Vanguard takes screenshots of your PC every time you play a game - eviltoast

Vanguard takes screenshots of your PC every time you play a game. Every time you play a game a function is called to screenshot your PC’s screen, in case Vanguard thinks you might have something suspicious, it screenshots your ENTIRE PC screen (all monitors).

Edit: Not trying to spread false info this was shared to me via a friend and there is other data to back up that this is real https://www.unknowncheats.me/forum/anti-cheat-bypass/634974-vanguard-taking-screenshot-pc.html

https://www.unknowncheats.me/forum/valorant/484475-vanguard-screenshots.html

  • LostWon@lemmy.ca
    link
    fedilink
    English
    arrow-up
    109
    arrow-down
    2
    ·
    7 months ago

    There should be laws against this everywhere (with other forms of data collection included). There’s no way preventing cheating is more important than the fundamental rights to security and privacy.

    • SupraMario@lemmy.world
      link
      fedilink
      English
      arrow-up
      36
      arrow-down
      2
      ·
      7 months ago

      There is, this could have the potential to collect PII and its %100 they’re not storing this as encrypted data on their side. So it is %100 illegal to do, now if they’re fined for it is a different story.

      • exscape@kbin.social
        link
        fedilink
        arrow-up
        23
        arrow-down
        1
        ·
        7 months ago

        Even if encrypted this doesn’t sound like something compatible with the GDPR.

        • Barbarian@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          4
          ·
          edit-2
          7 months ago

          It depends. There’s 2 different methods that I don’t think they’re doing that would make it legal:

          1. Explicitly tell the user what data the anti-cheat collects when you install it, and what other companies have access to it.

          2. Anonymize the data. Crop the screenshots in storage media to just the game screen, and have a list of which games need what sections of the screen blurred to remove usernames.

          The first is far more useful for them than the second, but it also undermines it’s functionality as an anti-cheat because you’re telling the cheat creators what to guard against.

          Of course, the real answer here is stop doing user-side anti-cheat at all, do it server-side, and trust nothing the client says. That’s more difficult than user-side, but it also has the benefit of working, while also respecting the user’s privacy.

      • Serinus@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        7 months ago

        Which is why I’m almost certain it’s not happening. So far the only source is a cheat forum. I wonder what their motivation is.

        Even in corporate dystopia where they monitor you every 15 seconds screenshots are frowned upon. You never know what kind of sensitive data that can reveal.

        There’s no way Riot is doing it. The backlash would be immense, and they absolutely know it.

        This agitprop stems from the makers of cheat software who are mad that the risk of using their hacks will go through the roof. Sure, you can still get around it. But now if you screw up it’s a hardware ban.

        They’re gonna lose a lot of accounts that they sell at $10/pop.

        I wouldn’t mind talking more about security, but I’ll save that for another comment.

        • Cethin@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          I wouldn’t be totally surprised if it was taking a screenshot and analyzing it locally or maybe somewhere on the network, but I agree it’s really unlikely they’re storing it.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          3
          ·
          7 months ago

          This is what I’m thinking as well, what’s the point of doing this? As you’re going to take and go through every image with a human checking it out? Just seems pointless.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          7 months ago

          Sure but I doubt they’re sending these to aws storage, probably just sending them to their internal storage, and very few companies encrypt server data unless it’s at rest…or they’ve got it on someone’s laptop with bitlocker on it lol

      • kyle@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        7 months ago

        The screenshots are awful, but your statement is pure speculation, and likely just wrong. It’s pretty easy to encrypt images.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          7 months ago

          First it’s not speculation, PII is protected information. As a company you cannot collect it without properly storing it, nor can you collect it without prior authorization. Second, the odds that they’re encrypting the images is pretty damn low as they’re not actively looking for PII and just cheating software.

          • kyle@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            7 months ago

            I know PII is protected, and a company like Riot is audited. I’m sure something in their TOS says they can collect the information, as BS or unenforceable as it is.

            They’re probably multi-cloud, but I know they are a huge AWS customer because they have a giant booth at re:Invent every year. AWS has pretty easy ways to encrypt data and even detect if it has PII. They’d encrypt or redact the images because the potential of capturing HIPAA or PCI information is too great a risk.

            If anything, trust that the company is profit driven and will avoid that risk. They’re still garbage and kernel level anti-cheat sucks, but we shouldn’t be spouting that unencrypted stuff as fact.

            • SupraMario@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              7 months ago

              Until otherwise noted, I am going to take the cautious route on this one. I’ve worked with a lot of fortune 500 companies and they love to do shit the cheapest way possible.

