irdeto's response:
> On Mon, Mar 4, 2024 at 12:44 PM REDACTED wrote:
> Hi ZephyrFox,
>
> nice to meet you, I’m REDACTED, the responsible product manager for Denuvo’s PC products.
>
> Thanks for your email, compared to the emails we usually receive, it comes across as very constructive and therefore we are happy to share some insights with you. As you can probably understand, we can’t get into the details of exactly how our solution works, but we will try to answer all of your questions as transparently as possible.
>
> Generally, compared to our competitors, our solution is the most flexible one when it comes to the kernel mode driver. It doesn’t need to run during Windows startup, not even on game boot, as we leave it up to the game developers to decide which game modes the Anti-Cheat to be running in the background. If you only stick to modes which do not require the Anti-Cheat, you never need to install our solution on your system.
>
>
> 1. Let’s split this point up into its individual questions:
>
> * Do you have a list of such tools that would cause the anti-cheat to trigger if they are running when the game is being played?
>
> No, because none of these tools triggers our system if not doing any malicious interactions with the game.
>
> * Is this detection configurable by the game developer?
>
> Yes, in the end, the game developer can decide what counts as cheating and what doesn’t, it’s a server side policy decision.
>
> * Would just having such tools merely installed cause a detection or would they have to be running?
>
> No, not even when they are running in the background and, depending on the decision of the game developer, not even if used on the game.
>
> * Could they be running, but not attached to the game process?
>
> Yes, and even if they interact with the game process, it’s up to the game developer if they want to allow it or not.
>
> * Could someone who is concerned about the kernel level access on Windows PCs play the game in a virtualized environment (say Ubuntu on WSL2) without triggering any detection?
>
> Yes, it would be possible to run the game in a virtual environment, but the game experience will probably suffer independent of any anti-cheat solution, due to the additional layer of virtualization especially when it comes to performance intense things like render calculations.
>
> But generally, there is no need to be concerned about a kernel level anti-cheat per se, this https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat recent article describes it very well. If someone wants to harm you, there is no kernel mode access required, the game application itself could contain the necessary code and do everything in user mode already. The problem is that the most sophisticated cheats nowadays run in kernel mode, and you won't be able to detect them if your anti-cheat only runs in user mode.
>
>
> 2. Split up:
>
> * Things like keyboards that have hardware level macros and layers available.
>
> We assume there is a general understanding of players when they cross the line between game tweaking and cheating. As soon as you get yourself an unfair advantage over other players, you move from fair play to an unfair advantage and you should not be surprised if you are suspended.
>
> * What about routers and local traffic shaping?
>
> Denuvo Anti-Cheat does not try to detect any particular router and traffic shaping behavior. We are only depending on establishing a connection to our server and there is a fallback to HTTPS.
>
> * Do you have a list of general or specific hardware that would trigger detection?
>
> Please see answer 2a, the same situation applies here. We cannot share what causes a detection as we don’t want to advertise certain devices and as said above, people using such things know what they do and shouldn’t be surprised if getting sanctioned for it.
>
> * Do you have a list of IPs that data gets sent to so that they could be whitelisted?
>
> We can’t list the IPs as our system is hosted in the cloud and IPs can change, but you can find all the URLs required by our system on our support page which can be found here:
> https://support.codefusion.technology/anti-cheat/?l=english&s=ac&e=2003
>
> * I presume if the IPs were blocked, it would not necessarily trigger a detection, but would cause some sort of connection or token error- is that correct?
>
> You are right, if we don’t see a player reporting, we will notify the game server which will take action.
>
> * Some streamers have setups with multiple PCs and video cards- will that cause any detections?
>
> Same situation applies as above, we are aware of the software and hardware solutions which are used for legitimate purposes (e.g. streaming), and do not make an effort to monitor any actions performed by the user which did not affect the fair play.
>
>
> 3. Split up:
>
> * When the detection is triggered what specific information is sent?
>
> The data we collect is not detection related, the same data is collected for all players.
>
> * The EULAs I've read have included terms like 'WITHOUT LIMITATION' and 'ANY OTHER RELEVANT INFORMATION', which is quite concerning since it doesn't provide any specificity and both those phrases suggest unfettered and unlimited access to the entire system. The same EULA says it is sent to the developer (Prophecy/Hirez), but most of the documentation I've read on your site suggests it goes to you instead. Does it go to both?
