Slashdot Mirror

← Back to Stories (view on slashdot.org)

TransGaming Tagging Downloads to Combat Piracy

Posted by michael on from the tag-you're-it dept.

SeanTobin writes "It seems that TransGaming is implementing a new watermarking system to combat piracy. For now it seems that every tgz of Cedega 4.0.1 is individually tagged, and this has been frustrating Gentoo users who (like many others) like to be sure their archives are unmodified. Is this the future of software downloads? Is this tiny loss of personal privacy worth the increase in TransGaming's security?" Update: 08/16 17:42 GMT by S : There's an official response on the TransGaming forums indicating: "We can confirm that Cedega 4.0.1 included some basic watermarking... The objective behind the watermarking was to deal with some peer-to-peer piracy issues that we've been seeing over the past several months... We have suspended the watermarking feature for now and Gentoo users no longer need to be concerned with work-arounds."

18 of 512 comments (clear)

  1. Breaks gentoo ebuilds by ChronoWiz · · Score: 5, Interesting

    This is a real pain because it actually breaks the gentoo ebuilds!

    1. Re:Breaks gentoo ebuilds by Nasarius · · Score: 5, Insightful

      You're right, but that's just a workaround. There's no way for the Gentoo developers to really fix this without disabling an important security feature of portage.

      --
      LOAD "SIG",8,1
    2. Re:Breaks gentoo ebuilds by zerocool^ · · Score: 5, Funny


      Funny... I'm trying it on your server at work, too...

      --
      sig?
  2. Different md5sum is a problem. by nayigeta · · Score: 5, Interesting

    How would one verify that an archive is correct, or packaged from a reliable source, if the md5sum differs?

    In my opinion, the cons outweight the pros for doing so.

    --
    Sunset over the lake, cool mist over the bridge; A leave upon the ripples, the snow reflects its glow.
  3. Re:easy workaround by riprjak · · Score: 5, Funny

    Or, as an alternative; fsck transgaming and use traditional WINE... or simply use the gentoo ebuild tools to generate a new MD5 hash based on the .tgz you downloaded... you *DO* trust transgaming's own binaries, dont you??? hmmm??? :)

  4. Re:easy workaround by pc486 · · Score: 5, Informative

    From the article:

    Bytes 0x10 through 0x23 in the tgz are the signature. They are unique in every download and are probably recorded by transgaming to know who downloaded what archive. Also, all hopes of using md5 or any other form of checksumming to verify valid files are out the window.

    So there you have it. Gentoo is forced to download from Transgaming's website and they keep changing signatures. Unless you are installed a warezed copy of it, MD5 checksums arn't going to be of much use.

  5. Re:easy workaround by Anonymous Coward · · Score: 5, Interesting

    If byte 0x10 through 0x23 are always going to be unknown then assume byte 0x0 to byte 0x23 are unknown.

    Then publish the md5sum of bytes 0x23 and on. It wouldn't be very difficult to modify md5sum to start reading from a given byte offset.

  6. No surprise here by Lord+Byron+II · · Score: 5, Insightful
    I think it was no secret that this was going to happen eventually, although the article makes it sound like just the tgz is tagged, not the binaries themselves. So you should be able to open it, re-zip it, and be on your way. I hope that they are providing md5's for those of us who are smart enough to check.

    But from reading the article, I don't get the impression that this is an anti-piracy effort either. Consider that the RPMs and DEBs are unaffected. Could be anti-piracy, but it could also be just a download counting system or maybe per-user customization.

    Certainly, it seems clear that they're not actively tracking you and that they're not going to be able to tell if you happen to install it on your desktop and laptop. The only way you're going to get in trouble (if that is indeed their goal) is if your unaltered tgz starts appearing en masse on the p2p networks.

  7. Well, it was bound to happen sooner or later. by Anonymous Coward · · Score: 5, Insightful

    If Linux is going to go bigtime on the desktop, you are just going to have to put up with this kind of stuff. Hell, I would bet that distributors put even more protection on commercial Linux apps/games since (pardon my generalization) Linux users are used to software being free (as in beer). Prepare for it to get worse in the coming years.

  8. Loss of Privacy? by LochNess · · Score: 5, Insightful
    Is this tiny loss of personal privacy worth the increase in TransGaming's security?


    If you don't download it, you don't have any "loss" of privacy.

    People throw around the idea of the loss of privacy as though they are being compelled to download whatever it is.
  9. It's not the best way to do it... by zarthrag · · Score: 5, Insightful

    ..but I feel their pain.

    I've discussed this option before, and it's difficult to do without developing an entirely new online distribution format, however it is (in the end) an infinite uphill battle when it comes to copyprotecting non-multiplayer games. Signing a download will simply thward willy-nilly copiers. Any warez producer worth their salt will breeze by this one by either producing their own archives by simply ferreting out the watermark.

    I'm not familiar with cedega, but I'm sure it's no different from any other title. If it ain't an MMO, you can't attain near-zero piracy - period.

    Maybe someday, when bandwidth is free, we can write games that you simply "connect" to. It'll connect to your kb/mouse/controllers, and you'll get a video feed back, or some commands for your 3D renderer. No updates, no piracy, no privacy.

