Riot Vanguard: Difference between revisions
added references |
→Concerns: fixed grammar |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 16: | Line 16: | ||
==Incidents== | ==Incidents== | ||
This is a list of all consumer protection incidents related to this software. Any incidents not mentioned here can be found in the [[:Category:{{PAGENAME}}|{{PAGENAME}} category]]. | |||
===League of Legends Implementation (April 2024)=== | ===League of Legends Implementation (April 2024)=== | ||
In April 2024, Riot Games announced that Vanguard would become mandatory for all League of Legends players. <ref>https://support-leagueoflegends.riotgames.com/hc/en-us/articles/24169857932435-Riot-Vanguard-FAQ-League-of-Legends</ref> This decision was particularly controversial for several reasons: | In April 2024, Riot Games announced that Vanguard would become mandatory for all League of Legends players. <ref>https://support-leagueoflegends.riotgames.com/hc/en-us/articles/24169857932435-Riot-Vanguard-FAQ-League-of-Legends</ref> This decision was particularly controversial for several reasons: | ||
| Line 35: | Line 36: | ||
*Tencent, as a Chinese company, could be legally compelled to provide data or access through Vanguard. | *Tencent, as a Chinese company, could be legally compelled to provide data or access through Vanguard. | ||
*The kernel-level access could potentially be leveraged for surveillance or data collection beyond anti-cheat purposes. | *The kernel-level access could potentially be leveraged for surveillance or data collection beyond anti-cheat purposes. | ||
*An | *An attack on Riot's Vanguard servers could have catastrophic consequences | ||
*Users have no way to verify if or when such access might be utilized. | *Users have no way to verify if or when such access might be utilized. | ||
*The combination of mandatory installation, kernel-level access, and Chinese ownership creates potential security risks for: | *The combination of mandatory installation, kernel-level access, and Chinese ownership creates potential security risks for: | ||
| Line 59: | Line 60: | ||
*Riot Security Team published a technical blog post explaining that Vanguard's kernel-level implementation is necessary to detect and prevent sophisticated cheating methods that operate at the same level.<ref>https://www.riotgames.com/en/news/a-message-about-vanguard-from-our-security-privacy-teams</ref> | *Riot Security Team published a technical blog post explaining that Vanguard's kernel-level implementation is necessary to detect and prevent sophisticated cheating methods that operate at the same level.<ref>https://www.riotgames.com/en/news/a-message-about-vanguard-from-our-security-privacy-teams</ref> | ||
Riot Games has expressed that kernel level | {{quote|We understand the decision to run the driver component in kernel-mode can raise concerns, and that some of you want to know more about the tech behind Vanguard. We can't get too deep into the technical specifics without potentially compromising Vanguard... plus we can assure you that it has been reviewed by both internal and external security experts.|[[Riot Games]]<ref>[https://www.riotgames.com/en/news/a-message-about-vanguard-from-our-security-privacy-teams "A Message About Vanguard from our Security & Privacy Teams"] ''Riot Games''. Retrieved 2024-02-16</ref>}} | ||
Riot Games has expressed that kernel level anti cheat is becoming an industry standard however no other anti cheat software is as invasive as Vanguard. Riot claims that to defeat cheaters operating at the kernel level, it is necessary to also be operating at the same level. This is untrue. They claim the only way to stop account botting, ranked boosting and to ban cheaters permanently via using hardware identifiers is to compromise your privacy despite the fact that other company's within the gaming industry whom are capable of banning bots and cheaters including hardware banning customers can do so without the need of kernel-level anti cheat detection that runs even when you are not playing their games. | |||
Riot Vanguard is the only anticheat that requires it to be running at all times. | |||
===Privacy and Security Assurances=== | ===Privacy and Security Assurances=== | ||
| Line 77: | Line 82: | ||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
[[Category:{{PAGENAME}}]] | [[Category:{{PAGENAME}}]] | ||
Latest revision as of 23:00, 20 April 2025
| Basic Information | |
|---|---|
| Release Year | 2020 |
| Product Type | Anti-cheat Software |
| In Production | Yes |
| Official Website | {{{Official Website}}} |
Riot Vanguard is an anti-cheat system developed by Riot Games, initially released for VALORANT in 2020 and later expanded to League of Legends in April of 2024.
Consumer impact summary[edit | edit source]
Overview of concerns that arise from the conduct towards users of the product:
- Privacy: Vanguard is a kernel-level (ring 0) anti-cheat. It has access to everything on your computer. Riot Games is owned by Tencent which has strong ties with the Chinese government.
- Control: Users must have Vanguard running from computer startup to play any Riot games, even when not playing.
- Access: As a kernel-level anti-cheat, Vanguard has the highest level of access to your computer.
Incidents[edit | edit source]
This is a list of all consumer protection incidents related to this software. Any incidents not mentioned here can be found in the Riot Vanguard category.
