Slashdot Mirror
Blizzard, Bnetd Respond on Bnetd Shutdown
From: "Tim Jung"
Subject: bnetd.org shutdown
If you would like more information on this please feel free to contact me. I am
one of the developers and the hosting ISP for www.bnetd.org. I have talked at
lenght with both the Blizzard/Vivendi lawyers and with EFF lawyers about our
options both as an ISP and as a developer.
As an ISP I did not force the group to do anything, but rather presented them
with all the legal information I have recieved and asked them what they wanted
to do. As you can imagine neither my company nor any of the developers have the
money to fight the Blizzard/Vivendi lawyers at this time. So until we are able
to get some legal help to fight this we felt we had no choice but to close down
the site for now until the time at which we could fight this legal battle.
If you have any questions or suggestions let me know.
Tim Jung
System Admin
Internet Gateway Inc.
They wrote it.
They earned the right to sell it and protect it.
I'll still buy Blizzard games as long as they provide enough entertainment for the money.
42 - So long and thanks for all the fish.
Notice how they cleverly shift the argument from one of "Why did Blizzard (successfully) attempt to shut down this project?" to "Are you saying you support piracy?" This is what we call a strawman, boys and girls.
All they've done is piss off a bunch of people and possibly "prevent" a couple of copies of their games from being the target of copyright violation. Let's see... a couple fewer sales, or the loss of much goodwill? The really determined copyright violators will still find a way, then they'll make their methods known, so they're back to where they were in the beginning with fewer fans.
Yeah, great choice, guys.
--
Runnin' around, robbin' banks all whacked on the Scooby Snacks...
The only legal recourse for Blizzard is to try to shut down individual game servers residing in the US (small potatoes), or to try and track down developpers individually should they also reside in the US.
If you're an american developer for this, just deny any involvement from this point on.
I for one don't want to type in a 256-character CD key code when I install the game. That would certainly be stronger, but not necessarily smarter. Is that what you're advocating?
From the FAQ:
Q. What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net? A. Unfortunately, software pirates have spoiled this situation for hobbyists.
"Software Pirates" didn't spoil this for hobbyists. *Blizzard* spoiled it for hobbyists. In the style typical of any arrogant corporation, they don't care what their customers want; they just want to control every aspect of everyone's interaction with them. (IMO, this is typified by the horribly buggy CD copy protection on Diablo II -- ever try to play it with more than one CD-ROM drive, or the CD not in the first drive? Feh. They'd rather keep legitimate buyers from playing (hell, they already have our money) than risk letting even *one* "software pirate" slip through the cracks!)
Don't let Blizzard fool you. *They* are the ones who are causing problems here, not bnetd. What ever happened to "innocent until proven guilty?" (Yes, I know it's a legal principle, but it used to be widely practiced even by ordinary people... until the lawyers found they could make more money by pre-shafting people, so to speak.) Anyway, just my $0.02.
---Crash Windows XP with just a simple printf!
Any service that can validate a CD key or not would be an invaluable service for anyone attempting to determine what that algorithm is. Thus I can see why they would not want to provide that service.
Public key encryption is a tool that solves a completely separate problem, and could not be applied to this task.
Because
A: Evil developers could cache the successful CD-Keys and then give them away to friends, etc. The key would become invalid, and you'd get screwed (dependant on the amount of evil in the world)
B: Evil developers could generate a slew of 'fake' CD-keys and test the validity via the battle.net authentication...and then do what I mentioned in A.
Make this offer to blizzard : the bnetd supplies the server game code, but passes the authentication off to a Blizzard-run server....
Lets see how Blizzard would respond to that, if piracy really is the objection...
free experimental electronic music netlabel at www.viablehybrid.com
Don't get me wrong, it is well within their right to do so. Blizzard has been put into a tough spot by these server emulators, because they are forced to choose between an uncontrolled environment (which leaves the very real possibility of piracy), and high server load and an irate community that somehow feels that their rights are being violated.
You don't have to agree with their position (which I personally do) but at least understand the reasons WHY they are taking this stance.
