Keep it clean
If you believe that a wish duplicates another one or is not meant for the category, use Options button above to report a duplicate or spam.
Add your wish
If there is an item you wish to have on GOG.com and it’s not yet on the wishlist, please add your wish
Don't slip into DRM swamp - stop using password protection on installer packages! completed
WOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!!!!!!!
@Merranvo: Actually, it was already covered in great detail in the thread.
Why it's DRM:
Before he left, TheEnigmaticT stated GOG's definition of DRM as something which forbid that kind of installer locking.
If that's not enough, it counts as DRM for me because it's an artificial restriction on how you can use what you paid for, not tied to any technical necessity.
Why being forced to use the installer is a problem:
It's a problem because, if GOG goes out of business or stops updating the installers and computers change to the point where they can't run them (like the 16-bit installers too obscure for Microsoft to provide a compatibility hack for in 64-bit Windoiws), then our only option for unpacking what we've paid for so we can use a future ScummVM-alike to run them on Windows 22 is to pirate Windows 7 and run it in something like VMWare... which is still much more hassle than just digging a CD-ROM out of the closet and copying the data files off.
...and if we just wanted to install it on our Android phone, then we rip the data files out and uninstall immediately... again, making it a pain for us and bringing no benefit to GOG beyond possible customer dissatisfaction among more technical users.
As for "Screw the Pirates!!!", I never said that in the thread. I said that this does NOT protect them because the malware-bundlers are more skilled than we are and this breaks the link between Windows installer signing and verification of the installer's contents.
(If a malware bundler gets the RAR password, they can inject malware as if it weren't there at all. That's why you need asymmetric crypto, not symmetric crypto. I explained how to do it right in the thread.)
Finally, regarding slippery slopes, while slippery slope arguments are fallacious, concern over moving the Overton window ("boiling the frog", metaphorically speaking) is not.
en.wikipedia.org/wiki/Overton_window
(That's how the U.S. managed to end up with policies where even the "liberals" are considered ridiculously right-wing by the standards of other countries.)
While I don't intend to make the kind of equivocation errors that Godwin's law is intended to prevent and/or punish, I would be remiss if I didn't also mention the famous poem, dealing with how it applies to a state's politics.
https://en.wikipedia.org/wiki/First_they_came_...
> Wrong. It was explained in the related thread already, no need to waste time explaining it again.
You only linked to the words of others, and the words of others were:
A) "I bought something that isn't supported by my system and even though GOG is tired of having to "support" people who keep bypassing the restrictions and how easy it still is to bypass, it is DRM and thus the end of the world"
B) "Screw the Pirates!!! Let them download malware... even though the PIRATES now call support and complain about malware. (Yes, pirates are stupid, and they historically HAVE done things like this).
C) "Somehow I don't have permissions to run an installer for a game, but want to bypass it on a computer I probably don't have permission to do so on"
No... no one explained WHY it is DRM, they just agreed that it was and complained over and over and over and over about it. There is a DIFFERENCE between having a large number of people agreeing on something and that something actually being true.
Does it force you to use the installer? Yeah... but are you free to do whatever you want with the files after it "installs" somewhere? Well, you sure are. Does the installer "call home" and otherwise lock up if gog.com isn't availiable? Nope. Does it keep track of keys or times executed? Is there ANYTHING other than forcing you to run the installer once to qualify this as DRM?
No.
P.S. Slippery Slope IS a logical fallacy, there IS no support, claiming otherwise invalidates your argument. So if you say "X will lead to Y which leads to DRM LAND!!!!!!" you are making a slippery slope argument which is a fallacious argument.
Thanks for listen us, GOG! :-)
No password needed anymore! Thanks, GOG!
I can live with simple password-protected archives, but I would think that if the goal is to ensure authenticity, listing the SHA-1 checksums for each archive would be percieved as a lot less intrusive.
willbeonekenobi: If anyone downloads GOG packages from invalid sources - it's their own problem if they get malware with it.
Guys one of the major reasons why they are implementing password protected archives is to stop people from modifying the install files with viruses, malware, etc and then redistribute those games. Then people download those games, their machines get infected with viruses and those people (who have not bought the game/'s from gog.com) would automatically think that the games will ship with viruses.
> Password protected installers doesn't count as DRM guys
Wrong. It was explained in the related thread already, no need to waste time explaining it again.
@Magmarock: How do you figure it doesn't impede my ability to play games?
If the installer doesn't work and I can't extract the files due to the password, but the game would work fine if I could extract it (i,e. it was not passworded).. then my ability to play the game has been impeded by the password.
The amount of people who don't understand what DRM is in this post is staggering.
sigh, I really don't like seeing people cave into this type of bullying. Password protected installers doesn't count as DRM guys, it's not impeding your ability to play your games.
I don't give a flying f. about passowrds or any sort of content controll that is not a part of the application itself. It seems more than fine for them to be able to identify who was the guy who leaked the content (to block him) or use a simple thing as pssword protection.
I just don't want any bloatware in my games. Whatever happens before, is pretty much fine with me.
Listen GOG: No DRM-Free, no party. OK? ;-)
GOG: Thanks for doing the right thing! Fellow GOG'ers: thank you for thinking hard about a viable alternative which solves the sniffing snag in IE and still does not hurt the Linux users using InnoExtract/ Wine. What a community!...; I'm proud to be part of it.
