Game Publishers Using Stealth P2P Clients

An anonymous reader writes "TorrentFreak has shed some light on the dark practice of installing stealth-mode P2P clients during game downloads and using unsuspecting gamers' PCs as 'bandwidth slaves.' The clients operate in the background and largely go unnoticed until problems arise that are caused by overactive uploading/seeding. While the Akamai NetSession Interface and Pando Media Booster are specifically called out, there appear to be other offenders as indicated in the comments left by TorrentFreak readers. A publisher called Solid State Networks is putting out a call for an industry-wide 'best practices' effort to promote transparency, control and privacy on behalf of gamers who are otherwise being abused for their bandwidth without their consent."

I can haz?

[KillaGouge]

Hai, I'm in your services stealing your bandwidths?

FAKE!

[spun]

Despite the clever use of the misspelling "Hai", your grammar is obviously much too polished. You, sir, are no LOLcat. Buy your own damned cheeseburger.

Re:FAKE!

[Anonymous Coward]

Yehbutt he has 720 times more feedback points than you, so he wins. Sorry newbie.

Re:

[Anonymous Coward]

I don't think those numbers mean what you think they mean...

Re:

[robot256]

omfg he just insulted a 4-digit UID!! may divine justice rain upon him in the form of embarrassing captions on all his facebook photos!

Re:

[Christof_Deluca]

LOL

Re:

[spun]

Who let their cat moderate this guy offtopic? Look, we know you furry fuckers don't like being laughed at, but if you weren't so goddamn illiterate, we wouldn't do it. Except when you fall off shit and pretend like it didn't happen. Yeah, we saw that. That's why we're laughing.

Re:

[Christof_Deluca]

*bows to your superior UID*

Re:

[sp332]

Australia:
http://broadbandguide.com.au/bigpond [broadbandguide.com.au]
Canada:
http://www.rogers.com/web/Rogers.portal?_nfpb=true&_pageLabel=WLRS_Plans&category=data [rogers.com]

America (wireless):
http://www.verizonwireless.com/b2c/mobilebroadband/?page=plans [verizonwireless.com]
http://www.att.com/shop/wireless/plans/data-plans.jsp?rel=nofollow&wtSlotClick=1-003J13!CISM01-1-1 [att.com]

Re:

[negRo_slim]

Hai, I'm in your services stealing your bandwidths?

Seems that if bandwidth is truly a priority you're likely on a capped plan and likely already have the tools [yahoo.com] or software [google.com] to see what's using what.

Blizzard

[pak9rabid]

Isn't this how Blizzard distributes updates for their games?

Re:Blizzard

[FooAtWFU]

Blizzard doesn't really try to hide it.

Re:

[LostCluster]

TWIT and Revision3 both started their podcasting empire by using torrents... but both moved to traditional downloads when sponsors wanted an accuate count of viewers.

Re:

[negRo_slim]

TWIT and Revision3 both started their podcasting empire by using torrents... but both moved to traditional downloads when sponsors wanted an accuate count of viewers.

Wouldn't some sort of Flash Cookie [ghacks.net] allow to keep track of viewers regardless of method of content dissemination?

Re:

[LostCluster]

Nope, things like TiVo and Roku don't honor such cookies.

Re:

[Anonymous Coward]

No they are upfront about it and you can easily disable it.

Re:Blizzard

[Moridin42]

Last I knew, which was quite some time ago, Blizzard was real explicit about the fact that you were uploading while fetching a patch. Upload speed and bytes transferred provided in the update pane.

Its the companies that don't tell you that you're part of their distribution network, or how much of your bandwidth is being consumed, that this article is against.

Re:Blizzard

[MareLooke]

And most importantly, Blizzard allows you to turn it off without hassle at all,

Re:

[Haffner]

how? While downloading starcraft 2 beta, there was nothing I could find that would let me block uploading. At the time, I could do 300KB down, and ~80KB up. However, I couldn't do both at the same time. As a result, I was doing something like 40/40, and it was taking 7.5X as long as it should have. In the end, I had to resort to installing traffic shapers so that I couldn't upload. It was very disappointing.

