Riot Vanguard: Difference between revisions

Riot Vanguard

Basic Information
Release Year	2020
Product Type	Anti-cheat Software
In Production	Yes
Official Website	{{{Official Website}}}

Riot Vanguard is an anti-cheat system developed by Riot Games, initially released for VALORANT in 2020 and later expanded to League of Legends in April of 2024.

Consumer impact summary

Overview of concerns that arise from the conduct towards users of the product:

• Privacy: Vanguard is a kernel-level (ring 0) anti-cheat. It has access to everything on your computer. Riot Games is owned by Tencent which has strong ties with the Chinese government.
• Control: Users must have Vanguard running from computer startup to play any Riot games, even when not playing.
• Access: As a kernel-level anti-cheat, Vanguard has the highest level of access to your computer.

Incidents

League of Legends Implementation (April 2024)

In April 2024, Riot Games announced that Vanguard would become mandatory for all League of Legends players. ^[1] This decision was particularly controversial for several reasons:

• The requirement affected a 14-year-old game that had previously operated without kernel-level anti-cheat.
• Players were required to install Vanguard to continue accessing their accounts and purchased content.
• No opt-out option was provided for players who did not wish to install kernel-level software.
• The implementation affected all regions globally, including areas with strict privacy regulations.
• Players using Linux through Wine/Proton would no longer be able to play the game.

Concerns

Tencent Ownership and Chinese Government Ties

A major concern surrounding Vanguard stems from Riot Games' ownership by Tencent Holdings, a Chinese technology conglomerate. This ownership, combined with Vanguard's kernel-level access, raises significant security and privacy implications due to Chinese legal requirements, particularly the National Intelligence Law of the People's Republic of China (2017).

The law mandates cooperation with national intelligence efforts from all organizations and citizens. Relevant articles include:

Article 7: All organizations and citizens shall support, assist, and cooperate with national intelligence efforts in accordance with law, and shall protect national intelligence work secrets they are aware of.

Article 10: As necessary for their work, national intelligence work institutions are to use the necessary means, tactics, and channels to carry out intelligence efforts, domestically and abroad.

Article 18: As required for work, and in accordance with relevant national provisions, national intelligence work institutions may ask organs such as for customs and entry-exit border inspection to provide facilitation such as exemptions from inspection.

These legal requirements raise several concerns:

• Tencent, as a Chinese company, could be legally compelled to provide data or access through Vanguard.
• The kernel-level access could potentially be leveraged for surveillance or data collection beyond anti-cheat purposes.
• An hacker attack to Vanguard could have catastrophic consequences
• Users have no way to verify if or when such access might be utilized.
• The combination of mandatory installation, kernel-level access, and Chinese ownership creates potential security risks for:
  • Government employees.
  • Corporate users with sensitive data.
  • Military personnel.
  • Users with access to critical infrastructure.

Technical Implications

The kernel-level access combined with potential government compulsion is particularly concerning because:

• Ring 0 access provides complete system control.
• Users cannot monitor or restrict Vanguard's activities at this level.
• The always-on requirement means the system is potentially vulnerable even when not gaming.
• The software could theoretically be used as a backdoor if compelled by authorities.

Company Response

Official Statements

Riot Games has responded to various concerns about Vanguard through multiple official channels:

{Sources to be added}

• Following the League of Legends implementation announcement, Riot published a detailed FAQ addressing community concerns. They maintained that Vanguard's kernel driver is focused solely on game integrity and doesn't process any personal information.^[2]
• Riot Security Team published a technical blog post explaining that Vanguard's kernel-level implementation is necessary to detect and prevent sophisticated cheating methods that operate at the same level.^[3]

Riot Games has expressed that kernel level anticheat is becoming an industry standard, that to be able to defeat cheaters operating at the kernel level is to also be operating at the same level and that this is the only way to stop account botting, ranked boosting and to ban cheaters permanently via using hardware identifiers.

Privacy and Security Assurances

Riot Games has provided several assurances regarding Vanguard's security:

• The company stated that Vanguard's code has undergone multiple third-party security audits from independent cybersecurity firms.
• Riot maintains that the kernel driver cannot be remotely activated or modified without triggering operating system security protocols.
• The company emphasizes that all data collection is limited to game integrity verification, with strict internal controls preventing mission creep.

Community Response

The announcement led to significant backlash from the League of Legends community:

• Multiple Reddit threads reached the front page of r/leagueoflegends expressing concerns.
• Linux users can no longer play League of Legends. r/LeagueofLinux
• Players raised issues about the necessity of kernel-level anti-cheat for a MOBA game.
• Privacy advocates questioned the expansion of kernel-level software to a larger player base.

References