There’s also a way to detect family sharing accounts by a simple API call.
But please note that all of these methods are error-prone and counter-measurable.
- Any sort of text written to the client is automatically shared between users on the same computer (because SteamPipe is awesome!). My relatives/flatmates could easily be legitimately playing on a shared computer without us being alts of each other.
- Everything you store on my computer I can check, read, write and delete.
- What if I get a new computer? These “cookies” and IDs are usually gone, at least archiving my Garry’s Mod folder is one of the least important backup actions for me.
- Family sharing can also be used for legitimate reasons.
I know there’s always worse, but I think no matter how ignorant someone can be, they always know the wonders of reinstalling. GMod keeps kicking me out? Reinstall Windows, format the whole hard drive… yet again, all the files you stored on my drive are gone. (Though I know this is overkill. :hammered: )
What you should also think of is checking against the user’s friendlist and group list. If someone makes and plays on an alt account, they usually have some core friends added on the alt, because most of the time people still want to chat with their mates even if they are knee-deep in ban evasion.
Oh and yet again, error-prone: a group of very close friends can instantly marked as an alt-account circlejerk because of the friendlists.
But these are the parts that can be machine-checked… Not the best situation. But instead of instantly preventing the user from playing, they could be flagged “suspicious” and a real-life admin, a thinking human could take care of the situation.
TL;DR: It’s hard to detect automatically.
Even at Wikipedia, the best way of detecting a sockpuppeteer is by “social engineering” and observation: if someone is very confident about, let’s say, being an anti-Tory or pro-terrorist (just two random examples), even if they are banned, their alts will visit the same articles, edit with the same language, make the same vandalist moves. IP checking and machine ID checking is just the first step. False positives and false negatives are a thing!