I feel like the Steam Deck is the best proof of Gabe Newell's quote that "piracy is a service issue."
They could have easily crammed the Steam Deck full of stuff to make it hard to use for piracy - locking down everything, making it usable only to play games you legitimately own, force you to go through who knows what hoops in order to play games on it. That's what Nintendo or Apple or most other companies do.
But they didn't, because they realized they didn't have to. It's 100% possible to put pirated games on the Steam Deck - in fact, it's as easy as it could reasonably be. You copy it over, you wire it up to Steam, if it's a non-Linux game you set it up with Proton or whatever else you want to use to run it, bam. You can now run it in Steam just as easily as a normal Steam game (usually.) If you want something similar to cloud saves you can even set up SyncThing for that.
But all of that is a lot of work, and after all that you still don't have automatic updates, and some games won't run this way for one reason or another even though they'll run if you own them (usually, I assume, because of Steam Deck specific tweaks or install stuff that are only used when you're running them on the Deck via the normal method.) Some of this you can work around but it's even more hoops.
Whereas if you own a game it's just push a button and play. They made legitimately owning a game more convenient than piracy, and they did it without relying on DRM or anything that restricts or annoys legitimate users at all - even if a game has a DRM-free GOG version, owning it on Steam will still make it easier to play on the Steam Deck.
I'm an indie game developer (3 years at current company). Here's a brief summary of the anti-piracy/anti-cheat history we did -
We noticed people were uploading old versions of our games on 3rd party app stores, so we introduced a feature that makes the game refuse to start if it's on too old of a version
When we later updated the minimum SDKs, and older devices couldn't update, we had inadvertently remotely bricked a perfectly functional game on their device
To prevent cheaters from figuring out how the game worked, we removed all logging from the application
EVEN TODAY I spent multiple hours and an Uber to get my hands on a specific device that was having crash issues because whatever logs I could get remotely weren't nearly suffice to debug an issue
People were cheating Unity's IAP store, so we installed a plugin that validated IAPs.
IAPs took multiple more seconds to process, hurting legit buyers
The cheating metrics went down, but because fewer people were buying IAPs, our rankings tanked on various ad networks
Hackers were making modded clients, so we added obfuscation
This made our builds much more harder to debug, and adds yet another step in our build pipeline
Users were editing values in memory to give themselves more levels and beat the leaderboard
We manually banned them from the leaderboard. It takes like 5 seconds and happens once a week, not a big deal
Users were editing values in memory for more coins
It doesn't affect us in any way, at this point we stopped caring
For any game with online components, the "ideal" way to combat piracy or cheating is with leaving as much stuff on the server side as possible, not unlike an MMO. Anything left to client side validation will be hacked.
Zachtronics games are single-player puzzle games with online scoreboards (a killer feature tbh). They validate your scores by uploading your solution to the server and running it.
Given enough resources anything can be done. I didn't say it was gonna be easy. But I gotta say, probably easier to make "cracked" movies convenient than games.
To prevent cheaters from figuring out how the game worked, we removed all logging from the application
Why didn't you just encrypt your logs, and make your company the only one to have the key to actually read it? Or is there a risk of someone reading the data in memory before it gets encrypted and written to disk?
They can be, but at least some of the stuff the Steam Deck does (automated updates, cloud saves, specific tweaks to get it running on its hardware) would be hard to make quite as convenient for pirates for one reason or another.
I mentioned the pirate equivalent to cloud saves, Syncthing - it is absolutely great, not that hard to set up considering what it does, and I absolutely love it and it feels like magic most of the time. But it's still not quite as easy and reliable as buying the game on Steam and relying on Steam's servers for cloud saves.
(The fact that it's hard to make pirated versions reliably update automatically also means that rapid updates are one of the best ways a dev can deter pirates, at least for as long as the game remains supported. I've absolutely pirated games that are in early access and then bought them, partially because I liked the game and wanted to support the devs, but mostly because I wanted to get updates immediately and automatically rather than having to wait for it to appear somewhere and then install it myself.)