So basically cheats read memory, so things that your game knows but the player shouldn't should pretty much never be sent to the player.
This is not always ideal. It can result in desync or lag if it's things like health states. You shoot them in the chest and they run and then drop for example if the server thinks they're dead.
Containers in tarkov already have the perfect setup for this though - they need to be searched and there's always a small delay at minimum for loot to start appearing.
Use this delay to mask the latency for loot to start appearing.
When someone starts searching a container, have it ping the server, and the server tells the client what's in that container. This way, because the server does NOT tell what is in containers, vacuum cheats cannot be used on anything not on the ground and cheaters cannot just run to containers to pick up specific items their cheats flag.
This means that cheats won't be able to yoink things out of containers behind walls and won't know where all the loot is which will massively cripple cheating.
Thing is, I don't think (I know Unity and C# but I am not perfect or an expert) it would be all that complicated to wait for items to spool until the container itself is interacted with. Cheaters would still know what containers spawned but not what is in them.
Yeah there's the argument 'herp derp what if you have max attention and can search instantly' then oh no .000001% of playerbase that's not cheaters get max attention and OH NO you have 150ms delay before instant loot reveal.
Real talk this would do a lot to curb cheating and RMT. Why isn't it done yet?
Edit:
A good example of this done properly are games like League of Legends and other MOBAS. Historically being able to see the whole map via cheats ('map hacks' or 'mh') was a big problem because in WC3 (where modern mobas came from besides AoS) was the game sent ALL the information of what happened, and just hid from the user what they shouldn't know. League and Dota 2 and other mobas fixed this by not sending player positions unless they're in vision. So it's impossible to hack it in because cheats can't read what the server doesn't send you.
Basically this should mean that even with DMAs and other hot topics it would be impossible, no matter the packet interception or decryption, etc that players can use ANY cheat to view loot that isn't already on the ground. When you load a raid, your client loads ALL the loot in ALL containers and the game adds artificial delay based on your PMC's skills during the search process. It has to be this way because if they didn't send the information at the start of the raid that's in containers then it would not be possible for cheaters to know what's in your inventory or inside containers.
In summary:
Tarkov should ONLY be sending the following to each client:
All health states
What equipment you are wearing
Where containers are
What loot is already on the ground
Player Positions (Only as a work around, usually its a good cost to benefit ratio)
If it's not there, they probably don't need to send it. Grenades might be tricky with this, depending on how they implemented it. Unity has huge vulnerabilities as it's an easy accessible engine for development and the engine itself has lots of vulnerabilities as well as having it not insanely customized (like unreal would be, it's basically a box with a bunch of tools for companies at scale to build their game dev engine the way they need/want it to be) so cheats will always be a thing, but a massive problem is that shadow cheaters who kill noone scoop up loot and immediately extract. Having stamina being server sided is a great change they made so I am confident that BSG is capable of solving this very real and big problem.
Having this fixed should remove a lot of cheaters who try and avoid getting banned by not killing anyone and just using radar/esp in order to gobble up loot from legitimate players. It also has the side benefit of if culling is improved (The process by which objects are rendered or not based on your FOV so that you get way better FPS) then perhaps player positions can be intelligently given or not.
A good example is reserve:
If you are below reserve and enemies are above you, you do not need to know as a player client that enemies are above, and vise versa. This is an extreme example and I'm unsure if it can be done elsewhere because of windows in this game. If windows weren't possible to see through (not something I think would help a lot plus it'd be really annoying, thus not good cost vs benefit ratio) this would help on other maps but it wouldn't be worth it.
Edit 2: Actually thinking on this maybe reserve wouldn't work to cull player positions bc of sound. Then again you shouldn't be able to hear people f*cking shooting through 20 solid feet of rock and stone (ROCK AND STONE) maybe explosions, bleh. This one I could see causing problems because of desync issues as mentioned above so maybe it wouldn't work at all. But not sending loot in containers seems so goddamn obvious to me.
TLDR: Player clients DO NOT NEED TO KNOW WHAT ARE IN CONTAINERS BEFORE THEY ARE OPENED. PERIOD. BSG should NOT be sending container contents to players before they are opened. When you open a container, it should ping the server for a response, it loads the loot and outline, and then looting proceeds as normal.
Final edit:
"Omg too much load on servers!"
No it's not. At all. It's a tiny amount of requests compared to the server side sh*t the game already does. Ballistics, damage, player movements, etc all require massive amounts of connections and data compared to loot. Loot is literally once per container and in very small amounts. All you'd need to do is send the array ID and number such as Loot[146] which is a tiny amount of information.
"It'll cause lag!"
No it won't. Literally tiny amounts of data compared to what is already being sent. Same sh*t with perception. It's AT MOST .015S DELAY. IT IS PERFECTLY DOABLE.
"You have no idea wtf you're talking about!"
Prove it, then. If you're just gonna comment or DM me saying I'm an idiot without anything to back it up then you can honestly f*ck off at that point.
External link →