Civ7 now includes Denuvo

[Zecon365]

I'm still excited for Civ 7, but I definitely will not be buying it as long as there's Denuvo. The online requirement (even if it's not an always-online requirement) is horrible for archiving and game preservation. The company behind Denuvo will not be around forever, and Firaxis will not be supporting Civ 7 forever. Verification servers will go down for good eventually. If Denuvo isn't removed from Civ 7 at least after development officially ends, and assuming nobody figures out a way to crack the game to be Denuvo-free, then every day the risk increases that you will not able to play Civ 7 eventually because of Denuvo's online requirement. People deserve to be able to freely access the things they've bought without obstruction for eternity, because they own them. Buying a game shouldn't be a temporary license to play it, no matter how long that license lasts.

 

[number51]

Steam refunds exactly 0.0% of the requests it receives.

LOL good luck trying to get a refund from that nameless faceless monster corp!!!

 

[Siptah]

Steam refunds exactly 0.0% of the requests it receives.

LOL good luck trying to get a refund from that nameless faceless monster corp!!!

I never had any problems getting a refund from Steam.

 

[Atlas627]

Steam refunds exactly 0.0% of the requests it receives.

LOL good luck trying to get a refund from that nameless faceless monster corp!!!

Well that's not possible, because I and many other people I know have gotten refunds via Steam. Is this supposed to be satire and I've missed the joke?

 

[Ogro]

Good luck. The company that makes the software doesn't release much information to the public because they prefer for us not to know how it works.

What we do know:

• The executable cannot run without first being decrypted.
• The decryption step cannot happen without an authorization token from Denuvo, which requires an Internet connection.
• The tokens are generated based on a collection of information sent to Denuvo, which includes the hardware configuration of the computer that the game is installed on.
• The Denuvo-wrapped game runs in a virtual machine, which can impact performance.
• The combination of the virtual machine and the encryption make Denuvo very difficult to crack.
• Modifying the executable (and possibly the DLLs) will cause the decryption step to fail, which can impact modding capabilities.
• The game can only be installed on X computers in a Y hours. Based on the Steam information, it's 5 computers in 24 hours for this game.

What we don't know:

• Exactly what information is collected by Denuvo.
• For how long a token is valid; or, how often the game has to connect to Denuvo's servers.
• What Firaxis plans to do if Denuvo stops supporting its software in the future and its servers are no longer available.
• Whether Firaxis plans to remove Denuvo at some future time.

I would add to the list the allegation that some part of Denuvo remains even if you delete the game. That is definitely something we should know more about.

I just found a group in Steam that lists the game that uses Denuvo, named Denuvo-Games. Very handy for concerned people.

Based on quick google research, it seems game with Denuvo released from 2023 are indeed being cracked less. Which will unfortunately prevail when corps are making decisions. If they can avoid cracked competition when the game is at its highest price (beginning of the product life cycle) , then it is worth it. They won't care as much of cracked competition when the game is selling cheap later on. Remember that they are not aiming at 100% thieve proof, but enough that makes it not worth it.
Will it be a liability for users? I am sorry if you live in "America" and still think it is about the people and not the money.

 

[Dale]

Steam refunds exactly 0.0% of the requests it receives.

LOL good luck trying to get a refund from that nameless faceless monster corp!!!

Not true at all. I have refunded a number of games purchased pre-release, and refunded pre-release. One of those was Humankind, which was also a Denuvo game, so I refunded before release. Once Denuvo was confirmed gone, I pre-purchased again.

 

[Professor Phobo]

Never been denied a steam refund myself.

 

[Gedemon]

I would add to the list the allegation that some part of Denuvo remains even if you delete the game. That is definitely something we should know more about.

it's just the token, a single file, which is inert.

 

[thecrazyscot]

I haven't participated in this discussion yet as I've been trying to avoid any knee-jerk reactions. But after a bit, I think I can honestly say...I don't care. As long as I can run the game fine it doesn't bother me. And if it's the same implementation as Marvel Midnight Suns, it shouldn't negatively impact me. The 2k Launcher causes me some startup problems with MMS, but not Denuvo.

Buying on Steam means I don't own my games anyways, it's licenses all the way down. Fortunately, Valve is pretty flexible with refunds and if the game does become unplayable I'm confident they will provide recourse.

Now if Civ7 ever came to GOG, I'd happily buy it there instead. But that won't happen any time soon, or ever.

 

[pokiehl]

Are we sure it (or some other Denuvo file) doesn't communicate back home? We know that Denuvo does so periodically, it doesn't seem absurd that Denuvo might initiate that in some way even without launching the game. If the token is just an inert file, why do EULAs specifically forbid us from deleting it, even after we've uninstalled the game the token is for? Has any of this been audited by a third party? I don't think these questions are tin-foil crazy to ask.

