Slashdot Mirror
TransGaming Tagging Downloads to Combat Piracy
SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."
Comment removed based on user account deletion
Don't buy it.
Look at nearly every product with 'activation' or a 'cd-key' and it's been cracked. All these 'protections' do is make it easier for pirates to pirate and harder for legit users to get to work.
Your hair look like poop, Bob! - Wanker.
Me, when I do a lot of work, I like to get paid for it. TG is 'fronting' the money needed to develope until they sell the product; if they don't sell enough, then it's not worth it to them to keep doing it and they fold up their tent and go home. If somebody likes their stuff *that* much, then pay for it.
--- Asking inconvenient questions for over 30 years...
I was recently getting back into gaming and considering becoming a Transgaming subscriber again. Maybe I would have chosen not to anyway, but I'm certainly not after this. Not because it's really worse than anything any other proprietary software company would do, but because it reminds me of why I prefer free (libre) software over proprietary software.
I remember when Transgaming was going to open source everything they wrote, if only they got enough subscribers. Well that pipe dream fell through. I'll stick to free software. There's no going back on such a promise with free software.
Honestly, thats probably the most non-intrusive copy protection there could be. The problem is why did they include it without telling anyone? These people paid for it, so don't they deserve an explanation? And even more odd is that, since their "protection" scheme is now known, whats to stop, say, a pirate from altering the archive and putting it on P2P?
Thats exactly why TransGaming is a subscription based service. You pay $5/month, and get access to any new versions that come out, support, and a vote in the games TG works on next.
But from reading the article, I don't get the impression that this is an anti-piracy effort either. Consider that the RPMs and DEBs are unaffected. Could be anti-piracy, but it could also be just a download counting system or maybe per-user customization.
Certainly, it seems clear that they're not actively tracking you and that they're not going to be able to tell if you happen to install it on your desktop and laptop. The only way you're going to get in trouble (if that is indeed their goal) is if your unaltered tgz starts appearing en masse on the p2p networks.
If Linux is going to go bigtime on the desktop, you are just going to have to put up with this kind of stuff. Hell, I would bet that distributors put even more protection on commercial Linux apps/games since (pardon my generalization) Linux users are used to software being free (as in beer). Prepare for it to get worse in the coming years.
If you don't download it, you don't have any "loss" of privacy.
People throw around the idea of the loss of privacy as though they are being compelled to download whatever it is.
..but I feel their pain.
I've discussed this option before, and it's difficult to do without developing an entirely new online distribution format, however it is (in the end) an infinite uphill battle when it comes to copyprotecting non-multiplayer games. Signing a download will simply thward willy-nilly copiers. Any warez producer worth their salt will breeze by this one by either producing their own archives by simply ferreting out the watermark.
I'm not familiar with cedega, but I'm sure it's no different from any other title. If it ain't an MMO, you can't attain near-zero piracy - period.
Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer. No updates, no piracy, no privacy.
Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
I think that was the original point. All the cracked versions will have 0x00 in the tags, but legitimate users will be encumbered.
When a copy protection scheme makes it desireable for legitimate users to used cracked versions of the software then there needs to be a rethink.
"Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
Obviously they're concerned about the amount of piracy.
For the money that they charge, you'd think that people who actually choose to use their product could bring themselves to pay for it.
I know there are a lot of people who take the 'boycott WineX' approach because they think WineX harms gaming on Linux in the long run. This post obviously has nothing to do with them, as they choose not to run it.
For those of us who choose to run it, I really can't see what the problem with paying for it is. I've paid on 3 separate occassions. On each occasion I'd paid because another game I wanted to play was now supported, and I've been satisfied each time.
So how about the leeches among us start supporting the rare breed of company that shows any interest in Linux on the desktop?
If a person knows enough to be using Linux AND this application, chances are they can easily get around the watermark, so what's the point in it?
;)
I don't understand when companies go off on this tangent and act as if what they're doing will combat piracy. Piracy will always exist. No matter what you do, you can't get rid of it.
Yeah, it's wrong, but people will do it. Just be thankful EVERYONE isn't doing it. Bottom line: it will not bring back your "lost" sales, and people will have a workaround in a matter of hours.
There's also a reason why Microsoft more or less turns a blind eye to it - the more people who pirate a particular piece of software just means it's on that many more computers. MS would rather you have a pirated copy of Windows XP than to flat out run Linux simply because it gives them more of a place in the market.
No one likes to think on the flipside of things, so go on and mod this as troll
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
(corrections appreciated)
That's not the case here. This isn't restricting use at all...just making it clear which copy goes where (if found later).
