Sorry for my rushed and ill thought out post, but you have to understand, this is something we the gog community FEAR greatly, we already have years long issues about how GOG handles not only offline installers (like lack of updates the super controversial sewn in galaxy installers etc, that something like this we kinda have a knee jerk reaction too so sorry for not talking to you about it.

Look as a fellow Canuck if you have an issue with what I say, please do call me out, you do'nt have to hide it, I am always willing to hear someone's thoughts.

Hold up for a second there, OP, and lemme tell ya something: none of what you suggested would work

Why? Because it'd just be easily cracked/stripped out like other forms of DRM(which, btw, your idea is), and likely within a matter of days.

- -

Fixed for ya ;)

GOG is going more and more corporate, so those who respect gog is slowly falling apart. Not to mention the increased exposure means those with ill intentions are more likely to notice it.

You are not the first one to think of that, it has been discussed in the past also in this forum.

I have also mentioned in the past that, as a person who buys games on GOG specifically for DRM-gree games, I personally would be fine with "watermarking" of GOG games, where the game might include some kind of hidden "watermark" which could connect the game to the original purchaser, with some kind of unique code.

The "watermark" could be e.g. your GOG user ID, so seeing it will not identify you personally, except if you are GOG staff who can see which GOG user has which user ID. So 20 years from now when GOG store has stopped operation, that watermark will not really tell anyone anything anymore. "Oh, this GOG game was originally bought by the GOG user ID "78923479792874877292374987398742798237984747298". How cute. He could be Donald Trump for all I know."

So the watermark would not technically limit who and how people can use the installers, but they would be an incentive for people NOT to share their purchased GOG game installers to the world, or even their friends.

However, I don't know feasible such watermarking would be, without being very easily removed or altered by hackers, or by anyone by some simple third-party tool or instructions on the net. But if it was possible, I personally would be fine with such "watermarking", as I don't share my GOG games out of my household (and I let no one else access my installers; if my son wanted to play some GOG game, I would install the game to his PC).

So I think the best way for GOG to combat piracy while remaining DRM-free is simply by offering better support for their games than the pirates do, like constant updates etc. And if there really are some sites online that offer GOG game library, naturally go after such sites. It is not DRM because it does not technically limit how and by whom the installer can be used.

EDIT: Well, someoone might argue "it is DRM because you can start the installer only with a certain username and password", but that would be a rather useless method of "DRM" if that username and password could be simply included with the game in a readme file.

The original idea of "watermarking" the installers would not have such extra step to enter your user ID and password, but that each purchased installer would have their unique watermark, an ID.

Ahaha I was not intending to sound combative, and yeah it is, I let my anger speak more then my brain, with you and powerpc being newer to gog, we have had many controversies and panics as the time has gone on, so I kinda kneejerk reacted, right now its not a good environment in the GOG forums with things as recent as the Devotion Debacle, Offline installer updating issues and even things like a continuing controversy over curation, people tend to react and I reacted poorly.

Hit me up in PM if you want to know more.

Would you like a demonstration of the hooks api? yes. Gog needs a good reputaiton. It is DRM, but a more humane DRM, and also likely immersion breaking in alot of games. The whole purpose of digital rights management is to manage digital rights. This is exactly what's going on.

Also, imagine trying to actually implement this. How would gog or the devs embed the code (username and pass) into the exe or something to prevent modification while also doing it on the fly for downloading offline installers? How do you do it in a non-reversable way if the user gets hacked and their setup files are stolen? Moreover, what about password changes? Should a user re-download their entire gog library?

Are you familiar with a game called Windward? It tried, and it didn't work very well. Dev was able to use it to see how bad the piracy was, however. All users connect to the servers and use a UID, and gog versions were all prefixed with GOG_ and dev was able to see the number of said users vs number of puchases on GOG. It was one of the many reasons he delisted.

Indeed it would be.

Stop and think for a moment how exactly it could be implemented.

The installer would need something to check against. What exactly would that be? How would it be flexible enough for a legit owner, to not require a web check?

In other words it would not be any different than some DRM we have always had.

GOG play the odds with trust, as do those developers and publishers who provide their games to GOG.
In other words, it is based on the majority doing the right thing and not sharing their GOG bought games with others, especially indiscriminately.

If some gamer really wants a game for nothing, then even before GOG existed most games were available through pirate websites or web sharing programs etc.

Personally I don't think game providers are any worse off since the advent of GOG, and quite probably better off, because many, and I include myself, no longer bother with abandonware or game cracks. I used game cracks to get around disc issues, not to get a game for nothing, as did many other gamers.

While I said I would fine with "watermarking" of installers, now I noticed your suggestions has some flaws and even a contradiction:

(I must say I read your message too hastily, I was at home eating breakfast, leaving to work...) What happens if I've changed my password, after downloading that said installer? How does the installer know what my current password is, unless it checks it online from GOG servers?

