68

Reddit is all abuzz about DRM, piracy and all related topics. I don't really know much about the details in the technology here, but people were throwing around statements like these (all pulled from the same thread):

DRM would only affect pirates if everyone had to crack their game, but no, anyone can easily play these games because someone has already cracked the DRM, so it's no use at all, NO pirates have to deal with it.

My problem with DRM is that I don't see any evidence that it actually does anything to prevent piracy. [...] DRM only seems to end up inconveniencing legitimate paying customers. In some cases it's bad enough that after purchasing a game I will just go ahead and illegally download it because in doing so I'm getting a superior version.

And other similar comments can be quickly found. The basic gist seems to be that DRM is so easily bypassed by pirates that it may as well not be there. So, assuming that the purpose of DRM is to prevent pirating a game, does it work?

MrHen
  • 6,113
  • 37
  • 59
  • 7
    It can *delay* the release of a pirated version to the masses, as someone needs to obtain a copy of the game, crack it, repackage and release it. I suppose preventing a pirated version being released for even a week after the launch of a big title should cause some of those that would normally pirate to buy it. – John Lyon Jun 16 '11 at 04:13
  • While I think the question is answerable in principle, I am afraid in practice answering it reliably is very hard. Experiments are prone to various systematical biases (like releasing game with no DRM resulting in press coverage, making conditions not equal) and computing missed opportunity cost is probably even harder. – Suma Jun 16 '11 at 07:06
  • 3
    @jozzas Ubisoft declines to release sales numbers, but most people suspect that their incredibly obnoxious DRM in Assassin's Creed 2 combined with the utterly insulting way they dismissed all complaints about it as 'wannabe pirates whining that they can't steal our game' most likely cost them more actual sales than piracy ever could have. – Shadur Jun 16 '11 at 08:03
  • 19
    A quick look at the file listings of any one of a dozen torrent sites says "No" – Phoshi Jun 16 '11 at 10:26
  • 3
    DRM prevents people without technical expertise to produce copies of a game for their prevents. – Christian Jun 17 '11 at 12:44
  • 1
    Maybe I'm missing something with this question (or the spirit of this site), but it seems to me that if you want a proper, analytical response, you'd do better at [Security.SE]. – AviD Jun 19 '11 at 07:25
  • 1
    @Christian, that is true only until someone technical builds an easy packaged crack, or even the copy itself. – AviD Jun 19 '11 at 08:20
  • @AviD: Thank you. [I did so.](http://security.stackexchange.com/q/4637/2915) – MrHen Jun 19 '11 at 13:54
  • 1
    @Avid: Not everybody knows where he can get a crack online. Some people fear that they will get a virus when they download stuff from shady websites. – Christian Jun 19 '11 at 15:16
  • @Christian: these people w/o technical skills will just download such a copy from P2P. – vartec Jul 18 '11 at 21:49
  • Funny thing about DRM, is that if you get some kind of no-CD crack for your legally bought game you're committing a crime much more serious, than a guy playing same game he got from Torrent. – vartec Jul 18 '11 at 21:54
  • It can make a huge difference. I released an iPhone tweak in Cydia recently with some simple anti piracy. We got a few emails from people asking why their versions weren't working. We responded by politely responded explaining that the pirated version would not work. After about a weak I checked their IDs again, and 6 out of 7 of them went and bought a legitimate copy. Because of this we released an update that displayed a message on pirated copies explaining why their copies weren't working. This seemed to increase sales, though its hard to say by how much because the update also had other ne – Joel Jul 19 '11 at 16:57
  • I've done support and beta testing for a game company, we went with an estimated 75-90% pirated content out there for our products despite using some form of DRM on them (in our case, product keys which are checked against customer account details on installation, if your account name and password you put in in the installer didn't match the product key we'd issued the installer would terminate. Handing people the account details of course would open up yourself to those people buying stuff using your account). Our estimates ran to about a 25% loss in income from what we could have – jwenting Jul 19 '11 at 05:53

2 Answers2

105

Short answer: No.

