15 hours ago, Satharis said:

publishers don't force DRM into games because they wouldn't stay afloat without it, they do it to try and make more money

Getting more money is how publishers stay afloat. That's what money does.

If your argument is that all publishers are always profitable and don't need more money, then this is provably incorrect. Many publishers have closed, scaled down operations, or been forced into mergers because they couldn't fund their operations any more.

15 hours ago, Satharis said:

I've seen many companies that put zero DRM in their products and still stay afloat

This is called survivorship bias. You don't get to see the companies that put zero DRM in their product and disappeared without a trace because they disappeared without a trace.

16 hours ago, swiftcoder said:

By and large they show up in cracked forms within hours or days of release, and their single player modes usually don't require an internet connection anyway.

Staying uncracked for hours or even days can make a massive difference in revenues. This is part of why companies are so keen on the midnight store openings for big games, or for digital releases that don't have to wait for someone to get down to the store - every minute where the only option for the curious is to buy a legal copy translates into more revenue.

Besides which, the situation is not usually that bad - some systems these days are protecting games for weeks. (https://www.eurogamer.net/articles/2014-12-19-denuvo-anti-tamper-drm) If it wasn't worthwhile, they wouldn't be investing in this.

On 3/31/2018 at 4:57 AM, Kylotan said:

Staying uncracked for hours or even days can make a massive difference in revenues

We've found that our steam distributions are still cracked and available on torrents within moments after being placed online.  Attackers know exactly where the changes are and how to remove them.

The best and least foolproof method is the one mentioned at the beginning.  Have online components that are required for the game.  Then have account permissions in order to access those online components.

You'll find very few major games that don't have an online component, even when they include substantial single-player offline content.

On 3/31/2018 at 2:51 AM, Kylotan said:

Getting more money is how publishers stay afloat. That's what money does.

If your argument is that all publishers are always profitable and don't need more money, then this is provably incorrect. Many publishers have closed, scaled down operations, or been forced into mergers because they couldn't fund their operations any more.

 

This is called survivorship bias. You don't get to see the companies that put zero DRM in their product and disappeared without a trace because they disappeared without a trace.

There's a difference between making enough money to stay in business and making profits far and above what are required for the company to even slowly expand, you won't see me shedding any tears if someone has to avoid buying an extra sports car because some pirate cracked a game and cut off a few sales, which is a nonsense argument at best.

I also see plenty of companies that put DRM in their products and still disappear, so that doesn't really correlate to business or profits at all, unless you could show me a chart of differences in sales before and after implementing DRM for two very similar products I would have a hard time even agreeing with that premise.

We're getting offtopic here either way, I don't really want to go back and forth forever about whether DRM is good for humanity or something, many people here consider it as much a plague as I do and I only really chimed in because so many people were talking about it.

Fact is nothing is safe unless it is on another computer, anything localized will be cracked, at best you're slowing down the inevitable, and if your game gets popular it will be childishly easy for them to crack it.

9 hours ago, Satharis said:

There's a difference between making enough money to stay in business and making profits far and above what are required for the company to even slowly expand

It is ridiculous to believe that you can say precisely how much money a company 'should' be making.

Publishers often have years where they lose millions of dollars. For example Square Enix lost $138 million in 2013. So for you to talk about companies "making profits far and above what are required" and to think this is just about someone buying an extra sports car or not is an embarrassing level of ignorance.

When Square Enix announced those losses, this led to layoffs at Square Enix LA, it led to IO Interactive shedding half its staff. You may not care about the jobs of game developers but less money means fewer developers, which means fewer games, simpler games. It doesn't just mean smaller bonuses. There is not "too much" money slushing around at game development companies.

9 hours ago, Satharis said:

unless you could show me a chart of differences in sales before and after implementing DRM for two very similar products I would have a hard time even agreeing with that premise

It's laughable to think that these companies would risk consumer dissatisfaction by implementing methods that are known to annoy customers but which have no positive benefit on sales. Publishers have the raw sales data. They see the patterns.

