Well, it was not totally zero-day, since it took slightly more than 24 hours, apparently. Still, indeed it is now the case that the only ones suffering from the whole “you have to be online all the time or we’ll kick you out of your offline game” thing are the legit customers, while pirates gladly ignore such silly limitations.

The source (on InfoAddict, via PlayNoEvil) states:

Now that the news has spread like wildfire, Ubisoft is finally issuing a response and it is predictably vague. So vague that I am inclined to believe their statement doesn’t hold much water or truth.  Is it possible some aspect of the game is missing? Sure. Is it likely? No, not given how Ubisoft designed Silent Hunter V, meaning it’s not an MMO and it’s world doesn’t exist on a 3rd-party server. If Ubisoft really wants to defeat piracy, may I suggest that your next game be called Silent Hunter Online? Problem solved.

Indeed. Yes, for online games, it makes sense that you need an online connection. For offline games, absolutely not so much. Worst case is that some encrypted content needs to be streamed from the online servers in order for the offline game to work, but even that can be emulated by a dedicated cracker as well (and it requires faster internet connections than mere keep-alive pings that are a more probable implementation of such a feature).

Anyway. Ubisoft of course claims the games won’t work at all anyway. We’ll see what the next days hold, I might update this post or even write a new one if fundamentally new things show up.

Most recent example: Ubisoft. There is a good article on Rock Paper Shotgun about this. What they have announced to do is the following: With every future Ubisoft game, whether it’s single player or multiplayer, online or offline, boxed with a CD or delivered via download, you will constantly need an online connection in order to keep playing the game.

Ubisoft's DRM in action

In other words: Even if it’s a pure single player offline experience, you will constantly need to be online. If for some reason (shaky WiFi, ISP hickups, flatmate downloads too much stuff, Ubisoft’s servers have problems) you lose your connection for a moment, you are also dropped out of your game and (at least in some games) lose all the unsaved data. (Image source)

Ubisoft also does talk around the issue that in five or ten years, their licensing servers for a game might be offline. As a sidenote, in the case of EA, servers shutdowns happen nearly every year. Ubisoft do not fully commit to promising a patch that will remove the online shackles (Source):

PCG: So you can commit to saying that those systems will be patched out?
Ubisoft: That’s the plan.
PCG: It’s the plan, or it’s definitely going to happen?
Ubisoft: That’s written into the goal of the overall plan of the thing. But we don’t plan on shutting down the servers, we really don’t.

I trust the developers that they don’t want to shut these things down. But I don’t trust the management that they won’t. After all, they get nothing out of second-hand sales, and they can stiffle those if only more recent titles actually work at all.

Cogs, great indy game on Steam

Now, a common argument appears to be “but Steam does the same”. And I love Steam. But it has a few fundamental differences to this incoming Ubisoft system:

• You’re only kicked out of actual online games if you lose the connection to the game server (and not the Steam server – the latter doesn’t have any serious impact whatsoever) – so Steam does not affect your capability to play games.
• There is an offline mode, which always worked a treat for me in the rare occasions where I’m offline.
• Steam uses the fact that it’s online for great benefit: automatic background updates, digital content delivery, online save data (well, Ubisoft plans that as well), community features across games (with text and voice chat), all with a very easy-to-use interface.
• Steam is open for games from other developers, and notably, indie developers who gain a way bigger exposure to an interested audience through the system. Without Steam, I would have missed out on Cogs, Bob Came in Pieces, Defense Grid, or Braid.

Vote with your Wallet

Ubisoft’s feature only does one thing: It makes it harder for legitimate customers to play the game. As i wrote elsewhere: Since no server connection is required at all, it’s just another small hoop crackers have to go through, and no change at all for pirates. On the other hand, it is a big change for legitimate customers. Yet again, legitimate customers are punished for piracy.

Piracy is merely a strawman argument. It shouldn’t convince anyone.

If it would actually make game piracy harder, I might understand it a slight bit. But it doesn’t: Cracks and patches will be out within a week tops, patching out the online requirement for pirates. Essentially making the game a better product for non-legitimate customers. They even have an internal schedule for about when the game will be cracked (Source):

Do Ubi believe this DRM is unhackable?
They accept that it’s all DRM’s fate to be eventually hacked, explaining that internally, they’ve already talked of a timescale for how long their games will be protected by it. But, they believe that it’s secure enough for them. “We wouldn’t do it if we didn’t believe in it. The guys who designed it believe in it. Do we think that it’s the one system that God has sent onto earth that will never be cracked by anybody ever? We can’t guarantee that, but we believe in it.