Long answer: You need to look at the definition of "effective".

Does it accomplish the purpose of preventing people from pirating the game it protects? Sometimes. And even then, usually only briefly. As a case study, let's look at Assassin's Creed 2 by Ubisoft. According to press releases at the time they had instituted a radical new DRM method that required the player to be constantly connected to the internet to make sure their account was and remained verified, and losing connection to the authentication servers for more than thirty seconds dropped you out of the game.

Ubisoft hailed it as the ultimate anti-piracy solution and smugly dismissed everyone who complained about how it's ridiculous for a single-player game to require an internet connection or how it massively inconvenienced anyone with a spotty connection as 'whining would-be pirates'.

There was a (mostly) working crack almost before the game was good and well released, and a fully functioning one within a month. The crack was thorough enough that Ubisoft's next game using the same DRM was fully cracked within days.

Total "effectiveness" of this DRM scheme: One month of possibly limited piracy.

Negative consequences: Severely inconvenienced paying customers who needed permanent internet connections just to be able to play a single-player game; massive inconvenience when the release day instant load took the authentication servers down (Ubisoft swears up and down that it was a DDoS by said whining pirates, disregarding the fact that said pirates were the only ones at that point that could play the game); enraging a nontrivial chunk of their former customer base who have subsequently declined to buy any new Ubisoft games and instead take their money to companies that don't accuse them all of thievery.

Was this "effective"? Not unless the intended purpose was to lose business.

Don't get me wrong. I understand the publishers' dilemma -- they really would like to get paid for the games they design, create and/or publish. And I have no objection to paying them, and if they want some kind of reassurance that the people who play their games did pay for them, that's entirely reasonable. And I like digital distribution -- it means not having to spend time traveling to town and searching five different game stores only to discover that the game is completely sold out -- and I understand that said digital distribution means that asking for a word in the manual doesn't really work anymore. And far too many pirates try to justify themselves with this kind of circular logic.

On the other hand, "reasonable" efforts to check whether a game hasn't been pirated do not, in my opinion, extend to the electronic equivalent of a body cavity search every time you make a purchase at the supermarket - another notorious example is the StarForce "Copy Protection Scheme" that amounted to the equivalent of a rootkit.

(You may note that the various mouthpieces defending StarForce also all insist that everyone complaining about it are 'obviously from international piracy groups' that really are only fearmongering because of the way the awesome system completely thwarts them. It's a recurring refrain)

And the above doesn't cover the long-term problem of what happens when, say, your old install CD gets too scratchy for the CD check DRM to recognize it (happened to me with three separate games; I wound up downloading a crack for one of them, purchasing the second via Steam when it was on sale and getting the third when it appeared on GOG.com. Funny anecdote, but the game I'd downloaded the crack for always had some kind of issue with the in-game cutscenes not playing, which was cleared up by the crack as well. Score one for the pirates.) XKCD pointed out that basic problem very succinctly, and it doesn't apply to just games.

Of course, there are DRM solutions that are more acceptable -- stepping away from the purity pedestal insisting that no DRM is ever "acceptable" -- such as Steam, which not only checks just once during install, and lets you play entirely offline if that's what you want, but also serves big heaps of added value such as automatic updating, keeping track of what you bought so you can reinstall it at any time, an easy to access storefront, regular sales and a social network to sweeten the pot.

Given the way Gabe Newell is rolling in cash at the moment, you'd almost have to suspect that maybe the whole "let's not treat our customers like criminal scum" approach has something going for it. Incidentally, he had a few things to say about DRM as well.

Additionally, many "indie games" don't bother with DRM at all, or at most use a serial key -- the additional cost to develop or license a DRM solution would eat unacceptably into their profits. Again, given the popularity of a lot of these, the lack of DRM doesn't seem to have hurt their business model much.

So to summarize: In my opinion - and that of several fairly big names in the game industry as well - overly restrictive DRM does far more harm than good, especially when customers realize that they can either pay money for the game and suffer the DRM's inconveniences, or download the pirated version, play the game for free and have a better gaming experience because the DRM isn't getting on their nerves.

