[quote name='greentiger' timestamp='1314477271' post='4854542']
My thoughts on DRM are that I'm actually ok with always ON server authentication (even for single player) so long as ...
1. you can go offline in case you're on a laptop or your connection falters it won't kick you off SP
2. at some point down the road (1-3 years) that the DRM turns itself off (the DRM scheme I mean, not the game/authentication servers) -- probably released as a patch

The goal there would be to maximize the first few years of initial sales and then let the bargain hunters and pirates have at it.

It isn't nearly as simple as that, however. Cracking the online authenticator to allow the game to run off line without authentication, is not particularly much harder than cracking a serial number authenticator, or any other sort of validation.

The way to make this work is to design your game such that a *significant* portion of your gameplay logic is actually is run on the server. But at this point you are basically running an MMO, requiring a very significant investment in servers and upkeep.
[/quote]

Is there a better way to do something like that then that's not basically running an MMO?

Is there a better way to do something like that then that's not basically running an MMO?

Nope.

If it runs on the client computer, it can be detached from any remote authentication system.

Let me be the first to start off by saying I hate DRM. I abhor it. Maybe I'm being masochistic right now... Let's find out.

Let's say you don't require a product key or anything like that. Also, let's say that the program is only going to be downloaded from the Internet (because it's unlikely I'll ever make anything that gets published physically). What if we did it similar to how World of Goo did it, in that the user buys the program, gets emailed a fancy little link that has their unique purchase ID as part of the link, and then simply by accessing that link they can download the program and install it... no fancy tricks... yet.

But let's say that each game has a small, 8 byte (or however big, and possibly not contiguous) part of the game's executable or data files or something or other, that gets encoded by the server at download time with a hash of the buyer's unique purchase ID. That way, when the game connects to the interwebs to download updates and patches, it can simply check the hash value it's been encoded with and pass that along (probably hashed again) to the server, so the server can identify who it was that legally purchased that game. Nothing happens for awhile though. Maybe the first few months of the games life. But when the server sees that the same purchase ID is being used by 200 (or whatever arbitrary number) users, we can be fairly confident that they're pirated copies.

So after a month or two or three or whatever, we can get a good idea of which copies have been pirated or not. Then, in a later update, all the pirated copies get a special patch. Don't worry, it doesn't invalidate their copy or anything. I hate pissing people off because I hate being pissed off. What the special patch does is it comes up with a cute little window that says "Hey! It looks like you're using a pirated copy of the game... If you've really enjoyed it, why not buy a copy of your own so you can help fuel our army of 3 coding monkeys to continue making freaking sweet games?" And then it puts a little button in the bottom right corner of the screen that says "Buy Me!" But beyond that it doesn't really do much. More like a small encouragement to the pirates to fork over some cash if they've really liked the game (if they didn't like it that much they're not going to buy it anyway, so it doesn't make much sense to me to force them or anyone else to buy it).

Anyways, what are your thoughts on a DRM scheme like this?

Yeah I've always considered this the best approach to DRM. However, I think once you see that there are 200+ people with the same ID you should just block that ID or switch the game into trial mode. Pop ups really don't do much to make me want to buy the product. I've used so many products for years that had that type of pop ups and continued to use them without even thinking twice about buying it. I'm pretty sure games where the user gets partial access for free with the option to buy additional content work the best. You should want everyone to play your game for free even pirates but they should not get the same level of service or content. Give them a reason to want to give you their money.

I'd be fine with a scheme like the OP suggested. But then again, I'd be fine with it whether I were a paying customer or a pirate-- it's easy to ignore a popup, and a pirate has already made the decision to play your game without paying for it. It's not like a popup will suddenly make them realize that they didn't pay for the game and should do so immediately. And for the record, every pirated game release I've ever seen (on friends' computers, of course) has explicitly stated in the info file that if you like the game you should buy it, to support developers you like making games you like.

