AMD Accidentally Leaks 1.7 Million DiRT 3 Keys

An anonymous reader writes "The free game with every graphics card deal has finally backfired for AMD and Codemasters. Due to a lack of .htaccess, 1.7 million keys for a free copy of DiRT 3 on Steam have been leaked. No word from AMD or Codemasters yet, but I'm sure Valve will block all the codes on Steam soon. One question that remains: if you used one of the codes, will Steam ban your account? There could be a few very unhappy gamers later today if that happens." The exact number of keys is in question — reports range from 250,000 to 3 million — but AMD confirmed that a leak did occur.

What about legit keys?

[djsmiley]

What about people with legal keys..... I hope I don't miss out on using this.

I'll likely give the key away as I'm a Linux user and don't care about the Dirt game either, but it'll be a shame if everyone misses out now because of this?

Re:

[delinear]

I thought the same thing - I can't imagine Valve would ban users if there is any risk of banning legitimate users, that would be opening them up to a huge backlash from users. More likely they'll just void the keys and Codemasters/AMD will have to set up a different scheme to compensate the legitimate purchasers.

Re:

[TubeSteak]

What about people with legal keys..... I hope I don't miss out on using this.

With 1.7 million keys, I'm guessing some semi-intelligent hacker can reverse engineer Dirt 3's key generator.
Soon there will be legal keys for everyone.

Re:

[WNight]

Perhaps, but if they generate them cryptographically (hash random strings to generate more-random keys) there won't be a practical way.

It's (usually) not like it used to be where the keys were just a pattern thing, now your specific key is looked up and if it's not there it doesn't let you in.

Re:

[Ark42]

It might be theoretically somewhat possible, if the keys are just random number indexes into a database (requiring an online check) and you have 1.7 million in order, maybe you can figure out the seed and formula for the pseudo-random number generator used. With the right information (which may be much more than 1.7 million sequential numbers) I know it's eventually possible to predict the output of a pseudo-random number generator. Although a single reset of the seed number (re-calling srand() with some ra

Steam policy on account bans

[headLITE]

https://support.steampowered.com/kb_article.php?ref=5406-WFZC-5519

There is a Zero-Tolerance policy for any violations of the Steam Subscriber Agreement and Online Code of Conduct. All accounts in a user's possession for any of the following activities will be suspended:
Piracy or Hacking

This includes using an unauthorized ("hacked") Steam client to access Steam, attempting to register fake CD Keys or attempting to register a CD Key which has been published on the internet.

Re:

[Stellian]

...attempting to register a CD Key which has been published on the internet.

The question is, did the leaked keyset also contained legitimate keys that were distributed with games ? Maybe a mix of:
- keys yet unused
- keys printed on CDs not yet sold
- keys that already in the hands of customers

If that's the case, not only Valve can't penalize those accounts - they need to actually support online game play as advertised, at the very least for keys in the last category, if they can sort them out.

I don't care if it's free, and I don't care if the publisher leaked my key: the bundling of

Re:

[Anonymous Coward]

The leak was full of legitimate keys, and also included the IDs that were sold with the hardware.

The text files were simple rows of Dirt 3 Keys, Hardware IDs, and database identifiers.
If you wanted, it was simple enough to copy a hardware ID instead of a Dirt 3 key, paste that ID into the amd4u promotion, and receive the appropriate Dirt 3 key in your inbox from AMD themselves.

If someone did that, there'd be absolutely no way of distinguishing them from a legitimate customer that owned the product, since th

Re:

[jandrese]

They could also revoke everyone using the key on a machine with an nVidia graphics card (or Intel).

Re:

[adam.dorsey]

Because no one plays their Steam game on two different machines, perhaps a PC (with the AMD graphics card) and a laptop (with a different graphics card).

Re:

[idontgno]

Because, you know, no one would every buy an AMD video card for one machine but install the game on another machine, one with an nVidia card.

Unless, of course, there's some secret codicil to the license of the "free" version of the game restricting it to use with an AMD product... which would be so blatantly improper product tying that even Microsoft would facepalm.

