on May 2, 2014
Pretty much the moment I logged into Saints Row 4 for the first time, the game was trying to get me to sign up for the Saints Row website. You know: Create an account! Social media! Online with your friends as on the internet with special offers! It’s the sort of thing that has the stench of a lumbering corporate behemoth throwing gang signs and trying to talk with tweens about their Facechats and InstaGramming.
One of the features hooked in to having an account was being able to save and load a character design independently from your save game. (Share your designs with friends!) I ran into a situation where I had a character I liked, but I wanted to start a brand-new game with them. So okay. I’ll try this website business and see how it works out…
- I try my usual bullshit throw-away login I use on sites I don’t care about. The username exists, which means I’ve created an account. (Probably in Saints Row 3.) I try the normal passwords and they don’t work.
- I try the “forgot my password” button a few times. It claims to send an email. Never does. I should note that it doesn’t ASK for my email, which means if someone else is using this name then I’m spamming them with password request emails. The user should be prompted for the email, and if it doesn’t match the existing email the password reset message shouldn’t be sent. Barring that, the site should notify the user where it IS sent, so they know where to look and can tell if they’re trying to recover an account they don’t own. Blindly sending an email is the worst of both worlds: It’s inconvenient for the user but also insecure in that it can be used to harass and confuse the unwary.
- Fine. I’ll just create a new account. I run through it, and fill in the REQUIRED fields of home address with dummy info, since there is no reason Deep Silver should be asking for this. The account we’re creating here is only for the purposes of playing a game, and there is never a situation where they would need to know where I live. It’s just another chunk of personal info that could be harvested if their site was ever hacked. Stop asking for more info than you need.
- Account created, but I can’t log in. I try several times. It just says “name or password incorrect”. Maybe I mis-typed my password both times when creating the account? Unlikely, but it can happen.
- I use the password recovery. Once again, no email is ever sent. Nothing.
- Fine. Create ANOTHER account. I run through the account creation and give it another try. I’m REALLY careful to make sure I’m typing everything correctly.
- Still can’t log in. No emails have been sent for any of these accounts.
- Whelp, time to ask for help. Let’s see… where is the “report a problem” button? There doesn’t seem to be one. Nor is there a “contact us” page. There’s nothing. There is no place where you can contact anyone related to this website. I could run up the chain and go for their corporate contacts at parent company Koch Media GmbH (assuming they’re available and I can find them) but this has already sucked away a half hour of my life and I’m not going to spend another half hour sending bug reports to distant parties who can’t help me and won’t do anything about the problem.
- Twitter maybe? Nope, the Saints Row Twitter was last updated nine months ago. It was obviously used to spew marketing when the game was fresh and I’m sure nobody is paying attention now.
I wonder how long the site has been non-functional like this without anyone noticing? I would ASSUME it works for existing users, and just new account creation is broken? This is exactly how you end up with hacked servers: Pay some web monkey to make the graphics, create a login system to soak up the personal info of your users, then ignore the whole thing for ages while the data piles up. Eventually a hacker will find your dusty server, long out-of-date and bulging with personal info. They’ll make off with it and use that info to get more info, and it will be weeks before you even realize you have a problem.
The website – for all its pretensions to social networking – is actually designed to fend off communication. It also continues a trend I’ve observed where the companies least qualified to protect your information are the most likely to ask for more than they need. It’s obvious Deep Silver doesn’t care about this, or the thing would be working. It’s like the Rockstar Social Club and the Ubisoft Whatever Thing. Management doesn’t have a vision. They just know that Social Web is a Thing and We Should Be Doing it.
It’s not a huge deal, but since this really is a sad display of apathy I thought I’d post this here as a way of shaming the site. Also, let this be a warning to other companies wanting to put login screens in your videogames, like a child that wants a puppy: Managing user accounts is a big responsibility. The consequences for doing it poorly are sometimes extreme. If you don’t plan on taking care of it, then don’t get one.
Shamus Young is an old-school OpenGL programmer, author, and composer. He runs this site and if anything is broken you should probably blame him.