Slashdot Mirror
Game Publishers Using Stealth P2P Clients
An anonymous reader writes "TorrentFreak has shed some light on the dark practice of installing stealth-mode P2P clients during game downloads and using unsuspecting gamers' PCs as 'bandwidth slaves.' The clients operate in the background and largely go unnoticed until problems arise that are caused by overactive uploading/seeding. While the Akamai NetSession Interface and Pando Media Booster are specifically called out, there appear to be other offenders as indicated in the comments left by TorrentFreak readers. A publisher called Solid State Networks is putting out a call for an industry-wide 'best practices' effort to promote transparency, control and privacy on behalf of gamers who are otherwise being abused for their bandwidth without their consent."
Hai, I'm in your services stealing your bandwidths?
GENERATION 25: The first time you see this, copy it into your sig on any forum and add 1 to the generation. Social exper
Despite the clever use of the misspelling "Hai", your grammar is obviously much too polished. You, sir, are no LOLcat. Buy your own damned cheeseburger.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Isn't this how Blizzard distributes updates for their games?
Data usage costs money. Anybody offering a server with "Unlimited" bandwidth on a web server is lying to you, and the more data transfer a plan allows, the more expensive the hosting gets. Exceed your transfer limit on a server, and expect to pay cell-phone like overage fees.
Right now, this isn't a big deal because what they're stealing from their users doesn't cost the user extra right now... but imagine if the GB they stole from you is the one that puts you over a Comcast-style cap. That would suck big.
The network operators have already been complaining about illegal torrents not just because they're illegal content sharing, but because having people uploading like crazy from the consumer side of their network just isn't what they designed it to handle. Now, what are they going to say when the content is legal, and the user got suckered into agreeing to allow it in a game's TOS?
Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.
I reinstalled Dungeons and Dragons Online recently. The installer uses Pando. However, it wasn't very sneaky about it. It was in the install at some point.
It would have been nice if it had uninstalled itself after the several gigabyte download or if the installer had explained more about the consequences of leaving it installed. The information about Pando was easily available to me via a web search. Pando uninstalled without any problems from the Windows control panel.
I wouldn't worry about it fairly polite software like Pando too much. The kind of people who install everything without reading the dialog boxes or doing any research are going to end up with their computer stuffed full of malware in any case.
...but don't mind us as we steal your bandwidth. Oh but we *did* get your explicit permission. It was buried in that wall of text you agreed to that we could.
If we're all using more bandwidth, that's a demand increase, not a supply increase.
Okay sure. Well how about most places where you're on a capped bandwidth limit? Wonder what would happen if people started sending bills to the company who's sucking up all their bandwidth. It's sure not exactly cheap, some places have no cap on the amount they can charge you, and others cap at a max of $50/mo.
And no, ELUA's, walls of text, and so on are not binding everywhere. And where they are binding, many places require them to be plain declarations of intent(so people can understand them).
Om, nomnomnom...
For people on metered broadband, yes, it is.
Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.
Your contribution to this discussion is sort of depressing.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
I called them out for it and it fell on deaf ears.
It's not their bandwidth so they don't really care.
They are using Pando Media Booster... and it's so badly set up that it takes 4 times as long to download the game
because they saturate the upstream, causing issues.
In short, these game houses don't care because it's a reduced cost to them.
You can. Pull plug out of ethernet jack. Put plug into ethernet jack. What more do you want? :P
I know you were speaking tongue-in-cheek but really, this is why both ingress and egress firewalling with a default-deny policy for each is a good idea.
Then it's not so simple for a company to help themselves to your bandwidth. That, by the way, should be illegal unless they first negotiate with you and obtain your explicit written permission to do so. Like anything else, they're not the ones paying for it so they don't automatically have some claim to use it. The failure to recognize that is generally known as "theft of services".
If the companies really think this is acceptable, perhaps they wouldn't mind several tens of thousands of browsers refreshing their home pages as quickly as possible? After all, they think it's acceptable to do as you please with another's bandwidth without their express consent... I have the feeling they wouldn't like that at all. In fact I have the feeling they'd use every legal means available to go after anyone who arranged that.