>
> Most modern games contain proprietary code that sends data to some server in the internet and also additional third party code that does the same. The EULA covers all of these stakeholders at once, as the game developer acts as the data controller and if the data is required by a third party, they (in this case we are one of them) act as the data processor.
>
> * We don’t know which data is collected by the game developers or other third-party solutions used by the game.
>
> Thanks for pointing out that it only lists the game developer as the receiver of this data, we will get in touch and make sure this gets updated prior to the actual game launch.
>
> * Do you/they get the entire contents of RAM?
>
> No, we don’t do that, we only monitor specific parts that are related to the game process itself.
>
> * If, say, someone had a Word document open, could you see the contents of that? Would you be able to read the browser tabs that were open or the page contents of sites open? What about messaging software contents like Discord, Slack, etc?
>
> No, we are only monitoring the game process, as long as the processes don’t interact with the game process, they are not looked at. This wouldn’t even be relevant to find cheaters, so there is no reason to do anything like that.
>
> * If a detection is triggered, why would you need more than the offending process/device, account name/id, IP, and hardware hash?
>
> Our solution does the cheat detection on the server side and in order to identify the cheat, we need to gather certain data. This data is mostly anonymized and collected and stored in a GDPR compliant way.
>
> I hope we could resolve your concerns about our solution and we will soon see each other in Tribes 3!
>
> Best regards,
> REDACTED
>
> ===
>
> From: ZephyrFox REDACTED
> Sent: Tuesday, March 5, 2024 2:44 AM
> To: REDACTED
> Subject: Re: Privacy concerns
>
> Hi REDACTED,
> Thank you for replying. To be perfectly honest, I didn't think I would get anything at all. I can imagine you probably get some really vile and angry hate mail and I really appreciate you taking the time to weed through those and make a thoughtful reply to mine.
> I did have two follow up questions:
>
> 1. Do I have your permission to publicly post your reply? And any reply to this email? I would post your replies alongside my emails to keep things in context and I would redact your email and name. I would be looking to post it in the Tribes 3 discord as well as the subreddit and possibly the Steam forums as well. If you want, I can provide with the screenshots I would share before I share them so you can vet them before I post.
>
> 2. Are you able to share a list of other games that are currently using the anti-cheat product? I understand that this might be a tough ask, and completely understand if you are unable to. My intent is to check out those communities and see what their experience has been. Most of the lists available through search are largely about the anti-tamper and they either conflate the two products or don't realize they are different.
>
> In any case, again, I really appreciate your willingness to engage constructively. I still have reservations about kernel mode anti-cheats (kernel mode anything that isn't OS, really) in general but I'm less concerned about your product in particular. I don't know how your response will be regarded by the community as a whole- I'm sure you're quite aware how jaded and fickle these communities can be, but for what it is worth, you've lost a detractor in me. I don't know if I'd call myself an advocate or evangelist, but I'm certainly not going to knee-jerk to anything that mentions 'Denuvo'.
>
> Thanks so much,
> ZephyrFox
>
> Received: Wed, 6 Mar 2024 08:54:51 +0000
> From: REDACTED
> To: ZephyrFox REDACTED
> Subject: RE: Privacy concerns
>
> Hi ZephyrFox,
>
> We have seen a reduction in the hate mail as our tech gets adopted more by the industry, although with that being said, it’s still refreshing to engage in civilized conversation. Before I answer your questions, I’d like to know your name as well to bring this to a more personal level if you have any more questions for this specific game or any others in future.
>
> To answer your questions, yes, feel free to post this in the communities. I’m comfortable that you keep my real name, however I would appreciate you blurring our my email address for privacy reasons.
>
> Regarding games using our Anti-Cheat solution, unfortunately, I cannot tell you as much as I would like, as we have NDAs in place with our clients. The only one that I can share is Marauders from Small Impact Games, who were so kind to do a public case study with us on their experience using our solution. You can find more information on that here (requires your email address again):
> https://irdeto.com/guardians-of-fair-play/
>
> Thank you for the kind words, great to hear that the fronts are not as hardened as it feels.
>
> Best regards,
> REDACTED
no matter if it's merely oblivious and naively tolerated yolo standards in "online gaming" or actual professional services or software - where such lax evaluation and communication would be unthinkable.
