EDIT: We have at least one user claiming that EAC and BattlEye can NOT see what programs are running on your computer via proton on Linux.

EDIT 2: According to brucethemoose@lemmy.world with comment https://lemmy.world/comment/24738141

"Yes and no.

If you run task manager or something in Proton? It just shows Proton processes:
ImagePlaceholder

But all linux process, and tons of information about them, are readable in the /proc directory. They’re just files, accessible to the program.

Try ls /proc yourself.

There’s nothing stopping anti cheat from checking that, if it’s configured to do it.

Which is pretty dang convincing to me.


If I have a good understanding, the Symlinks that Proton uses allow the games to view nearly your entire drive and see what software is running? Because Proton is explicitly NOT a virtual machine and merely a translation layer for Windows applications to run on Linux?

The reason I like to ask is because this is the general consensus, that Proton applications are not secure, but when searching online it doesn’t explicitly state anywhere if the games with EAC or BattlEye are capable of spying on Linux users. So I’m looking for confirmation on this.

  • JoshCodes@programming.dev
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    1
    ·
    7 days ago

    Why would you make this a proton/wine convo when you are clearly unhappy with the practices used by the companies making the software. This isn’t about the compatibility layer you’re using, reframe your thinking. If you ran malware, Proton would say “yeah sure bud let me get that for you” and would run that shit. Proton isn’t an antivirus or a security tool.

    Also, privacy and security are completely different. Privacy is the right to not be observed, think anonymity. Security is the control of access, think authentication and authorisation. If you’re attempting to run software on your user account, you’ve authorised it to run as you. Therefore every action you do that doesn’t require a password is possible, if improbable. But yeah, they can see other open software, it can view your files and it can see your hardware. It needs to. It’s a compatibility layer. It’s still just software you ran on your machine.

    I repeat, if you run spyware, you get spyware. You’ve just given it the tools to work cross platform.

    • FiniteBanjo@feddit.onlineOP
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      7 days ago

      I repeat, if you run spyware, you get spyware. You’ve just given it the tools to work cross platform.

      Well that’s conflicting because at least one other user said that the spyware doesn’t function well enough to work as intended in Proton.

      To answer your question, Valve and Riot who provide these games made this a Proton discussion when they got these games running in Proton, and by discussing what is and isn’t possible in the current scope we can create a more informed community who can make their own decisions.

      • brucethemoose@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        7 days ago

        Well that’s conflicting because at least one other user said that the spyware doesn’t function well enough to work as intended in Proton.

        It absolutely can.

        There are real instances where I could’ve run Windows infostealer malware via WINE that would get my stuff.

        What you’re hoping is for it to malfunction on accident, basically. That might happen. But hope is not security.


        If you’re worried, you can fence off file access to programs in Linux.

        • FiniteBanjo@feddit.onlineOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          7 days ago

          The intended use of these specific anti-cheats is to be able to see active processes in real time. I’m seeing users claim both ways that they either can or cannot with no consensus.

          • brucethemoose@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            edit-2
            7 days ago

            Yes and no.

            If you run task manager or something in Proton? It just shows Proton processes:

            But all linux process, and tons of information about them, are readable in the /proc directory. They’re just files, accessible to the program.

            Try ls /proc yourself.

            There’s nothing stopping anti cheat from checking that, if it’s configured to do it.


            …Are any actually checking /proc?

            Shrug.

            I wouldn’t be surprised, though. Anticheat devs are aware of linux cheating software.

      • JoshCodes@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        3
        ·
        7 days ago

        Are you going to have a go at C++ then for compiling the game in the first place? Ooo let’s have a yell at assembly for running the game too. Maybe Intel or AMD could cop some shit for performing the instructions, Nvidia as well just to be sure.

        I’m not the other person, if it’s conflicting then idk what to tell you. I work in security, but I’m not the biggest expert on proton. I know enough to understand it’s not an emulator, it’s a compatibility layer, and that means it runs the code that was written to the best of it’s ability, on your hardware. Happens to run as you. You’re having a go at the environment, i.e. the packages and software that makes the game run, for the actions you and the game developers made. Don’t run spyware if you don’t like spyware, or run it elsewhere.

        Can the games scan your drive where your user can navigate? Yes, they have to. Can they see other programs that are running? Yes, they have to. Can they read, edit and make changes? Yes, they have to. Can they capture input in other software? Not unless you’re on Xorg, then probably. Can they make web requests and send your data outside the machine? Yes, obviously they have to.

        Congrats, it’s spyware if it wants to be.

        • FiniteBanjo@feddit.onlineOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          7 days ago

          That’s really interesting and I’d love to see you debate the other users saying that they can’t do the things that you’re claiming they can do. Please inform me once that starts so I can bookmark the comments.

