EAC in a social VR game creates more problems than it solves

https://feedback.vrchat.com/feature-requests/p/eac-in-a-social-vr-game-creates-more-problems-than-it-solves

This article was written by knah, not me. See A critique of VRChat

knah

Soo... The long blog post, praising EAC as a silver bullet that solves everything. Except it isn't, and the only thing it actually "solves" is wholesome modding.

Here's simple facts:

Most games that use EAC (or other anti-cheats) still have cheaters. For VRChat, this means that malicious mods will still exist and be used to annoy people in publics.
Some of VRChat's problems (avatar ripping, crashing) have nothing to do with client mods. It's exceedingly easy to do both without mods. In fact, wholesome mods are used to prevent crashing and make ripping harder. All EAC does in this case is make people crash more due to lack of protections.
The blog post once again shifts the blame to mods for account theft. At the same time, VRChat Team soft-endorses OSC software, "as long as you can build it from sources yourself". What do you know, the same applies to most wholesome mods - they're completely open-source and safe. This is a blatant two-faced lie to spin the narrative in your interests.
Mods causing issues for creators or VRChat Team on game updates? The main source of update breakage is VRChat deliberately obfuscating their code, making mod development harder. As for creator issues, some mods also provide brand new possibilities that VRChat refuses to consider or will consider "soon" (see below).
VRChat has been historically slow at adding features. You promise mod features "soon" but people can have them now, via mods. It's very likely that "soon" in this case will be either "years", or "never" for more niche features or features that don't align with your team's grand vision. To this day IK2 is far from perfect (people still use you-know-what), avatar favorites are pitifully limited, and most mod features are not even mentioned anywhere, with their canny posts lying forgotten and buried.
You have a lot of angry people on your hands, duh.

Given that this update seemingly fixes nothing while also angering quite a few people, how about you choose a different course of action? Here's what I suggest:

Drop EAC and forget it ever existed. Same for any other anti-cheat.
Focus on actual security - not trusting the client, fixing exploits, having serverside checks. It's actual work, but it's also the only thing that has results. Not pretending that an anti-cheat solves anything.
Drop obfuscation from most of the code. It didn't stop modding and only caused issues on game updates. Mods for non-obfuscated games break way less on updates. You can keep obfuscation on parts you deem critical to security, like Photon - not that it will stop anyone, but at least it will send a clear signal.
Adapt to the reality of people modding the client. Update TOS to distinguish malicious and non-malicious modifications. Normalize talking about mods, so that most issues investigations can be safely started with "do you use any mods? If yes, try without them". You don't have to support mods, obviously, but you'll have way easier time dealing with the fact that people use them.