    • Ashtefere@aussie.zone
      link
      fedilink
      English
      arrow-up
      7
      ·
      7 months ago

      Just last year I was at a security conf and they said the biggest threat to security right now is anticheat software, especially that owned by state actors. The venn diagram for people with anti cheat installed and people with admin priveliges and SSH keys for work installed is almost a circle.

    • Serinus@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      23
      ·
      7 months ago

      It’s not really any different than any other application you run on Windows.

      User level access is all that’s needed to upload the majority of your files. And we’re all trained to push yes to the admin access button all the time.

      If you really want to be secure, you need to have a different OS/hard drive for your games, and not allow that OS to access your secure drive. I haven’t yet gone this far, but it’s reasonable. Lethal Company on Steam is much more of a risk than anything Riot, including Vanguard. Tarkov was enough of a risk that I wouldn’t install it at all.

      In the future this is a change I might make, but Riot isn’t in the top five of reasons why.

      • conorab@lemmy.conorab.com
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        OOTL what’s the risk of Lethal Company? The cray amounts of mods that people pull down or something else?

        • Serinus@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          7
          ·
          edit-2
          7 months ago

          The mods for one, absolutely. Also it’s just a much, much smaller developer with much less oversight (even internal) and less to lose if they were caught.

          And trying to sell this data for a price that would matter to Riot would make it even more likely to be caught, and maybe land someone in prison. Screenshots are not okay (and aren’t happening).

          The game itself is probably fine. Most things are probably fine. The mods are absolutely more risky. And all of this is more risky than Vanguard.

          Part of it is also the high profile. Part of it is the attention and pushback.

          If you want real corporate spyware, check your car in your garage.

    • taiyang@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      7 months ago

      I thought it was weird when my investment portfolio started investing heavily into Bad Dragon. I’m remember to close those tabs next time I log in.

    • 🖖USS-Ethernet@startrek.website
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      This was my first thought. Why is Vangaurd interested in what games I play and how are they doing this when I don’t think they have anything to install on my PC?

  • Commiunism@lemmy.wtf
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    1
    ·
    edit-2
    7 months ago

    I’ve tried to see if this is real but I fail to find any source code leaks for Vanguard or if it has ever been leaked. The poster himself also doesn’t seem that credible unless your definition of credible is “THE TERROR OF RIOT GAMES”.

    Am I missing something or is this post likely just bullshit?

    EDIT: It’s does seem to be real, though in the same thread other people with higher reputation did chime in that it doesn’t take screenshots of your other monitors, just the one Valorant is on.

  • 9point6@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    7 months ago

    Every time you play a game that uses vanguard or every time you play any game?

    Both are bad, but one is way worse

    • The Uncanny Observer@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      9
      arrow-down
      1
      ·
      7 months ago

      I don’t play Valorant, so I can’t say. I do know, however, that it runs as a Windows service, so it’s always on and always keeping an eye on your system.

      • applepie@kbin.social
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        7 months ago

        Yeah BC why shouldn’t they know you enjoy Asian ladies with big titties!

        You aint got nothing to hide, or do you?!

    • bountygiver [any]@lemmy.ml
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      2
      ·
      7 months ago

      the code posted in the forum is only pointing out the capture and send to server function exists, but not what calls those functions, so still don’t know if it affects other games until they posted the full article as promised. Btw, taking screenshots as anticheat is not new, they use this to catch overlays/cheat application UIs

  • Serinus@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    21
    ·
    7 months ago

    Also any time you open a webpage in Windows, a nude photo is taken of you (whether you’re currently clothed or not) and posted on your mom’s Facebook.

    My source for this is the same as OP’s.

  • shininghero@kbin.social
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    7 months ago

    Intriguing.
    I don’t have any games that use Vanguard, but if I did, I’d be queuing them up for some TLS interception and analysis.

  • delirium@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    34
    ·
    7 months ago

    Many people criticize that, but I can’t really think of any non invasive solution to draw away cheaters, except making specialized device to play the game (sort of PS4 to play one single game only?), but pretty sure it won’t take long for cheat providers to crack it as well… Sadly.

    • Simon Müller@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      2
      ·
      edit-2
      7 months ago

      but I can’t really think of any non invasive solution to draw away cheaters

      Server-Side Anticheat. The Minecraft community has been doing it ALL ON THEIR OWN for YEARS, effectively.

      • psud@aussie.zone
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Yep, there are mods for Minecraft that warn you that certain of their functions will trigger anticheat if used on a server (so only use those features only in single player, where your server doesn’t care if you cheat)

      • delirium@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Pretty sure it’s crazy expensive on a large scale, I don’t think that people will pay monthly fee to keep playing apex/val/insert game. And more than sure these companies will try to force players to pay for it :/ Previously I had a small chat with aimlabs devs about application of neural networks for it (detecting weird patterns and irregularities, that what NNs are good at as well) but as I understood it would be expensive as well since obviously you want to run the model on your backend’s side… It’s and endless war between both sides without silver bullet ATM and I don’t really understand why people are so mad about my comment lol

        • Simon Müller@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Hypixel is fucking massive and finances this purely of off cosmetics for the most part, with Hypixel having developed their own custom server-side anticheat solution

          Oh, they also don’t use neural networks for this.

