521
US adds web and gaming giant Tencent to list of Chinese military companies
(www.theregister.com)
this post was submitted on 07 Jan 2025
521 points (98.9% liked)
Technology
60314 readers
3619 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Does this mean league of legends is a weapon
I mean it installs a rootkit on your computer that gives them full control over everything including what you type, hear, and see as well as the ability to record what you've previously typed and said. It could at any moment also fully disable your computer (as well as millions of other computers) rendering them useless.
Just because they haven't used it that way, don't assume they can't or won't.
Do they send this data over the network? Or is the data only used by the software installed on the machine?
They can do whatever they want. Operating systems are effectively divided into two partitions, privileged kernel space and user space.
When you run a kernel level anticheat what you're really doing is running a custom program in the kernel space. It effectively becomes part of Windows.
This means that anything that an operating system can instruct hardware to do, that program can do. It can read your files, check your email, print letter you wrote to your crush in Word but "deleted" because it was embarrassing, log every key you type, turn on your webcam, listen to the microphone, download explicit or illegal imagery, upload your hard drive to the NSA, disable your computer fans, etc
You really only want to run this stuff if it's from a trustworthy vendor and even then it's completely defensible to object to running one of these programs.
Currently these things have yet to be caught doing any of these things, but that's because they haven't been instructed to, not because they can't.
Microsoft are going to significantly limit what can run in the kernel (including anti cheat) after the Crowdstrike issue. A side-effect of that should (hopefully) be better Linux compatibility.
I remember reading that and I very much hope it is truly what they end up doing. As of now though, that has yet to materialize.
I guess what I’m saying is if this information was being sent across a network, that would be detectable.
If you are constantly monitoring 24/7/365, sure. We don't know how often it would send it if it does, it would require reverse engineering and intense monitoring. Also, even if they aren't doing it now doesn't mean they can't easily add it in a patch.
It's generally not worth trusting IMO.
Sure, but by then it could be too late for the vast majority of people.
It's not super relevant if nobody is looking for it/it's hard to detect even if you are and plenty of damage can be done prior to detection.
Weapon of Mass Distraction.
Psychological Warfare for sure
I mean, there's always been speculation that Vanguard is spyware. There's absolutely no need or justification for always-on cheat detection.
What speculation? It’s literally spyware. You are giving it full low level access to your processor.
Don't get me wrong, Vanguard is BS, and I quit playing riot games because of it. However, simply having low level access isn't sufficient to classify it as spyware, otherwise drivers would be spyware. I still haven't seen any evidence that it currently does anything nefarious with that access, which means it's quite unlikely it's being used for mass surveillance.
To me, there are 2 problems: 1) It could be used for targeted attacks, and the likelihood anyone would find out is much lower than in a widespread surveillance scenario. 2) It could be used to deploy a massive bot-net.
I think the US reclassification here is precautionary in nature.
Except drivers are designed to interact with hardware and to make it usable, kernel-level anticheats are designed to specifically scan/block/etc software. They are pretty different with their intended purposes, even though they offer the same/similar invasiveness.
Exactly. I avoid kernel-level anti-cheat not because of any known spying they do (and honestly, anything w/ user-level privileges can read all your personal data), but that they add yet another attack vector for a bad actor. I highly doubt Vanguard gets as much security scrutiny as drivers, for example.
Yep, agreed. It's the potential for exploitation that's the main issue.
And the lack of a reason for vendors to put security first. "It's just a game" or whatever, so they'll do the bare minimum to keep the money flowing.
Drivers, on the other hand, make or break a sale, because it makes the product look bad. So if a driver gets exploited, customers are likely to buy from a competitor. If that happens w/ a game, players will get pissed but keep playing the game.
A weapon against sanity, yes.
Chemical weapon, maybe.
Weapon of mass-debation