If they put in code to actively thwart copying -- and I agree it would 'make it easier for pirates to pirate and harder for legit users' to use what they bought -- I would be with you. Since that's not the case, there's no harm, no foul.
Transgaming should provide a way to verify the file, though, to protect against the case that if the file were hijacked and bad code were put in you could check the file. That it's not the same # for everyone isn't much of an issue.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
This sig is only here so people stop skipping the last lines of my posts.
It seems that
.TGZ, aka .tar.gz for real unix people, is marked. So, just re-tar it and the tag (that ain't even deserving of the term watermark) is gone.
a) Only the
b) If they did something more hardcore, two copies would not necessarily be enough remove all identifiers. It isn't hard to come up with a scheme in which there are multiple sets of tags and any one combination of those tags defines a single download, but if say, 3 of the 4 tags are the same, then a straight diff only picks up 1 of the 4 tags and thus leaves the other 3 to identify a group of downloads from which both "pirates" took their copies. Play enough games assigning different users to different sets of tags for different releases and you could probably narrow down the pool to the exact people who are participating in unauthorized sharing in a month or two. It just a practical application of set theory to do it.
When information is power, privacy is freedom.
You're right, but that's just a workaround. There's no way for the Gentoo developers to really fix this without disabling an important security feature of portage.
LOAD "SIG",8,1
So if the signature is so easy to ignore, what makes you think that anybody who bothers to share it won't strip it off and offere a naked archive?
Any copyright protection effective enough to prevent much copying is too onerous to legitimate customers. I've yet to see an exception to that axiom.
Sure, Microsoft and TransGaming are free to do whatever they want with their software. But just because they can, doesn't mean it's smart to do...
Why yes, I AM a rocket scientist!
Exactly. Developers and publisher houses; take notice. This is the very same reason "No-CD" cracks are so damn popular.
I'm not really sure what the point of this watermarking is. It's really not copy protection - they would need a proper activation system to enforce that. And, even apart from the huge political backlash that would entail, I can't imagine that TG would devote the technical and clerical resources required to make an activation system work. Especially since so many Linux users change distros and hardware more often than their socks. They can't be crazy enough to try activation.
So what's the point, then? Copies will still make their way through P2P. I guess they could go after people that share the file (if they're dumb enough not to wipe the watermark), but there's no way they'd do more than cancel that person's subscription. Again, apart from political issues, any legal proceedings would be ridiculously expensive for the damages involved. Are they saving dev time on support? No, not really - you have to have a subscription to access the message boards. There's IRC, I guess, but if a dev's sitting there already, that's not much of a loss.
I feel like we're missing something here. The guys at TG are clearly not dumb. They can't believe this will help them sell more copies. There's got to be more to it somewhere...
How is this a loss of privacy unless you were planning to violate the company's copyright?
Who is going to see your personally tagged tarball that you download?
And even if there is a checksum in this 19 byte string, why would anyone need to pay any attention to it? The whole point of this watermark is to trace copies back to the source. If you overwrite the watermark with random garbage, you've thwarted it... unless there's code in the game or the installer to check this watermark, but that doesn't seem to be the case here.
since we know it's bytes 0x10-0x23 why not just write a script that 0s them out and then compare the md5sum to that? I'm sure that wouldn't be hard to add to the ebuild in gentoo.
-- Proud member of the Jello Sex Cult.
find the idea of automatically wanting more money regardless of improvements, service etc. disgusting
Too bad that's not how the TG subscription service works.
I.e., cancelling an existing subscription won't break/kill WineX/Cedega.
"I don't know, therefore Aliens" Wafflebox1
So, anyone who is going to pirate this make sure to scramble those bytes, or just unpack the tgz then repackage it.
The pirates are slowed down for about 8 seconds while many legitimate customers are screwed over. Thanks Transgaming!
... any action that makes things more difficult / inconvenient / annoying / etc. for legitimate users of a piece of software (or anything else - like an audio CD) is an action that should not be taken.
When I am using software that I am a legitimate owner of, the last thing I want to do is jump through a million hoops just to prove I'm legit. For example, I'll be the first to admit that when I BUY a PC game, the first thing I do is go looking for a "no CD crack" to download. Why? Because I own the game and don't WANT to be forced to swap CDs all the time, just to constantly prove that I paid for the damn thing. I shouldn't have to. Honestly, it's insulting.
