Slashdot Mirror
Blizzard, Bnetd Respond on Bnetd Shutdown
From: "Tim Jung"
Subject: bnetd.org shutdown
If you would like more information on this please feel free to contact me. I am
one of the developers and the hosting ISP for www.bnetd.org. I have talked at
lenght with both the Blizzard/Vivendi lawyers and with EFF lawyers about our
options both as an ISP and as a developer.
As an ISP I did not force the group to do anything, but rather presented them
with all the legal information I have recieved and asked them what they wanted
to do. As you can imagine neither my company nor any of the developers have the
money to fight the Blizzard/Vivendi lawyers at this time. So until we are able
to get some legal help to fight this we felt we had no choice but to close down
the site for now until the time at which we could fight this legal battle.
If you have any questions or suggestions let me know.
Tim Jung
System Admin
Internet Gateway Inc.
Notice how they cleverly shift the argument from one of "Why did Blizzard (successfully) attempt to shut down this project?" to "Are you saying you support piracy?" This is what we call a strawman, boys and girls.
All they've done is piss off a bunch of people and possibly "prevent" a couple of copies of their games from being the target of copyright violation. Let's see... a couple fewer sales, or the loss of much goodwill? The really determined copyright violators will still find a way, then they'll make their methods known, so they're back to where they were in the beginning with fewer fans.
Yeah, great choice, guys.
--
Runnin' around, robbin' banks all whacked on the Scooby Snacks...
From the FAQ:
Q. What about the hobbyists who are not pirating your software but just want to use these servers as an alternative to Battle.net? A. Unfortunately, software pirates have spoiled this situation for hobbyists.
"Software Pirates" didn't spoil this for hobbyists. *Blizzard* spoiled it for hobbyists. In the style typical of any arrogant corporation, they don't care what their customers want; they just want to control every aspect of everyone's interaction with them. (IMO, this is typified by the horribly buggy CD copy protection on Diablo II -- ever try to play it with more than one CD-ROM drive, or the CD not in the first drive? Feh. They'd rather keep legitimate buyers from playing (hell, they already have our money) than risk letting even *one* "software pirate" slip through the cracks!)
Don't let Blizzard fool you. *They* are the ones who are causing problems here, not bnetd. What ever happened to "innocent until proven guilty?" (Yes, I know it's a legal principle, but it used to be widely practiced even by ordinary people... until the lawyers found they could make more money by pre-shafting people, so to speak.) Anyway, just my $0.02.
---Crash Windows XP with just a simple printf!
Make this offer to blizzard : the bnetd supplies the server game code, but passes the authentication off to a Blizzard-run server....
Lets see how Blizzard would respond to that, if piracy really is the objection...
free experimental electronic music netlabel at www.viablehybrid.com
Servers that emulate Battle.net facilitate software piracy of Blizzard products by circumventing Blizzard's authentication code.
This is, of course, pure bollocks. I could as easily write that "Playing Diablo II in single-player mode facilitates software piracy by circumventing Blizzard's authentication code. What's really at issue is that they don't want any competition for their pay-for-play servers in the future, and are willing to overlook the fact that the bnetd folks aren't the ones who added WC3 support.
Here's the letter I wrote to Blizzard:
Dear Sirs,
I have been a Blizzard customer for many years now. My shelves have accumulated boxes of Warcraft, Warcraft 2, Starcraft, Diablo, Diablo 2,
and sundry expansion packs for those games. But I'm afraid actions your company has undertaken have persuaded me that I should stop being your
customer.
Like many others, I've been distressed recently by the damage hackers and cheaters have been doing to gameplay on Blizzard's Realms servers on the battle.net service. Duping items, hacking items, skill hacks, and various other methods of cheating have been running rampant. But until now, I've held out hope that Blizzard would take action to address these problems, and deliver on the cheat-free Realms that it has promised since before Diablo 2 was released.
Instead, I've noticed to my dismay that instead of investing its resources to improve the gaming environment for all legitimate players, Blizzard has instead chosen to squander those resources on stifling the innovation of those legitimate players. I speak, of course, of the letter threatening legal action Rod Rigole has sent to the bnetd project, hosted at http://www.bnetd.org. Mr. Rigole claims that this software violates the DMCA, and that it is Blizzard's interest that the software be suppressed.
Putting aside the fact that this is a questionable legal interpretation, given that bnetd is not a means to bypass anti-circumvention techology, does not facilitate copyright violation, and plainly lies within the DMCA's
exemption for reverse engineering done for the purposes of interoperability between privately-created software and preexisting software, and also putting aside the fact that I have never used the bnetd software, I am writing this letter to tell you that it is not within Blizzard's interest to take such action.
As evidence of that, I will offer the fact that your draconian action against a piece of software that only serves to enrich the gaming experience for thousands of your customers, has convinced me that I should not again purchase one of your products.
[signature]
This sound like yet another amateur cryptography to me.If they used a proper public key algo they would have no need to keep it secret.
This sound like yet another amateur cryptographer to me.
Before designing any sort of security system, you must understand all of the dynamics of the system. There are many reasons why PK is not helpful here. The biggest one is that using a digital signature of some piece of identifying data would result in *huge* CD keys. Think about it: To have reasonable security, you need to use at least 512-bit keys. A signature with a 512-bit key is 512 bits in size. Even with base-64 encoding that's still an *85-digit* key. Depending on how resourceful your pirates are, 512 bits may not be enough, so maybe you should use 768 bits, which gets you a 128-character CD key. Oh, and you also have to send the information that was signed, and it has to be at least 24 bits, and probably a few more, so add another five base-64 characters there. Anyone typing that enormous thing in will almost certainly make some errors, so you'd better add some more bits for a checksum and an error correcting code.
