Slashdot Mirror


TransGaming Tagging Downloads to Combat Piracy

SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."

21 of 512 comments (clear)

  1. Don't Like it? by Dr.+Bent · · Score: 4, Insightful

    Don't buy it.

  2. Re:blargh by Dorsai65 · · Score: 4, Insightful

    Me, when I do a lot of work, I like to get paid for it. TG is 'fronting' the money needed to develope until they sell the product; if they don't sell enough, then it's not worth it to them to keep doing it and they fold up their tent and go home. If somebody likes their stuff *that* much, then pay for it.

    --
    --- Asking inconvenient questions for over 30 years...
  3. I'll stick to free software, thanks by etymxris · · Score: 4, Insightful

    I was recently getting back into gaming and considering becoming a Transgaming subscriber again. Maybe I would have chosen not to anyway, but I'm certainly not after this. Not because it's really worse than anything any other proprietary software company would do, but because it reminds me of why I prefer free (libre) software over proprietary software.

    I remember when Transgaming was going to open source everything they wrote, if only they got enough subscribers. Well that pipe dream fell through. I'll stick to free software. There's no going back on such a promise with free software.

  4. No surprise here by Lord+Byron+II · · Score: 5, Insightful
    I think it was no secret that this was going to happen eventually, although the article makes it sound like just the tgz is tagged, not the binaries themselves. So you should be able to open it, re-zip it, and be on your way. I hope that they are providing md5's for those of us who are smart enough to check.

    But from reading the article, I don't get the impression that this is an anti-piracy effort either. Consider that the RPMs and DEBs are unaffected. Could be anti-piracy, but it could also be just a download counting system or maybe per-user customization.

    Certainly, it seems clear that they're not actively tracking you and that they're not going to be able to tell if you happen to install it on your desktop and laptop. The only way you're going to get in trouble (if that is indeed their goal) is if your unaltered tgz starts appearing en masse on the p2p networks.

  5. Well, it was bound to happen sooner or later. by Anonymous Coward · · Score: 5, Insightful

    If Linux is going to go bigtime on the desktop, you are just going to have to put up with this kind of stuff. Hell, I would bet that distributors put even more protection on commercial Linux apps/games since (pardon my generalization) Linux users are used to software being free (as in beer). Prepare for it to get worse in the coming years.

  6. Loss of Privacy? by LochNess · · Score: 5, Insightful
    Is this tiny loss of personal privacy worth the increase in TransGaming's security?


    If you don't download it, you don't have any "loss" of privacy.

    People throw around the idea of the loss of privacy as though they are being compelled to download whatever it is.
  7. It's not the best way to do it... by zarthrag · · Score: 5, Insightful

    ..but I feel their pain.

    I've discussed this option before, and it's difficult to do without developing an entirely new online distribution format, however it is (in the end) an infinite uphill battle when it comes to copyprotecting non-multiplayer games. Signing a download will simply thward willy-nilly copiers. Any warez producer worth their salt will breeze by this one by either producing their own archives by simply ferreting out the watermark.

    I'm not familiar with cedega, but I'm sure it's no different from any other title. If it ain't an MMO, you can't attain near-zero piracy - period.

    Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer. No updates, no piracy, no privacy.

    --
    Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
  8. Re:easy workaround by Vreejack · · Score: 5, Insightful

    I think that was the original point. All the cracked versions will have 0x00 in the tags, but legitimate users will be encumbered.

    When a copy protection scheme makes it desireable for legitimate users to used cracked versions of the software then there needs to be a rethink.

    --
    "Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
  9. ...what a waste of time. by DroopyStonx · · Score: 4, Insightful

    If a person knows enough to be using Linux AND this application, chances are they can easily get around the watermark, so what's the point in it?

    I don't understand when companies go off on this tangent and act as if what they're doing will combat piracy. Piracy will always exist. No matter what you do, you can't get rid of it.

    Yeah, it's wrong, but people will do it. Just be thankful EVERYONE isn't doing it. Bottom line: it will not bring back your "lost" sales, and people will have a workaround in a matter of hours.

    There's also a reason why Microsoft more or less turns a blind eye to it - the more people who pirate a particular piece of software just means it's on that many more computers. MS would rather you have a pirated copy of Windows XP than to flat out run Linux simply because it gives them more of a place in the market.

