I'm pretty sure there are several long-time users who have never bought a game at full price.

It still punishes all new users with a bad experience due to the bad deeds of an extremely small few, while not actually preventing the bad users from finding a way to keep doing what they do. This is a feature I hate about Steam, they have security measures in place to try to cut down on scamming and whatnot and their measures do seem to work well for certain classes of problems but the downside is all of the collateral damage. I'm unable to trade between my two Steam accounts because one is my main account that is logged in 24/7 and the second one is a spare account for LAN gaming that is used very rarely and contains dupes of Valve's games and a few others for when a friend comes over. Since it doesn't log in often, my account gets put in hypersleep by Valve where I'm restricted from trading for 7 days and bullshit like that which makes it useless for trading something that expires in 3 days if I have to wait 7.

If GOG can come up with security features and anti-scammer/anti-spammer features that do not harm regular users at all then I'm all for it, but if they throw the baby out with the bathwater then I'm definitely not in favour of my life being made more difficult because of some scammers that will find a way around whatever they do anyway. I like GOG's open hands-off approach mostly. I think they could put some new measures in place that are relatively transparent and without collateral damage too and I'd like to see a bit of that, but nothing draconian.

Plus, you could get busted, having visited certain sites. We all know how that works, no need to come up with such detailed explanations. ;)

Then we continue to live with our Alt-brethren for the time being :(

For this one, I actually meant in the specific instance of an account that hadn't crossed the $5.99 "purchase threshhold" - so an account that hadn't yet "unlocked" access to the forum could still get support in the subfora for any game it had been gifted / GoG freebie / promotion etc.

But once an account unlocks that threshhold, it could post freely anywhere including in subfora for games not in the account.

Hi,

Sorry, to jump your thread here, could you explain why the decision was made to require these extra hoops on anything other account changes? For those of us who are already security conscious, clearing cookies is number one on the list of things to do. This makes 2 step verification for another set of hoops to jump through for no reason, the account details email, and such like changes are the ones it is meant to protect against.

The only other thing I can think of aside from things I suggested in previous posts would be the age old classic problem solver. The LART. :)

Not a fan of this idea, I have to say. I've been here since the beginning, and I think I may not have bought a single full-priced game yet. It's possible I have but I it's also entirely possible I haven't. However, I have bought tons of stuff. If you want a paywall, it can't be restricted to full-priced games. I'm somewhat OK with having a small paywall (e.g. $1), but in general, I'm not a fan of the idea. I don't like arbitrary restrictions to solve problems the restrictions are completely unrelated to.

All subforums should also have free access to anyone that can post somewhere. It's possible to want to ask a question (or several) about a game before purchasing, and how do you do that if you have to purchase the game first before being able to post about it? Yep, you don't.

I've never tried to change my password on GOG. But I would expect that I have to confirm the password change with an email before the change becomes valid. Even simple forums require that. You cannot allow to change the password of an account which may be worth several hundreds of Dollars just by entering the old password, can't you?

Yeah, location based security? Pass, thank you very much. Cool for those who want it, certainly not for me.

I think this would require using email with end-to-end encryption. This means GOG would have to implement it at their end too. Normal email is very insecure due to the design of the protocol - it's essentially 'in the clear', and as such is very vulnerable (even if the users 'account' is well secured).
I'm no expert, so please correct me if I'm wrong...

Because there's no such thing? I use an email service that is pretty robust, but that doesn't make it impenetrable.

i haven't changed it recently, but the last time I read comments about it, IIRC GOG merely sends you a notification email that your password was changed. It doesn't confirm it, it merely notifies you.

That's how some people lost their accounts, the new owner who had obtained your old password somehow, changed the email and password, without the system requiring a verification.

Thank you for having this optional, this means I can ignore this security annoyance hopefully forever.

Yes it is. If you wipe your cookies then you remove the login cookie from any given website and will need to log into it again. Likewise, if you use "Private Browsing" mode or "Incognito" mode or similar features of another browser, you will have to log in manually every time too because you're straight out telling your browser to maximize your privacy by disabling features that can be used to track you such as cookies, cache, and local storage between sessions.

Likewise, if a website has configuration options in their web UI which set cookies or localStorage in the browser, such as some privacy settings on startpage.com search engine for example - used in conjunction with private browsing or flushing cookies will reset it to default because it is cookies where this information is stored. It has to be stored somewhere. :)

One has to remember that cookies were originally invented in order to allow the webserver to store a small amount of data in the web browser in order to know it is the same user from one page load to the next in situations like logged in accounts as well as other preference related data etc. The side effect of that is that cookies can and do also get used maliciously/unscrupulously by websites, ad agencies, miscreants etc. to do various forms of tracking across the web. But the functionality cookies provide is absolutely necessary for certain features to work at all, or for them to work across browser sessions etc. If we disallow cookies then we disallow these features, and some of them are mandatory for the web to work properly such as for logins. If we delete cookies always or when we exit the browser, or with private browsing etc. then it works fine for the session but all of those features are lost for the next session and one has to relogin, reconfigure their favourite Youtube video resolution, reconfigure other random settings on every other website and do it every time.

If only we could have a web where the settings we want to keep always are kept, and the tracking and other crap is flushed regularly...

But sadly, that's not how the web works. :)

(I'm a massive privacy/security buff/advocate, and "Private Browsing" and similar features drive me bonkers. I say that and I use NoScript, RequestPolicyContinued,Privacy Badger, Disconnect, CookieMonster, BetterPrivacy and other extensions that combined would drive the average person mad.) ;oP