Slashdot Mirror
Game Publishers Using Stealth P2P Clients
An anonymous reader writes "TorrentFreak has shed some light on the dark practice of installing stealth-mode P2P clients during game downloads and using unsuspecting gamers' PCs as 'bandwidth slaves.' The clients operate in the background and largely go unnoticed until problems arise that are caused by overactive uploading/seeding. While the Akamai NetSession Interface and Pando Media Booster are specifically called out, there appear to be other offenders as indicated in the comments left by TorrentFreak readers. A publisher called Solid State Networks is putting out a call for an industry-wide 'best practices' effort to promote transparency, control and privacy on behalf of gamers who are otherwise being abused for their bandwidth without their consent."
Hai, I'm in your services stealing your bandwidths?
GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
Despite the clever use of the misspelling "Hai", your grammar is obviously much too polished. You, sir, are no LOLcat. Buy your own damned cheeseburger.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Isn't this how Blizzard distributes updates for their games?
Data usage costs money. Anybody offering a server with "Unlimited" bandwidth on a web server is lying to you, and the more data transfer a plan allows, the more expensive the hosting gets. Exceed your transfer limit on a server, and expect to pay cell-phone like overage fees.
Right now, this isn't a big deal because what they're stealing from their users doesn't cost the user extra right now... but imagine if the GB they stole from you is the one that puts you over a Comcast-style cap. That would suck big.
The network operators have already been complaining about illegal torrents not just because they're illegal content sharing, but because having people uploading like crazy from the consumer side of their network just isn't what they designed it to handle. Now, what are they going to say when the content is legal, and the user got suckered into agreeing to allow it in a game's TOS?
Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.
I reinstalled Dungeons and Dragons Online recently. The installer uses Pando. However, it wasn't very sneaky about it. It was in the install at some point.
It would have been nice if it had uninstalled itself after the several gigabyte download or if the installer had explained more about the consequences of leaving it installed. The information about Pando was easily available to me via a web search. Pando uninstalled without any problems from the Windows control panel.
I wouldn't worry about it fairly polite software like Pando too much. The kind of people who install everything without reading the dialog boxes or doing any research are going to end up with their computer stuffed full of malware in any case.
Now that's definitely an advantage of web games like Game!, there's no client to download in the first place!
Game! - Where the stick is mightier than the sword!
But if we're ALL using more bandwidth, shouldn't that bandwidth get cheaper? The laws of supply and demand apply here, do they not?
There's no -1 for "I don't get it."
...but don't mind us as we steal your bandwidth. Oh but we *did* get your explicit permission. It was buried in that wall of text you agreed to that we could.
You can.
:P
Pull plug out of ethernet jack.
Put plug into ethernet jack.
What more do you want?
I read TFA and all I got was this lousy cookie
If we're all using more bandwidth, that's a demand increase, not a supply increase.
Okay sure. Well how about most places where you're on a capped bandwidth limit? Wonder what would happen if people started sending bills to the company who's sucking up all their bandwidth. It's sure not exactly cheap, some places have no cap on the amount they can charge you, and others cap at a max of $50/mo.
And no, ELUA's, walls of text, and so on are not binding everywhere. And where they are binding, many places require them to be plain declarations of intent(so people can understand them).
Om, nomnomnom...
As far as I can tell from any game I've seen, it only does it while patching. You download and upload while you get a patch. Any other time it isn't running. So how is that a big deal? All it does is help get patches out faster. Back in the old days of MMOs, patch day sucked. Everything ground to a halt as everyone hit the server at once. Game companies couldn't afford the massive network of servers like Microsoft has. P2P helps solve that. As more people download, more people upload and it stays more even.
So long as it is happening only when you are patching, I don't see any big deal. Now if they are trying to make you a server all the time in the background, then yes we'd have a problem but I have not observed that behaviour.
Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.
Your contribution to this discussion is sort of depressing.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I called them out for it and it fell on deaf ears.
It's not their bandwidth so they don't really care.
They are using Pando Media Booster... and it's so badly set up that it takes 4 times as long to download the game
because they saturate the upstream, causing issues.
In short, these game houses don't care because it's a reduced cost to them.
You can. Pull plug out of ethernet jack. Put plug into ethernet jack. What more do you want? :P
I know you were speaking tongue-in-cheek but really, this is why both ingress and egress firewalling with a default-deny policy for each is a good idea.
Then it's not so simple for a company to help themselves to your bandwidth. That, by the way, should be illegal unless they first negotiate with you and obtain your explicit written permission to do so. Like anything else, they're not the ones paying for it so they don't automatically have some claim to use it. The failure to recognize that is generally known as "theft of services".
If the companies really think this is acceptable, perhaps they wouldn't mind several tens of thousands of browsers refreshing their home pages as quickly as possible? After all, they think it's acceptable to do as you please with another's bandwidth without their express consent... I have the feeling they wouldn't like that at all. In fact I have the feeling they'd use every legal means available to go after anyone who arranged that.