Re:

[hitmark]

Sounds like one foobar connection. Or am i overlooking something obvious?

Re:

[EyelessFade]

But unlike the WoW client, SC2 dumps all the torrent files in your install folder. You can therefore use whatever torrent program you find appropriate

Re:

[jgeiger]

Blizzard lets you know but they have a very bad habit of using 100% of your upstream bandwidth which ends up slowing your download since you can't acknowledge all the incoming data fast enough. It may have gotten better but they still need to limit it to 90% or something.

Re:

[Charliemopps]

You have to agree to use the peer to peer thing with WoW. I don't like WoW but played it for about a month, and remember specifically the P2P warning. I think it's a great idea as long as the user knows about it. The one thing none of them have come up with is to have the client CHECK THE LAN! I have a whole family that plays and it's ridiculous to have to patch the same same game on 4 different computers at once. I should be able to have 1 patch and the others transfer the same files over the lan. Instead

Re:

[rtb61]

Just find a patch mirror an agreeable ISP like http://games.on.net/filelist.php?app=178&menu=1 [on.net], not sure how up to date this is I don't WOW.

Mirroring with ISP's is the best solution to limit network costs.

I always thought distributing game servers through the ISP channel with shared income (rather than payment) from game serving for MMOG, allowing alternate sales like the ISP can provide free access to game servers as part of the internet access fee (substantially increase client numbers), would be

Re:

[Trolan]

At least on OSX, this might not be entirely true for Cataclysm. The launcher actually registers itself with Bonjour with a service of _bzdn._tcp, and the usual downloader identifier you'd see in the p2p stats for the pre-Cata downloader. The only reason I can think of to do that, would be to announce on your local LAN that you are a valid source for download data. Might not need to copy a thing between systems if this is true. I'll have to test this on the next patch.

Re:

[Nimey]

Heh, heh. That reminds me: the university I work at has configured their packet-shaper to silently block P2P protocols. This has the unintended side-effect of blocking World of Warcraft from even running, apparently. I'd asked one of our student workers "well, doesn't that just block torrent-distributed updates?"; evidently something else WoW does registers as P2P.

I'm waiting for the riot when all the addicts realize they can't play their game.

Re:

[h4rr4r]

Please name it, so people can avoid that university. Believe it or not useful Internet service is something college students pay for and should receive. It sure would have impacted me downloading all those redhat and SuSe isos.

Re:

[Nimey]

I haven't tried torrenting anything since I learned of this, so it's all second-hand.

Re:

[neokushan]

The last time I had to use Blizzard's updater software, I found that DISABLING P2P actually sped up my overall download speed. It seems that if you're willing to let them use your bandwidth, they're unwilling to supply you with some of theirs. Net result? Doing Blizzard a favour means you get shafted.

Re:

[Ash Vince]

The last time I had to use Blizzard's updater software, I found that DISABLING P2P actually sped up my overall download speed. It seems that if you're willing to let them use your bandwidth, they're unwilling to supply you with some of theirs. Net result? Doing Blizzard a favour means you get shafted.

Someone else posted a description further up the thread of why this happens. It is basically because they take ALL your uploading bandwidth and then the acknowledgment packets your PC sends everytime it recieves a packet successfully cannot get back as quickly. Net result is the server resends the same packet again as it does not think you received it. This all happens at the transport layer.

The best thing to do is limit your upload on all P2P networks to about 60%-80% of your available upload bandwith. Thi

This is the end of unlimited unmetered bandwidth..

[LostCluster]

Data usage costs money. Anybody offering a server with "Unlimited" bandwidth on a web server is lying to you, and the more data transfer a plan allows, the more expensive the hosting gets. Exceed your transfer limit on a server, and expect to pay cell-phone like overage fees.

