GDC: Security and Privacy in games

Forums > News > GDC: Security and Privacy in games

Trixter (8952) on 3/8/2007 5:38 AM · Permalink · Report

I had the opportunity to observe an industry roundtable here at GDC regarding security and privacy in games, specifically regarding online gaming. (Disclaimer: While I didn't get clearance to report actual game company names, I did get clearance to report on what was discussed.) The problem for publishers is that there are two sets of rules to follow: The need to secure and anonymous personal information, and the need to somehow have that information available for legal action (ie. stealing money in gambling games, etc.)

The game industry is a massive target for people wanting to sidestep the rules: People want to hack higher scores, or grant more in-game points, or maybe just assume the identity of someone else as a form of revenge. To prevent this, for protection of both the company and the players, there are many steps taken, depending on the game:

All IP addresses are not considered private information and are logged.

All in-game chat is logged.

One company's anti-cheat software, bundled with some games, can take screenshots of gameplay or query parts of your computer to determine if you are cheating or not.

Repeat offenders are banned via IP address and netmask, even though this locks out many more potential customers, simply because repeat offenders are a greater legal risk.

Bet you'll read that EULA more carefully from now on, eh?

Some of these practices are changing. For one thing, some european countries are lobbying to consider IP addresses private information, which means they could no longer be considered private data and be logged (or "strive to avoid logging it" according to one company).

Another aspect of privacy that is being tested is bots, and when their use constitutes an illegal act. Is gold farming illegal if it doesn't take (real) money away from end-users? It's a gray area, but to prevent abuse, some bots have to pass some interactivity tests to see if they are bots are not -- kind of a weak Turing test.

The end result of all this are preventative measures. You can't sue a cheater in court because you have to prove actual damages, which is difficult. So it's better to stop them before it gets to that point.

Zovni (10504) on 3/8/2007 1:56 PM · Permalink · Report

Whoa... that is pretty scary stuff. But this applies only to gambling games and stuff like that right?

Corn Popper (69027) on 3/8/2007 4:05 PM · Permalink · Report

no, think of every game you play using the internet

Zovni (10504) on 3/8/2007 6:11 PM · Permalink · Report

Damn, i'm going back to quake 3 then.

Maw (832) on 3/8/2007 9:19 PM · Permalink · Report

Anyone who wants to cheat at some free multiplayer game like Quake 3 deserves our pity and not our criticism.

Riamus (8480) on 3/9/2007 12:18 AM · Permalink · Report

I've never cared about people tracking my IP. As far as I'm concerned, it's fair game.

In game chat being logged is also fine by me. You shouldn't be discussing private or secret information in a game to begin with. As long as you're talking about normal things that you'd expect to see in game chats, then there isn't any reason for concern. For example, I wouldn't put my social security number in a game chat, or my address, or my phone number, or whatever else. If people do, then it's their choice to risk it being logged. If it's personal information, you shouldn't display it online or you will risk having others obtain it.

Taking screenshots of gameplay and querying your computer is questionable...partly for what they query and what they obtain from it and partly because I don't see how it will be that useful. That said, I do know that WoW has banned people for using various third party utilities and perhaps they found that out by using a similar anti-cheat method. If it just scans something like running processes (checking for known cheat program processes) and, if found, sends a notice to the company that the process is running... I'm probably okay with it. However, it has to be a true cheat program. I'd hate to have a program see that I use Daemon-Tools and blacklist me from a game for it. I know some won't run if you have Daemon-Tools installed, and that's one thing... to ban you for running it is another. There are plenty of legitimate uses for Daemon-Tools, such as allowing 5 legally purchased programs (DVD only) to be used on computers in a school that only have CD drives. As for screenshots... they better be very small because I don't really want to have a lot of overhead bandwidth sending screenshots out. And they better be ONLY the game's window and not full screen.

Banning by IP and netmask is fine by me. If it gets me banned, I'll contact the company and find a way to resolve the problem. But otherwise, I'm fine with it.

As for reading the EULA? No. I have no concerns or interests in the thing.

Zovni (10504) on 3/9/2007 3:06 AM · Permalink · Report

I have no problem with IP flagging, but I'm pretty anal about all the others. I'm the kind of guy that disables automatic updates for all its software for the same reasons after all.

Indra was here (20755) on 3/13/2007 9:35 PM · Permalink · Report

Get life first, play multiplayer games later.