Slashdot Mirror
TransGaming Tagging Downloads to Combat Piracy
SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."
This is a real pain because it actually breaks the gentoo ebuilds!
unzip two copies, find any differences, produce a third copy with random garbage in place of whatever the watermark is.
Come on people, is it really THIS important to protect stuff?
...
Why not focus on a service-based business model, like the MMORPG setup?
One-off profits are nowhere near as lucrative as service contracts, after all.
Pshaw, software fingerprinting protection is just silly
Comment removed based on user account deletion
How would one verify that an archive is correct, or packaged from a reliable source, if the md5sum differs?
In my opinion, the cons outweight the pros for doing so.
Sunset over the lake, cool mist over the bridge; A leave upon the ripples, the snow reflects its glow.
Don't buy it.
Microsoft did this with Windows XP beta to see what beta testers were "leaking" the information. Somebody figured it out though and testers were in an uproar shortly thereafter. Frankly, if you buy (or rent) electronic hardware from a store, the serial number is recorded on the receipt to avoid a switcheroo... this is simply an extension of that in my opinion. Not a good thing for people who misuse their licenses... but nothing major for people who follow the rules.
Another point I'd like to make. Lets say that transgaming's servers get rooted and their archives infected with some arbitrarily nasty virus. How can I trust that the file I'm getting is not infected? I'll even go one step further... How can I be sure that this has not already happened?
You can't be sure.
For now, take the
that's what i'd try to do. rpm's be damned. heh
They DO have an open cvs-server. Kindof make you think that they are not so scared about people downloading their app?
My $5x10^-2
Look at nearly every product with 'activation' or a 'cd-key' and it's been cracked. All these 'protections' do is make it easier for pirates to pirate and harder for legit users to get to work.
Your hair look like poop, Bob! - Wanker.
I was recently getting back into gaming and considering becoming a Transgaming subscriber again. Maybe I would have chosen not to anyway, but I'm certainly not after this. Not because it's really worse than anything any other proprietary software company would do, but because it reminds me of why I prefer free (libre) software over proprietary software.
I remember when Transgaming was going to open source everything they wrote, if only they got enough subscribers. Well that pipe dream fell through. I'll stick to free software. There's no going back on such a promise with free software.
Honestly, thats probably the most non-intrusive copy protection there could be. The problem is why did they include it without telling anyone? These people paid for it, so don't they deserve an explanation? And even more odd is that, since their "protection" scheme is now known, whats to stop, say, a pirate from altering the archive and putting it on P2P?
quote: "If Microsoft did this"
(they already have... Windows XP beta builds).
From Transgamers point of view... yes.. yes it is.
Not Meta-modding due to apathy.
But from reading the article, I don't get the impression that this is an anti-piracy effort either. Consider that the RPMs and DEBs are unaffected. Could be anti-piracy, but it could also be just a download counting system or maybe per-user customization.
Certainly, it seems clear that they're not actively tracking you and that they're not going to be able to tell if you happen to install it on your desktop and laptop. The only way you're going to get in trouble (if that is indeed their goal) is if your unaltered tgz starts appearing en masse on the p2p networks.
If Linux is going to go bigtime on the desktop, you are just going to have to put up with this kind of stuff. Hell, I would bet that distributors put even more protection on commercial Linux apps/games since (pardon my generalization) Linux users are used to software being free (as in beer). Prepare for it to get worse in the coming years.
If you don't download it, you don't have any "loss" of privacy.
People throw around the idea of the loss of privacy as though they are being compelled to download whatever it is.
..but I feel their pain.
I've discussed this option before, and it's difficult to do without developing an entirely new online distribution format, however it is (in the end) an infinite uphill battle when it comes to copyprotecting non-multiplayer games. Signing a download will simply thward willy-nilly copiers. Any warez producer worth their salt will breeze by this one by either producing their own archives by simply ferreting out the watermark.
I'm not familiar with cedega, but I'm sure it's no different from any other title. If it ain't an MMO, you can't attain near-zero piracy - period.
Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer. No updates, no piracy, no privacy.
Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
Obviously they're concerned about the amount of piracy.
For the money that they charge, you'd think that people who actually choose to use their product could bring themselves to pay for it.
I know there are a lot of people who take the 'boycott WineX' approach because they think WineX harms gaming on Linux in the long run. This post obviously has nothing to do with them, as they choose not to run it.
