I mean...you can play roblox and lots of other multiplayer games using a browser client...Godot and Unity and stuff all compile to web nowadays, right?
So I checked out "roblox" and they don't really check anything, which allows a serious problem with hackers. For instance, in "Prison Life", people can do things they aren't suppose to do like walk through walls, levitate, or just kill anyone on the server, even if they can't see them, out of range, wall in way. ect. Roblox games are a joke. And they can't really fix the problem because they have to let the client do a lot of the work due to the long latency of TCP.
Typical UDP latency (round trip) is around 300 msec with no increase in time even with high data loss. With TCP, this immediately jumps up to 900 msec and can reach 1.5 sec with even small data losses. So imagine you are playing a game that uses TCP and shoot someone. What you are shooting at is where that person was about a second ago. Unless, they are just standing still, you should miss. What the designers do though is just allow you to shoot at the target on your screen. If your client says it is a valid hit, then it reports to the server that it had a valid hit. Otherwise, TCP games would be unplayable. Even with UDP, where your attack is compared to the current location on the server, this gives player that live near the server a huge advantage. That is why you see people jump around like idiots so much in PvP games. They are taking advantage of latency.
There is a trick for sending UDP over TCP, but it requires a bunch of connections per person. Basically, you rotate through connections, so no connection ever gets backed up. However, this has it's own problems. I asked Deepseek AI (about 30 IQ points smarter than ChatGPT) about switching from UDP to TCP and basically got this answer. Here is part of it:
UDP (Current): Your router acts as a stateless forwarder. It has a simple NAT rule that says: "Send any incoming packet on port X to the internal IP of my server." It doesn't care about "connections" or "sessions." It just moves packets. This is very lightweight for the router's CPU and memory. 30,000 different clients sending intermittent packets is trivial for this process.
TCP (Proposed): Your router must become a stateful firewall/NAT. For every single TCP connection from an external client to your server, the router must:
Track the connection: Create an entry in its NAT table / connection tracking table (conntrack in Linux). This entry remembers the tuple: (Client IP, Client Port, Your Public IP, Server Port, Server Internal IP, Server Port, TCP State).
Manage the state: Monitor the TCP handshake (SYN -> SYN-ACK -> ACK), track sequence numbers, and properly tear down the connection (FIN packets) or time it out. Perform NAT translation: Rewrite the IP headers for every packet in both directions.
This "state" is the problem. Every one of your 30,000 concurrent TCP clients will consume a slot in your router's connection tracking table and require a small amount of CPU for state management.
Will Your Router Handle 30,000 Concurrent TCP Connections? Almost certainly not with a typical consumer or prosumer router.
Actually, it is worse. Remember, UDP over TCP requires using multiple channels. A packet is sent every 16 msec. If you can trick the TCP channel every 500 msec to reset, then you would need about 30 channels to do this hack. So 30,000 clients would be 900,000 TCP channels at full load. Even gaming routers can't handle this. You would need a high end industrial modem/router. Besides, I am pretty sure my ISP wouldn't know what to do if I replace their modem/router with one.
Even popular games like "World of Warcraft" and "Path of Exile" use UDP for time sensitive data. You can't play them in a browser. And honestly, most people don't care if you cheat in WoW.
This being said, I see that people are getting afraid to play compiled games. Maybe HTML5 is the way to go. It is impossible to fix something like Nythyria, but I can plan my next game to work with HTML5. Maybe a Dogecoin based dungeon game that uses a rogue type system combined with an auto battler using isometric graphics. Latency would be a total non-issue.
