Chris Taylor pushes “secure computing” as solution to piracy

Chris Taylor, game designer behind Supreme Commander (as if you didn’t already know that), believes that “secure computing” is the future of the PC gaming world. Now he’s not so naive as to think that DRM is the answer (because SecuROM, pretty much the best in the breed, is about as airtight as a shot-up sponge). When he says secure computing, he’s talking about playing games from a central server rather than on individual desktops.

Now there are all sorts of ways to interpret what he’s talking about, because the description given in the article is pretty vague, but I think what he wants is for essential parts of the game not to ship with the client whatsoever. The only way you’d be able to play is while in constant communication with the server. Think World of Warcraft: anyone can make copies the client, but to be able to play the game, you need to log in to one of the servers, which only accepts logins from accounts that are paying the monthly fee. Only Blizzard has the code that runs the servers, so no one can run their own pirate servers. World of Warcraft is thus effectively “secure computing” according to Chris Taylor’s concept.

Sure, it works for MMORPGs, because a central server is necessitated by the nature of the game, and users accept and understand it. But for other games, especially single player games? Are consumers really going to put up with an unnecessary net connection being required to play for no other reason than anti-piracy? That would ruin the experience on laptops, which many people use in situations where net access is not available (think airplanes, buses, or trains).

And this brings up another problem: the gaming company now has to run and maintain an unnecessary server farm to service all of the requests from people playing single player. Keep in mind that these servers won’t merely be doing verification or validation; if they were, you could either spoof a verification server that would always send back “OK”, or simply remove the verification code from the client executable. No, these servers need to be constantly running a critical part of the game that the client doesn’t have so there is no way the server can be excised from the loop. That’s not insignificant.

The nice thing about computer games as they are now is you can pretty much play them indefinitely, so long as you keep your compatible hardware in operating condition. Not too long ago I went back and dug out my old copy of Dune II (on floppy disks, no less), and played through the campaign for old time’s sake. Now imagine if that game had been programmed using the “secure computing” paradigm; what are the odds that, after all these years, those servers would still be running? Very slim! With this form of secure computing, the PC game purchasing experience isn’t like buying a game in the traditional sense; rather, it’s more like purchasing a license of the game that expires whenever the game’s publisher decides it no longer feels like running the server, or goes under.

If Total Annihilation had used secure computing, no one would be able to play it today, because Cavedog has long since gone belly-up.

I understand that copyright infringement is a big problem in the PC gaming world, but I don’t think that “secure computing” is the answer. It’s simply not fair to the consumer to make games require an online component for no other reason than to prevent unauthorized copying. That’s too punishing of the people who buy the game legally. Thus, I really think multiplayer games with value-added server components (think MMORPGs or matchmaking services like GPGnet) are the future of PC gaming. There’s simply no good way to make a single player game pirate-proof.

Update 2008-02-28: Version 2 of this post is now published on Cyde Weys Musings. Why did I modify it and post it elsewhere? Two posts for the price of 1.5, that’s why! Seriously though, I do discuss some solutions that would make the secured computing initiative more palatable to consumers, so Chris Taylor — go read that one too.

20 Responses to “Chris Taylor pushes “secure computing” as solution to piracy”

  1. MeDDish Says:

    games NEED to come out with limited single player… and then need a service like GPGnet to play multiplayer… so u can go to a local LAN get a copy of the game play the single player (or play local LAN)… decide that its worth it then go to the Manufactures website (in this case GPGnet) and pay them what they would get for the game
    (in my case ill pay $110 for a game in store… but i bet GPG only gets about $30 of that!)
    so if i could get a copy of Supcom FA @ a lan then play it to death @ a local lan play it some more @ home then finaly decide its worth buying and ill get my self a ‘online’ copys so i go to GPG i put in my CC details and pay $40, (id buy a LOT more games if they were $40 rather then $110) wham, bam that you mam, all done i can now play the game online!
    also, with this method GPG could make more $$$ per game offering games this way, also they cut out the middle man so to speak. and give customers the option do they wanna pay $40 for the ‘key’ or $40 + $5 for the ‘key’ and access to ‘download’ the iso (but those who have allready priated/borrowed the ISO could skip this $5 charge as they dont need it.