It is a miracle that curiosity survives formal education. - Einstein
Just a heads up, but media streaming is also heading this way. The "OctoStream" plugin for streaming video (Major League Gaming stream, etc) is also a P2P streamer.
If *I* did that id be in jail. Why aren't they?
---- Booth was a patriot ----
If I remember right, World of Warcraft distributes their patches over a P2P system. Maybe it isn't Ironforge that always makes you laggy....
OK, I know that Blizzard uses BitTorrent, but they're fairly upfront about it.
Someone else has mentioned Dungeons and Dragons Online, but they again mention it.
I know for a fact that the Final Fantasy XIV Beta uses P2P but makes no mention of it (thanks, firewall!), but thanks to the NDA, I can't tell you about that. Or I could post AC.
So can we name names and make a list of companies that mislead customers about P2P and waste their bandwidth? We can start with:
SQUARE ENIX: Final Fantasy XIV (no indication)
Of course this wouldn't work for an MMORPG that inherently requires network access. In my case, the few Windows games I play are single-player and run well under WINE on my Linux machine. I don't trust them in the slightest. I'll detail some of the measures I take:
That last one was handy back when I played WoW since the need for some network access meant I couldn't fully use the second security measure. The WoW client has a piece of spyware intended as an anti-cheating device. It takes a list of all running processes on the computer as an attempt at detecting common cheat programs, like those that enable unauthorized automation of gameplay. It reports these results back to Blizzard.
With that feature of PaX/Grsecurity, that WoW client would only see itself and a few WINE-related processes (like wineserver and winedevice). On a more standard Linux system, any process belonging to any user can view every processes belonging to every user (as you can verify with the 'ps' command). I consider cheating to be Blizzard's problem. I didn't consider the processes I choose to run to be Blizzard's business, though I'm willing to reconsider if they ever give me a user account on their servers and let me see what I can see.
It's surprising in some ways and utterly unsurprising in others when I consider how much more control I have over these things with WINE and Linux than anyone running these games under real Windows. More than that, I have a much greater assurance that my control won't be undermined because at no point am I having to trust the good intentions of Blizzard or any other game company. Instead, I deny them everything and then allow them the few things I decide they have a legitimate need to do. This is how it should be. If that were the norm there would be no "stealth p2p clients".
It is a miracle that curiosity survives formal education. - Einstein
thus cost will increase until supply catches up or users learn about firewalls.
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
It's likely that to a normal firewall (i.e. one that a home user might have) the connection the game makes to be able to play is the same as the ones it makes to torrent stuff to other people. While it may be theoretically possible to isolate the handful of IP adresses that a given game actually needs to access to work, good luck finding a firewall that will actually let you restrict that game to those addresses, and that doesn't even begin to tackle games with a multiplayer mode which just hook individual users together (not sure how many still do that now, but there are bound to be some).
FGD 135
The average price of 1 GB of transferred data on CDN's is 10-15 cents. I'd be surprised if they don't get 10 cents from advertising by the time people do 1 GB worth of downloads. IMHO the companies are just abusing the people's bandwidth without caring about the consequences.
And just fyi, I can buy today a dedicated server with a 1gbps unmetered connection (guaranteed and tested) for about 600$ a month. That's 0.18 CENTS per GB of transferred data.
But CDNs and server farms are closer to the backbone providers than your home and office ever will be... and that's where the network planners are expecting content to come from. A $60 Comcast connection that can only handle 250 GB a billing cycle is 24 cents a GB... and that's 1500 times the cost of "doing it right" by paying for your CDN instead of trying to get your users to supply the uploads.
I don't get what you're trying to say.
You can't compare the quality bandwidth of a CDN (fast download speed, consistency, multiple points of presence close to users) at 10 cents a GB with an unreliable, poor quality, possibly throttled bandwidth home users who may turn off their computers at any time.
P2P connections are good as addition to good regular connections and good quality bandwidth becomes cheaper and cheaper so p2p in my oppinion should only be used as last measure.
Back to the original story, this games company is installing hidden P2P servers instead of paying a CDN... basically passing a cost they should pay for onto the users, who would rather see it included in the price of the game than forced onto them because their computers don't make good servers.
If you're running Windows 7 or Vista, the first thing you should install is the Network Meter (and All CPU Meter) gadget. If you suspect any unusual activity, you can quickly glance at your CPU and network resources being used.
You can get them at http://www.addgadget.com/
Life is not for the lazy.
You can't comment on whether Final Fantasy 14 discloses that it uses P2P, because you don't have a copy of FF14. You only have a copy of the beta. The fact that it uses P2P to download the beta client and updates is spelled out in the download and installation instructions that you clearly didn't read.