            • FiniteBanjo@feddit.onlineOP
              link
              fedilink
              English
              arrow-up
              1
              arrow-down
              2
              ·
              7 days ago

              Yeah, actually, user acorntickler@sh.itjust.works said:

              The reason that these games request kernel level access in windows is to see what programs are running currently. Does root access not give them the same capability on Linux?

              Correct. The difference is that they are not asking for root privileges on Linux.

              https://sh.itjust.works/comment/26345063

              • AcornTickler@sh.itjust.works
                link
                fedilink
                arrow-up
                4
                ·
                7 days ago

                That’s not what I meant. The anti-cheat software with elevated privileges on Windows does not only see what software you are running, but also what they are doing. They inspect the used memory of the game and other running programs in order to detect cheating vectors like memory injection.

                As you have already seen in this comment, you don’t need elevated privileges for listing running processes. But you need it for further inspection.

  • Krusty@quokk.au
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    7 days ago

    Any executable you run is capable of spying on your system unless sandboxed, containered, vmed… Etc.

  • Scoopta@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    7 days ago

    As a fun aside, if you write some custom assembly into a windows program to issue syscall instructions directly you can issue Linux syscalls from inside windows binaries running in wine.

  • lambalicious@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 days ago

    Is it feasible to run eg.: Steam, within a (s)chroot that does not have host /proc and /sys mounted? That wouldn’t do that much by itself but I guess it would help more when combined with running as a different user (and not mounting host /home).

    • FiniteBanjo@feddit.onlineOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      6 days ago

      From what I’ve seen the best way to do it is to isolate steam and its installed gamss on a drive and then use something like firejail. I haven’t gotten around to trying it yet but once I do I’ll post about it in this community.

  • brucethemoose@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    7 days ago

    I answered below already, but Windows infostealers and spyware can absolutely work in proton.

    It’s no security beyond some file paths being different, from the software’s point of view.


    What I tend to do is run dedicated partitions for games and other entertainment, where I could wipe them without consequence, and if they got infected with infostealers or spyware there wouldn’t be anything to get anyway.

    And then the partition where anything sensitive is done/saved (like finances) is separate and inaccessible to that boot.

  • AwesomeLowlander@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    arrow-down
    6
    ·
    edit-2
    7 days ago

    Gotta love how almost every post now has somebody accusing somebody else of using or being an LLM. More so when they’re wrong most of the time.

    I’ve said this before, I’ll say it again. The AI accusers are worse / more annoying than the actual AI problem.

  • AcornTickler@sh.itjust.works
    link
    fedilink
    arrow-up
    29
    ·
    7 days ago

    It does not matter what games you are running or whether they have anti-cheat. If you are running a program without any sandboxing, they can access everything on your system that your user has access to.

    Steam launches games (doesn’t matter if you use Proton or they are running natively) as a subprocess and if Steam itself is not sandboxed, those games will also not be. While the symlinks may be abused for this, Wine also gives access to running apps by mounting your Linux root folder as the Z drive (similar to C or D drives you may have already seen).

    Running any untrusted software on your system (particularly proprietary ones like most games), you should be mindful of associated privacy risks.

    I also wanna address one thing about the particular games you mentioned: EAC and BattlEye run with elevated privileges on Windows. This means it can access and modify things on your system that your normal user can’t, like changing core system parameters (and even BIOS). On Linux, though, they run as your own user with regular privileges. This gives them access to your system only as much as any other app you are running. This is the key reason why some game developers don’t let you play their online games on Linux, even when the anti-cheat system they use explicitly support it.

    • FiniteBanjo@feddit.onlineOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      28
      ·
      edit-2
      7 days ago

      While the symlinks may be abused for this, Wine also gives access to running apps by mounting your Linux root folder as the Z drive (similar to C or D drives you may have already seen).

      Running any untrusted software on your system (particularly proprietary ones like most games), you should be mindful of associated privacy risks.

      I feel like for all of the words you just posted you are kind of beating around the bush here. I found tens of such conversations about root access and inherent risks online already. I hope you’re not copying and pasting LLM outputs.

      The reason that these games request kernel level access in windows is to see what programs are running currently. Does root access not give them the same capability on Linux?

      • AcornTickler@sh.itjust.works
        link
        fedilink
        arrow-up
        27
        arrow-down
        1
        ·
        edit-2
        7 days ago

        I feel like for all of the words you just posted you are kind of beating around the bush here.

        Rude. Based on your post I see that you are either misinformed or missing important information. I was trying my best to help you with my years of experience with Linux and privacy and now that you are going this way about this I am not very keen to do so.

        I found tens of such conversations about root access and inherent risks online already.

        Having root privileges and access to your system files (anything below the / directory, it is the root of your filesystem) are different things. Even without root privileges important information can be gathered about your system (e.g. by reading your /etc folder).

