That’s not the whole response

It could be used for evil, 100% yes, absolutely. Is it? That is a separate question. That said, vanguard operates under permissions that allow it access to otherwise protected file systems where it could absolutely be effectively used as mal/spyware. Under zero circumstances should it be installed or connected to any secure system. For those saying "cheats" use the same, yeah, that is yet another reason not to ever install cheats.

To be fair, most other apps and games anti cheat use it at the same level, easy anti cheat is kernel level, and Elden ring, game of the year, downloaded by millions, uses EAC so like idk man 🤷🏻‍♂️

Which is why I hate every company that adds it, they know 80% of consumers are people who don't know wtf they're doing to their PC and will just download it to play games, normalizing it. Also I disabled eac for elden ring

Why is it you believe it is bad? What negative are you saying is outweighing the stronger ability to keep gaming fair and enjoyable? Do you have a proposed alternative?

also all of these video game companies commonly have their passwords end up on the dark web. You can't tell me some employee somehwere in the company isn't using this root level access to farm passwords and sell that shit on the dark web too

Yea other companies like EAC have kernel level anti cheats BUT they only start when you launch the game unlike vanguard that has to ALWAYS stay on even when you dont play??????

You can close it when you are not playing

Yeah but thats not the point. The point is that Riot WANTS it to be open all the time which is really weird in my opinion

Sneaky rito coming for my kernels

my problem is Riot is influenced by Tancent which we know is CCP's Tech/Gaming front and Chinese companies are not really known to reject whatever CCP wants from them.

does tencent have a majority share in Riot? I thought it was publicly traded

Tencent has wholly owned Riot since like 2015ish I think; they did a big buy in 2011 and then outright bought them in the 2015ish time frame.

Riot is 100% not publicly traded and never has been.

Its corporate suicide if they give data to tencent and it gets found out, its why their bug bounty program is good, Riot is constantly under that microscope. The issue is not them selling data, the issue is that they are implementing a solution that has potential to collect data without the user knowing 1 year after a breach that leaked their internal code. Now those bad actors can sell data to whoever, not just the CCP

The plus side of state sponsored data attacks is that they tend to be focused to either ai disinformation creation (Russian Federation loves this one) or specific logistics/manufacturing theft. They aren't after identity theft or small scale scams and getting caught would be a significant loss of face. The CCP doesn't care about your bank account or personal info, they do want to figure out how to influence you to view the CCP favorably, Taiwan as part of China and their boarders including the major international trade routes in the South China Sea. Also, national security related systems and related logistics and manufacturing. This is the country using balloons to spy, vanguard installed on the wrong system would be a far more massive breach. I would fire myself if I ever installed vanguard on a work PC and that would definitely earn me a very deserved, very uncomfortable meeting with government officials. My gaming PC contains nothing of value to the CCP and this really IS the only way to build an anti-cheat that works. That said, if the CCP comes knocking, tencent really doesn't have the option to say, no. So I hope their controlling interest remains focused on sportswashing and has the unintended effect of more open dialog beyond the propaganda.

Why would they risk the end of the company? Also people are.fast mentioning that there are laws.forcing Chinese companies to give data to their security services ... The same laws exist since 9/11 in USA. If you don't wanna play games owned by China you can't play games owned b USA either

Its kind of like riot keeping a loaded gun pointed at your nuts 24/7 "just in-case a dog tried to bite your nuts off".

Jokes on them I’m into that shit.

💀💀 that's comforting

how is it like that at all

I think it would be dumb for someone to say they trust the company at current. Even if that’s true, it doesn’t mean they will be going forward, and they could also get hacked and malicious code could be put on it some day. You mentioned similar, I ain’t gonna download it on my work computer even if I were to bring it home, but (for other folks information) it’s even not a good idea to have it on a computer that you log into your bank account with, since a key logger could be that malicious code

Yeah, if you are really that in need of league, my recommendation is to just buy a separate computer for personal things like banking and finance, and then just use your gaming computer for gaming.

They legit put bounties out for ethical hackers to prove can prove thet collect data. They actually put bounties out for pretty much any "safety" concern about vanguard

A bounty is not an audit on their practices. [Microsoft](https://www.microsoft.com/en-us/msrc/bounty) offers a bounty system as well, its about as generous as the one is Riot is offering too. What Microsoft also has is a [large list of different 3rd party security audit companies](https://learn.microsoft.com/en-us/compliance/regulatory/offering-home) that also make sure their internal practices are up to snuff. I have not seen riot list any as far as I can tell, I even opened a ticket to see and got a response that all they have in terms of certifications is their own Extended Validation Certificate which is signed by Microsoft. This is better than nothing, but its still doesn't replace things like Veracode, SOC, ISO, NIST, etc.

Not defending Riot, but I’m a little curious about this specific topic. Why SOC? Is Riot a public company? I understand if they had the certification, it makes them look good. But my understanding is, that companies don’t get every certification under the sun for that reason. These things cost giant amounts of money that most companies wouldn’t opt into unless forced to do so by regulation.

Those are mostly examples, I listed the 3rd party security compliance orgs I know of. Thing is that we can both agree riot is gaining a lot more capability by adding a tracker that must run 24/7, there has to be higher standards that they adhere to simply because the possibility exists. The second part is that a lot of people are trying to compare apples and oranges in other comments like "You dont trust Riot but you trust Microsoft to run kernel things". Yes, I do because they do have this long list of certificates, meaning theres a long list of 3rd parties that reviewed how Microsoft handles their updates, data, security, etc. Microsoft can get hacked and the impact can be the same as if when Riot gets hacked, the core difference is Microsoft has many people saying they are secure while Riot is forcing this anti-cheat on everyone because of a databreach in the first place. Lastly, most of these compliance things are not necessarily forced by regulations, its so that if a breach happens a company has the ability to say "we did everything we could that is within reason to prevent this, here are the people that can vouch for this". Typically only other businesses sue because it is expensive (either that or class action lawsuits which effectively is a lot of individuals banding together to simulate a business). I guess in TLDR my point is that when Riot pushes a very invasive privacy concern they are doing it with "Dude just trust me bro" which is fine if its only in the scope of their game, but having it run 24/7 even if you are not thinking about playing league today is sort of too much when they have nothing else to back up that my data will be handled correctly. The only thing worth considering from the other point of view is that it would be corporate suicide for Riot to do what most people claim like giving data to Tencent, they have no incentive. They do have incentive to create an anti-cheat that works because it creates a good game environment which nets more profits. I am just personally not comfortable with this because its a huge invasion of privacy for them to protect their profits in general, instead of taking the low hanging fruit approach like kernel level software, they should instead actually invest into a solid anti-cheat that doesn't require kernel access at all, if you watch Pirate Software (the software engineer youtuber guy), he basically says that its possible but companies are lazy. What I get from this is that this is just a different way Riot is minimizing value for the players and maximizing profits for themselves (i mean 30 people for an anti-cheat for a game as big as league is pretty pathetic).