Yay! It's been so nice to go to the community and find the tag "complete" next to this wish!
I just bought three games in celebration :D
Thanks for listening GOG!, my wallet is still open =)
W00000t!!!! :D
Thank you for taking this step, but I'm not opening my wallet until I see what new methods you choose for similar functionality in the future.
Thank you so much for listening to the community regarding this! I'm very happy to be able to keep loving GOG and their anti-DRM stance.
Thank you very much, GOG, really appreciated your fast & good response! :-)
Interesting what this user-friendliness will be.
Thanks a lot GOG!
www.gog.com/forum/general/on_gnulinux_has_anyone_be_able_to_extract_the_rar_innosetup_installers/post470 - we've replied to your concerns, passwords have been removed, we will continue working to improve installers in other ways, to not have to password-protect files but improve technical usability on our end and user-friendliness on yours :)
Good to know how these installers can be unpacked. Shame that GOG uses a password, though. Not what I had expected.
I'm not surprised. GOG's complete unwillingness to accept payments through bitcoin (when Microsoft, Steam, Humble Store, Green Man Gaming and pretty much every other online game seller accepts it already) made it abundantly clear, where they stand on technological and innovation issues. Also, regional pricing. This was only a matter of time until DRM became acceptable on GOG.
What the fuck is this?
Alright, I guess I'm gone then. Bye bye GOG.
If GOG makes me jump through hoops to get to my games' data files, then I am leaving GOG. There are better alternatives.
@MasterS.249, @jedi5002: But they could decide to change to a different password-generation scheme at any time (or even use a different one for each installer) and, if that happens, figuring out the new scheme takes basically the same skills as writing a CD keygen for a warez group.
Ideally I'd like a zip file instead of an installer. However, the old exe files could still be unpacked like zip files if necessary. The password encryption makes that harder so that if you need to do it, you need that passwords. When you install in windows, the password is automatically entered for you. However, countless installers fail in later OS versions. If the installer is not encrypted then games can be made to work if we have uninhibited access to the installer contents.
@MasterS.249: No. The installers are encrypted with a password which is embedded in the installer. The password is the md5sum of the gog game id. See here: github.com/dscharrer/innoextract/issues/37#issuecomment-68115552
@Rixasha: So what happens there is that installers send requests to GOG.com which then decrypts the files? That's totally DRM :|
Another thing you all should also be considering is that GOG.com may not be around to support their installer forever, but the files will remain forever encrypted.
@ssokolow: So these .bin files are actually split RAR Archives? I see... usually that's because of Network issues users from different regions might have.
Wasn't password figured out already?
Are these data files from big games? Leftover files can be removed with Revo Uninstaller (or similar).
Correction: Now the newest design that has started to appear uses a big split RAR archive. GOG doesn't update all of their installers at the same time.
@MasterS.249: Windows installers used to be ordinary InnoSetup files that could be unpacked with innoextract or innounp if you just wanted the data files for something like the copy of ScummVM on your Android phone.
Now, they're an InnoSetup stub with a big split RAR archive and, if you want to unpack the RAR without running the installer, you have to figure out the password.
(The alternative being to run the installer, wait for it to finish, copy the data files you actually want, then run the uninstaller and hope that it doesn't leave anything lying around.)
Are you talking about Linux / Mac OS X installer packages?
Because Windows installers don't ask for password.
This is very inconvenient for the customer. I really don't like GOG for it. They should not make life harder for the customer than necessary. Deliver the game data and be done with it.
I'm sorry to see GOG going this way, both in terms of the encrypted installers and the updated TOS. To GOG: remember that a good reputation is hard to earn and easy to lose!
Mac installer isn't working on windows and that is really offensive to windows users. Get your shit together GOG.
NO DRM, Remember? Your core value? Hmm?
I have about 100 games on my account, a lot of them easily available via various non-legal downloading site. Bought them via GOG.com since I like to support the devs, I like the idea that people get payed for their work. Using password protection on installer packages, just makes me want to go back to downloading pirated games, - at least there is no bullshit added to illegal games. Sorry if i offend anyone, but this is how feel about this bullshit move..
I get a lot of GOG.com games going on real retro gaming PCs. It would be a shame for this not to work anymore. Especially early Windows 9x 3D games with the installer not working on them.
The11thPlague: It is like they've lost value, actually. If you're potentially breaking rules to do something that was previously allowed, the software *is* losing its overall value.
Not every game has changed its installer to this new packaging method, but this change seems to apply to any new games and games that have gotten updated installers.
I have a hundred or so games in my account that I haven't even downloaded. This feels like I don't really own my games to the fullest anymore. It's like games in my account suddenly decreased in value.
So this seems to be weak password protection to protect from malware groups... which has already been broken. Why did you even bother in the first place? To protect torrenters? They accept the risk when they choose illegal unsafe sources. This is really bizarre coming from GOG.
@UJH: Whats the Problem? Quite smple, we stumpled over this password protection while trying to get these games to work under Linux. Without password protection we can play our legally purchased windows games under linux. So begone thou vile password!
Guys.. get a life. What's the problem with that? OMGosh.
74 comments about this wish