The uproar over Ubisoft’s new DRM, that I covered in the 21 Feb WNR, got me thinking that how can a game company’s idea of a sensible DRM solution be so far from that of the average gamer. Did Ubisoft not know that their new DRM solution that requires a constant Internet connection would not go down with the general gaming community? Or did they simply not care?
So instead of having a whinge, like most of my other posts on this blog, I though it would be nice to try and take a balanced approach to the problem and analyse the situation closely, playing the Devil’s advocate if I have to. Perhaps it will shed light on any compromises that may make DRM workable.
Why do you need DRM?
Games get pirated. PC games especially. Game companies need to protect their products and make it as difficult as possible to pirate them. Games without DRM are an open invitation to online piracy, and also casual piracy where friends share a single purchase and install the game multiple times on multiple PCs. And without protecting their games, publisher fear that people will start to think that it is acceptable to pirate them.
But DRM has so far not stop games from being pirated. It may be effective against less popular titles that crackers ignore because it’s not worth it, but for the popular games, they are made online in a matter of days, if not sooner. Ubisoft may think their always connected approach will make the games harder to crack, but Silent Hunter 5, which uses the new DRM system, was cracked just a few hours ago, and less than 24 hours after the game was released.
It does make playing the games more inconvenient for people who have purchased the game, and it’s no secret that many resort to cracks to remove DRM from their games, or failing that, download the pirated version even after they’ve paid for the legal one.
Conclusion: Games get pirated regardless of DRM. At best, it slows the availability of the pirated version of make it more difficult to run, but determined users will find a way, and it might still be easier to deal with than DRM. All DRM does right now is to inconvenience legitimate customers.
DRM Type 1: DVD Checks
These are the easiest form of DRM to crack, and the oldest around. Sure, some things have changed like blacklisting and background services being installed to prevent the use of DVD emulators, but again it’s only a matter of time before it is cracked. This is also the form of DRM that buyers of the game frequently removes, as having to find and insert the DVD every time you want to play the game is a pain. Also, it means you must carry the DVD with you if you want to play the game while away from home. And only one person can play the game at the same time. Not only that, the SecuROM loader may also be hard to remove and it can interfere with your legitimate apps. The more advanced SecuROM also requires online activation, which basically bundles a DVD check with the type 2 DRM method listed below. And even if you jump through the hoops, the game still may not work due to compatibility and other issues, and the only alternative is to crack it if you want to play it.
Conclusion: This type of DRM is the easiest to crack and potentially very annoying to legitimate customers. It is also quite outdated as it doesn’t offer multiple install limitations by itself, and serial and perhaps time will see it phased out in favour of online based authentication solutions, like the Steam or Ubisoft systems.
DRM Type 2: Once only online authentication
EA/Dice’s Battlefield 2: Bad Company uses this method, along with the “limited install” method. After you install the game, you only need to go online once to authenticate it, and it will never check again until some 27 years later. DVD checking is removed, so once you do the initial online authentication, you’ll never have to “prove” your innocence again. To prevent people authenticating and then giving the game away to do the same, the same serial can’t be used too many times (more on that later). As with any kind of DRM, it can be cracked (and it is probably quite easy to do so as well), but legitimate users may find that they don’t need to do it, and multiple install limit of 10 usually is generously enough to never having to worry about this aspect of the protection. Of course, this means that you must have an Internet connection if you want to play the game, but not many people have machines capable of playing new games and yet have no access to the Internet.
If the authentication server is down, then new users can’t start to play games until it does up again, but you only have to authenticate once anyway. If the authentication service is shutdown and no longer supports aging games, then purchased games can’t be played, although it stands to reason that the game won’t be sold at that time anymore, or will be sold in a variety that comes pre-authenticated.
Additional online features, such as trophies/achievements, can be optionally enjoyed, although this probably turns the game to a “type 3” (see below) DRM, where logging into the optional online environment requires some sort of rudimentary authentication check (although probably less involved than a true “type 3”).
Conclusion: This is probably the most sensible type of DRM, although like all others, it fails to prevent piracy. It does prevent most legitimate users from having to resort to cracks to play the game conveniently, and this is also the least intrusive method, requiring no background apps that are hard to uninstall or constant Internet checks.
DRM Type 3: Once every startup online authentication
Steam uses this kind of method, although it does have an offline mode. Every time you start the game, it will check online to make sure you’re running a legitimate version. This again is easy to crack, and is slightly annoying to legitimate users as it locks them to a platform like Steam, and it means they need to ensure they have an Internet connection whenever they want to play the game. However, Steam does offer an offline mode that works like the “Type 2 DRM” above. Other platforms, do not. Platforms such as this also offers online features, such as chatting, trophies/achievements and other community features, that a totally offline game would not (or a game that loses its Internet connection during a session). If the authentication server is down, the you’re out of luck. If authentication support is removed due to old age, then you’re left relying on the platform operator to do the right thing and release offline patches, or otherwise, all your games will be unplayable. Judging from Steam’s success, people don’t seem to mind these restrictions too much and it’s unlikely to cease supporting games, although given a choice, most people would probably prefer not to have the Steam client on their system at all.
