• FEATURED

View more

View more

View more

### Image of the Day Submit

IOTD | Top Screenshots

### The latest, straight to your Inbox.

Subscribe to GameDev.net Direct to receive the latest updates and exclusive content.

# So what do you think of this DRM scheme?

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

40 replies to this topic

### #1Cornstalks  Members

Posted 27 August 2011 - 09:44 AM

Let me be the first to start off by saying I hate DRM. I abhor it. Maybe I'm being masochistic right now... Let's find out.

Let's say you don't require a product key or anything like that. Also, let's say that the program is only going to be downloaded from the Internet (because it's unlikely I'll ever make anything that gets published physically). What if we did it similar to how World of Goo did it, in that the user buys the program, gets emailed a fancy little link that has their unique purchase ID as part of the link, and then simply by accessing that link they can download the program and install it... no fancy tricks... yet.

But let's say that each game has a small, 8 byte (or however big, and possibly not contiguous) part of the game's executable or data files or something or other, that gets encoded by the server at download time with a hash of the buyer's unique purchase ID. That way, when the game connects to the interwebs to download updates and patches, it can simply check the hash value it's been encoded with and pass that along (probably hashed again) to the server, so the server can identify who it was that legally purchased that game. Nothing happens for awhile though. Maybe the first few months of the games life. But when the server sees that the same purchase ID is being used by 200 (or whatever arbitrary number) users, we can be fairly confident that they're pirated copies.

So after a month or two or three or whatever, we can get a good idea of which copies have been pirated or not. Then, in a later update, all the pirated copies get a special patch. Don't worry, it doesn't invalidate their copy or anything. I hate pissing people off because I hate being pissed off. What the special patch does is it comes up with a cute little window that says "Hey! It looks like you're using a pirated copy of the game... If you've really enjoyed it, why not buy a copy of your own so you can help fuel our army of 3 coding monkeys to continue making freaking sweet games?" And then it puts a little button in the bottom right corner of the screen that says "Buy Me!" But beyond that it doesn't really do much. More like a small encouragement to the pirates to fork over some cash if they've really liked the game (if they didn't like it that much they're not going to buy it anyway, so it doesn't make much sense to me to force them or anyone else to buy it).

Anyways, what are your thoughts on a DRM scheme like this?
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

### #2speciesUnknown  Members

Posted 27 August 2011 - 09:55 AM

Let me be the first to start off by saying I hate DRM. I abhor it. Maybe I'm being masochistic right now... Let's find out.

Let's say you don't require a product key or anything like that. Also, let's say that the program is only going to be downloaded from the Internet (because it's unlikely I'll ever make anything that gets published physically). What if we did it similar to how World of Goo did it, in that the user buys the program, gets emailed a fancy little link that has their unique purchase ID as part of the link, and then simply by accessing that link they can download the program and install it... no fancy tricks... yet.

But let's say that each game has a small, 8 byte (or however big, and possibly not contiguous) part of the game's executable or data files or something or other, that gets encoded by the server at download time with a hash of the buyer's unique purchase ID. That way, when the game connects to the interwebs to download updates and patches, it can simply check the hash value it's been encoded with and pass that along (probably hashed again) to the server, so the server can identify who it was that legally purchased that game. Nothing happens for awhile though. Maybe the first few months of the games life. But when the server sees that the same purchase ID is being used by 200 (or whatever arbitrary number) users, we can be fairly confident that they're pirated copies.

So after a month or two or three or whatever, we can get a good idea of which copies have been pirated or not. Then, in a later update, all the pirated copies get a special patch. Don't worry, it doesn't invalidate their copy or anything. I hate pissing people off because I hate being pissed off. What the special patch does is it comes up with a cute little window that says "Hey! It looks like you're using a pirated copy of the game... If you've really enjoyed it, why not buy a copy of your own so you can help fuel our army of 3 coding monkeys to continue making freaking sweet games?" And then it puts a little button in the bottom right corner of the screen that says "Buy Me!" But beyond that it doesn't really do much. More like a small encouragement to the pirates to fork over some cash if they've really liked the game (if they didn't like it that much they're not going to buy it anyway, so it doesn't make much sense to me to force them or anyone else to buy it).

