I’m making an FPS game which has a tiny playerbase (With only 40 or so people actually interested in playing it) which currently operates on Photon’s Cloud system. This means that the players can do whatever they want to their clients in order to gain an advantage over other players. I don’t feel like I can create my own server for quite a few reasons, so I was thinking about preventing cheats from being used while keeping the server setup as it is… If it’s possible.
Now, the only cheats which I’ve seen people using so far are speedhacks (which is probably because it’s so easy to do), but I want to plan ahead and stop people from being able to do it in the future. I was thinking about a system where clients watch eachother’s behaviour and block that client from affecting them if it looks like they are cheating.
For example, if client A observes that client B is moving faster than it should be, taking into account the times between client B’s movements, client A will refuse all RPCs from client B as if client B wasn’t there at all. This means that client B will eventually be blocked by all of the other clients in the session and essentially banned from it. I’m not entirely sure how well this would work and if it’s also hackable, but it lead me to wonder whether there are any proper anti-cheating workarounds for non-authoritative servers.
What do you think?
In short, yes, they do! A great current example is the structure of Bitcoin. It requires a large portion of the network to lie/cheat for it to become unstable as it too has no central authority.
This works on the simple principle that it is easy for anybody to verify anybody else. If random people are verifying you and collectively come to the conclusion that you’re cheating then you can be flagged up as a cheater to the network as a whole. As they are random, you as the cheater have no easy control over them; i.e. you can’t get your friends to help out as it would be highly unlikely for them to be included in the players verifying you. The larger the network, the more secure it becomes through laws of chance.
The large portion comes in because if those remote clients are bugged too then fake requests can potentially be verified and accepted. But at this point, the whole network is cheating anyway, and there are clearly bigger problems 
So in summary, yes, it can be done a lot like your example provided A and B are random, and there are multiple A’s for any given B. This prevents two friends logging in multiple times in an attempt to become a singular A and B pair by chance. I hope that helps and makes sense! 
Yes, my plan would be to have every player’s client watch the actions of everyone else meaning there would be multiple ‘A’ clients, all watching eachother. As soon as one of the clients steps out of line and cheats, all of the other clients in that session will essentially remove ‘B’ from their session. This would mean that the game doesn’t have to rely on a master client to kick the players since the player who owns this ‘master session’ could easily kick everyone else for no reason… Just an idea.