Anti-Cheat, Privacy, and Fair Play: Clarifying the Facts

Hey everyone! Today, we’d like to go into the topic of anti-cheat as there have recently been concerns regarding data privacy. This is entirely understandable, especially in situations where there is limited information available and a lot of speculation.

With that in mind, we’d like to shed some light on how anti-cheat protection works in War Thunder, how it collects and processes data, and how it helps keep the game fair and enjoyable for all honest players. 

While we will deliberately avoid going into specific technical details that could be useful to cheat developers, we will outline the general principles behind modern anti-cheat systems used across the industry, including our own. We’ll also explain how technical data is collected and handled in compliance with General Data Protection Regulation (GDPR).

Let’s start with the fact that War Thunder uses a server-authoritative model, meaning that critical gameplay logic — such as physics, positioning, penetration, damage, speed, collisions, reload, and even visibility — is calculated on the game server. Even if there is an attempt to manipulate these elements on the client side, it will be ignored by the server and may additionally result in the player being flagged as a cheater.

As many of you are already aware, War Thunder also utilizes the commonly used Fog of War mechanic. This means that the client is only informed of enemy positions when they fall within the player’s field of view or hearing range.

These are fundamental yet crucial preventive design elements that must be implemented at the game development level. They form the first line of defense in online games like War Thunder, reducing reliance on anti-cheat systems alone and helping ensure a fair playing environment from the ground up.

As you may already know from our previous responses, we use a combination of trusted third-party anti-cheat solutions, which are currently Viking and BattlEye. BattlEye is a kernel-level anti-cheat that replaced EAC, while Viking is a ring-3 anti-cheat system embedded directly into the game client. Both systems are PC-exclusive and operate alongside each other. While we will focus more on the latter, the overall behavior described here reflects a common workflow shared by most modern anti-cheat software.

The client-side security module runs on your PC as an inherent part of the game and only when you are participating in an online session. It scans, among other things, Random Access Memory (RAM), including running processes and window overlays, looking for patterns (signatures) associated with known cheats or gameplay automation software. A report is generated and sent only when a match is detected, and it contains strictly violation-specific data.

The client module itself is obfuscated, and all transmitted data is encrypted. However, given sufficient time and expertise, reverse-engineering the anti-cheat module and intercepting read data before it is sent is an inherent risk that cannot be fully eliminated. To address this, detection signatures are designed to minimize the amount of data reported while still maintaining enough abstraction to avoid revealing the exact detection vectors.

In summary, Viking is a ring-3 anti-cheat embedded within the game client and does not have the privileges required to access data that would require administrator rights, as the game itself does not request such permissions. While it does not operate within an isolated environment like kernel-level anti-cheat systems, it is designed to provide effective protection with high responsiveness, focusing specifically on safeguarding the game from the cheaters.

Player reports, statistics, and server logs are regularly monitored by a dedicated team of specialists with in-depth technical and gameplay knowledge. These sources play an important role in identifying suspicious behavior and supporting the overall anti-cheat process.

Only players who are evaluated and confirmed as cheaters through manual review are subject to further action. Especially in more serious cases — particularly those involving individuals suspected of developing cheats or attempting to decompile or reverse-engineer the game or anti-cheat systems — more in-depth investigations may be conducted by the anti-cheat team.

As part of this process, and in line with our legitimate interest in protecting the integrity of the game and the experience of all players, a more detailed dataset containing the relevant data may be collected. This data is then cross-referenced with previously gathered information to identify new and valid detection vectors for previously undetected cheats.

Anti-cheat systems operating in compliance with GDPR must balance two key priorities: protecting user privacy and safeguarding the developer’s legitimate interest in maintaining a fair and secure game environment.

The data collected by Viking anti-cheat is AES-encrypted, stored on secure dedicated servers, and only accessible to authorized anti-cheat personnel. It is used strictly for the detection and prevention of cheating and other forms of unsporting behavior.

To maintain a balance of interests, some aspects of how anti-cheat systems operate are kept confidential. Certain elements of anti-cheat operations qualify as trade secrets. Revealing its detailed processing methods could compromise the effectiveness of the anti-cheat system, allowing malicious actors to circumvent existing and future detection methods. In turn, this would directly undermine fair play and put the time, effort, and investment of legitimate players at risk.

To provide you more clarity, here is an overview of how long different categories of data are stored:

• Data on which a ban decision is based, or data directly related to cheat development, is stored indefinitely to ensure the effectiveness of our anti-cheat measures. In the event of account deletion, all anti-cheat related data is subject to either anonymization or pseudonymization, depending on the circumstances of the individual case. This depends on whether the data may be required for future cheat prevention purposes.

• Data collected through signature matching that does not result in a ban is automatically deleted within one year.

• Data collected from players suspected of cheating or cheat development — but ultimately deemed irrelevant — is automatically deleted within three months, and often sooner following the completion of the investigation.

To provide basic context, cheats can generally be categorized into three groups: internal, external, and DMA-based. This reflects how cheating methods have evolved over time, with each category introducing increasingly complex techniques designed to evade detection.

As some veteran players may remember, we previously used an internal anti-cheat system prior to the introduction of Easy Anti-Cheat (EAC). Its primary objective at the time was to counter increasingly common, but relatively easier to detect, internal cheats by scanning memory associated with the game.

Easy Anti-Cheat was introduced to War Thunder in 2019 to address the growing number of external cheats.

Back in 2023, a key challenge was the prevalence of automation bots and cheats, with monthly ban waves averaging no more than 300 banned users per month. Recognizing our shortcomings in this area, we expanded our dedicated anti-cheat efforts by hiring additional staff focused specifically on this problem, and by strengthening cooperation with anti-cheat providers like Viking to ensure even better protection  of Gaijin titles.

Early results became noticeable starting from November 2023, with 4,139 bans issued. This marked the first Fair Play report to surpass the 1,000-ban milestone with over a 1000% increase of issued penalties, followed by even stronger results in the subsequent months: 6,818 bans in December 2023 and 9,569 bans in January 2024. 

In December 2024, the outdated Kamu EAC version was replaced with BattlEye, further strengthening our anti-cheat toolkit in the ongoing battle against cheating. We continue to step up our efforts to combat cheats and unsportsmanlike behavior, aiming to maintain strong detection coverage against publicly available cheats and automation bots while keeping infection rates low. We also continue to regularly inform the community about progress through our Fair Play reports, with over 20,000 cheaters and bots banned in the last five months alone covered by 3 previous Fair Play reports.