sc_neo

There is at the minimum at least one fraud scenario where i see a repeated online verification (at least for a couple of weeks or months, like a karma system) as the only way of protection. Buying modules with stolen creditcard details and setting up a new DCS account, or if a scammer buys one of these anonymous prepaid creditcards and uses that in combinaton with paypal or such to buy DCS modules and after activating the DCS module books the money back. With the onetime activation he's easily gotten himself a free copy of whatever module he desired, without the need to sniff out someone elses account or email data. This is might be the scenario ED is confronted atm with the starforce system. What might work though, is a kind of karma system (or 'good standing' system) where a new customer has his modules repeatedly verified by internet over the first 30 - 180 days or something (depending for howlong a creditcard fraud claim is valid). Thus once the financial transaction is finally through and ED and 3rd devs. have gotten paid, the repeated online verification is lifted and only happens when you actually go online and/or update. By the way, the most common scenario i often hear when accounts get stolen is due to the very owns website or companys database being hacked. I am sure some of you guys are more knowledgable than me or have first hand experience in IT or gamedevelopmen. What protection schemes do you know of that would not require repeated online verification for paying customers, but effectively protect against fraud as described above? This debate has gotten me really curious as to how a protection design in todays creditcard, paypal, instant payment world could look like!

@shagrat There you go, thats the first technical explanation (account theft) i have heard in this debate that has something going for repeated verification, which is mainly due to moving from a key-based system (which worked without issues for me by the way) to an account based system. I have not thought of account theft as an issue yet. I'd then propose an email based two-factor verification when either installing DCS or running a ''copied over'' DCS version for the first time. Is there a good reason to assume a DCS activation is transfered over to a new PC/Windows installation with simply copying over the DCS folder? That should be easy to remedy i reckon. If i understand it correctly, with the current starforece based key-system, i can essentially install and activate DCS on 10 different PCs and an additional 12 installations per year thereafter. Hence 22 installations after one year...and growing with each passing month. Is there a limit on how many activations i can have simultaneously at the moment? What could be implemented in addition is an additional password based system (with a seperate password than your normal DCS login details) inside your personal DCS store profile, where you can lock or unlock the ability to activate new installations. Hence even if someone manages to steal your account AND your email account that is used for the two-factor verification process, he'd still needed a third password. This third password would not be changeable via the same email address and require a second email address or only be changle after direct contact with ED cusomer support. I personally have installed DCS on only one compuer and have not needed to activate a seond time as of yet. Doing this two factor thing when logging in with my account on a new computer would not really bother me. Running around and jumping through hoops to online re-verify would! I'd rather accept a limitation of how many activations on different pcs/hardware configs i can have at the same time before deactivating one than having to worry about internet availability.

I still don't understand how this helps. Those that have bought modules get logged out after x days without internet connection and those that get themselves a pirated copy will not be bothered at all? If i have everything legal and dandy, calling ED support on a landline or via sattelite phone or what not to get a special unlock key makes only sense, if i own all that stuff legally, right? So why would i then have to do it at all? I still don't understand how repeated verification vs one time activation helps overcome piracy issues. Either you buy it via steam or ED store, than you have payed for it and your good. Or you download it somewhere illegally which means the internet activation requiremen has been removed althogeher i would presume. Thus, why would it be harder for pirate groups to remove protection that checks in muliple times vs one time only? Once the protection mechanism is broken it is removed i would think. We end up in a situation where he paying customer ends up with all the inconviniece and burden of proof and the freeriders laugh!

+1

Maybe add the option 'When updating the game'.

do guys think Caucasus will be the 'fullest or most detailed' map compared to NTTR and Normandy? Or will it be way better than the old one, but because its derived from the old and due to its sheer size won't be as detailed and high poly as the more recent ones?

He might refer to the AH-64 that seems to be in delevopment for TBS for quite some time now. I think it even says this on the TBS website, or i read it in one interview or heard in a podcast he was featured in.

@Moderators Will there be a detailed post outlining how and why repeated internet verification will actually help against organized groups from ''TheScene''?

It has been mentioned that even now, starforce requires you to reactivate after 30? days or such without internet connection. Is that really the case? If yes, some people should have run into that issue already although no one here has said so if i am not mistaken. By the way; i have texted my brother to ask him (hes was a judge and prosecutor in Germany) what he thinks of ''requieres internet activation'' oder ''benötigt Internetaktivierung'', as it states on the german store front, and its retroactive change to a new system. My guess is that a german court (if it ever came to this) would side with the customer here. I think if the wording is somewhat unspecific it usually is interpreted in a 'common sense' notion.

and to the community managers: thx for staying this late or long responding to our concerns.