6 hours ago, Kylotan said:

It is ridiculous to believe that you can say precisely how much money a company 'should' be making.

Publishers often have years where they lose millions of dollars. For example Square Enix lost $138 million in 2013. So for you to talk about companies "making profits far and above what are required" and to think this is just about someone buying an extra sports car or not is an embarrassing level of ignorance.

When Square Enix announced those losses, this led to layoffs at Square Enix LA, it led to IO Interactive shedding half its staff. You may not care about the jobs of game developers but less money means fewer developers, which means fewer games, simpler games. It doesn't just mean smaller bonuses. There is not "too much" money slushing around at game development companies.

Oh yes, because history has shown us that companies always take profits and devote it to hiring more people. That's embarrassingly naive to think greater profits lead to happier employees, you're essentially trying to tell me that I should want companies to always make more money because if they don't it increases the risk that some people will be laid off. I hate to break it to you but people are laid off in this industry constantly and for many reasons besides just "we don't have enough money anymore." I could bring up companies like EA if I need to, the reputed slaughterer of game development teams, how about SOE? I also highly doubt those layoffs were a result of piracy, and I'm certainly not going to want to subject the people who play games(like myself) to things that are often detrimental like DRM just because I have some emotional response that I think I'm saving someone's job by accepting it.

6 hours ago, Kylotan said:

It's laughable to think that these companies would risk consumer dissatisfaction by implementing methods that are known to annoy customers but which have no positive benefit on sales. Publishers have the raw sales data. They see the patterns.

So essentially you're telling me that I should assume they know everything because they are large and devote money to analyzing sales data? That's laughable, at best they are making educated guesses about sales and I would wager in most cases they have no grounds on which to accurately measure how many sales piracy contributes vs how many it removes. I couldn't say how accurate their analysis is without seeing some of it myself and commenting, but really the effect of piracy on games sales is a lot more complicated than "One person pirated a game, now they are one lost sale." DRM is also not free, even if DRM caused sales that would otherwise have been piracy, with costs of licensing the software, paying to have it integrated, and dealing with support issues it causes taken into account, it might result in a net loss.

I care about people's jobs but in economics that is a terribly naive sentimentality to follow. Would I lose thousands of people their jobs to get rid of some of this terrible nonsense that has invaded the industry like paywalls, overarching DRM and micro-transactions? Damn right I would. I'm not going to support coal mining just so coal miners don't lose their jobs.

55 minutes ago, Satharis said:

I also highly doubt those layoffs were a result of piracy, and I'm certainly not going to want to subject the people who play games(like myself) to things that are often detrimental like DRM just because I have some emotional response that I think I'm saving someone's job by accepting it.

That isn't what he wrote. 

Lack of money causes layoffs and companies collapsing.  Companies require revenue to pay the staff, and salary is by far the greatest expense.

55 minutes ago, Satharis said:

So essentially you're telling me that I should assume they know everything because they are large and devote money to analyzing sales data? That's laughable, at best they are making educated guesses about sales and I would wager in most cases they have no grounds on which to accurately measure how many sales piracy contributes vs how many it removes.  I couldn't say how accurate their analysis is without seeing some of it myself and commenting, but really the effect of piracy on games sales is a lot more complicated than... that is a terribly naive sentimentality to follow.

Thanks for playing, but that reasoning won't work among those of us who are professionals.

Of course it is more complex than that.  And you won't see the data unless you're in a position within the business where that is part of your job.

The companies have ENORMOUS troves of data.  It is you who is naive if you think the largest publishers of TenCent, Activision-Blizzard, and EA don't have an extremely accurate image of global and regional player behavior. In addition to games and game tool metrics, they've got data from data brokers, from ad networks, from retail channels, from distribution channels, from companies like Facebook and Twitter and Twitch. They've got data not just about their own games and products and ad channels, but data about the broader industry and about other industries as well. 