Right now, this isn't a big deal because what they're stealing from their users doesn't cost the user extra right now... but imagine if the GB they stole from you is the one that puts you over a Comcast-style cap. That would suck big.

The network operators have already been complaining about illegal torrents not just because they're illegal content sharing, but because having people uploading like crazy from the consumer side of their network just isn't what they designed it to handle. Now, what are they going to say when the content is legal, and the user got suckered into agreeing to allow it in a game's TOS?

Re:

[MrEricSir]

But if we're ALL using more bandwidth, shouldn't that bandwidth get cheaper? The laws of supply and demand apply here, do they not?

Re:This is the end of unlimited unmetered bandwidt

[LostCluster]

If we're all using more bandwidth, that's a demand increase, not a supply increase.

Re:

[networkBoy]

thus cost will increase until supply catches up or users learn about firewalls.

Re:

[brainboyz]

You're thinking economies of scale, but as a finite resource increased bandwidth usage = increased demand. Increased demand = increased price.

Re:

[sjames]

Yes, but ISPs are currently busy demanding more and supplying less for it. That's how supply and demand works once regulatory capture sets in.

Re:

[jonbryce]

No. This is a demand increase, and the laws of supply and demand say that price will rise to the point where it becomes attractive for more people to supply bandwidth to the market.

A lot of our current bandwidth comes from cables laid by companies that went bankrupt during the .com bubble, and the current owners got them from the liquidator for much less than it cost to lay them. If we were to increase bandwidth capacity, we would have to pay full price for those cables and that would mean a massive incre

Re:

[mariushm]

The average price of 1 GB of transferred data on CDN's is 10-15 cents. I'd be surprised if they don't get 10 cents from advertising by the time people do 1 GB worth of downloads. IMHO the companies are just abusing the people's bandwidth without caring about the consequences.

And just fyi, I can buy today a dedicated server with a 1gbps unmetered connection (guaranteed and tested) for about 600$ a month. That's 0.18 CENTS per GB of transferred data.

Re:

[LostCluster]

But CDNs and server farms are closer to the backbone providers than your home and office ever will be... and that's where the network planners are expecting content to come from. A $60 Comcast connection that can only handle 250 GB a billing cycle is 24 cents a GB... and that's 1500 times the cost of "doing it right" by paying for your CDN instead of trying to get your users to supply the uploads.

Re:

[mariushm]

I don't get what you're trying to say.

You can't compare the quality bandwidth of a CDN (fast download speed, consistency, multiple points of presence close to users) at 10 cents a GB with an unreliable, poor quality, possibly throttled bandwidth home users who may turn off their computers at any time.

P2P connections are good as addition to good regular connections and good quality bandwidth becomes cheaper and cheaper so p2p in my oppinion should only be used as last measure.

Re:

[LostCluster]

Back to the original story, this games company is installing hidden P2P servers instead of paying a CDN... basically passing a cost they should pay for onto the users, who would rather see it included in the price of the game than forced onto them because their computers don't make good servers.

Re:

[Rockoon]

The real kicker is that the ISP's would rather not have people tricked into P2P sharing either, and they also have a vested interest in seeing the demise of intentional P2P sharing as well.

Bittorrent especially is bad for ISP's because it is designed to fully saturate any endpoint they could dream up. No matter how much they invest in your local connection, bittorrent will saturate it, and by design it doesnt require the senders to have made the same sort of investment that was put into the receiving conn

P2P on Flash

[Ilgaz]

Well, World's most popular video streamer has "P2P" now, in Adobe fashion, you must pay extra money for server upgrades to enable it but it exists in Flash Player 10.1.

http://labs.adobe.com/technologies/stratus/ [adobe.com]

I am sure everyone in industry is testing it in their intranets now as people really went crazy over resolution, they demand at least 720P, no matter what the content is.

Wonder what will they do about it, e.g. if Youtube enables it one day? As youtube isn't exactly piratebay, if you ban it, your cust

Re:

[AmiMoJo]

Mobile broadband for home use is quite popular too. Particularly those with less disposable income like to be on pay-as-you-go so they can simply not top up if they are short that month. Obviously anything which slyly sucks up your bandwidth is a big problem when you buy 1GB chunks of data.