For those of us who choose to run it, I really can't see what the problem with paying for it is. I've paid on 3 separate occassions. On each occasion I'd paid because another game I wanted to play was now supported, and I've been satisfied each time.
So how about the leeches among us start supporting the rare breed of company that shows any interest in Linux on the desktop?
If a person knows enough to be using Linux AND this application, chances are they can easily get around the watermark, so what's the point in it?
;)
I don't understand when companies go off on this tangent and act as if what they're doing will combat piracy. Piracy will always exist. No matter what you do, you can't get rid of it.
Yeah, it's wrong, but people will do it. Just be thankful EVERYONE isn't doing it. Bottom line: it will not bring back your "lost" sales, and people will have a workaround in a matter of hours.
There's also a reason why Microsoft more or less turns a blind eye to it - the more people who pirate a particular piece of software just means it's on that many more computers. MS would rather you have a pirated copy of Windows XP than to flat out run Linux simply because it gives them more of a place in the market.
No one likes to think on the flipside of things, so go on and mod this as troll
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
Every time a company (usually Apple) does something even remotely questionable regarding YRO people say that if Microsoft did it there would be a huge uproar.
If it's something anticompetitive someone usually clamors about how Microsoft is a convicted monopolist. I wish people could come up with a new ways to attack Microsoft and a new ways to be Microsoft apologists. I suppose we should stop rewarding those who rehash old arguments (I swear I've read your comment before, word for word) with Karma.
Help I'm a rock.
And I was going to the trouble of getting out my magic marker and drawing on the download!
The dangers of knowledge trigger emotional distress in human beings.
Once upon a time, I was a Windows user in the habit of pirating (mainly because I was a kid with no money). Now that I've been on the Linux bandwagon for a some years, I use Free tools by default, and if there's an application that's useful and nice that costs money (VMWare, TransGaming, etc), I buy it.
I think Linux people may realize that the license is what ties us together, and that by pirating software we undermine our community as well as erode our major advantage over some of the evil closed source people.
Just imagine if they did something insane like making you call for permission to reinstall if you've changed some of your hardware.
Oh..
Serious? Seriousness is well above my pay grade.
(corrections appreciated)
That's not the case here. This isn't restricting use at all...just making it clear which copy goes where (if found later).
If they put in code to actively thwart copying -- and I agree it would 'make it easier for pirates to pirate and harder for legit users' to use what they bought -- I would be with you. Since that's not the case, there's no harm, no foul.
Transgaming should provide a way to verify the file, though, to protect against the case that if the file were hijacked and bad code were put in you could check the file. That it's not the same # for everyone isn't much of an issue.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I honestly do not understand why they would want to do this. To protect against software piracy? Who would do such a thing? Surely the general population has enough respect for software developers that they would refrain from pirating software without copy protection schemes.
</sarcasm>
Mathematics is made of 50 percent formulas, 50 percent proofs, and 50 percent imagination.
What happened to being able to download the source to WineX (Or Cedega) and compiling it yourself? Are TransGaming violating the GPL by not providing the source, or are they claiming that the subscription is to cover distribution costs to get around the GPL?
Or, am I completely wrong, and does Transgaming provide the source on their website, just hidden somewhere?
I'm not really sure what the point of this watermarking is. It's really not copy protection - they would need a proper activation system to enforce that. And, even apart from the huge political backlash that would entail, I can't imagine that TG would devote the technical and clerical resources required to make an activation system work. Especially since so many Linux users change distros and hardware more often than their socks. They can't be crazy enough to try activation.
So what's the point, then? Copies will still make their way through P2P. I guess they could go after people that share the file (if they're dumb enough not to wipe the watermark), but there's no way they'd do more than cancel that person's subscription. Again, apart from political issues, any legal proceedings would be ridiculously expensive for the damages involved. Are they saving dev time on support? No, not really - you have to have a subscription to access the message boards. There's IRC, I guess, but if a dev's sitting there already, that's not much of a loss.
I feel like we're missing something here. The guys at TG are clearly not dumb. They can't believe this will help them sell more copies. There's got to be more to it somewhere...
How is this a loss of privacy unless you were planning to violate the company's copyright?