    No one likes to think on the flipside of things, so go on and mod this as troll ;)

    --
    We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
  10. Re:easy workaround by Jah-Wren+Ryel · · Score: 4, Insightful

    It seems that

    a) Only the .TGZ, aka .tar.gz for real unix people, is marked. So, just re-tar it and the tag (that ain't even deserving of the term watermark) is gone.

    b) If they did something more hardcore, two copies would not necessarily be enough remove all identifiers. It isn't hard to come up with a scheme in which there are multiple sets of tags and any one combination of those tags defines a single download, but if say, 3 of the 4 tags are the same, then a straight diff only picks up 1 of the 4 tags and thus leaves the other 3 to identify a group of downloads from which both "pirates" took their copies. Play enough games assigning different users to different sets of tags for different releases and you could probably narrow down the pool to the exact people who are participating in unauthorized sharing in a month or two. It just a practical application of set theory to do it.

    --
    When information is power, privacy is freedom.
  11. Re:Breaks gentoo ebuilds by Nasarius · · Score: 5, Insightful

    You're right, but that's just a workaround. There's no way for the Gentoo developers to really fix this without disabling an important security feature of portage.

    --
    LOAD "SIG",8,1
  12. Re:easy workaround by Lisandro · · Score: 4, Insightful

    Exactly. Developers and publisher houses; take notice. This is the very same reason "No-CD" cracks are so damn popular.

  13. Trust by Kaseijin · · Score: 5, Insightful
    simply use the gentoo ebuild tools to generate a new MD5 hash based on the .tgz you downloaded... you *DO* trust transgaming's own binaries, dont you??? hmmm??? :)
    You may have been joking, but whoever modded this insightful presumably wasn't. The Portage hash check assures the user that the Cedega tarball isn't really a rootkit uploaded by whoever 0wned TransGaming's server. It would be best if all publishers cryptographically signed their releases, but since most don't, comparing hashes with a trusted third party like Gentoo is a reasonable compromise.
  14. Re:easy workaround by John+Hurliman · · Score: 4, Insightful

    So, anyone who is going to pirate this make sure to scramble those bytes, or just unpack the tgz then repackage it.

    The pirates are slowed down for about 8 seconds while many legitimate customers are screwed over. Thanks Transgaming!

  15. As far as I'm concerned... by Ghostgate · · Score: 5, Insightful

    ... any action that makes things more difficult / inconvenient / annoying / etc. for legitimate users of a piece of software (or anything else - like an audio CD) is an action that should not be taken.

    When I am using software that I am a legitimate owner of, the last thing I want to do is jump through a million hoops just to prove I'm legit. For example, I'll be the first to admit that when I BUY a PC game, the first thing I do is go looking for a "no CD crack" to download. Why? Because I own the game and don't WANT to be forced to swap CDs all the time, just to constantly prove that I paid for the damn thing. I shouldn't have to. Honestly, it's insulting.

    AFAIK, every form of copy/piracy protection that has ever existed has been cracked, and typically in a relatively short amount of time. The ones doing the pirating don't care - they have come to expect it, and finding out how to crack the software will be widely preferred to forking over the cash anyway. The crackers/warez distributors don't care either - indeed, quite the opposite, as many crackers will love the chance to be the first to crack a new protection scheme. The only ones who care are the legitimate users, because they're the ones who usually suffer.

  16. Re:And who is to blame??? by k8to · · Score: 5, Insightful

    Transgaming is selling a product based on Wine, a totally free software project. TransGaming has added to that codebase, but without contributing most of those additions back to the Wine codebase.

    They have brought value to their product, which is why it is worth any money at all, but they have not really been a team player with the free software community.

    In addition, there have been various sketchy issues, including a promise (unfulfilled) of opening their codebase when they get a bunch of subscribers. They also damaged sales of a native linux port by wine-porting it redundantly (kohan), have used linux-subscriber funds to port games to macintosh instead of linux which were not made available to linux subscribers.

    Now, these are oversimplified descriptions, and I'm not suggesting they are an evil bunch of people. But describing them as "totally community oriented" is simply inaccurate. There is also the contestable issue that they may be helping to prevent the growth of the native Linux games market by diverting demand to windows games, while also providing a poor linux gaming experience (look at the list of fully supported games, it's quite small). This view is not airtight but it's not invalid either.

    In short, they are not the "good guys". They are a business out to make a profit regardless of whether their actions are "good" or "bad".

    --
    -josh
  17. Re:easy workaround by ActiveSX · · Score: 4, Insightful

    I would enjoy seeing somebody hiding a trojan in the header of a tarball.