"Ask not what your country can do for you." --John F. Kennedy
i have to object here. battlenet is free only in that there is no monthly fee. but, you certainly pay for it, as a portion of the retail price for the game. think of it as a 15 dollar or 20 dollar lifetime subscription.
:)
if battlenet were free, then you could theoretically play on it with a third party version of starcraft. however, you cannot.
i'm not denying that 50 dollars is a fair value for most of blizzard's games. they make great games, and starcraft is perhaps worth a half point on my gpa.
Servers that emulate Battle.net facilitate software piracy of Blizzard products by circumventing Blizzard's authentication code.
This is, of course, pure bollocks. I could as easily write that "Playing Diablo II in single-player mode facilitates software piracy by circumventing Blizzard's authentication code. What's really at issue is that they don't want any competition for their pay-for-play servers in the future, and are willing to overlook the fact that the bnetd folks aren't the ones who added WC3 support.
Here's the letter I wrote to Blizzard:
Dear Sirs,
I have been a Blizzard customer for many years now. My shelves have accumulated boxes of Warcraft, Warcraft 2, Starcraft, Diablo, Diablo 2,
and sundry expansion packs for those games. But I'm afraid actions your company has undertaken have persuaded me that I should stop being your
customer.
Like many others, I've been distressed recently by the damage hackers and cheaters have been doing to gameplay on Blizzard's Realms servers on the battle.net service. Duping items, hacking items, skill hacks, and various other methods of cheating have been running rampant. But until now, I've held out hope that Blizzard would take action to address these problems, and deliver on the cheat-free Realms that it has promised since before Diablo 2 was released.
Instead, I've noticed to my dismay that instead of investing its resources to improve the gaming environment for all legitimate players, Blizzard has instead chosen to squander those resources on stifling the innovation of those legitimate players. I speak, of course, of the letter threatening legal action Rod Rigole has sent to the bnetd project, hosted at http://www.bnetd.org. Mr. Rigole claims that this software violates the DMCA, and that it is Blizzard's interest that the software be suppressed.
Putting aside the fact that this is a questionable legal interpretation, given that bnetd is not a means to bypass anti-circumvention techology, does not facilitate copyright violation, and plainly lies within the DMCA's
exemption for reverse engineering done for the purposes of interoperability between privately-created software and preexisting software, and also putting aside the fact that I have never used the bnetd software, I am writing this letter to tell you that it is not within Blizzard's interest to take such action.
As evidence of that, I will offer the fact that your draconian action against a piece of software that only serves to enrich the gaming experience for thousands of your customers, has convinced me that I should not again purchase one of your products.
[signature]
Blizzard just needs to release a legitimate version of the B.Net server
This is a great idea. A couple problems though:
The current battle.net server is an in-house application, which means (since they probably didn't develop it with a public release in mind), it's probably (a) really warty (not that this would matter to the average buyer) and (b) probably horribly coupled to all kinds of internal proprietary servers. I mean, look at Bugzilla; it's successfully used by a lot of projects, but it started as an in-house bug tracking system and *it still really shows.* Just try to set it up sometime!
The server would probably only run on Windows, since that seems to be the main audience Blizzard develops for. Or, alternately, if it runs on *nix, their marketing types would probably say, "well, our customers aren't running *nix, so there's no point selling it." Catch-22 here.
Also, with LAN parties combined with Microsoft's infamous "no more than 10 people may connect to a Win2K Pro machine over TCP/IP" (yieh! you're just a *consumer*, a *nobody*, so sit down biotch!), Blizzard's lawyers might warn them about people violating Microsoft's EULA. And heavens, that might be worse than Software Piracy!
With the server released, that would be more code crackers could look at to try to reverse-engineer the CD key algorithm. True, this can be done with the game too, but maybe the authentication is written in perl or some other text based language that would be trivial to reverse engineer.
Blizzard/*Vivendi*. How likely is Vivendi to do anything that even resembles giving customers freedom? They're all about control of "consumers," nowadays.