Who is going to see your personally tagged tarball that you download?
since we know it's bytes 0x10-0x23 why not just write a script that 0s them out and then compare the md5sum to that? I'm sure that wouldn't be hard to add to the ebuild in gentoo.
-- Proud member of the Jello Sex Cult.
... any action that makes things more difficult / inconvenient / annoying / etc. for legitimate users of a piece of software (or anything else - like an audio CD) is an action that should not be taken.
When I am using software that I am a legitimate owner of, the last thing I want to do is jump through a million hoops just to prove I'm legit. For example, I'll be the first to admit that when I BUY a PC game, the first thing I do is go looking for a "no CD crack" to download. Why? Because I own the game and don't WANT to be forced to swap CDs all the time, just to constantly prove that I paid for the damn thing. I shouldn't have to. Honestly, it's insulting.
AFAIK, every form of copy/piracy protection that has ever existed has been cracked, and typically in a relatively short amount of time. The ones doing the pirating don't care - they have come to expect it, and finding out how to crack the software will be widely preferred to forking over the cash anyway. The crackers/warez distributors don't care either - indeed, quite the opposite, as many crackers will love the chance to be the first to crack a new protection scheme. The only ones who care are the legitimate users, because they're the ones who usually suffer.
Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer.
Won't happen. The speed of light alone will cause enough round-trip latency to kill such remote-X gaming. There needs to be at least some predictive power on the client in order to preserve the speed of cause and effect.
Shouldn't there be some kind of license inheritance there?
As far as I know, Wine is under GNU LGPL, a weak copyleft license. There exist free software licenses with even weaker "inheritance" properties (as you put them) or "viral" properties (as Microsoft put them), such as the various permissive licenses such as those of zlib, FreeBSD, X11, and the like.
Think of it this way: they spend weeks implementing and thinking out an activation scheme only to have it completely and utterly CRACKED within hours of the product being leaked/released.
The fact is, it doesn't affect piracy one bit, but now users gotta deal with additional BS. For example, piece together a new PC and put your copy of XP on it. Now, after activation fails, try to convince Microsoft that you destroyed or got rid of the old computer!
It's not the fact that activation makes it easier, it's that the second a company boasts of having software that's uncrackable, it makes headlines and is often one of the first things to be cracked. In addition, the crack is often spread around so much to the point where it's hard NOT to find it.
All because they decided to announce to the world that their new copy-protection/activation scheme is the shit.
We have secretly replaced these Slashdot mods' sense of humor with a rusty nail. Let's see if they notice!!
People who steal should be punished.
Agreed. Unfortunately you seem to have bought the line that copyright violation is somehow equivalent to theft.
It isn't. It never has been. But if enough people like you refuse to exercise their brains concerning the matter and keep insisting that the two are one and the same, then some day they will be - at least legally. And then we're all fucked, since from that point on we won't even have the right to back up the product that we PAID FOR.
We'll be just what the software companies want us to be: licensees. We'll never own anything we purchase from them, and if they can get away with that sort of fucked-up bullshit, what's to stop other companies from doing the same thing with their products? I suppose you'd be happy RENTING everything in your house for the rest of your life, unable to do anything with it that isn't specified in the EULA that comes with those items?
If so, whoredom is just a short step away for you and everyone else like you.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
I haven't thought this completely through, but something tells me there are a couple possible security problems opened up by this practice:
1) I get hold of a copy of your tarball. Maybe we're on the same system, or maybe I find it on a CD, or maybe I'm your ISP, or your proxy provider, or whoever. Now I can redistribute your file to as many people as possible, in order to get you in trouble with the company that is tracking the IDs. This must be a known issue with all watermarking schemes, I suppose.
2) If the company has to distribute a new MD5 with every file, and if I can get in the middle between their download site and the world, I can inject the ID and MD5 hash of my enemy's file into the outgoing streams. Same effect as number 1, the user pointed to by that ID gets in trouble.
I there a name for this kind of security problem? We could call it the let's-you-and-him-fight problem, maybe.
Or maybe word 3 of paragraph 2 on page 6...
They must be new in town.
The short ansewr is, Yes.
To lengthen the answer: because without revenue, the product will cease to exist.
I mean, seriously. Come off it, you wankers. "It breaks gentoo's ebuild". BFD. It's still (relatively) simple to work around. Are you that much of an automatron that you can't deal with this miniscule inconvenience?
