Could you clarify that first part? I'm not really sure which possible interpretation of "Being relatively inexperienced with hash checking methods" is applicable here.

As for the second part, do you feel up to looking through what I've written, both here and on the reddit thread and then finding and responding to the simpler, more obvious inaccuracies in blog posts and news posts as the news spreads?

1. Point out that RAR encryption has nothing to do with catching corruption. Garbage in, garbage out. The CRC32 or BLAKE2 hashes catch corruption and they function the same with or without a password. (UnRAR doesn't know whether the output of the decrypt phase is gibberish. Decryption just converts one bag of bytes into another. The only way you know you have the right password is if the result makes sense and that's the job of the hashes. The only reason you need a password before you can try to extract is that, unlike Zip, RAR also encrypts the table of contents to hide any incriminating filenames.)

2. Point out that RAR encryption is worthless at protecting against malware being added because it's symmetric crypto, which means that the key you use to unpack it is also the key GOG used to create it and, thus, the key crooks need to add malware.

3. Point out that, even for Windows users, there are perfectly valid uses for unpacking the RARs without running the installer. (Like playing enhanced Duke Nukem 3D or Dungeon Keeper via EDuke32 and KeeperFX without having to install the game just so you can copy some files out and then run the uninstaller.)

4. Point out that circumventing the restriction doesn't change what it is. (Just like how a crack doesn't retroactively make always-online DRM no longer DRM.)

5. Point out that this kind of "artificially vendor-added (Digital) Restriction on what paying customers can do" meets the definition of DRM given in that quote by TheEnigmaticT (who was speaking on behalf of GOG's official position)... especially since it's a great candidate for being stripped from pirate releases. (Also a good indicator of DRM)

6. Point out that what Gowor claims to want are digital versions of tamper-resistant screwheads (like on the Gameboy Advance and Gamecube) and holographic, tamper-evident warranty seals and there are proper, well-understood ways to get that in the digital world which are quite distinct from RAR encryption.

UPDATE: As Rixasha said, point out that, in some parts of the world, copyright law bans bypassing restrictive measures, no matter how trivial, and that could scare off people who want to automate unpacking the RARs. (It's far too likely that, in the legal world, a RAR password would be seen as a restrictive measure by default, while a "customized" RAR header or something else similar wouldn't. Everyone knows lawyers are subject to human failings... they can just ruin your life if they make a mistake.)

...and feel free to PM me if there are places you think I should come in as a knowledgeable party.

I don't think there's any real problem, neither technical nor legal. You pretty much agree to the EULA when you buy the game. If that's not enough, adding an "agree to EULA" page when you click the download link should cover it.

It's also possible to create an installer that can be renamed to 'zip' and opened as one. I've seen that, and I think it was pretty common at one point. That would offer both benefits (and easy way to install and a way to get the files on any platform without installing).

One of the two stated reasons the RARs are passworded is because Gowor is worried about Internet Explorer handing them to WinRAR without the user knowing any better, resulting in ignorant people mis-installing them and wasting support's time.

That's why I suggested modifying the RAR header and letting knowledgeable people use something like my one-line Python script to change it to normal RAR if it's really intended.

If IE honors server side switch for disabling content sniffing, there is no need to mangle binary files. It just feels wrong to do it in such way to workaround some sick browsers out there. That said I didn't test such scenarios myself.

Which is a good indicator and counter argument to those who claim that this isn't DRM. Anticircumvention laws is a corrupted scheme to advance various interests of DRM proponents using the DRM they deploy as a bait tool. So if any "measure" is affected by those laws, it's undeniably a form of DRM.

Sorry to confuse you, I meant I know what hash checks are overall, but most of the other things being said go way over my head. More "awareness" and giving the right kinds of informed messages is what I meant, and you've more than given us a good amount of points to make.

The second, I've been trying to upvote a good reddit thread /r/linux_gaming and the points made in it that I've found interesting or fodder for further conversation. Added my own voice, too, though I'm initially pessimistic. You can be burned many times, and then you start to think you always know when something's about to go wrong.

