Why heavy regulation on piracy/hacking is inevitable

A developer thought it’s a good idea to implement a password stealing tool into his game’s installer. Yes, a real hacking tool that hackers inject to your computer if you dumbly visit teenp0rn.freedomain.cn

Why did he do it? To get the login name/password combos of pirates that they use on pirate sites, probably to do some damage on said sites or to gather evidence about pirates who steal his game by offering product keys.

Redditors discussing this linked several other events when devs used tools like rootkits that are typically associated with hackers. I don’t get into the legality of this, since it largely depends on what do you click “yes” without reading.

I’ve always claimed that pirates and cheaters should be prosecuted by the state as criminals instead of being sued by the devs. But this time I don’t argue ideologically. I’m just saying that if the government doesn’t protect developers from pirates/cheaters, they will do it themselves in a “let’s ride boys and hang them bad guys” style and they will surely shoot innocents in the process. Good candidates for innocent victims are modders, machimia-makers (who want to make a video using game engine) and people who got viruses, even if technically they modify game files or access game processes.

There is a further problem. If it becomes – and already became – customary that games demand you to click “OK” on a blanket spying program, game developers themselves become target of spies and (non-game related) cybercriminals. For example Blizzard uses the Warden which is practically a rootkit and access various files and memory in your computer, reporting its findings to Blizzard. Now imagine that a criminal gang infiltrates Blizzard and injects a code into Warden that looks for your credit card info. Then they grab the credit card info sent back to Blizzard before anyone there notices what’s going on and steal the money of all the players. Or consider the possibility that a foreign spy uses a game’s installer or patcher to inject a backdoor program if you are playing the game from certain IPs, hoping that a bored soldier or government worker uses the game on a secured location. This isn’t a wild possibility, a fitness app was used to track down a bunch (not particularly bright) members of special forces in secret bases in the Middle East.

A video games have no place accessing root of a computer, or anything outside its own memory. Video games are complicated software, usually full of bugs that are best run isolated, with as little rights as possible. However if you’d enforce this, all game companies would go bankrupt due to rampart cheating and piracy as the only defense developers have is practically hacking your computer, getting full control over it to look for pirate/cheater software. But they would no longer need this if the police would protect them. I don’t have belt fed machine guns in my home to protect myself from invading horde because my country has an army for that. If devs could simply report cheaters to cops knowing that the guy will soon stop logging in due to being in jail, they wouldn’t be busy installing spy programs on anyone’s computers.

Author: Gevlon

My blog: https://greedygoblinblog.wordpress.com/

7 thoughts on “Why heavy regulation on piracy/hacking is inevitable”

  1. What would those “heavy” regulations even be? What are you describing here that isn’t already unlawful? Go read up on the The Digital Millennium Copyright Act before you answer. (Hint: Anti-circumvention has all this pretty much covered.)

    And how do “heavy” regulations work when the hacker is in another country without reciprocal laws and extradition treaties? Any better than the current laws? Because that is the real problem, bad actors that you can’t get at with current laws.

    And your final logic is wrong, since things like Warden are needed to tell if somebody is cheating. That sort of thing wouldn’t go away at all. If anything, it would have to get more intrusive to provide sufficient evidence for the police to act, because unless you live in an authoritarian state the police don’t run around arresting people without evidence on the say so of a software company. Not unless you’re willing to give companies like EA the power to have you arrested.

    Like

  2. You’re mixing up piracy with cheating, which is rather odd.

    Piracy is already illegal, and the police in most countries is prosecuting people for it. Of course they’re also failing spectacularly at this task, because enforcing that would require some sort of state approved rootkit running on everybodies machines (and even then, how do you ensure everyone has it installed on their computer?). Besides, there are popular titles like i.e. Witcher 3 that contain no DRM at all and are doing fine, so it’d definitely not lead to “all game companies going bankrupt”.

    Cheating on the other hand, is another story. Prosecuting cheaters is, at least in theory, possible, as you can link the credit card that was used to buy the game with the account. The problem here of course is, how do you prove somebody was cheating in the first place? More specifically, how do you keep developers from claiming people cheated in their game and fabricating evidence, when in reality their only crime was voting for Hitler Trump?

    I simply don’t see how the police would be able to protect anybody.

    (Also wordpress doesn’t show my comment, so sorry if this is a duplicate)

    Like

  3. Great post. I’m a (not Game)Dev and I think that liability and prosecution are a joke in the software world.

    Both from devs – “we are not responsible for anything” (can you imagine this practice on bridge construction? “Oh, the bridge might fall and we will not receive any repercussions”.

    And from users – if a player steals millions from your game company and destroys your game with cheats he’s punishment is just a light ban (Credit card + PC ban).

    But the players side is changing, there was a bot maker for WoW that Blizzard destroyed his life (won a court demanding millions from him) – it will probably be regulated in the future like you say.

    Like

  4. @Wilhelm: how many people went to jail for stealing games? You go to jail if you steal a bottle of whisky from a store, but not for stealing a big bunch of games.

    Secondly and more importantly, cheating isn’t illegal, despite it causes more damage to the gaming industry. A pirate simply enjoys the game for free and he probably wouldn’t buy it if if was impossible. A cheater makes the game unplayable to a bunch of customers (like eating in a restaurant without paying vs starting a fight and ruining everyone else’s dining).

    No, Warden isn’t needed to catch cheaters, most cheaters can be caught server side. Also, if it would be illegal to cheat, there could be official anti-cheat programs that search the memory, coming from trusted sources instead of some indie game dev. Finally: honeypotting. Police develops cheat program, sells it to cheaters, lock up everyone who used it.

    @Hanura: in case a foreign country doesn’t reciprocate, our country can put it behind a firewall, stopping internet traffic from there. No Chinese players = no Chinese hackers.

    Fabricating evidence is a crime in itself and it’s rare. Very few shops claimed that customers stole without a reason. I doubt if false criminal accusations would be more popular in this sector than in any other.

    Like

  5. @Gevlon: If cheaters can be reliably detected server side, then the game is just badly designed. But the vast majority (like aimbots and wallhacks in pubg) cannot.

    Official anti-cheat programs already de facto exist, with Steam’s VAC being supported (and enabled) by a large number of games[0]. Proper audits of them wouldn’t hurt though, I agree.

    The reason why fabricating evidence is rather rare in theft cases is because it’s hard. Editing log files so it looks like player X cheated is not.

    [0] http://store.steampowered.com/search/?category2=8

    Like

  6. @Hanura: wallhacks could be prevented server side, if the server wouldn’t send the data of other player who is behind the wall. Aimbots can be detected by looking for inhuman reaction time.

    I don’t think it’s hard to say “I saw that guy stealing”, but people don’t do it, mostly because trolling doesn’t worth going to jail for.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s