On the other hand, nonrestrictive DRM that adds significant value to the playing experience makes for repeat customers.

ChrisW
  • 26,552
  • 5
  • 108
  • 141
Shadur
  • 3,355
  • 2
  • 26
  • 23
  • 10
    The answer seems presenting more opinions than facts. I think it has more to do with the question, though. I do not thing the question belongs here, as factual answer is almost impossible. – Suma Jun 16 '11 at 13:31
  • 2
    @Suma: It may be more opinion than fact, but the fact is that many big names share the opinion, and there are numbers that bear it out. – Jeff Jun 16 '11 at 14:01
  • maybe its worth to add-edit in your answer, that gaming companies try to circumvent disadvantages of DRM by producing more cloud/server based games (Browsergames etc.). So pirating a game doesnt work anymore, as you need a subscription to the gaming service, the game software is more or less free contrary to DRM Game CD – Werner Schmitt Jun 16 '11 at 14:07
  • @Jeff: Big names do not impress me. Big names are often wrong. Moreover, I would probably be able to find big names which would support DRM (after all, this is why DRM is used). And even when they agree, in this case they might do it e.g. because they know they will get more press coverage this way, and the practice may be different (as you correctly write, Steam solution IS a DRM). – Suma Jun 16 '11 at 14:27
  • 7
    Great answer, +1. What I'm missing though (or I somehow overlooked it), is that DRM itself *encourages* pirates. It's like telling them "You'll never crack this product!" (and sometimes, the companies really do this...). They take that as a challenge to see if they're really beaten. – Xeo Jun 16 '11 at 15:04
  • 3
    @Suma Yes, which is why I make the distinction between (relatively) non-intrusive DRM that also provides added value (community, free backups, unlimited downloads) like Steam and draconian "customers are criminals and we have to restrict EVERYTHING" solutions like StarForce or Ubisoft's solution for AC2. I might also note that piracy of Steam games seems to be *much* less of a problem... – Shadur Jun 16 '11 at 15:11
  • If your answer would be on Stackoverflow, I would probably consider it good. However for Skeptics I find it too much opinions and too little facts. I miss some attempt to quantify DRM effectivity in an objective way, not in a way "I think/you think/it works this way". I understand it is difficult to do, but without it I do not consider it a good skeptical answer, rather an explanation of a belief/conviction. – Suma Jun 16 '11 at 15:16
  • 1
    I "acquired" Assassins Creed 2 by other methods, just because the DRM was incredibly restrictive, and I had read reports of outages. I think adding restrictive DRM to a game makes the full price game compete with a free product that is arguably a better product. – AttackingHobo Jun 16 '11 at 17:51
  • @Shadur Good answer, especially since you take into account the business- and marketing- aspects, and not just the technical ones. However, and this may also help @Suma's issue, the technical aspects *can* be properly analyzed, and you can get quantified answers - but the place for that should probably be over at [security.se]. – AviD Jun 19 '11 at 07:27
  • @AviD Good point, but the fact that a quick search of the usual bittorrent sites will quickly yield cracked versions of just about any game for any platform it was released on would indicate that in strictly technical terms the effectiveness of DRM falls far, far short of its stated goals. – Shadur Jun 19 '11 at 07:57
  • @Shadur I agree, and that does seem to be empiric evidence - but actually, it's only anecdotal, since (I assume) the implicit question hidden in the OP is "*CAN* it be effective", and not just "has it been effective in the botched implementations till now". – AviD Jun 19 '11 at 08:22
  • 1
    As a side note, mentioned GOG.com provides games **100% DRM-free** – vartec Jul 18 '11 at 21:46
  • Keep in mind that Steam will, by default, phone home to Valve on every startup and also consults Steam servers every time you press the Play button. Objectively, this almost identical to the exact same thing that EA wanted to do with Spore (require constant reactivation) except Valve has a better marketing department. Also note that Offline mode has been historically very bug-ridden, and many games have expiring tokens which mean you can only use offline mode for a period of about two weeks before needing to go online again. – Skrylar Jan 27 '15 at 13:19
  • It should be mentioned that a decade ago the situation was radically different. Games was sold in stores, and something like 80% of all sales would be within 2 weeks of release. - In that regime delaying the pirates by a month could be a huge win. – Taemyr Aug 28 '15 at 10:21
13

Short answer: We do not know for sure, but it is likely for most products some DRM is better than none.

