Re: [PC] FC 25 is full of cheaters

Bit of context: I'm a career Software Engineer.

I've just encountered, for the fourth time in about 3-4 months, an opponent on Rivals who deployed the increasingly common "prevent sprint" hack. I am not one to wildly throw claims of hacks because I've lost, or mistake bugs for malicious acts. But it is quite obvious that all of these cases are malicious -- all four playing on PC (like me), and 3/4 with bronze teams that are vastly outweighed by the stats of my own. The latter point leads me to contemplate the possibility the hacks available can manipulate matchmaking also. I suspect there are many more cases of other less blatant handicaps deployed by a far greater number of people. This particular one is just a dead cert that is impossible not to notice.

Now I want to spend some time explaining to others to what degree EA is performing from a pure software engineering quality standpoint. Because pretty much all games with a PC release have a hacking problem right? Well....kinda...but usually not like this.

As far as I understand, Rivals is played via dedicated servers. This is good! Or it could have been. It's important, as having dedicated servers through which operational game-related traffic is passed also gives you an opportunity to do the basics: ensure that all game session-related heuristics and assertions originating from each individual player are within the expected boundaries of the possible game states that can legitimately be derived from the previous. So an obvious example: you can't go from 0-0 to 4-0 up directly. That would be an impossible state transition. And so if a player's machine declared they had gone from 0 to 4 and not 1,2,3 first, you'd reject that and kick and possibly suspend them.

Probably there is at least some of this going on, or things like that example would actually be happening.  So there is that. However, not being able to sprint, or being able to take peoples stamina down or have a seemingly godlike team regardless of the cards, are all sure signs that much of this very basic validation is not occurring. If it's not implemented at all on the server side because you chose not to, then it may as well be a total "P2P" game where it is wild west.

This kind of validation is not possible at all on P2P games, since as a games developer, you then don't have any node within the networking story that you can 100% trust to perform such verifications. That's why on peer2peer games with PC releases (a certain world-famous open-world driving/story/shooting game, for example), there are "crazy" game-defying hacks like people teleporting, god mode etc. But expectations with a dedicated server are different. Even EA's other big titles like Call of Duty have dedicated servers that verify the basics.

Note that everything I've said thus far has nothing to do with "anti cheat" software that is running in the background on the players PC. EA have shown some effort there as that is relatively new. But "anti cheat" is supposed to be for detecting hacks on the client side that otherwise do not overtly violate cast-iron expectations around the game state -- and so can't be detected on the server as a matter of course. Things like aimbot/wallhacks on FPS game are in this category. Do not be mistaken: the type of hacking that is happening in EA Sports FC is not of the (depressingly) "normal" kind like those. Those exist because its a hard problem to solve. The hacking we see in EA Sports FC is not a hard problem to solve if you have dedicated servers. Not at all. It exists because of a startling evasion of what most engineers would consider by-default requirements. This isn't even about "better anti-cheat". That is a sticking plaster.

It's also worth noting, that reports of this happening coming from console players is ironically also because of this lack of validation. They are simply spoofing a console identity and the server does not perform any basic validation to detect this. What you are actually seeing is a hacking PC player in disguise. I play on PC anyway so don't have any hope of just disabling cross play to escape, but I would if I played on console. Apart from...that wont work either. Urgh.

Now I am not without empathy. The developers working on the project are unlikely to have enough breathing space to make the right engineering choices (most engineers, do make the right choices when given space). I have experienced that myself, and it's obviously further evidenced by the exact same networking/lobby/menu bugs released in various iterations over several consecutive years. Probably, for many, not being able to resolve those issues and instead being forced to focus on being a feature factory likely is a little soul-destroying. That the only EA response in this thread is a message reminding people not to name folks, and no attempt at indicating acceptance or actions in regards to the problem, probably means It's also a pretty frustrating role to community manager for EA. I certainly wouldn't want to do it.

All software company cultures sit somewhere on a scale between "high engineering quality, slow delivery" and "low engineering quality, fast delivery" and I will leave you to decide which extremity we are talking about here. Now I sound crazy: but if I were a manager at EA (who tried to forget about norms and expectations coming from my engineering background) I would probably make the exact same decisions they have. EA Sports FC makes enormous sums of money. It will probably continue to do so. But if you realise how far away we currently are from a focus on the player is -- it certainly makes me just want to abandon it.

Please EA, assign a few devs to this problem next year. You are risking your own success.