If it's OK to do this with a game you like a lot, with terms hidden deep in the fine print of the EULA, then it's also OK for every cheesy browser plugin and toolbar extension and Java Applet.
Sure, you're OK with one hidden P2P client on your system. How would you feel about 175 of them?
Help stamp out iliturcy.
It's likely that to a normal firewall (i.e. one that a home user might have) the connection the game makes to be able to play is the same as the ones it makes to torrent stuff to other people. While it may be theoretically possible to isolate the handful of IP adresses that a given game actually needs to access to work, good luck finding a firewall that will actually let you restrict that game to those addresses, and that doesn't even begin to tackle games with a multiplayer mode which just hook individual users together (not sure how many still do that now, but there are bound to be some).
Yes, but at that point it's no longer a stealth P2P client. That transfers it out of the realm of a technical problem and into the realm of a problem of the marketplace. Then a user can knowingly choose to purchase from such companies or not, and that's the point. It's the "stealth" or "buried in page 111 of the EULA" part that's the real problem here.
.EXE files that are or are not allowed to open certain sockets. That's more like an ACL applied to a narrow set of system calls. A proper firewall is for the management of IP traffic and doesn't necessarily need to know anything about specific processes, though that can be an extra feature (i.e. the Linux firewall's optional "owner" module). It always struck me as a kludge for nontechnical users who know little or nothing about network protocols but do recognize labels like "firefox.exe". With a proper stateful firewall and some networking know-how it's trivial to restrict traffic to a set of known IP addresses and you may still be able to recognize and allow things like multiplayer modes that connect individual users together.
As far as "good luck finding a game that will actually let you restrict that game to those IP addresses", any firewall worthy of the name lets you match traffic by IP address. You can do that with or without any ability to consider what program on your machine is opening the sockets.
What follows is just an aside and not my main point. Still, I never really liked the trend for Windows firewalls to do little more than maintain a list of
It is a miracle that curiosity survives formal education. - Einstein
Over here (Australia), we have metered bandwidth. Back in the day, it used to be metered downloads, and if you went over your limit, you were charged high overage fees. Dollars per megabyte. That was common... 8 years ago?
Until recently, most ISPs used metered downloads, with shaping instead of overage fees (stupidly labelled as "unlimited" by marketing departments, despite being nothing of the sort). Generally, you go over your quota, and your connection speed is reduced to approximately dial-up speeds.
Shaping really sucks - going from ~8Mbit/s to ~64Kbit/s is ridiculous, especially considering they usually implement shaping by simply dropping packets. It doesn't just slow things down - it makes it unreliable as well. It basically leaves you with an unusable internet connection for the remainder of the billing period.
There's no provision for adding more quota either. You could upgrade to the next highest plan (if you aren't on the maximum already - the highest most ISPs offered was around 100GB/month until the last month or so). Assuming they don't adjust the extra quota depending on the remaining time in the billing period. Mine does - if I upgraded to a plan with an additional 10GB/month, but only had 1 week remaining, I'd only get 2.5GB extra. I'd then be stuck on that plan, unless I wanted to pay a $20 downgrade fee.
The two largest ISPs also have metered uploads, and have done for years. The third largest ISP is introducing them as part of their recent plan upgrades. I expect others to follow, if they haven't already.
huh? when you run the updater for FFxiv it clearly shows your download AND upload speed in the panel. if that isn't obvious, i don't know what is.
http://www.accountkiller.com/removal-requested
I see Blizzard uses basic bittorrent, a really old client code licensed which doesn't have any kind of encyription/security features.
So, if you are customer of an evil ISP which does packet inspection and shameless enough to conspire your connection with RSET, what happens when you update WoW and try to browse web same time?
As a side note, for OS X admins who may have heart attack, one of Akamai "P2P" frameworks on OS X is actually named "RSPlug". It is not the RSPlugin virus. Guess what it comes with? 2nd hand car priced Adobe suite, CS3 or CS4, not sure.
Well, World's most popular video streamer has "P2P" now, in Adobe fashion, you must pay extra money for server upgrades to enable it but it exists in Flash Player 10.1.
http://labs.adobe.com/technologies/stratus/
I am sure everyone in industry is testing it in their intranets now as people really went crazy over resolution, they demand at least 720P, no matter what the content is.
Wonder what will they do about it, e.g. if Youtube enables it one day? As youtube isn't exactly piratebay, if you ban it, your customers ban you as soon as they figure their video isn't working.
I heard Windows has its own P2P framework to build applications and MS could use it for Windows Update anytime they wanted but they didn't enable it yet.
http://technet.microsoft.com/en-us/network/bb545868.aspx
They also bought a relatively little known P2P company recently. I am almost sure they could be using same bandwidth as youtube for windows updates. Of course, youtube has ads, windows update hasn't.
