Shamus has long been a gamers’ advocate with regards to prohibitive DRM on computer games, and even has a common-sense 5 point solution to the problem. Unfortunately, since his plan (which treats customers as customers instead of potential pirates) does nothing to actually prevent pirates from pirating games, his solution is likely to be ignored. It seems to me that any solution to ease the DRM load on the end user will need to at least make a token effort to reduce or otherwise inhibit piracy, for it to be taken seriously. Obviously, the common-sense argument that Shamus makes, namely that good business practices which treat customers like a scarce resource instead of a bitter enemy will result in higher revenue despite piracy, is simply not going to penetrate. Even Penny Arcade, a longtime gaming fansite, fell prey to DRM’s allure in their own game, after all.
Somewhat related to all of this is the lesser issue of CD keys, about which Shamus draws a distinction to DRM with. If all DRM was just CD keys, then DRM wouldn’t be that much of a pain, but the problem with CD keys from the manufacturer perspective is that they can be written down, cut and pasted, emailed, etc. I’ll readily admit that I’ve used CD keys for various software in the past that were “borrowed” – its no different (apart from being less annoying) than the old “whats the 10th word on page 4 of the game manual” routine. So, again, as far as preventing piracy, or even mitigating it, CD keys just can’t solve the problem.
However, in considering CD keys, a possible solution to piracy does present itself. What is needed is something that is both dynamic and tied to the specific user. For example, imagine a software download service wherein:
1. game can be downloaded if user sets up an account and registers a credit card for payment. game can also be mailed out on physical media for nominal extra charge.
2. user is asked to set a password to their account. This account is treated like a bank acct password, ie you have the little picture for verification, you have security questions about your mom’s maiden name etc, the whole bit.
3. upon download, game can be activated for installation (not play!) by entering a key that is generated via a standard one-way function in real-time by several inputs:
a. the license number emailed to the user (or printed on the back of the physical disk).
b. the user’s username and password to their online account
c. the current date and time (automatically slurped from public date/time servers).
4. the game itself can be played anytime, but still requires username and password (not CD key).
the advantage of the scheme is that the activation code for installation is not a static string but something that changes in a consistent way. The one-way function should be something very well-known (like MD5). The only way that the game can then be shared would be for the user to share his account password and login, which presumably they’d be incentivized NOT to do, because their account represents private data including payment information for future game purchases.
The user would be happy because the code is easy and really just requires a simple login, and then the game is fully unencumbered for play. The game company would be happy because they are tying each copy of the game to a specific consumer, and they can leverage that for marketing purposes as well (for example, offering good customers a buy 10 get one free deal, or a points system to redeem games, or the option to download exclusive minigames or other freebies). The problem for pirates who want to distribute the game should be pretty clear – especially if the encryption on the actual game software is pretty high.
What do you think? would this work? does it meet all of Shamus’ criteria for a solution to the problem?