    a better eg is last year i went to a lan and got into Company of Heros, realy got into it, then when i was upgradeing my video card i paid a extra $50 to get one that had company of heros in it so i could play it again online…. only problem is now the expansion has come out and i cant play it anymore because there is never a game going! cost of the expansion $70 releasticly im not gonna buy it, ive allready downloaded a not so legal version and plaied that a alot, i like it just not worth $70, if i could ‘buy a key’ direct from the manufacture for $30 i would of done it yesterday!
    i know i can get the expansion for $40 thru ebay but then ive got no guarantee that its a legit version! dealing direct with the manufacture/publisher would be great!!
    oh and before ANYONE suggests Steam, ive NEVER hear anything good about it, in fact ive heard a LOT of bad things about it, the main thing being ‘i cant play steam games @ lan cuz i forgot to set it offline mode before i left home’ (and there is no net connection @ the lans!
    the ONLY thing i see companys like GPGnet haveing to do is make sure their ‘server’ software doesnt get on the internet! and secondly makeing sure they have something that will hunt down programs like Hamachi to stop pplz playing Online ‘lan’ games!!

  2. Miglecz Says:

    …Only Blizzard has the code that runs the servers, so no one can run their own pirate servers…
    This is not true! A lot of my friends plays on pirate WOW servers. This thread is about getting more players, so
    out SC on the Valve’s Steam and get more players. GPGnet sux

  3. Bob Says:

    Any form of so called ‘copy protection’ think bioshock (activation servers) and steam (needed all the time to even run/install the game (although I have nothing against steam as a content distribution platform)) stops me from buying these games because A) I don’t have an internet connection on my home pc and B) even if I did if these services go belly up I’m £30 down. I much prefer the system of having no drm/cd checks on the cd and no activation. Just have the serial for internet multiplayer access (You need the internet anyway so banning multiple connection from the same serial is v.easy) and a serial/account registration to be able to download patches/updates from the developers website.

    This is not a perfect anti piracy method by any stretch of the imagination but it stops pirated copies from accessing internet multiplayer games and also stops easy access to patches/updates from the manufacture. The manufacture can then also use the updates to reward legitimate players by adding in extra content etc.

    In summary this method of protection does not annoy legitimate users (or leave them with nothing if the developer goes under) but it does stop casual piracy. You will never stop the hard core pirates as they would never have paid for the game in the first place)

    On another note I also replayed Dune 2 recently. (Used DOSBox in XP to achieve it). Great game!

  4. Cyde Weys Says:

    Miglecz: I’m vaguely aware of those pirate WoW servers, and as far as I know, they’ve been reverse-engineered by looking at the packets the client is sending out and then trying to create a server that meshes with that. It’s not a copy of the real server hardware, and is still lacking in many respects (particularly NPC AI, I would imagine).

    Unless they actually somehow obtained leaked copies of the actual server code, in which case I’d be very interested in hearing more information.

  5. Woden Says:

    I think Steam might be a good model to emulate – it’s still playable offline (if you’re careful), it doesn’t use much server power while running the game, and it cuts down on most piracy (though never all, of course). The other way to go is through activation keys (think Windows activation) – which are again moderately effective. The best model though is to produce such excellent games that people feel obliged to pay for it if they can. Face it, you’re never going to squeeze $100 out of a cash starved teenager, so you may as well give up trying and just let them play so that they’re grateful to you in 10 years time when they have some $$$.

    As for pirate WoW servers, it’s been a long time (~2 years) since I investigated it, but there was a ‘proprietary server’ that one of the pirate groups would sell(!) to anyone who wanted to host it. It was surprisingly complete – but then, implementing a server isn’t so hard when you have the real thing to reverse engineer and you have access to the client in its entirety, so it could have been entirely coded from the ground up.

  6. Cyde Weys Says:

    Steam games aren’t immune to software piracy as they only use classical DRM, not the “secure computing” concept as proposed by Chris Taylor (with the exception being multiplayer-only games with unreleased server software that you must have the cryptographic digital equivalent of a serial number to play). You can find pirated copies of games that are exclusively available through Steam on the Internet. Although, I would argue, Steam makes it so convenient to buy games that oftentimes it isn’t worth the hassle of obtaining them illegally, especially when their price is around $20.

  7. Sub Says:

    When they released the Steamworks thing, one of the guys from Valve stated that Steams DRM wasn’t meant to stop games from being pirated forever. It’s only meant to stop games from being pirated within the release window, as thats when the majority of games get sold and pirated. Apparently its working for them, as games only released on Steam do take a while for a pirated version to come out.