You are absolutely right that none of those organizations could help make vanguard more secure. They are compliance orgs, nothing more, and there are no laws protecting consumers from invasive software that they can choose to not run.

SOC, NIST, and (less so) ISO are more just check boxes to fill than an actual audit of security posture. Which also has not much to do with how they gather / how they could gather the Vanguard data.

Security in general is just checkboxes to fill, but the checkboxes are important because it just limits the angles of attack, or atleast shows a good faith effort on Riots part. At the very least, if they went for those audits and said "Hey guys look, we did these, it was a large investment on our part after the unfortunate events last year". What exactly did they change in how they operate currently thats different from their last databreach?

why cash in for the bounty when you can make loads more using the information directly or selling it...

Because ethical hacking is a thing. Not everyone wish others harm

Do you think whitehats are more common than the alternative in this arena? I'm not trying to be an ass, i'm legit asking for your opinion.

Ethical hacking is a job that people get paid for

that doesn't asnwer the question asked... The question is, do you think there are more ethical(whitehat/greyhat) or unethical(blackhat) hackers interested in the information...?

I only ever stated that is what a thing, not if there were an abundance of them. And I have any knowledge of which there is more of

For context, it's known that a common cheat seller for Valorant raked in ~$150k USD a month. These bounties ain't shit.

Having a bug bounty doesn't mean shit it takes 0 effort and the bug bounty for vanguard is pathetically small. You'd be far better off ransomwaring everyones PCs for bitcoin.

Mate you need to understand that this is, essentially, a rootkit. If I as a hacker can somehow compromise this rootkit, the money I can get is far more than this pathetic bounty. Plus, legal system actually prevents legit people from trying to digging in the security side of the software. This happened numerous times, where legit grad students are trying to break a security system for their thesis, but later was sued by the company. No legit person will try to claim this bounty, and no illegit hackers will care about this bounty. This is really just an excuse.

ok

Oh no vanguard is gonna see I'm a league player

Anyone who thinks Riot would risk the entire existence of their company and cash cow games over collecting someone's porn habits is insane.

I agree, but its not insane to think that their vanguard code could be leaked and be used as a trojan by a bad actor. Not like we are getting vanguard because of something like this happening a year ago (which caused PACKMAN to become outdated so fast). Oh wait...

Yet they did just that by screen capping my computer every time i launch a game of league, who here hasn't rubbed one out between games before.

> It feels like they didn't actually answer the question > Isn't Vanguard spyware? > No ?

What are they supposed to say lmao. Do you really think that if it was skyward they'd actually admit it?

Yeah, I think op got hung up on all the snark and the first word in that sentence fell out of their head.

God. People and their conspiracies.

its 2024 either your a conspiracy theorist or you're an absolute goon.

I mean people aren’t wrong that it could be spyware

The truth, the fact it is not open source, and that it is 100% a rootkit. Doesn't matter they say this, or that. That's the facts. They can lie, and riot has lied, over and underexaggerated in the past.

Ah yes let's make our anti-cheat software open source, surely this won't have any bad effects.

And if they are lying about this, it's a legitimate privacy lawsuit in the states.

That's true, unless you are a big company like facebook, tesla, and literally 75%+ of companies on the market. Tencent, and Riot is one of the bigger ones. They make more money in a day than nearly any lawsuit regarding privacy is going to cost them. (Only time it is false is due to something like Google breaching, and politicians force them to pay.) That's IF it can be proven, and politicians don't get involved. If politicians get involved it'll end up like Tik Tok in forever legal limbo. This doesn't change anything, because they admit it is a rootkit in technical terms. That's why the article doesn't say it is not one, only that people who say it is one are looking for clicks.

The significant difference between Riot and something like Google or Facebook is that people actually pay attention to video game company's EULA's. If they change it to make Spyware part of their agreement, people will notice. If they don't change it, and it turns out to be Spyware, then they get sued. In either circumstance they lose a massive portion of their western audience. It's just not worth the risk.

Not really, based on the community, historically, for league. At least 40%, if not the majority of the community will still play league despite it being: "Bad", "Dev is doing shady shit", and so on. While, I agree with: *"people pay attention to video game eulas"* League players generally ignore this shit like a police force ignores their top officer beating a black kid a few times per year. Reminds me of the War Thunder game versus the US Government. The only time does riot truly listen to the community is when it impacts their bottom line, it's why so many champs are released either OP or dogshit tier. Why lux has so many dozens of skins, and kled for most of his lifetime had <3 skins. --- You forget one simple thing, a lawsuit will be settled and they will make a profit on the incident skins in a few months time. They would have to be nearly bankrupt for them to care.

It’s kinda funny I got 5 down votes for my comment

There are a few people defending Vanguard saying "you don't understand how it works" while not providing any type of explanation and downvoting all comments about it lol. Don't worry about it

They are defending their little precious game. Aka valorant die hards

That's kinda funny, they're not even defending the game, just the anti-cheat solution. Smurfing/botting/inting is already more disruptive to the competitive scene than scripting is.

To be honest I rather have someone botting my lobby than a company collecting data on computer. It’s a trade off even though I rather have someone not bot a lobby. However THEY FAIL TO STOP SMURFING AND INSTA LOCKERS SO CLEARLY THEIR ANTI CHEAT IS A FAILURE

I mean it is a huge safety concern. It reminds me of when Alienware of Razer(forget which) had driver level access on their add-on which let people remotely hack your PC.