Blizzard tech support, like any large tech support organization, is already overworked from idiots emailing them about trivial problems. At least they probably have a good procedure in place for dealing with this though. Server software is a completely different ballgame, and they'd probably have to hire new staff just to deal with it. To their minds, this could be just more money down the tube.
So basically I agree with you, but with the analysis for blizzard = spending more $$ on development + spending more $$ on tech support + fear of "software pirates" + general belligerence, I doubt it will ever happen. Oh well, we can always hope, right? :-)
---Crash Windows XP with just a simple printf!
Why is Blizzard trying to shut down servers that emulate Battle.net?
Servers that emulate Battle.net facilitate software piracy of Blizzard products by circumventing Blizzard's authentication code. Blizzard products are intellectual property, and we are well within our legal rights to protect our products from software piracy.
We, at Blizzard couldn't figure out how to keep people from copying our software, so we decided to do authentication in the server, and hope no one figures out how to write their own server.
Unfortunately, this is what the folks at Napster faced. Yes, they may claim that their software is legal, it's just the people that use it for illegal music trading that are the problem. I hope a solution can be found to make this project legit in Blizzard's eyes.
How do CD keys help reduce piracy?
Blizzard uses two main methods to combat piracy: disc-based copy protection and CD keys. As part of the login process, Battle.net authenticates the user's CD key and prevents people from logging in with the same key or an invalid key.
We realize that all attempts to combat piracy are futile. We put these schemes in place more to frustrate legitimate users than to stop determined people from copying our software.
It doesn't matter how stong the copy protection is, someone is going to figure out how to break it. Blizzard's methods are good enough to stop the casual pirates which is, IMHO, most important from a revenue standpoint. Why would a "legitimate" user have a need to be able to use the same key on two different systems at the same time?
Why doesn't Blizzard provide facilities that enable these emulators to authenticate CD keys through Battle.net?
In order for us to keep our proprietary CD-key algorithms secure, we cannot allow outside servers to query for the validity of CD keys.
We believe that keeping our CD-key algorithms secret makes our software look more secure.
See above. Blizzard puts bread on the table by making money through software sales. Why should they be required to open up their scheme to allow others to be able to pirate their software more easily?
What about software that hasn't been released yet? Wouldn't it be better to have as many people testing the beta version of Warcraft III as possible, even if they are playing on non-Battle.net servers?
The primary purposes of the Warcraft III Beta are to get play-balance feedback and to test our Battle.net servers. Our servers aren't tested if people are playing the Beta on rogue servers. Additionally, the Warcraft III Beta is not intended to be a product demo; when testing ends, we need the ability to terminate the Beta's functionality. Rogue servers eliminate our ability to expire beta versions of our products.
This is just the beginning. We need to be able to, on a whim, terminate your access to a game you rightfully bought. We are testing this scheme under the guise of a "time limited beta test". If we let others run servers, they could play the game they paid for whenever they want!
Again, it's their software. And it's a beta. And not intended to be as public of a one at that. If people are able to play the betas indefinitely, then what incentive would they have to buy the final version? I'm guessing a lot of the kiddies could live with a few bugs if they can save $50. Although chances are, they're the ones who are going to pirate the final version anyway.
What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net?
Unfortunately, software pirates have spoiled this situation for hobbyists. We are constantly working to improve Battle.net, and we sincerely hope that one day, no one will see any reason to seek alternatives to Battle.net for playing Blizzard games.
We don't understand why someone else would want to use an alternative to Battle.net. Our software is close to perfect, and who cares about those strange Linux-using customers?
Bottom line, if you don't like it, don't use it. Sadly, I'm sure that that's what a lot of people here are going to do and that's too bad. Why should Blizzard be required to do something that, while it may have legitimate interests for hobbyists, also makes their games easy to pirate?
Your games sell millions of copies. Why do you care if a few people pirate your software?
The sales success of a product should not exclude it from laws intended to protect intellectual property. Software piracy needs to be combated at all levels, and at Blizzard we intend to do our part to fight illegal distribution of copyrighted media.
