Trusted client network model can’t be fixed ‘without a complete rewrite’, warns ex-Respawn and Sony online dev Glenn Fiedler
An expert in games’ online infrastructure has slammed the networking method used by Ubisoft Massive in The Division.
Glenn Fiedler worked on optimising multiplayer and online features at studios including Irrational Games, Pandemic, Sony and Respawn Entertainment for more than a decade, before launching his own networking-focused consulting firm, The Network Protocol Company.
Analysing the reason behind The Division’s much-publicised spate of player cheating in a lengthy breakdown titled ‘Never trust the client’, Fiedler calls out client network models as being fundamentally easy to exploit by client-side software such as Cheat Engine.
“Here we have a client-side cheat program that is poking memory locations and giving players infinite health, infinite ammo, and teleporting players around the level,” Fiedler says. “This indicates that The Division is most likely using a trusted client network model.
“I sincerely hope this is not the case, because if it is true, my opinion of ‘can this be fixed’ is basically no. Not on PC. Not without a complete rewrite. Possibly on consoles, provided they fix all lag switch timing exploits and disable players moving and shooting while lag switch usage is detected (trusted client on console exclusive games is actually more common than you would think…), but not on PC unless they completely rewrite most of their netcode and game code around a server-authoritative network model.”
He continues: “When I present such a bleak outlook people often people ask: why can’t they just implement more server-side checks? In fact, the developers prior to release seemed to say something along the lines of: ‘Oh, don’t worry. We haven’t implemented server side checks yet. Everything will be fine. Don’t worry. We’ve got this!’
“To me this displays a fundamental misunderstanding of how FPS games are networked. It’s actually a fairly common misunderstanding.”
Fiedler goes on to explain in detail the benefit of not depending on the game client to handle multiplayer, instead offloading networking and validation of player actions to the server itself.
“Behind all of this, the key idea behind this network model is that the server is THE REAL GAME,” he enthuses. “What happens on the server is all that counts, and the server never trusts what the client says they’re doing.”
He adds: “If a competitive FPS was networked the other way, with client trusted positions, client side evaluation of bullet hits and ‘I shot you’ events sent from client to server, it’s really difficult for me to see how this could ever be made completely secure on PC.”
While it may seem a damning verdict regarding the outlook for Massive’s ability to plug the holes in The Division’s exploits, Fiedler ultimately sides with the studio, concluding: “I’m rooting for the dev team on this one and sincerely really hope they can turn this one around.
“I hope they’re not using a trusted client networking model. I hope they have something up their sleeves. I hope they have a valid networking approach based around server-side checks that can address this issue in some way… But unfortunately, so far, all signs point to no.”