Friday, May 27, 2011

78. chinese prisoners tortured in the name of gold farming

[Article first published as Chinese Prisoners Tortured for Gold Farming Operation on Blogcritics.]

Gold farming is a practice that has been going on forever. If you play any MMO you know what I’m talking about. Whether it’s in World of Warcraft, Lord of the Rings Online or any other online game you happen to frequent that requires virtual currency to obtain in-game privileges, there’s always going to be someone shilling virtual currency for real world dollars. To most players that means one of two things: (1) buying gold with little afterthought or regard to end-user license agreements or (2) someone spamming trade chat with gold offers that are easily blocked with a couple of clicks – no more than a slight annoyance to deal with and a minor inconvenience to report. That’s where it ends for most. Not many players really consider the other side of the coin (no pun intended) and see the dark side of what otherwise seems like a harmless practice providing an innocent service. A little while ago I wrote an article about how international gold farming shops could potentially be tied to criminal enterprise to try and shed a little light on the topic. What that article didn’t address was the gross human rights issues that go with it.

Recently, stories about abuse and physical torture for the sake of gold farming were reported in The Guardian. The report revolves around a former prison guard, Liu Dali (whose name has been changed for security), who spent some time in 2004 imprisoned at the Jixi labor camp in northeast China. His crime was “illegally petitioning” the government about corruption that had run rampant in his home town. After spending entire days digging trenches and breaking rocks in coal mines, he would put down the shovel and pickaxe and pick up a keyboard and mouse for his next labor shift: gold farming for hours on end. While to some that may seem like something light compared to manual labor in the mines, it’s actually worse. For this task, already being physically exhausted was accompanied by living in fear of abuse and beatings. "If I couldn't complete my work quota, they would punish me physically," Liu explained. "They would make me stand with my hands raised in the air and after I returned to my dormitory they would beat me with plastic pipes. We kept playing until we could barely see things.” This was after manufacturing seat covers for cars. And after carving chopsticks and toothpicks out of planks of wood until his hands were raw and torn. And barely being afforded the time to sleep before the next shift started.

China put restrictions on gold farming in 2009 because the trading of virtual currencies for real-world money was running out of control, and even made a case against one gamer who stole 3000rmb (about $462) worth of in-game currency. Still, it seems that China is having some trouble curtailing the activity. According to the China Internet Center, almost $2 billion worth of virtual cash was traded in 2008 just in China. This makes sense, as it’s estimated that almost 80% of the world’s gold farmers are located there. Liu’s estimates on money prisons made off of this abuse support this: "Prison bosses made more money forcing inmates to play games than they do forcing people to do manual labour," Liu said. "There were 300 prisoners forced to play games. We worked 12-hour shifts in the camp. I heard them say they could earn 5,000-6,000rmb [about $770 to $924] a day. We didn't see any of the money. The computers were never turned off."

China doesn’t just supply low-cost labor for goods manufacturing anymore, but also acts as an offshore factory for virtual goods. This in particular should give gamers some idea of where their bought gold comes from. The stereotypical idea of a Chinese sweatshop supplying you with products is bad enough on its own, but knowing that someone could have been imprisoned and tortured just so you could buy fast flying is absolutely unconscionable. Unfortunately, the practice will still go on. American gamers will keep buying the gold and gold farming will continue. The concept in general doesn’t just apply to this topic, but for everything — as long as we can buy things cheaply, no one is really going to want to know or care what made it possible. It is a clear case of “not wanting to see how the sausage is made” combined with the need for instant gratification. As this need has steadily been increasing, so must the horrible conditions increased to match them.

So hopefully players will think twice before they buy their gold with the money in their pockets, and take into consideration the potential consequences. You really need to make some cash quick in World of Warcraft? I’ve sold stacks of heavy savage leather for up to 600g on the auction house. 350g is a guaranteed sale. It won’t take you that long.

Tuesday, May 24, 2011

77. what the hell is catherine?

