Powered by Jitbit .Net Forum free trial version.

Failbetter Games Community

HomeFallen London » The Bazaar

This is the place to discuss playing the game. Find tips, debate the best places to find certain items and share advice.

Data Mining in Fallen London Messages in this topic - RSS

Absintheuse
Absintheuse
Posts: 348

6/20/2017 		We’ve become aware recently of a Fallen London player who has been data mining the app to gain undisclosed information about the upcoming Election, which they have been sharing through hinted forum posts and other social media accounts.

This is unacceptable for a multitude of reasons.
  • Leaks like this spoil the surprises for other players, and undermines the pace of the story - particularly in quick-moving content like the Election.
  • It ruins our writers' plans and makes it less worthwhile for the team to create this type of content.
  • It impedes our planned communications work for announcements and social engagement.
  • Consistent misuse of data mining also makes us less inclined to maintain the mobile app. If people persist with this type of misuse, we may eventually be forced to remove the app from sale.


Actions have been taken against the current offender. This type of behaviour ruins the fun for all - players and creators. We will continue to take steps against people who engage in it, in order to ensure that the vast majority of players have the best experience possible.
+26 link
Saklad
Saklad
Posts: 528

6/20/2017 		I find the app less enjoyable than using the website on a mobile device. It’s way too slow to take any actions, and it invalidates all your other sessions.

I’ve never really understood why it isn’t just a wrapper that connects to the Fallen London server, perhaps while caching images as they are viewed and such. Wouldn’t that be simpler than whatever you are doing now? That would also prevent people from finding data in the app, I imagine.

Actually, if it isn’t too much to ask, could you explain why data mining is even possible? I’m curious.

--
Saklad5, a man of many talents
+5 link
Estelle Knoht
Estelle Knoht
Posts: 1751

6/20/2017 		I am more in favor of having a wrapper for the web version than some sort of encryption arm races, but if anything this post should deter most people from being indiscreet. At least, I assume most people who are invested enough to do any sort of digging are courteous enough. smile
edited by Estelle Knoht on 6/20/2017

--
Estelle Knoht, a juvenile, unreliable and respectable lady.
I currently do not accept any catbox, cider, suppers, calling cards or proteges.
+4 link
Spht
Spht
Posts: 11

6/20/2017 		WIthout trying to spoil things more, I'm going to assume that it's as trivial to do this in the mobile app as it is in Sunless Seas. There's a fine line to walk here, but maybe it's worth spending some development time into storing this particular data encrypted, and un-encrypt it on start? Or is it really just the sharing that's the problem?
+4 link
An Individual
An Individual
Posts: 589

6/20/2017 		Spht wrote:
WIthout trying to spoil things more, I'm going to assume that it's as trivial to do this in the mobile app as it is in Sunless Seas. There's a fine line to walk here, but maybe it's worth spending some development time into storing this particular data encrypted, and un-encrypt it on start? Or is it really just the sharing that's the problem?


This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn't to say it's useless, but as long as the data is on the device someone will find a way to read it.

A more secure approach would be to find a way to keep time released content off the devices until it is supposed to become available. Without knowing the technical details of the app I have no idea how difficult this would be. It may also introduce some infrastructure challenges as you could end up with a rush on the servers to download the new content when the clock ticks over.

Honestly, the design of the app that allows it to run offline has always seemed rather strange to me. It's resulted in a lot of problems (especially when it comes to player interactions) that wouldn't have appeared if the app was just a solid mobile friendly skin over the existing server infrastructure. The web UI works on mobile but it's kind of awkward. Between that and the marketing advantages of having the game in app stores I could have seen this being a compelling value add (or, at least, it's something I would have found compelling).