It isn't just hidden P2P though, even Windows Update patches and anti-virus updates can quickly suck up your allowance. There needs to be a system that lets apps know when they are on a pay-per-meg connection and should r

Invert all word meanings on the Internet...

[Anonymous Coward]

Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.

Thank you, Well Known Hero.

[spun]

Pando Media Booster = slows down your internet connection
Norton Antivirus = makes your computer vulnerable to hacking
Trusted Computing = you can't be sure if you have control of your computer
etc.

Your contribution to this discussion is sort of depressing.

Re:

[gagol]

Truth is not always funny to hear... but doublespeak is now the political norm.

Re:

[spun]

Did you miss the title of the Anonymous Coward's post? "Sort of depressing" was as close to the opposite of "Totally hilarious" as I could get.

Not very stealthy

[Zan Lynx]

I reinstalled Dungeons and Dragons Online recently. The installer uses Pando. However, it wasn't very sneaky about it. It was in the install at some point.

It would have been nice if it had uninstalled itself after the several gigabyte download or if the installer had explained more about the consequences of leaving it installed. The information about Pando was easily available to me via a web search. Pando uninstalled without any problems from the Windows control panel.

I wouldn't worry about it fairly polite software like Pando too much. The kind of people who install everything without reading the dialog boxes or doing any research are going to end up with their computer stuffed full of malware in any case.

Also is it that big a deal?

[Sycraft-fu]

As far as I can tell from any game I've seen, it only does it while patching. You download and upload while you get a patch. Any other time it isn't running. So how is that a big deal? All it does is help get patches out faster. Back in the old days of MMOs, patch day sucked. Everything ground to a halt as everyone hit the server at once. Game companies couldn't afford the massive network of servers like Microsoft has. P2P helps solve that. As more people download, more people upload and it stays more even.

Re:

[Anonymous Coward]

For people on metered broadband, yes, it is.

Re:

[Anonymous Coward]

For people who use a school network that permanently bans p2p users, yes.

Re:

[shentino]

Big whoop, if you wanna use the school network, follow the fracking rules.

Re:Not very stealthy

[illumin8]

I reinstalled Dungeons and Dragons Online recently. The installer uses Pando. However, it wasn't very sneaky about it. It was in the install at some point.

The problem is that Turbine, makers of DDO and Lord of the Rings Online, is installing what is essentially the equivalent of adware or spyware without the user's permission. You have to manually uninstall it afterwards, and you are not given a choice whether or not to install it. Would you accept it if a game publisher installed adware toolbars into your browser without your permission?

This automatically puts Turbine on my shit list. I thought they were pretty cool for releasing DDO as a free to play game, but then when I found they installed Pando Media Booster, I uninstalled both Pando and DDO. You don't get to treat your customers like shit and expect us not to uninstall your software and send it to the /dev/null where it belongs.

Re:

[Jaysyn]

This must be a recent thing. I've had DDO installed for over a year but haven't played it in a while. No Pando Media Booster here.

Re:

[PastaLover]

The problem is that Turbine, makers of DDO and Lord of the Rings Online, is installing what is essentially the equivalent of adware or spyware without the user's permission.

How is it "the equivalent of adware of spyware"? What does that even mean?

I encountered Pando installing League of Legends. The installer explained quite clearly what it was, what it was for and under what circumstances it would be running. It's also not configured to run on startup/login, only when you run the game and there's a patch to download. That's not very sneaky, and hardly in the realm of spy/adware. It seems more like a commercial version of blizzard's roll-your-own downloader.

Re:

[kalirion]

Same. I was considering trying DDO or LOTRO at some point. No longer.

Re:

[nedlohs]

But not everyone is technically savy, some people just want to play some games.