  18. Re:Tis good! by wolrahnaes · · Score: 4, Insightful

    but cars also get broken into, you wouldnt see Ford selling cars without a doorlock

    The difference is a car owner WANTS the lock to be there. I am glad to take an extra 2 seconds to get my keys out of my pocket if it helps prevent the stuff in my car from being jacked.

    I don't benefit in any way from software activation or CD keys. It is nothing but a hassle when you buy the software. It's easier in many cases to install the cracked version.

    --
    I used to get high on life, but I developed a tolerance. Now I need something stronger.
  19. Re:Changes by Craig+Ringer · · Score: 4, Insightful

    Most likely the MD5sums don't match because tar is storing the access times on the files. The access time will change when tar reads the file. To work around it, use the 'noatime' mount option on the FS or pass the appropriate parameters to tar so that it doesn't record atimes or resets them after reading the file.

  20. Re:Breaks gentoo ebuilds by SillyNickName4me · · Score: 4, Insightful

    > I'd say that copyright protections do hamper casual copying of games, for those individuals who WOULD copy it but aren't technical to figure out workarounds by themselves.

    I know that this line of reasoning is often used, and at first glance it really makes sense.

    What it ignores is the following:

    Whenever someoen puts up a method to prevent copying, there are people who find reason to circumvent it, not just to the point of being able to copy the original (game) itself, but going as far as providing a version without the copy protection or creating a program that will fool the copy protection.

    In either case, the non technical user can now make copies of existing (illegal) copies without needing more knowledge then clicking 'copy' in Nero or whatever CD writer tool they happen to use.

    This has been true since the early 80s at least, and I do not see anythign havign changed there in the almost quarter century since.

    So no, it does not prevent non-technical people from copying the games or other software, but it does stop those who want to make a legitimate backup copy and don't want to get into illegal activity alltogether.

    > But lets face it, Gentoo users are more than technical enough to pirate anything if they really want to.

    Well... being a good unix administrator will do fine for setting up and usign Gentoo, but in many cases you need to be a somewhat decent 'hacker' in order to circumvent copy protection.. its not the same set of skills (there are quite a few peopel who happen to have both tho)

  21. Re:Breaks gentoo ebuilds by repvik · · Score: 4, Insightful
    Wrong, And even if they are defeated you will find that the goal of this security method is to deter piracy, not to prevent it. I.e. If you are a cracker, you will circumvent the system. If you are a general user you won't know where to start. For example, the company I work for uses SecuROM CD protection which can be overcome without too much difficulty, but most customers don't know how to.

    Look... before the digital age, this way of thinking could work. Now that we're in the digital age, it's enough for one little fucker to pirate whatever you've made, and (fanfare), it's out on p2p for everybody and his dog to download.
    Seriously, software is going to be pirated (Until someone comes up with a better scheme). Until then, all it does is annoy legitimate users. Pirates bypass the copy-protection anyways. Hell, pirates even get the software before it hits the street (ref. DooM 3, Condition Zero, UT2004).
    So basically it's better to be a pirate. Not only do you get the latest über-cool game before that annoying neighbour, but you can laugh at him while he struggles to play his game (bought with his hard-earned money), fighting a copy-protection scheme that seems to be designed for one reason only... To make it hard for normal users to play.
    Also, the fact that several of the programs I've bought actually denies me the right I have to make a backup copy (Yes, I *do* make archival copies and store them off-site. I've been through two fires in my life). A pirated version allows me to make as many backup copies I'd like. With *no* fuzz.
    So, for the average user, can we extrapolate where this is going? I still buy stuff that I want. But if there's a copy-protection scheme of some sort, I'm not going to buy from that vendor again.

    Also, you can run arbitrary bit sums which would be ideal in this case. For exaple, the Java language has classes for this. You can download the .tgz on one machine, run an arbitrary crc or adler checksum on a portion of the file that does NOT include the signature. Then simply download on another machine and repeat. This should give cynical people like you the reassurance you need. If both sums are the same you might be ok, of course you can have as many sum checks as you want..

    What on earth are you smoking? If a l33t script kiddie has managed to replace that damn .tgz with a one containing a r00t kit, do you think it'll help downloading it twice?
    I'm not saying Gentoo's way of checking the sources isn't flawed. But it's a hell of a lot better than downloading the r00ted tarball twice.