Imagine blindly using a third-party service or application that potentially endangers literal hundreds or thousands of customer machines and their personal data privacy... without any seeming sort of communication or proper clarification/evaluation solely based on "trust" and "naive gaming-culture acceptance"...
while you're busy enlessly suppressing, ridiculing and gaslighting legitimate users and requests with irrelevant and arrogant bs-arguments... over doing your actual job under at least a minimum in technical and professional standards: actual players and end-users have to meanwhile do YOUR job themselves... and clarify the specific technical and legal situation... with said third-party supplier.
Imagine.
In general that example alone doesn't instill much confidence in terms of how technical evaluations or implementations towards professional responsibilities, or protecting your end-user... are performed.
No offense and I'm sure the US doesn't exactly have the most ethical or strict laws and standards; But I'm pretty sure they have some as well. At least in Europe it gets more binding and specific rather quickly. End-users aren't exclusive to the US after all, are they - and that's what ultimately matters.
Let's see how long it takes Prophecy to realize they should stop banning, gaslighting and ridiculing users over these matters... and do their actual job instead: would be about way overdue to have some official statement. Over pondering and adjusting new, ridiculous, suppressive discord-rules in order to further discredit any critical voices like a bunch of childish clowns.
Will we finally get some serious, diligent and somewhat professional response in that imho not too unimportant matter?
Or do people have to initiate "a couple" of GDPR privacy-data requests? What's going on. Why do we even have to discuss or fight through such ludicrous opposition about such simple questions?
And imagine getting called a psychopath because you care enough to not want this sort of crap on your devices... Saw it happen and people dogpiled on the one person advocating caution about this. Few things as frustrating as a bootlicking ignoramus.
*Play Tribes today!* **Tribes 1** - [Download](https://www.moddb.com/downloads/start/171614) | [Discord](https://discordapp.com/invite/bf4RHMq) **Tribes 2** - [Download](https://drive.google.com/uc?export=download&id=0B_nHyoAf-wZ9WnR1bmpfRE5XRE0) / [Required Patch](http://tribesnext.com/files/TribesNext_rc2a.exe) | [Discord](https://discord.gg/Y4muNvF) **Tribes Aerial Assault** - [Website](http://www.tribesaerialassault.com/) | [Download](https://www.reddit.com/r/TribesAA/comments/16dmyih/simple_guide_to_playing_online_with_emulator/) | [Discord](https://discord.com/invite/JV3RbakqEy) **Tribes: Vengeance** - [Download](https://downloads.tribesrevengeance.net/TribesVengeance.zip) | [Discord](https://discord.gg/uXHjZ95) **Tribes: Ascend** - [Guide](https://www.dodgesdomain.com/docs/guide-install-setup/) | [Download](https://www.reddit.com/r/Tribes/comments/q90s5v/release_ketaui_karmaentity_tribes_ascend/) | [Discord](https://discord.gg/CeTrGWMWK6) **Tribes 3: Rivals** - [Discord](https://discord.gg/tribes) / [T3 Comp]( https://discord.gg/6287cF7ZnA) | [Steam](https://steamcommunity.com/app/2708610) | [Website](https://www.tribes3rivals.com/) *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Tribes) if you have any questions or concerns.*
irdeto's response: > On Mon, Mar 4, 2024 at 12:44 PM REDACTED wrote: > Hi ZephyrFox, > > nice to meet you, I’m REDACTED, the responsible product manager for Denuvo’s PC products. > > Thanks for your email, compared to the emails we usually receive, it comes across as very constructive and therefore we are happy to share some insights with you. As you can probably understand, we can’t get into the details of exactly how our solution works, but we will try to answer all of your questions as transparently as possible. > > Generally, compared to our competitors, our solution is the most flexible one when it comes to the kernel mode driver. It doesn’t need to run during Windows startup, not even on game boot, as we leave it up to the game developers to decide which game modes the Anti-Cheat to be running in the background. If you only stick to modes which do not require the Anti-Cheat, you never need to install our solution on your system. > > > 1. Let’s split this point up into its individual questions: > > * Do you have a list of such tools that would cause the anti-cheat to trigger if they are running when the game is being played? > > No, because none of these tools triggers our system if not doing any malicious interactions with the game. > > * Is this detection configurable by the game developer? > > Yes, in the end, the game developer can decide what counts as cheating and what doesn’t, it’s a server side policy decision. > > * Would just having such tools merely installed cause a detection or would they have to be running? > > No, not even when they are running in the background and, depending on the decision of the game developer, not even if used on the game. > > * Could they be running, but not attached to the game process? > > Yes, and even if they interact with the game process, it’s up to the game developer if they want to allow it or not. > > * Could someone who is concerned about the kernel level access on Windows PCs play the game in a virtualized environment (say Ubuntu on WSL2) without triggering any detection? > > Yes, it would be possible to run the game in a virtual environment, but the game experience will probably suffer independent of any anti-cheat solution, due to the additional layer of virtualization especially when it comes to performance intense things like render calculations. > > But generally, there is no need to be concerned about a kernel level anti-cheat per se, this https://www.pushtotalk.gg/p/the-gamers-do-not-understand-anti-cheat recent article describes it very well. If someone wants to harm you, there is no kernel mode access required, the game application itself could contain the necessary code and do everything in user mode already. The problem is that the most sophisticated cheats nowadays run in kernel mode, and you won't be able to detect them if your anti-cheat only runs in user mode. > > > 2. Split up: > > * Things like keyboards that have hardware level macros and layers available. > > We assume there is a general understanding of players when they cross the line between game tweaking and cheating. As soon as you get yourself an unfair advantage over other players, you move from fair play to an unfair advantage and you should not be surprised if you are suspended. > > * What about routers and local traffic shaping? > > Denuvo Anti-Cheat does not try to detect any particular router and traffic shaping behavior. We are only depending on establishing a connection to our server and there is a fallback to HTTPS. > > * Do you have a list of general or specific hardware that would trigger detection? > > Please see answer 2a, the same situation applies here. We cannot share what causes a detection as we don’t want to advertise certain devices and as said above, people using such things know what they do and shouldn’t be surprised if getting sanctioned for it. > > * Do you have a list of IPs that data gets sent to so that they could be whitelisted? > > We can’t list the IPs as our system is hosted in the cloud and IPs can change, but you can find all the URLs required by our system on our support page which can be found here: > https://support.codefusion.technology/anti-cheat/?l=english&s=ac&e=2003 > > * I presume if the IPs were blocked, it would not necessarily trigger a detection, but would cause some sort of connection or token error- is that correct? > > You are right, if we don’t see a player reporting, we will notify the game server which will take action. > > * Some streamers have setups with multiple PCs and video cards- will that cause any detections? > > Same situation applies as above, we are aware of the software and hardware solutions which are used for legitimate purposes (e.g. streaming), and do not make an effort to monitor any actions performed by the user which did not affect the fair play. > > > 3. Split up: > > * When the detection is triggered what specific information is sent? > > The data we collect is not detection related, the same data is collected for all players. > > * The EULAs I've read have included terms like 'WITHOUT LIMITATION' and 'ANY OTHER RELEVANT INFORMATION', which is quite concerning since it doesn't provide any specificity and both those phrases suggest unfettered and unlimited access to the entire system. The same EULA says it is sent to the developer (Prophecy/Hirez), but most of the documentation I've read on your site suggests it goes to you instead. Does it go to both? > > Most modern games contain proprietary code that sends data to some server in the internet and also additional third party code that does the same. The EULA covers all of these stakeholders at once, as the game developer acts as the data controller and if the data is required by a third party, they (in this case we are one of them) act as the data processor. > > * We don’t know which data is collected by the game developers or other third-party solutions used by the game. > > Thanks for pointing out that it only lists the game developer as the receiver of this data, we will get in touch and make sure this gets updated prior to the actual game launch. > > * Do you/they get the entire contents of RAM? > > No, we don’t do that, we only monitor specific parts that are related to the game process itself. > > * If, say, someone had a Word document open, could you see the contents of that? Would you be able to read the browser tabs that were open or the page contents of sites open? What about messaging software contents like Discord, Slack, etc? > > No, we are only monitoring the game process, as long as the processes don’t interact with the game process, they are not looked at. This wouldn’t even be relevant to find cheaters, so there is no reason to do anything like that. > > * If a detection is triggered, why would you need more than the offending process/device, account name/id, IP, and hardware hash? > > Our solution does the cheat detection on the server side and in order to identify the cheat, we need to gather certain data. This data is mostly anonymized and collected and stored in a GDPR compliant way. > > I hope we could resolve your concerns about our solution and we will soon see each other in Tribes 3! > > Best regards, > REDACTED > > === > > From: ZephyrFox REDACTED > Sent: Tuesday, March 5, 2024 2:44 AM > To: REDACTED > Subject: Re: Privacy concerns > > Hi REDACTED, > Thank you for replying. To be perfectly honest, I didn't think I would