Well, as mentioned, direct-connect based Co-op is absolutely fine, and would even be great for the true-offline mode!
No server validation is a huge selling point for that after all.
The issue is the ‘choosing who to play with’. That apsect would be severely detrimental for several reasons, and one of them is a killer-argument which has - sadly - no workaround.
The killer one is security in this case. For what you describe we would need a server-based database and a local database. Both need to communicate at this point for cross-play as either data which commonly isn’t seen for the client is sent if the hosting is local… or the data of the local machine is to be sent to the server.
In both cases we have a severe issue.
If the server has to sent to the client then this usually only server-side happening mechanic where you only get the result sent for display-measures would be allowed to be visible. This opens up a massive security risk.
And the same happens the other way around where malicious code can be re-introduced to the server-side through a client as far more varied information has to be handled.
This is a absolute no-go as EHG has no knowledge or capacity to handle this scale of security.
The second is the sheer scope of such a implementation. We’re talking here about net-code, which is known to be one absolute disaster. And in this case we would’ve a hybrid net-code as a official server needs to suddenly communicate with a local environment or the other way around. Not solely providing and giving out specific aspects of data… but full-scale communication to allow synchronization of said data properly between users.
This alone is on the scale of Cycle 2 content alone, without anything else being done. Absolutely not worth it, even if there weren’t any risk attached and the full community would be completely behind it.
The third is the potential userbase which would actually make use of said function. Which as stated is minimal. Out of 1000 people probably 2-3 would make more then small-case usage of it, which is simply not worth it to do, especially given the scope.
Well, Blizzard did the ‘old’ method there still, which is a split between the ‘potential offline’ mode and the ‘only online’ mode. The second is what you’re talking about.
This mandated constant battle-net connection, which is the issue you wanna circumvent after all, right? It’s the mandatory aspect to remove the cheating and not letting it go rampant. The downside? If you loose connection you’re kicked out and you can have significant latency issues. So we’re back to step 1.
The other option for multiplayer was ‘couch co-op’, which didn’t need any form of server authentication. This is the p2p method.
Depending on which type you player you were either ‘online only’ or ‘offline only’.
What your goal is is to combine ‘online only’ with ‘offline only’, this wasn’t present in either D2 or D3.
The closest equivalent is ‘open battle-net’ from D2 in that regard. And while beloved by players still as it allowed a lot of stuff it also was extremely dangerous for the player. We’re talking about people getting malware. We’re talking full-scale here. From white-hat simplistic stuff that’s just annoying and tedious up to becoming part of a bot-network (which is still not dangerous in itself outside of getting ISP blacklisted potentially)… but also had the possibility of spoofers included (Bye bye bank account and identity, you’re now broke and 150 scammers are now ‘you’, prime example of identity theft being possible) or outright malicious code which could directly interact with your hardware, leading to hardware failure in worst-case scenario (luckily rare).
This was a core reason as to why with more sophisticated systems and hence more security issues at more corners over time the open battle-net which solely ran on a simplistic authentification basis to secure your account itself, not your machine was dismantled. Nowadays with ‘Resurrected’ not even allowing TCP/IP connections anymore.
It’s a security nightmare which nowadays is simply not acceptable.
And remember… since you want to combine those people with the online-only players currently it would also mean that online-only is not safe anymore, meaning the whole product isn’t safe.
We don’t need another ‘this game fried my GPU!’ software debacles, this time caused intentionally through malicious code.
So:
No, the proposed option is not acceptable for any user based on basic online security measures nowadays.
But p2p through Steam’s servers is absolutely doable and not too hard to set up ultimately. Just the cross-interaction is not acceptable in any way/shape or form.