Thursday, June 05, 2008

DRM (your e-mail)

Thanks for the e-mail you guys sent in about DRM.

I've tried to collect your thoughts into categories, and I'll discuss those shortly. First off, though, is an e-mail from someone who wishes to remain anonymous, and it's a short explanation of how piracy works today:
First of all, it's absolutely a one-to-many relationship like you said in your blog, as it's always been. It's not normal people who are cracking games, but rather a talented and dedicated team of crackers and testers.

Most groups have stayed together largely unchanged for five years, and in some cases, decades. They have established connections to people working at stores or, occasionally, duplication plants, as well as to many FTP sites (explained later). They're frequently composed of some of the best programmers in the world, as they have to decompile and work around thoroughly booby-trapped software in assembly language under a short deadline. The groups are really competing for respect: who can pull it off, in a complete and working manner, in the shortest amount of time. Amusingly, these groups always buy their games, and often multiple copies, because they have to study the copy protection in action, usually with multiple crackers working at once, and have to verify their cracked version works exactly like the original.

Once cracked, the group releases it to a set of very fast, very private FTPs known as topsites. Users on these sites test out all releases and can 'nuke' any releases that don't meet a set of agreed-upon standards.

Next, couriers (essentially, trusted intermediaries who keep a barrier between high-level groups and more general non-vetted users) transfer files from topsites to dumps, another type of FTP site which is sort of a warehouse for all sorts of pirated releases, with massive amounts of storage. Dumps are where every other type of release comes from, as it takes only a modicum of knowledge and credibility to gain access to one. BitTorrent, IRC, web, pirated discs on the street are all one step away from dumps.

Most release groups actually hate BitTorrent, as the releases they've slaved away at are often renamed, have passwords, ads or viruses added, and have their NFOs (small text files giving release information and group credits/notes) stripped out, thus essentially stealing or mangling the respect they've earned...

The only game in recent memory that has avoided being cracked within a week or two of release was Splinter Cell Chaos Theory, which took over a year for a working crack that didn't require some incredibly esoteric tricks.

...Statistics are impossible to compile; the only rough method would be to check a torrent search engine that scans multiple trackers, like isoHunt, and compare that to NPD and other sales numbers. The major flaw is that numbers constantly fluctuate, and many torrents are downloaded via private sites, where the most serious downloaders are and where the highest speeds can be obtained. This also doesn't include other methods, such as IRC, FTPs, Usenet, and single downloads that are then burned off and shared by hand. Even numbers like the number of fake keys that are tried on official servers are incredibly unreliable, as people will try many different keys in the hope of hitting on one that's legitimate.

That's one of the most concise descriptions of how piracy works that I've ever read, so thanks to Mr. Anonymous. He also very clearly points out how difficult it is to compile statistical information about piracy. The fog of war is very high here, and for publishers, making decisions without precise data is extremely difficult. Without accurate data, it's also very, very easy to believe the worst.

If I'm a publisher, I understand the temptation. As a consumer, my perspective is that since only a small percentage of legitimate purchasers (I believe) are stealing, it's unfair to subject us all to frequent security checks. From the publisher's perspective, though, the percentage of paying customers who steal is totally irrelevant. The number that matters to them is the percentage of all people who have the game who have stolen it.

JL sent me a link to a Gamasutra article about piracy that does an excellent job of illustrating how confusing and difficult it can be to both measure and combat piracy. A casual game developer concluded that 92% of the people playing their game stole it, yet also concluded that for every thousand pirated downloads they stopped, they only generated ONE additional sale of the game.

Do I consider this article definitive? No, of course not (it's a casual game, the methodology can be criticized, etc.), but no method of measuring piracy rates is going to be definitive, and that's part of the problem. How do publishers control something that they can't even measure?

Now let's look at what you guys said about DRM in general.
1) when you buy something, it should stay bought
Buying a product that requires some kind of authentication is a potential nightmare if the authentication system goes away. I was surprised by how many of you said that you had played a particular PC game for five years or more, spanning multiple operating systems and ten generations of graphics cards. What happens five years from now when a game requiring online authentication can't be verified because the publisher has gone out of business and the servers are no longer functioning?

I understand that if I subscribe to a service like Gametap, my access to the games they offer depends on their continuation as a going concern. If I buy a physical disc, though, I expect that purchase (and access to that purchase) to be permanent.

2) Starforce has poisoned the well
Back when it was a going concern, Computer Gaming World investigated Starforce and demonstrated that it slowed down optical drives over time. This was after repeated and heated denials by the developer that any issues existed.

It was around this time that the Sony rootkit fiasco was exposed. Yes, that involved music CD's, but Sony is a major player in copy protection for gaming (SecuROM).

At that point, I think it's safe to say that someone had poisoned the well, so to speak. Now, whenever I install a game, I wonder about the DRM application and what it's doing to my system. My trust level is zero, basically, and based on my e-mail, so is yours.

I'm surprised that publishers don't understand this. I've written this before, but if an application is going to be installed on our systems, it should be clearly explained, and it should also be clearly explained what that application is doing and when it's doing it.

It's a tricky balance for publishers. As consumers, we want transparency, and I don't think that's unfair. For publishers, though, transparency might well reduce the effectiveness of their authentication schemes.

3) Stop sticking your finger up our ass
Not our literal ass--I'm talking about our computers. You guys are very uncomfortable with having DRM applications installed on your systems. These applications generally get installed outside the game directories, their locations are often hidden, and they're frequently not uninstalled when we uninstall the game.

When I buy a console, I understand that a copy protection scheme is built into the hardware, and that additional authentication may occur whenever I go online. But I don't use my console as a productivity machine--it's purely for entertainment. The idea of having multiple DRM applications installed on the device that I use several hours a day for e-mail, writing, and other non-gaming applications is a problem for me. When are these applications running? When do they load? How much of my system resources do they require?

So I spent $50 on this game, and now something gets installed on my system to verify that I didn't steal it? From a consumer standpoint, that just doesn't work.

Do I advocate or support piracy? No, absolutely not, and if you've read this blog for any length of time, you know that. Stealing a game is 100% wrong. With only extremely rare exceptions, I like and respect every developer I've ever corresponded with--they're smart and funny and tremendously creative, and I want them all to be very rich. That's why this is such a messy issue, because being totally against piracy doesn't mean an absolute endorsement of the methods publishers are using in an effort to reduce piracy.

Is there a middle ground between publishers and consumers? Yes, but no one seems to have found it yet.

Site Meter