Business as usual... "War on Piracy..." News at eleven...
Piracy is piracy. The argument that XXX makes lots of money so it's okay to pirate their software just doesn't hold up. Blizzard has gotten where they are because they make good software. If they can't be allowed to do what needs to be done to protect themselves, then what incentive do they have to keep making good software?
Debian servers still have the .deb files and source for bnetd. I've mirrored them here, just in case.
AEIOU: open-source anonymous internet currency
In order to argue this, you have to know an algorithm that can accomplish this. What is a key verification alg that is not in any way compromised by knowledge of the algorithm?
You have to put aside any thought of public-key crypto, because those systems are based on data which can be signed. Here there is no data.
Symmetric cryptography is also useless, for obvious reasons.
The task is complicated by the fact that we must assume the attacker has access to a very large number of valid keys.
We can't really use hash functions, either. The hash function could hash the CD key and accept only if the result has certain characteristics. But this is not practical because then Blizzard would be unable to generate the CD keys in the first place (they would have to reverse the hash to get the keys -- breaking their own system).
So, how would you do it?
The issue for me certainly wasn't pirating software. I puchased two copies of Broodwar so that my son and I could play.. and I have originals of all other games I play.
The issue was ease of access to cheat-free games. The bnetd server I use allows me to chat with friends and games without a bunch of people around with whom I don't want to talk, allows me to create games more easily without fear of someone else that I don't want in the game jumping in -- in general simply allows for a nicer experience. Further, it used to be that games created on Battlenet had *much* slower response times than those on a private server. Don't know if that's still true. (Creators of BnetD did have a *reason* for all that work.)
(Yes, you can create private rooms, but people still use them whether or not you want them to. You can't password a room.)
I paid the money -- all I'm looking for is a better experience. I get that on the private servers.
Sean.
I don't see what the problem is? I seen this comming sooner than later.
I think many of the "I'm never buying a bliz game again" talk is LAME. Grow up!
They have worked LONG AND HARD on this game, they merely are trying to protect their ideas because piracy IS of the result, and people who HAD the beta broke copyright.
WTF is the problem here, really? Blizzard has EVERY right! I totally support them!
This sound like yet another amateur cryptography to me.If they used a proper public key algo they would have no need to keep it secret.
This sound like yet another amateur cryptographer to me.
Before designing any sort of security system, you must understand all of the dynamics of the system. There are many reasons why PK is not helpful here. The biggest one is that using a digital signature of some piece of identifying data would result in *huge* CD keys. Think about it: To have reasonable security, you need to use at least 512-bit keys. A signature with a 512-bit key is 512 bits in size. Even with base-64 encoding that's still an *85-digit* key. Depending on how resourceful your pirates are, 512 bits may not be enough, so maybe you should use 768 bits, which gets you a 128-character CD key. Oh, and you also have to send the information that was signed, and it has to be at least 24 bits, and probably a few more, so add another five base-64 characters there. Anyone typing that enormous thing in will almost certainly make some errors, so you'd better add some more bits for a checksum and an error correcting code.
Further, there is absolutely no point to using PK here at all! If you must use a cryptographic solution, plain old 3DES, or AES, or Blowfish, or IDEA, or whatever decent symmetric key cipher will work great. PK exists to (partially) solve the "key distribution problem", which is the difficulty of securely arranging for a shared key between two parties. There's none of that here. The problem here is for Blizzard to be able to distribute a large number of little piles of bits which users can regurgitate back to Blizzard whenever they want to play on the network. Blizzard makes the numbers, Blizzard verifies the numbers. Using, say, an 8-byte block cipher to encrypt a string containing an ID number padded in some structured way gives you an 11-digit base-64 encoded CD string. Much nicer. I can think of another approach that would allow you to shave a couple of digits off of that without sacrificing significant security.
Really, though, it's not clear that crypto is even required. Choose a random ~64-bit number for each CD key, encode it using base 64 or the like and store it in a database. When a request comes in, look it up in the database. If the number is there, cool. If not, drop the connection.