And if it has to do such online checking, doesn't that mean the installer will fail to work if either internet is down, or GOG servers are down? How can the installer do that, without contacting the GOG servers online?

If it has to go online to check that, that actually is DRM. That part is more like what I referred to as "watermarking".

However, that watermark/ID should not be some personal information (like your real name or something, or even your GOG account name in case you've used your real name as such) as that would probably be against identity protection laws like EU GDPR.

Instead, it could be some kind of "GOG user ID" that makes sense only to GOG staff. Like your "GOG watermark ID" would be 98304802384092, and mine would be 55453354336454. To outsiders, those IDs mean nothing.

However, I am unsure how such watermarking could be implemented easily, and also securely so that it is not easily altered or removable by anyone. If it can be removed or altered easily, then it is pretty useless for suppressing even casual piracy. Heck, someone might even alter it to be my GOG ID, and then GOG would blame me for sharing my game installers!

A simple "yes" or "no" or even "it depends" would suffice.

Like:

"Yes, it is quite easy to implement an uncrackable watermarking for digital goods, which doesn't even need online checks."

or

"No, it would be quite complicated to implement and even then it would be quite simple to bypass, remove or alter."

or something along those lines. If I want a lecture about e.g. hooks API, google is my friend.

It'd be way easier to break than it would be to make, to but it bluntly. The only way for them to make it harder to break is to make it an image watermark, which means trying to debug some sort of text-to-image methodology that has to be embedded into the exe between when the user clicks "download" and the game actually downloads (since we don't get per-account exes). Given how badly galaxy is done, as well as pretty much every other bit of code surrounding GOG, such a notion is unrealistic, even if you were to take it the plane easiest way, which something like cheat engine or tsearch would be able to remove in about.... 30 seconds...

DRM doesn't make dishonest people honest and being DRM-Free doesn't make that person "anti-honesty". 99% of games on Steam ever released have been cracked whilst DRM-Free Witcher 3 sold 50 million copies.

Even "just watermarking" still isn't desirable / feasible. GOG will basically have the added expense of having to run Steam-CEG style servers that manually create in real time a brand new .exe per person to be downloaded separately vs the "static content" and this has to be managed by a client and can't simply be downloaded as a static URL on a web page, ie, the process of having custom made installers per account would require GOG to force Galaxy as a download manager, defeating the object of having offline installers in the first place. Another huge strike against it. And as mentioned, all pirates will do in response is simply create their own "repacked" installers / zip files from the game folder / InnoExtract and share that instead of the original. They won't "remove" the watermarked original installer, they'll just replace it and GOG will have spent a lot of money changing their back-end for nothing.

Edit to explain better - There's simply no way GOG can create large complex 100GB games per person in real-time. Even Steam doesn't do that. What could more realistically happen is all the "static" content could be stored as .bin files (that are the same for everyone) whilst the small installer .exe could be created dynamically. But you couldn't do that as a simple clickable URL. The way Steam does it with CEG protected games is that the game is shipped to the "subscriber" minus the game's normal .exe. At the end of the installation, the client will do a hardware check for the unique ID of the motherboard the client is running on, send that back to a special Steam 3 DRMS server, which in turn uses that unique ID to create a Custom Executable unique to each user and downloads that. Even if GOG were to use just a watermark instead of a DRM check, the multi-stage download process (pulling different static vs dynamic content from different servers via different methods) is complex enough to require Galaxy be compulsory.

tl:dr - Even "just watermarking" offline installers would make Galaxy compulsory as a multi-stage download manager and defeat the whole point of client-less offline installers in the first place. Bad idea if you want to lose a lot of paying customers that are here because Galaxy is optional not compulsory, whilst making no dent at all in whatever low levels of piracy GOG experience anyway. In short, a DRM'd / watermarked installer to install a DRM-Free game is pointless.

And if they tried this or any other method to implement what the OP seemed to be suggesting with GOG's servers being as they are(heled together seemingly by hope, wishes, and duct tape), well.....I don't think the results would be too good.

I don't want this anymore than you do, but I don't think the part I am quoting here is necessarily true. In bigger games the installer is already sliced in several parts plus the 1MB exe. The links in the store page already point to different files. The only change there would be that the link to the EXE would trigger the procedure that creates the executable (and that procedure should be very carefully crafted for both reliability and optimization), then the store page would need some AJAX to push the download out after the file is ready. I suppose you know that this AJAX part is fairly trivial.

The biggest change as far as customer experience goes would be that every single game would be split in one-or-more BIN files plus the 1MB EXE, which doesn't happen to games smaller than one or maybe two GB today.

Despite that, just because it COULD be done doesn't mean it SHOULD be done. Because, really, it shouldn't.

very bad idea, but based on your rep, you seem like a newbie here, so I think people shouldn't pile on too hard.