”

Well, I really looked forward to the new, back-to-the-roots, Prince of Persia games. Looks like I won’t buy them, completely unlike all but two (1999, 2008) of the previous ones.

I have one thing to say really: Vote with your wallet. If you run into this post after having bought a broken product like that, return the game. Ubisoft will only stop hurting you if you don’t encourage them to.

Disclaimer: Even though some of the contents of this post make it reasonable to believe that I advocate piracy: I don’t. I also do not play pirated games, or use pirated software – it’s a matter of ethics for me, being both a developer and an aspiring philosopher myself.

In short, again, the reasons why I think biometric passports as per the current proposal are not reasonable:

• Too open access to the collected data, private institutions and foreign governments can access it without notice
• Privacy goes out the window when you can be tracked everywhere
• RFID is readable from meters away without line of sight
• Current RFID encryption is not secure, your passport can be read by crooks
• The only reason why the Swiss government wants those passports is because the USA told us so

I expanded upon all of those points in my earlier post.

Please, do something while you still can! Sign the referendum now. You will have to have your signatures verified already, meanwhile, as they write:

Senden Sie uns jetzt keine UNBEGLAUBIGTEN Bögen mehr. Gehen Sie mit den Bögen die Sie bis am Montag, 29.9. noch ausfüllen können direkt auf die zuständige Gemeindeverwaltung um die Unterschriften beglaubigen zu lassen. Oder senden Sie die Unterschriftenbögen DIREKT an die zuständige Gemeindeverwaltung.

You will then need to send this cover letter along.

Update: We’re there, voting will be May next year or so.

Yes, that just was my meager tribute to today’s Talk like a Pirate Day

Ingame Map

Washington Map

It’s a fact that there’s 10 million WoW players (by official count), and that not all ingame chat is about the game itself. It’s also a fact however that some CIA folks have seen too many conspiracy movies. You might have heard about it: A Pentagon researcher gave a presentation early this month (via Wired, heise), where he alerted the world to the inherent dangers in such online worlds: Jargon! Coded messages! To the left, you see an ingame map, to the right the overlaid secret attack plan. Boo!

Now … yes. Of course, this is theoretically possible. Of course terrorists could forfeit encrypted mails, a private Ventrillo server, or some other secure means of communication, in favour of in-WoW chat. But it’s a prime example of a movie plot threat, a term coined by security expert Bruce Schneier. He clearly illustrates why defending against those is a very bad idea:

The problem with movie plot security is that it only works if we guess right. If we spend billions defending our subways, and the terrorists bomb a bus, we’ve wasted our money. To be sure, defending the subways makes commuting safer. But focusing on subways also has the effect of shifting attacks toward less-defended targets, and the result is that we’re no safer overall.

Seems those Pentagon researchers haven’t read that, though. Nor have they heard about his later movie plot threat contest (which made it to the NY Times), just you wait until they expand on more of those possible dangers – here’s a long inspirational list.

Terror in Lineage

I particularly like this broken toys post, where the blogger draws parallels in other popular MMOs.

Indeed, the point can be made that they only use the above WoW picture as a clever way to make even politicians realize that “emerging media” are something that has to be watched for potential terrorist attacks. But the main issue remains: However many movie plot threats you watch, however many communication channels you supervise, we’re gladly living in a not-quite-yet-1984 world, which has the downside that terrorists have plenty of communication alternatives.

And once again I’m quoting Schneier, in his brilliant analysis of the subject matter:

My guess is still that some clever Pentagon researchers have figured out how to play World of Warcraft on the job, and they’re not giving that perk up anytime soon.

I guess that’s the best explanation for all this.

RFID - How It Works

The Swiss government has decided that our passports, like a few before ours, should store data on RFID chips. Meaning, the following data would be stored in that chip:

• fingerprints
• a digital photograph
• all the data that’s also available in printed form (name, gender, date of birth, eye color, and so on)

All this data could then be read out via electrical readers (as pictured in the diagram to the right, labels German).

That in and of itself isn’t necessarily evil! The current proposal concerning regulations and technology lets it be implemented in ways that make it evil though. Let me lay out why that is.

About RFID

If you haven’t heard of RFID before, it’s high time you read up at Wikipedia – and even if you did, there’s quite intriguing things I haven’t read before in there too. Short version:

An RFID tag is an object that can be applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader.

Additionally, the RFID chip can be passive – meaning, it has no energy source of its own and thus potentially lives forever. And as I’ll explain later more in-depth, you can’t track who obtains information from it. There are also active RFID chips, but since the ones used in passports are passive and there are no other fundamental differences beyond range between active and passive types, I’ll neglect active RFID chips for the rest of this post.

