While I'm personally not affected by cheaters since I play only offline (too glitchy Internet) it's somewhat annoying to keep reading the same extreme statements over and over. It's not as black and white as some people try to make it. Examples:
"It's not a problem, just don't play with cheaters".
It's not that easy. What if someone used only slightly modded items? Only dupes of originally legit items? What if all that the player is carrying/trading in themselves are legit items, but were farmed using modded gear? How can you tell? Where would you draw the line? Just because YOU don't care or see a problem, it doesn't make it a non-real problem for others.
"People should be allowed to play the game any way they see fit, including cheating."
True - offline. Cheat online and you are taking away the right for others to play the game they want. This (legit) way also happens to be the way the game was intended to be played, so that wins by default.
"Nothing can be done about hacking/duping; allow offline/USB save and there is no point in even trying"
While it's true that trusting the client for securing data ultimately breaks all security in a fundamental way, it does NOT mean that nothing can or should be done. Here are a few examples of countermeasures I pulled out of my rear right now, I'm sure much more sophisticated methods that can be figured out by security experts.
First of all, PS3 saves are normally encrypted. I haven't bothered looking at the Diablo III save file, but I'm confident this is encrypted also since this is done by the PS3. I know nothing of xbox but I'm sure there is a similar mechanism in place.
This means that you can't just take a hex editor, open the save file and expect to see data that makes any kind of sense, nor alter it in a meaningful way. If you hex-edit an encrypted save file on random, it will not load back into the game (it will be corrupted). There are ways to decrypt save files. They can then be edited and later re-encrypted and re-signed. How difficult the actual editing part is depends on the game (possible custom encryption applied by the game, CRC checks etc).
My point is: It's non-trivial to edit the game saves. It's possible if you are willing to learn how to do it, and it can be a very interesting excersize in itself, but I dare say it's NOT the same people running around in the actual game with modded items that create the actual modded save files. At this point it's fairly safe to assume it's not the actual modders that are the problem, but the dupers (of both legit and hacked items)
So what about duping? Same problem - trust the client, and there will be problems. It will be hard to completely eliminate this, but not that hard to make it be a so small problem it can be ignored:
- From what I read here there are hacked save files with insane gear you can just download and use (trade them to your normal chars I guess?). Blizzard of course have these save files as well. These items are probably the ones being circulated, with little variation (but correct me if I'm wrong). Hashes of all these known and widely circulated items should be made and stored on the servers used for online play.
- Update the game in the next patch so that it creates hashes of all items when a player goes online, and upload the list to the server. Compare hashes against known hacked items (above). Refuse online play while known hacked items exist in the players profile. Just removing the offending items is another option, but that is more extreme and could in theory hurt innocent people (hash collitions for example). This alone would solve most of the problem. It's basically a "virus scan" approach so it would be an arms race, but clearly doable.
- More advanced, but same basic concept: Look for objects in general with identical hashes while people play online, and take reasonable action when identical objects are found on two or more players at the same time. This would take more game server resources, but it would kill duping of both "legit" and hacked items.
- A completely separate approach: When an object is first created (dropped as loot or crafted), tag the object with something traceable. PSN account ID comes to mind in the case of PS3. When an object changes owner (traded, or dropped and picked up by someone else, add the new owner's ID after the first one, and so one. This makes an object traceable backwards and would make it possible to detect the source of mass-duping or hacked items. (Who knows - perhaps this, or someting similar, is already in place and suddenly mass banning from online play will happen? Sony has been known to completely disable PSN accounts for people running modified PS3 firmwares for example... I would not feel 100% safe using modded gear myself - especially if I didn't mod it myself...)
All of the above methods can be circumvented by a person with enough motivation and knowledge, since trusting the client / physical access ALWAYS is an ultimate fail if someone REALLY wants to break security. However, these (quite few) persons with both the skill and motivation are not the same people running around ruining other players' games. I am fairly certain of this. So, please stop it with the "nothing can be done so let's not even care or try". Either surrender completely and ship the game with a character editor + world editor (hey that would be fun actually ;) ) or at least stop the 99% than can be easily stopped.
Sorry for the tl;dr post btw ;)