• EN
  • FR

    • Sentinel

    What is Stream Sniping?

    Stream sniping is a notorious form of cheating where players exploit the live broadcasts of others to gain an unfair advantage or harass a specific player for reactions or purely for “fun”.

    The Problem of Stream Sniping

    Stream sniping disrupts the gaming experience by allowing malicious players to gather real-time information about their opponent’s strategies and locations from live streams. This not only undermines the competitive integrity of the game but also forces streamers to either stop broadcasting or resort to significant delays, thereby diminishing the interactive experience for their audiences. Traditional methods of combating stream sniping, such as stream delays and manual moderation, have proven insufficient, necessitating a more robust and automated solution.

    Why I decided to find a solution

    In 2022, a popular french youtuber and streamer launched a Minecraft server. This server was long awaited by veteran players and streamers as no server was launched by a person as popular as he is. It was an opportunity to experience the golden days of Minecraft one last time. The server launched and quickly, some streamers started to get harassed by other players. At the beginning, it was just a few players teaming up but it quickly escalated to players sharing streamers’s private infos. This streamer was at the time pulling thousand of viewers and bringing a lot of players to the server. The whole situation was unacceptable, if the server would not help, I would have to step in.

    The beginning of Sentinel

    The biggest issue with past solutions are that once a player manage to get the identity of a streamer, it becomes nearly useless. You can use delays, hide your screen, or even use a fake name, it will stop a bunch of players from finding you, but some will still go through the net, either by luck or by being really determined.

    This is why I decided to change of approach and started thinking about finding the players instead. In the way of Minority Report, the goal is to find a stream sniper before he acts by anticipating his actions. If a streamer can know if a player is streamsniping before a game stars, it will be a lot easier to leave and queue another game. Furthermore, being able to keep a record of streamsniping players can really help the moderation team understand what happened and what to do next.

    Gathering Data

    The first thing we need to do is to collect data about the players. This data will be used to calculate the probability of a player being a stream sniper. We will need to collect as much data as possible to be able to use in a lot of different ways. My first observation was that this server was made in a way that was the best for me.

    This kind of server use two architectures. In the first case, the server will have main lobbies (worlds) and sub lobbies for each game mode. In the second case, the server will only have main lobbies. Having to deal with sub lobbies is a lot of work since you have a ton of lobbies to watch. As I said, the server was made in a way that was the best for me which means it uses the second architecture with only main lobbies.

    A player that joins the server will be sent in a main lobby. If he finishes a game, he will be sent to a main lobby. The only reason for a player to leave a main lobby is to either join a game or leave the server. So watching every main lobbies garantees that any player that joins the server will be seen. There were around 7 main lobbies which means I would need to deploy around 7 bots to watch them all and that’s what I did.

    The first step was to create a bot that would watch a lobby. Anytime a player would join or leave, the server sends a packet to all clients in the lobby so they can remove or add it to their player list and anytime this would happen, the bot would log it. New players are added to a database with base informations like username, UUID, ping, rank, and so on. In theory, you could also check the last position of a player when he leaves and calculate the probability of the action he did. For example, if a player leaves the lobby next to a NPC used to start a specific game mode. It is very likely for the player to have joined a game in that mode. Obviously, he could have also left or be warped in another mode by another player.

    After this was done and working, I extended the first bot to manage the network. Not only would he do the usual tracking, but he would also track the number of available lobbies. If a lobby was not tracked, the main bot would ask another one to log in and move to the specific lobby. With this, I was able to create a bot network that would track every join and leave of every player in the server.

    Flags

    To calculate how likely a player is to be a stream sniper, we need to analyze changes in a player’s data. Each analysis will try to find a pattern that can represent a specific behavior. If an analysis is positive, it will flag the player with this specific analysis. The more flags a player has, the more likely it is that they are a stream sniper.

    For example, when the average player wants to play a game, they will queue a game, wait for the game to start, and then start playing. However, when the average stream sniper wants to snipe a streamer, they will queue a game, check if the streamer is in this game too, and leave if they’re not. And they will try this as quickly as possible to improve their chances of joining their game. In our case, it is very easy to analyze this behavior by checking how many times a player has left and join a lobby. Once this number reaches a specific threshold, we can flag the player for this check.

    Sometimes we don’t even need to do any analysis. If a player was found to be a stream sniper, it can be blacklisted and will always be considered as a stream sniper. This means a sniper, once found, will have to use another account to snipe. And in that case, you can also flags players with a recent first join date.

    Journeyman

    With all analyses done, we can now determine if a player is a stream sniper. The following problem is to tell the streamer. The simplest solution is to code an overlay, an external software that can read the game’s data through logs output and fetch data from the Sentinel API. Sadly, letting the streamer do everything and strugle to find a game is as bad for streaming as sniping itself.