There are places where RFID chips make sense and most privacy concerns don’t apply (like race tracking, inventory systems, some kinds of animal tracking). But passports definitely aren’t one of them.

The Referendum

The referendum (a federal facultative referendum, that is) is carried from a surprisingly (in a very positive way) large number of independent political forces.

The referendum was launched because there is a vast number of unresolved issues that are introduced with biometric RFID passes (details see below).

Here is the RFID referendum website

If you’re Swiss, I strongly urge you to sign it within the next 10 days, if you haven’t already, and spread it among your friends and coworkers. Time is running out, the referendum only runs until September 22th, and apparently, over 30’000 more signatures are needed. Signature sheets are available on their site.

Privacy

It is not a coincidence that the RFID chip started out, originally, as an espionage device. Its passive nature and long life make it perfect for stealth placement and readout.

Accesses to the chip are not trackable, and while the chips in passports are protected by a metal mesh covering them that shields them against malicious scans, this (just like other things when it comes to RFID) doesn’t work as it should. Uncovered at the Blackhat 2006, a proof of concept showed:

The problem, according to Flexilis, is that the shielding does not fully protect passport against remote scans. Kevin Mahaffey from Flexilis says a medium powered scanner could detect a partially opened passport from four to six inches away. The theoretical maximum detection range is more than 10 feet, but Mahaffey said that would require a “huge amount of power.”

So, when you have such a passport, you’re trackable, identifiable, by anyone who has access to that kind of technology. Which is just about anyone who’s determined enough.

Furthermore, even “legitimate” (as per the legal text) kinds of tracking can go way beyond what we’re comfortable with. Airline companies, other companies with special permissions, your own and foreign governments, can and may track your every move. And once enough companies have your data in their databases, it’s bound to be stolen and out in the open eventually – data leaks do happen.

If you’re in the fortunate position to understand German, the StopRFID pages of the FoeBuD e.V. have way more info.

Security

There is a simple fact about RFID chips that no lobbyist will openly admit:

They are not secure.

You may have heard of MythBusters. It’s a Discovery Channel series that … busts myths. Often funny, like “can you surf on a wave created by a dynamite explosion”, but also stuff like “can you hack security fingerprint systems”. They tried to do an episode on RFID, and they were shut down by the industry. You draw the conclusions. References here: tom’s hardware, cnet news, the consumerist, all via Bruce Schneier.

“But”, I hear you say, “they’re meant to be made secure!” Well … yes. Read for yourself, in the federal Swiss decree:

Der Datenchip ist gegen Fälschungen und unberechtigtes Lesen zu schützen. Der Bundesrat bestimmt die entsprechenden technischen Anforderungen.

More or less, the chip is to be protected against malicious readouts, and details are to be determined by the executive.

But, there’s a problem with this: The same thing was meant to happen with the British passes’ RFID chips. And what happened? They were hacked a couple weeks after they were released. Read the details on The Guardian:

“The reader – I bought one for £250 – has to say hello to the chip and tell it that it is authorised to make contact. The key to that is in the date of birth, etc. Once they communicate, the conversation is encrypted, but I wrote some software in about 48 hours that made sense of it.”

More info on TechNewsWorld. Now, this was a white hat hacker. Who tells us that black hats have problems with what he achieved in 48 hours? We already know that it’s easy to access credit card numbers like that, why should full blown identity theft be made as easy as the (too easy) credit card theft?

Teleology

As we know, the main reason for adding those RFID chips in the first place is that the US wants everybody to do so. In their Enhanced Border Security and Visa Reform Act of 2002, we find:

Additionally, by October 26, 2004, in order for a country to remain eligible for participation in the visa waiver program its government must certify that it has a program to issue to its nationals machine-readable passports that are tamper-resistant and which incorporate biometric and authentication identifiers that satisfy the standards of the International Civil Aviation Organization (ICAO).

Why is it that the US government wants everybody to use those RFID chips in the first place then? Bruce Schneier has, yet again, brilliant vista:

The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.

Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can’t be done.

This, of course, is speculation. I haven’t seen another reasonable explanation to date yet though.

The fun thing is that the US government keeps pursuing that course, despite even large independent bodies like the Smart Card Alliance (who actually represents RFID vendors, among others, and thus has it in their best economic interest that RFID chips are used) warning them from privacy and security dangers. If you have a long breath, you might want to read this extensive report from May 2006.

The future

Maybe some time in the future, the technology will be where it needs to be in order to make a private, secure chip that makes international travel easy without exposing its users to unnecessary risks. The proposed RFID chips certainly aren’t that technology.

Of course, even when we eventually do have the technology, other things like better tolerance and education would be more effective in preventing terrorism. But that’s an entirely different discussion.

I hate piracy, but even more so I can’t stand rigid DRM. Particularly when it has compatibility problems with legit programs, restricts other legitimate activities on a computer, or acts akin to a rootkit. Even if EA removed the need to be online to play an offline game.

Anyway, that alone wouldn’t warrant a blog post – but this is utterly hilarious: Tons of customers that are as disgruntled as I am (or even more so, apparently) went to Amazon and did this to Spore’s review score:

Spore Reviews

Well-deserved, EA. This comic here sums it up nicely.

Other reactions: Now also on Basic Thinking (in German), with fitting video, and on Rock, Paper, Shotgun, where the poster takes a stance different from mine and the discussion in the comments is tremendously interesting. Next step: BBC – the mass media are picking up!

Update 08-09-09 20:57: Amazon US meanwhile has nearly 1500 1-star reviews, while Amazon UK deletes anti-DRM comments, and EA continues using SecuROM, all via Basic Thinking. Let’s hope the momentum carries this a bit further into mass media and provokes some more attention before it all dies down under the censoring monetary weight of major corporations.

Update 08-09-12 00:23: More coverage, on ars technica (that I saw, but haven’t linked before), and in German at Spiegel Online, via Crossmediale Kommunikation (German as well).

Chrome Phone Home

Maybe you heard (I hear it was even on TV?) that Chrome loves E.T. and likes to phone home. Yes, it does, but not that much more so than other browsers: Google’s Matt Cutts has the details. (Yes, I added that link to the other post later on as well).

Selection mine, he has a few more points:

If you’re just surfing around the web and clicking on links, that information does not go to google.com.

If you are typing a search or url in the address bar, Google Chrome will talk to the current search service to try to offer useful query/url suggestions.

Google Chrome checks for automatic updates every 25 hours.

Every 30 minutes, Google Chrome downloads a list of 32-bit url hashes of urls thought to be dangerous (malware or phishing).

Essentially, the same as every other browser. And less than IE, who sends URLs to Microsoft for Malware checks if you opt in (and doesn’t have a malware filter if you don’t). Their Internet Explorer Privacy Statement reads:

If you opt in, addresses not on the legitimate list will be sent to Microsoft and checked against a frequently updated list of websites that have been reported to Microsoft as phishing, suspicious, or legitimate websites.

Terms of Use

Another outcry in the community (details here at TapTheHive) was about Google’s terms of use, in particular the lengthy part 11 which allowed Google to use all data anybody ever entered in Chrome, basically. They’re not the first ones with evil TOS, but the ones that were watched best I guess, with the paranoia that I partially share and all. They changed it, it now reads:

11. Content license from you

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.

The German version didn’t change yet, but the English version works retroactively for people who accepted the old one as well.

More, Way More

I guess everybody wants to see more objective data as to whether Chrome’s speed really is better than that of Firefox (let’s not talk about IE). It is, slightly: Speed tests! But the Firefox team is working on a faster JS engine.

Then, a funny little exploit to crash all of Chrome’s tabs (via der-link.de).

And finally, interoperability: Get the best of Chrome’s features in Firefox via, who’d have thought, plugins (I didn’t know a few of those). And, associative art with the Chrome logo – is there a hidden message somewhere (via Basic Thinking)?

Update 08-09-12 10:59: Yesterday’s news (well, actually, from the 8th), Google now anonymizes the 2% of traffic they log from Google Suggest after only 24 hours. And since this addition will send another trackback to the Google Blog, hello in advance

The Problem

A better title for the post would maybe be “Circumventing Google’s Data Collection”.

For one – yes, Google does collect data. It is possible to use alternate search engines, however to date I haven’t found one that comes near Google’s quality and ease of use, nor have I found an Email service (or program I could install on my server) that comes anywhere near close Gmail’s utility. BloggingTom did collect some alternatives some time ago.

The Solution

Another alternative is using Firefox (which you should anyway, but so far most of my visitors do) and profiting from the various available plugins that make circumventing Google’s data collection a breeze. For example, GOOLASH, or the in my opinion much better Customize Google (a better-looking description) that beyond mere cookie anonymization also has a plethora of other options.

Finally, another point in that post was the ubiquity of AdSense and Google Analytics. The easy way out there is NoScript, particularly when coupled with AdBlock Plus. So much for JavaScript-implanted WebBacons.

So in conclusion: Yes, the empire has arrived. But even if we’re profiting from its benefits, succumbing to it or even just watching it grow is not something we have to do.