Vanguard takes screenshots of your PC every time you play a game. Every time you play a game a function is called to screenshot your PC’s screen, in case Vanguard thinks you might have something suspicious, it screenshots your ENTIRE PC screen (all monitors).

Edit: Not trying to spread false info this was shared to me via a friend and there is other data to back up that this is real https://www.unknowncheats.me/forum/anti-cheat-bypass/634974-vanguard-taking-screenshot-pc.html

https://www.unknowncheats.me/forum/valorant/484475-vanguard-screenshots.html

  • LostWon@lemmy.ca
    link
    fedilink
    English
    arrow-up
    110
    arrow-down
    2
    ·
    6 months ago

    There should be laws against this everywhere (with other forms of data collection included). There’s no way preventing cheating is more important than the fundamental rights to security and privacy.

    • SupraMario@lemmy.world
      link
      fedilink
      English
      arrow-up
      36
      arrow-down
      2
      ·
      6 months ago

      There is, this could have the potential to collect PII and its %100 they’re not storing this as encrypted data on their side. So it is %100 illegal to do, now if they’re fined for it is a different story.

      • exscape@kbin.social
        link
        fedilink
        arrow-up
        23
        arrow-down
        1
        ·
        6 months ago

        Even if encrypted this doesn’t sound like something compatible with the GDPR.

        • Barbarian@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          4
          ·
          edit-2
          6 months ago

          It depends. There’s 2 different methods that I don’t think they’re doing that would make it legal:

          1. Explicitly tell the user what data the anti-cheat collects when you install it, and what other companies have access to it.

          2. Anonymize the data. Crop the screenshots in storage media to just the game screen, and have a list of which games need what sections of the screen blurred to remove usernames.

          The first is far more useful for them than the second, but it also undermines it’s functionality as an anti-cheat because you’re telling the cheat creators what to guard against.

          Of course, the real answer here is stop doing user-side anti-cheat at all, do it server-side, and trust nothing the client says. That’s more difficult than user-side, but it also has the benefit of working, while also respecting the user’s privacy.

      • Serinus@lemmy.world
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        2
        ·
        6 months ago

        Which is why I’m almost certain it’s not happening. So far the only source is a cheat forum. I wonder what their motivation is.

        Even in corporate dystopia where they monitor you every 15 seconds screenshots are frowned upon. You never know what kind of sensitive data that can reveal.

        There’s no way Riot is doing it. The backlash would be immense, and they absolutely know it.

        This agitprop stems from the makers of cheat software who are mad that the risk of using their hacks will go through the roof. Sure, you can still get around it. But now if you screw up it’s a hardware ban.

        They’re gonna lose a lot of accounts that they sell at $10/pop.

        I wouldn’t mind talking more about security, but I’ll save that for another comment.

        • Cethin@lemmy.zip
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          I wouldn’t be totally surprised if it was taking a screenshot and analyzing it locally or maybe somewhere on the network, but I agree it’s really unlikely they’re storing it.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          3
          ·
          6 months ago

          This is what I’m thinking as well, what’s the point of doing this? As you’re going to take and go through every image with a human checking it out? Just seems pointless.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          6 months ago

          Sure but I doubt they’re sending these to aws storage, probably just sending them to their internal storage, and very few companies encrypt server data unless it’s at rest…or they’ve got it on someone’s laptop with bitlocker on it lol

      • kyle@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        6 months ago

        The screenshots are awful, but your statement is pure speculation, and likely just wrong. It’s pretty easy to encrypt images.

        • SupraMario@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          6 months ago

          First it’s not speculation, PII is protected information. As a company you cannot collect it without properly storing it, nor can you collect it without prior authorization. Second, the odds that they’re encrypting the images is pretty damn low as they’re not actively looking for PII and just cheating software.

          • kyle@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            6 months ago

            I know PII is protected, and a company like Riot is audited. I’m sure something in their TOS says they can collect the information, as BS or unenforceable as it is.

            They’re probably multi-cloud, but I know they are a huge AWS customer because they have a giant booth at re:Invent every year. AWS has pretty easy ways to encrypt data and even detect if it has PII. They’d encrypt or redact the images because the potential of capturing HIPAA or PCI information is too great a risk.

            If anything, trust that the company is profit driven and will avoid that risk. They’re still garbage and kernel level anti-cheat sucks, but we shouldn’t be spouting that unencrypted stuff as fact.

            • SupraMario@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              1
              ·
              6 months ago

              Until otherwise noted, I am going to take the cautious route on this one. I’ve worked with a lot of fortune 500 companies and they love to do shit the cheapest way possible.

    • Ashtefere@aussie.zone
      link
      fedilink
      English
      arrow-up
      7
      ·
      6 months ago

      Just last year I was at a security conf and they said the biggest threat to security right now is anticheat software, especially that owned by state actors. The venn diagram for people with anti cheat installed and people with admin priveliges and SSH keys for work installed is almost a circle.