To DRM or not to DRM

The first DRM scandal was related to SECUROM. There were two things people complained:

  1. the fact that SECUROM uses root-kit technology, thus making uninstalling it a matter of formatting the hard disk.
  2. the fact that games installed it without at least notifying the users.

The second DRM scandal was related to Ubisoft’s Internet connection based DRM. There were a good number of arguments brought against it, I’ll just list some:

  1. the servers themselves are a single point of failure. They might not always be online, or they might be attacked. There is no immediate failsafe measure.
  2. internet connections are not 100% reliable. If you have a wireless connection, things are even worse. Kicking the player out of the game if the connection drops is too harsh. Again, no failsafe measure.

So, naturally, everybody asked themselves the same question: to DRM, or not to DRM.

And my answer to this is, without any trace of doubt in my mind, a rock-solid, unpleasant and hard to avoid … “depends”.

If you feel cheated from a YES/NO type of answer, put your heart and emotions in the freezer and read more.

Let’s start by splitting the question into:

  • What types of games should be DRM-ed?The initial proposal is to DRM everything. But you see, once the code arrives at the player, there’s absolutely no guarantee that the game will not be cracked. Or to put it the other way around, once somebody else besides you has acces to the binary code, it will be cracked.

    You may say that “well, still, it’ll take them a while to devise a good crack”. But eventually they do. And since tough DRMs WILL (not might, WILL) hurt customers, that’s not the way to go anyway.

    What does that mean in terms of what games should be DRM-ed? Well, what I’m trying to say is that DRM and Single Player games don’t make sense. All of the game’s components are in somebody else’s hands. So, I dare say, don’t bother adding DRM to Single Player only titles. Later on I’ll mention some exceptions to this, but the main idea is “SP = No DRM”.

    If you think that this “SP = No DRM” approach will lose you money, there are plenty of examples that say you’re wrong, and that “SP = No DRM” actually works:

    humble indie bundleThe Humble Indie Bundle event made over 1.2 million USDNow that we narrowed down our range of games, we can properly address the next question:

  • How should DRM be implemented?Let’s try to negate the complaints I listed above, in a weird attempt to obtain some key features of a good DRM system:
    • do not use root-kit technology. Make it easy for the player to ditch the game from their computer.
    • have failsafes. If the DRM mechanism relies on components that can fail, have failsafes.
    • avoid the single point of failure. Strike that one out, since this kind of philosophy should be applied everywhere.

    And since we narrowed down our search to games that have an online component, here is one example of well implemented DRM:


  • GAME = DRMThe DRM system IS ALSO THE GAME. No root-kit used. No need for a failsafe, since a downed server doesn’t mean that the DRM denied you of an otherwise functional game, but it rather means no game.

    This obviously works best for MMOs. In MMOs, by the nature of the game, all customers share an important component of the game, the servers.

  • Keep a database of your customers (Steam approach)This is how Steam and the other digital distribution platforms work. They know if you bought the game or not.

    The way it works for MP game is as follow:

    • the customer enters his credentials in the Steam client
    • the customer then starts the game
    • when connecting to a game server, the game server sends the customer’s credentials to the Steam server. If they check out ok (in terms that the customer does own the game), then the customer is allowed to join.

Both approaches share some similarities:

  • the game developer/publisher has some control over a part of the game. In the case of MMOs, the game server. In case of (b), you own the master server, that ultimately decides if a player can join a game server or not.
  • the DRM mechanism is implemented using those pieces of the game. No root-kits on your PC. No hardware scan that then limits the number of instals; heck with Steam, you can install the game on an unlimited number of machines. The key here is that you are not allowed to play simultaneously on more than one.

That’s the deal. Use a server-side DRM mechanism for the multiplayer components of a game. Don’t bother do add DRM to single player games, since all the software components needed to play the game will ultimately reside on the customer’s machine.

I mentioned an exception for DRM in single player games. That exception is: add DRM (1) if you already have it developed for other games and (2) it is a trivial effort to incorporate it and (3) it is light in terms of checks (think Steam, not SECUROM).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s