Why is anti-cheat always client-side?
Why is it not more common to implement anti-cheat on the server instead of the client? Is that not more secure? Couldn't the server just check what vision a player should have and not provide any other information to prevent wallhacks or maphacks? Or check how fast it is possible to move to prevent speedhacks? Aimbot is a bit harder to detect I guess but what about the other ones?
You are viewing a single comment
Definitely not how that works. The server has no idea how to tell how the GPU on the client-side is rendering anything. The server is just doing server things, which definitely doesn't include data on the "vision" of each player. There's a lot less data being transferred than you assume here.
All of these are way easier to detect client-side, because client-side you can actually check the code that is running.
A server that checked all the code that is running would be a very, very slow game. Like imagine a chess game where it took five minutes for a move to register after making a move. Servers focus mostly on "player state" like, where are they, what direction are they looking, what direction are they moving, what buttons they are pressing, and a lot less on checking the code of the remote player. Once again, because checking literally every players code remotely would slow everything way the fuck down.
I remember a long time ago it was on the server side that the hits were registered not on the client side. It had a funny feeling because you would have to shoot where the target was going towards instead of shooting where the target was. And that was done with 24 players in a server
This is still the case for most games. Games have just gotten better lag compensation methods.