Re:

[nedlohs]

The EU is a country?

Man, things just keep changing...

Re:

[mr_lizard13]

Indeed you are right sir. The game was included in the purchase price, regardless of it being marketed as 'free'.

Re:

[wmbetts]

That won't stop people from crying, because they had to take 5 minutes out of their day to scan something. They'll also bitch about not having a scanner, digital camera, cell phone with a camera, or knowing anyone with any of those things to prove it.

Re:

[Anonymous Coward]

Why should people have to pay for others mistakes? Why should people have to take those "5 minutes out of their day to scan something", in order to correct a situation they weren't involved with? It's insane to think the customers have to "foot the bill", so to speak, to clean up after AMD's fuck up.

Re:

[Joce640k]

Why should people have to take those "5 minutes out of their day to scan something"

Because they're adults?

Re:

[nedlohs]

It's a video game, chances are a bunch of them are not adults.

Re:

[WNight]

Awesome business strategy. Sell something broken and complain about the childish customers who aren't willing to fix it.

They have an obligation to provide what they said they'd provide. A game isn't anything like "a bunch of hoops involving UPC codes, photos, and ID, then, maybe, a game".

Re:

[Anonymus]

And as adults they are beholden to fixing AMD's fuck up?

Re:

[Golddess]

Why should people have to take those "5 minutes out of their day to scan something"

Because they're adults?

Ok. So why can't the same be said of AMD? Do adults not run that company?

Re:

[spire3661]

Welcome to the real world, where you often have to fix others injustices towards you. Its life, get used to it.

Re:

[delinear]

Sure they will complain that it's effort on their part when it wasn't their fault, that's what people do, but they're far less likely to dump Steam as their distribution system which is ultimately what Valve care about. Compared to banning someone's account outright it's the obvious solution (well, unless AMD/Codemasters are prepared to foot the bill and right off the losses - can't see that happening any time soon).

Re:

[delinear]

Invoices etc. are only the easy way to provide proof of purchase, they're not the only ways. If you paid by card you can maybe show them your bank/credit card statement. If all else fails maybe you send them a photo of you at home holding the product or they telephone you and ask some details from the disk/card (okay this could be faked if you know someone else with the product, but it's still going to limit abuse to the friends of legitimate users).

Re:

[Shoe Puppet]

Imagine I paid in cash and threw away the disc as I want to be bothered by as little physical stuff as possible.

Re:

[tomknight]

Best throw away your PC too then.

Re:

[Shoe Puppet]

That's bullshit. Without the PC, I can't use the PC. Without the media, I can still use the game.

Re:

[Kreigaffe]

They'll have you actually read a number off the video card you purchased.

It's much more simple than you seem to think it is -- there's little chance someone's going to throw out their brand new video card.

Re:

[spire3661]

Logic fail. If you wanted to be bothered with physical stuff as little as possible you wouldnt be carrying cash.

Re:

[delinear]

Exactly, in that case you've trusted yourself entirely to a technology that's proven to fall down at the human level in the past. What's that saying about a fool and his money? I mean, for that matter, what would have happened if the disk was destroyed in a fire in his home before he'd had chance to register it to his account? The insurance probably wouldn't cover it without some proof that the purchase actually took place. It's not fair that customers have to take such steps when the technology should be t

Re:

[WNight]

And your prickish attitude is why I crack everything I buy. It's bad enough shelling out $60 for a buggy product, but to jump through a bunch of hoops to have some monkey tell me it's defective by design is unbearable.

I bought a Blizzard game (WC2 era) and it wouldn't run because I had a CD burner. I emailed Blizzard and asked for a workaround - they suggested I buy a new CD drive (then $80 or more). I suggested a crack, they told me it'd be illegal, I told them knowingly selling a defective product was ill

Re:

[X0563511]

I'm not sure where "throwing out the physical media" comes into this. My point was you would be stupid to do so, saving only the key, and if you did so and it burned you, then it's your own fault.