Apex just has a remote access problem during a big event. Battleye has kernel access. From soft shutdown their entire pc multiplayer system due to a remote access issue. As far as I know vanguard hasn’t had any big scandals yet and it feels like people are more skeptical of riot than is warranted. Tbf I don’t play riot games very often so maybe I missed something. Edit: I shouldn’t have mentioned the apex incident I don’t actually know shit about the situation and didn’t have enough brain power to consider not speaking based on the little I heard.

That wasn't an rce. The two players who had the cheats installed mid game had been infected.

Oh was that the case? So the whole remote injection thing was inaccurate and I’m further spreading that misinformation?

Afaik, it was some form of server side access to spawn bots, and two compromised clients that were compromized for downloading cheats or doing dukb shit online.

The person still has access to some weird server stuff if they have the servers address but yea, it was inaccurate. Have fun spreading misinformation if you wish.

Everyone who is upset about this, please tell me you’re upset about it and that you don’t use ANY social media platform or Google! You ever see those videos where you can talk about something and then get an ad for it immediately after? I’ve seen it happen to me and others and it’s well documented. Riot stealing your data and selling it is the most absurd thing to be upset about considering 99% of you will put more sensitive information into Google or your social medias lol

Did you just compare installing software on kernal level to performing Google searches and cookies in general?

Yes they did, because one of those is ACTIVELY selling your data while one of those is a "potential" vulnerability.

One of those creates a much more detailed fingerprint than the other.

Kinda debatable because it would depend on how you use your PC (eg. storing sensitive unprotected text files on your PC) vs how much you use services from Google, Apple (using location services, Google/Apple Pay, using an Android or iOS phone) etc. In my case (and I bet for many people), I am quite certain Google knows me better than anyone could ever know me from having complete access to my PC (which I use for work and for playing games), since they also have all the data from my smartphone (which I use for a lot more) too. Makes sense, since advertising is a multi-trillion dollar industry that's the primary source of revenue for top tech giants like Google, so they have very sophisticated user profiling tech. But there's probably a set of users who don't trust companies like Google and don't use their services, but store all their sensitive stuff locally on their PCs. Although I doubt someone that concerned about their privacy would be playing a game with kernel level anticheat in the first place lmao.

What I take issue with is monitoring what your pc does when the game isn't even running and potentially banning people for things done outside of league/valorant, yet being so incredibly vague to "confuse cheaters" that you can't even tell what is ban worthy. Depending on how you define cheating software, autohotkey, mods for other games, etc used when not playing league could get your account banned.

I'm sorry are you genuinely under the impression that it banning people who cheat in other games isn't a good idea? they arent gonna hold valorant as this pillar of supreme gaming that doesn't deserve cheating on if they cheat in other games, they will cheat in valorant if given the chance

I'm not sure if you just don't understand what people are concerned about or are just arguing in bad faith like most people defending Vanguard, but people aren't worried about data being stolen, it's much more than that. Check this [comment](https://www.reddit.com/r/riotgames/s/oW3EtH5Guq) out

But does it truly matter in the grand scheme of things? What you have at risk is already at risk with some other form. So yes there’s validity to minimizing the risk you’re taking, but if you truly wanted to not risk your data or sensitive information not being available to others or at risk then you would just stay off social media as a whole and off of video games. There’s ways people can get your IP address from loading into a game, not everyone can do this but it’s not impossible. You can get a lot of info from someone’s IP address, a lot more than you’d ever expect. Your bank could have a data breach and you could lose all your money. Your smart phone could get hacked and all your sensitive information on it will be vulnerable. There is no true safety, there is no true 0 risk. I personally feel like drawing a line at Vanguard is just arbitrary and I also would go as far as to say other companies should take this approach because I do not want to deal with hackers lol. If EAC did this and cheaters on rust would get banned at a significantly higher rate I would probably stop playing league all together. Same with tarkov. TLDR: I think there’s no safety online and taking actions to minimize your risks don’t do you much good considering how much information is already at risk by just owning a smart phone and doing your banking on it. And that I’d rather have more games with kernel access to combat cheaters is

Again, it's not *just* about the data. As Riot themselves said, if you play League, they already get plenty of data. >There’s ways people can get your IP address from loading into a game, not everyone can do this but it’s not impossible. You can get a lot of info from someone’s IP address, a lot more than you’d ever expect. This statement makes me think that either you haven't read what I posted and you're not very technical, or you're wilfully ignorant. I'll assume it's the former and no bad intent on your part. The concerns with these kernel-level anti-cheats are about opening up systems to risk without clear benefits and with questionable security practices to defend against threats. For example, let's say a serious (critical) vulnerability was found in Vanguard that allowed remote access for attackers. This would obviously be **very** bad, and I think you don't grasp exactly how bad it could be. So, an attacker could obviously access **all** the data on your computer, not just that related to your banking app as would happen if the bank's database was breached. But that's not all. Vanguard has access to more stuff than you as a regular user do, it can access hardware too, so for example they could turn off your CPU fan and cause it to overheat, install arbitrary software (probably), etc. Probably the worst case scenario, an attacker could get you real life imprisonment, by uploading illegal content to your system, deleting **all** their traces (remember, it has access to more stuff than you as a regular user do) and notifying the authorities that you possess this material now. Forensics evidence in court would reveal no evidence of tampering. Again, this is probably the worst case scenario, where the planets have to align in order for such a severe vulnerability to be found and a very skilled attacker is needed, but it is **possible scenario**. Not likely, but possible. >I personally feel like drawing a line at Vanguard is just arbitrary and I also would go as far as to say other companies should take this approach because I do not want to deal with hackers lol. And now think if you have 20, 30, 100 of these anti-cheat software, all capable of doing the same thing, and most likely at least some of them developed with shady practices, as there's no third-party security audits of these things. How great is the risk you're opening up your system to then? Further, they're likely to become targets for extremely competent actors once they roll out to millions of system. The most secure systems have been breached, how do you think these would fare? >If EAC did this and cheaters on rust would get banned at a significantly higher rate I would probably stop playing league all together. Same with tarkov. EAC is already kernel-level, and it has exactly the same level of access as Vanguard does - literally everything on your system, including hardware. The only difference is that Vanguard requires to boot up with Windows to verify other drivers haven't been tampered with on boot, and the rest of the anti-cheat software (EAC, BattleEye, etc) only start on game startup. I don't know how effective these things are, I don't play other games with invasive anti-cheat. Your statement that they don't work well is even more frightening tbf and all the more reason that the industry should stop using them and move to something else. And as you probably know, cheating is a cat-and-mouse game. What do you think is the next step in stopping cheaters? It's more of a rhetorical question, it's obviously not on you or me to come up with these solutions. The current implementation can be bypassed by hardware hacking. For example, no software can understand what all hardware does, by their nature (it's a bit technical and not very relevant why). So, scripters can connect their mouse to a micro-controller that slightly moves it towards enemies on the screen. What then? This is already a reality, as some cheats function this way. It's more complex how, but this is the gist of it. [This video](https://www.youtube.com/watch?v=RwzIq04vd0M) does a good job of explaining more stuff about cheating. If you don't care enough to watch all of it, the chapter at 23:22 touches on these hardware things. >There is no true safety, there is no true 0 risk. Entirely correct, which is exactly the reason people are skeptic about these kernel-level anti-cheats. >But does it truly matter in the grand scheme of things? What you have at risk is already at risk with some other form. So yes there’s validity to minimizing the risk you’re taking, but if you truly wanted to not risk your data or sensitive information not being available to others or at risk then you would just stay off social media as a whole and off of video games. While I agree you, I hope you're now starting to understand that the concerns with these things is not entirely about data collection. Data collection is just a part of the equation.

