Valorant is the new first-person shooter (FPS) video game from Riot Games, the creators of League of Legends, Tales of Runeterra, and Teamfight Tactics. The game has already made itself notorious with Counter-Strike style of gameplay, updated graphics, very comfortable gunplay, an unprecedented amount of viewers on Twitch (1.4 million to be precise), and its anti-cheat system called Vanguard.
Riot Games is facing a controversy due to its aggressive anti-cheat system integrated in Valorant, which runs with elevated privileges on the Kernel level of your computer. For those who are unfamiliar with the terms, this means that the program starts running once you turn on the computer and holds the same, if not more, privileges as your administrator account. This means that the invasive Vanguard program can and does not only monitor what is going on on your computer while playing the game but after you’re done or even way before you decide to play Valorant. Coincidentally, Riot Games is also owned by Tencent, a Chinese corporation, well funded by the notoriously untrustworthy Chinese government.
Even if we disregard the fact that the company is based in China and Tencent is basically a state-owned corporation, the malicious users who can find a way to abuse the Vanguard system will have absolute mayhem on our computers. It goes without saying that by definition, the way that this program acts, can be defined as a “rootkit,” which as Kaspersky Labs notes “is a term applied to a type of malware that is designed to infect a target PC and allow an attacker to install a set of tools that grant him persistent remote access to the computer.”
The concerns are multiple:
- The software cannot be switched off and hence can be used as a rootkit to install programs and keep malicious users inside our systems (EDIT: due to recent developments Riot has announced that the program can be separately uninstalled while not playing Valorant, however, you’ll still have to reinstall and activate it once you want to play the game).
- The anti-cheat system (Vanguard) works in Kernel, which means that our standard anti-virus programs will not be able to detect any exploitations of the service.
- Chinese government owns 5% of market shares of Tencent and Riot Games.
- Reportedly, Vanguard is poorly coded causing performance problems (Frames Per Second (FPS) drops) for other games like Monster Hunter.
These concerns obviously raised a lot of questions in the online community about whether this company can be trusted with such power over your computer. Privacy in 2020 is not a joke. The Internet, at least the version that we use most of the time, is not built with privacy in mind as when it was being developed nobody thought that there would be so many people interacting with each other with their own personal devices, which include computers, smartphones, tablets, and other designated systems.
New Zealand is a prime example of a country that has been working on privacy-oriented laws since 1993, where they developed the New Zealand Privacy Act. This act protects all New Zealanders from the invasion of private space by other parties like businesses, government organizations, foreign companies, and so on. This includes regulation of personal information collection, source of this information, manner of collection of said information, limits of use of personal data, and limits on disclosure.
There are a lot of companies that depend on our personal information in order to make their services fair and available to all of the potential customers. One such industry that comes to mind is casinos. Heavy screening is supposedly taking place for every customer using Know Your Customer (KYC) guidelines, but all of the information provided is given by the user via their own decision. This is a prime example of handling private data. Casinos need to check the identity of their customers to prevent fraud as they are dealing with a lot of finances. Personal data leaks can lead to identity theft, which in turn can result in not only unsolicited financial transactions but even huge fines for companies involved with such individuals even unknowingly.
Valorant is a game made by a huge player, Riot Games, in eSports. This usually involves a lot of gambling as players love betting on different teams during tournaments. Due to this online casinos are becoming more and more popular with such gaming services. Until Valorant comes out of closed beta, some of the other gambling games are netting huge followings in New Zealand alone. For example, online blackjack for real money in New Zealand has gained a huge user base lately and even more during the lockdown period as people are at home with lots of free time. Some casinos have even created new privacy-oriented extensions for their users to make it even easier and safer to connect to and play on their platforms.
The regulations are there to protect the users, who can fill out a lawsuit against a company locally and work from there. However, the issue presents itself when we have an external player, as a foreign government, delving into this data using the companies that operate in their state.
Trust Riot Games, not the Chinese Government
The issue with China is simple: I honestly believe that neither Tencent nor Riot Games are interested in our personal information, however, much alike 2016 when FBI wanted to have a backdoor into every iPhone in the name of anti-terrorism (which is a noble cause obviously), Apple did not want to disclose such information to the governmental organization, more importantly, with the reputation of spying on its citizens. So Apple took the FBI to the court and fought the lawsuit there. Apple came out victorious and the FBI never got this backdoor, which could potentially be used to spy on all of us.
This is how things go in the countries where legislative systems are developed to give the companies the ability to fight government organizations in the court of law to protect their reputation, userbase, and assets.
The issue is that in China no such laws exist. The problem arises if and when the Chinese Communist Party sends one of its jokers to demand personal data of all of the players, who have Vanguard installed on their computers. Unfortunately, in China, no such laws exist to give the company ability to fight the government and deny them this information. If such a case happens – Tencent and Riot Games will have no way of denying this access to the Chinese officials.
Yes, you can find a very expensive and painful way of fighting this over the court, however, keep in mind that you’ll be doing this after the malicious users (be it government or some third party hacker) exploiting our systems have been found. Unfortunately, what’s even worse is that the anti-cheat system is installed separately from the game, but it doesn’t update as a standalone program. This means that we’ll have a running rootkit on our computers and unless we don’t forget to uninstall it if we don’t want to play the game anymore, it can still be used to attack our computers.
Paul Chamberlain, who is Riot Games’ Anti-Cheat Lead, has responded to Reddit posts where he shared the concern and stated that Vanguard is behaving in an intended manner. Even though he stated that the system does not gather or send back any information concerning the user’s system it’s still a very shady program to have installed and running on your computer. Things change and so can this statement.
In conclusion, while some of us may not be concerned with such issues the growing consensus it that Vanguard is deeply intrusive and dangerous to be had on a computer. The biggest problem is that we won’t even know if it’s being exploited for malicious intent. With additional concerns about the Chinese government – NOTE: these are people who imposed social scoring systems on their citizens – and performance issues for other games, my personal recommendation would be to avoid Valorant fully until some kind of a solution is found for the Vanguard system.
I believe that Riot Games and Tencent do not have any intent to spy on us and collect our personal information, however, there are multiple parties that can exploit their system, both legally and illegally, to bring harm to the millions of users.