DRM doesn't come into this at all, since you wouldn't have kept a backup copy to begin with. Unless you refer to the digital copy you might keep, which I do have to say... if you can't keep the digital copy, keep the physical one PRECISELY because you can't! If you have your digital copy, then really what's the pro

Re:Steam policy on account bans

[DrXym]

You open a support ticket, show proof of purchase and a picture of the media/CD key or whatever they require, and they reallocate the proper CD key back to your account. No biggie.

No biggie? Legit customers would be treated by default as pirates unless they supplied proof of purchase, and until they did that could risk everything from their account being locked to being perma banned.

A correct and more sensible option would be for AMD to supply Steam with a list of email addresses of users who registered. Probably 90% of those are using the same email address on Steam and can be eliminated. Then you audit the hardware of the remainder through Steam (and it's already capable of this) and see who is running AMD hardware that the promotion applied to eliminate them too. Then you look for the date that the exploit got into the wild (probably obvious from a graph of # registrations per day) and you eliminate all of them before that date. Finally you're probably looking at a small % of legit owners to track down. You might then mailshot every game owner and tell them the game will be disabled in 10 days unless they run it on the proper hardware and then you eliminate people who do that. Finally you mailshot again and warn them to contact customer service with proof of purchase within 30 days or risk a perma ban.

Is it a major screwup by AMD? Yes. But Valve and AMD should make all reasonable efforts to not inconvenience legit users. Only as a last resort should a ban or account freeze should be necessary.

Re:

[scumdamn]

This is a shitty situation for everybody. The people AMD hired to do their fulfillment didn't do proper security so AMD is left trying to figure out how to not screw over people who bought their hardware, Codemasters now has a bunch of people playing their game for free and Valve has a support nightmare. Handling transactions on the web really shouldn't be this hard but apparently it is and you have to do your due diligence when picking an agency to handle data on the web.

Re:

[WNight]

A correct and more sensible option would be [...] email addresses of users who registered [...] audit the hardware of the remainder through Steam (and it's already capable of this) [...] a small % of legit owners to track down [...] mailshot every game owner [...] game will be disabled in 10 days [...] proper hardware [...] mailshot again [...] proof of purchase within 30 days or risk a perma ban.

Oh yeah, that sounds like a simple, non-intrusive, and useful plan. What could go wrong?

At this point they're looking at a PR nightmare. One wrong permaban could keep this in gamer news for months, influencing a lot of purchases.

They should go the other way with it. Say that it's too bad some people have to try to spoil things, etc, but that it's important to not let that happen and as such release the game free to all Steam users who have any AMD GPU or CPU without any further checks. That way absolutely n

Re:

[DrXym]

I didn't say it would be easy, but it would have to be what they do if they don't want to treat their customers as pirates. I'd note that requiring all potentially 1 million+ registrants to contact customer service as the GP suggested would likely be MORE work than this way would be. A few largely automated processes would whittle the list of probable pirates down to a fraction.

Re:

[Xest]

What exactly happens when Steam bans your account? Do you lose access to every game you've ever paid for? Do they refund you?

I'd be amazed if it's legal for them to block access to content you've legitimately paid for. Has this been tested thus far?

Re:

[heypete]

My understanding (based off of a friend who had an account banned because he was using various cheats in online multiplayer games on Steam) of the situation is that you can still play games in your account. However, you cannot play on any "Valve Anti-Cheat"-enabled multiplayer server (which is nearly all of them).

I'm not sure if the penalties are different for attempting to pirate things with Steam.

Re:

[RogueyWon]

There are levels of ban. The one you've just described is the "lightest" - basically, you lose the ability to play certain steam games (primarily Valve produced ones) online. This tends to be a response to in-game abuses, such as cheating or general bad behaviour. In other words, stuff that is rude and unpleasant but not, in most jurisdictions, illegal. As a former hardcore online gamer, I am enthusiastically supportive of this bit of the policy.

The use of stolen or leaked keys, or attempts at using a steam

Re:

[spire3661]

Its not your property, its your LICENSES. You dont OWN the game, you license it. Last night a friend gifted me Dead Island. I found the verbage on the gift email quite interesting. "You have been granted a gift SUBSCRIPTION to Dead Island."

