It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Creative thinking is valuable in the security world.

However it goes

1 - learn systems thoroughly
2 - think creatively
3 - point out problems in system
4 - learn flaw thoroughly
5 - think creatively
6 - come up with good defense for problem
7 - peer review

etc

It does NOT go

1 - Think creatively
2 - Call anyone who points out flaws a jerk
avatar
Mortimer1066: It would not have to be encrypted
avatar
onarliog: Oh boy. Believe me, it absolutely has to be encrypted :)

Anyway, websites can't just write arbitrary stuff on your disk, so you would need to go through a third party in any case, like a browser extension at the least. What you want is really one of those password & credential managers that encrypt and save this information on the cloud (so that you can access it on any computer), this is an already solved problem. Another advantage is it automatically works for all websites. This is the correct way to implement it on the client side, and if anybody comes up with a better idea, it is probably wrong. (Creative thinking is really discouraged in the computer security community :) Not kidding.)
Well I'd think GoG galaxy could write something, it is a program not a webpage and could save information the same as any other program does.

And what this all boils down to in the end is I want GoG to be looked at by many people, and game devs as a place as good as Steam, contrary to what some may say I have not insulted any one, though being told you are wrong by 20 people at once can be a bit daunting, especially when they offer no real counters. This is not a board room were we talk and get all serious, this is a forum were we throw out ideas and see if anyone can come up with a good one.

Regardless of how much we love GoG, it is like the only major site, that I have been on does not allow 1 or 2 click purchasing for returning costumers. Maybe it is not an issue for anyone here...but I think it is a bigger issue to people that might not post in a forum, or might usually buy elsewhere.

The fact is to be as good as other sites, they'd need to offer the things that most others do, the GoG galaxy is a start, it keeps everything up-to-date, and keeps a list of your library, easier payment options would not hurt anyone, I'll let them, or any of you figure out how to implement them the best way, but others are doing it already so we can't pretend it is like sci-fy crazy talk.

If you really think GoG is great, and don't want to see it get bigger, and offer more drm free games, then just let this topic die. If you think maybe doing something to make more users actually come here and use the site to buy their games, is a good thing then try to add something productive.

I am not the standard guy that comes on the net to prove something by having a different opinion, not do i care about trolling. I just see more popular sites allowing a bit easier ways to do things and think, "I wonder why they don't do it like the others?"

And if it is wrong for me to suggest this stuff then, I am guilty, but I know if they can find a way to make safe easy transactions more people will use it, I offered my horrible ideas...many work for the other sites, and sadly most people would never post here, they would have just said GoG sucks and left.

I won't be posting any more replies to how I am wrong, unless you offer something new to counter it. I will just read "you are wrong" as GoG is perfect the way it is.
Post edited July 27, 2015 by Mortimer1066
avatar
Mortimer1066: I do see some great points here ...
Have you heard of stolen credit card information (for example from Sony last year)? Not storing any information is a 100% safe way of defending against hacker attacks. That is the rationale behind GOG's behavior.

But yes, for lazy people GOG should definitely offer to also store credit card information. I have absolutely nothing against it. It would be a nice service. But in case credit card information is stolen, the lazy people should not complain too much. Nowadays even the best protected systems can get hacked.
I was thinking something along the lines of a button instead of Login, which just uses the NSA tracking database to fill all your information in for you. And then I thought, a button, far to much effort, what about a motion sensor so just wave in front of the screen. Then I thought a bit further and realised one hand has a giant quadruple cheeseburger, the other a 20liter coke, so thats out the window. So what it comes down to is a cable directly into the head through which by the merest thought, you can select, and have filled in all the order.

Feck knows how they are going to play all those old games, having to use a keyboard and stuff.
Umm,if you fill in the form below I'll gladly keep your CC details turning over.

Form:-)
Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
avatar
tinyE: Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
i don't think i can throw across the pacific ocean.and he still doesn't get it. otherwise he won't keep on bumping up this thread with mindless drivel, asking us for ideas ?

you know what, why the fuck is he even whining to us about this? we're not the blues!
Post edited July 27, 2015 by dick1982
avatar
Mortimer1066: For all intensive purposes
(Sorry, but the phrase you're looking for is "for all intents and purposes", not "for all intensive purposes." They would mean quite different things. I'm sure a lot of people mishear the phrase the way you've written it, but the first is correct.)
avatar
Mortimer1066: And if it is wrong for me to suggest this stuff then, I am guilty, but I know if they can find a way to make safe easy transactions more people will use it, I offered my horrible ideas...many work for the other sites, and sadly most people would never post here, they would have just said GoG sucks and left.
Well, I actually think your sentiment is well-founded. GOG could certainly use a PCI-compliant third-party processor like Stripe which is seamlessly integrated, much like the way HumbleBundle does. This way they do not have to store card information directly on their own servers and rather the information is retrieved from the much more secure Stripe servers via a temporary session token. I personally do not mind re-entering my card data when making a purchase, but I do know that it does have an appreciable effect on sales conversion rates and that making checkout as easy as possible translates to increased sales. For GOG's sake, I think the increase in sales would probably make up for any lost income due to slightly higher payment processing fees, if any. GOG still obviously is paying fees to someone for processing their transactions, whether it be PayPal or some other card processor like Authorize.net.

Just to get in on the technical side, however, you generally do NOT want sites that don't specialize in payment processing and payment gateways to be storing your card information. You've seen what has happened with Sony, and I get the feeling that Valve is actually kind of understaffed in this area as well. Many smaller sites are using 3rd-party processors that specialize in payments and offer integrated API's, like PayPal and Stripe -- so they are not actually storing the information on their own servers although it appears that they do because of the seamless integration. Amazon has its own PCI-compliance and they are one of the few that I do trust to handle my cards securely -- mostly because they specialize in internet services, have their own payment gateway, and also have something crazy like $100 billion in annual worldwide sales revenue. To put that in perspective, you think of Steam as being big, but they only have maybe at most 1-2% of the annual sales revenue that Amazon does. GOG? It's about .00025% of Amazon's annual revenue. We are talking gargantuan differences in scale, resources, and specialities between all three companies.
Post edited July 27, 2015 by the.kuribo
avatar
tinyE:
avatar
dick1982: we're not the blues!
We're the Blues.
Post edited July 27, 2015 by tinyE
avatar
tinyE: Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
But he said ... ! (Monty Python - Life Of Brian)
avatar
dick1982: we're not the blues!
avatar
tinyE: We're the Blues.
real men watch women's hockey
avatar
Mortimer1066: For all intensive purposes...
Eggcorn.

avatar
tinyE: Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
ummm...ok. :P
Post edited July 28, 2015 by Egotomb
avatar
tinyE: Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
What about my packet of gravel?
avatar
tinyE: Far be it for me to step in at a time like this, but I think the OP gets the point.

We can stop throwing stones at him now. :P
avatar
Randalator: What about my packet of gravel?
Unless you were planning on boring him to death building a rockery...