Scams and Social Gaming 95
TechCrunch is running a story about the prevalence of scams and shady monetization techniques in popular social games on Facebook and MySpace. As an alternative to buying in-game currency with real money, many games make use of lead-generation offers — letting players sign up for a trial service or take a survey in exchange for the currency. The system is rife with scams, and many game developers turn a blind eye to them, much to the detriment of the players and the legitimate advertisers — not to mention the games that rightly disallow these offers and fall behind in profits. The article asserts that Facebook and MySpace themselves are complicit in this, failing to crack down on the abuses they see because they make so much money from advertising for the most popular games.
Rightfully disallowed? (Score:4, Insightful)
Re: (Score:2, Insightful)
In the context of game mechanics I can't think of very many ways in which lead-generation is not trying to scam people.
The most scammy of course is the one here, where people end up getting signed up for some crappy $10/mo service with little/no warning of it. But even if it's a legitimately free one-month trial, which they then have to cancel, it still seems shady with most of the services: they're generally products nobody sane would actually pay for, so it's very transparent that the entire point is hopi
Re: (Score:2)
But even if it's a legitimately free one-month trial, which they then have to cancel, it still seems shady with most of the services: they're generally products nobody sane would actually pay for, so it's very transparent that the entire point is hoping that some people will forget to cancel, i.e. trick people into accidentally paying for something that they wouldn't have actually bought.
Lots of mobile phone operators have those subscription-based ringtone etc services which you pay $19+ a month and they start occasionally sending you random chiptunes. I have no idea why any sane person would like to subscribe for that, but since people know the terms, price and subscribe to it themself it's obviously legal. Providing stupid sounding service isn't illegal, it's just stupidness and ignorance from the people who sign up for it.
Old saying goes "He who asks is not a fool, he who pays is"
Re:Rightfully disallowed? (Score:4, Insightful)
I think a lot of those are scams too. I've twice been subscribed, without my consent, to junk like that, one a cell-phone dating thing (these doods [fonmatch.com]), and one some ring-tones. I finally got Sprint to lock my account so no subscriptions can be added without me explicitly calling up Sprint to request they authorize it---which should be the default.
Re: (Score:2)
I finally got Sprint to lock my account so no subscriptions can be added without me explicitly calling up Sprint to request they authorize it---which should be the default.
I agree 100%. It kills me to see how many scam "services" are predicated on automatically-billed monthly charges to your cell phone. Especially if you have kids, e.g. "cool! I get a free* ringtone just for sending a text to 55555?"
Re: (Score:2)
Re: (Score:2)
It's the same way in Finland too, but they have to write in tv/magazine ads that users are signing up for a subscription service, how much it will cost and how to unsubscribe. However they're run by the large operators have been for years, and I dont have a such a problem with them since users are still clearly told what they're subscribing for. Never the less its still a pretty stupid service.
Re: (Score:2)
In the US, you can register other people for SMS premium service without their consent, and you can do it remotely.
http://privacylog.blogspot.com/ [blogspot.com]
Re: (Score:1, Flamebait)
This just seems like crying from those who don't have other options in their games than to directly pay with money. It's good to offer another options for people.
And so what if they get more back and have more to spend on advertising in turn? It just means their game is more successful (in terms of monetization) than the alternatives.
This has nothing to do with Facebook. There are laws that the lead-generation offers have to follow like showing the terms and price of the offer. If they aren't following them
Ok... so I'm too old to understand (Score:2, Interesting)
Re:Ok... so I'm too old to understand (Score:5, Insightful)
A survey doesn't need to access your personal data, but the developers/publishers of those surveys may want to access your personal data (for whatever reason, nefarious or mundane). I suspect that it's just much more convenient and less labour-intensive for Facebook to have the same policies for personal data disclosure for all apps than to have different types of disclosure for different apps. Even if we assume the technical/programming aspect of it is easy enough, there would need to be a screening process for each individual app to ensure that it actually needs the data it's requesting, or complies with certain conditions, etc. A lot of policing would have to be done, and I'm not sure it's entirely fair to ask Facebook to hire more people to essentially protect its ignorant users from themselves.