I should also note that with any solution, there really should be no problem with Blizzard setting up a key verification oracle, because if you use good crypto (or just sufficiently large random numbers) the odds of someone being able to use the oracle to either break the crypto or discover a key are low and infinitesimal, respectively. However, if I were consulting for Blizzard, I would probably recommend that they not do such a thing because (a) it wouldn't do any good, people would just hack the verification code out of bnetd and (b) there have been lots of interesting oracle-based attacks on ciphers in the past, and while none are known for the current crop of strong block ciphers, new discoveries may happen at any time.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Bnetd isn't the least of Blizzard's problems right now. If you haven't been following the Diablo saga, here's a short history.
Diablo I was quickly prone to excessive hacks because all character information was stored client-side.
Diablo II was released under the premise that character data was unhackable under a secure server. However, packet sending programs became capable of producing duplicates of godly items, and more recently hack into item properties, and bring characters up to essentially infinite skill levels. Essentially, Diablo I all over again (a big reason for this IMO is that Blizzard does not disallow the selling of game items and characters on ebay, as do the makers of Ultima Online and EverQuest).
After the most recent wave of hacks (typically a new hack is produced, and its use becomes so widespread that Blizzard has to patch it to get it's servers running again), Blizzard announced that it had deleted accounts found sending bogus packets.
Up to WarCraft III all Blizzard products have been free to play on Battle.Net. If they can't be more proactive in securing their servers, the prospects for World of WarCraft, their monthly payment MMORPG under development, does not instill one with confidence.
If battle.net is free, this point is mute.....
I don't think this is about Piracy. I believe it is about competition for the on-line revenue stream. I'm betting that Blizzard etc sees Battle.net as a major money maker. If they can force the free competition to be shut down, then they control the Warcraft III monopoly and save their revenue stream.
You're right, they wouldn't stand a chance if they went to court, assuming you mean bnetd.
Most people are missing the key fact here of the timing of Blizzard shutting them down. Blizzard didn't do it when they first heard about it, for reasons that many have stated here already. There are many legit reasons why you'd want to run a Starcraft/Diablo server. Blizzard's problem with bnetd only started when functionality to allow Warcraft 3 to run was added. War3 is not a product. (yet) There are absolutely zero non-copyright infringing uses for bnetd to be War3 compatible right now. People who joined the beta signed up to help blizzard test the game in exchange for being able to play ahead of time (for free!). They don't have the right to be able to play on their own servers because they agreed to play on b.net, nor do they have the right to give it to anyone they want. These were conditions of being able to be in the beta in the first place.
It's only normal to assume the worst of a large corporation and in many cases I would agree, but in this case (as I understand it) I do not. How else do you explain the other projects which allow for b.net emulation (fsgs etc) that exist and have for quite some time without problems from Blizzard and are not being shut down by Blizzard.
If what I believe to be true regarding this matter is in fact true, I have no problem with Blizzard doing this, DMCA notwithstanding.
I fear everyone here is completely missing the mark!
It's all about the ad-revenues. You see, Blizzard sells ads on and if they allow people to run their own servers, then it eats into their advertizing cash cow.
Their talk of piracy and the DMCA is all just a white-wash to pacify the good little sheeple into thinking they might be justified in their actions.
As Frank Herbert said, "Wealth is a tool of freedom, but the pursuit of wealth is the way to slavery."
Prior to this action by Blizzard, I had no reason to use bnetd servers. Now I have one.
Edith Keeler Must Die
If they were upset about War3 support then why did they shutdown the project that didn't support War3 instead of the one that did?
Not quite. In this partcular village, the spies have the ability to magically transform other citizens to spies, and quite rapidly. Additionally, these spies have convinced other citizens that being a spy is ok, because the methods to become a spy are so innately simple. After a while, a great deal of spies become the majority.
For further reading, see Napster(n).
It seems to me that the main problem here is that Blizzard brought the DMCA into it. If they had taken some other angle, maybe even politely asked the developers to remove Warcraft III support (I realize that might not be realistic but it probably would have been better than the PR nightmare Blizzard is dealing with now). By taking the "cease & desist first, ask questions later" approach, they come off looking like a megacorp. trying to screw everybody.