AFAIK, every form of copy/piracy protection that has ever existed has been cracked, and typically in a relatively short amount of time. The ones doing the pirating don't care - they have come to expect it, and finding out how to crack the software will be widely preferred to forking over the cash anyway. The crackers/warez distributors don't care either - indeed, quite the opposite, as many crackers will love the chance to be the first to crack a new protection scheme. The only ones who care are the legitimate users, because they're the ones who usually suffer.
Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer.
Won't happen. The speed of light alone will cause enough round-trip latency to kill such remote-X gaming. There needs to be at least some predictive power on the client in order to preserve the speed of cause and effect.
Think of it this way: they spend weeks implementing and thinking out an activation scheme only to have it completely and utterly CRACKED within hours of the product being leaked/released.
The fact is, it doesn't affect piracy one bit, but now users gotta deal with additional BS. For example, piece together a new PC and put your copy of XP on it. Now, after activation fails, try to convince Microsoft that you destroyed or got rid of the old computer!
It's not the fact that activation makes it easier, it's that the second a company boasts of having software that's uncrackable, it makes headlines and is often one of the first things to be cracked. In addition, the crack is often spread around so much to the point where it's hard NOT to find it.
All because they decided to announce to the world that their new copy-protection/activation scheme is the shit.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Folk, this is exactly what is holding linux back on the desktop. Commercial software on linux. Companies will not invest in linux ports if they perceive the linux community as a bunch of pirates who want everything for free.
You will be sure to have it from a reliable source if you legally obtain it from the transgaming servers.
Jesus was a compassionate social conservative who called individuals to sin no more.
People who steal should be punished.
Agreed. Unfortunately you seem to have bought the line that copyright violation is somehow equivalent to theft.
It isn't. It never has been. But if enough people like you refuse to exercise their brains concerning the matter and keep insisting that the two are one and the same, then some day they will be - at least legally. And then we're all fucked, since from that point on we won't even have the right to back up the product that we PAID FOR.
We'll be just what the software companies want us to be: licensees. We'll never own anything we purchase from them, and if they can get away with that sort of fucked-up bullshit, what's to stop other companies from doing the same thing with their products? I suppose you'd be happy RENTING everything in your house for the rest of your life, unable to do anything with it that isn't specified in the EULA that comes with those items?
If so, whoredom is just a short step away for you and everyone else like you.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I would enjoy seeing somebody hiding a trojan in the header of a tarball.
Except they AREN'T a reliable source. Their server can be hacked as easily as anyone's. MD5 sums are meant to protect against situatons like that- getting comprimised data from trusted sources.
I still have more fans than freaks. WTF is wrong with you people?
Um. I'm not sure if your comment is off-topic, or if you simply don't understand what TG is doing.
They're "watermarking" stuff to to be able to essentially track legit users. IE, they will give support to people with legit watermarked tarballs. IE, service. Warezed copies will not receive services, thus not costing the company any direct money. You didn't honestly think the company was stupid enough to think they could 'prevent' piracy, did you? No, there will always be morally corrupt people such as yourself out there that have no compunction about not paying for what they get.
Hopefully this makes sense to you.
Oh, and one more thing - TG's software is making niche software. They are not making popular software. Your own argument is self-defeating.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
In the words of Robin Williams: "Whoa there, Sparky!"
That's something of a blanket statement, isn't it? It could be argued that if you have access to "warez", you're certainly not going to be inclined to move to a FREE operating system on the basis of saving money on software, are you? Kind of a reverse logic thing you've got going on there...
And if we're looking at copyright violation/property theft, doesn't most of the piracy of movies and music happen amongst the the teenagers to 25 year old age groups? These are hardly going to be free software users.
It was not by far the only reason but one reason I made the move to Linux was because I was sick and tired of paying for generally low quality commercial software and actually felt better about NOT having to pirate a commercial application I didn't want to pay for in the first place.
Gentoo Linux - another day, another USE flag.
You don't have to use Cedega - if you're that keen on gaming, you probably have a Windows license kicking about somewhere anyway so just install that for gaming purposes as a dual boot.
Doom 3 is about the first game I've noticed that doesn't run on Windows 98 (at least according to the box) but apart from that, 98 is fine for the occasional gaming session - just do I like I do and do all your important stuff in Linux.
Gentoo Linux - another day, another USE flag.
Ok weenie, how do you do that in Windows, using only built-in (non third party) tools?
No.
And make that "perceived security".
And remember kids: Never trust a computer you can actually lift.
I love transgaming, and was encouraging everyone I heard was using CVS to buy a subscription... but not anymore. I won't buy stuff from a company that would do something like this... well, the fact they did it isn't so bad, the fact they hid it is.
