Columns Game Phone Home!

http://www.bit-tech.net/columns/2008/07/13/game-phone-home/1

Are all games that phone-home to a publishers server inherently bad? Isn't it possible that in some case copy-protection can be a good thing that can help game design? Cliff Harris ponders how the software that traps us could also be used to free us.

 

there are some very good points in there. and to be honest I would be fine with all of that. except for having my machine read my biometric data and send it back in....
anyway, my only concern is the system being abused. and this information ends up being used to market something towards me. or collect data that isn't relevant to what was mentioned in the article.

 

Agreed, I feel that way aswell.

What i think would be the best decision for the developer to make would be to provide the user with the option during installation to chose to share his gaming information. But only having that done in such a way that during the installation Not sharing your information is default, also have a description above it as to why they want it and what exactly is collected.

 

Steam collects data like this, I'm pretty sure it's in the steamworks deveopment kit. Just use that

 

I don't have a problem with anonymous collection of statistical information to aid in the bettering of current and future products, given the consent of the user and as long as it is done properly. What I don't like is games or other software that phone home for activation, especially in the way that Mass Effect was planning on incorporating with SecuROM before the outrage. The main problem I see with activation servers is what if the servers go down, or the company drops support for them later on.

If I pay $50-60 for a game (and often more for software) I don't want to be treated like a criminal, or even inconvenienced as I am a paying customer. I would fear a company starting out by having anonymous information collected in the correct way, and later on down the road someone in their huge corporation gets the bright idea to slip in something that checks the CD keys against a list of banned keys to see if you have a legit version. This is bad on many levels. What if someone used a key generator to make a CD key that happened to match the one that came in the box of the game I purchased. Activation limits are also bad, especially anything as small as 3 or 5 activations. If someone uploaded their copy of the game and gave their key away to pirates, it would be used hundreds if not thousands of times, not 4 or 6 times. If you are going to have activation limits they need to be at least 10, due to upgrading hardware causing new activations and people who buy a new computer every year or two.

Ok, enough of my offtopic rant, but there is some connection. When people see that something phones home these are some of the issues that immediately come to mind, giving them a negative impression. Personally I wasn't all that bothered by Mass Effect's policies about online activation and what not, and if it hadn't been for the name SecuROM I would have bought the game for my PC. I hadn't forgot about the BioShock fiasco nor the Sony CD Rootkit situation a few years back (SecuROM is owned by Sony, whose DRM I explicitly can not trust anymore).

 

The good thing about Steam is that I know when it's running, and I know when it's not running. Game developers and programmers must be honest, and make sure the gamer knows exactly what's going on to their system. Not only that, but they should give full control to the gamer of how the program reports back to base. After all, the gamer did pay for the game to play, as opposed to collecting data. Put bluntly, we are not ****ing lab rats.

If big corporates such as EA could be more focused on fun, unique games, rather than data collecting and monthly reports, we might actually get a decent gaming future...

IMO, support the smaller developers that are using Steam. Those guys have our gaming hearts at mind. Steam is one of the least intrusive applications I've ever used too. It's so easy to turn on and off, to delete, and to back up. The one small bug it has is updating the odd game, right when you want to play it.

 

I don't think many people would be opposed to it if you phrase it properly. Something like a dialog box popping up when you go to install (like agree EULA > next > enter cd key > next > data collection? > next > install). You can have it default to yes, just because most people click through, but if you phrased it like you did in the column I don't think anyone would have a problem. "No personal data is collected///click yes to upload your machine specs now///would you like to send play data periodically in order to improve our future titles?"

If the title didn't have any sort of DRM other than a CD key I think it'd get a lot more people to at least consider that type of data mining.

 

I have absolutely no problem with developers asking what my hardware configuration is for the sake that it will improve my future games. The problem that this information is being used to place expiration date for the games that I enjoy. In the past 6 months I have added hardware to my computer on three separate occasions and reformatted it twice. To the DRM, I have installed the games on three separate computers; in fact, both times I reformatted my computer I had to call Microsoft to get their permission to reinstall XP. Why should I buy a game that I may not be able to play in 6 months because I wanted it to be better?

 

Thats really crap DRM. I don't use any hardware checking DRM at all, but if I did, I would also do some other stuff, like checking the windows serial, hard drive size, windows user name (from the registry) and a few other variables, then combine that with the hardware check, and do a statistical approximation that this is likely to be the same PC, albeit with some extra RAM or a new video card. People buy new RAM and video cards and reinstall windows a lot, if everything else seems to match, then it seems silly for any DRM to conclude its a new PC.
But I don't support hardware checking anyway, I'd much rather have one-off online serial checks, and just fail if it seems like there are more than a dozen or so IDs the same from different PCs. After all, some people own 3 PCs at home, why shouldn't they be able to install the game on all 3?

 

Finding out my screen res = fine
Making me activate a game when everyone who has pirated it has the activation disabled anyway = pointless and annoying

 

I pretty much agree with what has been posted already. Anonymous statistical data gathering is fine, knowing when it is running and when it's not (as with Steam) is also okay. As long as everyone is informed and can access that data in a clean format I don't see a problem.