[Article first published as What the Heck is Catherine? on Blogcritics.]

For many months now I’ve been seeing advertisements and vague news stories about a new game called Catherine by Atlus, releasing later this year. My initial (and continued) response to it is one of “what the hell?” combined with curiosity, accompanied by guesses as to what kind of drugs the developers are on over there at team Catherine. The imagery looks like it's sampled from those weird drug-fueled dreams you have when you’re doped up on cold medicine or pain pills after any medical procedure. Oh you know what I’m talking about, don’t play that game. Strange women, trippy hazy lighting, and half-man/half-sheep creatures trying to escape some sort of towering prison grace every screenshot and teaser. Over those these many months there remains of course one tiny problem – it's all in Japanese. I have no idea what the storyline is, what the gameplay would be like, or even simply what the hell the game is about. One lone decipherable detail shines through: that Catherine is trying to bend genres into some sort of adult-romance-horror... thing.

Yes, that sounds a little odd. Fortunately, "odd" is sometimes what I'm all about, and I'm definitely interested in knowing more about this twisted tale.

For those of us on this side of the Pacific, Atlus finally unveiled the full Catherine site in English, revealing more of the story, as well as explaining what the different game modes are. The game revolves around a guy named Vincent who has been in a steady relationship with his girlfriend Katherine for five years. While struggling through that relationship he meets Catherine (see what they did there?) and is immediately attracted to her. One bad mistake in an alcohol-fueled haze and Vincent’s life is thrown into a whirlwind of indecision, sparking horrifying nightmares in his subconscious while he sleeps. It all sounds simple enough for a drama, but wait for the horror portion: this little love triangle unfolds during a series of mysterious deaths in the area. The local news is reporting that otherwise healthy men have been found dead in their beds, dying painfully in their sleep. Among rumors that these deaths are happening to men who cheat on their significant others, Vincent’s indecision begins to have him slip into insanity. TRIPPY, RIGHT? The game follows this story through two different types of gameplay. First is “Drama,” i.e. the single player story-driven game. The second is “Nightmare,” which sees a ram-horned Vincent moving blocks and solving puzzles to try to escape a tower while fending off other sheep that are fighting to stay alive.

The Catherine site has some interactive elements too, prompting a user with a question to even enter: “Can love exist without pain?” Your potential answers of “Of course!” and “No way man!” take you to slightly different versions of the site, focused on either Catherine or Katherine depending on your answer. There’s also an interactive text feature that allows you to send texts back and forth to Catherine. The site mentions to check back every day for new messages and replies from her, which again rely on choices you make, which is enough for me to be going back to the site tomorrow.

If the text feature and the first question when you first go to the site are any indicators, Catherine’s story progression is most likely going to be open and heavily dictated by choice. And if Atlus as a developer is any indicator, those choices won’t always be a basic yes/no, but probably more philosophical in nature, bordering on “what would you do” types of scenarios. Based on the art and trailers, the animation seems like it is a good balance between anime and full CG, and the music sets an appropriate dark, seductive tone for the story’s backdrop.

The game was apparently a hit when it was released back in February in Japan, so we’ll see how it does here in the US. It certainly looks like it's something different and a good change of pace from the other games that are out there. It’s available for preorder now in three forms: the standard edition, the alternate box art if you're afraid you'll be ashamed of having it on your shelf, and the “Love is Over” deluxe edition should your tastes require some additional saucy goods. The game will officially release in the US on July 26, and it should be a good time. Catherine even texted me to say so.

Friday, May 13, 2011

76. facebook's failed google smear campaign was an idea that purely zucked

[Article first published as Facebook's Google Smear Campaign Backfires with an Idea that really Zucked on Blogcritics.]