As to why people allow this, they just don't see the harm in it. Whether they should see the harm in it or not is a different question altogether, but the fact is that they're just ignorant to the risks. And we're so conditioned with "OK click-throughs" that most people probably click the allow button without even realizing that they're giving permission for the app to access their data.
Re: (Score:1)
Re: (Score:2)
It's difficult to design a system like that well. If you do it badly, then malicious apps will just request the maximum privilege level and users will have been conditioned to granting it so you've gained nothing. If you just make two APIs, then you'll end up with most apps being able to do 99% of what they want with the simpler API, but still need just one extra feature beyond that (a different feature, of course, for each app) and so they'll request the higher privilege.
Take a look at the Java sandbo
Re: (Score:1)
Re: (Score:1)
Even if two APIs are offered, the stupid surveys will *still* use the privileged one with access to your personal information.
Why? Those surveys only exist so that the company that writes them can data-mine your profile. Personally, I don't see a lot of value in knowing what my network of friends is and my relationship status, but apparently there's enough monetary demand for that information that they can stay in business.
Nothing comes for free, ever, in a commercialized environment. There are no home m
Re: (Score:1)
without even realizing that they're giving permission for the app to access their data
And, by default, all their friends' shared data: http://www.facebook.com/home.php#/note.php?note_id=164091843257&ref=mf [facebook.com]
Re: (Score:1)
Re: (Score:2)
Problem is that you don't need to give them your info. All your "friends" who take dumb-ass surveys like "Which Star Wars character are you?" are giving away your info for you.
Which is why I never let any app/quiz/anything have that access.
I know that all my contacts allow the access wily-nilly so their info is already pretty much "out there", and I know that there is nothing on there (including no links to people I don't want to be publicly linked to) I care about being made completely public (so I don't mind my contacts taking part). But I'm old fashioned enough to think that I have no right to give someone access to someone else's information despite the above.
Re: (Score:1)
Re: (Score:2)
Oh, I know that. But even if they give out that access to their information I still don't feel I have the right to grant that access. Maybe one of these days some fool will put something sensitive there - f they do it won't be me that give access to the world at large.
And for my part, I'm paranoid enough not to have anything at all sensitive there. The only thing I have reservations about is the word "friend" linking me and one or two of my acquaintances (friends of friends and wayward family members) that
Re: (Score:1)
And for my part, I'm paranoid enough not to have anything at all sensitive there.
The best strategy of all - Never post anything in a massively public system that you don't want to be public. :-)
Re: (Score:2)
And for my part, I'm paranoid enough not to have anything at all sensitive there.
The best strategy of all - Never post anything in a massively public system that you don't want to be public. :-)
"Not at all sensitive" == "I'm happy for it to be publicly known"
I actually have virtually nothing on there - I use it mainly for IM (as there are more people I know on there than any other system) and small offline messages (as I find email to be less reliable in some cases), and even then I'm careful what I send.
Re: (Score:2)
I started using FB the same reason I created accounts on MySpace and Twitter. Prospective employers want that info, and think that you are behind the times or a Luddite if you don't have it. This was told to my face in a couple interviews I've had.
So, I created a dummy MySpace account that has nothing on it, and only bother logging on to check out bands. My Twitter account has no tweets from me, and it follows a lot of major brands in the industry (IBM, EMC, Microsoft, SOE, Cisco, etc.) FB, I actually u
Re: (Score:2)
Maybe this is a pipe dream, but I'd like to see a social networking website where every object (post, movie, file) was considered an object, and each object had security ACLs, similar to how every filesystem object.
That would never get implemented as it would confuse the hell out of the common denominator. And you can't just ask the common denominator to not mess with it because if it is there they'll click around even if they don't know what it is, and then file an angry support mail asking why the system won't let Aunt Mable see their latest bady pictures.
Re: (Score:2)
They want your friend list. With that they can target advertise them using your info and pictures.
Re: (Score:2)
I just don't get facebook apps. They all need to be given access to my personal data.
Facebook PROTIP:
Just make shit up.
been happening forever in other forms (Score:5, Insightful)
When I was a youth in the 1960's the same kinds of scams were around, just not involving online computer games. Then, they were about subscriptions to get "10 records for $1" or similar. In all cases, they just take advantage of (not to put too fine a point on it) dumb people who don't bother to look into what they're really subscribing to.