    With that being said, Chris Taylor is wrong on this one. People aren’t buying PC games because they got tired of developers essentially forcing people to upgrade every x months. Piracy plays a factor, but I honestly believe the constant need to upgrade is whats killing PC Games. Here’s a good quote by a developer on Sins of a Solar Empire:

    “For console advocates out there, ask yourself how well a given game would sell if it required players to run out and buy a $300 upgrade to their console to play the game? That’s essentially what a lot of high profile PC game developers expect. When Ironclad and Stardock were working on Sins, we made a conscious decision that the game would not require potential gamers to upgrade their systems. That meant we couldn’t have things like moving turrets or whatever but it means that the size of the market was much larger. No matter how good your game is, if people can’t play it, you will always be limited. The number of people willing to upgrade PCs for games is not that large. If you want to sell lots of copies of your PC game, make sure it runs on a lot of machines. “

  8. T2A` Says:

    I’d definitely agree that being forced to upgrade is a huge turnoff for the PC market. We’re at the point now that consoles don’t really have any of the restrictions of the past — they’ve got internet access, patching, chat, friend systems, etc. And now that console makers have stopped trying to get a profit on the console itself, they’ve got great hardware for a really low price as well.

    I mean, just look at UT3. It’s a fantastic upgrade… if you’re into visuals. None of the visuals, however, affect the gameplay in any way; they’re just fluff strewn arbitrarily over top to make their game look pretty. Pretty games, in Epic’s case, sell their engine. Unsurprisingly, the game is doing terribly as far as online player counts go. They spent so much time making it pretty that they released a buggy, unfinished product that is very tough on older systems, and as a result of all of that the game can barely field 300 players (in the US) over the weekend.

    As for the main topic, it’s an incredibly stupid idea. PC gamers on the whole are being treated as criminals because some of them pirate games. I doubt PC gaming will be around in its current state for much longer. Consoles are just 2ez. They’re easier to work with and cheaper and have more games to play. Consoles remove all the troubles and let people get right down to what they set out to do — play the fucking game.

    As soon as console developers make games designed around the use of a keyboard and mouse (as opposed to just supporting them), PC gaming is finished.

  9. Sub Says:

    http://www.dansdata.com/gz079.htm

  10. Molloy Says:

    I really don’t mind validation systems like Steam. If that’s whats necessary then bring it on. I had a ton of trouble getting Bioshock to run properly until they patched out the SecuROM so I’m not such a fan of that approach.

    As I see it they should have some sort of online log in system in place for the first year, then once the games major commercial life is over they can patch out the copy protection, or it can be designed to expire. That way you’d actually own what you bought eventually, rather than be renting it and have your product expire.

  11. Falco64 Says:

    Having a limited local setup where you can only play either campaign/skirmish or over the LAN but have a login service that forces you to have an account with the company in order to play multiplayer makes it so if you actually want to play one of these games against people (where it’s fun unless It’s Empire at War where everyone is a jerk) you need to pay for a legal key/license.
    Sure, there are ways around this (not that I’ll give any examples) but for the most part, you can’t play online without a key.

    It comes right down a simple fact.
    People who want to own the game will pay for it and people who don’t want to pay for the game will not.
    This rule is not limited to PC gaming. It applies to all media. The PC world is just the “easliest”.

    PC gaming will never disappear simply because some of us will never give up our classics (like TA) but developers may stop being able to sell games when they decide to treat us all like criminals.

    And one last note. I HATE having to swap out a CD every time I want to play a different game. I’m glad SupCom doesn’t require it.
    I think I had a point in here somewhere, but it’s almost 2am and I’m losing the ability to string thoughts together.

  12. Cyde Weys Says:

    Molloy: The expiration couldn’t happen automatically. There’s no dependable way to get the current date on a client machine. You could always just set the date a year forward and have the copy protection expire. No, the company would have to do it manually by releasing a patch in a year’s time — and hopefully a patch that’s already been made and put in code escrow upon release, because the company could always die during that year.

    Of course, in a year’s time, the likelihood that a pirate group will have beaten the company to effectively the same patch will be high.

  13. Brandon "Draxe" Rising Says:

    What if you had to basically RENT your games for a certain length of time. Basically a verification system that has to be connected to and then the game is released from it’s protections for a certain period of time. So you buy it in the store, then install it. The day you go on your vacation and want to play it during your flight you connect and request a 12hr release and your files are verified and released. After that’s up it must be connected again and verified.