    Journeyman is the name of a bot (yay, another one) with a different goal than the others. It acts autonomously on the server, looking for games that could be good for a streamer. Once a game is found, Journeyman will wait for it to be almost full. If a streamer is the last player to join the game, the probability of him being followed is almost null. A sniper can anticipate and be there before but in that case, he will already be flagged and Journeyman will look for another game. Once the game is almost full, Journeyman invites the streamer in his group and teleports him in the game, then leaves to help other streamers. One player will still be able to take the place of Journeyman, so it’s not perfect, but it’s better than 16. Now we only need to hide Journeyman. The less Sentinel is known, the more reliable it is. So hiding it from the streamer’s client is what we need to do.

    Proxy

    There are 2 solutions when you want to edit what a game client displays on a user’s screen. The first one is the most common one, mods. Mods are modifications to the game that can be loaded to add new features or change the game’s behavior. This solution is easy, but it requires the user to use a mod loader like Forge or Fabric. This could have been easy in the past as a lot of people used to use those. But nowadays, a lot of players moved to proprietary clients like Lunar Client which are clients containing their own mods and doesn’t allow you to load mods from other sources.

    The second solution is unknown from most people. It’s a proxy. A proxy is a software that acts as a middleman between the game client and a game server. By default, it only sends the client’s input to the server and receives the server’s output. However, by editing or creating incoming packets, you can modify the game’s behavior. Hiding Journeyman becomes trivial, all traces of his existence can be erased from all clients with which he interacts before packets can even reach a client. The proxy can also handle the grouping automatically, staying entirely invisible.

    Another useful feature is the ability to spoof the client’s data. For example, a streamer could play on an anonymous account, but from his point of view, he is playing with his real account. If you want to increase the anonymity, you can also spoof other players by replacing their appearance with other players. This makes it much more difficult to collect information on the stream by a malicious actor.

    Screenshot of a spoofed client POV

    On this screenshot, you can see that the account is “Oery”, has the rank “Hero”, has 100 Gems and 7,215 Cubes. These are the information the player would see if he was connected with this account. However, this is not the account with which I was connected and it would be very difficult for someone who saw this screenshot to know which account I was in reality connected with. A player could sneak into the place where the streamer is and could see which account is there. To counter this, we could also spoof the movement packets of the player to make the server not update the player’s position or even record different movements of the client of the streamer.

    The second advantage that this project has, is to be unknown from the public. I have never heard of similar projects being as advanced as Sentinel. It’s far more common to find that kind of networks made for sniping than for antisniping. If you know an account is spoofed, it becomes easier to find the real account by looking at the smallest details that would link to the original account. Someone that is not aware of the account being spoofed will never find it.

    None of these solutions are perfect, each of them will filter out a specific amount of snipers. The strength of Sentinel is the lot of all those features combined which makes it a very powerful tool. To snipe a protected player you’d need a system as advanced as Sentinel.

    Results

    Over the few weeks it has been running, Sentinel collected data of over 40,000 players. Sadly, the server died faster than I could have expected. Which means that Sentinel was more useless every day. Streamers stopped broadcasting on the server and the players started to leave. With a player count too low, it gets impossible to have queues without stream snipers since they’re basically the only players online. The server was managed very badly and after a few months of nothing happening, it finally shut down.

    A few weeks before that, the player count was so low that players thought the server was botting their player count. A lot of servers do this in order to appear more popular than they are and bring more players to the server. But in that case, people were complaining about a few bots staying all the time in lobbies. Hidden in thousands of players, the bots were nearly impossible to find but with a player count so low, they were nearly the only players online. The staff decided to ban the bots to avoid any further problems. With no streamer playing, Sentinel had no reason to stay online anyway, so following those events, Sentinel was shut down too.

    We can still find some fun facts about the collected data. First, the player with paid ranks were a very low percentage of the players, which means the income for the server was very low. Only 2 players were found with the streamer rank. Sentinel was able to find anyone. This means most streamers never logged on when Sentinel was running. And obviously, the 2 streamers were the duo getting stream sniped and still bringing players.

    Servers Accountability

    The bot network system is not a silver bullet solution to stream sniping. It is important to note that while systems like Sentinel try their best to help players, their power is very limited. In the last years, the disinterest of the server owners to protect their players has been a major issue. Servers appears with little to no anticheat or nicking system (Usually, a command to fake a username), which could be considered the bare minimum to protect players. Let’s be honest for a moment, Sentinel is very limited as it can only get data like any other player. It can’t do anything about the server itself. A server on the other hand have access to a lot of data, and it would be way more efficient and accurate to develop this kind of system on the server side. You could create differents queues, have a perfect accuracy for parties, games queued, lobbies, etc.

    In the end, Sentinel was a great project. It was a fun project to work on. Obviously, I would have loved to see it fully developed and working but still, it was a good experience.