Anyways, what are your thoughts on a DRM scheme like this?

Similar things have been done before, http://www.maximumpc.com/article/gaming/garrys_mod_battles_piracy_hilarity_ensues

There have been some stories about legitimate users being burned by this, and a few people (the majority of whom were never customers anyway) vowed never to buy garrys mod. Most people just thought it was funny though, especially since it involved posting one's steam ID on the steam forums and effectively admitting you have pirated the game.
Don't thank me, thank the moon's gravitation pull! Post in My Journal and help me to not procrastinate!

### #3Cornstalks  Members

Posted 27 August 2011 - 10:39 AM

Similar things have been done before, http://www.maximumpc...hilarity_ensues

Ah yes, I knew something similar had been done before in a few games, but I couldn't recall any of their names to reference them in my OP. Thanks!

Yeah, I don't think it would really increase sales, realistically. But I think there are a few fun things that could be done with this.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

### #4Yann L  Members

Posted 27 August 2011 - 11:15 AM

I think it's a good idea. But you must make sure that legitimate customers aren't affects by this. Put in failsafes and give users the benefit of the doubt (ie. apply very generous tolerance margins to your detection). Some people do really stupid things without realizing it, these may trigger anti-piracy detection even though they purchased a legal copy.

Once you are sure that you are dealing with a pirated copy beyond reasonable doubt (eg. because it is running on a known pirated product key), then have fun. You outlined a rather nice and friendly approach. I personally would go farther than just a 'friendly' nag screen. If someone stole your car, you wouldn't let him get away with it on a friendly reminder to not do it again either. Just make sure to not do anything illegal or to touch any system resources outside of your own game.

I would change the game mechanics in not so subtle ways. Blatantly put the player into impossible situations. Retroactively modify their savegames. Make the game downright unfair. When they inevitably die/lose from the artificially induced unfairness, show them a screen telling them that the game will treat them just the way they treated the developer by pirating it.

### #5Cornstalks  Members

Posted 27 August 2011 - 11:32 AM

I think it's a good idea. But you must make sure that legitimate customers aren't affects by this. Put in failsafes and give users the benefit of the doubt (ie. apply very generous tolerance margins to your detection). Some people do really stupid things without realizing it, these may trigger anti-piracy detection even though they purchased a legal copy.

Once you are sure that you are dealing with a pirated copy beyond reasonable doubt (eg. because it is running on a known pirated product key), then have fun. You outlined a rather nice and friendly approach. I personally would go farther than just a 'friendly' nag screen. If someone stole your car, you wouldn't let him get away with it on a friendly reminder to not do it again either. Just make sure to not do anything illegal or to touch any system resources outside of your own game.

I would change the game mechanics in not so subtle ways. Blatantly put the player into impossible situations. Retroactively modify their savegames. Make the game downright unfair. When they inevitably die/lose from the artificially induced unfairness, show them a screen telling them that the game will treat them just the way they treated the developer by pirating it.

Hehe that sounds fun. I was thinking of (depending on the game) an additional level where you can't finish it if you've pirated it, and it rains fecal matter on you or something like that. But messing with the game mechanics sounds like a lot of fun... reversing gravity occasionally... and screwing with their saved games... now THAT sounds fun haha.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

### #6DarklyDreaming  Members

Posted 27 August 2011 - 11:40 AM

Warning! Pirated game copy detected! Precision tactical nuclear strike incoming - goodbye!
"I will personally burn everything I've made to the fucking ground if I think I can catch them in the flames."
~ Gabe

"I don't mean to rush you but you are keeping two civilizations waiting!"
~ Cavil, BSG.
"If it's really important to you that other people follow your True Brace Style, it just indicates you're inexperienced. Go find something productive to do."
~ Bregma

"Well, you're not alone.