If you give your CC or bank numbers to _anyone_ without understanding the transaction, well, a fool and his money are soon parted.
From TFA:
A typical scam: users are offered in game currency in exchange for filling out an IQ survey. Four simple questions are asked. The answers are irrelevant. When the user gets to the last question they are told their results will be text messaged to them. They are asked to enter in their mobile phone number, and are texted a pin code to enter on the quiz. Once they've done that, they've just subscribed to a $9.99/month subscription.
I've always maintained that being careless with one's information online (personal details, phone numbers, CC numbers, addresses) means it's only a matter of time until you get ripped off. Scams have been around forever, probably since humanity invented money. How long does it take for people to wise up? We've had thousands of years now. At some point, I think we have to acknowledge that people do have some responsibility to act in responsible ways, yes, even on Da Interwebs. The way to eliminate this problem is for people to act in their own self interest. If they refuse to do that, maybe we need to say, "hey, we're sorry you got scammed, but YOU chose to give them your CC number / sign up for a $10/month subscription / give away all your personal details. Now you get to experience the consequences of your actions."
Re:been happening forever in other forms (Score:5, Insightful)
(Replying to my own post here) - also, why on earth would anyone let arbitrary scripts run when they don't have any idea what those scripts are doing? Maybe it's different for me; I grew up in the mainframe era, but my philosophy is, "I'll whitelist what *I* say is acceptable to run on my system. Nothing else gets to run."
Websites with 20 different cross site scripts? Sorry, but no thanks - my computer is my computer, not your computer, and unless there's a reason *I* agree with, you don't get to run *your* software on it. It boggles my mind that today's youth operate under the principle of, "Hey, sure! I'll run anything from anywhere without having the foggiest idea what it actually does, and I'll put all my personal details online for scripts to harvest". Maybe it's just a generational culture clash, I'm not sure, but I honestly don't understand the mentality behind their approach, and I suspect they also don't understand the mentality behind mine either.
On the other hand, I'm not the one with my computer in a botnet and having college kegstand photos turn up during job searches.
Re: (Score:2)
"Hey, sure! I'll run anything from anywhere without having the foggiest idea what it actually does, and I'll put all my personal details online for scripts to harvest"
It's the second one of these that is the real problem. Client-side vulnerabilities aside, there isn't much danger in running arbitrary JavaScript because it's sandboxed and your browser doesn't give it access to anything that didn't come from the server (or, with HTML 5, wasn't previously stored locally by scripts from that site). Running untrusted code is fine as long as it's isolated. Giving untrusted code arbitrary access to your data and network connection is a terrible idea.
Re: (Score:2)
Running isolated untrusted code is problematic, because there are always new undiscovered ways for it to become unisolated.
Re: (Score:2)
"Running isolated untrusted code is problematic, because there are always new undiscovered ways for it to become unisolated."
Which in itself should give us pause.
Programming is applied logic. Logic is a rigorously provable formal system. A rigorously provable formal system DOES NOT lose its properties merely through some vague process of exposure to an environment. It can't.
Why the heck do we allow languages to be released which don't have any kind of formal proof of their properties? Isn't that a bit like
Re: (Score:3, Insightful)
Re: (Score:2)
It boggles my mind that today's youth operate under the principle of, "Hey, sure! I'll run anything from anywhere without having the foggiest idea what it actually does, and I'll put all my personal details online for scripts to harvest".
I think you just about summed it up right there. Not just "youth", but consider the total number of people who own computers, then consider the proportion of these people who really know *anything about computers.
Let me demonstrate for you the average person on Facebook:
User: "A survey that will tell me which Muppet Baby I would be if I was a Muppet Baby? Yes, please."
Facebook: "Do you want to allow this application access to your personal information?"
User: "Yes, I do want to find out which Muppet Bab
Re: (Score:1)
Yeah, that doesn't make sense. Since when does giving your phone number to someone constitute agreement to a financial transaction? Be careful, gents! Don't give your digits to that hot girl at the bar. The fine print on her shirt commits you to a 2 year Playboy subscription for $19.97 plus $7.92 delivery!
Re: (Score:2)
Re: (Score:2)
There are a number of services that are or can be activated by being texted a pin and entering it in to a website. Yes, most of the opt-ins are a result of sending an SMS to another number, but that is not the only way for it to happen.
