Breve

Well, go ahead and take a music video your favorite artist posted publicly on X and upload it to YouTube unaltered and see how far fair use gets you with the defense that the content was publicly available. 🤷

Fair, though this is also where the double-edge sword of discoverability steps in too. Many people complain about the lack of it on decentralized systems, but centralized systems have a nice catalog of users for bots to message with little effort.

I'll admit that lack of discoverability isn't a perfect solution since there are other ways for spammers to discover users. E-mail is a great example of a large, long running, decentralized system that has increasingly suffered from spam since its inception due to mass data collection of addresses. However if you're really careful about who you share your address with, it's possible to still avoid most of it. I give out unique e-mail address to companies and spam tends to only come in on a few, often because they were breached or are otherwise "leaky" about their user's data. Dropbox is by far the worst offender.

I've seen pictures of rooms with walls full of Android cell phones on shelves all hooked up by USB for power and remote control. They can load apps, register accounts, and interact with content inside the app while appearing as legitimate mobile users. That's why moves like Reddit restricting API access only hurt legitimate users and lazy bot farms, cause the hardcore bot farms have been using the official app on real phones all along.

I've been using Mastodon and it's a pleasant change of pace. I've heard of some spam happening there but I think responsive admins and the lack of algorithmic feeds really reduces their reach.

Oh actually it's worse than that. There are online companies that offer online SMS services that can receive messages from real phone numbers by essentially telling your carrier you want text messages forwarded to them. Obviously they usually make you prove that you own the number before requesting forwarding, but there's ways around that. I've known several people who've had their online accounts broken in to because someone hijacked their phone number's SMS in order to perform password resets or bypass 2FA.

While some may see this as good for Bluesky, I bet this is the floodgates opening to bots and algorithmically boosted harmful content. Good luck everyone on there!

DEJA VU!

Well if Meta is the "industry leader" of tools designed to prevent this yet it's still happening at a large scale, then he's basically admitting that there is no way the industry can solve this. I hope they get legislated into the ground.

Yup, very true. There's even the possibility of hardware level cheats, just like that new MSI monitor that analyzes the screen with AI. Imagine that but instead it's a KVM switch like device that can "see" everything happening on the screen as well as the keyboard and mouse inputs. You could train it to recognize and track enemies in an FPS then add in some extra inputs to correct the aim every time you fire, or activate abilities in a MOBA automatically in response to enemy actions. I think this is what Gameshark might be trying to do. Short of requiring cryptographically secure input devices, the only way to detect this type of cheating would be behavioural.

I mean I'm not going to jump to the conclusion that they are definitely actively doing this, but more that if they openly admitted that their anti-cheat software has the ability to invisibly monitor everything on your computer from your browser to your password manager, then people would be way less accepting of it just because of the potential risk.

I find it contradictory how Riot's own explanation contains the following two statements:

This isn’t giving us any surveillance capability we didn’t already have.

The problem here arises from the fact that code executing in kernel-mode can hook the very system calls we would rely on to retrieve our data, modifying the results to appear legitimate in a way we might have difficulty detecting.

If the first statement was true (which it's not), then they shouldn't need any additional capabilities offered by running at the kernel level to surveil the system to detect cheats. As they admit in the second statement though, it is exactly because cheats abuse the OS security model to gain capabilities to both monitor and interfere with the game in an invisible manner that they need to get those additional capabilities to invisibly monitor and interfere with other programs too. The best they can do is a pinky promise that they won't abuse this power, but they don't even give us that promise and instead insist they don't actually have that power. That's super suspect to me.

I hope people using cheating software understand the dire security consequences of installing and running that type of software too, especially in that it comes from very shady sources.