There's a club for people like that. It's called Everybody and we meet at the bar."

~ Antheus

### #7Amr0  Members

Posted 27 August 2011 - 11:47 AM

But you must make sure that legitimate customers aren't affects by this. [...] Just make sure to not do anything illegal or to touch any system resources outside of your own game.

What defines illegal? Well, the law of course, but what does the law say about this? Is it illegal for a game to invalidate itself? Is it illegal for the game to install a system-wide startup "reminder" for the thief that greets him whenever he starts up his computer? Also, can't a game developer have the game do all sorts of nasty things when piracy is detected and argue that it's only the pirated version that does those things while the official version doesn't do them? He certainly should not be held liable for the damages caused by using anything other than the original game.

A thought I had earlier was to have the game, upon piracy detection, randomly pick a considerable number of user files, encrypt them, tell the user about it, then sell a separate utility that decrypts them! The decryption utility has to have the trollface icon

### #8Cornstalks  Members

Posted 27 August 2011 - 11:56 AM

But you must make sure that legitimate customers aren't affects by this. [...] Just make sure to not do anything illegal or to touch any system resources outside of your own game.

What defines illegal? Well, the law of course, but what does the law say about this? Is it illegal for a game to invalidate itself? Is it illegal for the game to install a system-wide startup "reminder" for the thief that greets him whenever he starts up his computer? Also, can't a game developer have the game do all sorts of nasty things when piracy is detected and argue that it's only the pirated version that does those things while the official version doesn't do them? He certainly should not be held liable for the damages caused by using anything other than the original game.

I think I'd have to disclose that kind of behavior in the EULA though, seeing as that capability would come from me, the developer and updater, and I'm afraid that would scare the honest users more than deter the dishonest users.

A thought I had earlier was to have the game, upon piracy detection, randomly pick a considerable number of user files, encrypt them, tell the user about it, then sell a separate utility that decrypts them! The decryption utility has to have the trollface icon

If I wanted to be a dick, that definitely sounds like a brilliant idea! I could create a bank of keys, and allow the program to pick at random from a set of public keys, but reserve access to the private keys and sell access to the needed private key, depending on the public key used. That's just evil though, and I think that'd backfire really, really badly. But I'd love to see someone do it so I can have a good laugh.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

Posted 27 August 2011 - 12:56 PM

Since you are already talking about being online, why not just have a username and password at startup? If you have a server that validates user name and password and then flips a switch to "person online" then why do all the hash stuff. My idea to do a drm is something like this:

Usually a person break key codes by typing them in and breaking into the executible code to crack keys. They know where to do this cuz usually it says "wrong product key" and pops a dialog up. Instead of doing that you could just let the code go, but the server returns a random number somewhere which would be used something like an extra division that should be 1.
random_number = 8240
server returns 8240 after verifying user/password. If user/password is wrong it will return something thats not 8240
draw3DObject(random_number/server_return) // would draw verts*1 vertices

if the server returns 1680, then it would be .5, so half of all 3d models would draw, and so on. So the user theoretically does not know how to break your code, cuz they dont know where to look in your exe, because no verification dialogs pop up and they cant just rip out that code check, because there is no IF code check. And you could continually do this throughout the game and request that number back from the server, so its partial validation but instead it just f's up the whole game to unplayable.

### #10Cornstalks  Members

Posted 27 August 2011 - 01:53 PM

Since you are already talking about being online, why not just have a username and password at startup? If you have a server that validates user name and password and then flips a switch to "person online" then why do all the hash stuff. My idea to do a drm is something like this:

Usually a person break key codes by typing them in and breaking into the executible code to crack keys. They know where to do this cuz usually it says "wrong product key" and pops a dialog up. Instead of doing that you could just let the code go, but the server returns a random number somewhere which would be used something like an extra division that should be 1.
random_number = 8240
server returns 8240 after verifying user/password. If user/password is wrong it will return something thats not 8240
draw3DObject(random_number/server_return) // would draw verts*1 vertices

if the server returns 1680, then it would be .5, so half of all 3d models would draw, and so on. So the user theoretically does not know how to break your code, cuz they dont know where to look in your exe, because no verification dialogs pop up and they cant just rip out that code check, because there is no IF code check. And you could continually do this throughout the game and request that number back from the server, so its partial validation but instead it just f's up the whole game to unplayable.