I do really like the idea of putting players with confirmed (or at least very highly likely to be) pirated copies into very difficult situations or otherwise erode the playing experience. Change all equipment the player can use from [item name] to Pirate [item name], with terrible stats, and the item description describes how because so many people obtained items without paying manufacturers started making crappy items instead. Or every NPC tells the player "Go blow yourself, pirate" at the end of every dialogue, and every time the player turns their back the NPC attacks and kills them, or robs them blind. Shopkeepers refuse to sell to the player, or only at insanely high prices. Lots of stuff to let the pirate run the game, but not really enjoy it.

The best part is in the case of a false positive, the player can make their case to you by presenting a receipt and the DRM is probably fixable without a huge amount of trouble. If done correctly, there wouldn't even be many of these to deal with.

[quote name='greentiger' timestamp='1315957266' post='4861313']
Is there a better way to do something like that then that's not basically running an MMO?

Nope.

If it runs on the client computer, it can be detached from any remote authentication system.
[/quote]
At least until trusted computing spills over into the consumer market. Which is only a matter of time, as it is already quite popular in many corporate and security critical sectors. Concepts such as memory curtaining or sealed execution would make piracy as we know it impossible. Cracking a game would then amount to either using a scanning tunneling microscope on the CPU to extract the unencrypted code, defeating 2048 bit RSA altogether on a fundamental level or (the only realistic approach) illegally obtaining the master keys or unencrypted binaries from the publisher over an insider / hacker.

Whether or not this is a good thing is an entirely different matter.

Change all equipment the player can use from [item name] to Pirate [item name], with terrible stats, and the item description describes how because so many people obtained items without paying manufacturers started making crappy items instead. Or every NPC tells the player "Go blow yourself, pirate" at the end of every dialogue, and every time the player turns their back the NPC attacks and kills them, or robs them blind. Shopkeepers refuse to sell to the player, or only at insanely high prices. Lots of stuff to let the pirate run the game, but not really enjoy it.

If you do that, make sure to add an optional "pirate-experience mode" for legal customers. People are going to pirate your game (or somehow trick it into triggering the behaviour) only to see that system in action

I do really like the idea of putting players with confirmed (or at least very highly likely to be) pirated copies into very difficult situations or otherwise erode the playing experience. Change all equipment the player can use from [item name] to Pirate [item name], with terrible stats, and the item description describes how because so many people obtained items without paying manufacturers started making crappy items instead. Or every NPC tells the player "Go blow yourself, pirate" at the end of every dialogue, and every time the player turns their back the NPC attacks and kills them, or robs them blind. Shopkeepers refuse to sell to the player, or only at insanely high prices. Lots of stuff to let the pirate run the game, but not really enjoy it.

In Legend of Zelda: Link's Awakening there was a legitimate way to cheat and steal items from the item shop. If you do so, the next time you enter, the shop keeper will blast you with a bolt of energy, killing you instantly, and thus increase your "death counter" for the game, marring any chance at a perfect score (he'd treat you like normal, afterward, until the next time you steal something). To add insult to injury, stealing an item even once, permanently renames your character's name to "Thief" (instead of "Link" or whatever name you entered for the game) in all future game dialog scenes, including the major plot ones. "Good morning, Thief!"
(See video:

)


Doing something similar for pirated users would be hilarious. Also hilarious would be a "Special Pirate Price", where every in-game item costs an additional 15% to "offset the increasing costs of theft on my poor potion-making/weapon-crafting business".

Also, see Spyro: Year of the Dragon's successful combat against pirates:
(Watch the video first:)

(Then read the article:) http://www.gamasutra.com/view/feature/3030/keeping_the_pirates_at_bay.php

Some of the ideas in the article are quite nefarious, if I remember correctly.

[quote name='Yann L' timestamp='1314465320' post='4854484']
But you must make sure that legitimate customers aren't affects by this. [...] Just make sure to not do anything illegal or to touch any system resources outside of your own game.