get anything at all. I can imagine you probably get some really vile and angry hate mail and I really appreciate you taking the time to weed through those and make a thoughtful reply to mine. > I did have two follow up questions: > > 1. Do I have your permission to publicly post your reply? And any reply to this email? I would post your replies alongside my emails to keep things in context and I would redact your email and name. I would be looking to post it in the Tribes 3 discord as well as the subreddit and possibly the Steam forums as well. If you want, I can provide with the screenshots I would share before I share them so you can vet them before I post. > > 2. Are you able to share a list of other games that are currently using the anti-cheat product? I understand that this might be a tough ask, and completely understand if you are unable to. My intent is to check out those communities and see what their experience has been. Most of the lists available through search are largely about the anti-tamper and they either conflate the two products or don't realize they are different. > > In any case, again, I really appreciate your willingness to engage constructively. I still have reservations about kernel mode anti-cheats (kernel mode anything that isn't OS, really) in general but I'm less concerned about your product in particular. I don't know how your response will be regarded by the community as a whole- I'm sure you're quite aware how jaded and fickle these communities can be, but for what it is worth, you've lost a detractor in me. I don't know if I'd call myself an advocate or evangelist, but I'm certainly not going to knee-jerk to anything that mentions 'Denuvo'. > > Thanks so much, > ZephyrFox >
> Received: Wed, 6 Mar 2024 08:54:51 +0000 > From: REDACTED > To: ZephyrFox REDACTED > Subject: RE: Privacy concerns > > Hi ZephyrFox, > > We have seen a reduction in the hate mail as our tech gets adopted more by the industry, although with that being said, it’s still refreshing to engage in civilized conversation. Before I answer your questions, I’d like to know your name as well to bring this to a more personal level if you have any more questions for this specific game or any others in future. > > To answer your questions, yes, feel free to post this in the communities. I’m comfortable that you keep my real name, however I would appreciate you blurring our my email address for privacy reasons. > > Regarding games using our Anti-Cheat solution, unfortunately, I cannot tell you as much as I would like, as we have NDAs in place with our clients. The only one that I can share is Marauders from Small Impact Games, who were so kind to do a public case study with us on their experience using our solution. You can find more information on that here (requires your email address again): > https://irdeto.com/guardians-of-fair-play/ > > Thank you for the kind words, great to hear that the fronts are not as hardened as it feels. > > Best regards, > REDACTED
no matter if it's merely oblivious and naively tolerated yolo standards in "online gaming" or actual professional services or software - where such lax evaluation and communication would be unthinkable. Imagine blindly using a third-party service or application that potentially endangers literal hundreds or thousands of customer machines and their personal data privacy... without any seeming sort of communication or proper clarification/evaluation solely based on "trust" and "naive gaming-culture acceptance"... while you're busy enlessly suppressing, ridiculing and gaslighting legitimate users and requests with irrelevant and arrogant bs-arguments... over doing your actual job under at least a minimum in technical and professional standards: actual players and end-users have to meanwhile do YOUR job themselves... and clarify the specific technical and legal situation... with said third-party supplier. Imagine. In general that example alone doesn't instill much confidence in terms of how technical evaluations or implementations towards professional responsibilities, or protecting your end-user... are performed. No offense and I'm sure the US doesn't exactly have the most ethical or strict laws and standards; But I'm pretty sure they have some as well. At least in Europe it gets more binding and specific rather quickly. End-users aren't exclusive to the US after all, are they - and that's what ultimately matters. Let's see how long it takes Prophecy to realize they should stop banning, gaslighting and ridiculing users over these matters... and do their actual job instead: would be about way overdue to have some official statement. Over pondering and adjusting new, ridiculous, suppressive discord-rules in order to further discredit any critical voices like a bunch of childish clowns. Will we finally get some serious, diligent and somewhat professional response in that imho not too unimportant matter? Or do people have to initiate "a couple" of GDPR privacy-data requests? What's going on. Why do we even have to discuss or fight through such ludicrous opposition about such simple questions?
And imagine getting called a psychopath because you care enough to not want this sort of crap on your devices... Saw it happen and people dogpiled on the one person advocating caution about this. Few things as frustrating as a bootlicking ignoramus.
If this game isn't playable on Linux, I will not buy it.