If you assume your users are criminals, they will be.

  • Article

A friend recently purchased for me a copy of a game, let's call it "Society III", that he knew I'd like.  I had been an avid player of Society and Society II, and Amazon was having a $9.95 special.  The game arrived in a standard manufacturer box, with a stamped official-looking CD.  It's a legit copy.

Because the game is about two years old by now, there have been a couple of patches.  Such is the way of the software lifecycle in the internet age.  After installing the game and playing around for a short while, I dutifully went to the publisher's website and downloaded the latest patch.  After installing the patch, however, I was no longer able to play the game.  Upon launching, I would get a dialog which asked me to "Please insert the Society III CD into drive C: ".

Huh?

Somehow, after the patch, the game has become confused about which drive is the CD-ROM.  Obviously, I can't put the disc into drive C:.  So I start poking around the config files.  Maybe there's a .ini that got corrupted or a registry entry.  I do find a line in society3.ini which lists the install drive, but changing that has no effect.  I am unable to convince the game to let me play without inserting a CD into my C: drive.

Now, it turns out, as with most games, that the only reason for the CD at all is to verify that you actually have the original game.  No other reason.  For performance, the whole game has been copied to the hard drive.  As with most games out there, once the game finishes the CD check, the drive goes silent, and I can even safely pop the disc out without affecting game play.  So my next course of action is where things get a bit underhanded.  I head out to my friendly neighborhood warez website (with my browser security set to maximum, of course), and find a crack for the game which removes the CD check entirely.  Just drop in the new, patched .exe, and what do you know, I can play from my hard disk without ever inserting the CD.

So what did we learn from this exercise?  Well, first of all, that copy protection software can have bugs too.  But unlike innocent glitches, when your software's self-destruct button malfunctions, your UX suffers and users get alienated.  My copy of Society III is legitimate, but to use my legitimate copy, I had to resort to shady methods which probably violate the EULA.  This game's copy protection software starts from the implicit assumption that the user is a criminal and must be stopped.  In this case, thanks to a bug in the software, it turned the user into one.