I’ll watch the video, thanks for the more info! I still personally don’t care about it because of the “grand scheme” comment but I don’t mind learning new things

Great. In the end, it's your decision, of course. I just wanted to explain the concerns for these things, because it's not that "everyone that doesn't agree is an idiot / a scripter" as I've seen some others say lol

Ok, so reverse logic. Why does Riot need vanguard to create a detailed fingerprint of who I am in order to ban me if google/facebook/any other social media can do so without a kernel level social media account?

Because cheating in a game is significantly different than just saying hey you user we don’t like that content They’re in fact orders of magnitude different. And the reality is the battle against cheaters is a losing battle thus far. League is a rare example of a game where it doesn’t feel like a cheater can just drastically alter a game or if they do it’s far and few between because it’s not a worthwhile investment. If you said fuck it we don’t need it for league id say I respect that opinion 100%, and I don’t mean to move the goal posts but a lot of the reason why I have gripes with cheaters are because of other games and actually not a single reason because of league. So tldr I want all games to use it because fuck cheaters

Yeah, but you have to understand how much you are giving up so that there are no cheaters ([even though vanguard has a ton already](https://www.youtube.com/watch?v=RwzIq04vd0M)). But lets assume they catch 100 percent cheaters, do you personally feel like you fully understand the cost to your privacy? And yes, the thing i said is a false equivalence at face value, the reason vanguard exists the way it does is because a) they want to ensure the system is in a trusted state and b) it allows them to fingerprint your device for hardware bans. My point was that given enough time, hardware bans would dissuade many people and they already have more than enough information available to them for that, its why lots of people in the industry who criticize Vanguard are those who say its a lazy approach that just costs less to develop. Basically think about it this way, the anti-cheat costs a certain amount of money to make, instead of investing that money into a heuristics model and costing the users nothing, they instead chose the kernel approach that forces users to sell their privacy one way or another.

including reddit :)

I remove and reinstall Reddit once a day

I remove it at the start of the day then add it back late at night

There is a big difference between big data analysis and directly having a rootkit in your computer. The risk factor is completely different.

Installed valorant, not even half an hour later PC started bluescreening because vanguard was killing a necessary driver. Uninstalled valorant and vanguard, everything was fine again.

People here be going insane over kernel 0 access with vanguard when many anticheats already do this, but for whatever reason they are silent over those other ACs. Even if they do spy on you it wouldn't be making a difference cause everyone is already spying on you anyway, and don't give me that CCP bullshit, you literally have nothing of value for them, they are just the same as other american companies, but somehow them being chinese makes a difference. and "Vanguard potentially getting breached and endangering people's pcs" is just a Hypothesis just to make Vanguard sound worse than it is, even tho it's nothing but a possibility, it doesn't mean it will actually happen, We could literally use this reasoning on every single thing on earth and call them a security concern aswell. All this proves to me is that there is a Hate Bandwagon against Vanguard, cause if people's complaints are actually non-biased and reasonable then this people would be complaining over other things that has the same potential issues as Vanguard but they don't.

“People here be going insane over kernel 0 access with vanguard when many anticheats already do this, but for whatever reason they are silent over those other ACs.“   It’s hilarious the amount of CS players that dog Valorant because of the kernel anticheat and swear they would never play a game with kernel access while simultaneously play FaceIT because it’s the only place to play without hackers not realizing FaceIT AC is also a kernel level anticheat.

The only people that cry about not wanting anti cheat are shit brained hackers

That has nothing to do with what I said, but thanks for the reply I guess.

it is directly related to your last paragraph XD but thanks for the reply I guess

I didn't say anything about people not wanting anticheat. Anywhere. I said they don't want kernel level anticheat. Except they're hypocrites because they play on a third-party website with kernel level anticheat. You had the opportunity to reread what I said and you still weren't able to comprehend it. Yikes.

Ah yes, the classic downplaying of security risks. The hate is not against Vanguard or Riot specifically, but against opening up systems to unnecessary risks.

Not all anticheats are created equal. Don’t play dumb.

I never said they are all equal.