--
An Individual's Profile
The RNG giveth and the RNG taketh away.
Goat Farming or Cider Brewing? This browser extension may help.
Want a Cider sip? Please refer to this guide before requesting.
Scholaring the Correspondence? A Brief Guide to Courier's Footprint.
Contemplating Oblivion? First Steps on the Seeking Road.
Gone NORTH? Opened the gate? Throw your character in a well.
+3 link
acorncap
acorncap
Posts: 30

6/21/2017 		Personally, I enjoy using the app for mindless grinding when I'm out and about. I do Actual Story Content when I'm at home and able to properly appreciate it. It wouldn't be the end of the world to lose the mobile app, but it's convenient for me because I hate wasting energy.

--
Dr. Adelaide Capella - The Steadfast Doctor - Also a Watchful Patron
+2 link
Mr Sables
Mr Sables
Posts: 597

6/20/2017 		Huh, that's rather disheartening to hear upset

On that note, I never understood the need for an app, anyway? The website version works perfectly fine on smartphones; granted, it's a bit fiddly, but a lot of sites (including this one used for the forum) have an option to switch between a "mobile version" and a "desktop version". It always seemed to me it'd be a LOT less work for staff - and generally more convenient overall - just to have a mobile version of the site (which would probably prevent data-mining, by the sounds of it).

Granted, I'm not an app user and never use apps, and I have no idea about profit or work or what goes on behind the scenes, so it could well be a silly idea or just not a practical one . . . still, I hope this doesn't happen again, as I'm kind of a bit sad some bits have been spoiled :-/ I was looking forward to the surprise :-/
+2 link
Gallmarch
Gallmarch
Posts: 111

6/20/2017 		An Individual wrote:
Spht wrote:
WIthout trying to spoil things more, I'm going to assume that it's as trivial to do this in the mobile app as it is in Sunless Seas. There's a fine line to walk here, but maybe it's worth spending some development time into storing this particular data encrypted, and un-encrypt it on start? Or is it really just the sharing that's the problem?


This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn't to say it's useless, but as long as the data is on the device someone will find a way to read it.


You could send the seasonal content encrypted and password-protected and send the password during the user's first sync after some arbitrary date/time (e.g., today, for Feducci-related content), which would be robust against decompilation on rooted devices. None of this is remotely my field so I have no idea how straightforward this would be to implement, but it appears to be what, for example, EA do when you download a game before launch (cf. their FAQ).


In general, though, your point stands: ultimately, allowing users to make any progress at all between syncs means putting at least some unencrypted (or locally decryptable) game content onto their devices. Tough problem.

--
My profile: https://www.fallenlondon.com/profile/Gallmarch
+1 link
An Individual
An Individual
Posts: 589

6/20/2017 		Gallmarch wrote:
An Individual wrote:
Spht wrote:
WIthout trying to spoil things more, I'm going to assume that it's as trivial to do this in the mobile app as it is in Sunless Seas. There's a fine line to walk here, but maybe it's worth spending some development time into storing this particular data encrypted, and un-encrypt it on start? Or is it really just the sharing that's the problem?


This is a good idea but it only really raises the technical bar for this type of abuse. If the app can decrypt it then someone can decompile the app and figure out how to decrypt it. This isn't to say it's useless, but as long as the data is on the device someone will find a way to read it.


You could send the seasonal content encrypted and password-protected and send the password during the user's first sync after some arbitrary date/time (e.g., today, for Feducci-related content), which would be robust against decompilation on rooted devices. None of this is remotely my field so I have no idea how straightforward this would be to implement, but it appears to be what, for example, EA do when you download a game before launch (cf. their FAQ).


That's a good approach. Send it out locked with an AES key (or similar encryption technique) and open up the key when the event starts. Much lower server impact than keeping the content off the device entirely. Probably a similar level of difficulty as well.

--
An Individual's Profile
The RNG giveth and the RNG taketh away.
Goat Farming or Cider Brewing? This browser extension may help.
Want a Cider sip? Please refer to this guide before requesting.
Scholaring the Correspondence? A Brief Guide to Courier's Footprint.
Contemplating Oblivion? First Steps on the Seeking Road.
Gone NORTH? Opened the gate? Throw your character in a well.
+1 link



Powered by Jitbit Forum 8.0.2.0 © 2006-2013 Jitbit Software