It crosses the line when it opens our systems to attack, gathers personal information to be used against us (marketing) and we have no way of knowing if it's running with no obvious any way to turn it off.

Data gathering should only be happening when a game or it's framework (Steam) has been activated by the user.

 

Collecting hardware and usage statistics is fine upto a point, but for most people, seeing that the game is going to phone home in any way is going to arouse suspicion. DRM is doing far more damage to the industry than good, and this is just one example of where. Kind of amusing really, given it's the legitimate buyers who are treated like criminals, a pirate copy of a game has all that junk removed. The other major problem with the activation, as mentioned, is limited installs. My game collection still contains ancient games like C&C Tiberian Sun, Baldur's Gate, and Deus Ex. Ive had those over a cycle of about 4 computers, yet I still play them. Why should I be prevented from playing the games I'm buying now, in 10 years time, simply because I've got a different computer?

All statistical collection should be an opt in process during install, with the option to change it later. It should state what data is actually collected, and what it's going to be used for.

 

The thing is I don't want my computer to call up servers that I don't know about.
Call me paranoid, but that is totally open to abuse.

How do you know that the program used to send the information is secure and wont open any security holes? You can't.

If it's contracted out, how do you know how reputable the company is? You can't.

Is there any way of seeing what data is actually collected from you? No.

 

My thoughts are pretty much what has already been said, with a couple of bonuses:

Single player games vary so much in type and execution (even games within the same genre) that tweaking costs/skills/damage/whatever due to 'the majority' is going to end up with a vast raft of same-old-same-old that will actually punish those players who try to do something different in their completion of the game.

Multiplayer games, on the other hand, are fair game as far as I'm concerned. You're already online and possibly on official servers, so it can't be that hard to keep tabs on what weapons etc. people are leaning toward or that dominate the game and adjust accordingly.

But the fact remains I'm inherently leery of the idea of a single player game wanting to go online. For any purpose, even if it is so the developers can "tweak" my game... you might not tweak it the way I want; so the easiest thing to do is release some sort of dev tool set so I can do it myself if I want.

 

The problem with it being an opt in system as with any survey is that you are no longer looking at a random or fair spread of the customers, you are only looking at the customers who opt in to have their usage monitored. There may be trends that people with higher spec PCs opt in and people with lower spec PCs opt out, meaning that the averages measured by the designers will be much higher than the true average - meaning ultimately they could design games that would alienate many of their existing customers.

 

"Phoning Home" leaves a bad taste precisely because it is often abused.

I think to avoid this, the way forward is transparency. One way to do this would be to separate the data transmission from the game itself. As one of the poster pointed out, opening your firewall for a single player game to get an external connection would put any one off - there is no need to trust any software developer is only doing what they are saying they are doing.

And so to make this feasible, you define a standard for data collection. An open standard that has anonymity built in, and which all games could use. The games would pass their data to the collection agent, and the user would define what data can be transmitted - hardware specs, playing stats, whatever, and when the data can be transmitted. It would be GPLed and run by the collective. Save the data nice an clear in xml documents. And would absolutely be discrete from any DRM management - that would be a sure fire way to kill it at birth.

If this type of data truly is of value, then developers should be working on this type of solution, rather than moaning that no-one trusts them. And if it truly is of value, then getting a team together and speccing the standard shouldn't take long.

 

Same as Paulkoan.

the data you'd like to collect would be good to collect, but as I don't know where you stop collecting...

For developping reasons, wouldn't it be good to know what games I play BESIDES your game?
So do you scan my drives?
Do you check if my "playername" is used anywhere on the web?
Maybe this'll reveal my hobbies, and if 80% of the players of your game share a hobby then you might incorporate this knowledge into your (future) games...

See where I'm going? Your reasoning is sound, but it is also sound when used on very wrong reasons.

"I'd like to watch 100 people play the game, " that's called Alpha-Testing if I remember right ;-)
As you're an Indie developper, you can't afford 100 test.-rigs, but why don't you invite a hundred people over to...whatever LAN event is near you and let them test your game for free for a few hours, and talk to you afterwards?

 

The picture for this article is a false association. Bioshock didn't do anything like this.

If you want to study user habits and hardware, send them an e-mail explaining it, and ask them to run the game for a certain period of time as they normally would with the monitoring on. Then have it turned off. People won't mind showing devs how they play, so long as they understand it is done anonymously and not indefinitely. (I don't care how slick you make it, no monitoring process is going to be completely invisible performance-wise) What we do mind is the prospect that we might not be able to play a game that we own because of some connection issue. Let's not pretend that CP will make games better. It won't.

 

As with other people i agree to the majority of what has been said. However, something that might help me "friend" up to the data would be a log of what was being sent, that way i know what will be sent and what wont be. I know that this can still lead to abuse through invisible sending of data (possibly for DRM or advertising) but i would feel a lot more comfortable this way rather than just my random data being sent.

 

what everyone else has said.. lack of choice, lack of transparency, lack of correct purpose on a product I paid for ...all those would need to be addressed before I embrace this sort of thing.