Scams and Social Gaming

TechCrunch is running a story about the prevalence of scams and shady monetization techniques in popular social games on Facebook and MySpace. As an alternative to buying in-game currency with real money, many games make use of lead-generation offers — letting players sign up for a trial service or take a survey in exchange for the currency. The system is rife with scams, and many game developers turn a blind eye to them, much to the detriment of the players and the legitimate advertisers — not to mention the games that rightly disallow these offers and fall behind in profits. The article asserts that Facebook and MySpace themselves are complicit in this, failing to crack down on the abuses they see because they make so much money from advertising for the most popular games.

Rightfully disallowed?

[introspekt.i]

Rightfully disallow? Surely you mean the scam offers. There's nothing inherently wrong with monetizing lead generation, as long as you do it in a legitimate and safe ways. As a matter of fact, it's probably best to keep 3rd parties out of the process, but that's just MHO.

been happening forever in other forms

[Anonymous Coward]

When I was a youth in the 1960's the same kinds of scams were around, just not involving online computer games. Then, they were about subscriptions to get "10 records for $1" or similar. In all cases, they just take advantage of (not to put too fine a point on it) dumb people who don't bother to look into what they're really subscribing to.

If you give your CC or bank numbers to _anyone_ without understanding the transaction, well, a fool and his money are soon parted.

From TFA:

A typical scam: users are offered in game currency in exchange for filling out an IQ survey. Four simple questions are asked. The answers are irrelevant. When the user gets to the last question they are told their results will be text messaged to them. They are asked to enter in their mobile phone number, and are texted a pin code to enter on the quiz. Once they've done that, they've just subscribed to a $9.99/month subscription.

I've always maintained that being careless with one's information online (personal details, phone numbers, CC numbers, addresses) means it's only a matter of time until you get ripped off. Scams have been around forever, probably since humanity invented money. How long does it take for people to wise up? We've had thousands of years now. At some point, I think we have to acknowledge that people do have some responsibility to act in responsible ways, yes, even on Da Interwebs. The way to eliminate this problem is for people to act in their own self interest. If they refuse to do that, maybe we need to say, "hey, we're sorry you got scammed, but YOU chose to give them your CC number / sign up for a $10/month subscription / give away all your personal details. Now you get to experience the consequences of your actions."

This is news?

[techno-vampire]

As others have posted, scams have been around for as long as there's been commerce. All this is, really, is more proof that P.T. Barnum was right: there's a sucker born every minute, and two to take him.

Facebook has but one agenda....

[tardis owner]

Facebook is a tool specifically geared to produce profit and be a platform for allowing others to profit. Social interaction and networking are but secondary interests at best. Yes it is free to use, free to join but in the end, it is all to get ads in front of you and get you to spend money. One can profit so many different ways. Serious (business, organizational) networking is but one way one can profit. Data Mining is probably one of the biggest sources of profit and potential profit. Project Gaydar is an example of just one data mining project and a bit on the scary/dark side of things.

Re:been happening forever in other forms

[Anonymous Coward]

(Replying to my own post here) - also, why on earth would anyone let arbitrary scripts run when they don't have any idea what those scripts are doing? Maybe it's different for me; I grew up in the mainframe era, but my philosophy is, "I'll whitelist what *I* say is acceptable to run on my system. Nothing else gets to run."

Websites with 20 different cross site scripts? Sorry, but no thanks - my computer is my computer, not your computer, and unless there's a reason *I* agree with, you don't get to run *your* software on it. It boggles my mind that today's youth operate under the principle of, "Hey, sure! I'll run anything from anywhere without having the foggiest idea what it actually does, and I'll put all my personal details online for scripts to harvest". Maybe it's just a generational culture clash, I'm not sure, but I honestly don't understand the mentality behind their approach, and I suspect they also don't understand the mentality behind mine either.

On the other hand, I'm not the one with my computer in a botnet and having college kegstand photos turn up during job searches.

Re:Ok... so I'm too old to understand

[SpeedyDX]

A survey doesn't need to access your personal data, but the developers/publishers of those surveys may want to access your personal data (for whatever reason, nefarious or mundane). I suspect that it's just much more convenient and less labour-intensive for Facebook to have the same policies for personal data disclosure for all apps than to have different types of disclosure for different apps. Even if we assume the technical/programming aspect of it is easy enough, there would need to be a screening process for each individual app to ensure that it actually needs the data it's requesting, or complies with certain conditions, etc. A lot of policing would have to be done, and I'm not sure it's entirely fair to ask Facebook to hire more people to essentially protect its ignorant users from themselves.

As to why people allow this, they just don't see the harm in it. Whether they should see the harm in it or not is a different question altogether, but the fact is that they're just ignorant to the risks. And we're so conditioned with "OK click-throughs" that most people probably click the allow button without even realizing that they're giving permission for the app to access their data.

