Why is it not more common to implement anti-cheat on the server instead of the client? Is that not more secure? Couldn’t the server just check what vision a player should have and not provide any other information to prevent wallhacks or maphacks? Or check how fast it is possible to move to prevent speedhacks? Aimbot is a bit harder to detect I guess but what about the other ones?
They usually use both. Client side and server side detection together.
The problem isn’t the check itself usually, but rather latency. If you shoot a player on your screen you want immediate feedback (client side), instead of waiting for a roundtrip to the server until the blood spatters.
There have been shooters where the server decides if a bullet lands. So on your screen you hit the player and then they suddenly survived. So most shooters switched to: If the client thinks it hit, it hit. Which does lead on the receiving end to running behind a wall and still dying. Overall it feels better than the alternative though.
The whole topic is pretty much game networking, it’s a balance between doing it correctly (server side, slow) and faking to get it close enough (client side, immediate, easier to cheat, unfair if the player is laggy).
Of course there are some server checks that are always easy: For example if a player teleports or moves around the map faster than possible? You can flag them for review or if it happens too often kick/ban them. As long as you’re super careful about automatic bans (bugs exist).
Client Side Prediction in combination with Server Authoritative Calculation should always be the correct option.
Basically, both the server and the client do the same calculation to see if a bullet hits. Then the server sees the client data and checks if it matches what the server calculated. If it does, then it ignores the client data and continues, otherwise it sends the correct data to overwrite the client. While the client waits for the server to check the data and send it back, it calculates the next frame based on previous server data such as previous enemy velocity, look angle, etc. The client is always slightly ahead of the server, but as long as the ping is low this isn’t a problem (depends on network data bandwidth, but usually anything below 150ms ping is not really noticeable, as the ping from your eyes to your brain processing it, then reacting to what you saw is between 150ms-300ms.)
This feels bad for players with bad ping, but it doesn’t have a negative effect on anyone else except cheaters that can no longer shoot you through walls or make impossible movements. And both of these are usually the fault of the client, as choosing a server with lower ping or simply not cheating will fix the problem immediately.
Client Authoritative Calculation, where the client tells the server the data to send other players, should never be used in a game where cheating would be a severe negative impact on the game, such as a PvP shooter.