It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
Lukaszmik: (...) I wanted to believe that, as a gamer, I will have a place to get games that will let me do this with minimal hassle (no DRM). But I also assumed you would have similar stance to other things, such as respect for personal privacy. (...)
I can't speak from a technical standpoint on this, but I want to explain why we use things that tell us how the general public (unidentifiable customers) behave on the site.

Imagine you have a website and you're trying to convince someone to sell their product on it, under conditions they did not previously accept, or were hesitant to. Do you go to them telling them that it's great, or do you show them numbers? That x% of people that visit your site through a link to a product look at another product, or that they spend Y minutes browsing it on average?

Also, when you're hired by the company to do a certain job, you report on it. Say your job is "increase sales by linking to the site correctly". If you track links with Google Analytics, you can get aggregated data on how many clicked the link. If you can combine that with a number of people that saw the link (i.e. newsletters opened), you have a percentage of people that you brought in - meaning you did your job, and it's quantifiable how well it went.

We need these (general and aggregated) numbers 1) to convince developers that it's worth it to work with us (therefore bringing more games), and 2) to quantify how well we do what we do in the aspect of providing you content and games you're interested in.

There's probably other reasons for other departments as well (such as: "is that tab really necessary?" for the developers or something), but getting some data about user behaviour is a big thing that helps us get other big things done. :)
avatar
shmerl: Yes, there is a major and extremely annoying looping bug on GOG site. I think it's related to HTTPS mess and poor support for it here. Many games pages simply don't open until you refresh them 20 or so times (some GOG mirrors don't have that bug). Plus log in problem occurred quite a lot to me too. I'm using Adblock Plus and HTTPSeverywhere.
What browser are you using ? I use Firefox on Mint and Firefox & IE on Windows with AddBlock and DNTMe and I never experienced a similar bug.
I'd like to pose a question:

When GOG has a TOS of a 3rd party, which TOS is going to take precedence?

Example-
GOG claims Lucasarts/Disney games are DRM free and that is great. But then you have to go to Disney's website and read a TOS wall and find that you are subject to THEIR TOS and they...uh...well, last I looked, they do not have anything that would give a care about DRM-free games.

SOooooooo....this seems like a loophole to pin DRM onto/into one of those titles and fall back to "well folks, we TOLD you to read the fine print. You had to abide THEIR TOS and now since we have your money, take a walk if you don't like abiding to their DRM TOS".

Ok, perhaps a little paranoia? I am simply pointing out the question of "who do we have to abide"? GOG asks us to agree to GOG TOS and then to agree to DRM policies of a 3rd party. I mean come on, wtf? >_>

Oh and please do correct me if Disney suddenly thinks DRM-free is great and they changed their policies in the past 3 months. No...seriously I could have missed a few lines, but I doubt they changed their pages.
Post edited January 22, 2015 by Shmacky-McNuts
avatar
Shmacky-McNuts: Ok, perhaps a little paranoia? I am simply pointing out the question of "who do we have to abide"? GOG asks us to agree to GOG TOS and then to agree to DRM policies of a 3rd party. I mean come on, wtf? >_>
Yeah, this is a real problem already existing with the multiple EULAs packaged with games. And I guess GOG can't change the standard TOS/EULAs of the publishers significantly... but at least they can try to influence them & give a good example. For instance with a standard GOG TOS which is very relaxed and consumer oriented: e.g. content owning instead licensing, consumer can do whatever he wants with content beside redistribution/taking credit/ reselling.

About the precedence, I guess when not in conflict: both (so, the more restrictive one -> meaning the GOG one should never be the more restrictive one). And when in conflict: I have no clue. Ciris, any comment ?
Post edited January 22, 2015 by shaddim
My annoyance was not GOG exactly, but being told to abide a contractual agreement that by default every user who makes a purchase is breaking said contract.

While I find contracts online to be mostly laughable, it isn't funny when they DO take action against people. The law of a nation tends to make examples and justice be damned in the process of corporate rule.
avatar
shmerl: Yes, there is a major and extremely annoying looping bug on GOG site. I think it's related to HTTPS mess and poor support for it here. Many games pages simply don't open until you refresh them 20 or so times (some GOG mirrors don't have that bug). Plus log in problem occurred quite a lot to me too. I'm using Adblock Plus and HTTPSeverywhere.
avatar
Gersen: What browser are you using ? I use Firefox on Mint and Firefox & IE on Windows with AddBlock and DNTMe and I never experienced a similar bug.
I'm using Firefox and have such HTTPSeverywhere rule set:

<ruleset name="GOG">
<target host="www.gog.com"/>
<target host="gog.com"/>

<rule from="^https://www.gog.com/" />
</ruleset>

In general HTTPS support on GOG is very messy. Please vote here: https://www.gog.com/wishlist/site/https_browsing_of_the_whole_site
Post edited January 22, 2015 by shmerl
avatar
shmerl: In general HTTPS support on GOG is very messy. Please vote here: https://www.gog.com/wishlist/site/https_browsing_of_the_whole_site
Remind me, have I linked you The cost of the <span class="bold">"S"</span> in HTTPS or not? Just playing the devil's advocate, not sure if the benefits outweigh the negatives (for GOG, not us).
avatar
shmerl: In general HTTPS support on GOG is very messy. Please vote here: https://www.gog.com/wishlist/site/https_browsing_of_the_whole_site
avatar
JMich: Remind me, have I linked you The cost of the <span class="bold">"S"</span> in HTTPS or not? Just playing the devil's advocate, not sure if the benefits outweigh the negatives (for GOG, not us).
The cost is worth it. You should know the world we live in.
avatar
Ciris:
Well, my extensive reply just disappeared into the bowels of the Internets. Huh.