        I hope you’re not copying and pasting LLM outputs.

        That’s insulting.

        The reason that these games request kernel level access in windows is to see what programs are running currently. Does root access not give them the same capability on Linux?

        Correct. The difference is that they are not asking for root privileges on Linux.

        • FiniteBanjo@feddit.onlineOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          16
          ·
          7 days ago

          I’m glad I checked with you about the LLM thing because I felt pretty slighted when I thought I was putting forth effort for a conversation and suspected others weren’t at all participating but instead routing in their bots. I feel better knowing you’re genuine.

          • AWistfulNihilist@lemmy.world
            link
            fedilink
            arrow-up
            5
            arrow-down
            1
            ·
            6 days ago

            I’m not, why would you accuse someone of being an LLM if you lack the understanding on the topic to make that judgement. The comment you accused of being from an llm was pretty clear, I’m not every sure what you were responding to making that accusation. It must that the accusation was an emotional one because you made the mistake of “feeling slighted” over a totally mundane explanation you asked for.

            Frankly your posts in reply to most of these comments looks both stilted and robotic with an overall lack of understanding of the material you are replying to. IMO that looks like an LLM someone has sent to collect information and provide the consensus back to the user?

            Are you sure you shouldn’t disclose anything?

      • 🇰 🌀 🇱 🇦 🇳 🇦 🇰 🇮 @pawb.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        7 days ago

        They could see what programs are on your machine without being kernel level. Even non-kernel level anti cheats generally detect and ban you simply for having CheatEngine, a hex editing tool that is basically GameGenie for PC, installed. Some even flag AutoHotKey as a cheat if it’s installed. They don’t even have to be running; just installed.

        • FiniteBanjo@feddit.onlineOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          7 days ago

          Whats your source on that? IDK much about Linux, tbh, which is why I’m asking, but if it were still in Windows then as an example RuneScape which runs a version of EAC, which is in this case not kernel-level, cannot detect AHK because I used to use it for skilling mouse-button macros a few years back to make the multi-hour grinds more bearable. Now, they COULD still detect bots who make clicks by analyzing timings and preciseness, but it clearly wasn’t enough to prevent them because botting was and presumably still is a serious issue.

          • Just because it doesn’t flag AHK as a cheat doesn’t mean it can’t detect it. Most games don’t flag it. But every once in a while, they do. VAC isn’t kernel level, but a fuckton of games using it will flag and ban you for having CheatEngine. The original MW2 back in the day, which used VAC, banned people for having AHK installed.

            • FiniteBanjo@feddit.onlineOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              7 days ago

              Oh they definitely consider it cheating, they have banned users for using it in the past and the official written policy says “1 button 1 input”.

              As for VAC, I haven’t personally had any issues with them, either, what year did they change the policy?

              • RuneScape has not banned anyone for having or using AHK in and of itself. They have rules on macroing and unattended automation (ie botting). Their rules on the 1:1 input are specifically with mouse clicks; other buttons are fine to macro.

  • UntimedDiffusion@piefed.zip
    link
    fedilink
    English
    arrow-up
    7
    ·
    7 days ago

    Supported kernel level anti-cheat (EAC and Battleye) are not actually kernel level under proton on Linux. They run only in userspace, which makes them less “effective” than on Windows. However, you said yourself that wine are proton are not designed to be secure, and while I’m far from a professional who can point to anything specific, I’m sure that there’s still plenty of non-kernel-level info that they’re able to suck up and send back.

    • FiniteBanjo@feddit.onlineOP
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      4
      ·
      edit-2
      7 days ago

      Yeah! Exactly! I just wish somebody could tell us more concretely what information they’re capable of gathering.

  • _‌_反いじめ戦隊@ani.social
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    7 days ago

    Symbolic links are like Windows shortcuts. You shortcut an address and it takes you there.

    The problem comes in abusing both, where a shortcut takes you, and how shortcuts are assigned.

    When programming for security, you never use shortcuts, as they are extremely easily to manipulate. Thus when Proton symlinks, it insecurely references files and utilities, which can allow espionage to be performed without your ability to trace it.

    It’s not that shortcuts are espionage, but they make espionage easier to perform.

    • FiniteBanjo@feddit.onlineOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      7 days ago

      Listen, that’s cool and I agree with you 100%, but the bigger (or at least more immediate) issue here is those shortcuts being used as intended to spy on you because EAC and BattlEye are spyware.

      • _‌_反いじめ戦隊@ani.social
        link
        fedilink
        English
        arrow-up
        6
        ·
        7 days ago

        then you have several choices:

        • decomile the game, resecure it, and release it for the community to patch.
        • acquire the source, clean room it, release as not-those-games
        • support libre source games
        • uh chop chop
        • diy point 3!

        etc.