Sounds interesting, and if I ever make a game that requires users to be online, I'll have to look into something like that... though they'll still find out where look to crack the program, I'm sure. It may just take a bit of extra work, but nothing that they couldn't crack.

Anyway, any of the games I make (in the near future at least) won't require the user to be online to play. It's more like an auto-update type thing that update with patches and what not. I like to play my computer games while I'm on the move and have no access to the internet, so requiring someone to be online to play is something I definitely don't want to do. Neither do I want to make them type anything into the installer. I just hate key codes.
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

### #11speciesUnknown  Members

Posted 27 August 2011 - 02:06 PM

Crossing the boundary between the game itself and the user's computer in general is a bad idea. Destroying the game itself will not evoke any pity on behalf of the user, because nobody will consider that they have any right to whatever they managed to get for free. However, if you destroy something outside of the game, you will open a whole can of worms.

I am all for the idea of detecting a pirate copy and stopping the game from running, but anything which involves taking revenge turns you into the bad guy, because this moves the debate from one of deterrence, to one of revenge.
Don't thank me, thank the moon's gravitation pull! Post in My Journal and help me to not procrastinate!

### #12i_luv_cplusplus  Members

Posted 27 August 2011 - 02:14 PM

Seeing some of the comments no wonder every month we hear about more ridiculous DRM. Especially this part:

I would change the game mechanics in not so subtle ways. Blatantly put the player into impossible situations. Retroactively modify their savegames. Make the game downright unfair. When they inevitably die/lose from the artificially induced unfairness, show them a screen telling them that the game will treat them just the way they treated the developer by pirating it.

You know what would happen?

First of all, people would come to your forums/reviews complaining about game being broken, releasing an unfinished product etc. You will blame them for piracy, but some of them will be legitimate customers who were unfairly marked as pirates. Also, you kill any chance of these people ever coming back to play/buy any of your games because they don't want to mess with a broken product.

wait, that actually works as a deterrent for pirates! too bad it deters the customers as well.

There is a 100% DRM solution that always works - release the game without any DRM. Witcher 2 did, and you don't see them complaining about piracy. Usually devs complain about piracy when the game was a broken bug-ridden piece of crap to begin with (in before world of goo omg 90% piracy - he pulled his numbers out of nowhere, you can't just compare unique IP numbers vs sold copies).

OpenGL fanboy.

### #13greentiger  Members

Posted 27 August 2011 - 02:34 PM

My thoughts on DRM are that I'm actually ok with always ON server authentication (even for single player) so long as ...
1. you can go offline in case you're on a laptop or your connection falters it won't kick you off SP
2. at some point down the road (1-3 years) that the DRM turns itself off (the DRM scheme I mean, not the game/authentication servers) -- probably released as a patch

The goal there would be to maximize the first few years of initial sales and then let the bargain hunters and pirates have at it.

### #14swiftcoder  Senior Moderators

Posted 27 August 2011 - 03:09 PM

My thoughts on DRM are that I'm actually ok with always ON server authentication (even for single player) so long as ...
1. you can go offline in case you're on a laptop or your connection falters it won't kick you off SP
2. at some point down the road (1-3 years) that the DRM turns itself off (the DRM scheme I mean, not the game/authentication servers) -- probably released as a patch

The goal there would be to maximize the first few years of initial sales and then let the bargain hunters and pirates have at it.

It isn't nearly as simple as that, however. Cracking the online authenticator to allow the game to run off line without authentication, is not particularly much harder than cracking a serial number authenticator, or any other sort of validation.