-dbc
Why can't Blizzard change the CD-Key check route so that is always checks the key from Battle.net servers and not from the server you might use to play. This should be fairly easy to implement and would catch some pirates (but not the ones with key generator). You could ofcourse fake DNS entries or forward packets to your own server, but this would be too hard for "normal" people and anyways you can play directly with your friends without Battle.net and CD-Key check.
Best think would be if Blizzard starts to sell official Battle.net servers (or it could come with the game). That would be great and also would fix many problems due to over populated Battle.net servers. And people still would use to official Battle.net server because there you can collect fame, score, be number one in ladder etc..
- Raynet --> .
Dear Sirs,
For the past 5 years, I have been a customer of your company. I have bought and enjoyed many of your games, from Warcraft 1 to Diablo II. I have always been amazed at the new and inovative ideas and technology that goes into every one of your products. Warcraft III is no exception to this rule. Even without playing it, I can already tell that this game will be one of the greatest RTS games in history. I have been telling all my friends about it and have even gone so far as to upgrade two of my PC's for the sole purpose of running Warcraft III. I thought that it was money well spent....I was wrong.
What right do you have to tell legitimate,PAYING customers how they should use their software?! Have we not already supported you in many ways? Not the least of these being the spending of thousands of dollars world-wide in an effort to show our love and support for your company! To take measures to protect your "Intellectual Property" is all well and good. But to emulate Microsoft corporation by limiting your customers ability to innovate and expand their computers capabilities,I just cannot find a logical excuse for a tactic like this.
When Battle.net was created, I was overjoyed at the thought of being able to play with my cousin that lives in another state. Just the thought of being able,with minimum effort and a few mouse clicks,to play a game with someone over 500 miles away without expensive phone charges was almost too good to be true. Too bad that it was. Within a few weeks of using it, I witnessed persons misusing the Battle.net service,cheating,hacking,spamming, and various other offences. I complained and noticed that some minor steps were taken, but soon after,I witnessed the same *illegal I might add* actions being committed over and over again. So finally,fed up with a service that no longer was putting the customer over it's own profit-needs, I searched for another way to play games like Warcraft II-BNE and Starcraft-BroodWar with my friends. Bnetd was the answer to my prayers. It gave my friends and I a way to create servers that were free of cheaters,hackers,and spammers. My friends and I were overjoyed that a group of average "Joe Smith" kinda guys would donate their time FREELY to create a better gaming environment for all gamers to enjoy. They even went so far as to offer linux versions of their open-sourse software so that linux users were no longer left out in the cold by your company.
But in the end...the almighty dollar beckoned...and YOU ANSWERED THE CALL. Immediately you tooks steps to "protect our Intellectual Property"
and said that you "are well within our legal rights to protect our products from software piracy." In this fact,I do agree with you. However, I do not agree with the manner in which you dealt with the situation. I am sure that if you had even tried to work out an agreement with the creators/maintainers of Bnetd, that they would have been happy to have done all they could to accomodate any changes in their software that you thought would be nessessary to facilitate the full protection of your "Intellectual Property". But instead you , ONCE AGAIN, decided to follow in the footsteps of the power hungry Bill Gates and crush a small group of open-sourse programmers who were truly trying to inovate the sorely-lacking gaming industry by FREELY giving THEIR TIME in the hopes that one day you would finally clean up Battle.net and restore the honor and respect that many users once had in you...but this was not to be.
My (ex) friends, today the gaming industry has lost something....something precious. It has lost compassion for the very core of what keeps games selling and companies like you alive....The Gamers Themselves! You have revealed your true intentions to the world and I will no longer support you in the path that you have chosen to take. I will no longer purchase any software your company has to offer. I will no longer speak kindly about your company to anyone I meet.
I'm sure that others will have compassion for the roots of the gaming industry again someday, and I pray that someone is YOU.
This concludes my feelings on this matter. Thank you for your attention.