My Thoughts on Vanguard and Why I Won't Play LoL Anymore

1 May 2024

As some of the people who know me should know: I am a gamer. In particular, I have played thousands of hours of League of Legends in the past decade and some.

Today Riot Games (the company behind League of Legends) started forcing people to install Vanguard in order to play the game. It has been a long time coming and I wanted to take the time to post my thoughts about the situation somewhere.

Let me take you through what Vanguard is and why I think it's not a good idea to install it. I will also talk about how Riot Games have tried to defend their decision and touch a bit on the silencing campaign that is currently happening on Reddit.

What is Vanguard?

To understand what Vanguard is, you need to understand what a kernel-level anti-cheat (also known as anti-cheat driver) is. It's a type of anti-cheat software that runs with elevated privileges on your computer. Without going through too much detail, this means that it is allowed to do actions that most other programs are not allowed to perform (such as inspecting the computer memory, even of other programs, sniffing network traffic or analysing connected devices). I would invite the more curious among yourselves to search the terms "kernel-level anti-cheat" to get more details. I can also recommend a few links that talk about what they are and why they are a risk:

• What kernel–level anti–cheat is and why you should care
• According to experts on kernel level anticheat, two things are abundantly clear: 1) It's not perfect and 2) It's not going anywhere
• Every game with kernel–level anti–cheat software
• Why You Should Reconsider Playing League of Legends: The Risks of Kernel-Level Anti-Cheat Software

This last link probably spoils some of what I am about to write in here but I will aim to give it my own spin.

The second thing to understand is why Vanguard is different from most kernel-level anti-cheat: Vanguard starts at computer boot and cannot be disabled without reboot. This means that even when you are not playing League of Legends, it could be lurking in the background.

The reasons I am against Vanguard

Privacy

The number one and the most obvious reason for me is Privacy. By their nature, anti-cheat software are hard to audit (because the less people know about what they do, the harder it is to cheat). Which means that I would be installing a piece of software which has an insane level of access to everything I do on my computer when I can't even easily make sure it's not doing something it's not supposed to.

You may argue that Riot Games would probably be in a lot of trouble if they were to steal data they are not supposed to. There are a couple issues with this line of thinking:

• It's hard to prove, hard to prosecute and could be going on for years before anybody notices which means the damage would already be done
• I don't even know which data they are "supposed" to collect, how do I know if I want them to have it? I would also note that they already suffered data leaks in the past which means I would expose even more of my data to that risk

This last point brings me naturally to my second concern...

Security

Any piece of software has flaws. The more privileges a piece of software has, the more dangerous those flaws are. By installing Vanguard, I would basically be opening myself to a new possible attack vector. This is not me being paranoid, there is precedent! Take this Genshin Impact example! It's not just about an attacker stealing data from Riot, it's about the software itself being vulnerable.

On top of that, Vanguard shares a lot of traits with a rootkit which is typically not good news.

Casual Play

I am a casual player. The stakes of my games are not that high. I understand wanting to protect competitions with prize money and glory, but imposing the system even on casual players seems completely over-the-top for me.

It is always on

This is probably the nail in the coffin for me. If I could turn it off, I could probably decide to create a separate profile on my computer where I only play League of Legends and where I would enable Vanguard. The fact that I can't do that (because it starts at computer boot!) means that the only solution for me to isolate my gaming from the rest of what I do on the computer, would be to purchase another computer or install/uninstall LoL every time I want to play, both of which are just way too annoying or costly for the sake of one game.

Edit: it has been brought to my attention that you can disable Vanguard without rebooting. That doesn't change the fact that you need to reboot to re-enable it and that you would need to make a conscious effort to enable/disable it which is easy to forget. I'll also note that it still makes me uncomfortable with the fact that it can spy on everything I do from startup which means I'll feel less free with what I do during gaming sessions (like read emails or other things).

Riot's attempt at a justification

Warning: this is likely to turn into a bit of a rant but I was quite annoyed at some of the arguments Riot tried to use to deal with the PR debacle and I don't think they are being fully honest.

They published a very interesting article: /dev: Vanguard x LoL where they explain in details why they need anti-cheat software (I agree) and why it needs to be in the kernel (I don't necessarily agree with that, especially for casual play). I will gloss over the question of whether or not this is really a sustainable way to combat cheats as I am not an expert (even though I can already imagine a few solutions to go around this kind of software...).

Here are a few extracts I find fallacious, with my comments:

Anti-cheat drivers are not new, and we didn't invent them. The purpose of our driver component is not to collect more information—we can already see everything we need to from user-mode.

Everybody else doing it should never be a justification, and the fact that the stated goal is not to collect information doesn't mean we can really trust that's the case in practice.

Why is it always on?

Vanguard is not really "running all the time." The driver loads at boot, but nothing is making calls to it, and there's no network connectivity until you run one of Riot's games.

Again, stated intent vs reality. While we're at it, some kernel module lying dormant until triggered is also what most malware tries to be...

Q. Isn't Vanguard Spyware?

No, but I'm sure those words in that exact order are mathematically the fastest way to farm retweets. Content algorithms everywhere are programmatically addicted to the clicks the words "spyware" or "rootkit" can generate, and mathematically hunting for their next fix has steered them away from informative journalism and into a sort of faux-pandemonium that's only remarkable in its unhelpfulness.

With this one I feel a bit personally attacked, but I am sorry, Vanguard shares a lot of traits with a spyware or a rootkit, it's not that much of an exaggeration (ok this argument is very weak but I needed to get it out of my system). I'll also note that this website has no tracking, no ads, nothing. I do not care one bit how many times this is shared or how many people see it, this is meant as informational and cathartic content.

And finally, my favourite:

If Riot hasn't earned your trust, do not run our software.

This is a very manipulative sentence. The fact is, I do trust Riot to write games, they have ALL my trust to write user-space (i.e. "not kernel-space") code all they want. I do not think they have earned my trust (in terms of technical capabilities or general privacy concerns) to write kernel-level code that I can't BLOODY turn off...

Silencing campaign?

Again, a bit of a rant, but it seems like posts mentioning Vanguard on the League of Legends subreddit are getting deleted. Even the ones where people are being respectful or are just trying to discuss the subject. Reddit is supposed to be for the community, not a PR front for Riot Games. I am just a bit sad that things are going this way.

Edit: one of my friends posted this article on the /r/riotgames subreddit and...

Yup it's been deleted.

Bonus Edit

Apparently we are seeing reports of computers getting bricked! I didn't even think of this one.

Conclusion

I don't really know what else there is to say. To me this is the end of the road with Riot Games. I know plenty of people will carry on playing. I will mourn the good times I spent with my friends on the game but I can't justify installing Vanguard. I hope that reading this was at least somewhat enjoyable if not informative :)