I was getting really lagged during the Ruse open beta (and in that beta lag was a big deal since small amounts of it screwed up the game completely, it seemed anyway). When I checked the traffic counts I saw I was uploading a lot more than I should be. Found the culprit and some web searches and time wasting revealed it was installed by that stupid DDO game I had installed the week before and promptly decided sucked.

I though I di

Web games

[Mad Merlin]

Now that's definitely an advantage of web games like Game! [wittyrpg.com], there's no client to download in the first place!

Don't you dare steal our games...

[Red_Chaos1]

...but don't mind us as we steal your bandwidth. Oh but we *did* get your explicit permission. It was buried in that wall of text you agreed to that we could.

Re:

[Anonymous Coward]

You mean that wall of text that you tried to write to my temp directory? The one that has a "read only" file named EULA.txt that says "While under normal circumstances installing this software would require all your base to belong to us, under these circumstances we're happy to say that all OUR base are belong to YOU"?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[FauxReal]

Oh it's not "poorly crafted legalese" it's specifically written to numb your mind and leverage everything they need to ensure the make as much money as possible. The customer is always right, unless money is involved.

Connections doesn't reset while updating WoW?

[Ilgaz]

I see Blizzard uses basic bittorrent, a really old client code licensed which doesn't have any kind of encyription/security features.

So, if you are customer of an evil ISP which does packet inspection and shameless enough to conspire your connection with RSET, what happens when you update WoW and try to browse web same time?

As a side note, for OS X admins who may have heart attack, one of Akamai "P2P" frameworks on OS X is actually named "RSPlug". It is not the RSPlugin virus. Guess what it comes with? 2nd

Fun stuff?

[Mashiki]

Okay sure. Well how about most places where you're on a capped bandwidth limit? Wonder what would happen if people started sending bills to the company who's sucking up all their bandwidth. It's sure not exactly cheap, some places have no cap on the amount they can charge you, and others cap at a max of $50/mo.

And no, ELUA's, walls of text, and so on are not binding everywhere. And where they are binding, many places require them to be plain declarations of intent(so people can understand them).

Re:

[h4rr4r]

Most places?
Were exactly is this most places you speak of?

I have lived in multiple nations on two continents and never have I run into this "Most Places" where I had capped bandwidth.

Re:

[sp332]

Canada:
http://www.rogers.com/web/Rogers.portal?_nfpb=true&_pageLabel=WLRS_Plans&category=data [rogers.com]
Australia:
http://broadbandguide.com.au/bigpond [broadbandguide.com.au]

America (wireless):
http://www.verizonwireless.com/b2c/mobilebroadband/?page=plans [verizonwireless.com]
http://www.att.com/shop/wireless/plans/data-plans.jsp?rel=nofollow&wtSlotClick=1-003J13!CISM01-1-1 [att.com]

I knew these off the top of my head. You've never heard of these plans?

Re:

[AK Marc]

It's difficult to buy an uncapped plan in Australia or New Zealand.

Re:

[Mashiki]

Canada, parts of the US, various parts of Europe. Australia, NZ, former soviet satellite states, most of Russia. Pretty much anywhere that isn't Japan or S.Korea

Turbine.

[Mark19960]

I called them out for it and it fell on deaf ears.
It's not their bandwidth so they don't really care.
They are using Pando Media Booster... and it's so badly set up that it takes 4 times as long to download the game
because they saturate the upstream, causing issues.

In short, these game houses don't care because it's a reduced cost to them.

Re:

[0123456]

I called them out for it and it fell on deaf ears.
They are using Pando Media Booster...

Except, as mentioned above, they seem to be fairly open about using a P2P download system and it's easy to uninstall afterwards.

It's some time since I installed DDO and LOTRO but from what I remember it told you to uninstall Pando after downloading the game if you didn't want it to continue using bandwidth, and it's just a matter of using the standard uninstall from the control panel.

