Ubisoft has been in the news more than once recently for their DRM shenanigans. This week’s column is sort of a catch-all for their recent crimes against customer service. I also allude to the technical problem of how you can make a program identify the specific computer that it’s running on.
Tangentially related anecdote:
Back in the 90’s, the company I worked for needed a way to protect users from data theft. All of the user’s settings, including their password, were stored in a plaintext ini file. That’s madness by today’s standards, but in 1996-ish that wasn’t all that radical. The resulting problem should sound pretty familiar / obvious to anyone familiar with security today: Savvy users began swindling the clueless into sending them these ini files.
This sounds ridiculous today, but this was the early days of the internet as we know it. There were armies of clueless new net-immigrants stepping off the boat every day. When they entered our MMO-ish world and someone offered to help them out with some technical problem, they had no idea that sending people files off your own computer was dangerous.
We policed this problem as much as we could, but there’s only so much you can do in an online world where anyone can instantly create a new account for free and most people are on AOL dial-up where their IP address could jump around randomly. It’s like trying to moderate 4chan. Good luck with that. We tried educating people as much as we could, but the rush of newcomers was so constant that there were ALWAYS going to be a few rubes around.
So the technological solution our programmers devised was to hash these text passwords with something from your local machine. This leads back to what I talk about in the linked article: Software trying to figure out what machine it’s on. There were a lot less identifiable bits on computers back then, but by using things like hard drive volume labels and such it was possible to come up with something that had a good chance of being unique to your machine.
Once this system was in place, the problem went away. The con men couldn’t read the ini files they were stealing. They didn’t have the ability to un-hash the password, because they didn’t have the serial number (or whatever it was) used to hash it. This was a good self-regulating thing: Anyone smart enough to look up a serial number on their computer is too smart to fall for the “Send me your ini file and I can show you how to double your frame rate” line.
The only drawback was that if you moved the program to a new machine (remember the days when you could install something just by dumping the files onto your hard drive?) you would have to re-type your password.
Trusting the System
How do you know the rules of the game are what the game claims? More importantly, how do the DEVELOPERS know?
Top 64 Videogames
Lists of 'best games ever' are dumb and annoying. But like a self-loathing hipster I made one anyway.
Bethesda felt the need to jam a morality system into Fallout 3, and they blew it. Good and evil make no sense and the moral compass points sideways.
Two minutes of fun at the expense of a badly-run theme park.
How to Forum
Dear people of the internet: Please stop doing these horrible idiotic things when you talk to each other.