Time will help

[Strange Ranger]

A friend of mine recently posted this to her Facebook wall with a comment about people invading privacy and "stealing" her information:

So I asked in the nicest way possible "Did you think the people writing those quizzes were volunteers or worked for some kind of charity? What would you think if this stuff showed up in your inbox? Would you click on it?". Her reply was amazing. She TRUSTED facebook!

How is this even news? It's news because it's a new medium and people seem to need to learn all the old rules over again. There would be zero story here if these quiz offers and games were showing up in people's snail mail boxes. Just recently we've all gotten bored and thoroughly "experienced" with the same phenomenon arriving via email (w1n F1Fty d0llar$! Click here!). I don't know why people need to learn the same lessons over and over again, but they will, and then stories like this will be as dull and "back page" as stories about the mailman bringing junkmail, or nigerians wanting help in your inbox. Kind of sad but I guess that's (most) humans and there's not much to be done about it.

Re:Why is FarmVille fun?

[jjohnson]

I play Farmville, and don't buy any in-game cash, just work the available free mechanisms. I spend about twenty minutes once or twice a day.

First, I find it relaxing to just click away on my farm. In-game, a small amount of simple effort has tangible results (coins, not the cash they're selling) that I can convert to improving my farm, which leads to...

Second, there's a nice lego aspect of it, where building up coins lets you buy trees and buildings and decorations, so you can arrange your farm. The loading screen is a snapshot of someone's farm, and some people do quite impressive things, like making a farm-sized pumpkin out of coloured hay bales.

The first aspect is the basic mechanism of all games (effort->reward->advancement), and it works fine in Farmville. The second aspect is an explicit bonus, a sandbox part of gameplay that provides more reason to enjoy the game. I'll get bored of it sooner or later and stop playing, but I don't see Farmville as being a more profound waste of time than earning points in Battlefield 2142 so I can unlock the Ganz heavy machine gun.

As for giving away my personal information, I have nothing on my Facebook profile that I wouldn't share with a stranger at a party, so I don't care if it goes in a database somewhere. Zynga gets the my public profile (which is all I put on Facebook anyway), and that seems a low price to pay for some relaxing gameplay.

Re:Rightfully disallowed?

[Trepidity]

In the context of game mechanics I can't think of very many ways in which lead-generation is not trying to scam people.

The most scammy of course is the one here, where people end up getting signed up for some crappy $10/mo service with little/no warning of it. But even if it's a legitimately free one-month trial, which they then have to cancel, it still seems shady with most of the services: they're generally products nobody sane would actually pay for, so it's very transparent that the entire point is hoping that some people will forget to cancel, i.e. trick people into accidentally paying for something that they wouldn't have actually bought.

Maybe free trials for products that someone might plausibly actually buy of their own free will would be acceptable, but I rarely see that in these flash-game types of things. It also still seems out of place as part of game mechanics: just asking people outright to buy your virtual gold is more honest than these roundabout ways of tricking them into paying for your virtual gold.

I love the way they call it "monetizing"

[Bob_Who]

...not so long ago we called it Pimping, Prostitution and Pandering. Its that familiar stench of a french whore house and television network. Venereal "infectious" media and other social networking diseases are spreading like swine flu over every exploitable piece of social media channeled to the consumerist public. Social Networking today replaces the "soap opera" of the last generation. Only now, we're not just watching the soap while folding laundry - instead we are the soap opera, on Facebook. Now, while we're at work, we can't watch "The Hung and The Breastless" but we can kill a fifteen minute break on Myspace - and bingo! that's where they get busy with that ad budget. But the advertising is over the top on tv with hours of infomercials on half of the pay cable and satellite channels we pay to view. And the internet and social networking are going to get even worse than that. The fact is that squeezing the consumer wallet with annoying ads and phishing scams and products like enzyte is the only "monetizing" opportunity in this mass media slut fest. The fatal flaw is that "they" are diluting the effectiveness of advertising because there is too much of it, and we all resent it. And we're broke. Identity theft is the only career opportunity that's left for RONCO and Chia Pet moguls, because nobody is buying their crap. They can data mine us to death, it won't matter if we are all jobless because this is our only revenue stream. Can't we pay people to actually do something besides "slice and dice" the public in nice bite sized nuggets? Would you like the honey or mustard dipping sauce with your culture today?

Re:Rightfully disallowed?

[Trepidity]

I think a lot of those are scams too. I've twice been subscribed, without my consent, to junk like that, one a cell-phone dating thing (these doods [fonmatch.com]), and one some ring-tones. I finally got Sprint to lock my account so no subscriptions can be added without me explicitly calling up Sprint to request they authorize it---which should be the default.

Re:been happening forever in other forms

[TheRaven64]

The language is irrelevant. Isolating programs from each other and resources is the job of the operating system. You can argue that operating systems should be formally verified, but if an operating system is dependent on properties of the source language for protection then it is fundamentally flawed, because attackers will just use a different language. If you add a VM, like Java does, then you're just adding another layer of complexity which can contain exploits and you need to formally verify the VM as well as the OS...