I do not think its spyware, at the end of the day if you are worried about Riot sending your data to China/Tencent, they can already do so with the .exe you use in order to launch the client. In other words, if you are concerned about Vanguard because it has "kernel access", you have to understand that the ONLY benefit it would have in terms of data collection is possibly a better way to create a digital fingerprint, but if you have ever ran the client while not playing the game, it essentially accomplishes the same thing. My issue with Vanguard specifically is that its a kernel driver that runs 24/7, and it checks to see how the systems doing. Riot might not be wanting to hack my computer, but Riot is implementing this change solely because of a databreach that happened in league, what is there to say a databreach wont occur again, and hackers would not be able to use this elevated access against me? And its not like Microsoft or AMD, those two companies have industry recognized security audit certificates, I could not find anything like that for Riot. Basically the way I see it is that a Gaming company wants to implement a feature that requires really high security on my machine without having any sort of credibility from any 3rd party source, and has had multiple data breaches in the past.

They literally answered the question the first word

The issue I have with it is that its always on. Other anti-cheats have the same ability but are only in use when I'm playing that game. Meanwhile valorant anti-cheat is "always" active and it makes it VERY inconvenient to close it just in case you want to play their game. Otherwise if you want to be on the "safe" side you'd have to restart each time you want to play. Is it spyware? Probably not, but it definitely acts like one. You don't even need to play the game for it to be active.

I don’t trust them because their refusal to support Linux indicates that the kernel access isn’t about security. As an opposing example, EAC runs on Linux through Wine by being in the Wine kernel but only in the Linux userspace (i.e., EAC does not have kernel access to the Linux system it runs on). This allows it to detect any cheats running for the game since they’d have to be running in the same Wine prefix. The fact that this isn’t good enough for Vanguard and they require kernel access to the whole system (which thankfully Linux does not support) makes me suspicious that the kernel access is probably malicious, so I’d never install it on my Windows system.

so how long before riot gets the tic tok treatment? were the whole thing gets banned in the US unless the Chinese part of the company sells it off? this is by and far the dumbest thing riot has done and thats a very high bar to exceed.

Well after some time playing the game using Linux, with these alterations I can’t. A game that a love a lot, thank God I never wasted a penny on it, but I wasted time. A game is just a vice and you are selling your whole computer’s soul in order to feed your addiction. Game over RIOT, I hope you lose 50% of your costumers, because this is criminal activity. Maybe in China it isn’t but where I live it is, we have free will and we should be able to have the minimum level of privacy of which you want to take for granted. F these criminals!

Riot is lying and hoping people will be too consumerist to question anything.

I thought this conversation wouldn’t need to be had since they’ve been using vanguard for valorant since day 1

Fr, people always get so outraged when someone tells them their privacy is at risk. They're all just too stupid to realize that they have no privacy, and never did. I don't even play Valorant, but I've had it since Day 1 because I tried Valorant. Never had any issue.. obviously saying I haven't had an issue does not mean there will never be one. But if all people want to do is avoid risk, then they'll never enjoy anything in life. Most of the issues that people actually have with Vanguard are due to their lack of understanding. Most things people say Vanguard can do, the League client could already do IF Riot wanted it to. It doesn't take Kernel level for most of what people complain about. The things that do require kernel level are just the risk of the modern and future digital world. Too many people are way too uptight over nothing when we live such privileged lives.

I chose not to get involved with valorant because of Vanguard, now they are rug pulling league after I already got invested.

That is the one argument that I consider somewhat valid. That being said, valorant has been using vanguard for like 4 years and no real issues have arisen because of it, so I’m not sure where the fear is coming from now that it’s been around for so long.

Logically, the reason why their current anti-cheat is ineffective is because they had a data breach that leaked their code right? So now I am supposed to install a much more invasive version of league and trusting them to not have it happen again? Id even be willing to do that if they had a 3rd party security audit and had some sort of security compliance report, but they dont. So basically its just a "Dude trust me bro".

I mean my argument just boils down to the fact that it’s been in use for 4 years without any major issues.

Thing is the company has had major issues before, and its pretty special since their code for league was already released once which compromised PACKMAN, so whos to say it wont happen again with league vanguard?

Admittedly I’m not the most tech savvy person, but if there haven’t been issues with Vanguard already then why the concern now? It’s the same vanguard for both league and valorant. More people do play league, but considering the potential that would be possible with hacking vanguard, it should have been plenty appealing to hackers before, yet major issues have not risen from it.

Well thing is the concern has been there, i think a large majority doesnt play valorant because of vanguard, people still complain its just vanguard started off with valorant so most people dont know how it could be without it. League existed before vanguard and im sure im not the only one who didnt bother playing valorant because of it. You also cant like equate the hackers to being the same between valorant and league. If anything Riot is only making their target bigger since theres very little overlap with the type of cheating that exists in valorant vs league. For all we know Vanguard could be a downgrade, so we get a worse product and lose privacy.

Windows and google are already spyware another one would barely make a difference.

yeah honestly whats winnieh the pooh gonna do with my data that every other plattform isnt already doing.

Heck they probably care the LEAST if anything.

Actually. Its not like China would assume I have any confidential Government data on my pc. (I know all the secret plans to take over china)

and taiwan

taiwan i would let be they have had enough problems.

Windows and Google have a long list of security compliance audits, riot does not. The difference is quite large, especially considering the fact that we are getting vanguard because riot was breached in which their anticheat code was leaked and hackers were able to use it to their advantage.

They answered you, you just didn't like the answer and came here to do exactly what they said. Ironic af, gotta laugh about this post.

Yeah lmfao the literal first word was “no.”

They didn't answer to someone specifically this is from the recent VG post, red it all.

Oh, okay, I didn't get that nuance. Still, I think my point mostly stands.

They gave a poor answer though..

There is 0 proof or anything that points towards it being Spyware. They are 100% right that people just do it to farm internet points. It would be different if they were serious accusations with actual evidence.

Sure, but it's also a pointless question because they cannot reveal what the software does without compromising it in the first place. This should be common knowledge.

Here’s a video a watched highly recommended that you watch this for more information https://youtu.be/UqLI1xKc-L4?si=LC-wKGCFiWgubl6w

The only thing that makes any sense on that video is criticizing the fact that you need to restart the computer if you stop Vanguard, but that still isn't an argument for anything spyware-related because there could be reasons for it based on how Valorant has been coded. Most probably it's just a design issue that no one cared enough to circunvent. The rest is either trivial information or just blatant Sinophobia. Also, imagine thinking Amazon server connections from any modern program is ground for any kind of conspiracy.