Re:

[aevan]

When I installed DDO, I didn't catch any mention that it would continue to act as a peering client well past installation/downloading..running silently even when hadn't loaded up the game after a reboot.. Only caught it when checking discrepancies as to where 40 gig of bandwidth disappeared that month (blew my ISP's lousy cap that time).

The software uninstalled pretty easily, and wouldn't have minded running it occasionally or in a limited fashion, but cannot claim to be impressed by it.

Media Streaming Too

[AganLex]

Just a heads up, but media streaming is also heading this way. The "OctoStream" plugin for streaming video (Major League Gaming stream, etc) is also a P2P streamer.

Theft of service

[nurb432]

If *I* did that id be in jail. Why aren't they?

Re:

[Anonymous Coward]

Because you agreed to it in the TOS...

Re:Theft of service

[dissy]

>>Because you agreed to it in the TOS...

I did no such thing.

As I recall I might have clicked a checkbox and hit next, but that was just one of Many screens I had to correctly configure to get the game to install. I made no agreements after the exchange for the sale was finished.

If that is actually binding, then there is the additional problem for them that my bandwidth TOS is clearly posted on my website.

The first clause is I can change this "agreement" at any time without sending notification, and the second clause is they agree to my TOS by providing in their software a button with the text "I agree", which I can click on to confirm they indeed agree to my TOS.

The charges for my bandwidth are spelled out there, and I will be sending the bill in the mail now.
If they don't pay it by 90 days, I guess I will just have to submit the invoice to a collections agency or something...

Re:

[McGiraf]

I hope your NOT kidding.

Re:

[VeNoM0619]

Who says I even clicked "I Agree"? I see no evidence.. It's just their program saying I clicked it and installing.

Who says I saw the EULA? It's a EULA.txt file most the time, which could get corrupted. You also assume my video driver displayed it correctly, and the scroll buttons were functioning correctly to allow me to view it all.

Perhaps I saw the EULA, perhaps I clicked it, but can you prove beyond reasonable doubt? Last I recall, this is why contracts require signatures. To prove you read/signed th

Re:

[russotto]

Now, if, on the other hand, you had paid for the software with a sealed envelope that had a contract wrapped around it, THEN you've got a chance it would be binding to them... The only problem being "them" is just some retail store, and not the makers of the game, who you really want to bind.

Wait... so if I buy software from a retail store, the manufacturer of the software can bind ME (despite the fact that I've never actually had contact with them), but I can't bind them (for exactly the same reason)?

Screw

Re:

[evilviper]

the manufacturer of the software can bind ME (despite the fact that I've never actually had contact with them), but I can't bind them (for exactly the same reason)?

Sure, you can bind them, but you'll have to delivery your license by courier or some such. It's a simple fact that, when you buy a product, you're getting something physical from them, but they don't get anything physical from you.

Re:

[russotto]

Sure, you can bind them, but you'll have to delivery your license by courier or some such. It's a simple fact that, when you buy a product, you're getting something physical from them, but they don't get anything physical from you./blockquote. When I buy a product at retail, I get something from the retailer. Not from the manufacturer of the product. If I were to write some sort of purported contract on one of the dollar bills I paid the retailer, it sure wouldn't be enforceable against the next person t

Re:

[interkin3tic]

Your own contract posted on some random website??? Not a chance in hell it'll be upheld.

Sure, but that really would depend entirely on the ratio of money he spends on lawyers to money they spend on lawyers, not on the netscape thing.

Not Anything New

[billsayswow]

If I remember right, World of Warcraft distributes their patches over a P2P system. Maybe it isn't Ironforge that always makes you laggy....

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Silentknyght]

If you're running Windows 7 or Vista, the first thing you should install is the Network Meter (and All CPU Meter) gadget. If you suspect any unusual activity, you can quickly glance at your CPU and network resources being used.

You can get them at http://www.addgadget.com/ [addgadget.com]

Those gadgets are trash, and it's so sad that they're the "best" there is for Vista/7. How I wish it had simple, clean, and elegant built-in resource monitoring line Ubuntu/gnome.