As Steam and online servers have been mentioned, even those aren't guaranteed. I've got co-workers who were at a small company.  After a great advertising campaign they launched a popular game.  They had their servers set up, Steam authentication and servers to help protect against piracy.  They invested everything they had into the business to build a success.  They watched the telemetry. In the first day they had nearly a hundred thousand unique players.  At the end of the first day, Steam reported only 23 sales.  The company thought it was odd, but perhaps the data was slow to sync or needed to wait for transactions to clear. At the end of the first week, and after reporting a quarter million seemingly-validated Steam accounts there were less than 200 paying customers according to Valve. They reconciled the data with Valve and with IP address mapping tools.  Valve reported an enormous number of the accounts were fraudulent but valid when authenticated, paid with stolen credit cards which were later revoked without payment or otherwise troublesome; not just in the US but particularly through Asia and Eastern Europe.  Of course it is possible that Valve was the one committing fraud, but given known piracy rates and the IP addresses of players the claim was realistic. The company was out of business when they realized they could not pay their workers and they had crushing debt, even though the servers were saturated with several hundred thousand players.  Obviously not everyone would have purchased the game, but if even half of them paid the company would have seen a 20x profit rather than collapse.  They are real people I personally know who lost their jobs and suffered lost/missing paychecks because of piracy. 

On the titles I've worked with where we had firm telemetry data, every one of them showed >95% piracy rates.  Most had enormous player bases in countries where we not only didn't launch the game, but we also never translated it in their languages where rates asymptotically approached 100% piracy. Even in our target countries the highest paying rates were still over 80% pirated versions.

3 minutes ago, frob said:

That isn't what he wrote. 

Lack of money causes layoffs and companies collapsing.  Companies require revenue to pay the staff, and salary is by far the greatest expense.

Are you really implying he brought that point up and it has nothing to do with the discussion at hand, that it isn't referencing that piracy causes these companies to lose enough money to lose people their jobs? Why even mention it then?

5 minutes ago, frob said:

Of course it is more complex than that.  And you won't see the data unless you're in a position within the business where that is part of your job.

The companies have ENORMOUS troves of data.  It is you who is naive if you think the largest publishers of TenCent, Activision-Blizzard, and EA don't have an extremely accurate image of global and regional player behavior. In addition to games and game tool metrics, they've got data from data brokers, from ad networks, from retail channels, from distribution channels, from companies like Facebook and Twitter and Twitch. They've got data not just about their own games and products and ad channels, but data about the broader industry and about other industries as well.

I never said they didn't have enormous troves of data, I said we have differing opinions on if they are examining the data and correctly inferring the effect piracy has on their profits. You also essentially make my point for me, that information is closely guarded and unless you work at one of those offices doing work that is decidedly not game development, you'll never have any kind of proof. I don't pretend I have access to that data, if someone here has access to that data I would question why they do and they most certainly would not be allowed to share it.

So what that boils down to is that we are arguing two sides here, I'm assuming companies are making incorrect decisions, or they are making correct decisions in terms of profitability but are harming their users in order to get it. Whereas the other side seems to be implying that because these companies make these decisions, that it must be the right choice, it must be accepted and it is the logical solution to follow. I made a plain statement that I do NOT support these practices, even if people's jobs are involved. It should be very obvious to not support that viewpoint means you either side with the opposite viewpoint, or are at best, complacent to it.

10 minutes ago, frob said:

As Steam and online servers have been mentioned, even those aren't guaranteed. I've got co-workers who were at a small company.  After a great advertising campaign they launched a popular game.  They had their servers set up, Steam authentication and servers to help protect against piracy.  They invested everything they had into the business to build a success.  They watched the telemetry. In the first day they had nearly a hundred thousand unique players.  At the end of the first day, Steam reported only 23 sales.  The company thought it was odd, but perhaps the data was slow to sync or needed to wait for transactions to clear. At the end of the first week, and after reporting a quarter million seemingly-validated Steam accounts there were less than 200 paying customers according to Valve. They reconciled the data with Valve and with IP address mapping tools.  Valve reported an enormous number of the accounts were fraudulent but valid when authenticated, paid with stolen credit cards which were later revoked without payment or otherwise troublesome; not just in the US but particularly through Asia and Eastern Europe.