Competition in business is vicious, and that can sometimes lead companies to take what I’ll call the “low road” for the sake of winning.  It’s the same low road politicians use when running for office – instead of highlighting their own strengths they hone in on the weaknesses of a competitor and shine a nice big spotlight on it.  It’s never the fact that they do it that is irritating in itself, but the manner in which they do it that makes it repulsive.  When it goes beyond a comparison of strengths and weaknesses and crosses the line into a deliberate smear campaign, it can backlash into something opposite of what was intended, making the responsible parties now look desperate.  Weak.  And worst of all, brimming with inglorious cowardice.
In the last few days it seems that someone was employing this very tactic against Google, and whispers in Silicon Valley began to spread as to who the responsible party was.  Was it Apple or some other direct Google competitor?  This unnamed party hired Burson-Marsteller, one of the nation’s top PR firms, to feed reporters tips to investigate Google for invasions of user privacy.  Burson even tried to lure bloggers into writing stories about it, making promises that their articles would appear in big-name media outlets like Politico and The Huffington Post

Christopher Soghoian, a high-profile activist and security blogger, was one of the people contacted, but unfortunately for Burson and their unnamed client, Soghoian declined their offer after they refused to name their benefactor, and further posted the content of the email online.  Armed with this and some pressing, it was finally revealed that the culprit was none other than Facebook. 

A Facebook spokesperson admitted to hiring the PR firm, and shortly after Burson finally admitted that it was true.  As Soghoian remarks in an interview with BetaBeat, “Well I wasn’t the only one who got this pitch to write an op-ed about Google, a bunch of privacy advocates here in D.C. did… I get pitches on a daily basis, but it’s usually a company talking how great their product, so this one made me immediately suspicious, even more so when they wouldn’t reveal who they were working for.”

Facebook believes that Google is using Facebook data in its own social media constructs, and that what Google is doing raises some privacy concerns.  This all revolves around Google’s “Social Circle,” which lets Gmail users see not only their friends’ information, but also information on friends of friends, which they call “secondary connections.”  In pitches to lure bloggers and journalists into writing about Social Circle, Burson stated that “The American people must be made aware of the now immediate intrusions into their deeply personal lives Google is cataloging and broadcasting every minute of every day—without their permission."  I guess they hoped the dramatics would help.

Facebook has never been 100% immune when it comes to user privacy issues they’ve encountered and user backlash.  The whole privacy fiasco with Beacon is a perfect example.  But this is different.  This is hiring a huge PR firm with the direct intent of smearing Google and making them look like public enemy #1.  Now understand that I’m not defending Google 100% here, as they have their own privacy issues to work out, but still, I’ve yet to see them stoop this low.  And they definitely got theirs.  Facebook gave Burson a big job trying to make Facebook look victimized and at the same time tweaking the news cycle with an anti-Google shift.  Burson completely flubbed it, and now they have egg on their metaphorical face.  This is probably going to hurt Facebook in more than just the obvious ways (for those who play games, think “damage over time” instead of “burst”).

It shows that they feel they’re playing from a position of weakness.  Google’s activity in the social sphere is somehow enough for Facebook to be shaking in their boots.  Here’s Facebook, an innovator of social media, and a company that has worked itself into the very core of digital pop culture, and they’re scared enough of Google’s social activities to try to launch a below the belt pre-emptive strike?  On top of that they’ve changed the story.  Google does in fact have some privacy issues that they need to address, but guess what?  Nobody cares anymore.  The only thing this news cycle is carrying is how Facebook’s whisper campaign failed.

But it gets even better.  Burson sent a letter in to PRNewser after the fact, trying to plead their case, now in full backpedal mode.  They say that they never should have taken the job:  “Whatever the rationale, this was not at all standard operating procedure and is against our policies, and the assignment on those terms should have been declined. When talking to the media, we need to adhere to strict standards of transparency about clients, and this incident underscores the absolute importance of that principle.”  Sounds legit right?  Read through the whole thing.  Their “mea culpa” comes off as one of “We’re very sorry… that we got caught.”

Facebook’s excuse was even worse.  According to them:  “No ‘smear’ campaign was authorized or intended. Instead, we wanted third parties to verify that people did not approve of the collection and use of information from their accounts on Facebook and other services for inclusion in Google Social Circles — just as Facebook did not approve of use or collection for this purpose. We engaged Burson-Marsteller to focus attention on this issue, using publicly available information that could be independently verified by any media organization or analyst. The issues are serious and we should have presented them in a serious and transparent way.”

Slice it any way you want to.  But in the end, I’m sorry Facebook.  This idea completely zucked.

Wednesday, May 11, 2011

75. US navy develops crowdsourced MMO to sink piracy

[Article first published as US Navy Develops MMO to Fight Pirates on Blogcritics.]

Do you remember when you were a kid and your parents would tell you that just being good at video games would never amount to anything and you should really be doing your homework? Maybe back then rescuing princesses from overgrown monster turtles had no impact on life or society outside of conditioned rage against little people in mushroom hats and a grand increase in thumb dexterity. We had no idea what was coming in the next 20+ years, where the world would see gaming becoming a mainstay of the mainstream, and even a tool used for training and simulation. So we’ll let your parents slide on giving you grief for now. When I say training tools I don’t mean your company running a little seminar on the dos and don’ts of HR policies on corporate dress code. I mean large-scale simulations like those used by the American government and the military. I wrote something a while back about the US military using crowdsourcing as a viable tool in project research. In that case it was a DARPA-driven simulator to track rogue submarines called ACTUV, as well as the XC2V vehicle.

There must be a lot of positive results from this method of research, as now the United States Navy is backing a simulation project called MMOWGLI (please, no Jungle Book jokes about Baloo or King Louie). MMOWGLI (Massively Multiplayer Online War Game Leveraging the Internet) is a project that will involve over 1,000 civilian and military players to help the Navy better understand and come up with new strategies involving piracy. Don’t misunderstand – this isn’t about downloading movies from torrents, mind you, but far more serious subject matter, i.e. getting jacked on open water with automatic weapons. The game launches on May 16th this year, and is the first of its kind to test the effectiveness of combining an MMO like World of Warcraft with crowdsourcing in order to help to solve real-world problems. Larry Schutte, Director of Innovation at the Office of Naval Research says, “We hope MMOWGLI will help us to understand what happens when your insights are combined with the observations and actions of another player--will that fusion result in a game-changing idea or solution, or will the MMOWGLIplatform teach us something about our traditional thought processes?”

The original release will focus on the recent real-world issues of Somali pirates. Players will be able to choose between two sides: either members of an international anti-piracy task force or the actual pirates themselves. It’s a little deeper of a decision than “Alliance or Horde” to be sure, since this one clearly marks the “good guys” vs “the bad guys,” but you shouldn’t feel morally inferior to picking the pirates. There always needs to be at least two factions for PVP play. Task force players will have to come up with ways to safely pass commercial ships through the Horn of Africa and Gulf of Aden. This includes gauging the probability of a pirate attack, arming ships, and of course the political and financial strain associated with any sort of military action. Pirate players are tasked with circumventing the task force players’ plans and well, to put it simply, jacking their ships. Players are permitted to party up like in all MMO games to work together on humanitarian efforts, raids, and hostage rescues. Players are even allowed to get into the nitty-gritty details of hostage rescue and maximizing the efficiency of pirate attacks. This will all be tightly controlled by game masters to preserve as much realism as possible. They’ll be making sure that there aren’t any exploits that can be triggered, like the Orgrimmar secret room in WoW’sCataclysm expansion, or even someone pulling a Leeroy Jenkins and disrupting an encounter. You see, combat ships carry costs of hundreds of millions of dollars each, which I would venture is a bit more than a 70 gold virtual repair bill for your 359 epics.

The Navy has a presentation available here with a lot more information on the premise of the game, background and objectives. What they’re hoping for with MMOWGLI is “novel combinations and complex interactions of ideas” and to “encourage out of the box thinking about contemporary anti-piracy issues.” These types of insights, as is documented in their presentation, might not emerge from more traditional wargame approaches. Collective gamer intelligence, gotta love it. So do you feel like playing pirate? You can sign up for MMOWGLI here.


Tuesday, May 3, 2011

74. first PSN, now SOE: Sony, WTF?

[Article first published as First PSN, now SOE: Sony's Wounds Deepen on Blogcritics.]

I spent more time this morning checking the posting dates of the articles I was reading online than I did on taking in their contents.  It seemed to me like I had read these stories before.   I checked my network connection and made sure that I wasn’t getting cached copies of the sites I was reading, and then went back to searching for posting dates again.  Why?  Because what I was reading about was a security breach and attacks on Sony servers that could have caused user information to be compromised.  Now it was fairly early for me, so I didn’t put the pieces together right away and convince myself it wasn’t just déjà vu.  I mean I remember writing about Sony’s PSN press conference.  Or do I?  Finally reality dawned on me as the coffee kicked in and I realized that this wasn’t about the PSN.  It was SOE.

The story today is actually about Sony Online Entertainment (SOE), Sony’s online gaming arm.  Separate from the PlayStation Network, this is the part of Sony that offers MMO games like EverQuest and DC Universe Online.  As it turns out, as I was writing about Sony’s “Welcome Back” package for PSN customers, it was reported by Nikkei that about 12,700 credit card numbers were stolen in more of the digital salvo against Sony, which caused Sony to take their SOE sites offline.  Sony spokeswoman Michele Sturdivant told the Wall Street Journal that “this was not a second attack,” citing that the SOE sites were taken down as part of their ongoing investigation regarding the PSN intrusion.  It still seems to be a second attack to me regardless of that statement.  Even though the systems are similar, PSN and SOE are operated separately as distinct systems, even though they share some tech under the Sony banner.  Maybe instead we can call it a second battle in the same war.

Well my friends, that wasn’t nearly the end of it.  A press release put out there today by SOE states that personal information could have been stolen from 24.6 million accounts in addition to those taken from the PSN.  24.6 million.  To put that into perspective, that number is larger than the entire population of Australia, or about 8% of the number of people in the United States.  The account information includes general user information like names and addresses (…and hashed passwords).  In the same press release they fess up to those 12,700 stolen credit card numbers, but state that they are non-U.S. numbers from an outdated 2007 database. Also stolen were 10,700 debit cards from Austria, Germany, the Netherlands, and Spain which included bank account numbers in addition to general user information.

Sony’s already fighting to keep their PSN customer base, and is currently working on a “make good” plan for their MMOs.   Right now that means 30 days of additional time on their SOE subscriptions, with an additional day for each day the system is down and again, the promise to do better.  Their security update and customer service notification outlines similar things as the earlier PSN press release, including offering help with enrolling in identity theft protection programs, putting fraud alerts on your credit with reporting agencies, and links to the FTC’s ID theft page.

So what’s next?  Sony has found itself in all-out war after the intrusions into their gaming services.  What can they say that’s positive?  If it is any saving grace, Sony did state that the credit card numbers were transformed with a cryptographic hash, but experts at Sophos Labs point out that hashing a file doesn’t make it unbreakable.  In my role in IT, it’s amazing how many people outright tell me that they use the same password for absolutely every aspect of their online identity.  This is a fairly common practice, so getting one user’s password may in fact mean getting all of that user’s passwords.

To play devil’s advocate here for a second, Sony was also a victim in this ordeal, and was at the receiving end of intrusions that are clearly criminally malicious in their design.  It’s very easy for a lot of companies to say they’ve never been hacked because, let’s face it, they’ve never been anyone’s targets, as Sony clearly is right now.  Sony has been embroiled in some pretty public battles of late, starting with legal action with George “Geohot” Hotz and a subsequent issue with Anonymous, that have squarely thrown them into the public eye.  Combining that with some people’s scrutiny of their practices (while Microsoft is openly offering an SDK for Kinect), as well as a series of SOE layoffs in late March, there are a lot of potential culprits out there.

