[color=#cc0099]We’ve become aware recently of a Fallen London player who has been data mining the app to gain undisclosed information about the upcoming Election, which they have been sharing through hinted forum posts and other social media accounts.
This is unacceptable for a multitude of reasons.
Leaks like this spoil the surprises for other players, and undermines the pace of the story - particularly in quick-moving content like the Election. [/li][li]It ruins our writers’ plans and makes it less worthwhile for the team to create this type of content.[/li][li]It impedes our planned communications work for announcements and social engagement.[/li][li]Consistent misuse of data mining also makes us less inclined to maintain the mobile app. If people persist with this type of misuse, we may eventually be forced to remove the app from sale.
Actions have been taken against the current offender. This type of behaviour ruins the fun for all - players and creators. We will continue to take steps against people who engage in it, in order to ensure that the vast majority of players have the best experience possible.[/color]
WIthout trying to spoil things more, I’m going to assume that it’s as trivial to do this in the mobile app as it is in Sunless Seas. There’s a fine line to walk here, but maybe it’s worth spending some development time into storing this particular data encrypted, and un-encrypt it on start? Or is it really just the sharing that’s the problem?
I find the app less enjoyable than using the website on a mobile device. It’s way too slow to take any actions, and it invalidates all your other sessions.
I’ve never really understood why it isn’t just a wrapper that connects to the Fallen London server, perhaps while caching images as they are viewed and such. Wouldn’t that be simpler than whatever you are doing now? That would also prevent people from finding data in the app, I imagine.
Actually, if it isn’t too much to ask, could you explain why data mining is even possible? I’m curious.
But that’s an extra maintenance and development burden. Probably not a trivial one either, encryption is difficult to get right. Plus, if the app is meant to be used offline, then the encryption credentials would have to be stored in the app, so the protection would be minimal.
Sometimes you put a lock on things just to send the message that you’d prefer people not look inside, not because you think the lock will actually deter any determined person.
This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn’t to say it’s useless, but as long as the data is on the device someone will find a way to read it.
A more secure approach would be to find a way to keep time released content off the devices until it is supposed to become available. Without knowing the technical details of the app I have no idea how difficult this would be. It may also introduce some infrastructure challenges as you could end up with a rush on the servers to download the new content when the clock ticks over.
Honestly, the design of the app that allows it to run offline has always seemed rather strange to me. It’s resulted in a lot of problems (especially when it comes to player interactions) that wouldn’t have appeared if the app was just a solid mobile friendly skin over the existing server infrastructure. The web UI works on mobile but it’s kind of awkward. Between that and the marketing advantages of having the game in app stores I could have seen this being a compelling value add (or, at least, it’s something I would have found compelling).
Assuming the app is using similar tech as Sunless Sea, it will download all the game’s story content in a format which, while not particularly human readable, is readable enough that with some technical knowledge (or a lot of perseverance) you could start stitching it together. (I may or may not have spent some time digging through the Sunless Sea files after Alexis buried a now extinct clue related to a certain ambition in them.)
It’s actually a lot more complicated than for SSea, at least on iOS. The operating system won’t let you dig through app data or download it onto computers without being jailbroken.
This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn’t to say it’s useless, but as long as the data is on the device someone will find a way to read it.[/quote]
You could send the seasonal content encrypted and password-protected and send the password during the user’s first sync after some arbitrary date/time (e.g., today, for Feducci-related content), which would be robust against decompilation on rooted devices. None of this is remotely my field so I have no idea how straightforward this would be to implement, but it appears to be what, for example, EA do when you download a game before launch (cf. their FAQ).
In general, though, your point stands: ultimately, allowing users to make any progress at all between syncs means putting at least some unencrypted (or locally decryptable) game content onto their devices. Tough problem.
This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn’t to say it’s useless, but as long as the data is on the device someone will find a way to read it.[/quote]
You could send the seasonal content encrypted and password-protected and send the password during the user’s first sync after some arbitrary date/time (e.g., today, for Feducci-related content), which would be robust against decompilation on rooted devices. None of this is remotely my field so I have no idea how straightforward this would be to implement, but it appears to be what, for example, EA do when you download a game before launch (cf. their FAQ).[/quote]
That’s a good approach. Send it out locked with an AES key (or similar encryption technique) and open up the key when the event starts. Much lower server impact than keeping the content off the device entirely. Probably a similar level of difficulty as well.
I am more in favor of having a wrapper for the web version than some sort of encryption arm races, but if anything this post should deter most people from being indiscreet. At least, I assume most people who are invested enough to do any sort of digging are courteous enough. :) edited by Estelle Knoht on 6/20/2017
[quote=An Individual]
That’s a good approach. Send it out locked with an AES key (or similar encryption technique) and open up the key when the event starts. Much lower server impact than keeping the content off the device entirely. Probably a similar level of difficulty as well.[/quote]
For the record, something like this is what I had in mind, and shouldn’t be a large development burden as I’m pretty sure there’s enough out there to leverage for this.
And no, it won’t stop everyone but it will also as someone else said be a clearly posted sign post to people digging and perhaps be enough to discourage the very enthusiastic fanbase this game enjoys from sharing details. If the bar isn’t much higher than "download the apk, extract, fire up hex editor", you’re going to have people finding stuff out. If the only real problem is public sharing of knowledge, just embed a "DO NOT SHARE THIS, SEE THIS LINK FOR OUR FAN GUIDELINES" at the top and bottom of the embedded text and move along.
Personally, I enjoy using the app for mindless grinding when I’m out and about. I do Actual Story Content when I’m at home and able to properly appreciate it. It wouldn’t be the end of the world to lose the mobile app, but it’s convenient for me because I hate wasting energy.
So that post I remember reading about how someone was waiting for the Implacable Detective to announce her candidacy was due to the data mining then? Until this thread, I thought it was just someone’s wishful thinking, or an attempt to guess a candidate ahead of time.
I’m very sad that someone decided to go ahead and do that. What’s the fun in that? Whoever it was, I’m disappointed. And to Failbetter Games, please don’t be discouraged. You know us players are a bunch of patient people who are in for the thrill. Fallen London is a delightful journey to be enjoyed, and spoilers or not, we are incredibly exited about the election. I personally don’t use the app, but I guess it would be upsetting for some folk if you stopped developing it.