Yup, “don’t tell the game anything” is slow, I’ll give you that. But anything that exists on the client can be hacked, even on a completely locked down console. People still cheat all the time with anti-cheat enabled, and I don’t expect that to change just because they put it in the kernel.
frame-by-frame determination
A couple thoughts:
can be predictive - clients already do a ton of prediction, this just moves that to the server
can run in parallel to normal game update logic
the server should have the (simplified) geometry data and can do a (relatively) cheap visibility check
The data would need to be sent a few frames ahead of time for performance reasons, so there’s risk there, but if someone can wall-hack within a few frames, that’s a good indicator that they’re cheating anyway. I’m no game dev, so I’m probably missing some significant considerations here, but it seems like this is feasible, just expensive when the alternative is a much less expensive anti-cheat service.
And I agree with your reply, this is a hard problem to solve. I just think game companies are pushing the problem onto anti-cheat devs instead of really trying to solve it themselves in a privacy and security respecting way because it’s cheaper and easier to offload a large share of that liability.