Long answer: There were no controlled experiments done which would reliably answer this. The experiments which were done (like DRM-free product sales of old games) are not representative enough, as the product sold is different from a typical new game and even the target audience is likely to be different. There are few things to consider.

What is DRM

Anything which tries to prevent obtaining unauthorized copies of a digital product is a DRM. It may be something very simple (like a serial number) or complicated (like StarForce or SecuROM copy protection schemes).

No protection - plenty of copying

When price is high and there is nothing preventing copying, it is very likely there will be many people copying the product. The exact number varies with platform, genre and location. It is estimated around 70 % of the users for most new PC games did not buy the game (see e.g. Why Aren’t Console Piracy Rates Higher?). What is not established (and it is hard to establish) is how many of those people would buy the product if copying would not be possible.

Still I think we can formulate a following assumption: (i) by making DRM more efficient in preventing copying there will be more people who will buy the game instead of copying it.

Too much protection - reduced sales

When DRM is perceived to be too restrictive (like it was in case of EA Spore, or many StarForce protected games), it harms sales. Note: in the end it does not matter if the DRM is really restrictive or not, it is enough it is percieved as such and receives a bad publicity.

This leads to another assumption: (ii) by making DRM too restrictive there will be less people bying the game, as more of them will decide to copy it instead, or not to have it at all.

Thought experiment - finding optimum DRM

There are plenty of DRM forms, with varying efficiency and varying adverse effects for legitimate users. Generally the more successful is DRM to prevent copying, the more it is restrictive as well. If there would be a DRM which would reliably prevent making illegal copies but would present no restrictions to a legitimate user, it is likely to be very effective in increasing sales (even this is not 100 % sure, as sometimes illegal copies may actually increase sales by serving as a means to try before you buy). However let us assume now that as DRM increases efficiency, it also increases adverse effects (and often also cost of implementing DRM increases). If publisher is interesting in maximizing his profits, he needs to find optimum of the function:

  • + profits gained by people buying instead of copying (assumption (i))
  • - profits lost by people not buying (assumption (ii))
  • - cost of implementing and applying the DRM

I think it is obvious that in most cases the optimum point will lie somewhere in the middle. It is hard to establish where exactly the optimum is, but it is very unusual that it would be no DRM at all.

Summary

Some DRM causes increased profits, but as DRM becomes perceived as too much restrictive, it lessens the profits. The exact optimum varies with product and platform.

Note: I am aware assumption (i) is central and critical assumption. I doubt there are any controlled experiments done in this area, but I think it is quite safe to assume the people behavior is similar for digital products as for real products. A simple analogy: almost no store assumes people will pay "just because they want", but there is usually some kind of "anti-stealing measures", like having the cashier near the store exit, so that customers have to go around it. Such measures are not too restrictive (no shop owner is searching each customer for stolen items) and exact optimum depends on how much goods cost and how easy it is to steal them. I have yet to see a self-service jewelry store, but such arrangement is common for groceries.

Community
  • 1
Suma
  • 6,086
  • 5
  • 36
  • 57
  • 4
    Yeah, assumption 1 is critical -- and more than slightly problematic. A fairly large amount of piracy occurs by people who lack either the ability or the intent to buy the game in the first place -- kids that just can't afford $50 on the latest shooter that their peers tell them they MUST HAVE, or people who are only vaguely interested in taking a look as long as it's free. If you succeed in making it impossible for those groups to pirate the game you still have a net gain of zero extra sales... *and* you miss out on the 'yeah, that game is awesome' social effect... – Shadur Dec 21 '13 at 22:41