Re:10 for $1 (Score:2)
I signed up for one of these.
I am fairly clever, so I knew the terms. 10 for ($1+S&H) contracted to buy 4 more at regular+S&H.
No big deal.
The truly scary thing is a slew of the Dotters really are doing okay, we're not deciding whether to eat half or a quarter of the Ramen Noodles for that morning. We make a lot of fuss over principles of $5.
So ... I never bothered to cancel the subscription. I actually got more amusement seeing one random CD a month (per the terms) wander into my mailbox. It took th
Re: (Score:2)
Exactly so. And then the persons who make a fuss over $5 happily spend $50+ for one night out at bars, which always isn't really even that nice night out.
Re: (Score:2)
Additionally, in this day and age, all kinds of information that in the past would never have been divulged or even asked for are now a requirement for almost everything, especially on the internet. How often do businesses 'require' you social security
Re: (Score:2)
A typical scam: users are offered in game currency in exchange for filling out an IQ survey. Four simple questions are asked. The answers are irrelevant. When the user gets to the last question they are told their results will be text messaged to them. They are asked to enter in their mobile phone number, and are texted a pin code to enter on the quiz. Once they've done that, they've just subscribed to a $9.99/month subscription.
- isn't this the best IQ test ever? If you get fooled and start paying the fee, you lose the test.
Well, DUH! (Score:2)
TANSTAAFL [wikipedia.org]
P.T. Barnum was very much the optimist when he observed "There's a sucker born every minute." -- it has to be a couple dozen of them, at least. Until/unless Facebook and MySpace are held accountable for their lack of ethics and accountability for what they allow on their sites, users are going to get hosed -- which is just ONE of the reasons I refuse to join either of those over-hyped operations.
ya no wut sounds nice: gov regs (Score:1)
This is news? (Score:3, Insightful)
Facebook has but one agenda.... (Score:5, Insightful)
Re: (Score:2)
Why is FarmVille fun? (Score:2)
Why are FarmVille etc. even enjoyable? I can't see what would make someone so enthralled in planting virtual seeds as to abandon common sense (not to mention waste time) giving away their personal information online.
Re: (Score:3, Interesting)
Why is getting high or gambling enjoyable? These are all addictions of some sort, they can't be explained purely by giving an account of perceived entertainment value versus other perceived life values.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
... says the guy posting on ./
Re: (Score:2)
And why should they if they enjoy that? Why they should do something for their whole life that they don't enjoy?
Re: (Score:1)
Re: (Score:2)
The human brain is wired to experience pleasure when you learn or become better at a task, but isn't as well wired to discriminate on the usefulness of the task or knowledge(since it can be hard to know "usefullness" beforehand).
Since people like to feel good and the brain will reward them regardless, they find it is easiest to become good at something trivial than something hard.
I can't really look down on farmville players too much, as I've wasted entire nights on tvtropes.org
Re:Why is FarmVille fun? (Score:4, Insightful)
I play Farmville, and don't buy any in-game cash, just work the available free mechanisms. I spend about twenty minutes once or twice a day.
First, I find it relaxing to just click away on my farm. In-game, a small amount of simple effort has tangible results (coins, not the cash they're selling) that I can convert to improving my farm, which leads to...
Second, there's a nice lego aspect of it, where building up coins lets you buy trees and buildings and decorations, so you can arrange your farm. The loading screen is a snapshot of someone's farm, and some people do quite impressive things, like making a farm-sized pumpkin out of coloured hay bales.
The first aspect is the basic mechanism of all games (effort->reward->advancement), and it works fine in Farmville. The second aspect is an explicit bonus, a sandbox part of gameplay that provides more reason to enjoy the game. I'll get bored of it sooner or later and stop playing, but I don't see Farmville as being a more profound waste of time than earning points in Battlefield 2142 so I can unlock the Ganz heavy machine gun.
As for giving away my personal information, I have nothing on my Facebook profile that I wouldn't share with a stranger at a party, so I don't care if it goes in a database somewhere. Zynga gets the my public profile (which is all I put on Facebook anyway), and that seems a low price to pay for some relaxing gameplay.