Regardless, it is important to say "I think you fucked up" to GOG. Can't keep things like this in. You speak up because you care. Better to communicate exactly what's wrong so that it stays clear between both parties and trust can be gradually regained.

No, because that's not how DMCA works, for it to fall under DMCA you need to have the right owners fill a complain about it, given that somebody from said right owners said on this very threat that he don't care if you bypass the encryption and said that it wasn't meat as a DRM or anything, it would be very hard (not to mention extremely stupid) to pull a 180 and start raising a DMCA complaints.

If you want to go full paranoia here you could also fear that GoG decide someday to claim that extracting the installer without executing it is also a "circumvention" as it allows you to bypass the EULA and other similar things.
No, you got it in the wrong order: it's not because is fall under the anti-circumvention part of DMCA that it become DRM , it is if it was DRM that it would fall under the anti-circumvention provisions.

If the right owner don't consider it DRM (or cannot prove that it's an "effective" measure, whatever that mean) then you can "circumvent" it all you want.

However, as I pointed out when I went back to update one of my earlier posts, misunderstandings just like that could potentially have a chilling effect on the development of scripted unpacking solutions.

And ? you want to use the file in a unsupported way, how is it "abnormal" that you have to have some extra hassle to do it ?

Being able to extract the installer is an "accident", a side effect of GoG using InnoSetup, not an advertised feature or a "core value" of GoG. If tomorrow GoG decide to switch to an installer that doesn't have an available extractor you could lose this "feature" altogether.

Your definition of DRM is narrower than mine and the one TheEnigmaticT espoused on behalf of GOG. I bought it, therefore I shouldn't have to deal with artificial and unnecessary extra restrictions on how I use it.

But the thing with the way how vague DMCA is worded is that it could also perfectly apply to using InnoExtract to extract the regular installer, nowhere in the EULA it is said that you are authorized to do that, and the "chilling effect" didn't really work if this thread is any indication.
It's not a "restriction", you can do it. Install the game on the supported OS, copy the files, do whatever you want with them, no restriction here. An extra inconvenience ? maybe, but not a restriction.

The fact that the games are closed source is also a "restriction" as it prevent several of them from working correctly on Linux or other OS, you could say it's an unnecessary extra restriction, especially for older games, do you consider that as being a DRM ?

I got it exactly right. Anticircumvention laws express true intention of those who brought this whole unethical concept into existence (DRM). And as such they are a very good indicator. If the legal system marks something as being affected by them, you can call it DRM. It's not a definition of course, just another way to identify it. DRM and anticircumvention laws are two sides of the same coin. They are basically inseparable.

The part about filing here is irrelevant as long as they can claim that it's circumventing a "protection measure". They can't claim it just about anything, but about this they surely can. So it is DRM. You are right, if they don't claim it, those who break that DRM aren't likely to be persecuted, but it's about the fact that they can. DRM doesn't need to be broken to become DRM. DRM is DRM because it is.

Not everyone has "the supported OS" and the password is the only thing which imposes that restriction and it's a restriction because figuring out the password algorithm was in the same class of tasks as writing a crack.

(I actually learned enough about cracking to crack an old piece of "register for free to get a nag-killing key"-ware back around the beginning of the 2000s because the author had fallen off the 'net, so I can say from experience that cracking some things is easier than figuring out that the installer was using MD5 of the game ID for its RAR password.)

Just because people have cracked a copy-protected game doesn't stop the code they cracked from being DRM and just because we found the password doesn't stop it from being designed as a restriction.

As for availability of source code, a term like DRM is defined by its utility. We already have a term for that: "closed-source" If you redefine DRM too broadly, it'll lose its utility and people will come up with a new term.

That's why my typical test for whether something is DRM is "Is it an intentional attempt to artificially restrict how you can use what you paid for? Is it something that affects paying customers but is circumvented by pirate release groups? If both are true, then it's DRM."

Using InstallShield would have failed the "intentional" test.
Lack of source code would fail the "circumvented by pirate release groups" test.

DMCA is just an American law.
My local variant seems to have an exemption on software.
Others may not be so lucky.