    --
    Why can't all fpga/microcontroller manufacturers just release free optimizing compilers???
  10. Re:easy workaround by Vreejack · · Score: 5, Insightful

    I think that was the original point. All the cracked versions will have 0x00 in the tags, but legitimate users will be encumbered.

    When a copy protection scheme makes it desireable for legitimate users to used cracked versions of the software then there needs to be a rethink.

    --
    "Will future ages believe that such stupid bigotry ever existed!" -- Ivanhoe
  11. Re:Microsoft has done this already... by Trelane · · Score: 5, Interesting

    Except that it's a major PITA for those of us who do subscribe and do like the integration/installation ease of Gentoo.

    Just like it's a major PITA to carry around all those double-danged game CDs despite the fact that I could install the full version on my laptop and not have to worry about tracking the original media and making sure it doesn't get lost/damaged/stolen. Does it hurt the pirates? No, they are just using a burned copy anyway; they can make a burned copy as a backup. Backups don't work for me, the legal user, but they sure work well for the pirates! Gee, thanks!

    [BTW, a major thank you to Bioware and Unreal Tournament 2004: at least for the Linux native versions, no cd is required to play! Yaaaay!]

    --

    --
    Given enough personal experience, all stereotypes are shallow.
  12. Re:And who is to blame??? by cleverhandle · · Score: 5, Funny

    So how about the leeches among us start supporting the rare breed of company that shows any interest in Linux on the desktop?

    No joke - somebody mod this fellow up. TG is, by all evidence I've seen, a totally community oriented gig. They let you vote on future developments, send status updates containing at least a modicum of technical detail, provide packages in all sorts of formats, and have their devs man their message boards with reasonable regularity. What the hell more could you ask of a company?

    If you rip off TG, you're ripping off the good guys. Don't even try to tell yourself otherwise.

  13. Trust by Kaseijin · · Score: 5, Insightful
    simply use the gentoo ebuild tools to generate a new MD5 hash based on the .tgz you downloaded... you *DO* trust transgaming's own binaries, dont you??? hmmm??? :)
    You may have been joking, but whoever modded this insightful presumably wasn't. The Portage hash check assures the user that the Cedega tarball isn't really a rootkit uploaded by whoever 0wned TransGaming's server. It would be best if all publishers cryptographically signed their releases, but since most don't, comparing hashes with a trusted third party like Gentoo is a reasonable compromise.
  14. As far as I'm concerned... by Ghostgate · · Score: 5, Insightful

    ... any action that makes things more difficult / inconvenient / annoying / etc. for legitimate users of a piece of software (or anything else - like an audio CD) is an action that should not be taken.

    When I am using software that I am a legitimate owner of, the last thing I want to do is jump through a million hoops just to prove I'm legit. For example, I'll be the first to admit that when I BUY a PC game, the first thing I do is go looking for a "no CD crack" to download. Why? Because I own the game and don't WANT to be forced to swap CDs all the time, just to constantly prove that I paid for the damn thing. I shouldn't have to. Honestly, it's insulting.

    AFAIK, every form of copy/piracy protection that has ever existed has been cracked, and typically in a relatively short amount of time. The ones doing the pirating don't care - they have come to expect it, and finding out how to crack the software will be widely preferred to forking over the cash anyway. The crackers/warez distributors don't care either - indeed, quite the opposite, as many crackers will love the chance to be the first to crack a new protection scheme. The only ones who care are the legitimate users, because they're the ones who usually suffer.

  15. Re:And who is to blame??? by k8to · · Score: 5, Insightful

    Transgaming is selling a product based on Wine, a totally free software project. TransGaming has added to that codebase, but without contributing most of those additions back to the Wine codebase.

    They have brought value to their product, which is why it is worth any money at all, but they have not really been a team player with the free software community.

    In addition, there have been various sketchy issues, including a promise (unfulfilled) of opening their codebase when they get a bunch of subscribers. They also damaged sales of a native linux port by wine-porting it redundantly (kohan), have used linux-subscriber funds to port games to macintosh instead of linux which were not made available to linux subscribers.

    Now, these are oversimplified descriptions, and I'm not suggesting they are an evil bunch of people. But describing them as "totally community oriented" is simply inaccurate. There is also the contestable issue that they may be helping to prevent the growth of the native Linux games market by diverting demand to windows games, while also providing a poor linux gaming experience (look at the list of fully supported games, it's quite small). This view is not airtight but it's not invalid either.

    In short, they are not the "good guys". They are a business out to make a profit regardless of whether their actions are "good" or "bad".

    --
    -josh
  16. Re:easy workaround by Anonymous Coward · · Score: 5, Funny
    It's trivially easy to do.
    cp cedega-4.01.tgz cedega-4.01-backup.tgz &&
    dd bs=1 seek=16 count=19 if=/dev/zero of=cedega-4.01.tgz &&
    dd if=yay2.txtcedega-4.01-backupt.tgz of=cedega-4.01.tgz seek=36 bs=1

    Linux is just like Windows! Linux is ready for the average user! Linux is easier than Windows!