> but I also like to know that the others in the game are not cheating. and that is impossible without an inaccessible black box, the Xbox

Ignoring the fact that reverse engineering is just a matter or time and pressure, eventually people will start hooking up image recognition auto-aimers to the input/output of these devices... what then? do we enter some kind of minority report era of gaming where you have to get your eyeballs replaced with "unhackable" ones - hope they don't burn out your retinas in an update. Point is, a black box is actually not a complete solution - as long as you can play the game, there will always be a way to cheat.

There are various online FOSS games that are completely open and hackable, where it's very easy to download the source and literally set a condition in the make file to enable "wallhacks" (because that is in-fact a useful debugging feature - talking about ioq3 specifically)... those communities just deal with it the old fashioned way, new players get treated with more scrutiny, admins get good at recognising cheaters (most cheaters are not good at hiding it, and experienced players who would better conceal wall-hacking behaviour etc are less likely to want to play with hacks way anyway). It's far from bullet proof, but so are so called "black boxes" despite their cost to the user.

> do we enter some kind of minority report era of gaming where you have to get your eyeballs replaced with "unhackable" ones

yes.

Retinal fingerprinting with VR. you can jtag your headset, and be locked out.

the answer is "yes", because of market forces.

I want to play against other players, with an assurance that the game is fair.

I will pay money for this. A Company will deliver on this, and those who seek to infringe upon this, will be legally coerced into submission.

... wow.

I'm not usually one to judge what others spend their time/energy/motivation on, but you may want to re-evaluate your priorities.

Is having a game with that level of "unhackability" - because lets be honest, there's no such thing as unhackability - really worth everything that would have to be given up, from right to repair, right to own your hardware, the ability to not arbitrarily be locked out of something you put money into because <you were injured and lost an eye|your hardware broke and misread something|You develop a lazy eye| n number of anything else>?

If it's that important to you, play a game where cheaters are dealt with the old fashioned way. I'm ready for a break from corp hosted game servers, give me a server I can run myself.

Yes, and millions of others too.

Some people want to play games, and enjoy themselves in a competitive environment, and pay for the privilege.

If that doesn't appeal to you, that is your priority.

Don't like it?

dont buy a fuckin xbox.

telling others they shouldn't enjoy a game because "muh hardware" is literally a borderline bad-faith statement, and a shallow attempt at virtue signaling.

buy a computer to compute.

buy a console for an assurance of a fair playing enviroment.

you're confusing cryptography with corporate secrecy. Cryptography can be open (in terms of both specification and implementation - only keys need secrecy). This thread is about closed implementations, which is a different topic (even if those implementations happen to leverage cryptography)

how can you have open hardware, but promise fair play?

you cannot. this is the crux of the matter.

consoles dont have cheaters, PC games do.

consoles are locked, pc's are not.

these are separate ideas, that meet when players do: online.

the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.

PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.

consoles were this way from the start, on purpose.

Consoles have less anti-cheat bypasses for a number of reasons, mostly related to obscurity, not security. The relative scarcity of gamers running homebrew-ed consoles makes developing bypasses of limited appeal. There's also a cultural difference, where gamers with an interest in mods, etc. will tend to gravitate toward PC as a platform, since it's a multi-use platform. There's still plenty of AC bypass on consoles, just significantly less.

A similar example outside of gaming is Linux as an OS platform: antivirus software isn't a big thing, despite Linux being continuously behind bigger desktop OSes with their security mitigations - (e.g. things like strong ASLR). It's less of a concern, not because Linux is more secure, but just because desktop applications there aren't a large target market for malware, and because of large cultural differences in usage.

On the other hand, AC bypasses on PC happen not because of a lack of console-esque hardware mitigations, but simply because software AC is not particularly advanced (yet). Popular AC solutions tend to employ non-engine-specific solutions that match known cheat signatures - bypasses inject cheat dlls and hope they don't get caught "too often", rather than using in-engine verification of non-cheat behaviours. I think this is primarily just an issue with software maturity and likely to solve itself over time. The general non-gaming software space has gone through similar evolution, whereby we used to rely heavily on signature matching on malware, and have evolved toward a more integrated "zero trust" approach to mitigating threats - signature-matching still exists for things like software-composition analysis, but in general is not a primary mitigation strategy for runtime security.

> the only way to hide the code to prevent cheating is to physically embalm it into the CPU, in a way that, if physically accessed, will break the machine, rendering the effort fruitless.

> PC's are going that way, the way GPU's are containing more "black box" mechanisms themselves.

Hiding code has historically never succeeded in preventing anything. The trend toward black-box is about a combination of corporate IP protection, vendor lock-in (see also the Apple T2 SoCs) and almost certainly APT actors (disclaimer: speculation). It's not about security, least of all anti-cheat.

I don't know why you think console games don't have cheaters. COD on the Xbox 360 was rampant with cheating, including custom games that gave you huge amounts of XP

They have learned from past mistakes with the Xbox 360. You can't mod the Xbox One like you could the Xbox 360. The person you're responding too is one of the most knowledgeable on the subject.