ssokolow: I seem to remember someone in this thread commenting on the new password-protected RAR installers so, whoever you are, you have you answer:
According to Gowor, they're to prevent malware from being added to pirated copies with intact, digitally-signed EXEs (Fail. You need an unbroken chain of asymmetric crypto for that.) and to force paying customers to install the games via the GOG installer rather than manually unpacking them.
Niggles: "Another reason - I want to avoid the situation where someone tampers with the archives (let's say adding malware, or some illegal content), and uploads the modified version on torrents. I don't want the GOG Installer installing anything else than it was supposed to, and it doesn't matter how it was obtained. "
This bothers me. Why do they even mention torrents?. Anyone who gets them from those other places are on their own imho...
Reputation damage by proxy, to some extent... but even then, it's harming more than it's helping because it makes GOG look like they're trying to sneak DRM in bit-by-bit while not stopping determined attackers.
That's why, in that thread, I went into great detail on how, to accomplish what they want, they need a chain of asymmetric crypto. (The OS verifies the signature on the EXE, then the EXE either contains a known-good hash for the RAR that it can check or the RAR contains a cryptographic signature that the EXE can validate)
DeathDiciple: Am I the only one reading that as moving towards pro-DRM way of thinking? Why would they care about torrents, or piracy, or 'protect' someone from anything related to it?
Is that what's going to happen, next step will be DRM on installers, and then... Yes it bothers me heavily.
Well, at least we've got the high ground.
GOG's brand is built on DRM-freeness and DRM is an attitude (the technology is just a symptom). Forcing artificial restrictions on paying customers which can be easily stripped from pirated copies is the textbook definition of DRM.
If we want GOG to backpedal, it's very likely that all we have to do is spread the word with the proper framing (
tips) and make sure it doesn't get brushed under the rug. The battle should win itself.
(Or result in GOG's reputation and revenues taking a nosedive, but they already backpedalled on regional pricing, so I don't see that being a danger.)
EDIT: ...and make sure to vote on
the wishlist entry.
EDIT: Here are some
good quotes to use.
HypersomniacLive: But what I'm ,ore concerned about is if the notifications will work properly on the updated account pages or if we're going to be enjoying broken updates much longer, and how many things will additionally be broken once they roll out the updated account pages. The Fresher & Better account pages? Never. It should be worked on during updating the account pages, but let's just say I'm not holding my breath.