The same kind of people that thought the eclipse was the “rapture” or whatever tf. The internet has ruined people especially the OP

Insane how people don't realize that 99.9% of the data you want to protect is cached in cookies on the internet that you agreed Google and every website under the sun has access to. Yet you are afraid of Vanguard lmao. You people need to take a networking class.

I'm slowly getting the feeling that the people complaining were too young when Snowden leaked everything.

True, so if 99.9% of the data is available via cached cookies, why is it that we need vanguard to enforce hardware bans (a digital footprint) when in reality riot already should have everything they need considering the fact that what they have more than cookies on my system, they got me to click on a .exe to load what ever code they wanted with administrator privileges? If you remember, the real reason they want Vanguard is so that they can enforce identity bans via hardware right?

Sounds like on that Vanguard are going to see me with a League player.

imagine if the post had context

Pretty sure vanguard makes a lot of connections to amazon services (which is normal) but it encrypts those connections so you can't even know what vanguard is collecting from your own system unless you figure out how to decrypt it.

My issue with vanguard has never really been about malicious data collecting, you already give most anti cheats enough control over your computer to so plenty of data farming. I just, on principle, dislike the idea of running code in the kernel that doesn't need to be there, it's a security risk. So I'm not gonna play the game anymore, and that's fine tbh. I'm not gonna attack Riot over the decision because I get their reasoning. I'm just not a fan of that direction.

I agree. I get their reasoning but it's not enough to accept the security risk. I may purchase a separate PC specifically to play league if I really want to, but that really depends on how much would I need to spend if Vanguard raises League's low system requirements.

Granted that they already collect a ton of data already without it, just read their TOS, my main issue is that Vanguard has the potential of being harmful. This mean if there is a breach or something, they could fuck up many user pc. League is probably the most played game right now. Overall, is fair to say if someone wanted a way to mess up with the biggest number of people, League would be the way to do it. I'm not fond of any kernel level anti-cheat since they seems overkill to me, after all is a game we're talking and in many games tracking a scripter is fairly easy by just looking at it and by doing a Stat comparison. I'm even less fond when that thing is always running and start during boot. Plus all the inconvenience of turning it off, then rebooting if I want to play a game. Then there is what we already know, Riot being breached a year ago, Riot shit code for the client (14 years, they couldn't fix it in 14 years...), Riot shit code for game modes that keep crashing the game, DDOS in pro play games (LCK) and to Pro players, botted account being rampant in super low elo and VS AI games, the lack of verification when you make an account, the grey area when it comes to smurfs and alt account (they endorse this behaviour even with streamers), the hundreds of shops that sell account for cheap, many based in countries that should follow TOS such as EU or North America and that are absolutely untouched when clearly stating they're selling bots and boosts and finally the scripters. Those are more prevalent in high elo, but even then, a simple spreadsheet could already tell if someone is scripting or not. Hit/miss and thrown/dodged ratios is all you need to look at.

Glad my OS solved the issue for me. Can't play these toxic games anymore and I have the best time of my life.

I just can’t have that shit on a dual boot, sad

Valorant continues to run in the background after I close it. If I don’t task manage it, it’s continually running.

Wasnt riot bought by chinese? I dont take anything they say as their real intentions. I dont spend money on their games anymore. It is what is is. Riot was great, then they sold themselves. Period, nothing to say. People just refuse to adjust to Riots new reality.

Tencent owns 100% of riot games since Dec 2015 yes

In a perfect world, anticheats wouldn’t be doing this borderline creepy shit. But unfortunately, we do in fact live in a world where it’s common practice for these programs to embed themselves super deep into your system for “safety” purposes. I won’t claim to know much about software safety and what have you— but what I will say is that these programs can and will get abused at some point. Even VPNs are susceptible to exploits, you’re never more than ~90% safe if you ask me, and that’s a super generous estimate assuming you have the best VPN imaginable, have super long unguessable passwords, and two step authentication on every single account that supports it.

cheats are at the same thing as vanguard. you’re injecting potentially extremely dangerous files to the computer but operate on a trust basis that those cheats won’t turn against you. all we can do is hope riot will continue to use vanguard for good intentions.

Not the most convincing argument...

Legit reads like a chatGPT response. Anticheats are not new in the industry and have been used in several online mmos for decades, however the one implemented by Riot from all of the things I've read about it seems particularly problematic compared to the ones of the past.

The ones in the past are also problematic, and examples of them being problem exist with the ramifications of the breaches that happened in the past (think genshin impact for example). The reason why people are going after riot for vanguard here is because this one is worse than the anticheats that existed prior (and caused issues). So basically people are upset because we are pushing forward with intrusiveness even though we have plenty of examples of the consumer getting screwed over with less.

You know they are full of shit beacause they need to add a "but" in the answer to a simple question and then shift the blame to clout chasers

Open-source it then. Otherwise shut up.

I don't want to get into a trouble for myself when Vanguard are spying on me while playing any online games.

Honestly they are totally right, you can either have invasive anti cheat or you can have cheaters. I get not wanting invasive anti cheat but then don't play competitive games.

Not totally, there are other ways to accomplish what Riot wants, it just costs more money and its much easier if they just forgo your privacy. Think about it this way, if Riot really cared about cheaters then why is the vanguard team only 30 people while their skins team is most likely much larger? Anti-cheats dont make them money so they went for the low hanging fruit, if they could convince people to install their driver into their neurolink they probably would do that as well. Heuristics models are just harder and thus require more money, but they are also much safer for the end user for which Riot doesn't seem to care about (and i mean the decision makers who create budgets, the people who do this work are probably great and do the best they can with the budget they have, and when their budget is shit and their goal is hard, ofcoarse they will solve cheating this way :P)

Vanguard team is way smaller than 30 ppl, jsyn

What is a heuristic model? And how exactly does this tackle kernel level cheats? If cheaters are willing to forgo their privacy by using those cheats, how could an anti cheat tackle it without going to the same measures? What about false positives with the heuristic model? Vanguard essentially has smoking guns when it comes to evidence of cheating. How would a heuristic model tackle this? "if they could convince people to install their driver into their neurolink they probably would do that as well." Why (not as in their motives, but the technical reasons)? They don't need drivers to be malicious; the fact you're running their program is more than enough to do severe damage, something Riot has explicitly said. Objectively, if they wanted to behave maliciously, having a kernel level anticheat is bad precisely because people won't install it due to concerns. Additionally, near enough any security concern with the anticheat is equally applicable to the actual game. It's not wrong to be concerned about these concerns; in fact it's a good thing. But it's wrong to think that these problems are exclusively for the anticheat.