If something like you suggest implemented on *NIX, OS level, recently tested rtorrent myself, on a 1.25 Ghz G4 Mac mini. It is absolutely the choice without question. I mean "libtorrent". 1% of CPU on full bandwidth, speechless.
Yes, but ISPs are currently busy demanding more and supplying less for it. That's how supply and demand works once regulatory capture sets in.
I have unlimited data transfer at 5Mbit/sec for $10/month. At least that's what I get from my ISP and they explicitly allow me to run any services I want (I just can't send mail through port 25 without making a phone call first and even that takes only a few minutes and it's a one-time activation). This is in Romania.
Yes, it's sarcasm. Deal with it!
No. This is a demand increase, and the laws of supply and demand say that price will rise to the point where it becomes attractive for more people to supply bandwidth to the market.
A lot of our current bandwidth comes from cables laid by companies that went bankrupt during the .com bubble, and the current owners got them from the liquidator for much less than it cost to lay them. If we were to increase bandwidth capacity, we would have to pay full price for those cables and that would mean a massive increase in bandwidth costs.
Mobile broadband for home use is quite popular too. Particularly those with less disposable income like to be on pay-as-you-go so they can simply not top up if they are short that month. Obviously anything which slyly sucks up your bandwidth is a big problem when you buy 1GB chunks of data.
It isn't just hidden P2P though, even Windows Update patches and anti-virus updates can quickly suck up your allowance. There needs to be a system that lets apps know when they are on a pay-per-meg connection and should refrain for any unnecessary network activity.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
The FFXIV beta really should mention that it uses a badly broken BitTorrent client as a "patcher". On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful, it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason. Insofar, it didn't get to use much bandwidth on my network, as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS.
The client is lacking any upstream limiting features, and poses as an opaque bandwidth stealer, so FWIW I consider it malware. There's also no easily reachable "STOP THE F***ING MUZAK" toggle. Any competent publisher that values its customers (so maybe all two of them) just buys bandwidth from some CDN and has the clients do straight downloads.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful
Or manually port forwarding, as described on the Beat site.
it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason.
Nonsense, I've killed it or had it crash multiple times while in progress. Still works fine. That's why, as with any BitTorrent client, it re-hashes the pieces it has downloaded and throws out any corrupt ones when it starts.
as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS
So, you didn't have UPnP or port forwarding set up, and it didn't work. That's not surprising.
The client is lacking any upstream limiting features
Any competent publisher that values its customers (so maybe all two of them)
So, in your opinion, rather than in practice.
Or manually port forwarding, as described on the Beat site.
Why should anyone be required to touch their router settings to install or run a game, unless they want to host game sessions? We're talking about settings here that mean opening up the system to even more vulnerabilities (UPnP gateway features), or require modifications that might well break functionality some time down the road (DNAT). In any case, the "average user" (and maybe to a lesser degree the "average gamer") does not have the knowledge about either alternative to evaluate risks or troubleshoot resulting problems.
it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason.
Nonsense, I've killed it or had it crash multiple times while in progress. Still works fine. That's why, as with any BitTorrent client, it re-hashes the pieces it has downloaded and throws out any corrupt ones when it starts.
I've had it just sit there with no progress for hours, and it timed out after several minutes for a few times, each time from a clean (re)install. In any case, the patcher was completely unable to resume, coughed up an error message, and terminated. No installation attempt resulted in any visible progress, either in the closed or in the open beta.
as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS
So, you didn't have UPnP or port forwarding set up, and it didn't work. That's not surprising.
Seeing how the instructions that SE pushes out for the closed beta (i.e., close to none) don't mention either, no I didn't, and it didn't work. So I followed the documentation, and it still failed.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
The real kicker is that the ISP's would rather not have people tricked into P2P sharing either, and they also have a vested interest in seeing the demise of intentional P2P sharing as well.
Bittorrent especially is bad for ISP's because it is designed to fully saturate any endpoint they could dream up. No matter how much they invest in your local connection, bittorrent will saturate it, and by design it doesnt require the senders to have made the same sort of investment that was put into the receiving connection (my 6mbit cable is no match for a thousand disparate 56K modems all throwing data at me.)
It is no surprise that ISP's throttle P2P programs. It used to be that when a thousand machines all started sending data to the same address, we called it a Denial of Service Attack. Now we expect it as a "feature."
I like the idea of Bittorrent.. but I'm not an ISP. They don't like the idea of Bittorrent for obvious reasons.
"His name was James Damore."
They mention both. It's right in the instructions on the beta site.
The reason you have to change your router settings is that either your system and network are old enough not to use UPnP or you've opted to turn it off, and NATing IPv4 routers are a common but asinine blight on the world of networking.
At any rate, with zero configuration, you'll get at least the download bandwidth that you would get if they hosted their own update servers, as they host seeds.