It is a miracle that curiosity survives formal education. - Einstein
Just a heads up, but media streaming is also heading this way. The "OctoStream" plugin for streaming video (Major League Gaming stream, etc) is also a P2P streamer.
If *I* did that id be in jail. Why aren't they?
---- Booth was a patriot ----
OK, I know that Blizzard uses BitTorrent, but they're fairly upfront about it.
Someone else has mentioned Dungeons and Dragons Online, but they again mention it.
I know for a fact that the Final Fantasy XIV Beta uses P2P but makes no mention of it (thanks, firewall!), but thanks to the NDA, I can't tell you about that. Or I could post AC.
So can we name names and make a list of companies that mislead customers about P2P and waste their bandwidth? We can start with:
SQUARE ENIX: Final Fantasy XIV (no indication)
Of course this wouldn't work for an MMORPG that inherently requires network access. In my case, the few Windows games I play are single-player and run well under WINE on my Linux machine. I don't trust them in the slightest. I'll detail some of the measures I take:
That last one was handy back when I played WoW since the need for some network access meant I couldn't fully use the second security measure. The WoW client has a piece of spyware intended as an anti-cheating device. It takes a list of all running processes on the computer as an attempt at detecting common cheat programs, like those that enable unauthorized automation of gameplay. It reports these results back to Blizzard.
With that feature of PaX/Grsecurity, that WoW client would only see itself and a few WINE-related processes (like wineserver and winedevice). On a more standard Linux system, any process belonging to any user can view every processes belonging to every user (as you can verify with the 'ps' command). I consider cheating to be Blizzard's problem. I didn't consider the processes I choose to run to be Blizzard's business, though I'm willing to reconsider if they ever give me a user account on their servers and let me see what I can see.
It's surprising in some ways and utterly unsurprising in others when I consider how much more control I have over these things with WINE and Linux than anyone running these games under real Windows. More than that, I have a much greater assurance that my control won't be undermined because at no point am I having to trust the good intentions of Blizzard or any other game company. Instead, I deny them everything and then allow them the few things I decide they have a legitimate need to do. This is how it should be. If that were the norm there would be no "stealth p2p clients".
It is a miracle that curiosity survives formal education. - Einstein
The average price of 1 GB of transferred data on CDN's is 10-15 cents. I'd be surprised if they don't get 10 cents from advertising by the time people do 1 GB worth of downloads. IMHO the companies are just abusing the people's bandwidth without caring about the consequences.
And just fyi, I can buy today a dedicated server with a 1gbps unmetered connection (guaranteed and tested) for about 600$ a month. That's 0.18 CENTS per GB of transferred data.
If you're running Windows 7 or Vista, the first thing you should install is the Network Meter (and All CPU Meter) gadget. If you suspect any unusual activity, you can quickly glance at your CPU and network resources being used.
You can get them at http://www.addgadget.com/
Life is not for the lazy.
You can't comment on whether Final Fantasy 14 discloses that it uses P2P, because you don't have a copy of FF14. You only have a copy of the beta. The fact that it uses P2P to download the beta client and updates is spelled out in the download and installation instructions that you clearly didn't read.
If it's OK to do this with a game you like a lot, with terms hidden deep in the fine print of the EULA, then it's also OK for every cheesy browser plugin and toolbar extension and Java Applet.
Sure, you're OK with one hidden P2P client on your system. How would you feel about 175 of them?
Help stamp out iliturcy.
huh? when you run the updater for FFxiv it clearly shows your download AND upload speed in the panel. if that isn't obvious, i don't know what is.
http://www.accountkiller.com/removal-requested
On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful
Or manually port forwarding, as described on the Beat site.
it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason.
Nonsense, I've killed it or had it crash multiple times while in progress. Still works fine. That's why, as with any BitTorrent client, it re-hashes the pieces it has downloaded and throws out any corrupt ones when it starts.
as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS
So, you didn't have UPnP or port forwarding set up, and it didn't work. That's not surprising.
The client is lacking any upstream limiting features
Any competent publisher that values its customers (so maybe all two of them)
So, in your opinion, rather than in practice.