The Long Journey Home

The Long Journey Home

View Stats:
This topic has been locked
BuffPanel Spyware scandal
BuffPanel Spyware scandal

Hello guys. I'd like to put my thoughts on the issue. Original thread is closed, so I'm posting it here. I explicit here that everything I say is my opinion, everybody is free to disagree.

I see most ppl weren't worried about the data marketing by itself, but about the abusive way the spyware was added.

Spyware is a software aimed into spying the user. Simple as that. As a spy, it won't come telling you it is coming, it will come hidden. I see that the game warned about it, but still had no user-friendly way of uninstalling/blocking it, and had no opt-out.

What it did have was some quick words saying what domain the spyware was sending data to, and how that domain could be blocked. That's not acceptable for me.

About the consent/option. I see no value in a opt-out, if there's no opt-in. As some compared, it's not acceptable that a thief enters my house, steals my stuff, then teaches me how a lock works.

*First* you make sure your user knows about your tracking tool and explains what it does, how it does it, and what data will be collected and how it will be used. Then you offer the opt-in. With "not accepting" as the default option. Opt-out is just a feature for ppl that had opted-in to change their decision and remove it.

Note that spyware also means softwares installed by shareware setups, which in small lines say they are gonna install some other stuff, but the "install it" checkbox is checked by default. They just hope the user will click next without reading, or will read it and not understand what it is. Maybe think it's some install setting and leaves its default.

So, yeah. An ethical opt-in doesn't leave the "install it" or "send me emails" checkbox checked by default.

But, why did Daedalic do this? First, we must understand a company has departments. It's not uncommon for multiple departments touch the product or service being offered, without the coordination of other ones. I'm sure game creators didn't approve this idea.

I guess the game was below its goal, both on sales and on visibility. Then Daedalic's marketers decided to put money on its marketing. Steam has features to give visibility to games: it has price threshold lists for cheaper games, it has sales and free periods announcements, and of course publishers can pay money to have their games on home page.

But their marketers wanted to spend less then that. They decided to pay youtubers to talk about the game. But such marketing has issues of lack of efficiency information. How many orders a given youtube video actually generated? If there are many videos, which one generated more orders? It's always troubling to spend on marketing campaigns without knowing their effectiveness. And, as more precise the effectiveness info, less money is wasted on ineffective actions and more expensive becomes the effective ones.

One way of having more precise data is taking it from buyers. In this case, see with them from where they discovered the game. There are many surveys done asking such things, sent to customers after they have made an order. But surveys still have problems: many ppl won't answer them, or lie on them, or simply not remember.

A more reliable approach is just have a software on customers' PCs, which reads their browser history and look for views on campaign sites and videos. When somebody had bought the game and the day before he saw a youtuber saying the game is awesome, gotcha!

Daedalic's general and Steve's specific behavior shows how the company sees invading their customer's privacy and I agree with most talk on original thread. They could just have asked, but chose the privacy invasion path. I just guess how they believed they wouldn't be discovered. Maybe the spyware was installed on december, and it was alrdy planned to be uninstalled on january? Maybe they believed nobody would find out in time during this timeframe?

Notice also how such companies value A LOT the mass data they collect, but they don't value AT ALL each customer. It's cheaper to just get into and grab our behavior without our consent and leave, than to ask us and have us answer a survey. And accept when we don't want to.

A couple guys expressed it's no issue to them. I totally respect that. They can pretty much let spywares wander freely on their PC. Somebody cited that some ppl open their lives on webcams to the world. There are also sites that pay little money for ppl to answer hundreds of surveys or click on banners. In the same way that nobody is forced to register to and use Facebook. It's their choice.

Nobody is suggesting to prihibit Big Bother or youtube lives. We just wanna know before it's done and the option to say NO. And have it respected.

A decade ago I started working on Wordpress web development and created a couple personal site, and together with that I registered a few domains and started creating a unique email for each registration I do. A few of these registrations, some being paid services, sent me spam. Those spam say nothing about the site where I registered and have no noticiable relation to them. If it was the same email registered on a handful of sites I'd never guess who leaked my email. It's rly annoying to pay for a service and have them sell my email and send me spam.

Pi-hole is indeed an incredible tool. I myself use BIND for years. It's a DNS server that works on Windows and Lix. yoyo.org has a txt list of bad domains that's compatible with BIND settings and blocks them all and I have a bunch of personal blocks myself. BIND's advantage over hosts file is that we can wildcard block all domain's subdomains at once. Pi-hole also does it. I have now whole buffpanel.com blocked. I rarely see any banner on any website and when I browse on other places I get scared on how many banners are presented nowadays.

I also wanna word my concerns on Steve setting his post as the highlighted answer to Henry. It'd be totally fine to create another thread, post an official statement and pin it. This action shows that Daedalic's officially doesn't respect our consent to not be spyed, and also our free speech. Add to it that once the campaign had ended he locked the thread to let it vanish as it goes old.

It's extremely annoying to be flooded with spam and banners and have companies spying on me or forcing me to provide my behavior data to be allowed to use their product, even free ones, and have to waste my time protecting me, to then have them talk as if it was fine, claiming their lawyers approved it, and even suggest we're freaking.

These kinds of behaviors is one of the few things worth fighting for, IMO. I wanna buy a game and play it as much and as long as I want to, not pay for extra lives or lootboxes. What makes me fine with Origin Access and Xbox Game Pass is that they don't force us to subscribe them, as there are no exclusive games available only by subscribing. That's respect to our choices.

I hope spyware is also banned and hopefuly made illegal in future laws, as proper opt-in.