Blogcritics Author: SecurePlay

Announcement: Short-content feeds

Phillip Winn — Sun, 26 Aug 2007 12:00:00 EDT

Sunday, August 26, 2007, marks the switch of all Blogcritics.org article feeds from full-content to short-content. This is the result of several converging factors, and is unfortunately a permanent decision (as permanent as any decision can be on the web, that is). We are aware of all of the reasons that this is a Bad Idea, and we are aware that some of you will be quite upset about having to click on something to read the free content, and we're sorry. Unfortunately, despite great effort, full-content feeds are not currently economically viable. Two other factors are involved: full-content feeds have resulted in an unprecedented level of content theft, with BC content appearing on many websites, usually spam sites, without attribution or permission. This duplicate content causes a cascading set of problems, not the least of which is that search engines generally aren't favorable to duplicate content, and don't always guess correctly. Finally, our RSS advertising partner is strongly in favor of short-content feeds. We hope that you'll continue to subscribe to BC via RSS, and when an article grabs your eye, it's only a click away, still free on the BC website. Thank you for your understanding.

Let's Adopt Iraq

SecurePlay — Tue, 20 Jun 2006 16:20:44 EDT

Whatever one's opinion of why we went to war in Iraq, things are not going as well as anyone would like. Rather than handwringing and waiting for... something or someone else to solve this problem, let's do something about it. Let's bring our practical nature and our idealistic heart to the problem. Let's adopt Iraq.Rather than passively watch the nightly news, why not have every town in America adopt a town in Iraq? Show them that we really want them to be free and have a better life. Ask them what they need. If they need food, get them some, if they need books for their libraries, send them some, if they need clothes, donate them. Rather than having anonymous deliveries from distant agencies, send help with a personal note and our best wishes and find out what else they need. As was seen with Katrina, the American people are very generous - much more so than our corporations or government.Adopt a mosque. Americans are one of the most religious countries in the world - reach out from our moral communities to our peers. Person-to-person and day-to-day, religious communities around the world have more in common than they have differences. Donate a cell phone. or a fax machine. Make sure that everyone in Iraq has a phone. Donate minutes so they can call anywhere domestically or internationally. Make communication free, easy, and pervasive. The cell phone, fax, and Internet are great tools for democracy and freedom - get them out there and communicate.The US has ten times as many people as Iraq and our households earn ten times as much. If everyone chips in a bit... it will make a huge difference. Make it personal. Find a penpal. Reach out. Take direct action. If you want our troops home and to improve our reputation, let's show them what we can do as individuals. If we are "brothers and sisters" to the Iraqis individually, everything else will follow. Terror thrives on anonymity and isolation. We can hide alone in our fear or reach out and find new friends.

Steven Davis is an engineer whose work has focused on information security and security issues of online games. His company, IT GlobalSecure, develops security products including the SecurePlay anti-cheating security software suite as well as providing engineering services. His blog is located at PlayNoEvil

Who's Protecting Your Privacy?

SecurePlay — Wed, 14 Jun 2006 22:09:02 EDT

The appallingly regular compromise of individuals' sensitive information by companies should be stirring outrage and action. The US Veterans Affairs disclosure is only the largest, not the latest, of these incidents. And so far, no real action to protect your data and mine.Except in Korea.In a major case in Korea, NCSoft (a major worldwide game publisher and developer) must pay W500,000 (about $500 US) to each person whose user name and password was compromised. The court found that compromise of the user name and password was sufficient to show the loss of personal information. There are apparently thousands of users affected by this incident in 2004.The incident occured when NCSoft was doing an upgrade of their computer systems and neglected to protect a file containing the user names and passwords.If companies in the US faced the same threat, personal privacy and IT security would take a huge step forward. Also, companies would think more carefully about collecting and retaining personally identifiable information.This is separate from a more recent incident that broke in late 2005 and early 2006 where Korean National IDs were stolen from a number of sources and used to create fraudulent accounts with NCSoft.This does raise some interesting questions:1. If the company can show that they keep data separate so that a single incident does not lead to any meaningful compromise, can they avoid liability? This is certainly doable from an engineering perspective. Also, if the company has a strong logging system in place, they can identify the scope of an incident in more detail to reduce costs and better inform customers of whether they are actually at risk of identity theft.2. Should this be a payment to the consumer or a fine? If the compromise was of a user name and password AND NO OTHER information, the password compromise should be considered insignificant, if the company acted promptly and re-imbursed users for any lost data during the period of the compromise. In this case, a fine is reasonable to encourage companies to avoid these compromises. The simple loss of a password for an extended period of time could arguably result in a fine and a payment to affected players for "losses". Consumers need to be responsible to use passwords in such a manner that the compromise of one does not affect their other accounts (thus, a company fine). Losses at the site are one matter, the compromise of personally sensitive information is different. Credit card numberss, ID numbers, etc. are sensitive, have a long term value, can be used for other crimes, and are expensive and time-consuming to recover.Standards for prompt disclosure combined with an established schedule of fines and payments would create incentives for companies to take appropriate actions promptly and exercise better care with this information. Conversely, consumers should not be rewarded for irresponsible behavior on their part.3. The forthcoming case related to creation of fraudulent accounts is interesting. Here, the company is not the source of the compromise, but its target. Basically, criminals used a number of methods to collect user identity information so that they could create "free" accounts with NCSoft. There is a class action lawsuit targeting NCSoft, but it seems relatively weak. The free accounts did not damage the customers financially or their credit (they may have kept the actual individuals from creating a free account, but that seems a relatively minor matter). The cases in Korea, China, and the US argue is for some form of "information audit" capability. Not the usual "computer audit", but an independent system that can provide a separate path to consumers that something has occurred. Thus, if someone uses an ID number or credit card or does a credit check, the person should receive an independent message from the credit card firm or an ID agency immediately that this has occurred. Monthly statements or no notification are too decoupled from actual activities and given the large volume of transactions that an individual processes in a month, poor mechanisms for verification...and opportunities for much mischief. AsideNCSoft is a leading online game company based in Korea with very popular massively, multi-player online (MMO) games worldwide. In the US, NCSoft is best known for Guild Wars and City of Heros/City of Villians. One of its most popular fantasy games in Korea, Lineage, is so popular that players can make money buying and selling the game's currency and virtual assets (like swords and armor). Because these items are valuable, some people have chosen to play the game to accumulate virtual items and sell them - these people are often called gold farmers. Because NCSoft does not permit this sort of trading in virtual items, to hide their activities, gold farmers will use "starter" accounts as "cut-outs" to keep the buying players from knowing who actually is the gold farmer - kind of like drug dealers uses "mules" - low-level couriers to smuggle drugs.

Techidemic: Online Game Addiction, Porn Addiction, and the Fear of the New

SecurePlay — Wed, 14 Jun 2006 17:15:41 EDT

There's a new meme in town, and its name is Online Addiction.An editorial in The Korea Times discusses an emerging "webidemic" of porn and gaming addiction tied to the deployment of a new, national wireless broadband (WiBro) infrastructure in Korea.The notion of the Internet not being private is something we do not think much about in the US -- most Internet users have a fair degree of access in their homes, if they wish. In other countries, like Korea, Internet usage is almost always in a public location - a school, at work, or at an Internet cafe - even if it is being used for fun. This environment does shape the types of services and interactions that occur.A Quick DigressionPorn is a pretty private thing. In Asia, online porn has not been an issue due to the limited availability of home access. But it is interesting to think about gaming. In Korea and the rest of Asia, where Internet cafes are dominant, the type of gameplay that is most popular is Player vs. Player (PvP) - which is certainly logical as you and your friends can easily play in close physical proximity while you are playing online. In the US however, the most popular forms of online games are Player vs. Environment (PvE) - again, gaming is a more solitary activity and grouping through Guilds a more tenuous relationship and "slow" relationship that may be more suited to our social isolation. It will be interesting to see if the rise of a private Internet in Korea and elsewhere changes the types of issues that they are facing.Back to the WebidemicSo gaming addiction and porn addiction have caught the attention of commentators oversees. The social concern in Asia is the loss of productivity, disruption of ordinary relationships, and the rise of new forms of crime is the major concern. We in the US, of course, are focused on banning games for sexual and violent content - the analog reflecting our private Internet.Or is it a Techidemic?There are legitimate issues being raised. The "cost" of traditionally socially unacceptable behavior has plummetted. Interactive violence and sex as well as easy access to (usually sexual) taboo material scares portions of the public. Social controls can manage many forms of non-accepted behavior simply by cost of access and a very small population of participants in any given community. High-speed worldwide communications give these variant voices a community to share and nurture what may have been purely solitary fantasies and ambitions.So we have a worldwide techidemic. High tech and culture are colliding and high tech is considered a "disease" - what sort of cure are societies going to create?

Nintendo's New Strategy

SecurePlay — Mon, 12 Jun 2006 19:26:26 EDT

Satoru Iwata, President of Nintendo, gave yet another news conference that demonstrates why Nintendo thinks very hard about its business, technology, and games.I truly admire what Nintendo is doing and I am only sorry that they have been so difficult to partner with (sigh).First, their goal is to not lose money on the console hardware i- this breaks with the tradition of a lot of game consoles where substantial losses in hardware are recovered through licensing fees. This reliance on licensing fees pushes costs and risks onto publishers and developers reducing game innovation and flexibility for business models.Second, by making the Wii cheap, Nintendo makes the threshold for decision to buy easier. Most people will not think nearly as hard about a $250 purchase as they do about a $500 or more purchase -- these mental pricing thresholds are very important and Nintendo has a huge advantage compared to both Microsoft and Sony.Third, Nintendo is joining Turner's GameTap in re-monetizing its back catalog. These completely developed assets have essentially been worth nothing as they have been considered "obsolete." By charging between $5-$10 to download them, Nintendo is essentially printing money ... for the cost of bandwidth (pretty low for these older games), and no retail channel or others to share revenue with, every game sale goes right to Nintendo's bottom line.Forth, the unique design of the Wii has excited developers, but, more intriguingly, it is going to make it a real pain to make a multi-platform game. While it may be possible to port between PS3 and Xbox 360, the Wii platform will essentially stand-alone. This means more exclusive titles and, with good licensing terms, more games. If Nintendo really works to court third-party developers, they will be in a great position to dominate on content.I think Nintendo understands that its biggest threat is the PC. By building a compelling platform that is very different from a PC, due to the controller, they have created a real market niche. Also, if they can replicate Brain Age and Nintendogs on the Wii, they may reach a much wider audience. Their threat to allow casual, downloadable games, could be icing on the cake -- a farm league recruiting system to nurture new developers.

Online Games - Who Knows How Big?

SecurePlay — Mon, 12 Jun 2006 14:53:21 EDT

DFC Intelligence has predicted that online gaming is going to reach US $12 billion by 2011. They believe that this growth will be led by consoles.I think this prediction is low, perhaps way low and the focus on consoles is incorrect.First, online gaming seems to be undercounted outside the US. The market in Korea and China are both near US $1 billion today and there seems to be rapid growth throughout Asia. If countries like Vietnam and the Philippines are seeing a substantial online gaming market, it is becoming a truly global phenomenon. Countries like India are just beginning to be touched by this market.The numbers in Europe are similarly encouraging, but harder to find.Basically, every country on Earth that can afford to is deploying cheap broadband Internet (except the US where the definition of "broadband" is a fraction of what is available elsewhere for less). Where broadband appears, online games follow... fast.Also, the rapidly growing Virtual Asset Sale business strategy and rise of casual online games -- many with hundreds of thousands of concurrent players -- is a market that is not easily measured. Nor is the rise of casual game portals with micro-purchases and virtual currency systems easily measured by analysts.PCs are becoming so inexpensive that they are no longer a barrier. When the PS2 came out, a PC was probably a $1500 purchase. Now, there are very respectable machines for less than the price of a nex-gen console - with a nice LCD monitor. Both AMD and Intel are pushing towards a $100 computer for the Third World along with many development groups. While the purpose may be for education, much of the use is going to be for games.The hardest thing is going to be measuring this phenomenon. Game portals, virtual currencies, asset-based games, and more independent game providers all over the world will make tracking this market increasingly tricky. Online games are likely to be the first truly global online market. Unlike regular e-commerce, there is no problem with delivery, just bandwidth, processing, and lag - the cost for all of which are plummeting.