Steam Family Sharing behavior regarding SteamID must be changed.

[metita]

(Reference: https://store.steampowered.com/promotion/familysharing)

Steam Family Sharing allows to share your game between other people Steam Accounts .

Counter-Strike 1.6 is available to be fully shared (Singleplayer, Multiplayer) and you will be able to play on Community Servers without problems.

What is the real problem, your SteamID will be used when playing the game, if your SteamID manage to get banned on a server, you can just create a brand new steam account and get the game shared again with a different SteamID

There should be a way to prevent this, probably the Shared Account has to use the owner SteamID to prevent some sort of exploiting the Steam Family Sharing.

[metita]

(Not sure if Family Sharing is available to other GoldSrc games, needs confirmation).

[SamVanheer]

There is a method to return the Steam id of the app owner: https://github.com/ValveSoftware/source-sdk-2013/blob/0d8dceea4310fde5706b3ce1c70609d72a38efdf/mp/src/public/steam/isteamapps.h#L68

But it only exists on the client side, so you can't query this information on the server for a particular client.

I think this has to do with privacy since otherwise you could obtain private information about 2 users.

Family Sharing already has measures to counter abuse: https://support.steampowered.com/kb_article.php?ref=3784-QLBM-5731#VACban

But this only considers abuse that can be detected by Steam itself, not abuse that results in a ban from a server.

Perhaps it would be a good idea to make Family Sharing detect if a large number of unique accounts are given access and then revoked. I'm sure an automated system can detect a pattern like this:

1. Create new account
2. Authorize Family Sharing for new account
3. Play for period of time
4. De-authorize Family Sharing for account (following a ban from a server, for instance)
5. Goto 1

[Arkshine]

Not sure if still working, there is an old AMXX module I made which uses the steam API. Among the features, there is a forward called when a client is approved (GSClientApprove_t::k_iCallback) and the original ownerID should be passed.

[RauliTop]

But this only considers abuse that can be detected by Steam itself, not abuse that results in a ban from a server.

That's the problem for the servers of every game. Players can abuse the use of Family Sharing to avoid ban of their accounts.

That measures you linked are only about cheats detected by VAC (and we know there are a lot of undetected cheats or specific rules on the server that obviusly VAC can't detect). Probably, Family Sharing should have measures to block a player about creating unlimited accounts authorizing and desauthorizing every time they want.

[SamVanheer]

Not sure if still working, there is an old AMXX module I made which uses the steam API. Among the features, there is a forward called when a client is approved (GSClientApprove_t::k_iCallback) and the original ownerID should be passed.

You're right, i missed this: https://github.com/ValveSoftware/source-sdk-2013/blob/0d8dceea4310fde5706b3ce1c70609d72a38efdf/mp/src/public/steam/isteamgameserver.h#L275-L281

However the engine's version of this struct is different:

struct GSClientApprove_t
{
  CSteamID m_SteamID;
};

Steamworks SDK 1.20, used by GoldSource, lacks the family sharing information so it can't be implemented here. Updating the SDK version is difficult in GoldSource from what i've heard but if it can be updated then providing the owner id through an engine function is possible.

But this only considers abuse that can be detected by Steam itself, not abuse that results in a ban from a server.

That's the problem for the servers of every game. Players can abuse the use of Family Sharing to avoid ban of their accounts.

That measures you linked are only about cheats detected by VAC (and we know there are a lot of undetected cheats or specific rules on the server that obviusly VAC can't detect). Probably, Family Sharing should have measures to block a player about creating unlimited accounts authorizing and desauthorizing every time they want.

Yeah that's what i was getting at. Family Sharing needs to have anti-abuse measures built in.

[oaus]

https://developer.valvesoftware.com/wiki/Steam_Web_API#IsPlayingSharedGame_.28v0001.29

IsPlayingSharedGame returns the original owner's SteamID if a borrowing account is currently playing this game. If the game is not borrowed or the borrower currently doesn't play this game, the > result is always 0.`