The way to make this work is to design your game such that a *significant* portion of your gameplay logic is actually is run on the server. But at this point you are basically running an MMO, requiring a very significant investment in servers and upkeep.

Tristam MacDonald - Software Engineer @ Amazon - [swiftcoding] [GitHub]

### #15Yann L  Members

Posted 27 August 2011 - 04:18 PM

You know what would happen?

First of all, people would come to your forums/reviews complaining about game being broken, releasing an unfinished product etc. You will blame them for piracy, but some of them will be legitimate customers who were unfairly marked as pirates.

The minority is always the most vocal. It's generally also the most irrelevant. As I mentioned, it is important to make sure your detection system is very tolerant and robust. As long as this is the case, I don't see any problem with exposing pirates and making their lives harder. Yes, there may be false positives, but these can be kept to an absolutely minimum. It's a tradeoff.

Also, you kill any chance of these people ever coming back to play/buy any of your games because they don't want to mess with a broken product.

People say this all the time, and it's generally nonsense. Boycott this, boycott that, and two weeks later everybody has forgotten about it. Although I don't have any numbers to back that up, my gut feeling is that 99% of all these complaining "customers" are in fact pirates that were bit by the protection.

Let's take an extreme example. Assassins Creed 2 had one of the worst, most intrusive and most controversial DRM systems to date, with bugs and flaws that massively affected legitimate players. And you know how that influenced sales ? Well, look:

Ubisoft 2010 Fiscal Results

Ubisoft has released its sales and earnings figures for the fiscal year that ended March 31, 2010.

[...]

Fourth-quarter sales were slightly higher than the guidance of around €200 million issued when Ubisoft released its sales figures for the third quarter of fiscal year 2009-10. This performance reflects the combined impact of:

* The accounting restatement of around €8 million in marketing cooperation expenses. These costs were previously deducted directly from the top-line sales figure but are now included in SG&A expenses.

* A strong increase in sales of Just Dance, which, in the total fiscal year, sold-in almost three million units. This performance was particularly impressive as the game was only available on one single platform – the Wii.

* The ongoing exceptional performance delivered by Assassin’s Creed II, which sold-in nearly nine million units during the fiscal year.

* The launch of Red Steel 2 for the Wii, which received very good reviews and whose performance was in line with recently revised forecasts.

* Sales of Avatar that outstripped the most recent forecasts, notably on Wii.

During the first four months of calendar year 2010, Ubisoft’s gained market shares corresponding to 9.9 percent in Europe (versus 8.5 percent one year earlier) and 6.8 percent in the United States (against 5.3 percent).
[...]

And how much impact do you think will the massive discussions about AC2's DRM have on the sales of AC3 ? Zero.

So what do we learn from this ? Even the worst DRM will not majorly impact sales if the product and marketing is good. It will however severely impact piracy over the first weeks with the highest financial importance.

The OP and myself proposed systems that are far, far less intrusive than the one from AC2 and will, if done right, not impact honest customers at all. The only ones that are going to complain are the pirates. And well, that's kind of the point, you know...

### #16Prefect  Members

Posted 27 August 2011 - 11:51 PM

But you must make sure that legitimate customers aren't affects by this. [...] Just make sure to not do anything illegal or to touch any system resources outside of your own game.

What defines illegal? Well, the law of course, but what does the law say about this? Is it illegal for a game to invalidate itself? Is it illegal for the game to install a system-wide startup "reminder" for the thief that greets him whenever he starts up his computer? Also, can't a game developer have the game do all sorts of nasty things when piracy is detected and argue that it's only the pirated version that does those things while the official version doesn't do them? He certainly should not be held liable for the damages caused by using anything other than the original game.

A thought I had earlier was to have the game, upon piracy detection, randomly pick a considerable number of user files, encrypt them, tell the user about it, then sell a separate utility that decrypts them! The decryption utility has to have the trollface icon

Courts generally don't appreciate vigilante justice. If you do something like this, your only hope is that you indeed only affect genuine pirates who are too embarrassed to take legal action against you. But if you accidentally piss off the wrong person, you could get into deep trouble, and justifiably so.