What defines illegal? Well, the law of course, but what does the law say about this? Is it illegal for a game to invalidate itself? Is it illegal for the game to install a system-wide startup "reminder" for the thief that greets him whenever he starts up his computer? Also, can't a game developer have the game do all sorts of nasty things when piracy is detected and argue that it's only the pirated version that does those things while the official version doesn't do them? He certainly should not be held liable for the damages caused by using anything other than the original game.

A thought I had earlier was to have the game, upon piracy detection, randomly pick a considerable number of user files, encrypt them, tell the user about it, then sell a separate utility that decrypts them! The decryption utility has to have the trollface icon
[/quote]
Go talk with a lawyer. I hope he/she can save you from HUGE legal trouble ;-)

Hint: Installing bear trap into your own house can bring you murder charges...

[quote name='Yann L' timestamp='1314465320' post='4854484']
I think it's a good idea. But you must make sure that legitimate customers aren't affects by this. Put in failsafes and give users the benefit of the doubt (ie. apply very generous tolerance margins to your detection). Some people do really stupid things without realizing it, these may trigger anti-piracy detection even though they purchased a legal copy.

Once you are sure that you are dealing with a pirated copy beyond reasonable doubt (eg. because it is running on a known pirated product key), then have fun. You outlined a rather nice and friendly approach. I personally would go farther than just a 'friendly' nag screen. If someone stole your car, you wouldn't let him get away with it on a friendly reminder to not do it again either. Just make sure to not do anything illegal or to touch any system resources outside of your own game.

I would change the game mechanics in not so subtle ways. Blatantly put the player into impossible situations. Retroactively modify their savegames. Make the game downright unfair. When they inevitably die/lose from the artificially induced unfairness, show them a screen telling them that the game will treat them just the way they treated the developer by pirating it.

Hehe that sounds fun. I was thinking of (depending on the game) an additional level where you can't finish it if you've pirated it, and it rains fecal matter on you or something like that. But messing with the game mechanics sounds like a lot of fun... reversing gravity occasionally... and screwing with their saved games... now THAT sounds fun haha.
[/quote]

Yes, it would be fun (for you, that is) - but think the following way:

How much time and resources would designing and writing the DRM and special "pirate" level take (including extra artwork and debugging, server time and so on)?

How much more enjoyable could you make your game for legitimate customers using the same resources? Don't they deserve the maximum amount of fun from your game?

I would change the game mechanics in not so subtle ways. Blatantly put the player into impossible situations. Retroactively modify their savegames. Make the game downright unfair. When they inevitably die/lose from the artificially induced unfairness, show them a screen telling them that the game will treat them just the way they treated the developer by pirating it.

I'd be cautious with this approach. My concern would be that these introduced "glitches" might be interpreted as actual game bugs, and could generate negative user reviews. Whether the reviewers in question are legit users or actual pirates is immaterial; negative vibe surrounding the title might put off new potential customers.

The approach I would use is actually introduce subtle promotion in the game. For example, exposing pirates to our other titles, encourage the people to sign up to our newsletters, or twitter feeds, social our networking sites, forums etc. I guess treating pirated versions of the game as a free advertisement medium is more constructive - after all, pirates could be your future potential customers. Exposure is king; the more you can reach out, generate, and interact with your user base, the better it is for you in the long run. Pirates will be always out there. The trick is to herd them in with a carrot stick the best you can, and keep them in your ecosystem as long as you can.

But if you really want to notify pirates that they are using a dodgy version, I'd introduce a parody of some sort, or a light hearted joke to remind them. (Suddenly and inexplicably all characters wear eye patches, scarves on their heads, blind drunk and speak in heavy Bristol accent.)

[quote name='greentiger' timestamp='1315957266' post='4861313']
Is there a better way to do something like that then that's not basically running an MMO?

Nope.

If it runs on the client computer, it can be detached from any remote authentication system.
[/quote]

Keys that detect a multi-use key and then go into "pirate mode"?