I never really used my PS3 much because it was just something that came as a bonus with the TV I bought, and ended up solely being my Blu-ray player for a while until I finally bought some games for it.  I don’t play online through PSN, and I don’t play anything through SOE, but those things aside, the PS3 is a good console with decent games that’s capable of doing a lot of things.  It’s sad really.  All of that was wrecked for a lot of people by what I can only call a lack of preventative security measures.  When dealing with user accounts and financial transactions, user security must be paramount.  It was possible for Sony to climb out of the PSN mess, but with the SOE problem it could be the equivalent of clawing their way back from the brink of death.  Combined with the PSN issue, the number of affected users has topped 100 million, and every single one of them are probably thinking twice about doing business with Sony again.

Monday, May 2, 2011

73. welcome back? sony's answer to the PSN fiasco

[Article first published as Welcome Back? Sony's Answer to the PSN Fiasco on Blogcritics.]

The current issues surrounding Sony’s little security problem have been fairly public, and can be considered the biggest issue in gaming to date this year.  If you’re not familiar with the PSN issues I’m talking about then I recommend checking out BC's quick primer by techbeever.  It outlines what happened, how Sony flubbed PR, and makes you wonder whether or not you should leave your PS3 in the “naughty corner” as the beever has.

It’s a fair question, really.  When the compromising of personal information is involved, it puts customer loyalty to the test, and even the continued loyalty of Sony’s core customers will be called into question.  Plugging up those security holes isn’t Sony's only problem.  They need to figure out a way to keep the customers they have, and a simple “mea culpa” just isn’t going to cut it.  Sony’s Kaz Hirai held a press conference in Tokyo yesterday to try and begin that process; offering an apology; an outline on what Sony is prepared to do to make their customers happy; and a bow, a traditional Japanese expression of apology and regret (traditionally the depth and length of time of the bow denotes severity and yesterday’s bows clocked in at 7 seconds).  There was also an accompanying press release on the PlayStation blog.

To try to beef up security, Sony has made a new position reporting directly to the CIO, called the Chief Information Security Officer, whose sole job is to manage security and countermeasures to prevent this sort of thing from happening again.  Actual new security methods put in place include more encryption; automated monitoring to protect the network from new attacks; better intrusion detection; changes in password change policies; and of course, some additional firewalls.  Also to add a little bit of spy-style secrecy, they have moved their datacenter to an undisclosed location.  Either way, I’m curious as to how a company that handles such a high volume of user transactions on a daily basis could have gone this long without someone in the CIO’s office whose only responsibility was “keep out the unwanted.”  Customers trust them with their information by signing up for the PSN.  It should have at the very least been something on Sony’s radar or part of some sort of contingency plan.

The news went on to detail what exactly they are doing to keep their customers.  As Hirai says in the press release, “… we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.”  They’ll be doing that with what they call the “Welcome Back” Appreciation Program, which is said to “be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.”  In it, they will provide the following:

  • Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
  • All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
  • Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
In addition to the free premium service, Sony is offering to assist users who opt to enroll in identity theft protection services on their own dime.  Details are unavailable right now, but will be made available soon at the regional and local level. 

So that’s what you get – free premium and Qriocity service for 30 days, the promise to do better, a re-rollout of services by as early as this week, and enrollment in an identity theft protection program.  The press release also mentions other additional service offerings to be rolled out in the next couple of weeks.
It’s the first step on a long road back.  Users may forgive, but they won’t forget anytime soon.  The timing of this attack is made even worse for Sony with the announcement of their upcoming handheld NGP device.  With a hack on this scale, this situation could possibly alienate not only current but potential customers on NGP launch day.

So what are you going to do?  Will you leave your PS3 to gather dust or give Sony another chance?