Home
Blogs
Forums
News
Portfolios
Projects
Tutorials
28 users logged in
New? Learn about game development.
Before posting, review our community guidelines.
Follow Us
Chat in the GameDev.net Discord!
Mastodon

🎉 Celebrating 25 Years of GameDev.net! 🎉

Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!

Back to GDNet Lounge

How do indie game developers protect themselves from cyber-crime?

Started by
4 comments, last by alnite 7 years, 7 months ago
Hello fellow devs. I've been making free games for a while, but the game I am currently working on is my first serious project that I plan to sell on Steam. I work with the help of one artist and a few closed testers.
Thing is, now that I’m making a game for sale, I need to buff up my whole system to stay safe. So, what security advice should I take? Any examples of more popular indie game developers,and what they do to protect themselves? (Even the semi-popular ones count.) How do you guys protect yourselves? What do you do?
(Or, is cybersecurity simply less of a concern for indie game devs because we’re not churning out triple As? I hope not. Security seems like something too important to ignore.)
To add to the mix, I suffer from OCD and chronic paranoia. I have extreme anxiety and fears about getting hacked and having my game data stolen or deleted.I also fear having my Steam, Kickstarter or Paypal accounts hacked. With good reason too: Hackers’ targets are normally small businesses like ours, and they look for vulnerable accounts and systems. I would be wrecked if someone were to hack my Kickstarter account and ruin everything, or even somehow steal my game or corrupt it. What would I say to my backers? "Sorry guys, the project is cancelled because it's destroyed. Now how do I refund everyone?" That sounds like a complete disaster.
I also worry a lot about my reputation as a game developer. I had a very embarrassing past as a stereotypical teenager, where I posted a lot of nonsense, stupidity and drama on websites and forums. I worry about being spied on by hackers. What if a hacker were to show all my embarrassing past activities and postings I had on the Internet to my parents or friends? It would be very awkward for me.
I’m also anxious about what would happen if people were to make up and spread rumours or gossip about me. Remember Phil Fish, that guy who developed Fez? When I read about how he got hacked, it scared the daylights out of me. He literally had his life destroyed in one blow. People said he had a bad reputation and was very rude towards fans. So now I’m really worried about offending consumers too.
Then there’s the worry over getting doxed (having my real name, surname and address leaked out online). It’s really crappy in general to have so much of your private life revealed to the public. But say, say if I manage to hit the big jackpot. Get as famous as the guys who did Undertale, Five Nights At Freddy's, Starbound, Super Meat Boy, etc. Doxxing could get so much worse.
Like with those YouTubers and Twitch streamers who get their phone number posted online, so their phone explodes with messages and calls.Or the poor things whose addresses are shown and get pranked with mass pizza deliveries and worse.
And surely everyone has some kind of skeletons in their closets. Regrets, embarrassments, weird parts of themselves they don't want strangers to know. How do these people, who’ve reached a certain level of popularity, deal with having them? How do they deal with keeping their skeletons away from the public?
Let’s not forget the biggest target for hackers is where big money lives. So that’s another worry if I do end up making good money out of my game.
Lastly, no matter where my game-making takes me, staying anonymous is a big priority. I don't want stalkers or thieves to be able to reach me offline. I want to keep living my quiet, private life, but it seems like you can't if you want to hit it big. It seems like you can't make any sort of impact in the gaming industry at all, if you're not well known. What does someone do about that?
Actually, I may already be too late to keep complete anonymity. I shared my game screenshots and details under my real name back when I knew nothing about cybersecurity. Also, my current project takes place in the same universe as my free games do, and my free games were posted under my real name. Looks like there’s no way of separating them… unless anyone’s got ideas?
Maybe I wouldn’t have to worry about all this if I made my game really fringe and unpopular on purpose, but that’s really counterproductive. And maybe someone will say that I’ve got a weak mentality and shouldn’t be making games, just to save myself from all the stress. But making games is my greatest passion. I have wanted to make games ever since I was a kid, and I will never quit.
So, could you please help me out here, guys? Anything you or people you know do to beef up your cybersecurity, beyond that of an average joe, to keep your games and your privacy safe would be really welcome. Sorry for the long post, and thanks for reading.
Advertisement

"fears about getting hacked" - choose good passwords or use a password manager, keep your software and OS up-to-date, disable Java and Flash in the browser, don't visit disreputable sites.

"and having my game data stolen or deleted" - use an automated backup system like Crashplan.

"I also fear having my Steam, Kickstarter or Paypal accounts hacked" - enable Two-Factor Authentication where possible. Ensure you have recovery email addresses set up. Use the same name across the various services so that, in the event of a dispute, it's easy to prove that you are the original owner.

"What if a hacker were to show all my embarrassing past activities and postings I had on the Internet to my parents or friends? It would be very awkward for me." - What's done is done. You can't prevent that. Learn to live with it. Maybe a legal name change would reduce the chance of this happening, but it's unlikely it would ever be an issue.

"Then there’s the worry over getting doxed" - why would they want to? I'm not saying it doesn't happen to people that don't deserve it, but the quantities of people we're talking about is quite slim.

"I want to keep living my quiet, private life, but it seems like you can't if you want to hit it big. It seems like you can't make any sort of impact in the gaming industry at all, if you're not well known. What does someone do about that?" - You can develop under a pseudonym or a business name. But really, the chances of you hitting it so big that privacy becomes a problem are miniscule.

"I suffer from OCD and chronic paranoia" - this is your main problem because it's causing you to exaggerate the risks. I suggest you seek psychological or medical assistance to try and help you put things in better perspective. Most of what you're worrying about hardly ever happens, and most developers never get far enough for it to be a concern anyway.

what they do to protect themselves?

