Game Publishers Using Stealth P2P Clients

An anonymous reader writes "TorrentFreak has shed some light on the dark practice of installing stealth-mode P2P clients during game downloads and using unsuspecting gamers' PCs as 'bandwidth slaves.' The clients operate in the background and largely go unnoticed until problems arise that are caused by overactive uploading/seeding. While the Akamai NetSession Interface and Pando Media Booster are specifically called out, there appear to be other offenders as indicated in the comments left by TorrentFreak readers. A publisher called Solid State Networks is putting out a call for an industry-wide 'best practices' effort to promote transparency, control and privacy on behalf of gamers who are otherwise being abused for their bandwidth without their consent."

Re:Blizzard

[Anonymous Coward]

No they are upfront about it and you can easily disable it.

Re:Blizzard

[LostCluster]

TWIT and Revision3 both started their podcasting empire by using torrents... but both moved to traditional downloads when sponsors wanted an accuate count of viewers.

Not very stealthy

[Zan Lynx]

I reinstalled Dungeons and Dragons Online recently. The installer uses Pando. However, it wasn't very sneaky about it. It was in the install at some point.

It would have been nice if it had uninstalled itself after the several gigabyte download or if the installer had explained more about the consequences of leaving it installed. The information about Pando was easily available to me via a web search. Pando uninstalled without any problems from the Windows control panel.

I wouldn't worry about it fairly polite software like Pando too much. The kind of people who install everything without reading the dialog boxes or doing any research are going to end up with their computer stuffed full of malware in any case.

Re:Blizzard

[MareLooke]

And most importantly, Blizzard allows you to turn it off without hassle at all,

Re:Blizzard

[jgeiger]

Blizzard lets you know but they have a very bad habit of using 100% of your upstream bandwidth which ends up slowing your download since you can't acknowledge all the incoming data fast enough. It may have gotten better but they still need to limit it to 90% or something.

Media Streaming Too

[AganLex]

Just a heads up, but media streaming is also heading this way. The "OctoStream" plugin for streaming video (Major League Gaming stream, etc) is also a P2P streamer.

Re:Can we name names here?

[causality]

OK, I know that Blizzard uses BitTorrent, but they're fairly upfront about it.

Someone else has mentioned Dungeons and Dragons Online, but they again mention it.

I know for a fact that the Final Fantasy XIV Beta uses P2P but makes no mention of it (thanks, firewall!), but thanks to the NDA, I can't tell you about that. Or I could post AC.

So can we name names and make a list of companies that mislead customers about P2P and waste their bandwidth? We can start with:

SQUARE ENIX: Final Fantasy XIV (no indication)

Of course this wouldn't work for an MMORPG that inherently requires network access. In my case, the few Windows games I play are single-player and run well under WINE on my Linux machine. I don't trust them in the slightest. I'll detail some of the measures I take:

• I run Wine as a separate user account that isn't ever used for anything else.
• I use iptables (with --match owner) to prevent that account from having any sort of network access. It cannot even ping google.com.
• For several others reasons I use a PaX/Grsecurity kernel. It has an option that prevents normal users from seeing any processes except their own, which I use.

That last one was handy back when I played WoW since the need for some network access meant I couldn't fully use the second security measure. The WoW client has a piece of spyware intended as an anti-cheating device. It takes a list of all running processes on the computer as an attempt at detecting common cheat programs, like those that enable unauthorized automation of gameplay. It reports these results back to Blizzard.

With that feature of PaX/Grsecurity, that WoW client would only see itself and a few WINE-related processes (like wineserver and winedevice). On a more standard Linux system, any process belonging to any user can view every processes belonging to every user (as you can verify with the 'ps' command). I consider cheating to be Blizzard's problem. I didn't consider the processes I choose to run to be Blizzard's business, though I'm willing to reconsider if they ever give me a user account on their servers and let me see what I can see.

It's surprising in some ways and utterly unsurprising in others when I consider how much more control I have over these things with WINE and Linux than anyone running these games under real Windows. More than that, I have a much greater assurance that my control won't be undermined because at no point am I having to trust the good intentions of Blizzard or any other game company. Instead, I deny them everything and then allow them the few things I decide they have a legitimate need to do. This is how it should be. If that were the norm there would be no "stealth p2p clients".

Re:This is the end of unlimited unmetered bandwidt

[mariushm]

The average price of 1 GB of transferred data on CDN's is 10-15 cents. I'd be surprised if they don't get 10 cents from advertising by the time people do 1 GB worth of downloads. IMHO the companies are just abusing the people's bandwidth without caring about the consequences.

And just fyi, I can buy today a dedicated server with a 1gbps unmetered connection (guaranteed and tested) for about 600$ a month. That's 0.18 CENTS per GB of transferred data.

Re:Theft of service

[Anonymous Coward]

Because you agreed to it in the TOS...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Can we name names here?

[hldn]

huh? when you run the updater for FFxiv it clearly shows your download AND upload speed in the panel. if that isn't obvious, i don't know what is.

Re:Network Meter gadget

[Anonymous Coward]

And if you're on OS X, you should get Little Snitch [obdev.at] and Menu Meters [ragingmenace.com]!

Re:Can we name names here?

[blueg3]

On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful

Or manually port forwarding, as described on the Beat site.

it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason.

Nonsense, I've killed it or had it crash multiple times while in progress. Still works fine. That's why, as with any BitTorrent client, it re-hashes the pieces it has downloaded and throws out any corrupt ones when it starts.

as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS

So, you didn't have UPnP or port forwarding set up, and it didn't work. That's not surprising.

The client is lacking any upstream limiting features

Any competent publisher that values its customers (so maybe all two of them)

So, in your opinion, rather than in practice.