I checked the Persona 3 EULA that you (or someone else found) that has the typical Sega Denuvo portion. It doesn't say anything about you not being able to delete whatever that file is. Is there another game?

Also, Irdeto acknowledges the undeleted file from uninstall on their website and says you can just manually delete it. I think Gedemon is right.

 

[Gedemon]

Are we sure it (or some other Denuvo file) doesn't communicate back home? We know that Denuvo does so periodically, it doesn't seem absurd that Denuvo might initiate that in some way even without launching the game. If the token is just an inert file, why do EULAs specifically forbid us from deleting it, even after we've uninstalled the game the token is for? Has any of this been audited by a third party? I don't think these questions are tin-foil crazy to ask.

It's the Denuvo code in the game's file that call home, which, as I understand it, is the reason you'd have to launch the game once before going offline if you want to be sure the token is valid for your current PC configuration. There could have been a driver/windows update after the last time you've launched it, and the time you're going offline for example.

edit: ironically if there was a part of Denuvo installed outside the game to do the check periodically, you wouldn't have to worry as much about being locked out of the game when going offline at the wrong time.

 

[Gedemon]

Yes, I understand that's how they say it works. But I'm asking if this has been verified by a 3rd party audit or the like? Again, this wouldn't be the first time that DRM software did more snooping than it claimed to on the tin.

it's also from the link I posted earlier

Denuvo - PCGamingWiki PCGW - bugs, fixes, crashes, mods, guides and improvements for every PC game

www.pcgamingwiki.com

Based on data gathered from protected titles on Steam, Epic Games Launcher, and the Microsoft Store[Note 6] by monitoring external operations performed by the anti-tamper component through the use of Process Monitor, Fiddler, and in some instances also Wireshark, they all follow the same general procedure and makes use of the same servers and APIs in their online communication. A basic overview in how the anti-tamper components interacts with the system is quite minimal:

1. At the launch of a game a validation of the offline token is performed.
2. If the offline token is invalid or missing, an appropriate request code is generated based on the system environment and sent to an online server.
3. The online server responds with a corresponding response code.
4. The local anti-tamper component uses the response code to write a new valid offline token to the local storage drive.
5. The game continues to launch along with the now valid offline token.
6. On subsequent launches the anti-tamper protection will automatically load and make use of the offline token stored on the storage drive, up until said token is made invalid again.

If the online connection fails the user will get a manual "offline" activation option where they can make use of a secondary online connected device to retrieve the corresponding response code, an option not available for either Origin, Uplay, or possibly other supported platforms either

 

[pokiehl]

From that Persona 3 Reloaded (2024) EULA you just mentioned:

Hmm, I’m not reading it the same as you are. I’m not making the connection between the file and the “disabling the software.” That’s a really vague statement to me, hard to pin it down to specific items like that. Also, it is standard to express that disabling the software voids the EULA.

My interpretation is that this flatly contradicts your claim. And of course there's the even more alarm-bell ringing clause:

What potential harm are they denying liability for? Considering the customer has no relationship with Denuvo, how could they recover damages from Denuvo if harm does occur? Why bother with this clause if there's nothing but an inert token file living on a disk? It's not the first time I've mentioned these questions before, and there's never been a better answer than a stony silence or a "don't worry about it".

That's pretty standard CYA language for anything. This language about denying liability, mentioning damages etc. is also in the Persona 3 general EULA itself, outside the Denuvo section. Actually, I believe you'll find similar language in any modern game's EULA, period. It's also in Civ 6's, for instance.

That Irdeto's website contradicts written EULA makes me trust them even less.

I don't believe it contradicts, but of course I think we have different interpretations. There's also the general question of why only certain games have a Denuvo EULA and not others. My guess is SEGA's legal/contracts team is more conservative.

Yes, I understand that's how they say it works. But I'm asking if this has been verified by a 3rd party audit or the like? Again, this wouldn't be the first time that DRM software did more snooping than it claimed to on the tin.

Irdeto says it does subject Denuvo to independent evaluations on their website.

 

[Kwami]

To be fair, it's always been that way. Even when you owed the disc, you didn't own the game, just the license to play it. Same thing with music or films. It's just that these licenses are being steadily more enforceable for the past decade or so... What I miss most from physical copies is the ability to lend / borrow games from friends (even though that might have been technically illegal at the time too).

Yeah, but if you didn't accept the license or violated the license of a game that had had on disk, what were the publishers gonna do about it? Come and take your disks away?

It's different now. They can just take your game away.