Jay | http://oldos.org
but cars also get broken into, you wouldnt see Ford selling cars without a doorlock
The difference is a car owner WANTS the lock to be there. I am glad to take an extra 2 seconds to get my keys out of my pocket if it helps prevent the stuff in my car from being jacked.
I don't benefit in any way from software activation or CD keys. It is nothing but a hassle when you buy the software. It's easier in many cases to install the cracked version.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
"It didn't occur to you that it might be Gentoo's fault for not anticipating the possibility of unique package signatures and/or working around this?"
I know this is a troll but i hope you realize this is not some "new fangled way" Gentoo is doing things. They simply download the file (or in the case of WineX you download and put the file in the right directory) and check the MD5sum on the file to make sure it is legit and hasn't been modified by anyone. This is a pretty standard procedure in the Unix world where if you download a file (especially if it's a file that will be used by the system, like a new kernel!) you check the MD5sum to make sure it is real.
If you are comming from the windows world then i can fully understand why you would think that this is some "short-sighted" thing Gentoo did that is hurting the users but i assure you that it is standard procedure and Gentoo simply make it even more useful by automating that process for us.
As far as serial numbers in software being nothing new, once again you missunderstand. Having a program where you enter a serial number is nothing new, from one CD to another the bits will be aligned exactly the same so if you md5sum one OfficeXP cd it will look the same as any other OfficeXP cd from that version. What transgaming is doing actually changes the bits in the file so each file is different, this has nothing to do with serial numbers being entered.
Most likely the MD5sums don't match because tar is storing the access times on the files. The access time will change when tar reads the file. To work around it, use the 'noatime' mount option on the FS or pass the appropriate parameters to tar so that it doesn't record atimes or resets them after reading the file.
INSIGHTGUL?? MD5 sums do not "protect" from anything. You choose to trust whoever gave you the sum as a valid and trustworthy source, that is all. If someone can hack their server and place a different binary package in it, do you think they cannot hack a web server and display the new MD5 sum?
Mother is the best bet and don't let Satan draw you too fast.
Exactly. I'm sure Transgaming can find an hour or so to put together an acceptable digital signing system. However, the people with legitimately licenced copies of Cedega propbably have very little to fear. Its the people trading cedega-4.0.1.tgz on kazaaa/edonkey/etc, that are openning the humongous security hole in their systems by running an unverifiable binary only package. (probably as root too, shudder)
This is the very same reason "No-CD" cracks are so damn popular.
;)
That, and the fact that they mean you can install a copy from a friend's CD.
Well, let me run a scenario by you.
"MD5 prevents haxors from owning my software provider's boxen and giving me bad evil rootkits! I just compare the MD5 checksum to the software I downloaded and if they match, I know its genuine!"
"Hey, where do you get that MD5 checksum from anyway?"
"The software provider's website.... oh, shit."
Can I suggest that MD5-signed binaries are only useful if the MD5 signatures are widely available from places that aren't the manufacturer?
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
As they seem to devolve, I just want to hold up my hands and give a nice golf clap to the folks that seem to do everything in their power to shove a stick up the ass of linux gaming. Thanks Guys!
Now that they don't give anything back for eon's, and tag their crap with the gayness of primate DRM, they can sit back and know that they've made life just a little bit better for.... nobody.
> Wrong, And even if they are defeated you will find that the goal of this security method is to deter piracy, not to prevent it.
ANd while I know that that is the idea, the idea is wrong and flawed.
What happens in reality is that piracy is not stopped, those interested in a pirated copy can still easily get it, while the legitimate and paying user is bothered, treated like a soon to be criminal, and that legitimate uses of the software are at times prevented.
So, original poster is right, it is completely and utterly ineffective, and in fact does more damage then that it does good.
Let me get this straight - it is known which bits contain the signature ?
If it is known, then what on Earth does this accomplish ? What stops the pirate from simply changing those bits ?
Or, if he's a true l33t h2x6r, he might even untar and retar the package :).
Of course, if it's the source files in the package that have been watermarked, it might even require running the diff program to find the watermark... But one thing is certain: this is not going to stop piracy.
Coming to think of it - isn't WineX (or Cedega or whatever) a fork of the regular Wine ? And isn't the regular Wine distributed under the LGPL ? So, if this is true, then how could one who distributes LGPL'd code be called a pirate ? Or am I missing something here ?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
> I'd say that copyright protections do hamper casual copying of games, for those individuals who WOULD copy it but aren't technical to figure out workarounds by themselves.
I know that this line of reasoning is often used, and at first glance it really makes sense.
