so it is much more difficult to create duplicate accounts?

I am guessing that by then the game devs also have to deal with a shit ton of amount of breaching attempt as well.

 

If they can beef up security and anonimity enough for it to be implementable, it limits users to those who already have ID / Passport.

 

But yep, really wilful ones may use stolen ID. Then got banned, then the real owner of the ID want to play later on and found out his ID already used & banned.

 

3 hours ago, leclod said:

From my experience, it's no fun to cheat, not lasting fun anyway.

Well, depends on the person.
There's some peoples who gets their "fun" from doing so. Cheat and then flaunt the "achievement" they got, eventhough it's all thanks to the cheat.

I think we've seen quite a fair share of streamers fiasco about this by now.

[SansVarnic]

1 hour ago, mononymous said:

How about using a government ID/passport for verification so it is much more difficult to create duplicate accounts?

I presume your joking but just in case.

Absolutely not. Ever heard the phrase "if you want it done as wrong as possible involve the government?" or if you want it done better don't involve the government", "how can we fail more? ask the government".

 

[Helpful Tech Witch]

7 hours ago, Thomas A. Fine said:

 

The main point is that, while yes, anti-cheat is hard, if vendors really gave a shit, or were forced to give a shit, there's a lot that could be done.

There are vendors that do give a shit and do a lot. And they get ridiculed for anti cheat being to invasive

riots vanguard for valorant is kernel level, its its far and away the most effective anti cheat in gaming right now

 

is it invasive? Yes

does it basically make cheating a non-issue? Yep

 

companies can’t make everyone happy. And judging from the very large success valorant has turned out to be, a lot of people are ok with trading some invasivness for a good anticheat

[oali24]

4 hours ago, SansVarnic said:

I presume your joking but just in case.

Absolutely not. Ever heard the phrase "if you want it done as wrong as possible involve the government?" or if you want it done better don't involve the government", "how can we fail more? ask the government".

 

how is that involving the government, that is just private companies using identification documents, I don't think you would argue that identification documents should not exist?

[oali24]

5 hours ago, Arika S said:

FUCK NO.

why not, just curious what your reasoning is, is it a privacy thing or something else?

[leclod]

1 minute ago, Caroline said:

What if you cheat to kill other cheaters but ignore normal players? white hat cheater

This is very difficult to understand for me, like it's fun to cheat cheaters ?

[Thaldor]

7 minutes ago, Caroline said:

What if you cheat to kill other cheaters but ignore normal players? white hat cheater

White hat cheaters would be those who don't cheat but develop cheats and then run to the dev to report how to cheat and then whine somewhere because dev doesn't give 2 cents about cheating.

 

Grey hats would be the masses who create their own cheats just for themselves in multiplayer games and someone like FLiNG who creates free trainers solely for singleplayer games (I would be happy to die on the hill defending the stance where cheating in singleplayer game is my right as the game (even license) owner to do what I want, after all the only one I am harming is my own gaming experience).

 

Black hats would be those who create cheats and sell them for money.

 

If you want to add users in, I don't think they really get higher than those who buy MP trainers and go straight to the competitive matches and most often get caught and banned and those would be something like dark grey hats at most. Most of the people using trainers and cheats are probably doing it in SP games and so it's kind of more very light grey, almost white hat stuff because again, "where's the harm?". Maybe people who cheat in some MMO to get some premium currency and sell it forward could go to black hat territory but that is pretty damn rare, or people who get other people banned by spawning stuff to their inventory or dropping hacked stuff around that will get anyone near them flagged for ban but even that is quite rare and has been subject only in very few games (Elden Ring is the only one I can recall at the moment).

[leclod]

26 minutes ago, Thaldor said:

White hat cheaters would be those who don't cheat but develop cheats and then run to the dev to report how to cheat and then whine somewhere because dev doesn't give 2 cents about cheating.

If that explanation was meant for me, thank you.

Still very difficult to understand for me on more than one level.

Seems there's a whole world out there.

But that world seems overrated to me.

There's a whole world out of that chair and I doubt one can do both nicely.

 

Edit : don't get me wrong I did spend a lot of hours gaming (never been online though)

Edited March 4, 2023 by leclod

[NF-A12x25]

12 hours ago, Thomas A. Fine said:

Input devices (mice, keyboards, gamepads) that generate private key signatures on data packets (based on embedded tamper-proof hardware to store the key), which are passed on to the server. Mouse movements that are not signed by a vendor-published public  key are a sign of cheating.

most of the stuff you propose already exists and SUCKS, especially stuff like Denuvo. And the input device idea is impossible because people use, and will continue to use, vintage mechanical keyboards, from-scratch mechanical keyboards, modded mice, modded controllers, etc., and taking that away would be a real dick move and also ensure that nobody plays your hypothetical game.

 

All around terrible horrible no good very bad idea. Alexander rates this a 0/10.

[Thomas A. Fine]

There's a lot of confusion about the gaming mouse or keyboard that generates digitally signed data, and some really issues that people have raised too.

 

Universality: sure it doesn't help if you buy this mouse, but your opponent doesn't.  I suppose any such hardware-based solution is dependent on 100% adoption, at least within some context.  e.g. games that have casual and competitive play might require such a mouse for competitive, or they might add a third "secure" category for those that want to join.  Within that category, you get the desired assurances.

 

Could this be a separate module you plugged your mouse in to?  Unfortunately know.  The entire scheme requires a tamper-proof all-in-one solution.  Otherwise the mouse that you plug into the digital security dongle could easily be a raspberry pi that generates USB events that simulate a mouse.  Does it preclude small makers from competing in this market?  Perhaps.  There may be a way to make a module that can be integrated into any mouse body, but it would have to integrate the motion sensor inside the tamper-proof package.  This makes a mouse a much more doable thing than a keyboard, where the external inputs would be a bunch of on/off switches, simple to fake.

 

Regarding the notion that there's always a way to cheat... it's true, but it's a fundamental tenet of any security scheme that there is never perfect security.  Why do you put locks on doors when locks can be picked?  Seems like a waste of time, yes?  No, because it raises the difficulty to the point where few make the effort.  And that should be the goal with anti-cheat.  I submit that downloading software that lets you cheat is easy.  But if you had to get a drill and a microscope and buy a gaming mouse and carefully drill through the potting compound and insert probes and have a one in 20 chance of being able to bypass the tamperproof defenses of the device, so that you could cheat... you've raised the bar to the point where it's now a rarity.  Would someone do it?  Yes.  But you would not have the experience of going online and getting pwned over and over again by cheaters.

 

Would it add lag?  It wouldn't have to.  Because anti-cheat doesn't have to happen instantaneously,, the mouse could generate mouse movements in the usual way, unfiltered, but also store up sets of mouse movements in order and sign them, and spew out these signature packets a couple of times a second.  It doesn't matter how delayed those are.  If it takes the server five seconds to notice that your mouse movements don't match the digital signature, five seconds isn't so long to catch a cheater, and the original mouse movements weren't slowed down at all.

 

Would it invade your privacy somehow?  People have thrown around random associations with DRM, which this is not, and (insanely) brought up the idea of government IDs.  All of this is absurd.  If you don't like the idea of having a unique ID embedded by a manufacturer in your device, then I suggest you immediately stop using ethernet, WIFI, bluetooth, cell phones, and, you know, computers in general.

 

Probably the biggest issue with all of this is the difficulty of getting such a product off the ground.  The device and the game software have to be developed in parallel.  And if it's not an open standard, it would never see wide adoption.  Or, in other words, the main problems are financial and political, not technological.