Is that really just piracy though? I would say that more seems like an overarching problem of people obtaining software like games through fraud, that also seems far outside the norm of how piracy distribution usually works, for single player games in particular they tend to completely avoid interfacing with steam so they shouldn't even have any telemetry for those cases, for games that are mostly multiplayer its a whole other can of worms with people either connecting to real servers through fraudulent accounts or even running third party servers that avoid steam altogether. It's a complex issue.

15 minutes ago, frob said:

Of course it is possible that Valve was the one committing fraud, but given known piracy rates and the IP addresses of players the claim was realistic. The company was out of business when they realized they could not pay their workers and they had crushing debt, even though the servers were saturated with several hundred thousand players.  Obviously not everyone would have purchased the game, but if even half of them paid the company would have seen a 20x profit rather than collapse.  They are real people I personally who lost their jobs and suffered lost/missing paychecks because of piracy.  

On the titles I've worked with where we had firm telemetry data, every one of them showed >95% piracy rates.  Most had enormous player bases in countries where we not only didn't launch the game, but we also never translated it in their languages where rates asymptotically approached 100% piracy. Even in our target countries the highest paying rates were still over 80% pirated versions.

 

Yes but the question isn't really "is there a lot of piracy" the question is "does DRM fix the problem?" Those statistics are pretty horrifying but also not that surprising, I'd wager a lot of sources of piracy come out of countries that have little or no chance of legal prosecution against people for the activities like China or smaller European countries. Would DRM have really fixed that issues though?

There's many variables in that scenario:

• How many people that pirated would have actually bought the game in an ideal scenario?
• How many of those accounts were even from piracy and not alternative illegal methods like credit card fraud?
• How much piracy would DRM cut down on?
• How much would the DRM cost relative to how much is earned back?

That's just a few of the issues, and they aren't solved simply with telemetry data. Whether you meant to or not you are also displaying exactly the kind of statistics I often see people show as why piracy is harming the industry while it not actually correlating to potential sales and revenue compared to costs.

On 3/29/2018 at 7:16 PM, Rutin said:

I'm sure others will have their opinions on this, but there is little to no way to have DRM that isn't some form of an inconvenience to the end user while being an effective form of DRM. I do not support DRM, nor do I believe it's an effective way to ensure 100% protection for your application. This is why we see AAA games that spend countless amounts of dollars protecting their product still get pirated.

It Does not half to be 100% a effective as it only need to be resist and time-consuming. No free lunch!

Quote

User accounts to login online to get updates wont matter. Only one user requires the file to redistribute to the masses. You can essentially only allow people to register online accounts with one-time use product keys. You will also have to consider if someone is able to get access to the web-server to obtain the files.

True but no free lunch. Most be ways to make it more difficult. (one-time product key + MAC address)

Quote

Digital Watermarking is easily bypassed. It can be used to mark pre-release copies or review copies, ect...

How do you demonstrated that its your work?

Quote

Product keys would only be effective for programs that run online that requires one unique account per product key to play. Such as an online RPG running server side. Product keys to run applications on the client side can be easily bypassed. It's too easy to fake authentication, and even prevent that processes while editing the file. If your product is offline and requires a constant internet connection to verify, you'll be annoying the user.

No always-on for single-player offline content but for online components and update need a account.

Quote

Client side Code Obfuscation will not prevent the attacker from succeeding. The main purpose of code obfuscation is to make potential attackers less likely to bother with your code, but it's not an effective form of security for your code in itself.

Good, that is what I want. Make it more difficult cheaters and pirates. :-)

Any resources? (some links, articles, posts, books, tips or best practices)

Thank you :-)