Re:

[rwa2]

Meh, doesn't sound like anything of value was lost. I've played Grid and maybe the demo of one of the earlier Dirts, but they're pretty much arcade racers that get boring and monotonous fast. Go play Gran Turismo something, or better yet Live4Speed [lfs.net], those seem to be the only racing games that feel anything remotely similar to driving real cars (at least if you have a wheel & pedals).

I'm still waiting for some sort of retribution from Steam for cashing in on a stash of high-level loot some random Level

Re:

[spire3661]

Jsut shut your pie hole. Dirt was the first GOOD racing game for PC in a LOOONG time. Half the reason i bought consoles in the past was because PCs had shit for driving games. I have Gran Turismo 3-5, they are not that great, especially when you consider Forza.

Re:

[rwa2]

Heh, I won't argue that there's a dearth of driving sims, period. The passenger giving you pointers for speeds to take the next turn in Dirt was a nice touch, but actually controlling the cars felt more like sledding than driving; I'd just as soon be playing tuxracer :-P I bought Grid because it got fairly good reviews and worked with my Logitech G25 wheel (yeah, the PS2 + GT4 I picked up a few years ago was merely an accessory for the wheel), but it still feels more like an arcade racer than a sim.

I'm

Re:Steam policy on account bans

[TheRaven64]

I'd be amazed if it's legal for them to block access to content you've legitimately paid for.

It's perfectly legal. You are not buying anything from Steam. You do not own anything that you pay for on Steam. You are paying for a revokable license, at the sole discretion of Valve. If you confuse this with an actual purchase, then that's your problem.

Re:

[impaledsunset]

Using the words of their lawyers (e.g. the EULAs) is a great way to describe services of that sort to discredit them, but actually buying their words means that they have won. If I had my account blocked, I'd still sue them, until a judge says so - legal my ass.

Re:

[spire3661]

Two hours of any competent lawyers time would cost more then my entire investment in Steam. Have fun tilting at windmills....

Re:Steam policy on account bans

[AmiMoJo]

That's what the EULA says, but consumer protection laws override that. In the UK the Sale of Goods Act requires that goods sold be "as described" and "fit for purpose", i.e. if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.

Contracts can never override your statutory rights, even if you had read and signed it before purchase.

Re:

[GameboyRMH]

That's true in the UK and many other countries but I'm not sure if US law is the same.

Re:

[TheRaven64]

The Sale of Goods Act applies to sales of goods, not rental of services. Before you buy anything from Steam, it makes it clear in the terms and conditions that you are not actually buying anything. With regards to sale of a boxed game, the Act only applies between the seller and the purchaser. Valve is not one of these entities. They can revoke your copy of the game, and the Sale of Goods Act means that you can sue the shop that sold you the box if they refuse to give you a full refund. You will, howev

Re:

[AmiMoJo]

Before you buy anything from Steam, it makes it clear in the terms and conditions that you are not actually buying anything.

No judge would ever accept that. That has been tested in court. Some ringtone sellers were actually signing people up to a monthly service but fell foul of the law.

If companies could get away with that then nothing would ever be sold to anyone, just rented indefinitely.

You are correct in saying that you would get a refund from the shop, who would then be rather upset with their supplier who in turn would be upset with Valve. However you don't have to have the receipt, merely proof that you bought it from th

Re:

[sabt-pestnu]

> if it says free Dirt 3 game on the box you must get a free working copy of Dirt 3 or your money back.

If you got the box for free, your "money back" is "nothing".

If you paid for the box, the cost of the box (relative to the lawsuit required to enforce your rights) is negligible. Although in the UK, you might also have a "loser pays" legal system....

Re:

[AmiMoJo]

Small claims court, £30 to set up, loser pays and you get time off work and travel expenses too. Generally it isn't necessary though, most retailers will honour their legal obligations.

Re:

[Darinbob]

But Steam is first and foremost about DRM. That means you never purchase a game from them and end up owning it, you only rent them for an unspecified duration of time (presumably until they go out of business). Now if the box says "free access to download a DRM restricted game" then it'd be up front and honest, but if it said "free game!" then it'd be lying.