I would rather vote 3 months or such, but 30 days should overcome most odd situations of moving to a new premises or enduring the hussle of hooking up a phone with mobile interent to verify. Longterm though, there should be a mechanism to allow for longer periods (multiple months) that you can activate via your account in the ED store or something like that. I reckon a compromise can be achieved afterall :)

I rest my case for today but would hope and recommend that ED communicate clearly, with some technical details, why and how repeated home calls vs one time verification (or on updates as well) significanly help them fight piracy and if possible back that up with some numbers and projections of reduction in pirated copies. If i feel convinced that the occasional reminder and hussle of that repeated verification leads to more resources in the longterm to make DCS an even fuller experience, i might accept the new system. Maybe you could even work out some extended grace period (3 months/6months whatever) that one can be activated in the account section on the ED store website. @Hellfire257 ...exactly my questions as well. How is that gonna help against piracy. I have read the latest Assassin's Creed hast not been cracked as of yet, and this is due to using at least three of the strongest anti-temper protections out there. But afaik not because of repeaed online verification. @159th Viper '' What is important is that this constructive discussion has highlighted a possible solution. Whether it is a feasible solution will depend on the Developers and/or the relevant DRM software utilized.'' What possible solution that was discussed here are you referring to?

Do the verification when shipping updates and let the god damn pirates be stuck on an old version if they can crack the initial verified module and have their pirate provider friends work their asses off every two weeks when a new patch is being released.

Just to be sure....is the steam version affected by this as well when you have it in offline mode? Or does steam DCS perform the same login and verification process after starting from the steam client?

So then generally speaking: can someone explain to me how repeated online verification helps against software piracy vs onetime or ''when game is being updated''? I am just asking ouf of real curiosity here. Why could a software pirate beat the onetime verification requirement but not the repeated ones?

But SithSpawn: how does a repeated online verification help combat that? If software pirates crack a DCS module, would they not defeat the verification scheme in its entirety?

By the way, if the verification was mandatory when the game is being updated, would that not be the ideal timing because during the update process the entire folder is being scannend for changed/messy files and cleaned up?

Yep, best would be a detailed post that explaines why the repeated online verification protects better against cracked/pirated versions. Because if i have to choose between something as intrusive as Denuvo or such (that is suspected of being performance hungry) and the new style i pick the latter. But, i'd like to understand how it technically is supposed to do so to get on board. I just thought of a good system as well. Remove the 3 or whatever day verification requirement and limit it to 1.) login into multiplayer (where you need contact the multiplayer master server anyway, and in case you do some direct IP connect with a friend bypassing the official lobby you obviously have internet thus the verification should work just fine) and 2.) when updating the game which necessitates being online anyway. And at the rate ED is shipping updates this would encourage people to verify like every two weeks anyway. I think that would be a compromise most people could get onboard with in a heartbeat.

@Viper ...and i would like to understand how the repeated verification actually protects ED's work? Is it not mostly so, that protection of software comes from anti temper technology as Denuvo and such that actually break functionality if altered?

''The only complication rises if you are trying to play DCS World with no internet connection for greater than three days. This is the topic we will be re-evaluating.'' First, thanks to both of you for clearing this up for us. I do understand that you want to protect your IP, but this is the very thing that i have grave concerns about. I have invested way more money inside one year on DCS than i have with any other franchise over the last 5 years. Personally, i would not feel comfortable doing so as liberally as i have up to this point with that limitation in place. I do like to entertain the idea of taking my sim with me to my little hut or Dacha (the russian folks know what i am talking about) in the woods...where i probably have no energy but g3 wifi! :) Maybe you could outline in detail how this online verification actually helps against module piracy. I would reckon that a pirated DCS module would have to overcome module verification. I would also assume that this crack would then stop, block or outright remove any need to online very. The question thus is: would the online verification make it harder to crack DCS modules than starforce now. If i come to think about the new system, it makes account sharing even simpler. Way easier to set up because you simply share login details and there's no need to send and share every key for every module and activate that seperately. Yes, you cannot exchange modules via key exchange or such. Bit this stems from binding a module to an ccount, and i would think, would not require repeated phone calls home though. I am just trying to understand what would actually be gained protection wise vis a vis starforce?

So do i understand you correctly: even if i am without internet access for 6 months, for instance, will i still be able to fly single player without issues? If i read your response correctly; DCS tries to verify when logging in or after every four days without login. DCS will not stop working if it cannot contact the verification server even if more than four days have past. The verification process is there so once DCS is able to connect to the verification server, to check whether the modules installed match up with you logged in account? If things don't match up on verification, unverifiable modules will be become inaccessable and/or other measures taken. If the systems works as i think it does after re-reading Wags response i'd be fine with it.

So how does steam's offline mode work or 'protect'? I must say i have never kept steam for weeks on end in offline mode and thus am not totally sure you could play your games for ''years'' in offline mode. If i am not mistaken, steam relies on games being protected with various anti temper/piracy mechanisms like Denuvo, Starforce or a combination there of in adition to its account scheme. So how would removing starforce but phoning home solve that issue? Additionally, i kinda feel its just wrong to display to honest paying customers a verification prompt (like you have done something wrong and need to prove you are good guy) if you are without or choose to be without internet.

@Manitu...... ist das dein eigener Warthog mit der gebogenen Verlängerung? Falls ja, ist die ein Eigenbau oder kann man die so kaufen?

Hrm, i don't like the idea of not being able to fly if i am for whatever reason without internet for a longer time. It does not pertain to me at this point, but software that stops working once your out of civilization is generally not a good idea. Is 1.5 or 2.1 ''calling home'' at the moment, even if i don't fire up ED DCS for a week or longer?

"new and improved FLIR technology"....hopefully this will be ported over to all existing modules that have the current ED tech for this!