No, I think it's more along the lines that they aren't fully certain and don't want to spread false information around, or us end users are just missing something in the concept that prevents this from happening.
I'm fairly certain someone else has asked these questions and are for sure why this wouldn't work. I just wanna be in the know. lmao
--------------------- MERGED ---------------------------
See, that's waht confuses me. From what I'm reading here, the server doesn't give two shits about WHAT cert it's receiving, so long as the cert it obtains from the Switch is a valid cert for the game it claims to be playing.
For example: If I borrowed Overcooked without owning it, requested to go online and instead, sent the Fortnite cert that is clearly obtained by my Switch from the eShop, how will the server know that I'm actually NOT playing Fortnite? The cert it received is valid, matches everything my Switch claims to be, the only outstanding issue is the traffic the device sends because the traffic is obviously not Fortnite. So unless they're reading all the traffic my Switch sends to the Fortnite servers (which aren't owned by Ninty), they can't detect what I'm playing.
Now I could see this being different with first party games. I imagine what may be happening is that when I send in a request for a token for say the new Smashbros (that I bought digitally, legally), but want to play Super Mario Party instead, it confirms my cert, but instead of sending me to the SMP servers/P2P matchmaking server, it sends me to the Smashbros servers, notices the different in data/traffic being received and bans my console for trying to be slick.
This is all hearsay though. I'd like to hear it from
@SciresM.
EDIT: You know, now that I thinka bout it, he did mention that there was a ton of data whose purposes were unkown. It coudl be that the Switch may be sending up logs of the programs it runs to coincide with the token request to help validate the request itself. Using the Fortnite example from earlier. I tell Ninty that I want to play Fortnite (when in reality I'm wanting to play Overcooked), so I send the request, along with logs, game data, etc to prove I'm actually playing Fortnite, but what they get instead is data relating to Overcooked. They compare to the request, notice it's wrong, and ban me to hell and back.