    Now obviously some hacker would find a way to stop the protection being re-enabled, or extending the time period beyong what is specified. But even in Mr. Taylor’s system of constant connection a hacker would eventually figure out a way to let the game play and stop it from connecting to the server. So sure you wouldn’t be able to play multiplayer games but thats pretty much how it is now. For the most part servers catch people playing with fake copies because of incorrect CD keys. No system will be perfect, you can only attempt to slow the kipple (decay).

  14. Cyde Weys Says:

    Brandon, unfortunately the situation you describe is very easy to take advantage of. As soon as the protection is temporarily disabled, that gives you enough leeway to keep it permanently disabled. Simply spoof the clock to that application so that it appears to always be under the 12 hours limit, and firewall off the application so it can never reestablish contact with its servers. This would actually be easier than hacking through a game’s code to remove the validation steps.

    Nevermind the sheer annoyance of having to plan out, ahead of time, all the games you expect to be playing. When I’m getting ready to head out on a trip, I typically just throw a lot of things together. I don’t want to have to log in to my laptop and take some meaningless steps just so I’ll be able to play all of my games. Oh, and 12 hours won’t be enough. At my job, we frequently travel for four days at a time, and not all hotels have Internet access.

    All of these protection schemes just add a lot more annoyance to the legitimate purchaser of the game (who wants to be locked out of a game because Comcast inadvertently messed up your net connection and you didn’t have the foresight to see the future?). Meanwhile, they aren’t really affecting the pirates at all, who have stripped out the protection mechanisms.

    Either you you stick with the protection measures that we have now, which defend against all but the most inexperienced and/or moral of users, or you go to full-on secure computing a la Chris Taylor, where the game cannot function unless it is in constant communication with a server which verifies that the copy has been legitimately purchased by use of a serial number. There isn’t really a workable middle ground.

  15. T2A` Says:

    Having to constantly “rent” your own games is a seriously stupid idea. So stupid I’m afraid I cannot put into words how immensely stupid it is.

    The more PC gamers are assumed to be criminals and treated as such, the more they will act like like criminals in retaliation. Trying to lock down a game with “advanced” protection schemes only hurts it… Unless you’re Blizzard and get extremely lucky that your game is popular enough for 10 million people to throw billions into it to keep their virginity.

    Take a look into Bioshock’s post-launch fiasco. Whatever protection it used caused a lot of issues with people trying to install the game, and that really pissed a lot of people off. On the flip side, the pirated version didn’t contain this protection and was thus completely free of any installation issues. Which sounds like the better deal? Pay $50 and be forced to jump through hoops to prove that you did actually buy it only to have it not work in the end? Or get it for free and have it work flawlessly?

  16. Cyde Weys Says:

    I heard about the nightmare copy protection on BioShock and decided I would never support such a thing. So I did download the “free” version, which presented a lot fewer problems than the legitimate paying customers. And you know what? I didn’t end up liking the game and only played it for about two hours, so I’m glad I saved my $50.

  17. zordon Says:

    Just charge a reasonable fee for the price of a game, say at most $20 and then I bet they’d see a large decrease in software piracy. $110 a game is quite obscene. I’ve been saying this for years and years and years and years. Do you know how many games for $20 dollars I would buy? (answer: a hell of a lot) DRM is a joke of an idea and Chris Taylor, while good at your RTS design, really has no clue when it comes to marketing or software piracy in general. I mean I read in an interview how he thinks xbox has no piracy! hah go take a look at some torrents sites Chris.

    PS I can’t actually bring myself to install steam & its associated marketing spyware, and damn I wanta play team fort 2. but oh well, they’ve screwed it for me. I’d have a hell of a lot less problem with it if I was given a choice about the information it submits back to the overlord, or they knocked the price down to a more reasnoble amount for digital distribution. They can use me as marketing, but don’t expect me to pay top dollar as well.

  18. Woden Says:

    zordon: Actually, the Orange Box is really much better value than most games these days. I wouldn’t say you’d be paying top dollar. You get 3 good quality games for $50 – admittedly Portal is very short (but very good) and Episode 2 isn’t so great, but Team Fortress 2 alone is much better than most other games you could get for $50, even for ordering online. I don’t agree with their privacy policies either, but you really shouldn’t accuse them of overcharging.

  19. H-master Says:

    I tottaly agree with the writer of the text. Punnish the legal buyers for piracy? :(

  20. zordon Says:

    Their costs are reduced far more than the price has dropped. I believe they’d make more money overall selling more copes for less dollars. After all the distribution system can handle it now. Times have changed.

Feel free to leave a comment: