While trying out the new patch, I was very unpleasantly surprised when while trying to play a SINGLE PLAYER test game, with only myself and an AI opponent, I was unpleasantly jerked to the desktop with a security alert! Dominions II was trying to phone home, and my firewall had intercepted a suspicious request.

What on earth is 82.182.97.69 30729?

I cannot identify this port or protocol. Reverse-DNS identifies this IP as "1-1-2-16a.msp.mlm.bostream.se".

Has somebody managed to slip some sort of odd spyware trojan into the new Dom2 patch?

[ April 10, 2004, 03:44: Message edited by: Zen ]

That is home.

Totally guesswork but I suspect that the "CD keys are only checked in multiplayer games" might be getting tackled. Along with a way to update the list of CD keys that are Banned. Or maybe the list got too long to include inside the game so now it checks it at home.

[ April 07, 2004, 16:04: Message edited by: Gandalf Parker ]

So it's ILLWINTER'S Spyware, phoning home. How evil. What little faith I had in them is now destroyed. It saddens me to see them resort to spyware tactics, phoning home with all of the information about your computer. I have no idea what's in these mystery packets, but given the surreptitious nature of such an inclusion, it is obviously a Bad Thing. No software on MY computer phones home. Period.

Hmm. The more odd thing is that it doesn't happen consistently: It doesn't occur every time you try to play. Some people are unable to get it to occur at all, and it doesn't happen in every game, network or SP.

Maybe it's an update checker? I'm trying to be generous and hoping that Illwinter did not, in fact, include something so obviously malware as something that phones home every time you try to play, allowing them to track your playing habits and computer data, and that this is something more benign, like an update-checker...maybe.

Is there an official statement on this matter, or only guilty silence?

Small question here, since I really dont understand what all of this means: How can a game make your computer call "home", and what does that mean? I mean, will it make my modem dial something and then transfer information even if I dont want that to be?

Would the nature of this spyware be a tracking cookie? Kind of illiterate on spyware. If not then the ad-aware spyware remover I just ran only found tracking cookies and I removed them. There were seven of them.

No, tracking cookies are not the only thing: The program appears to call home (according to Gandalf, that's an Illwinter server), on a nonstandard port, and sends unknown data. Normal Spyware/Adware removal programs won't detect this behavior, since it occurs inside of a normal (and new) program.

Basically, this little added feature has the ability to do all of that, and your spyware checkers will not be able to detect it right now, and probably never, because it's unlikely that this will be added to their detection profiles.

However, I have no idea why this program would suddenly phone home in a change not mentioned in the patch update, so I can only assume that it is no good. Otherwise, they would have told us about it.

And the behaviour if it is unable to phone home is...?

not everyone has an always-on connection.. And some of us like to black-hole route things that try to phone home.

Originally posted by Nephelim:
And the behaviour if it is unable to phone home is...?

not everyone has an always-on connection.. And some of us like to black-hole route things that try to phone home. <font size="2" face="sans-serif, arial, verdana">Like me, yes. http://forum.shrapnelgames.com/images/icons/icon7.gif I black-hole anything that tries to use the Internet without permission as a general rule.

The behavior that occurs when unable to phone home is, as far as I can tell, absolutely nothing.

What I don't know is what the behavior for being ABLE to phone home is, given that I will not allow such a thing! If anyone can tell me what THAT is, I'd be curious.

Originally posted by Norfleet:
No, tracking cookies are not the only thing: The program appears to call home (according to Gandalf, that's an Illwinter server), on a nonstandard port, and sends unknown data. Normal Spyware/Adware removal programs won't detect this behavior, since it occurs inside of a normal (and new) program.
<font size="2" face="sans-serif, arial, verdana">Not all programs that contact the home site are automatically considered spyware so you dont even know if it will EVER be included in the spyware-killer programs list. Nor do you know what data is being sent. So saying "with all of the information about your computer" as you did in another post is abit inflammatory. If its only the CD registration key then its not that uncommon.


However, I have no idea why this program would suddenly phone home in a change not mentioned in the patch update, so I can only assume that it is no good. Otherwise, they would have told us about it. <font size="2" face="sans-serif, arial, verdana">???? Since when have they ever told us the measures used in pirate protection. And who ever has for that matter. http://forum.shrapnelgames.com/images/icons/icon7.gif

If its information gathering such as getting a feel for what mods and maps are popular then Id expect them to have made it voluntary but if its pirate protection then I wouldnt expect it be to voluntary.

Gandalf is right. It's a multiplayer CD-key check. Nothing more, nothing less.

Originally posted by Gandalf Parker:
Nor do you know what data is being sent. So saying "with all of the information about your computer" as you did in another post is abit inflammatory.<font size="2" face="sans-serif, arial, verdana">When in doubt, it's always the worst case scenario. This rule has kept me alive over the years where those who haven't have died because of misunderestimation. I'm not about to give it up now, and I suggest you take it up. When it comes to these things, if the capability to do it exists, it's already been done. I'd hardly believe Illwinter is stupid and doesn't realize the power of this, so it's safe to figure that they know.

Originally posted by Kristoffer O:
Gandalf is right. It's a multiplayer CD-key check. Nothing more, nothing less. <font size="2" face="sans-serif, arial, verdana">That's merely what you'd LIKE us to believe. You don't really think I'm that gullible, do you? No, I think there's something you're not telling us. Of course, you're not GOING to, since it's your little precious secret, but I'm going to rout it into /dev/null anyway. ET doesn't phone home on my watch.

Originally posted by Norfleet:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Gandalf Parker:
Nor do you know what data is being sent. So saying "with all of the information about your computer" as you did in another post is abit inflammatory.<font size="2" face="sans-serif, arial, verdana">When in doubt, it's always the worst case scenario. This rule has kept me alive over the years where those who haven't have died because of misunderestimation. I'm not about to give it up now, and I suggest you take it up. When it comes to these things, if the capability to do it exists, it's already been done. I'd hardly believe Illwinter is stupid and doesn't realize the power of this, so it's safe to figure that they know. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">There are many things in life in which we are not interested, one of the things we are least interested in of all are your computer habits, barring your possible use of cracked copies of dom 2.

Originally posted by Norfleet:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Kristoffer O:
Gandalf is right. It's a multiplayer CD-key check. Nothing more, nothing less. <font size="2" face="sans-serif, arial, verdana">That's merely what you'd LIKE us to believe. You don't really think I'm that gullible, do you? No, I think there's something you're not telling us. Of course, you're not GOING to, since it's your little precious secret, but I'm going to rout it into /dev/null anyway. ET doesn't phone home on my watch. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">We have regular lives, stalking and spying on you is not something we are remotely interested in. Other games like Kohan and various blizzard games have similar measures.

This rule has kept me alive over the years where those who haven't have died because of misunderestimation.

Misunderestimation? Doesn't that take it right back to a correct estimation or perhaps an accidental overestimation?

That word. I do not think it means what you think it means. (I don't even think it exists, to be honest, but hey.)

*shrug* Somehow, giving IW this sort of access doesn't exactly have me shaking at the knees. And, really, would an easily notable phone-home be their best route if they wanted to wreak havoc on your system? I mean, as it is, you're giving them a great deal of access just by installing the patches.

Originally posted by Norfleet:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Kristoffer O:
Gandalf is right. It's a multiplayer CD-key check. Nothing more, nothing less. <font size="2" face="sans-serif, arial, verdana">That's merely what you'd LIKE us to believe. You don't really think I'm that gullible, do you? No, I think there's something you're not telling us. Of course, you're not GOING to, since it's your little precious secret, but I'm going to rout it into /dev/null anyway. ET doesn't phone home on my watch. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">So check the packet size. It shouldnt be hard to tell if its sending more than a key or more often than it needs to.

As far as blocking all programs contacting outward from your machine thats rather what I would have expected of you and various others here. I also tend to do more sniffing of my network traffic than most. But I dont think the average user is going to have a problem with just one more piracy protection. (and an effort to generate a coup would probably need to be in a newsgroup or something now that the answer has been given.)

[ April 07, 2004, 17:52: Message edited by: Gandalf Parker ]

Well, I guess I'm okay with the protection program as long as it doesn't corrupt my porn files! http://forum.shrapnelgames.com/images/icons/shock.gif

What bothers me though is the timing.

Dominions 2 is selling well.

And I might be a bit naive, but IMHO people who are capable to appreciate this game don't use cracks because they don't want to hurt Illwinter.

[ April 07, 2004, 20:18: Message edited by: PrinzMegaherz ]

Popularity has its pros and cons. The more popular something is, the more people are trying to crack it.

I wasnt thrilled with the cost jump from Dom1 to Dom2 but since I have paid it I have no problem with Illwinter taking steps to make sure that only people willing to pay for the game are able to play with me. From my experience, those who got it for nothing are people I wont miss if they fall out of the Dom2 community.

Originally posted by PrinzMegaherz:
What bothers me though is the timing.

Dominions 2 is selling well.

And I might be a bit naive, but IMHO people who are capable to appreciate this game don't use cracks because they don't want to hurt Illwinter. <font size="2" face="sans-serif, arial, verdana">Actually there has been less piracy problems than we expected. Of course there are piracy, but I think you are right. We humbly thank you all http://forum.shrapnelgames.com/images/icons/icon7.gif

So if someone installs Dom II both at work and at home, are they suddenly going to not be able to play? How about if they are goofing off at work, and their wife or kid starts playing on the installation at home at the same time?

What are the rules for authorized use of one copy of the game?

PvK

I think it gets flagged if Dom finds it playing with itself (boy that sounds bad) same CD-key from different computers.

But servers dont check (obviously or I couldnt play in a game Im hosting) which lets me have a copy on my linux for hosting and a copy on windows for playing without it being considered illegal.

[ April 07, 2004, 21:53: Message edited by: Gandalf Parker ]

hmm, well I play from two different machines (since I spend half the week one place and half at another) w/out any problems.

I don't know why it would be "phoning in" a copy-protect scheme while in single-player, but it doesn't sound like spyware.

frankly, I believe the devs.

Originally posted by archaeolept:
frankly, I believe the devs. <font size="2" face="sans-serif, arial, verdana">I'm pretty sure we all do (At least I assume norfleet's Last post was sarcasm).

I'm just a privacy freak and object on basic principle.

Originally posted by Nephelim:
I'm pretty sure we all do (At least I assume norfleet's Last post was sarcasm).

I'm just a privacy freak and object on basic principle. <font size="2" face="sans-serif, arial, verdana">Over the years I have become very, very skeptical about any such claims. In my years of life, I have seen such information collection strategies become increasingly more invasive and pervasive. Just look at the web: In the old days, you could go just about anywhere, and nobody would ask you to register for something. Nowadays, you can barely even LOOK at a forum without having to register. Sure, registration is free, but they're still trying harder and harder to pry your personal data out of you, and we've had the development of spyware: Software that phones home all of your personal data you may leave lying around on your computer by stealth.

Now we have games and other programs starting to adopt this tactic. I find this a very distressing trend. Illwinter MIGHT be telling the truth, but this is inconsistent with known behaviors. I am certain I am not the only one who has considered the implications of this, and Illwinter is far from stupid: They know, and they can do it. As far as I'm concerned, can is will, and will is has. If it can be done, it already HAS been done. Do you really believe that this is the end of this? I think it has only just begun.

The line must be drawn here. Say NO to spyware in all its forms.

Originally posted by Norfleet:
Illwinter MIGHT be telling the truth, but this is inconsistent with known behaviors.<font size="2" face="sans-serif, arial, verdana">And you might be cheating in every game you host. Since you can do it, you must have already done it. There's such a thing as paranoia, and you suffer from it greatly.

They know, and they can do it. As far as I'm concerned, can is will, and will is has.<font size="2" face="sans-serif, arial, verdana">Then you must be a murderer, since you certainly "can" kill someone.

Why don't you try and not suffer from paranoid delusions so much.

Norfleet, I respect you greatly for your contributions here. However, I seriously do think you are overreacting to all of this. If you honestly believe everything you've posted in this thread, I'm amazed you allow yourself to be Online at all.

What you've said here smacks of paranoia and conspiracy theory, and to accuse a game company of it is rather humorous, I must say.

From your 'line in the sand' comment, I'm guessing (and it's only a guess) that you checked as Gandalf suggested, and probably found out that it is only a CD key. My sole concern in all of this is that it activated, as you said, on a single-player game. That could be a simple coding bug, though. I mean, we had Abysian Jotuns Last patch because of it, right?

Bottom line is, if you want to black-hole the data, I guess that's your choice. If it doesn't hurt to do it, I can think of few reasons not to do it. However, think about this. Illwinter has a right (and, in fact, a responsibility) to protect its software from piracy. Given the nature of the game, the easiest and most cost-effective method for Illwinter is to have the computers check against a server. The only real alternative is to set up dedicated servers to run MP games, and ONLY allow MP games to be played on those servers. I think, when all is said and done, Illwinter went for the best and least-intrusive method possible, within their means.

Bayushi Tasogare

Originally posted by Norfleet:
Illwinter is far from stupid: They know, and they can do it. As far as I'm concerned, can is will, and will is has. If it can be done, it already HAS been done. <font size="2" face="sans-serif, arial, verdana">Norfleet you are clearly a highly intelligent individual. The philosophy you are illustrating above plainly shows why you are an excellent wargamer, but it may be lacking in some other, more social, respects.

I have no reason to 'suspect' Illwinter for anything other than trying to protect their IP in the most innocuous manner that such a small company possibly can.

[ April 08, 2004, 01:44: Message edited by: Demosthenes ]

I spend alot of my time in the alt.hacker newsgroup (white hats). To some people, anything which "reports home" is spyware. Ive heard people who rant and race about Windows Update, or WinXP's registration to turn it on. To them there is never a good reason for such things.

While I agree that such things can be abused, and that abuses tend to shut down good things, Im not going to toss the good with the bad. There are ways to protect yourself from the overzealous without killing everything. Im all for anything that helps get Illwinter their fair share and improve the chances of a Dom3.

[ April 08, 2004, 01:54: Message edited by: Gandalf Parker ]

Originally posted by Bayushi Tasogare:
From your 'line in the sand' comment, I'm guessing (and it's only a guess) that you checked as Gandalf suggested, and probably found out that it is only a CD key.<font size="2" face="sans-serif, arial, verdana">I have not checked if it contains any MORE, but I did get an AWFUL lot of hits, some several kbs transmitted. That's far larger than the "CDkey" is. Also, I firmly suspect that CDkeys are actually individually identifiable tracking numbers: It's obvious, based on the distribution scheme of the game. Shrapnel probably has every CDkey leaving the shipping bay tracked to the individual buying it. To allow it to be correlated Online by the same source that sent them out would be suicide.

NWN and Bioware tried to pull this exact same stunt on me, although they did a better job trying to make it seem harmless. However, when I confronted them with this, their obvious and blatant denials immediately confirmed the truth of my suspicions....and unlike IW, they are definitely possessed with motive, being that they are a puppet of the evil Infogrames.

Originally posted by Demosthenes:
I have no reason to 'suspect' Illwinter for anything other than trying to protect their IP in the most innocuous manner that such a small company possibly can. <font size="2" face="sans-serif, arial, verdana">I'm absolutely sure that they may very well be trying to do so. I've done my share of programming, and you know what? The Last time I wired a "protection" method to protect *MY* IP, it was designed exactly like that, a nice phone-home verification check....and would destroy all of the files of any unauthorized user and hand over control of their shells to me if I pressed the big red button.

So I've been on their side of the fence before. I know what they're trying to do.

Originally posted by Graeme Dice:
Then you must be a murderer, since you certainly "can" kill someone.

Why don't you try and not suffer from paranoid delusions so much. <font size="2" face="sans-serif, arial, verdana">I am very much surrounded by potentially hostile people. Why do you think I've taken to the life of a hermit, wear kevlar, and travel heavily armed? It's not paranoia when they really are out to get you.

[ April 08, 2004, 02:04: Message edited by: Norfleet ]

So I've been on their side of the fence before. I know what they're trying to do.<font size="2" face="sans-serif, arial, verdana">Then we know who will have the most problem with it. Pirates or Purists, but not the average user.
That would make it a winning method from the view of the publishers.

Originally posted by Graeme Dice:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Norfleet:
Illwinter MIGHT be telling the truth, but this is inconsistent with known behaviors.<font size="2" face="sans-serif, arial, verdana">And you might be cheating in every game you host. Since you can do it, you must have already done it. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Hey! This would explain why he keeps kicking my furry arse when he hosts! And how he can afford fortresses everywhere, sometimes 3 in the same province, one on top of another! http://forum.shrapnelgames.com/images/icons/icon12.gif

Say - speaking of fortresses on top of another, what happens if a fortress is built in a province that turns out to contain a magic site fortress (River Fortress for example, or Firbolg Fortress)?

Originally posted by Norfleet:
To allow it to be correlated Online by the same source that sent them out would be suicide.<font size="2" face="sans-serif, arial, verdana">Suicide? Looks like more of your paranoid delusions .

However, when I confronted them with this, their obvious and blatant denials immediately confirmed the truth of my suspicions....<font size="2" face="sans-serif, arial, verdana">And you are confirming that you are paranoid.

So I've been on their side of the fence before. I know what they're trying to do.<font size="2" face="sans-serif, arial, verdana">No, you don't know what they are trying to do. You have paranoid delusions that everyone is out to get you.

Originally posted by Graeme Dice:
I am very much surrounded by potentially hostile people.<font size="2" face="sans-serif, arial, verdana">Bull****.

Why do you think I've taken to the life of a hermit, wear kevlar, and travel heavily armed?<font size="2" face="sans-serif, arial, verdana">Because you're paranoid.

It's not paranoia when they really are out to get you.<font size="2" face="sans-serif, arial, verdana">Thanks for confirming that you are just being paranoid.

I missed this the first time:

and would destroy all of the files of any unauthorized user and hand over control of their shells to me if I pressed the big red button.<font size="2" face="sans-serif, arial, verdana">It's nice to see that you are willing to destoy the property of others on a whim, and aren't at all concerned about whether your behaviour is illegal.

[ April 08, 2004, 02:20: Message edited by: Graeme Dice ]

Originally posted by Norfleet:
It's not paranoia when they really are out to get you. <font size="2" face="sans-serif, arial, verdana">http://forum.shrapnelgames.com/images/smilies/rolleyes.gif

Originally posted by Demosthenes:
Norfleet you are clearly a highly intelligent individual. The philosophy you are illustrating above plainly shows why you are an excellent wargamer, but it may be lacking in some other, more social, respects.<font size="2" face="sans-serif, arial, verdana">I would say that he has demonstrated little intelligence. Using a clear logical fallacy as an argument only shows that he lacks the ability to think.

Originally posted by Cainehill:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Graeme Dice:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Norfleet:
Illwinter MIGHT be telling the truth, but this is inconsistent with known behaviors.<font size="2" face="sans-serif, arial, verdana">And you might be cheating in every game you host. Since you can do it, you must have already done it. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Hey! This would explain why he keeps kicking my furry arse when he hosts! And how he can afford fortresses everywhere, sometimes 3 in the same province, one on top of another! http://forum.shrapnelgames.com/images/icons/icon12.gif

Say - speaking of fortresses on top of another, what happens if a fortress is built in a province that turns out to contain a magic site fortress (River Fortress for example, or Firbolg Fortress)? </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Off topic - Cainehill, we are starting new game now, Karan map, 6 players, could use 1 or two more. Are you interested? If so, log on dominions IRC chaneel quickly pls.

Although I can't imagine what information Illwinter would want from my computer *that I would care about*...I definitely think it is a good thing when someone out there keeps people informed so they can make their own choices about what might be harmful and what might not. I don't necessarily agree or care and I might even call it an extreme point of view, but it's still positive in a 'checks and balances' kind of way.

- Kel

Just to clear things up.

Single player is not affected by this issue at all. Using the same code on different computers is not affected at all. There is no remote control trash your computer function hidden in the game, including one such would probably be illegal. Álso the game does not send several kb's of info, just a few bytes, we have no desire to bog down our less than impressive line with bloated data packages from anonymous dom 2 players.

Graeme Dice, why are you attacking Norfleet with Posts? to me, it makes sense that he is trying to figure this dilemma out.

Originally posted by numskully:
Graeme Dice, why are you attacking Norfleet with Posts? to me, it makes sense that he is trying to figure this dilemma out. <font size="2" face="sans-serif, arial, verdana">I'm attacking him because he's not trying to figure out. He's already made up his mind that the world is out to get him.

Norfleet,

I have found your Posts to be quite helpful in the past. You have demonstrated an excellent grasp of the game and I have appreciated your gaming wisdom.

I feel very sorry for you. Your existence must be lonely and filled with the constant perception of danger. I sense isolation, mistrust, and fear in your postings in this thread. It saddens me for your sake.

I may be a naive and trusting fool, but I have found Johan Osterman and Kristoffer O to be reliable sources of information in the past. I tend to trust folks who have proven themselves trustworthy in the past and distrust people who have proven themselves to be untrustworthy. That's my paradigm and it leads me to feel secure, happy, connected, and unafraid. Yes, occasionally I may be hurt when someone I trusted betrays me, but I survive... and I enjoy life. You may be safe and protected on your island of mistrust and persectory delusion, but at what cost? Your paradigm of "If they can hurt me, they will hurt me" stems from a sense that you are too fragile to bear the hurt.

Rather than having the ultimate defenses and being completely "safe," why not strive to be resilient enough that you would allow yourself to take reasonable risks? Allow yourself to be vulnerable if the benefits outweigh the risk. For example, I might find someone attractive and want to approach them, but I fear they might reject me. With your worldview, I never introduce myself. If I open myself to that person, I could get hurt or betrayed. Much better to stay where I am, safe and alone... I urge your to instead embrace life and take reasonable, calculated risks. You may get hurt, get your heart broken or even lose some privacy from time to time, but the rewards far outweigh risks.

I hope you can hear and understand the wisdom I try to give you.

With Great Respect,

Inigo

Graeme Dice: you should be a lawyer, you could disprove character quick

where were you when OJ was in trail?

Originally posted by Cainehill:
Hey! This would explain why he keeps kicking my furry arse when he hosts!<font size="2" face="sans-serif, arial, verdana">I don't host. I arrange hosting with a third party. I'm mildly concerned with the consequences of leaving a funny app running constantly where everyone knows about it. Somebody else's computer is much safer and more expendable. http://forum.shrapnelgames.com/images/icons/icon7.gif

Say - speaking of fortresses on top of another, what happens if a fortress is built in a province that turns out to contain a magic site fortress (River Fortress for example, or Firbolg Fortress)? <font size="2" face="sans-serif, arial, verdana">You keep your built fortress. The magic site fortress only appears if you did not have a previously existing fortress.

Originally posted by Inigo Montoya:
I tend to trust folks who have proven themselves trustworthy in the past and distrust people who have proven themselves to be untrustworthy. <font size="2" face="sans-serif, arial, verdana">It is paradoxically the case that the untrustworthy are safer than those you feel are trustworthy. The untrustworthy have demonstrated their untrustworthiness to you already, whereas those who appear trustworthy may simply be attempting to gain your trust so as to better betray you in the future. Knowing the motivations behind somebody's allegiance is always better, of course, but I favor the devil I know over the devil I do not.

Originally posted by Inigo Montoya:
For example, I might find someone attractive and want to approach them, but I fear they might reject me.<font size="2" face="sans-serif, arial, verdana">I find that I'm usually the one doing the rejecting, being that I am a man of exacting standards, but I see the point. Nonetheless, you should always wear body armor.

Rather than having the ultimate defenses and being completely "safe," why not strive to be resilient enough that you would allow yourself to take reasonable risks? Allow yourself to be vulnerable if the benefits outweigh the risk.<font size="2" face="sans-serif, arial, verdana">An Arab proverb states, "Trust in Allah, but tie your camel." I tried experimenting with that advice once. Just to be on the safe side, I wore body armor. It paid off in very nicely when he proceeded to shoot me in the back. As the saying goes, it is better to be perpetually suspicious than occasionally cheated.

[ April 08, 2004, 05:03: Message edited by: Norfleet ]

Originally posted by Norfleet:
[QUOTE]It is paradoxically the case that the untrustworthy are safer than those you feel are trustworthy. The untrustworthy have demonstrated their untrustworthiness to you already, whereas those who appear trustworthy may simply be attempting to gain your trust so as to better betray you in the future. Knowing the motivations behind somebody's allegiance is always better, of course, but I favor the devil I know over the devil I do not.<font size="2" face="sans-serif, arial, verdana">I disagree. Let's say I'm thinking of leaving my child with a babysitter for the night. You would select the pedophile with the known track record for being untrustworthy with children because you know his motivations are to molest your child. I, on the other hand, would select my mother. You are certainly right, my mother could have been waiting all these years pretending to love me, but secretly harbouring devious motivations. But when I weigh the risks, the individual who has proven himself to be untrustworthy is not as you put it, "safer." You can leave your child with the pedophile, but I don't see how you think you are safer doing so.

Originally posted by Inigo Montoya:
But when I weigh the risks, the individual who has proven himself to be untrustworthy is not as you put it, "safer." You can leave your child with the pedophile, but I don't see how you think you are safer doing so. <font size="2" face="sans-serif, arial, verdana">Certainly he is. You know for certain he is a pedophile, so you absolutely do not leave your children with him. His state is known to you. Somebody else, on the other hand, COULD be a pedophile, but you do not KNOW this. His known untrustworthiness allows you to react appropriately with an informed decision. Knowledge of his motivations, furthermore, allows you to manipulate him using these motivations. A "trustworthy" individual whose motives are less well known is much harder to control.

[ April 08, 2004, 05:25: Message edited by: Norfleet ]

There is no need to get personal or drag pedophilia into a discussion. The question was posed, in however ungainly a manner and it was answered and cleared. I hope anyone who reads through this thread at least gets the facts straight.

No Illwinter is not using Spyware, they are using a tracking system for Multiplayer games to prevent piracy. They have every right and should use every measure they have at their disposal to combat it as it is their product that is being pirated, not yours. (though it may well be if you let your CD-Key slip). If you are playing SP there is no reason to worry about any sort of tracking measures.

Whatever your personal feelings of internet or life paranoia, tracking, piracy, should be, could be, would be, please don't try to drag IW's protection of their property into that perception.

Originally posted by Graeme Dice:
It's nice to see that you are willing to destoy the property of others on a whim, and aren't at all concerned about whether your behaviour is illegal. <font size="2" face="sans-serif, arial, verdana">Well, those who would take what is mine have it coming. It is better to destroy everything you own than allow it to be taken from you by the enemy.

Originally posted by Norfleet:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Graeme Dice:
It's nice to see that you are willing to destoy the property of others on a whim, and aren't at all concerned about whether your behaviour is illegal. <font size="2" face="sans-serif, arial, verdana">Well, those who would take what is mine have it coming. It is better to destroy everything you own than allow it to be taken from you by the enemy. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">You might want to make sure that your statements apply to the things you are talking about. There's a world of difference between destroying things you own, and destroying things other people own, which is illegal and immoral. Excuse me if I don't have much respect for someone who's admitted that they don't respect the property of others.

Originally posted by Graeme Dice:
There's a world of difference between destroying things you own, and destroying things other people own, which is illegal and immoral. Excuse me if I don't have much respect for someone who's admitted that they don't respect the property of others. <font size="2" face="sans-serif, arial, verdana">There is, of course, a minor point: The property in question is entirely mine, the code in question never intended for distribution. As such, any unauthorized individual found to be running it is automatically the enemy, having stolen it from me, and deserves his fate. Destruction of stolen item was deemed to be of paramount importance, and all else was deemed collateral damage. Being that the damage was inflicted upon those also complicit, I see nothing wrong with this.

Illwinter, perhaps, would not do exactly that, as the PR gained from destroying a user's computer would not really benefit them much, but I wouldn't be surprised at all if they covertly gathered information for other commercial uses, or attempted to take control of your computer's resources to sell them off to others. Such behaviors ARE known to occur, and somebody pointed out, the target tends to be the average user, who will not notice the resource drain and data theft.

Originally posted by Zen:
...
They have every right and should use every measure they have at their disposal to combat it as it is their product that is being pirated, not yours.
<font size="2" face="sans-serif, arial, verdana">No, perhaps they have the right to use every measure for which there is not a good reason they shouldn't. Protecting a product doesn't give carte blanche. Moreover, what the customers do have is their own computer, private information, and Internet access. Software vendors do not, I think, have the right to materially misrepresent what their software does, nor to use their customers' computers for whatever they feel like. I tend to think that if a program is going to "phone home" that it should be explained to the user what it's going to do, and the user should be allowed to refuse permission, without having to bring in their own third-party software to find out about it and stop it.

Now, what would be completely reasonable, would be to make a program which explains a "phone home" check is required to use whatever features, and then to obtain permission before doing so. This protects both the product from piracy, and the user's computer and Internet connection from unauthorized use. Of course, people can still suspect software of doing other stuff than it says it does, but generally those white hack hacker types will notice quickly if it does, and in that case the company responsible should be held accountable.

I know I won't ever buy Turbo Tax again after they included a hidden install of such stuff without telling.

I also have plenty of good faith in Illwinter, and don't think there's a real problem in this case. However in principle I think the program should explain and ask permission up front before phoning home.

PvK

Let me see if I understand this. I'm probably not as computer-savy as the rest of you and I'm not a conspiracy theorist. But something here doesn't add up.

If Norfleet is correct, the new patch...and I'm still quite happy with 2.06...gets in touch with either an Illwinter or Shrapnel server...looks like Illwinter from Gandalf's Posts...whether in SP or in MP mode.

Yet Kristoffer O posted:

Gandalf is right. It's a multiplayer CD-key check. Nothing more, nothing less.

<font size="2" face="sans-serif, arial, verdana">If it's a MP CD-key check, why is it contacting another server in SP mode? Or is this a "bug?"

I for one would have nothing against a subroutine that contacted a vendor server prior to playing a MP game to verify there are independent copies of the game playing in MP mode. But...correct me if I'm wrong...it's doing it in SP mode too?

I'm amazed that this otherwise friendly atmopshere has come down to personal attacks between posters.

Anyway, I still think that this CD check is useless.
Why?

For every major game out there you will find a download spot and the appropriate crack to make it work. By now, Dominions 2 played in a minor league, consisting of fans willing to pay money for the game.
This might have changed with increasing popularity, and I wonder how long it will take until you can find a "non Spyware" starting exe for dominions that simply skips the part where the data is send.
If you really want to play dominions 2 without buying it, this method wont stop you. It will, however, annoy those Users who bought dominions 2.

I personally dont care about this, but I can see Norfleets point to a certain degree

Originally posted by PvK:
However in principle I think the program should explain and ask permission up front before phoning home.

PvK <font size="2" face="sans-serif, arial, verdana">Good point.

I do not really have a problem with applications phoning home... Assuming I have been told about it and have accepted it. What is unacceptable to me is applications taking over my (supposedly) secure connection for their own purposes without ever alerting me to the fact.

A crack check with keys vs a known server? Fine, assuming I have been informed that it will happen.

In the long run it is possibly going to be more annoying for a few of those who have bought their games as keys are stolen/reverse-engineered and they get Banned, but for that to become a problem, it requires a lot of players playing the game in the first case [hopefully most of them paying], so from a software developers' point of view it is an acceptable loss.

[I still remember the great annoyance of being unable to play Counterstrike MP with the provided keys because they had been hacked]

Bottom line? Do not use my connection for your own purposes without telling me up front.

Originally posted by PrinzMegaherz:
For every major game out there you will find a download spot and the appropriate crack to make it work. By now, Dominions 2 played in a minor league, consisting of fans willing to pay money for the game.<font size="2" face="sans-serif, arial, verdana">This is heard in every such discussion. It doesnt stop it so why bother. That can be said of any law and punishment. However, stopping it isnt the complete purpose. If it was then it would be a total bummer to anyone that tried.

The effort is to make it as hard as possible for as many as possible for as long as possible. In the case of pirating its not really the pirates that are the targets. Its the good honest citizens who wouldnt stop to think of it as stealing if they could give a copy to a friend. Its referred to as "casual copiers" in the software world. Thats the target of protection schemes with real pirates being a fun side-game. Of course that has to be balanced against how much trouble it puts to the honest buyer. All such protections have some problems.

Companies FAR larger than Illwinter and Shrapnel (no offense guys) have looked at this. Not just game companies but all software companies. Business people with college degrees who work in nothing but hard numbers have set the guidelines. We should be happy that in this case its being decided by people who happen to love gaming since they obviously didnt go for the recommended extremes but preferred something more user friendly. Believe me the extremes are available without having to program them from scratch. You can buy them and add them just like the compression programs and installers they use.

Originally posted by Norfleet:
As the saying goes, it is better to be perpetually suspicious than occasionally cheated. <font size="2" face="sans-serif, arial, verdana">Is that really your point of view?

I much, much prefer to be occasionally cheated, if it allows me to live a simpler, quieter life.

I don't drive a card, but I do ride a bike to work, occasionally. Then I have to make a choice, whether to "simply" lock my bike outside the building I work in, or take more drastic measures and take my bike to my office so I can keep an eye on it.

I would never choose to take my bike into my office, simply because it's way too much trouble. I leave it outside, with a reasonable lock on it, and if someone really wants to steal it, I lose a bike. But I believe that's acceptable risk for all the times I don't have to bother taking my bike in, with the associated trouble of not leaving mud all over the place, and so on.

Of course, if the stakes were much higher, I might get worried. But my bike isn't a very fancy one, and that's a significant part of it.

Originally posted by Kristoffer O:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by PvK:
However in principle I think the program should explain and ask permission up front before phoning home.

PvK <font size="2" face="sans-serif, arial, verdana">Good point. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">If it was "opt in" as in a button you have to push saying you agree to having it phone home before you can play a multiplayer game then it will still may noise. People will come here saying they baught a game THEN found out they have to be willing to allow this. Maybe fewer complaints, Im not sure.

[ April 08, 2004, 13:25: Message edited by: Gandalf Parker ]

Originally posted by Norfleet:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Graeme Dice:
There's a world of difference between destroying things you own, and destroying things other people own, which is illegal and immoral. Excuse me if I don't have much respect for someone who's admitted that they don't respect the property of others. <font size="2" face="sans-serif, arial, verdana">There is, of course, a minor point: The property in question is entirely mine, the code in question never intended for distribution. As such, any unauthorized individual found to be running it is automatically the enemy, having stolen it from me, and deserves his fate. Destruction of stolen item was deemed to be of paramount importance, and all else was deemed collateral damage. Being that the damage was inflicted upon those also complicit, I see nothing wrong with this.
</font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Someone stealing your stuff doesn't entitle you to steal theirs, or destroy it. This looks more and more like vengeance, and less and less like justice - and the two have nothing to do with each other.

I'm also worried about your use of the word "enemy" in this context.

Originally posted by Norfleet:
There is, of course, a minor point: The property in question is entirely mine, the code in question never intended for distribution.<font size="2" face="sans-serif, arial, verdana">Wrong. Like I expected, you are continuing to ignore the fact that you were also planning to destroy the user's other files.

As such, any unauthorized individual found to be running it is automatically the enemy, having stolen it from me, and deserves his fate. Destruction of stolen item was deemed to be of paramount importance, and all else was deemed collateral damage. Being that the damage was inflicted upon those also complicit, I see nothing wrong with this.<font size="2" face="sans-serif, arial, verdana">Well, you wouldn't, but that's because you have no morals to speak of, and have demonstrated that your maturity level is less than that of a 15 year old.

Originally posted by Graeme Dice:
Wrong. Like I expected, you are continuing to ignore the fact that you were also planning to destroy the user's other files.<font size="2" face="sans-serif, arial, verdana">Clearly, you don't understand the concept. This is no different from wiring your own car with explosives and setting it such that if an unauthorized person attempts to remove it from the garage, it will explode. It's your car, you can do what you please with it, and it will be entirely the fault of whoever steals it for swiping something that will bring him harm.

Well, you wouldn't, but that's because you have no morals to speak of, and have demonstrated that your maturity level is less than that of a 15 year old. <font size="2" face="sans-serif, arial, verdana">This is an irrelevant bit of sophistry. Clearly, you don't understand the concept of deterrence and object lessons: I only had to do this ONCE, and immediately everyone who heard of it was intimidated into NEVER DOING IT AGAIN. I call this results. You may not be familiar with the background on the matter, but in the community where this occurred, the vast majority have taken my side on the issue.

Furthermore, this morality you speak of is entirely a human construct, and appears to be entirely a product of Judeo-Christianity. Being that I have never Subscribed to this, I simply don't believe in it. I have my own code, which may or may not mesh entirely with yours, and I follow it to the letter.

[ April 08, 2004, 14:21: Message edited by: Norfleet ]

I am more inclined to sharing Norfleet's point(s), here, although my main concern is that there hasn't been anything in the ToS about data privacy. For all I know, Illwinter could grab my CD-key and sell it again because of a personal dislike or some strange buisiness scheme. Since this key is acquired on another way apart from the purchase registry, it's basically theirs to do with whatever they want.
At least MS and game companies have you sign these things noone ever reads through anyway. I don't remember clicking "yes" on anything like that by installing Dom2.

I like Illwinter, and I'd like to trust them, but in a world full of Microsofts and Blizzards, trust is a very hard thing to earn by any company who does undocumented things in a patch.

Send me a kevlar vest, Norfleet. http://forum.shrapnelgames.com/images/icons/icon7.gif

Clearly, you don't understand the concept. This is no different from wiring your own car with explosives and setting it such that if an unauthorized person attempts to remove it from the garage, it will explode. It's your car, you can do what you please with it, and it will be entirely the fault of whoever steals it for swiping something that will bring him harm. <font size="2" face="sans-serif, arial, verdana">Just so you know -- while this may be true according to the laws of your own personal morality, it's illegal according to criminal code at least within the United States and the U.K. Sadly, I can't claim any knowledge for any other countries where you might reside, so if this isn't helpful for your particular situation, my apologies. I thought it might be best to give you the heads-up in case your own Mustang was in fact wired to blow. http://forum.shrapnelgames.com/images/icons/icon7.gif

That said, I'm not sure that this thread is serving any productive purpose at this point. Most people disagree with the intensity of Norfleet's violent reaction. Some other forumers don't. Can't we just leave it at that?

I read in my law text that booby-traps are illegal in the U.S. And also fatal car alarms.

The case they sited was this fellow in Chicago who had a shotgun wired to the front door so that it went off if someone kicked in his front door. It went off and killed some kid trying to rob his place and he was tried for murder.

I saw the system they have in South Africa. There is the one that shoots flames up the side of the car at the press of a footswitch. Frys the carjacker. And I think they have one with a fatal tazer also if you try to steal the car. Neat ideas and a great short term fix but their use would be on VERY ethically and morally shakey ground.

It's a pretty big debate and by no means settled. I'm sure there will be good points for either side as time goes on.

I'm not too keen about information being passed from my machine without being asked. That's a general principle. Therefore I welcome that someone points a finger to a possible problem.
The way that has been done is not of my liking, but who cares. IW has my respect, and so far my trust - I see no reason why they should harm their benefactors (customers), especially since it seems so easy to attack other pc's without needing to sell a product first..

Originally posted by Norfleet:
[QUOTE] but in the community where this occurred, the vast majority have taken my side on the issue.<font size="2" face="sans-serif, arial, verdana">Nice community. Probably well versed in (software)piracy. (This is not an accusation.)

Originally posted by Norfleet:
[QUOTE]I have my own code, which may or may not mesh entirely with yours, and I follow it to the letter. <font size="2" face="sans-serif, arial, verdana">So if you do something that brakes with "my" code and I act accordingly, whatever I do is OK with you? Cool. Anyway, I see why you prefer playing Ermor in MP.

Originally posted by Miguel Duran:
Just so you know -- while this may be true according to the laws of your own personal morality, it's illegal according to criminal code at least within the United States and the U.K. <font size="2" face="sans-serif, arial, verdana">It is a sad fact of the messed-up world we live in that laws are passed that protect criminals at the expense of honest citizens. Things like this have more or less destroyed my faith in the legal system: I no longer believe it is effective or meaningful, and as such, if you want results, you'll usually have to take it up privately. Such is life. You may disagree with this, but the next time your house is being robbed, call the police, and then order a pizza. At least you'll be well-fed by the time help arrives.

Originally posted by Tricon:
So if you do something that brakes with "my" code and I act accordingly, whatever I do is OK with you? Cool. Anyway, I see why you prefer playing Ermor in MP. <font size="2" face="sans-serif, arial, verdana">I'm sorry, that didn't make any sense and I fail to see the relevance. Come again?

I assumed that since you have your own codes which you follow and obviously respect, you 'ld not object on others doing the same (with their own codes).

To overemphasize I mean that if somebody shoots you (or a loved one) because you (or said loved one) have crossed the front lawn of somebody without his consent, you'ld still be a happy camper. Clear?

Illwinter has been following this thread but they are headed out of town and wont be back till about Monday. The impression I get is that the reaction to this has been kindof a surprise. It is a fairly common practice now and considered not as effective but nicer to the Users than the various other schemes available.

Although I think that most of the biggies that do this have a page full of text you have to read and agree to (full of too much legal junk for anyone to bother reading) which basically ends up with "you already said it was OK".

[ April 08, 2004, 15:59: Message edited by: Gandalf Parker ]

Originally posted by Gandalf Parker:
Illwinter has been following this thread but they are headed out of town and wont be back till about Monday. The impression I get is that the reaction to this has been kindof a surprise. <font size="2" face="sans-serif, arial, verdana">Which I find both surprising and not surprising. http://forum.shrapnelgames.com/images/icons/icon7.gif

OT1H, I'm not surprised, cause many programmers/software designers are clueless about security and privacy matters. Or they figure nobody will notice or care (which is part of the cluelessness http://forum.shrapnelgames.com/images/icons/icon7.gif ).

OTOH, I thought the Europeans had much more enthusiastic privacy laws than we (Americans) do, so I'm surprised they would have been clueless.

I sympathize with both sides of this discussion. Illwinter doesn't want to get ripped off (and we don't want them to!). Private individuals don't want to be spied on. Coming up with things that do both is hard.

Originally posted by Evil Dave:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Gandalf Parker:
Illwinter has been following this thread but they are headed out of town and wont be back till about Monday. The impression I get is that the reaction to this has been kindof a surprise. <font size="2" face="sans-serif, arial, verdana">Which I find both surprising and not surprising. http://forum.shrapnelgames.com/images/icons/icon7.gif

OT1H, I'm not surprised, cause many programmers/software designers are clueless about security and privacy matters. Or they figure nobody will notice or care (which is part of the cluelessness http://forum.shrapnelgames.com/images/icons/icon7.gif ). </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">I wouldnt word it as clueless. Its a common enough thing and they dont strike me as people who would have been all that concerned when it was done by other programs on their machine. Unless you hang in certain newsGroups you dont tend to notice. In the comp.sys.ibm.pc.games.strategic newsgroup where Dom2 gets alot of coverage, such subjects dont get alot of discussion. Nor the rpg, action, flight-sim, war-history, etc etc.

On the other hand in the hacker Groups which I haunt then it does. Just as it does in cracker and warez Groups. Unless someone spends some time there it wouldnt seem like a major topic.

I sympathize with both sides of this discussion. Illwinter doesn't want to get ripped off (and we don't want them to!). Private individuals don't want to be spied on. Coming up with things that do both is hard. <font size="2" face="sans-serif, arial, verdana">I understand hating spyware, and being concerned about it. When this was first brought up I was very interested in what Illwinters comments would be. But now that they have answered I dont consider this spyware. Every programmer would like to have the program send info home on its useage and problems (Ive been there) but I get the impression that Illwinter purposely didnt do that. All this does is a key check of its own software. I have trouble considering that to be in the Category of "spying".

[ April 08, 2004, 16:52: Message edited by: Gandalf Parker ]

Originally posted by Gandalf Parker:
All this does is a key check of its own software. I have trouble considering that to be in the Category of "spying". <font size="2" face="sans-serif, arial, verdana">It is taking over the user's hardware for purposes of reporting home without the Users knowledge or consent. No matter how miniscule the amount of data sent home, that is spying.

Not malicious spying, perhaps, but spying nevertheless.

The fact that a lot of other programs also do it without notifiying the user is not an excuse.... Though it may be an explanation.

[ April 08, 2004, 17:07: Message edited by: Peter Ebbesen ]

Originally posted by Peter Ebbesen:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Gandalf Parker:
All this does is a key check of its own software. I have trouble considering that to be in the Category of "spying". <font size="2" face="sans-serif, arial, verdana">It is taking over the user's hardware for purposes of reporting home without the Users knowledge or consent. No matter how miniscule the amount of data sent home, that is spying.</font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">No I cant go with that definition. Sounds good enough but Ive never seen spyware defined that way except in some extreme Groups.

In the usenet newsGroups we usually use the definitions given by Wikipedia, or in the hacker newsGroups the definitions given in the Jargon File, as being "official" for purposes of discussion.
Here are both....
http://en.wikipedia.org/wiki/Spyware
http://www.alt-hacker.org/~noadle/jargon-4.4.4/html/S/spyware.html

I have checked and I see no evidence that anything is being sent which isnt already Illwinters. No snooping info.

[ April 08, 2004, 17:20: Message edited by: Gandalf Parker ]

Originally posted by Gandalf Parker:
Every programmer would like to have the program send info home on its useage and problems (Ive been there) but I get the impression that Illwinter purposely didnt do that. All this does is a key check of its own software. I have trouble considering that to be in the Category of "spying". <font size="2" face="sans-serif, arial, verdana">Yeah, I phrased that badly. I didn't mean to imply that key checking was spying -- it was more a generic concern.

'Course, they also get an IP address, which may be of more concern to some people. For example, I have a vanity domain, and my Dom2 machine is in that domain. It wouldn't be hard to imagine Bad Guys (not Illwinter) could take that IP address, notice that it didn't belong to an ISP, conclude that it was private, and decide to hassle the owner listed in the whois databases, which gets them not only a name, but a mailing address and phone number. Just what spammers and marketroids want -- a real name, address, and some demographic info: plays computer games (subtype strategy), has a vanity domain; probably a geek.

But I don't usually worry about that sorta thing. http://forum.shrapnelgames.com/images/icons/icon7.gif

Keeping track of usage is another issue, at least in some contexts. My employers worry about that kind of thing, cause it could reveal information useful to our competitors. I kinda doubt I'd care, but I'm not sure.

Hi All:

Deep breaths. We aren't and Illwinter isn't spying on you. Shrapnel Games does not keep track of CD keys by individual buying the game. Hell, we sell around 25% through distribution, so we couldn't do this - at least on those 25%. Obviously some of you think we have more time on our hands than we actually do.

Shrapnel Games was unaware that this was happening, and there should be a request to connect or at least a disclaimer that this is going to happen. This will be corrected in the coming weeks. In the meantime, if it upsets you as is, don't download and install the patch. Wait until we remedy the problem.

I apologize for any inconvenience or concern this has caused. I think most of us know that Illwinter's intentions are only to protect their intellectual property rights. With popular games being priated at a rate of 5x to 10x sales volume, you can see the concern is justified.

Happy Gaming!