Anyway, tl;dr version:

My problem isn't so much the implementation of metrics, but outsourcing it to third parties. Google in particular.

I realize it's far less expensive to do that than develop your own code, but it's our information that's monetized to cover the difference (so to speak). Personally, I'd rather do everything possible to limit Google's ability to add another data point to their database. It's something I strongly suspect will come back to bite the society, as a whole, in the ass sooner or later, and I have little inclination to contribute toward it. Aside from my information being treated as commodity, that is.

The Privacy Policy, as it currently reads, does not inspire confidence in limiting the availability of our information to third parties. In fact, it hand-waves any responsibility for what happens to said data when it reaches the third party squarely on their shoulders (and requiring adherence to the EULAs of those companies, which in reality may state whatever they want).

The link I provided is only one of the many tests available (though not from such a well-know organization as EFF) to prove just how easy it is to use software and hardware data to identify unique end-points (computers). Making tracking user habits a snap, as long as somebody willing to do so has access to that data. Google is certainly one of such companies. Anybody else handling metrics will likely be in exactly the same business.

I realize my view-point may not be popular in the age of Google, Facebook, Instagram, Snapchat, and basically data-trawling wherever you go, but that doesn't mean I have to like it. I was hoping that, with your stance on DRM, GOG might also recognize the inherent dangers in proliferation of such data, but business is business.

Anyway, thanks for the reply and explanation. I doubt my opinion will change your stance on this, but I do appreciate the effort.
avatar
shmerl: I'm using Firefox and have such HTTPSeverywhere rule set:
easy solution: remove that rule.
Forcing https where no https is offered is not automatically a safe thing to do as far as I know.
Asking GOG to offer SSL support for the whole site with that wishlist entry you linked to is the right thing to do. And I fully support that.
But forcing ssl where no ssl is offered and than calling it a "major bug" when things break seems a rather adventurous logic to me.

avatar
JMich: Remind me, have I linked you The cost of the "S" in HTTPS or not? Just playing the devil's advocate, not sure if the benefits outweigh the negatives (for GOG, not us).
i will link you this in return: SSL/TLS is not computationally expensive any more. ;)

avatar
Shmacky-McNuts: When GOG has a TOS of a 3rd party, which TOS is going to take precedence?
see 2.2. of the new User Agreement
When you buy or install GOG games, you might
have to agree to additional contract terms with the
developer/publisher of the game (e.g. they might ask you to
agree to a game specific End User Licence Agreement). If
there is any inconsistency or dispute between those ‘EULAs’
and this Agreement, then this Agreement wins.
Post edited January 23, 2015 by immi101
avatar
JMich: Remind me, have I linked you The cost of the "S" in HTTPS or not? Just playing the devil's advocate, not sure if the benefits outweigh the negatives (for GOG, not us).
avatar
immi101: i will link you this in return: SSL/TLS is not computationally expensive any more. ;)
Do read the [url=http://www.cs.cmu.edu/~dnaylor/CostOfTheS.pdf]paper[/url]. Computationally wise, part 4 and 6. Server side computations may not be that expensive, client side they appear to be noteworthy, not due to the computation themselves, but due to lack of proxying. But who knows, many things may change in the next few years and the 4 year old study may or may not be relevant any longer. And as soon as proxies can handle https, then the cost of the S will be significantly lower.
avatar
immi101: But forcing ssl where no ssl is offered and than calling it a "major bug" when things break seems a rather adventurous logic to me.
SSL is offered, but some servers have redirects problems. As I said, at times it opens just fine. I.e. it's a bug of the site.
On the upside...it's not really needed..I mean SSL..

(unless ur paying with an actual CC..and that's SOO dumb..)

Anything bought on here, is non-transferable..

It can't be hacked out of your inventory..
Yes, they can steal ur account for a while..but as soon as payments are in question..they don't have
your payment ways, ID's etc..unless they hack those too..but that's kinda hard with a prepaid CC..
(there's no getting their hands on a physical prepaid CC..)

I wouldn't worry about it too much..I'm not worried about my account getting hacked..
Like I said, when push comes to shove, they can only pretend that it's theirs when you use a prepaid card..
(and never make the mistake of getting a lot of cash on it..$20 tops..it's worth dangling it...why ?..
well..any hacker stupid enough to download a tool and trying to steal $20..well..THEY DESERVE 5-10 A LA
CLUB FED !!..I hear they have new dance cards there now, specially for the virgin rookies..)
avatar
JMich: Do read the [url=http://www.cs.cmu.edu/~dnaylor/CostOfTheS.pdf]paper[/url]. Computationally wise, part 4 and 6. Server side computations may not be that expensive, client side they appear to be noteworthy, not due to the computation themselves, but due to lack of proxying.
you mentioned specifically the costs for gog. That's why I commented on the server side performance impact, which seems in practice much less of a problem than generally thought.
It wasn't my intention to dispute the paper you posted entirely.

avatar
shmerl: SSL is offered, but some servers have redirects problems. As I said, at times it opens just fine. I.e. it's a bug of the site.
if you use the site normally SSL is only used on a few specific pages. You cannot simply assume that you can redirect all site links to https.
avatar
immi101: if you use the site normally SSL is only used on a few specific pages.
What's normally? All pages on GOG have https versions. It should be normal and expected to use them. But there are problems with how links and redirects are handled on the site. And it happens even without HTTPSeverywhere as was already reported before. Can be related to cookies mess. Either way it's a bug on the GOG side.

Anyway, to avoid off-topic let's discuss this further in the dedicated thread:
https://www.gog.com/forum/general/dear_gog_please_fix_your_https_pages_linking
Post edited January 23, 2015 by shmerl