Conclusion: This kind of DRM is just about acceptable to the masses, although the option to go completely offline is required. The additional online features, which are optional, does add value to games. But you are reliant on others to ensure the authentication server is online.
DRM Type 4: Constant connection online authentication
And we come to Ubisoft’s system. It doesn’t work because it’s already been cracked. And it inconveniences legitimate users because those without a steady, constant Internet connection won’t get to enjoy the game as it pops up an error message every time the connection dies. It also means it’s impossible to play the game with an Internet connection, so no offline mode. The same kind of additional online features can be offered as with the “type 2” and “type 3” DRMs.
Conclusion: This type of DRM seems to offer no advantages to the other kinds of online authentication, other than to show the game publisher’s total lack of trust in their customers. The pirates will play the cracked version with the authentication part removed, while legitimate users will play games hoping their Internet connection, or the authentication server, doesn’t die.
DRM Type 5: Multiple Install Limitations
Often used in combination to one of the above DRM types, multiple install limitations places a limit on how many copies of the game you can have installed on computers at any one time. The authenticate once DRM relies on this to ensure a single serial isn’t used hundreds of times over. This is different to how many concurrent gaming sessions you have on at any time, which may be just the single. You may need multiple installs for multiple PCs you have at home or work. Or if you’ve changed PCs, then you will need to have another install. The older type of system will keep track of how many installs you’ve made, and once that limit is reached, you won’t get to install the game anymore. In the bad old days, the limit wasn’t very generous, and people who upgrade their PCs a few time will then get locked out and have to contact tech support to unlock the game. The newer kind allows you to uninstall a copy to get back an “install credit”, which then allows you to install it on as many new computers as you wish, as long as you keep on uninstalling the copy on the old computer.
This type of limitation may be a bit redundant depending on which type of authentication the game also uses. With the type 4 constant connection DRM, this is redundant because the authentication server is able to track how many concurrent sessions there are and ban any serial that has too many. Even with the once at start up authentication method, this can be checked during authentication, and a pirated serial is likely to have many trying to authenticate at the same time from all over the world (this is the theory anyway, in practice, the pirated version doesn’t even need to contact the authentication server).
In real practice, there is really no need for this type of DRM unless it’s coupled with the once only type of authentication (type 2), and to be fair, this is usually the case. For example, Ubisoft’s new DRM places no install limits (it will only allow one session at any one time). Steam, likewise, has no install limits. But in some rare cases, like Bioshock 2, this limitation is placed (and it’s the bad old kind, the one that requires you to call tech support) along with a SecuROM DVD check and once per start up online authentication (Games for Windows).
Conclusion: This one is only need with the authenticate once method. Using it with any other method in place is overkill.
So what kind of DRM is acceptable and unacceptable to the general public?
So we get to the crux of this blog post. Just what kind of DRM are people willing to accept, and will still provide game publishers with that false sense of security that they crave. We’re of course talking about people who are willing to pay for games in the first place, as people who pirate will always do so either because they can’t afford to do anything else, or because they don’t want to. Based on the above analysis, here’s what’s acceptable and reasonable:
- Online authenticate, but please only do it once, even if it means install limits
- If you must authenticate for each gaming session, at least have a fallback offline mode for those with wobbly Internet connections and there should be no install limits
- Neither of these methods should use DVD checks
And of course, what isn’t reasonable:
- DVD checks because it really doesn’t protect the game publisher, as it is too easy to get rid of, and is redundant if used with online authentication
- Constant online authentication – it’s just a bad idea that offers no extra protection for the publisher, and offers plenty of reasons for gamers to abandon the system for a pirated version
- Combining two or more of the five listed types of DRM above (excluding the combination of type 2 and 5, since once only authentication can only work in conjunction with install limits)
If DRM doesn’t prevent piracy, and if game companies must have them as a security blanket, what can game companies do to compensate paying customers for the inconvenience or encourage others to pay for the game?
The answer is already mentioned above: have lots of online based, but optional services that helps to provide extra value to the legal version. One thing the pirated version find it hard to do is to connect online to official servers, since any connection could invalidate the installed version or prevent usage. So having these online services like chatting, video/screenshot uploads, trophies/achievements, and perhaps even extra downloadable content (free or paid for), will all help convince people that the legal version is the best, most complete, version of the game.
And of course, price the game competitively, especially downloadable versions that offer savings to the publisher in terms of production, transportation and retail costs.
But whatever game companies do, they should respect paying customers and respect their legitimate concerns about annoying DRM system. Do the best to ease the inconvenience and compensate customers for their troubles. Don’t force them to prove time and time again that they’re not breaking the law by adopting a guilty until proven innocent attitude.
And then, and only maybe then, they’ll win back some of the people they’ve lost to piracy.