          • delirium@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            7 months ago

            They’re big but not even close to goliaths, their 24h online is at 40k more or less, which is nothing like CSGO or apex… Their all time high is less than apex daily active sadly.

            I’m not saying their system is bad, but I am saying that it is still not tested for a large scale though.

    • reddithalation@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      7 months ago

      server side anticheat is the only ultimate solution.

      all client side anticheat measures will have vulnerabilities that will be found and people will cheat. (look at DMA pci cards, for instance)

        • DerGottesknecht@feddit.de
          link
          fedilink
          English
          arrow-up
          7
          arrow-down
          2
          ·
          7 months ago

          Don’t send opponents location until they are visible for example. That way a wallhack won’t work.

        • reddithalation@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          5
          arrow-down
          2
          ·
          7 months ago

          it simply wouldn’t trust the client with anything the player shouldn’t know, to minimize cheating potential. valorant does this, and made a blog post about it. also, player movement could be analyzed server side to attempt to distiguish between cheating and legit.

          I think client side invasive anti cheat is likely more effective than this, but its a cat and mouse game. if the anticheat was server side and good, there isn’t anything to attack

          • Passerby6497@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            The problem is, most game devs are lazy and would rather offload the expensive compute required to catch cheaters onto the client instead of coming up with server side methods that work. I follow a game dev on youtube, and that’s one of the things he goes on about at times. Dude is a security researcher and had a lot of time doing that for Blizzard, so I’m pretty sure he knows his shit.

      • bountygiver [any]@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        edit-2
        7 months ago

        Also there’s a fundamental fog of war of what your anti-cheat can see. Valorant cheaters are using hardware cheats, that literally takes in a video output, analyzes it, and sends in mouse inputs, on a different computer, the anti-cheat straight up can’t see it, they only see there’s a video out and a mouse in. Ultimately, having physical access of a hardware and you can just tell the software whatever you want it to see.

    • Fubarberry@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      1
      ·
      7 months ago

      Kernel anticheat also doesn’t work, Valorant is full of cheaters, and Apex Legends players had their game remotely hacked installing cheat software mid tournament match. And an increasing number of cheats bypass the computer/console all together, and replace inputs to the computer to allow macros or aim-botting. Recently a monitor was announced for league of legends that will track enemy players movement and location for you from the video feed alone.

      The best way to prevent cheating are with good server side anticheat. Another possibility is that companies can offer secure computers through a live streaming service like Geforce Now, which would be more secure than kernel anticheat without any of the privacy issues.

      • ExperiencedWinter@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        7 months ago

        As far as I know there is no evidence to support the fact that the hack was installed remotely. It’s much more likely that it was a targeted attack where they gained access to the compromised system some other way, then waited for the tournament to act.

        But I agree with you that there is also plenty of evidence pointing to cheaters getting past kernel level anti cheat in games like valorant and continuing to cheat.

        • Fubarberry@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          7 months ago

          I’m not entirely clear, but it sounds like the hacked Apex games were on computers at different locations, which would make me think they were likely hacked remotely without physical access to the hardware. The hacker claimed he performed the hack by using a vulnerability in the game process, and that his hacking method only let him compromise the game and didn’t give him any access to the people’s PC itself. The developers said that it was EAC itself being exploited, but that the specific exploit shouldn’t allow him access to owner’s PC.

          The combination of statements makes me think this was a remote hack that exploited vulnerabilities in EAC/Apex Legends. Thankfully there seeming wasn’t an escalation to give full access to the PC, but considering the level of access that kernel anticheat has I would be very concerned about the possibility for any future hacks that compromise anticheat systems.

          • squidspinachfootball@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            7 months ago

            I might be ootl, but as far as we know, wasn’t EAC ruled out? I recall watching Pirate Software’s videos breaking everything down, and iirc, it was more likely that the individual computers were compromised at some point than it was remote code execution. Though it was still up in the air what the hacker could do, as they seemed to be able to send commands the server would accept (eg, gifting thousands of packs to steamers live on stream). Been a while since I watched, and the vids are also hours long so I don’t expect anyone else to sit through it, but here’s the first if anyone’s interested. Apex Legends Vulnerabilities - Breakdown and Interview

            • Fubarberry@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              1
              ·
              7 months ago

              I don’t know exactly, I was just referencing what was said in the article I linked above, which has quotes and statements linked from both the hacker and some apex/eac teams.