This presents a fairly striking point about the majority of Linux/"free software" people. They're also largely proprietors of warez and other forms of copyright violation/property 'theft'. It's no small wonder why commercial products are slow to come to Linux - there's no market for them, as most would be pirated by the geeks and there'd be miniscule revenue.
Sure, there's a place and probably a market for large commercial apps, but I'm talking about smaller things (such as the transgaming stuff). There are quite a few people that truly ascribe to the "free as in freedom" philosophy on a whole. Most people just want a free ride.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Um. I'm not sure if your comment is off-topic, or if you simply don't understand what TG is doing.
They're "watermarking" stuff to to be able to essentially track legit users. IE, they will give support to people with legit watermarked tarballs. IE, service. Warezed copies will not receive services, thus not costing the company any direct money. You didn't honestly think the company was stupid enough to think they could 'prevent' piracy, did you? No, there will always be morally corrupt people such as yourself out there that have no compunction about not paying for what they get.
Hopefully this makes sense to you.
Oh, and one more thing - TG's software is making niche software. They are not making popular software. Your own argument is self-defeating.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
The fact is, it doesn't affect piracy one bit, but now users gotta deal with additional BS. For example, piece together a new PC and put your copy of XP on it. Now, after activation fails, try to convince Microsoft that you destroyed or got rid of the old computer!
I have actually done this, and there is no problem at all. Ive changed my PC 5 times since I bought the XP license that requires activation, and only on the latest switch did the online activation fail. I rang a 0845 number (UK) and got hold of a very nice girl in a call center. All she asked me was if this installation was a unique install IE I hadnt installed it on other PCs. When I said yes, she reset my activations and gave me the option of activating through her or redoing the online activation, which I chose and was carried out without a problem.
Yes, anti piracy schemes get cracked, but cars also get broken into, you wouldnt see Ford selling cars without a doorlock. They are there to slow down the casual pirates, not the hardcore people.
As far as I know:
Most games have some sort of copy protection in them, making simple WINEing of the executable not work (tries doing magical windows assembly voodoo or some such).
What TransGaming have done is to take WINE (legally under a permissive licence) and continue to develop it for games, in addtion to licencing these copy protection schemes from the people who make them. They are under a contract to not reveal these copy protection schemes, and hence don't. Everything else is avaliable for download from their CVS repository.
^^The world as I understand it.
You obviously think you're quite a wit.
You're half right, anyway.
- Step 1: download the file.
-
Step 2: Blank out the watermark, saving it elsewhere.
-
Step 3: MD5sum the watermark-free file.
-
Step 4: Restore the watermark.
-
Step 5: Act like nothing's wrong.
<flame>I've always held that Gentoo users are like Debian users, but with less ingenuity|/usr/games/fortune
You don't have to use Cedega - if you're that keen on gaming, you probably have a Windows license kicking about somewhere anyway so just install that for gaming purposes as a dual boot.
Doom 3 is about the first game I've noticed that doesn't run on Windows 98 (at least according to the box) but apart from that, 98 is fine for the occasional gaming session - just do I like I do and do all your important stuff in Linux.
Gentoo Linux - another day, another USE flag.
Reading through the post, it is surprising that, after at least 10 downloads, he (she?) never suspected that the MD5 utility being used has either become corrupt, or has been cracked, causing it to not produce correct hash output.
After the third or fouth failure, you should start considering more unlikely causes - corrupt MD5 utility, OS bugs, memory errors, etc. Any one of those could have cause the problems being described.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
No.
And make that "perceived security".
And remember kids: Never trust a computer you can actually lift.
I love transgaming, and was encouraging everyone I heard was using CVS to buy a subscription... but not anymore. I won't buy stuff from a company that would do something like this... well, the fact they did it isn't so bad, the fact they hid it is.
Jay | http://oldos.org
but cars also get broken into, you wouldnt see Ford selling cars without a doorlock
The difference is a car owner WANTS the lock to be there. I am glad to take an extra 2 seconds to get my keys out of my pocket if it helps prevent the stuff in my car from being jacked.
I don't benefit in any way from software activation or CD keys. It is nothing but a hassle when you buy the software. It's easier in many cases to install the cracked version.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Bioware also removed the copy-protection from the Windows version of
Neverwinter Nights, around 1.29, I think. It caused more trouble than good,
I guess.
