[TTT] Players hacking, and evidence gathering

So, I seem to have split my server’s staff team on this as half think that the method of gathering evidence we use is unethical, and the other half feel it’s justified if we pre-warn users that it will happen if they cheat. How do we do it? We take a screenshot of the player’s client if we detect a variety of hacks on their client, then send it to our web server, if it happens multiple times the system then automatically bans the player.

Some of our staff believe that we should never take a screenshot from the user’s client, with or without prior warning/consent, others believe that it’s okay if they violate the rules and we pre-warn them. The only reason we use these screenshots is for enforcement of the bans or to clear allegations in the case of false-positives.

To the point of what I want to ask, do you guys believe it’s okay to do this with a strict privacy policy in place on handling them, taking into account that it is sent directly from the user’s client without our administrators intervening.

I’m confused, what do you mean “to the web server.” Are you not the server owner?

I am, and I meant that we use a POST request to forward the base64 screenshot to a web server which stores it for use with ban appeals and such, this is done directly from the offending user’s client itself.

Why don’t you just say in your MOTD or rules or whatever that you reserve the right to take screenshots of clients whenever the moderator(s) feel necessary? `

It depends on your implementation, if you take screenshots automatically without anything on the players, than that’s silly. If you allow moderators and administrators use of the screenshot system and take them automatically if you detect certain activity ( forcing sv_allowcslua for example ) then having the system there greatly outweighs privacy issues.

That’s kind of how I was thinking it would work. The staff don’t actually have access to force a screen capture though, the system detects the cheats then does it on its own; however there are still some cheats I can’t pick up as of this moment in time.

The way I was going to balance out the privacy issues, was a warning on the loading screen then a notice on the top of the screen for the first 30 or so seconds of joining (including after map changes).

It’s a security thing so I don’t see why not(If you warn them they can easily turn it off). There shouldn’t really be anything to hide or be private about, although we did catch a player watching porn on his steam overlay browser one time…

I don’t really see how it would be “unethical”. If you did something like dump their cheat or crashed their game or computer somehow, then maybe you would be getting a bit further into the grey area. Make sure your staff realise that you’re not taking a screenshot of the entire desktop or whatever, only the game window. Speaking of, if you’re using the method I think you’re using, it’s not exactly something I would recommend relying on. I’ve managed to find a way around it already, and if I can do it, so can others.

if someone took my cheat from my folder, I would be pretty pissed.

and who gives a shit if it pisses you off? It’s your fault for cheating on their server in the first place.

[editline]3rd July 2013[/editline]

If you weren’t using it and they took it then yeah that’s unethical.

Then you should probably secure your cheat better (thought you probably can’t see this because you are banned ;_;).

[editline]3rd July 2013[/editline]

It’s a mutual thing. Chances are their server has some custom made anticheat that someone probably worked really hard on since there are no good public ones that I have seen. Wouldn’t it be a shame if I posted a full dump of it + code that would bypass it on someplace like hackforums? If someone who does not want their cheat dumped is cheating on your server, chances are it’s not public, so all that is necessary is a ban. Then again, as I told the dude above, it’s kinda the developers fault for not taking steps to secure their cheat from being stolen/detected by an anticheat, but meh.

Personally, I believe that taking the cheat itself would be going against the entire point of the script. It’s an anti-cheat, so it should be a preventative measure and shouldn’t interfere with the client’s operation in any way. While it would be useful to find out what cheats are running and decompile them in order to stop them in the future, I don’t see a reason to do that if the system can already detect it. :stuck_out_tongue:

If it can’t, I can always look on Hackforums or MPGH for scripts that people use on most servers.

Shit man, taking pictures without the players knowing. You’re the Gmod NSA!

By using cheats you are exposing yourself to something that could be stealing more than any anti cheat ever could anyway.
At the same time by cheating you acknowledge the consequences whatever they are… The only people that don’t agree with it are people that cheat themselves, thats probably your own staff. Why would they complain about something that makes their life easier. There is nothing ethical about cheating…

I wouldn’t say it’s wrong…

Which means you should send me the code to take pictures of players screens as I really cba making it.

I have never encountered cheaters except a few ghosts during my 200 playtime of TTT.

In the 6th months of my server being online, I’ve had everything from players using aimbots to wallhacks and role detectors that edit the GUI. However, it’s only recently that we’ve discovered quite a lot of them because of the new anti-cheat system we’re implementing :slight_smile:

It all depends on what kind of server you go to, their staff and users themselves. Some servers are peaceful and mainly to themselves with a large community that wouldn’t do such a thing, others are open with a small community and much larger outside users who have no such obligation to the server itself.

That made no sense.

Also there’s a difference between taking someone’s script and leaking it to pastebin or wherever.

I do it and have gather a good collection of player screenshots. If you caught hacking you deserve a ban. Mind you I collect all player screenshots and there updated regularly.

http://www.sourcetribe.co.uk/screenshots/

http://www.sourcetribe.co.uk/screenshots/index.php?id=STEAM_0:1:59811481

While I collect player screenshots we also have an observer. Some players who have been banned for hacking don’t always should up on screenshots and it pretty easy to catch those players.

Do pardon me, I simply meant that it’s still in the works, while it’s officially active we haven’t completed all of its functions so some features are incomplete. Prior to this system, we had no factual evidence that people were cheating.

The law states you need to have to user agree if you are taking any data from their computer without their consent, you also need to state the purpose (anti-cheat blah blah), and who will see the data, how long it will be kept for, and exactly what data you will be taking.

If all those are in your terms somewhere and you make sure the user agrees to them (keep a record in a database, not just something they see when they join, its a law requirement), then from a legal viewpoint you wont be doing anything wrong, take a look at Punkbuster’s T&C for an example.

However from an ethical point of view I would never join a server that would take screenshots of my screen, even for anti-cheat and I think its a bad idea, imo find a better or different method.