Re:

[Kalriath]

No, the best there is (for Vista and 7) is the Resource Monitor, a tool which ships with the operating system (simply launch it from the start menu or task manager).

You can see the per-process CPU, memory, bandwidth, etc utilisation. You can also suspend and resume the process. If you want to drill in more into a given process, just use Process Monitor from MS/Sysinternals.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mitchell314]

You can.

Pull plug out of ethernet jack.
Put plug into ethernet jack.

What more do you want? :P

Re:'bout time

[causality]

You can. Pull plug out of ethernet jack. Put plug into ethernet jack. What more do you want? :P

I know you were speaking tongue-in-cheek but really, this is why both ingress and egress firewalling with a default-deny policy for each is a good idea.

Then it's not so simple for a company to help themselves to your bandwidth. That, by the way, should be illegal unless they first negotiate with you and obtain your explicit written permission to do so. Like anything else, they're not the ones paying for it so they don't automatically have some claim to use it. The failure to recognize that is generally known as "theft of services".

If the companies really think this is acceptable, perhaps they wouldn't mind several tens of thousands of browsers refreshing their home pages as quickly as possible? After all, they think it's acceptable to do as you please with another's bandwidth without their express consent... I have the feeling they wouldn't like that at all. In fact I have the feeling they'd use every legal means available to go after anyone who arranged that.

Re:

[Anonymous Cowpat]

It's likely that to a normal firewall (i.e. one that a home user might have) the connection the game makes to be able to play is the same as the ones it makes to torrent stuff to other people. While it may be theoretically possible to isolate the handful of IP adresses that a given game actually needs to access to work, good luck finding a firewall that will actually let you restrict that game to those addresses, and that doesn't even begin to tackle games with a multiplayer mode which just hook individual

Re:

[causality]

It's likely that to a normal firewall (i.e. one that a home user might have) the connection the game makes to be able to play is the same as the ones it makes to torrent stuff to other people. While it may be theoretically possible to isolate the handful of IP adresses that a given game actually needs to access to work, good luck finding a firewall that will actually let you restrict that game to those addresses, and that doesn't even begin to tackle games with a multiplayer mode which just hook individual users together (not sure how many still do that now, but there are bound to be some).

Yes, but at that point it's no longer a stealth P2P client. That transfers it out of the realm of a technical problem and into the realm of a problem of the marketplace. Then a user can knowingly choose to purchase from such companies or not, and that's the point. It's the "stealth" or "buried in page 111 of the EULA" part that's the real problem here.

As far as "good luck finding a game that will actually let you restrict that game to those IP addresses", any firewall worthy of the name lets you match

The problem with this

[symbolset]

If it's OK to do this with a game you like a lot, with terms hidden deep in the fine print of the EULA, then it's also OK for every cheesy browser plugin and toolbar extension and Java Applet.

Sure, you're OK with one hidden P2P client on your system. How would you feel about 175 of them?

Re:Can we name names here?

[causality]

OK, I know that Blizzard uses BitTorrent, but they're fairly upfront about it.

Someone else has mentioned Dungeons and Dragons Online, but they again mention it.

I know for a fact that the Final Fantasy XIV Beta uses P2P but makes no mention of it (thanks, firewall!), but thanks to the NDA, I can't tell you about that. Or I could post AC.

So can we name names and make a list of companies that mislead customers about P2P and waste their bandwidth? We can start with:

SQUARE ENIX: Final Fantasy XIV (no indication)

Of course this wouldn't work for an MMORPG that inherently requires network access. In my case, the few Windows games I play are single-player and run well under WINE on my Linux machine. I don't trust them in the slightest. I'll detail some of the measures I take:

• I run Wine as a separate user account that isn't ever used for anything else.
• I use iptables (with --match owner) to prevent that account from having any sort of network access. It cannot even ping google.com.
• For several others reasons I use a PaX/Grsecurity kernel. It has an option that prevents normal users from seeing any processes except their own, which I use.