(Can't be arsed to dig through the patchnotes)
Those who want to use Cedega, but not pay the licensing fee, can just use the CVS tree download from the transgaming website, that comes free and no subscription required. All that is missing is the point2play system and their installer. What is to stop people packaging up the CVS version and distributing that instead?
IMHO the fact that they provide a CVS version negates the requirement to go and pirate it anyway.
Nick...
Electronic Music Made Using Linux http://soundcloud.com/polyp
Apparently it is watermarking...I downloaded two copies:
.tgzs of the same data would be different?
$tar xvzf cedega1.tgz
$ls
cedega1.tgz cedega2.tgz usr
$mv usr usr1
$tar xvzf cedgea2.tgz
$mv usr usr2
$ls
cedega1.tgz cedega2.tgz usr1 usr2
$diff -r usr1 usr2
$
'Nuff said. Its just a watermark, not in the actual files. If you do a:
$diff -rs usr1 usr2
it'll report that every file is identical, just to verify.
Then, make an unwatermarked version:
$mv usr1 usr
$tar czf cedega_clean.tgz usr
Sadly, if you compress the *exact* same folder twice with tar czf it will not md5sum the same (try it!). I can't say I know why. So basically, this helps with piracy but not with the verification problem. =( Don't know how to fix the ebuild problem. Anyone that knows more about why the md5sums for two
Well, let me run a scenario by you.
"MD5 prevents haxors from owning my software provider's boxen and giving me bad evil rootkits! I just compare the MD5 checksum to the software I downloaded and if they match, I know its genuine!"
"Hey, where do you get that MD5 checksum from anyway?"
"The software provider's website.... oh, shit."
Can I suggest that MD5-signed binaries are only useful if the MD5 signatures are widely available from places that aren't the manufacturer?
---
Mod me down, you fucking twits. Go ahead. I dare you.
(I read with sigs off.)
As they seem to devolve, I just want to hold up my hands and give a nice golf clap to the folks that seem to do everything in their power to shove a stick up the ass of linux gaming. Thanks Guys!
Now that they don't give anything back for eon's, and tag their crap with the gayness of primate DRM, they can sit back and know that they've made life just a little bit better for.... nobody.
Not to mention the crap some people go through when they find out their CD Rom is no longer able to read the SafeDisc protection that a game has. For example, see Neverwinter Nights 1.32 patch. Bioware hated Atari for it, and you got the impression on the message board that there were a lot of bioware affiliates who were silently endorsing the idea of using Daemon Tools, or getting a noCD patch for your legit copy of the game if your CD drive didn't work.
~Will
sig?
I would like Transgaming to rott and dissapear, if you don't, then take a look at this
Look at it this way. You're at a supermarket. At the meat counter, there is one of those machines with tags, so they can call a number to ask the next person to come to the counter, rather than making everyone wait in line.
Do you not use this system because it's a loss in privacy? They could link the tag number with the meat you're buying! And they could link the tag number with your face! So they'd know what meat you were buying...wait...nevermind.
Unless you redistribute the Transgaming binary, the only effect of this is upon Gentoo and the MD5 hash. There are no privacy ramifications whatsoever. The MD5 problem has already been resolved in one line of code, and thus is a non-issue. As to the Gentoo problem, it could be completely resolved by making a package which executed a script to install Transgaming after verifying the non-unique bytes of the tgz.
Perhaps you might want to back up this "fact" with evidence ? Such as some examples of software that wasn't released on PC because of piracy ?
Of course. That's why there's no new games being released for PCs. None are being planned either. And there certainly is no freeware/FOSS ones either.
Slashdot confirms it - PC is dying :).
Apparently some companies think that it still makes sense to make games on PC. But what do they know :)
I must have imagined those hundreds of pirated PS2 and XBOX games on suprnova then.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
I am going to cancel my subscription over this. If you have a subscription and feel the same way, cancel yours. Our money talks and if their business practices go sour, it will walk.
Why bother.
Hi all,
0 9# 4009
I've posted an official response here:
http://transgaming.org/forum/viewtopic.php?p=40
Take care,
-Gav
--
Gavriel State, Co-CEO & CTO
TransGaming Technologies Inc.
gav@transgaming.com