• ramble81
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    That brings up a good point. If they were smart they’d encrypt the fingerprint payload so it can’t be easily spoofed. However, I thought I read that this was going to apply to already existing games. So short of the developers (laughably) issuing an update for existing games, how are they going track installs of older games? And that’s probably easier to target for the lulz.

    • chameleon@kbin.social
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Unity aren’t exactly in the DRM business, and there is really no chance they’re going to do something silly like licensing Denuvo for every single one of their clients just to obfuscate a piece of analytics code designed to make them money; stuff’s far more expensive than what they’d earn from it. They’re not going to build something remotely Denuvo-like, the best you can hope for is obfuscation that only has to be cracked once that gets cracked in days.

      My guess is they’re not even going to bother doing HWID-ish nonsense and will just hope that identifiers from the previous install hang around, which will often be the case on Windows PC anyhow (a little more complicated on other OSes). Hitting the uninstall and reinstall buttons in Steam doesn’t do much other than deleting the game’s files and re-running redistributable installers the first time you play the game.

      But on Android/iOS where this is really targeted at, that approach simply doesn’t work. The only stable thing apps can get across a reinstall is the AAID/IDFA advertising identifiers and that can be turned off or changed at will. Either Unity has found a novel solution (which is a one way trip to Apple’s shitlist) or they’re just bullshitting this change to appease the population while not actually changing anything. Since they did their prep work so badly that they couldn’t even answer whether app updates would count, my money’s on the latter.

      • grinde@programming.dev
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        Last year Unity merged with ironSource - a “mobile monetization and distribution” company that was once blacklisted by Microsoft for developing and distributing actual malware. I’d assume the tracking is done via a product brought over from that side of the business.

      • greenskye
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        If they do roll it out, there will be a vested interest in actually abusing it purely to highlight the absurdity. The legal fees alone from a company fighting the charges would negate a vast amount of any potential profit.

        Which means they’ll probably drop ‘excessive’ install charges from anyone they think can actually take them to court and will instead focus on gouging smaller companies that can’t fight back.

    • RonSijm@programming.dev
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      well sure, they would probably encrypt the payload, but they’d still have to add the encryption code / key in there to be able to do that.

      It wouldn’t be as easy as just finding the correct url and calling it loads of times, but someone cracking the game would already be deobfuscating and reverse engineering the code anyways patch out the DRM.

      So figuring out how Unity “calls home” and replicating it can’t be too complicated