Honestly, I think the OP has exactly the right idea: Tell people that you caught on to them, and how to get a legal copy. Your objective shouldn't be to stop pirates from playing the game - that way you only hurt yourself (no sale gained, plus you might lose buzz / word of mouth surrounding your game). Your objective should be to turn pirates into buying customers.
Widelands - laid back, free software strategy

Posted 28 August 2011 - 11:23 AM

Or we could charge less for games. Such as the left 4 dead steam sale article that sold a billion more games when it was on sale. I think honestly the main reason is people don't believe the value and therefore wont pay for it.

### #18Cornstalks  Members

Posted 28 August 2011 - 04:44 PM

Or we could charge less for games. Such as the left 4 dead steam sale article that sold a billion more games when it was on sale. I think honestly the main reason is people don't believe the value and therefore wont pay for it.

I don't think that would work so well. Part of the reason it sold so much during that small time period was the fact that it was a lower price than normal, which creates a hype. However, if the lower price *is* normal... well... then there's no hype.

But selling them for less doesn't really change much. Sure, maybe a few more people might buy them, but at a lower price one has to sell more to make the same amount of money that they could have made by selling at a higher price and selling a few less. Pricing games is a tricky craft, and selling more at a lower rate isn't necessarily the answer. If the game is priced less, people will feel like they are stealing less when they pirate it as well. People would definitely still pirate a game, even if it was sold for 30 cents. My goal isn't necessarily to force every pirate into becoming a buyer (that's overly unrealistic), but rather to make the pirate's experience of the game not quite as awesome as the buyer's experience of the game, without creating too much negative talk about the game.

My thoughts aren't so much "How do we stop people from pirating?" (because that's a dumb question) as much as it is "Some people are going to pirate the game, so how do we handle it when it happens?"
[ I was ninja'd 71 times before I stopped counting a long time ago ] [ f.k.a. MikeTacular ] [ My Blog ] [ SWFer: Gaplessly looped MP3s in your Flash games ]

### #19djz  Members

Posted 28 August 2011 - 05:39 PM

This reminds me of U-HE - when copies of Zebra stopped working, it would show the interfaces as being melting goo. It would specifically kick in after a user had spent a LONG time working on a particular program. He got some death-threats.

### #20greentiger  Members

Posted 13 September 2011 - 05:38 PM

Or we could charge less for games. Such as the left 4 dead steam sale article that sold a billion more games when it was on sale. I think honestly the main reason is people don't believe the value and therefore wont pay for it.

I don't think that would work so well. Part of the reason it sold so much during that small time period was the fact that it was a lower price than normal, which creates a hype. However, if the lower price *is* normal... well... then there's no hype.

But selling them for less doesn't really change much. Sure, maybe a few more people might buy them, but at a lower price one has to sell more to make the same amount of money that they could have made by selling at a higher price and selling a few less. Pricing games is a tricky craft, and selling more at a lower rate isn't necessarily the answer. If the game is priced less, people will feel like they are stealing less when they pirate it as well. People would definitely still pirate a game, even if it was sold for 30 cents. My goal isn't necessarily to force every pirate into becoming a buyer (that's overly unrealistic), but rather to make the pirate's experience of the game not quite as awesome as the buyer's experience of the game, without creating too much negative talk about the game.

My thoughts aren't so much "How do we stop people from pirating?" (because that's a dumb question) as much as it is "Some people are going to pirate the game, so how do we handle it when it happens?"

I specifically wait for Steam sales not because of hype--but because Steam games rarely have demos and I prefer to try demos first and because Steam is borderline acceptable in terms of the DRM. It's not that my set up is not capable of "always on" DRM, but I just don't like that type of DRM very much or the idea they can revoke access. Therefore, I don't spend as much as I might have spent if circumstances were different. A game at 50$with no demo is harder to buy than a game at 30$ and no demo.

Old topic!

Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.