Re:

[Xest]

So how does this work where I bought a game such as Dawn of War II as an actual boxed copy but was forced to activate via Steam?

I do not see how it's my problem to believe that this was an actual purchase. Nor do I think for a second that the courts would disagree in fact.

I suspect that you are wrong, that in at least some cases such as this it is Valve's problem, they're just playing fast and loose with the law whilst they can get away with it.

Re:

[TheRaven64]

In this case, as I said in another post, the Sale of Goods Act would apply, but that defines the relationship between buyer and seller, not between buyer and third party. You would be able to return the game to the shop where you bought it and they would be required to give you a refund. Valve is providing you with a service that you agree to when you install the game. They can withdraw this at any time. The product that you bought requires the provision of the service to be suitable for the purpose for

Re:

[Xest]

Actually, by law, in the UK, the service provider does now have an obligation to unlock the device for you. Companies like Vodafone recognise this so explicitly now that you can ask before your contract is even up for an unlock code.

It's really not as clear cut as you think it is. It's a grey area, and I think it's likely a court would side against Valve. Whether the court would have any power to do anything with Valve being based in the US though is a different story I suppose, though few companies would r

Re:

[TheRaven64]

Actually, by law, in the UK, the service provider does now have an obligation to unlock the device for you.

Yes, because a law was specifically passed in this area. Before this law was passed, they did not have to.

however her daughter contested this in court saying she deserved some

Again, in the UK there are specific laws covering how little you can leave to your surviving relatives. If a will violates these, it can be overturned in it entirety and it acts as if you died intestate. It's completely irrelevant in this case, because you're talking about an area with very specific laws.

Re:

[Xest]

"Again, in the UK there are specific laws covering how little you can leave to your surviving relatives. If a will violates these, it can be overturned in it entirety and it acts as if you died intestate. It's completely irrelevant in this case, because you're talking about an area with very specific laws."

This is completely false, there is no such law, it was entirely based on a judicial decision.

Re:

[TheRaven64]

If it appears to be an actual purchase, and behaves like all other actual purchases, then it is an actual purchase - regardless how Valve would prefer it to be treated.

That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree. Any games 'purchased' over Steam come with text that you agree to before the purchase stating that it is not a purchase. If you don't read this... caveat emptor.

If I didn't purchase the game from Steam or Valve, then they have no say over whether I can play it or not.

That's a more tricky situation, however the text is presented when you first install the game makes it clear that you have not, in fact, purchased the game, and instructs you to return it to the shop if you are not happy with t

Re:

[Xest]

"That big license agreement that you agree to before signing up for Steam and before every Steam purchase would disagree."

That fact EULAs can't trump statutory rights, such as the afformentioned Consumer Protection Act would beg to differ.

Your argument is basically that Valve can come and murder you, as long as they put that you grant them this right in their EULA. Well, no, actually, they can't. The user not reading it would not act as a defence.

"The only agreement that they have with regard to the game is

Re:

[FredFredrickson]

I agree with Xest here, the fact of the matter is Steam uses a shopping cart with the word "buy" all over it. I think the manner with which they're treating these licenses -- consumer protection would probably uphold that this is more like property and less like rental.

Re:

[spire3661]

you can 'buy' licenses......., your argument falls apart after that.

Re:

[FredFredrickson]

Right, my point is that steam uses the word "buy" in their store.

Re:

[Hadlock]

They can VAC ban you, which means you can't play certain games on registered servers (i.e. most of them). VAC bans can be for single games, or account wide. You can still open the game and play them in single player/lan mode. That's the least intrusive way. The most intrusive way is locking your account, which is on par with taking away all your toys and stuffing them down the garbage disposal, because you can't even log in to play your single player games or view your steam friends list. Though you can som

Re:Steam policy on account bans

[Xest]

Hmm, definetely not buying anything from Steam ever again. I've never done anything illegal with it nor do I intend to but the idea that they can arbitrarily steal back from you what you have purchased from them is sickening.

