Security through obscurity is no security at all.

Edit - this is a basic principle of security: https://en.wikipedia.org/wiki/Security_through_obscurity

If anti-cheat through obscurity worked, there would be no cheaters. The fact that cheaters exist means it does not work.

This is an all or nothing fallacy; the standard is not 100% success. It’s bit like saying “all locks can be picked, therefore they’re useless”.

That’s not what we’re discussing though. We’re discussing if anti-cheat through obscurity works, and I’m saying if it did there would be no cheaters. Instead companies have to build technology solutions that also don’t work 100% but that’s beside the point.

What next - if philanthropy worked there would not be any poverty in the world. So let's stop all philanthropic actions.

Your logic does not follow.

There are certainly less cheaters than if there were no anti-cheat methods. To use OP's example, an open source urine testing procedure would be trivial to game. The same thing goes for open-source multiplayer games.

> it would be trivial to develop protocols that evade the tests if you could do that.

If it's trivial to evade the tests, then the tests are inadequate in the first place, and should not be trusted to be accurate.

Likewise, if an anti-cheat system relies on obscurity in order to not be bypassed, then it's a crappy anti-cheat system (and, mind you, would be far less necessary if multiplayer games didn't have a fetish for trusting the client to do potentially-exploitable things instead of insisting upon server-side validation, but I digress).

And likewise, if making your policy publicly-known will result in people skirting around the spirit of that policy, then the policy is poorly-written and should be rewritten to better reflect the intent.

Security through obscurity is not security. Full stop.