I am known, when people recognize me at all, as either “The Webcomic Guy” or “the anti-DRM guy.” The word “crusader” is sometimes used in describing my opposition to DRM. While I’d much rather be famously funny than famously cranky, I’d rather be viewed as an eccentric grouch than simply bend over and suffer more injustice and insults at the hands of the industry’s increasingly inept efforts to thwart piracy by punishing people who pay for games. (i.e. non-pirates. Like me.)

I’ve talked about DRM in forums, in email, in my webcomic, on my blog, and – on exceptional occasions when I leave my lightless underground cave – with people in the real world. The problem of software piracy seems pretty simple at first glance, and people are always suggesting new and elaborate ways to guard against it. I mean, we’re just stopping people from copying data, right? That’s just keeping secrets. Cryptography. People successfully protect data all the time. What’s so special about computer games? What if the executable was encrypted with that cryptography that would take hundreds of years to break with a supercomputer? What if the game was on an external bit of hardware (like a USB drive) and not on the computer? What if the game was encrypted on the user’s hard drive and the key to decrypt it was stored on the DVD, which would need to be in the drive at all times? What if they just, you know, came up with a better system that just protects stuff better?

But here is the super-secret truth for all of you armchair cryptographers: It’s impossible. You can’t do it. I don’t care how smart your programmers are or how much money you spend, there is nothing that can prevent people from pirating a game short of never releasing it. I don’t mean “impossible” in the sense that we need better computers or more advanced cryptography. I mean that the idea of preventing someone from copying a playable PC game is impossible in the same way that giving yourself a piggyback ride is impossible. (A disclaimer: I’m talking about single-player PC games here. In an MMO, what you’re really paying for is the data streaming off the server, and it’s easy to protect that with a login.)

Over the years, DRM has employed increasingly sophisticated levels of encryption and obfuscation. They scramble the software and require you to go online to unscramble it. Little traps are hidden in the program to lock it to your particular PC, to require the disk be in the drive, or that you enter the third word in the second paragraph on page eight of the manual that rhymes with “tedious.” But all of this is a waste of time if I’m trying to prevent you from copying the game, because sooner or later the full, functional, unscrambled data has to end up in memory if you’re going to actually play the thing. No matter how many locks I put on the software, I have to open them all up in order for you to play, and at that point you can plunder the data and sail away with it.

There is no way for me (the publisher) to let you (the gamer) run a program but somehow not duplicate the thing. It is just as impossible as giving you a book that you can read but can’t copy. Sure, I can make the book harder to copy. I can print it in low-contrast text that foils cheap photocopiers. I can print it on a busy photocopier-confusing background like a big book of CAPTCHA. I can print it with just a few words per page, which will make it insanely expensive to reproduce. I can make it difficult for you to make copies, but as long as it’s possible for you to read it, you can copy it, even if it means re-typing the book yourself.

So this is why games are so readily cracked: The job of DRM is to let you have the game without letting you have the game. Good luck with that.


The “problem” is that the gamer has complete control of their machine. They can run other programs, change the way the operating system behaves, examine the stuff in memory, or do whatever else they like with the data. This is not true for (say) an Xbox. An standard-issue 360 won’t run pirated games, and the hardware must first be modified if you want to do that sort of thing. But personal computers are open by default, and the only way you could stop someone from doing what they want with the game would be to seize control of their machine at some level. This is what the infamous SecuROM is clumsily trying to do: To stop you from being able to do pirate-y things with the game. It also tends to get in the way of other non-piracy operations, which is why people hate it so much. The publisher installs SecuROM in an attempt to hamstring your machine so that you can’t copy the game. And everyone ends up running SecuROM, not just the guy who wants to crack the game. SecuROM can’t actually work, but Sony DADC is obviously willing to put out new and ultimately doomed versions of SecuROM as long as publishers are willing to pay them for it.

Okay, fine. I can’t stop everyone from pirating my game. But DRM is still worth it, because if I make the protection just 10% stronger, I’ll have 10% fewer pirates, right?

This would be true if everyone had to crack the game themselves. But thanks to the filesharing orgy going on 24/7, once somebody cracks the game (and remember it’s impossible to stop them from doing so) then they can take the DRM-free version they’ve constructed and share it with everyone else on the internet. No matter how strong the DRM is, once it’s broken, it’s broken for good, for everyone. Any pirate can have a free copy as long as they’re willing to spend the time downloading it.

Compare two games: One is BioShock, which had SecuROM, online activation, disk-based protection, and likely lots of other hidden surprises for the would-be hacker. The other is Galactic Civilizations, which had no real protection at all. Yet the process of pirating both of these games is exactly the same: You search the torrents and download it. The DRM has no effect whatsoever on how many people are able to pirate the game. It only affects how much fun it is for the initial cracker to bust open, and for that guy, the tougher the DRM, the more satisfying his inevitable victory. The best a publisher can hope for is to slow him down. And since most games appear on the torrents on or even before release day, I don’t think publishers are getting much out of it.

Think of all the millions of dollars that have been spent developing and licensing increasingly convoluted forms of DRM. Then add the money spent providing support to irate customers when the DRM fails and locks them out of the game they just bought. Also add in the ongoing cost of running activation servers, their hardware, bandwidth, and support staff. Then add the money publishers lost when people decided not to buy the game because of the DRM. That’s a pretty big pile of cash and a lot of unhappy gamers. And for what? Games appear on the torrents on day one regardless.

As someone who is on record saying that games are good and more people should play them, I’m saddened to see so much money squandered on impotent DRM schemes when it could be spent making more and better software amusements, or at least making the developers richer. Actually, I don’t care how they spend the DRM money. They can put it in a garbage bags and use it like a beanbag chairs if they want to, as long as they stop spending it on DRM. Spending money to make your product less valuable in an effort to punish people who aren’t your customers is like setting your pants on fire to keep them from being stolen. While you’re wearing them.

EA Games has recently announced that they’re dumping their heavy-duty activation-driven DRM for The Sims 3, but I doubt they’ve actually internalized the problems I’ve been pointing out for years. I imagine they see it as a public relations problem, not a you-can’t-do-that-in-this-universe problem. Because the only thing more impossible than DRM is convincing publishers that it’s impossible.

Shamus Young is the author of Twenty Sided, the vandal behind Stolen Pixels, and he STILL refuses to buy the PC versions of BioShock, Mass Effect, and Spore.


You may also like