Re:

[trum4n]

Welcome to DRM. It is the ONLY reason i pirate.

Re:

[jtownatpunk.net]

Years ago, I bought a Counterstrike Anthology because my new roommate was addicted and wanted me to play. I bought the physical media and was forced to install the Valve client to activate it. I played maybe 20 hours then forgot about it. Tried to play again a year or two later and my account was locked. Jumped thru the hoops like a good dog (write this code next to the activation code for your game and take a picture of it) and they reactivated my account but never explained why it was shut off in the

Re:

[ZorinLynx]

There's no way to determine the source of a key someone entered.

What if a friend found the keys on the net, and decided to pretend they're gifting the person a copy of Dirt 3? Boom, suspended account, all because someone thought they were receiving a gift.

It's a dumb idea to suspend one's entire account for entering a "stolen" key when the key can simply be revoked and the user told that it was stolen. It's the virtual equivalent of throwing someone in jail because a friend bought a stolen laptop at a flea

Re:'Zero tolerance policy' - i find this funny ...

[Co0Ps]

I got PERMANENTLY banned from the steam forums for simply stating that piracy exists and people pirate games. Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.

Re:'Zero tolerance policy' - i find this funny ...

[GameboyRMH]

Apparently, if you close your ears, hold your hands to you ears and yell LALALALALALA all problems instantly disappear.

I think this also explains how people who are normally anti-DRM see Steam as acceptable.

Re:

[idontgno]

So, if they ban everyone who entered one of the leaked key, they'll ban inncocent, naÃve people.

Which, of course, Valve won't care the slightest about, unless there's some serious PR blowback. All of which will happen well after the fact.

Bans of mass destruction in 5... 4... 3...

Not exactly "AMD leaks"...

[Ecuador]

The keys were on a site kept by a 3rd party fulfillment partner that had really bad security (or really great lack of it if you prefer)...

Re:

[ZeroExistenZ]

Or perhaps they have left out .htaccess on purpose? ;)

"Officer, he left his cardoors open on purpose. I entered just to take his laptop because he was offering it to me."

Wow

[atomicbutterfly]

We've got some real morons working in the security area of the gaming industry.

Re:

[Krneki]

It always amaze me how people know the problem without even looking into the details.

Security costs money and if no one is willing to pay for it, who will deploy it?

Re:

[delinear]

Given the industry's reputation for overworking and underpaying, I can't say I'm that surprised. The real problem is they all seem to get away with it, on the whole customers don't care unless it has a direct negative impact on them, and even then if it's too much effort to go elsewhere they don't seem to care. It seems to be the herd mentality at work, there are so many users/purchasers that everyone thinks it won't be them that gets hurt... right up until it is.

Re:

[mlts]

The gaming industry has been a race to the bottom now for a number of years. We have seen this in the way game releases have been done, where quality essentially has gone from a true release version to quality equal to an early beta, then if you are lucky, get a patch that gets the game to a late state beta in terms of bug fixes and such. If you are unlucky, the game remains unplayable, and a waste of the $70 you plunked down.

I'm not surprised at all about the lack of security. Most businesses provide at

Re:

[scumdamn]

Agency. It's an agency. Look at the whois for AMD4U.com.

Finally backfired?

[PhunkySchtuff]

Why has this "finally backfired" - in what way was this an accident waiting to happen? What was it about the promo that leads the submitter to believe it was set up to fail from the start?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[goose-incarnated]

Wait, what? You're comparing the least-skilled racing (nascar) with the most skilled racing (rally)? Whats wrong with this picture?

Re:

[spire3661]

Dirt 1 brought racing back to the PC, thats why. Any racing 'guy' that plays Nascar is jsut sad. Not only is PC racing popular, but they also have the best setups. Triple screens and very nice steering wheels/pedals

Can't be the first time

[jeti]

When I bought my Radeon HD 5770 something like a year ago, it contained a Steam code for Dirt 2. When I tried to register it, the code had already been used.