That last one was handy back when I played WoW since the need for some network access meant I couldn't fully use the second security measure. The WoW client has a piece of spyware intended as an anti-cheating device. It takes a list of all running processes on the computer as an attempt at detecting common cheat programs, like those that enable unauthorized automation of gameplay. It reports these results back to Blizzard.

With that feature of PaX/Grsecurity, that WoW client would only see itself and a few WINE-related processes (like wineserver and winedevice). On a more standard Linux system, any process belonging to any user can view every processes belonging to every user (as you can verify with the 'ps' command). I consider cheating to be Blizzard's problem. I didn't consider the processes I choose to run to be Blizzard's business, though I'm willing to reconsider if they ever give me a user account on their servers and let me see what I can see.

It's surprising in some ways and utterly unsurprising in others when I consider how much more control I have over these things with WINE and Linux than anyone running these games under real Windows. More than that, I have a much greater assurance that my control won't be undermined because at no point am I having to trust the good intentions of Blizzard or any other game company. Instead, I deny them everything and then allow them the few things I decide they have a legitimate need to do. This is how it should be. If that were the norm there would be no "stealth p2p clients".

Re:Can we name names here?

[blueg3]

You can't comment on whether Final Fantasy 14 discloses that it uses P2P, because you don't have a copy of FF14. You only have a copy of the beta. The fact that it uses P2P to download the beta client and updates is spelled out in the download and installation instructions that you clearly didn't read.

Re:

[GeekDork]

The FFXIV beta really should mention that it uses a badly broken BitTorrent client as a "patcher". On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful, it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason. Insofar, it didn't get to use much bandwidth on my network, as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS.

T

Re:

[blueg3]

On top of pretty much requiring UPnP "trojan all-you-can-eat buffet" features to do anything useful

Or manually port forwarding, as described on the Beat site.

it will happily corrupt itself beyond repair if it ever times out or is interrupted for some other reason.

Nonsense, I've killed it or had it crash multiple times while in progress. Still works fine. That's why, as with any BitTorrent client, it re-hashes the pieces it has downloaded and throws out any corrupt ones when it starts.

as it didn't transfer more than maybe 1MB in the 20 or so attempts I made before sending some rather impolite feedback and uninstalling the POS

So, you didn't have UPnP or port forwarding set up, and it didn't work. That's not surprising.

The client is lacking any upstream limiting features

Any competent publisher that values its customers (so maybe all two of them)

So, in your opinion, rather than in practice.

Re:

[GeekDork]

Or manually port forwarding, as described on the Beat site.

Why should anyone be required to touch their router settings to install or run a game, unless they want to host game sessions? We're talking about settings here that mean opening up the system to even more vulnerabilities (UPnP gateway features), or require modifications that might well break functionality some time down the road (DNAT). In any case, the "average user" (and maybe to a lesser degree the "average gamer") does not have the knowledge about either alternative to evaluate risks or troubleshoot re

Re:

[blueg3]

They mention both. It's right in the instructions on the beta site.

The reason you have to change your router settings is that either your system and network are old enough not to use UPnP or you've opted to turn it off, and NATing IPv4 routers are a common but asinine blight on the world of networking.

At any rate, with zero configuration, you'll get at least the download bandwidth that you would get if they hosted their own update servers, as they host seeds.

Re:

[hldn]

huh? when you run the updater for FFxiv it clearly shows your download AND upload speed in the panel. if that isn't obvious, i don't know what is.

Windows comes with P2P

[Ilgaz]

I heard Windows has its own P2P framework to build applications and MS could use it for Windows Update anytime they wanted but they didn't enable it yet.

http://technet.microsoft.com/en-us/network/bb545868.aspx [microsoft.com]

They also bought a relatively little known P2P company recently. I am almost sure they could be using same bandwidth as youtube for windows updates. Of course, youtube has ads, windows update hasn't.

If something like you suggest implemented on *NIX, OS level, recently tested rtorrent myself, on a 1.25