Are you asking about preventing you're online presence being hacked?

or about keeping your game from being cracked?

The first one, right?

The first is a cyber-security issue. the second is about DRM technology.

For me, the normal precautions for cyber-security have always been adequate.

I didn't have to worry about DRM until I made a game popular enough to warrant cracking. IE: it was well known enough that cracking it would bring bragging rights to the cracker, which is why crackers crack games in the first place - solely for bragging rights - they just happen to injure gamedevs in the process.

Norm Barrows

Rockland Software Productions

"Building PC games since 1989"

rocklandsoftware.net

PLAY CAVEMAN NOW!

http://rocklandsoftware.net/beta.php

What you are trying to do is predict possible risks and asking for ways to mitigate those risks.

Here's what you need to do:

1) Write out every risk you can think of to you, your game project, your company, etc.

2) To the best of your ability, rate each risk on the likelihood of its occurrence.

3) Then, assume that each risk will happen, try to assess the impact it would have on your operations.

4) Finally, sort each risk based on the likelihood of its occurrence and the level of impact it would have on your operations.
You'll have a risk matrix which has a list of things which are high frequency, high impact, all the way down to low frequency, low impact.

You want to spend most of your efforts on the high frequency, high impact items and you want to start taking steps to mitigate those risks. You can either work to reduce the chances that the risk would happen, or work to reduce the impact it would have on your ops (or both). You won't always have a 100% fail safe solution to everything, but you can work to get something to an acceptable level.

Let's take data loss as an example of a risk you might face:
The chances of data loss are medium. A hard drive could crash. A hacker could delete files. A virus might wreck your data. Human error. etc. etc. Lots of possible sources, all somewhat low, but combined, you get a medium level threat on its likelihood. The impact would be catastrophic, so medium multiplied by catastrophic should spurn anyone into taking preventive measures / action.
So, the best you can do is reduce the impact of such an event. To mitigate this risk, you should have a backup process in place! The frequency of your backups should be based upon how much work you can afford to lose. Every minute past your last backup is data living on borrowed time, so you're only as good as your last backup. Some business systems can't tolerate more than a few seconds of lost data (think of financial systems), others can't handle more than an hour of lost data, others a day, some a week, two weeks, etc. The shorter your tolerance window, the more expensive your risk mitigation solution is going to be.

Take a good bit of time to read through this:
https://en.wikipedia.org/wiki/Risk_management

Eric Nevala

Indie DeveloperSpellboundDev blog | TwitterUnreal Engine 4

I agree that you should seek medical assistance, even if you are not mentally ill or anything. Your paranoia might be "normal" but the way you handle it (always considering the extreme bad examples; possibly having the delusion that you have serious crimes "skeletons in your closet" in your past; stating that you were a stereotypical teenager yet thinking you were special enough for anyone to care) and let it take over your life is not.

I’m also anxious about what would happen if people were to make up and spread rumours or gossip about me. Remember Phil Fish, that guy who developed Fez? When I read about how he got hacked, it scared the daylights out of me. He literally had his life destroyed in one blow. People said he had a bad reputation and was very rude towards fans. So now I’m really worried about offending consumers too.

There are thousands, if not millions of popular people (rock starts, actors, developers, company leaders, whatever) who are not being hacked and are way more interesting than a game dev. You could be more afraid if you are a politician.

And maybe you should get a communications team or at least a secretary who handles fan emails.

[size=2]Portfolio [size=2]| Youtube channel | Paper modeller development blog | Journal

One common way to do this is to create a company. No, I am talking about not only coming up with a cool-sounding studio name, but a legit company that you register under you state/country. This process can take several weeks depending on how it works in your country, and may cost you some money, and be ready to pay additional taxes. Once this company of yours become a legal entity, then you operate all your game development business under this company name.

You register to your Steam account under this company name.

You open a bank account under this company.

You set your email address under this company. So, instead of draining2332@gmail.com, you put draining2332@myrealcompany.com.

You create a website under this company.

However, this does not mean that you are *fully* protected as nothing is fully protected. Anyone with crazy enough intention to dig your personal info could do so, and would eventually know that you are behind this company. But, it is enough deterrent for most people from digging through your personal info. Now, instead of plastering all your games with your real name, you put your company name. Most people don't care if they download their game from "Awesome Rock Studio".

This topic is closed to new replies.

Advertisement

Popular Topics

JoeJ
Custom memory allocator for STL - dead end due to constructors? General and Gameplay Programming
ScienceDiscoverer
Anybody else have aversion towards Unreal, Unity and other ready-made engines? Engines and Middleware
gamelordofdeath
It is impossible to render a tall building or large terrain in OpenGL. OpenGL is broken. Do not use it. Graphics and GPU Programming
gamelordofdeath
Should you allow modding of your game? Games Business and Law
TryBoo
Predicting Over-Time Skill from Single Input Networking and Multiplayer
Net_
Best-performing collision algorithm when only using AABBs? Math and Physics
Advertisement

Recommended Tutorials

Ruben Torres Bonet (The Gamedev Guru)
Your Guide to Reducing Draw Calls in Unity 2020 General and Gameplay Programming
Myopic Rhino
Model General and Gameplay Programming
Secretmapper
Why your Games are Unfinished, and What To Do About It Business and Law
Gaiiden
Autodesk Media Summit 2012 Visual Arts
jbadams
How Augmented Reality is Changing Gaming Business and Law

Reticulating splines

About GameDev.net
Community Guidelines
Terms of Service
Privacy Policy
Contact Us
Copyright (c) 1999-2024 GameDev.net, LLC
Back to Top