Re: (Score:2)
That seems like a reasonable attitude towards a game, especially if its not a competitive game, its a just a time wasting affirmation of Skinner's theories on reinforcement and yes you are operating at about the same level as a pigeon.
Me personally I simply will never play a competitive game like Evony where some players gain competitive advantage either by pouring cash in to the game, or falling for scams. If a competitive game developer doesn't make a reasonable effort to maintain a level playing field t
Re: (Score:2)
yes you are operating at about the same level as a pigeon.
That's exactly why it's relaxing :)
I half agree with you about competitive games and allowing players to pour money in to make them more competitive. Where that's a screw job for the non-paying players is the speed of advancement. But where it's not a screw-job is if you play just to play. I bought Battlefield 2142 for $10 of EA's download site, and have been enjoying the hell out of it without worrying about advancing; moreover, I've become aware
Why I feel no guilt for stealing megacorps money (Score:2)
Corporations are assholes. Thieves. Degenerates. Scammers. (Yes even the so-called good ones occasionally scam the citizens. See amazon and the erased Kindles.) I've reached the conclusion that as of this year 2009, individuals may still be good (they have morals), and single-owner companies might still be good (again, constrained by morality), but corporations absolutely can not be trusted.
Corporations are almost as bad as governments.
Microtransactions and casual, social gaming (Score:1)
Over the last few months, I have heard a lot about what is causing microtransaction games such a hard time and what is preventing them from being profitable; either through the lack of a solid microtransaction method, such as with mobile app based games to things like this where it is scammers that are affecting the market. My experiences playing Evony pointed out something to me. In order for a microtransaction game to succeed, it has to have #1) enjoyable game play regardless of whether someone chooses
Time will help (Score:4, Insightful)
So I asked in the nicest way possible "Did you think the people writing those quizzes were volunteers or worked for some kind of charity? What would you think if this stuff showed up in your inbox? Would you click on it?". Her reply was amazing. She TRUSTED facebook!
How is this even news? It's news because it's a new medium and people seem to need to learn all the old rules over again. There would be zero story here if these quiz offers and games were showing up in people's snail mail boxes. Just recently we've all gotten bored and thoroughly "experienced" with the same phenomenon arriving via email (w1n F1Fty d0llar$! Click here!). I don't know why people need to learn the same lessons over and over again, but they will, and then stories like this will be as dull and "back page" as stories about the mailman bringing junkmail, or nigerians wanting help in your inbox. Kind of sad but I guess that's (most) humans and there's not much to be done about it.
Re: (Score:2)
Re: (Score:2)
So I asked in the nicest way possible "Did you think the people writing those quizzes were volunteers or worked for some kind of charity? What would you think if this stuff showed up in your inbox? Would you click on it?". Her reply was amazing. She TRUSTED facebook!
How is this even news? It's news because it's a new medium and people seem to need to learn all the old rules over again.
Facebook is a walled garden. That's why people trust it.
The old rules wouldn't have to apply if Facebook said "We frown upon your shenanigans. Fix it or get bant."
Re: (Score:2)
I love the way they call it "monetizing" (Score:3, Insightful)
Google Wave....... (Score:2)
So, I wonder what this kinda stuff will look like on Google wave. I haven't received my invite yet, but I've watched their 80min video and been following several discussions about it. It seems like anyone can add anyone to a wave, so all it will take is a robot to add everyone on a server to a spam/phishing/scam wave. I wonder if you can just leave the wave? New technologies can have interesting new exploits. I don't remember Google ever addressing spam or other forms of abuse in the presentation.
Re: (Score:2)
This is no different from the trialpay and free (Score:2)
offers that give you things for signing up for trial offers or applying for credit cards, etc.
A lot of software companies use trialpay for buying the full version of Anti-virus programs or other software. Trialpay asks the user to sign up for trial offers or apply for credit cards or buy things in order to get the software for free.
When this thing first appeared it was iPods and Mac Books for free for completing a list of offers that would have been more than the iPod or Mac Book would cost.
Facebook and MyS
Re: (Score:2)
Maybe FB and Myspace need to move to a different business model, perhaps something up front.
Here is something I'd like to see. A social network that would cost up front something a month. I pay $3 a month to last.fm just so I don't have to bother with ads, so perhaps something around that. A small fee also will slow down spammers who create dummy accounts, because they either have to cough up cash, or start committing credit card fraud in order to continue.
