Riot Addresses Vanguard Anti-Cheat Concerns, Offers Bounty For Exploits

After it was revealed this week that VALORANT comes with a rather invasive set of programs to prop up its anti-cheat efforts, the Security and Privacy teams have stepped in to discuss exactly what their software does in an effort to reassure users.

Speaking about the matter was Chris Hymes (Data Protection Officer & Chief Information Security Officer,) Mark Hillick (Director of Security,) Clint Sereday (Anti-Cheat Product Lead,) Daniel Hu (Data Privacy Product Lead,) and Warren Kenny (Application Security Product Lead.) There is a lot to unpack in their post, but put simply it can be summarized in their statement, “The bottom line is we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve.”

The team goes on to outline the overall philosophy used to create the Riot Vanguard program, and to explain how each of the three components work together, split among the client, driver, and platform. A hot point of contention that users had when discovering the programs was that it runs at start-up and remains on basically whenever a computer is being used.

The team states that this is done, “to prevent loading cheats prior to the client initialization,” but also that, “The driver can be uninstalled at any time (“Riot Vanguard” in Add/Remove Programs), although VALORANT won’t run without it.”

Riot Games seems more than happy to place their faith in their current system. Over the past six years, they’ve boasted a Bug Bounty program on HackerOne that rewards security researchers for discovering vulnerabilities in their software. Now the team is announcing a special scope with a focus on Vanguard, offering a reward of up to $100,000 for information that leads to flaws that would undermine the security and privacy of players. The blog post goes into some extensive details, and it worth a read on its own.

So, does this explanation merit the blind trust in Riot Games? Sadly, no, it is not even close. If we are being brutally honest, Legends of Runeterra, Teamfight Tactics, and now VALORANT on top of League of Legends have positioned the developer in a powerful spot in the industry, but it’s not all sunshine and roses.

Riot Games has a history of leaning deep into the honeyed words of a PR department, and that is what this post sounds like. The last time Riot Games made statements like this one was through 2019 and early into this year when finally settling its gender discrimination lawsuits.

Women in the workplace of Riot Games faced years of discrimination, and the developer did its absolute best to sweep such allegations under the rug. They ignored countless complaints, and attempted to force those affected into binding arbitration for individual claims of sexual harassment. Even after the developer settled, there has never been any formal declaration to do better.

If a developer can’t do right by its employees, what chance to consumers have? Ultimately, it is up to each user to determine if they trust Riot Games with such privileged access to their PCs.

Source: Read Full Article