Nick Danger
Steam should be optional
- Joined
- Mar 17, 2006
- Messages
- 83
Hi 2K ElizabethI'll go try and get you a more technical answer - I'm not a programmer, so me explaining how Steam is hooked into the game in the detail you are desiring isn't working. I know that I've said we use it for updates, content, multiplayer, start up, and delivery, but if you want more programmer-speak details of how that works with Steam, you're right - I don't code games, so I can't provide that.
Thank you for your reply. I expect you're pretty busy with rolling out Civ5 and your related projects, so it is appreciated.
The sort of information I'm looking for -- well here's an example: https://partner.steamgames.com/documentation/api
These quotes state some of the things steam/steamworks does, including when in offline mode. Things like:
"Steamworks Digital Rights Management wraps your game's compiled executable and checks to make sure that it is running under an authenticated instance of Steam." (so not only will we have functioning civ5 drm but functioning steam drm so it can provide civ5 drm)
"...we provide you with several tools that you use to generate metadata about your executable file. This metadata is stored on the Steam 3 DRMS Server."
"When a user installs your game, the DRMS server collects information from the customer's computer that uniquely identifies it. The collected information is used in combination with the metadata regarding your executable file to generate a custom binary, that checks that it is running on the user's computer. If the user changes the configuration of their computer such that the CEG checks would fail to identify the computer, the CEG system will automatically generate a new executable file for the user, and update their game installation. These checks occur whenever your game is run, regardless of whether the computer is connected to the Internet or not. In addition to examining the user's computer, the CEG system will detect tampering with the executable file, and will conceal its workings from reverse engineering." (so there's a lot of system monitoring, even when offline)
"Peer To Peer Multi-Player Authentication/Authorization verifies the unique ID of a user (their SteamID), determines if that user is allowed access to the game, and whether or not the user is VAC-banned (log in for more info about Valve Anti-Cheat Technology). This is accomplished by using both signed tickets and a multi-way handshake between the game clients, and Steam back-end servers. Each game client should attempt to verify the identity of every other game client it is playing with using this process... The inverse of this process should also be executed..." (so not not only is the client and servers checking for cheaters/etc. but each player checks every other player too)
"A user always knows the state of all their friends, users with whom they share a lobby, and users who are in their groups. Users also have the details of other users on a game server, if the game server is connected to Steam and using the Multi-Player Authentication API. Each of these entities (users, game servers, lobbies, and clans) ..." (so there's a lot of communication going on, constantly, when online)
"The most commonly posted callback from the community API is PersonaStateChanged_t. This is triggered whenever new information about an existing or new user is received. Most commonly, this will be a friend of the local user changing their name, avatar, or online status..." (more communications when online)
"Valve Anti-Cheat... Integration work with the VAC Steamworks C++ API is simple, because the heavy-lifting is left to Steam. An advantage is that cheat detection is not handled directly by your game client. The only thing your game needs to do is use the API to find out whether or not a given user is VAC banned. VAC is a component of Steamworks and the Steam client, and works by scanning the users system for cheats while your game is running. It works a lot like a virus scanner, and has a database of known cheats to detect." (a drm 'virus scanner' constantly running while the game runs, with updatable database)
That's just a quick selection of things steam/steamworks is doing when running (some only when online, some when offline too). There's more on that page, and I'm guessing more not listed on that page.
-----------------------------
There's also the issue of information collected (aggregate, individual, and personally identifiable). We know all sorts of system information are collected, enough to "...uniquely identifies it." and is monitored/updated "...whenever your game is run, regardless of whether the computer is connected to the Internet or not."
-from http://www.steampowered.com/Steam/Marketing/message/639/
-"Steam game file fragmentation automatically detected and fixed" (so we have our steam files scanned/defragged without our knowledge/control)
-"We've updated Steam's driver check, so if yours is old you'll get a message prompting you to update when you launch the game." (so add drivers to the list of information collected/monitored)
-from the steam wiki (http://en.wikipedia.org/wiki/Steam_(content_delivery)#cite_note-herring1-40) "With the exception of Valve's hardware survey, most collection occurs without notifying the user or offering an opt-out." (quotes above show that steam collects HW info in ways other than the opt-out survey)
Along with the other personally identifiable information collected, in 2008 steam added the ability "...allowing the storage of billing address details between transactions." Is that information collated with any other collected info? Is it shared with third parties, and if so with who and for what purposes?
------------------------------------------------
There's also the question of who all this information collected from us is given to. Valves privacy policy (http://www.valvesoftware.com/privacy.html) mentions "...other parties...", "...third party...", and "...associates...".
We know personally identifiable information is collected with/by "associates":
-"Personally identifiable information protected under this privacy policy and collected from users may be done in conjunction with associates under agreement with Valve."
-"Furthermore, external websites and companies with links to and from Valve's online sites and products may collect personal information about users."
We also know Valve's privacy doesn't apply to other parties:
-"Valve's privacy policy does not extend to associates of Valve."
-"Valve's privacy policy does not extend to these external websites and companies."
-------------------------------
Exactly what information will be collected from us because of our playing Civ5, even when offline, is known by steam and it's 'associates'. Is there any reason to not tell us what it is, or why it should be hidden from us?
And who is it shared with, and what are they doing with it?
And finally, how does having all this stuff (and whatever else is going on) benefit those of us who buy store-bought dvds, play single-player civ5 games offline, and don't need steam's help to keep our drivers updates, HDs defragged, etc.; or who don't play with cheaters, etc.?
Thanks!