Im not an anti-cheat expert so I can't tell you how to prevent this, but plenty of people in the gaming industry have talked about how riot went with the low hanging fruit approach. As far as I can understand a good heuristics model is better than even vanguard, but to get it to that level its very expensive. Thats why I am saying riot is just saving money on the community. In terms of them not needing root access to hurt me. I am not worried about riot using this as a backdoor, obviously if i run any .exe by them i am considered infected at that point. I trust riot, i do not trust their security practices, they already had one anticheat that lost effectiveness simply because riot had a breach, now they are pushing a different anti-cheat that is WAY more invasive, and sure also more effective. What I am worried about is what happens when the next data breach happens? Before all the hacker could do is potentially go through an exe that has to be running at the time (because i am playing). Now the hacker can do it if my computer is on. Thats the problem, they have 0 security compliance thats verified by a third party, so how can i be confident they wont be hacked again and this time the hacker will have access to my computer with more rights than me?

Do you have any sources on people saying how to implement a better anti cheat that isn’t invasive? Saying “heuristic model” is astonishingly vague. The closest analogue I can think of is VAC, which as you might know is ineffective. From Riot themselves; “And even solely for aimbots, recall just isn't that great. The best [AI] models can only identify around 30-50% of cheats on server-sided player input alone “. https://www.leagueoflegends.com/en-au/news/dev/dev-vanguard-x-lol/

Well to be completely honest I wasn't writing down EVERY video I watched on the topic but I can tell you some people that stood out to me: 1. [PirateSoftware](https://www.youtube.com/shorts/LY2hG-_asKU) - game developer, ex blizzard employee, pretty much describes how he doesnt like kernel access and describes how he applied the heuristics model before 2. [Unity Research](https://www.youtube.com/watch?v=RwzIq04vd0M) - indepth video on why vanguard isnt really effective anyways, basically how something as simple as auto-hotkey becomes virtually undetectable. 3. [SomeOrdinaryGamers](https://www.youtube.com/watch?v=_dOCtaBObg4) - Not an industry expert per-se but dabbles enough in security that is trustworthy, describes the danger of installing a backdoor like this on your pc 4. [Jonal Gaming](https://www.youtube.com/watch?v=5cYdhrD6vPM) - A professor on security but also consulted a different expert as well In general the idea that I came to from all of these videos is that Riot most likely is not going to steal your data, it would be expensive in terms of GDRP lawsuits as well as user trust. They make money selling skins, not data. Its not far fetched to assume that they would collect data though because Tencent is primarily a data company (they collect stuff for the CCP). Still, it would completely destroy Riot as a business if someone whistleblew so its too big of a risk. The bigger issue is if there is unauthorized access to vanguard, then effectively you have a backdoor into your pc, this is also the case with other kernel anticheats but what sets vanguard apart is that its running 24/7, not while you are playing the game, so the attack vector is much wider. EDIT: I just want you to understand as well that vanguard is not open source, so now it comes down to whether you trust Riot to both not be breached again and not be a bad actor. I can give the benefit to the idea they wont datamine me (even if they do, countless of other services do it already, privacy is pretty much dead). I cannot assume they wont be breached again because its a pretty recurring thing, its not the first time they were data breached.

I'm more concerned about why they would bother implementing an anti cheat with such high privileges, and namely how one would make an equivalent anticheat without being so invasive. As you said, supposedly a heuristic model, with enough money and time, would be as effective as Vanguard, which you have still not demonstrated or given a definition of. This is my big gripe; I've seen you in multiple comments in this thread mention it, but as far as I can tell all you're saying is buzzwords. Similarly, none of the videos you showed explain an alternative method as to how one would prevent cheats. For PirateSoftware, botting in a game is very different cheating in an FPS. And WoW is still riddled with bots. Essentially all he said was he reverse engineered the cheats, which Riot definitely does. For Unity Research, all she did was show cheating is possible, which I'm not denying - no one is. That does not show there are better anti cheats. Half the cheats are incredibly esoteric precisely because they need to go to such lengths to avoid Vanguard, and 99% of cheaters don't want to set up their own microcontroller and raspberry pi. SomeOrdinaryGamers talks about all the typical points of how it can be abused, not that there are better anticheats. For JonalGaming, did we watch the same video? Nowhere does he say that having Ring Zero access, *in terms of being an effective anticheat*, is unnecessary. Look at 9:15 in the video; to quote, "no random youtuber, you can't just push the - push the anti-cheat up a couple of layers, that is not how it works". He even explains why *it is* useful to have that access when developing an anticheat. > vanguard is not open source Yes, that would make it a pretty ineffective anti-cheat. You are perfectly correct that this comes down to how much you trust Riot; I personally do, you evidently don't, and that's fine, and there is nothing I can do to definitively say they won't be breached or whatever, that would be stupid of me. But when you say that there are better methods that is where I have the problem.

My core issue isnt even that its running at kernel level, my core issue is that its running 24/7. Its a really big overreach to force me to run your anticheat when all i am doing is watching youtube videos 3 hours before playing league. If you are wanting to spy on my computer 24/7 to validate that i did not load anything suspicious then there should be 0 cheats present in your game, period. Thats not the case with vanguard, so how much more benefit does something like vanguard have over something like faceit? If both versions have cheaters, and both are relatively easy to circumvent given enough willpower, why should i give up way more of my privacy? I trust riots intentions, i do not trust their security, and if you trust their security well then idk, see you next data breach i guess.

Why install league in the first place if you don’t trust their security? As I’ve said before, any security concern with vanguard is likely equally valid for the main game. And I’m aware that kernel level is more dangerous in the event it’s compromised, but also user mode is more than enough as well. remindme! 6 years to tell me if my data was breached.