League of Legends Implementation (April 2024)[edit | edit source]
In April 2024, Riot Games announced that Vanguard would become mandatory for all League of Legends players. [1] This decision was particularly controversial for several reasons:
- The requirement affected a 14-year-old game that had previously operated without kernel-level anti-cheat.
- Players were required to install Vanguard to continue accessing their accounts and purchased content.
- No opt-out option was provided for players who did not wish to install kernel-level software.
- The implementation affected all regions globally, including areas with strict privacy regulations.
- Players using Linux through Wine/Proton would no longer be able to play the game.
Concerns[edit | edit source]
Tencent Ownership and Chinese Government Ties[edit | edit source]
A major concern surrounding Vanguard stems from Riot Games' ownership by Tencent Holdings, a Chinese technology conglomerate. This ownership, combined with Vanguard's kernel-level access, raises significant security and privacy implications due to Chinese legal requirements, particularly the National Intelligence Law of the People's Republic of China (2017).
The law mandates cooperation with national intelligence efforts from all organizations and citizens. Relevant articles include:
Article 7: All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.
Article 10: As necessary for their work, national intelligence work institutions are to use the necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad.
Article 18: As required for work, and in accordance with relevant national provisions, national intelligence work institutions may ask organs such as for customs and entry-exit border inspection to provide facilitation such as exemptions from inspection.
These legal requirements raise several concerns:
- Tencent, as a Chinese company, could be legally compelled to provide data or access through Vanguard.
- The kernel-level access could potentially be leveraged for surveillance or data collection beyond anti-cheat purposes.
- An attack on Riot's Vanguard servers could have catastrophic consequences
- Users have no way to verify if or when such access might be utilized.
- The combination of mandatory installation, kernel-level access, and Chinese ownership creates potential security risks for:
- Government employees.
- Corporate users with sensitive data.
- Military personnel.
- Users with access to critical infrastructure.
Technical Implications[edit | edit source]
The kernel-level access combined with potential government compulsion is particularly concerning because:
- Ring 0 access provides complete system control.
- Users cannot monitor or restrict Vanguard's activities at this level.
- The always-on requirement means the system is potentially vulnerable even when not gaming.
- The software could theoretically be used as a backdoor if compelled by authorities.
Company Response[edit | edit source]
Official Statements[edit | edit source]
Riot Games has responded to various concerns about Vanguard through multiple official channels:
{Sources to be added}
- Following the League of Legends implementation announcement, Riot published a detailed FAQ addressing community concerns. They maintained that Vanguard's kernel driver is focused solely on game integrity and doesn't process any personal information.[2]
- Riot Security Team published a technical blog post explaining that Vanguard's kernel-level implementation is necessary to detect and prevent sophisticated cheating methods that operate at the same level.[3]
We understand the decision to run the driver component in kernel-mode can raise concerns, and that some of you want to know more about the tech behind Vanguard. We can't get too deep into the technical specifics without potentially compromising Vanguard... plus we can assure you that it has been reviewed by both internal and external security experts.
Riot Games has expressed that kernel level anti cheat is becoming an industry standard however no other anti cheat software is as invasive as Vanguard. Riot claims that to defeat cheaters operating at the kernel level, it is necessary to also be operating at the same level. This is untrue. They claim the only way to stop account botting, ranked boosting and to ban cheaters permanently via using hardware identifiers is to compromise your privacy despite the fact that other company's within the gaming industry whom are capable of banning bots and cheaters including hardware banning customers can do so without the need of kernel-level anti cheat detection that runs even when you are not playing their games.
Riot Vanguard is the only anticheat that requires it to be running at all times.
Privacy and Security Assurances[edit | edit source]
Riot Games has provided several assurances regarding Vanguard's security:
- The company stated that Vanguard's code has undergone multiple third-party security audits from independent cybersecurity firms.
- Riot maintains that the kernel driver cannot be remotely activated or modified without triggering operating system security protocols.
- The company emphasizes that all data collection is limited to game integrity verification, with strict internal controls preventing mission creep.
Community Response[edit | edit source]
The announcement led to significant backlash from the League of Legends community:
- Multiple Reddit threads reached the front page of r/leagueoflegends expressing concerns.
- Linux users can no longer play League of Legends. r/LeagueofLinux
- Players raised issues about the necessity of kernel-level anti-cheat for a MOBA game.
- Privacy advocates questioned the expansion of kernel-level software to a larger player base.
References[edit | edit source]
- ↑ https://support-leagueoflegends.riotgames.com/hc/en-us/articles/24169857932435-Riot-Vanguard-FAQ-League-of-Legends
- ↑ https://support-leagueoflegends.riotgames.com/hc/en-us/articles/24169857932435-Riot-Vanguard-FAQ-League-of-Legends
- ↑ https://www.riotgames.com/en/news/a-message-about-vanguard-from-our-security-privacy-teams