Then, a chunk of the incoming revenue is given t
Re: (Score:2)
If FB and MySpace go to pay only, they will lose a lot of customers. The Internet is supposed to be free to access, and optional to pay.
I can get rid of every Facebook or MySpace ad by using Firefox and Adblock Plus. I don't have to pay to get rid of them.
Spammers will use throw away gift cards that work as a credit card to create the "dummy" accounts to spam people with. You can buy those at Walgreens or almost any other store. $1.99 to charge it up, and then $X for how much you want to put on the Credit C
Other examples (Score:1)
> The article asserts that Facebook and MySpace themselves are complicit in this,
> failing to crack down on the abuses they see because they make so much money from
> advertising for the most popular games.
I don't know about this case but I can give information on something quite similar in a very different field.
In Nl there's a website for 2nd hand stuff (that's how it started out anyway) called marktplaats. New stuff is also sold, and there's even a section on meeting people, finding people you lo
Have you ever... (Score:1)
Increasing sophistication in MMO scams (Score:3, Informative)
As an MMO player, I've seen a dramatic rise in the frequency and sophistication of tricks designed to get access to players' accounts over the last few years.
As a bit of background for those who don't play these games; even though most games technically forbid it, the trade of in-game currency for real-life money is big business. A quick look around a few of the well-known sites that are used for this purpose show that, for example, 1,000 World of Warcraft gold will sell for around $10.
Now, those selling the in-game currency need to obtain it from somewhere to sell it. Traditionally, they've obtained their money via "legitimate" means, usually a sweat shop full of part-time students working shifts to keep characters earning money through fairly mechanical processes 24/7/365. I say this is legitimate, but this is only true in so far as it does not violate any game mechanics; it can have a fairly crippling effect on a game's economy and can make life much worse for genuine players. In some cases, this was augmented by 3rd-party automation software (usually called bots) which took away the requirement to have somebody at each keyboard and allowed one person to supervise a dozen or so clients.
However, in recent times, many of those involved in the in-game currency trade have decided to cut out this part of their operations. Rather than earning the cash on their own characters, they rather steal it from the accounts of other players, by gaining access to their account and stripping it bare. This has the twin benefits of not requiring anything like the human effort that earning the money directly via in-game means has and of not driving inflation (reducing the real-world value of the game's currency - unless the game's operator has a policy of refunding stolen currency).
Now, back when this first started to appear, I was still playing Final Fantasy XI, a game whose highly sophisticated and relatively unrestrained in-game economy rendered it highly vulnerable to the advances of real-currency traders (WoW, by comparison, has a pretty basic economy where players never really need much gold to get by, rendering it less fertile ground). Back then, there were three basic ways to lose your account. The first was greed; you sign up for a scam power-levelling service, or a currency trade website that requires you to register your account details. Surprise, surprise, the nice people offering this wonderful service really just empty out your account. Obviously, only the truly atupid are going to fall for something like this (though I can name one or two who did).
The second method relied on fear; you'd get an official looking e-mail, purporting to be from Square-Enix (or Blizzard - this still happens in WoW), claiming that your account was believed to be inactive/in violation or something and you needed to reply to them, stating all of your account details, to prevent it from being locked. Again, fairly basic stuff, though with a convincing enoug e-mail, you will probably always get a few suckers.
The third was pure bad-luck and not really relevant to the currency trade. I remember two FFXI players who broke up with their real-life partners and forgot that said partner had their login details - which they promptly used to trash their account.
However, just as I was making the transition from FFXI to WoW (about 2.5 years ago), more sophisticated attacks started showing up. These generally revolve around the use of keyloggers, to caputre the player's login details. The really big one that I remember, which hit a lot of FFXI players I knew at the time, involved allakhazam - a previously legitimate community site - which accidentally carried a number of malware-laden banner ads. By all accounts, the creeps behind it harvested logins for a few weeks, then struck quickly at as many accounts as they could before people wised up.
Over in World of Warcraft, the situation is even worse, largely due to the requirement that anybody who wants to play in any kind of vaguely serious raid requires 3r
games on facebook too annoying.... (Score:1)