 

[pokiehl]

I could definitely be misinterpreting it. But how much do your trust your interpretation to hold in court (or in arbitration) against Irdeto's / SEGA's lawyers? Do you trust them to not argue for the interpretation that most benefits them? The point of a contract is to have something to defend you when your back is against the wall - if you don't trust it to protect you when it really counts, then it's worthless. This is true both from the customers POV, and Irdeto's / SEGA's.

I'm not perceiving that any differently than any other EULA of any other game I play, with or without Denuvo. Meaning, I'm not sure how the portion of the Denuvo EULA is any more frightening or onerous than the general P3 EULA or Civ 6 EULA. All of these protect themselves against broad damages, specifically mention possibly damaging your computer, legally bind you to arbitration, etc.

If you perceive the SEGA Denuvo EULA as alarming, then it would stand to reason that all of these EULAs should be equally alarming to you, right?

My starting point is that I don't trust Irdeto. You keep asking me to trust Irdeto when they say they're trustworthy. That is not going to work.

I hear you, but that's the only source we have. If you come at it from the perspective that it's a poisoned well, then there's no other source to go to and we're just left with speculating to each other. You gotta start somewhere.

 

[Thormodr]

But we have no idea how much net profit they'll make that way. That other publishers have changed their mind in the past (and assuming they're no less competent than 2K), suggests the margin one way or the other is very thin. Indeed, the same free market economics your invoking would conclude that Denuvo ought to be priced close to the break-even point to maximise Irdeto's own profits. It's simple maths man. And it also suggests that a boycott is likely to work, for exactly that reason. The observation that such boycotts have worked in the past strongly corroborate that.

And, I don't know about you, but I care more about protecting the integrity of my PC, my data, and my long term ability to use a license I purchase than a marginal change in 2Ks bottom line. Even if Civ7 gets pirated as much as Civ6 we know they'll still make enough money to develop DLCs, expansion packs, and keep the franchise going - because that's what happened with Civ6.

Very well put. Thank you.

 

[Dale]

The point of a contract is to have something to defend you when your back is against the wall - if you don't trust it to protect you when it really counts, then it's worthless. This is true both from the customers POV, and Irdeto's / SEGA's.

That's not actually true. The purpose of a contract is to formally establish a relationship, and detail the rights and responsibilities of each party to the contract. It's not designed to defend you. But you can use a contract to enforce the other party/ies to comply with their rights and responsibilities, or claim damages when they do not.

I hear you, but that's the only source we have. If you come at it from the perspective that it's a poisoned well, then there's no other source to go to and we're just left with speculating to each other. You gotta start somewhere.

You have to admit it is suspicious that they SAY they're externally audited, but never publicise the audit's findings. That really lowers the trust level. And believe me, this is the same people who were responsible for SecurROM. They are coming from an already extremely low point of trust after the Sony rootkit thing.

 

[Linklite]

To be fair, it's always been that way. Even when you owed the disc, you didn't own the game, just the license to play it. Same thing with music or films. It's just that these licenses are being steadily more enforceable for the past decade or so... What I miss most from physical copies is the ability to lend / borrow games from friends (even though that might have been technically illegal at the time too).

The difference between owning and not owning but the "owner" being unable to effect those rights in the vast majority of cases is pretty academic. Unless you're a pirate king or similarly destructive to profits, it just wasn't something that really affected you because they're not going to sue you over not accepting a patch.

These days, it's enforceable...and it can very much be problematic. WotC keeps forcing changes through to their digital D&D service...whether you want those changes or not. Very much closer to home, Civ6 on my Switch was rendered effectively unplayable by an update, and there's nothing I can do to fix it that won't be illegal.

And yes, I miss being able too loan games too.

 

[Kwami]

The difference between owning and not owning but the "owner" being unable to effect those rights in the vast majority of cases is pretty academic. Unless you're a pirate king or similarly destructive to profits, it just wasn't something that really affected you because they're not going to sue you over not accepting a patch.

These days, it's enforceable...and it can very much be problematic. WotC keeps forcing changes through to their digital D&D service...whether you want those changes or not. Very much closer to home, Civ6 on my Switch was rendered effectively unplayable by an update, and there's nothing I can do to fix it that won't be illegal.

And yes, I miss being able too loan games too.

They can also just take the game away for no reason at all. They could, at any time, simply remove it from Steam and render it legally unplayable. They could also turn off their authentication servers and achieve the same result. Then what?

I wrote a lot about why Steam was a bad idea all those years ago, but I lost the argument and now here we are. I just hope that it doesn't get worse. Denuvo is definitely worse.

 

[GIO888]

I have played Civ since 1991.

I have 9,800 hours on civ VI, according to steam. (I know - I don't get out much...)

But if Gedemon doesn't like something about Civ VII, I'll wait to buy it til they do!