What it ignores is the following:
Whenever someoen puts up a method to prevent copying, there are people who find reason to circumvent it, not just to the point of being able to copy the original (game) itself, but going as far as providing a version without the copy protection or creating a program that will fool the copy protection.
In either case, the non technical user can now make copies of existing (illegal) copies without needing more knowledge then clicking 'copy' in Nero or whatever CD writer tool they happen to use.
This has been true since the early 80s at least, and I do not see anythign havign changed there in the almost quarter century since.
So no, it does not prevent non-technical people from copying the games or other software, but it does stop those who want to make a legitimate backup copy and don't want to get into illegal activity alltogether.
> But lets face it, Gentoo users are more than technical enough to pirate anything if they really want to.
Well... being a good unix administrator will do fine for setting up and usign Gentoo, but in many cases you need to be a somewhat decent 'hacker' in order to circumvent copy protection.. its not the same set of skills (there are quite a few peopel who happen to have both tho)
I bought a game from a store. The game was called Morrowind. I brought the game home and installed it. Oh the wait ! And I did as any l33t gamer does, and downloaded and installed the latest patches. Then, gripped with excitement, I ran the game and... it crashed. Oh the disappointment !
It turns out that the patched version of Morrowind crashes 99 times out of 100 in my system at the first CD check. The crash is "quiet", it simply drops me back to Windows (I only use it for games ! Honest !) desktop without any error messages. The unpatched version works, but contains bugs.
So what am I to do ? Play the old version ? Or apply a NO-CD patch ? I did the latter and the game started working perfectly.
Furthermore, why should I be forced to dig up the CD every time I want ot play a game ? All the data is in the hard disk, the CD is only used for copy protection - and it fails to accomplish even that. It is pure annoyance for legitimate users and nothing more.
Nowadays, the first thing I do after installing the game and starting the download for the newest patch, is to find and download the NO-CD patch. It saves me trouble, makes the game have one less possible point of failure, and allows me to keep the original CD in a safe place. And it lets me keep on playing even after the CD has been overcome by the tides of time.
NO-CD patches are a blessing, and likely the only reason why people put up with the idiotic copy protection mechanisms.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Look... before the digital age, this way of thinking could work. Now that we're in the digital age, it's enough for one little fucker to pirate whatever you've made, and (fanfare), it's out on p2p for everybody and his dog to download.
Seriously, software is going to be pirated (Until someone comes up with a better scheme). Until then, all it does is annoy legitimate users. Pirates bypass the copy-protection anyways. Hell, pirates even get the software before it hits the street (ref. DooM 3, Condition Zero, UT2004).
So basically it's better to be a pirate. Not only do you get the latest über-cool game before that annoying neighbour, but you can laugh at him while he struggles to play his game (bought with his hard-earned money), fighting a copy-protection scheme that seems to be designed for one reason only... To make it hard for normal users to play.
Also, the fact that several of the programs I've bought actually denies me the right I have to make a backup copy (Yes, I *do* make archival copies and store them off-site. I've been through two fires in my life). A pirated version allows me to make as many backup copies I'd like. With *no* fuzz.
So, for the average user, can we extrapolate where this is going? I still buy stuff that I want. But if there's a copy-protection scheme of some sort, I'm not going to buy from that vendor again.
Also, you can run arbitrary bit sums which would be ideal in this case. For exaple, the Java language has classes for this. You can download the .tgz on one machine, run an arbitrary crc or adler checksum on a portion of the file that does NOT include the signature. Then simply download on another machine and repeat. This should give cynical people like you the reassurance you need. If both sums are the same you might be ok, of course you can have as many sum checks as you want..
What on earth are you smoking? If a l33t script kiddie has managed to replace that damn .tgz with a one containing a r00t kit, do you think it'll help downloading it twice?
I'm not saying Gentoo's way of checking the sources isn't flawed. But it's a hell of a lot better than downloading the r00ted tarball twice.
Yep, its a pity too.
All the Transgaming hype could've been avoided ; )
Isn't the point of watermarks to be difficult to remove and nearly invisible unless you know what you're looking for?
Otherwise, what would be the point of putting a watermark on the downloads?
"Ignorance more frequently begets confidence than does knowledge"
- Charles Darwin
That analogy doesn't work very well. At the meat counter, the tags are temporary. Once you get your meat you throw the tag away, you are never identified with the tag number, and the butcher never writes down your name and the tag number together. The number tags also do not affect the meat in any way. You do not have to cook the meat longer and you don't have to change your recipe for cooking meat just because you got a numbered tag while waiting in line.