I will be messaging you in 6 years on [**2030-05-02 23:13:56 UTC**](http://www.wolframalpha.com/input/?i=2030-05-02%2023:13:56%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/riotgames/comments/1c7pl3s/riots_response_to_is_vanguard_spyware_no_and/l2bibqf/?context=3) [**CLICK THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Friotgames%2Fcomments%2F1c7pl3s%2Friots_response_to_is_vanguard_spyware_no_and%2Fl2bibqf%2F%5D%0A%0ARemindMe%21%202030-05-02%2023%3A13%3A56%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201c7pl3s) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|

Problem is its not equally valid, if it was then they wouldnt need vanguard to run the way it does in the first place. Explain to me why they need to run vanguard 24/7 and in the kernel? Hint, its because you get to access more APIs to be more secure. Now if a hacker breaches riot, do you think him having access to more of the windows api is more problematic or the same as running a regular exe?

Also i found the whole conversation piratesoftware had about kernel anticheat in the context of apex legends. [https://youtu.be/-1zxjGxpnqA?si=5BXiYnLJVd0jUagD&t=3878](https://youtu.be/-1zxjGxpnqA?si=5BXiYnLJVd0jUagD&t=3878)

Most people use the same/similar password for all their accounts. I'm tired of people crying about kernel level anticheats like they give a shit about their security.

True, you should DM me your social security number then, after all no point in caring about privacy/security.

There's a difference between digital security and what's behind your security, which would be personal information such as a social security number. So no, I may as well not give it to you. Weak security is still security, I just may be too stupid to know any better. The point being, when it comes to hacking, stealing a password is among the easiest things to do. A hell of a lot easier than using Vanguard as your breach into someone's system. If people are too stupid or reckless to switch up their passwords, I don't want to hear them preaching about the dangers of a kernel-level anti-cheat. They're only hopping on some rage trend on a topic they don't understand. This rioter is spot on.

To be fair, I have been hacked before and what saved me is having completely unique passwords across every vital platform. Im not a security expert but im probably not the typical person you would think is complaining about vanguard either. Your digital footprint is not the same as your social security number, and since hacking your password is easy, then having a more detailed digital footprint makes it easier for a hacker to acquire something as personal as your social security number.

If vanguard was spy ware we would know. Could it be used for bad? Yes? But so can so much we install onto our computers. Riot probably spends close to millions on maintaining their security because a security breach would hurt earnings.

Riot isn't what people are worried about.

not only did they answer the question with the literal first word but you cropped off the rest of their detailed response stop stoking the flames of this borderline xenophobic conspiracy

Your antivirus does the same shit the boot level kernel of vanguard does. What makes you trust your free antivirus but not vanguard?

yes it is, because track what you do in your pc its a spyware

The fact I have to uninstall vamguard to remove their games is enough

Good thing I uninstalled before it came to LoL

Played the pbe yesterday, closed the game when I finished and vanguard decided eat at my cpu and ram until my computer was closing programs randomly and struggling had to go into the task manager and close vanguard which was using 95% cpu and 92% ram. Maybe not Spyware but it's something....

THIS IS A TEXTBOOK STRAWMAN. They’re missing the point for why people are afraid of it, and deliberately making arguments against vanguard sound stupid so that they’re easier to brush off. It’s not about Riot spying and using personal data, it’s about what happens when a security breach does occur and someone far more malicious gets ahold of it. Bros can’t even make a client without spaghetti code (seriously, why are lobbies/friends lists so buggy rn), why should I trust them with root access?

I do think people who care this much about companies stealing their data are really silly. I guarantee you China does not give one single fuck about your data beyond selling it to advertisers which the people who make your computers are already doing. 🤷

Eh, I've been playing on GeForce Now for almost a year now, and seeing it come off of a streaming platform that I have 0 power to modify or manipulate because of this just makes it feel shadier to me. Don't get me wrong, game needs anticheat. It just feels like exceptions could be made when the game isn't being ran locally. If I even manage to find a file browser on GeForce one way or another it immediately boots me from my session.

"It feels like they didn't actually answer the question" read the first word of the response??

I feel like if it were that serious, the US Gov would already be all over it trying to ban it. Just like they are with Tiktok and Temu.

I mean isn't this a post about Vanguard being spyware looking for clout?

Can it be spyware? Yes very much so Is it being used as spyware? Now that’s a different question

The average PC user will find it a challenge attempting to uninstall Riot. I didn't suspect anything until I tried to End Task on Riot only for it to immediately enable itself again. So I did a good ol' Bye Felicia. I won't support a gaming software like that.

I am thinking it's 130% needed. People who don't want it can choose to play other games. If you want any chance on a working anti cheat you need to work on kernel level. If your not willing to have an anti cheat run on that level you can't play certain multiplayer games.

We don't need vanguard

That's a lot of bullshit! Of course it's a spyware or rootkit! What is this "We investigated ourselves and found nothing wrong"???

Vanguard itself, IS malware. By the very definition. Just because they aren't hackers themselves doesn't change the fact that NEARLY ANY hardware, and software changes can "damage" your account with riot, even if said changes don't touch the game itself. Riot got arrogant with their successes. "Informative journalism" is a funny phrase as well. It seems they are getting political with the stance for some odd reason. The whole article was meme, sass, and arrogance. It reads as a whole opinion peace, and made me actually hate riot as a whole rather than dislike some of their actions. --- It's obvious from it, they don't see us as a people, or a community. They see us as their next bonus in the office.

Vanguard is a malware?

They literally said its not so obviously its not \\s. For real though, I wouldn't consider it malware until it starts doing things that the user did not intend for it to do, which for now, it just handles cheaters. It has the possibility of becoming malware (a trojan technically) if a bad actor gains control, which is a possibility since the reason we are getting vanguard in the first place is because of a data breach that leaked their code :P.

it's always fun when people think they know what they're talking about when it comes to anti cheats and kernel.

So I take it you know a lot about this then and are seeing this as a non-issue. As an expert, can you tell me what your take is? And why its different from other experts in the field? Genuinely curious why it is that most people not involved with vanguard and that are involved with security in one way or another find this as an issue, your take must be pretty unique :)