Re:

[Ogive17]

When Steam was first in its' infancy, I received a code for a free version of Half-Life 2 due to purchasing a specific vcard. The game was not yet released at the time and Steam never gave me a copy of the game when it did release.

Re:

[spire3661]

I DID get my free copy of HL2. The code came on a card that came with the 9600 pro i bought. I held onto that code for over a year. ( this was during the period where Valve delayed the release for a year.) Worked perfectly on HL2 launch day. It is still listed in my Steam purchase history as "ATI Bundle"

Re:

[zippthorne]

ATI Radeon 9something XT?

I got my free copy. IIRC there was a time limit on the giveaway that started when HL2 was released. I remember not paying close enough attention and almost missing the window. Is that what happened to you?

WTF?

[Megane]

The reason access to all these keys has been granted is due to a lack of .htaccess on AMD’s site.

What's all this stupid talk about .htacess anyway? Those are the kind of files that should not be below a web server's DocumentRoot in the first place. The reason access to all these keys has been grated is because some moron put them in a live area of the web server where they didn't belong.

Re:

[bill_mcgonigle]

That's what happens when you let stories be written by some guy with a $9 web hosting account.

Re:

[Dhalka226]

I don't know what kind of anti-corporate nonsense rant this was supposed to be, but there is nothing unrealistic at all about providing a CD key you've been supplied when given proof of purchase of a graphics card, and certainly nothing unrealistic about securing those keys by not putting them in the fucking web root.

You could whip up a nicely secure front-end for getting a key in less than an hour, easy. How much more complicated it gets beyond that largely depends on how "proof of purchase" is determin

It's a shame...

[peterb]

It's a shame that they didn't leak the keys for a game that someone actually wants to play.

KEygen in 3....2....1

[Lumpy]

That many keys will guarantee a keygen is butt easy to make.

Re:

[flimflammer]

I'm pretty sure when it comes to online activation, all game developers keep their own lists like this which blocks out anything but keys in the list, which makes keygen keys invalid.

Not that keygen writers actually need a list of keys to reverse engineer the key structure. They just analyze the code that checks the key in order to figure out how to generate keys that will validate the installer key check.

Re:

[marcosdumay]

If they use good crypto, it won't help at all.

Not that I expect them to use good crypto. It seems everybody fails to do so, even when all the algorithms and code are freely available for everybody (or maybe the problem is really that the algorithms and code are freely available for everybody, some people simply like to pay for things).

Ban?

[gmerideth]

In the case that x million keys were used, would Steam really ban x million of its own clients and lose all of that ongoing revenue just for AMD?

Re:

[game kid]

AMD is a very open company. It's just that its AMD division can be quite secretive sometimes.

Re:

[c0lo]

AMD is a very open company

Given the 1.7 mils of key that leaked, I tend to agree with you. Except that "AMD is a very cracked company" describes better the situation.

Re:

[GigaplexNZ]

Oh wait, there is no personal replicator? I guess then the analogy is flawed....

I'm pretty sure the keys are single use, so the "it's not stealing because it's only a copy" style argument doesn't work in this case.

Re:

[Z00L00K]

See it this way - the solution is to release a new version with additional features and take the losses for the version with lost keys. And stop further updates to the version with lost keys.

Re:

[VGPowerlord]

As it is now, I am whining, but about their BS deus ex 'bundling' with Gamestop.

The GameStop Deus Ex fiasco involved Square-Enix and OnLive. Valve/Steam had nothing to do with it.

Also, in case you missed it, GameStop owns one of Steam's competitors, Impulse [impulsedriven.com], which was why this whole fiasco between them and OnLive happened in the first place.

Re:

[FredFredrickson]

My big gripe with steam was one day, they were running an amazing deal, but it was for 24 hours only. I spent the entire day getting "declined" messages when trying to charge my credit card. But there was a catch- my card was working fine and had plenty of cash. I looked it up and various people also had the same issue. It appears some accounts that weren't all that active were marked high risk and would decline transactions no matter what credit card was used during the sale. Immediately after the sale, m

Re:

[Stormwatch]

Yeah, I like racing games, but why bother with this... a racing game without music during the races, what the fuck?!