Further, there is absolutely no point to using PK here at all! If you must use a cryptographic solution, plain old 3DES, or AES, or Blowfish, or IDEA, or whatever decent symmetric key cipher will work great. PK exists to (partially) solve the "key distribution problem", which is the difficulty of securely arranging for a shared key between two parties. There's none of that here. The problem here is for Blizzard to be able to distribute a large number of little piles of bits which users can regurgitate back to Blizzard whenever they want to play on the network. Blizzard makes the numbers, Blizzard verifies the numbers. Using, say, an 8-byte block cipher to encrypt a string containing an ID number padded in some structured way gives you an 11-digit base-64 encoded CD string. Much nicer. I can think of another approach that would allow you to shave a couple of digits off of that without sacrificing significant security.
Really, though, it's not clear that crypto is even required. Choose a random ~64-bit number for each CD key, encode it using base 64 or the like and store it in a database. When a request comes in, look it up in the database. If the number is there, cool. If not, drop the connection.
I should also note that with any solution, there really should be no problem with Blizzard setting up a key verification oracle, because if you use good crypto (or just sufficiently large random numbers) the odds of someone being able to use the oracle to either break the crypto or discover a key are low and infinitesimal, respectively. However, if I were consulting for Blizzard, I would probably recommend that they not do such a thing because (a) it wouldn't do any good, people would just hack the verification code out of bnetd and (b) there have been lots of interesting oracle-based attacks on ciphers in the past, and while none are known for the current crop of strong block ciphers, new discoveries may happen at any time.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
No, you won't. You'll pay money for and agree to Blizzard licenses that permit you very limited rights to use the data and applications that (quite incidentally) came in the boxen with the licenses. You won't read the licenses, nor will you understand that you are agreeing that Blizzard may change the terms under which you may use their content, or revoke your license at any time, or simply withdraw the services advertised on the back of the box, or (in future) wiping the game from your drive, and all without giving you any notice or explanation or assumption of innocence.
You won't care until - despite Blizzard's control freakery - a pirate clones or guesses your CD key, or one of your friends jots it down, with or without your knowledge, or you get sold a returned box that's already been registered - and this actually happened to me, which made for an interesting little debate with the retailler - and you get refused access to Battlenet. Or Blizzard (or whoever group of lawyers happens to own them at the time) just stop providing Battlenet. Then you'll care, but Blizzard won't care, because you agreed to a license that says they don't have to.
Then you'll wish there was a bnetd. Then you'll say "Why did nobody stand up for this when we had a chance?"
If you were blocking sigs, you wouldn't have to read this.
You're right, they wouldn't stand a chance if they went to court, assuming you mean bnetd.
Most people are missing the key fact here of the timing of Blizzard shutting them down. Blizzard didn't do it when they first heard about it, for reasons that many have stated here already. There are many legit reasons why you'd want to run a Starcraft/Diablo server. Blizzard's problem with bnetd only started when functionality to allow Warcraft 3 to run was added. War3 is not a product. (yet) There are absolutely zero non-copyright infringing uses for bnetd to be War3 compatible right now. People who joined the beta signed up to help blizzard test the game in exchange for being able to play ahead of time (for free!). They don't have the right to be able to play on their own servers because they agreed to play on b.net, nor do they have the right to give it to anyone they want. These were conditions of being able to be in the beta in the first place.
It's only normal to assume the worst of a large corporation and in many cases I would agree, but in this case (as I understand it) I do not. How else do you explain the other projects which allow for b.net emulation (fsgs etc) that exist and have for quite some time without problems from Blizzard and are not being shut down by Blizzard.
If what I believe to be true regarding this matter is in fact true, I have no problem with Blizzard doing this, DMCA notwithstanding.
So, if they're going to play on the TCP/IP field, they'll either have to figure out a better way to protect their connections, or realize that they'll just have to let other servers emulate their own.
And let me point out that Blizzard openly has said in their various games (like Diablo manuals) that part of the price of their game goes towards pay for the Battle.net servers. That means that if you're a legitimate owner of a Blizzard game, you get to play on the servers you payed for. If you're a pirate, guess what? You can't play on *their* servers. Blizzard doesn't pay for these other rogue servers, so they aren't having pirates sucking their own access. Also, Battle.net servers are where the brunt of all players are at, since they are the official servers and come automatically configured in your game. Playing on BnetD means dealing with less players, and perhaps unstable servers that can disappear at a moment's notice, since there is no single company making sure that they're running properly. You get what you pay for.
Lastly, let me point out again that Blizzard points out that we pay for the servers in the price of the game... and if the servers are down or extremely laggy (which happens often), then the value of the service has degraded below our expectation. If a legitimate gamer is unsatisfied with their multiplayer experience, they should be able to have the freedom to choose a non-Blizzard server to find. Blizzard should be happy about this, since it helps: 1) reduce load on Battle.net servers, and therefore ensuring better connectivity on their server, 2) provide many more choices in servers than Blizzard can afford to pay for, and 3) retain players for future Blizzard games purchase. For instance, I stopped playing Diablo II because of server problems, which can affect my buying decision for future games. Why should I buy Warcraft III if I expect the servers to still be sucky? If BnetD is an option, that could sway me to purchase Warcraft III. I understand that those who know about BnetD don't make up a large percentage of Blizzard's customers, but it is so significant, and they shouldn't assume that they can just alienate a minority to enhance revenue.