michaelk

Why do you think GDPR does not apply in a game...? As I understand it, it applies across the board to all handling of data no matter the medium -- if the user is a resident of the EU or if the company is based in the EU. It only doesn't apply for companies outside the EU whose customers are also outside the EU. It doesn't matter if the identifier ties back to a person IRL. That's not what GDPR says. Reference the source material I linked in my previous post -- a unique identifier is PII if it can be used to differentiate one person from another, no matter if you can determine that person's real life identity! There's nothing under GDPR that says PII must tie back to an email or name. Character names, social media handles, primary key IDs...these are all considered PII because they fall under the definition of a unique identifier. That the account number "has no meaning" outside the game doesn't matter per the definition of the law.

Yeah, supposedly it isn't okay to have a passive opt-in anymore -- like those popups that say "by using our site you're agreeing to our cookie policy" (https://www.zettasphere.com/gdpr-consent-opt-in-examples/). People do it anyway. People ignore GDPR all the time. I do like the theory that the OP is just screwing with people and these beacons don't actually do anything lol. That'd be so freakin' perfect. Personally, not really paranoid about tracking like this...I don't think this thread would've gotten very far were it not for Hazaatan having an argument and Zeddrick bringing up the fact that identifiers count as PII under GDPR. Most people just accept this sort of thing or don't care.

Except in this case this is actually illegal IRL, at least according to GDPR.... If the OP is recording and distributing PII (see my previous post about identifiers) for any EU citizen, they are violating the law and the EULA. https://www.dualuniverse.game/legal/eula#article-5 According to GDPR, identifiers are PII and collecting/selling/distributing to third parties isn't okay. Yes, even though we're talking about freakin' game activities most people wouldn't care about and anonymous game IDs. GDPR still considers that personal data and as such is covered by EU law and the EULA.

I wouldn't call myself an expert on GDPR, but it actually does not matter if the unique identifier can be traced back to your real-life person. Wild, right? What matters is having a unique identifier, period. My IP address is PII because it can be used to build a profile of my activity and track me across websites. If I write code to create a seemingly nonsensical "token" derived from various data like IP, user agent, UA version, etc...that still requires GDPR compliance because it can be used to differentiate one user from another. Do I know who this individual is? No, but I can uniquely identify them. If you can use the data to differentiate one person/user from another, it's an "identifier" and PII...no matter if I can ever associate that data back to the person's RL name or email. As I mentioned, my RL experience with this is...tracking people using identifiers/tokens. Our system was not GDPR compliant, but also only served US customers so it wasn't a problem. Here's a good source on identifiers under GDPR: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-are-identifiers-and-related-factors/#pd3 From this source: https://gdpr.eu/eu-gdpr-personal-data/ Also consider the indirect identifiability -- as Zeddrick mentioned the possibility to use this data to get someone in trouble at work also covers it as PII under "indirect identifiability": The scope was meant to be very wide because (trust me) if you give advertisers or scammers any avenue for abuse, they'll take it, run with it, and set up a colony on the freakin' moon with it. Am I concerned about my PII in DU? No. Do I think this is a situation where the GDPR police need to be called up? No. Is NQ violating GDPR by allowing third parties to access/sell PII, even if only unique identifiers....yeah, probably...but who really knows if this is covered under the TOUs. I sure as hell won't read them!

This is such a good point! Under GDPR any unique identifier is PII, including things like a player name. As I understand it, even a randomly generated token is PII if unique to the individual, such as a player ID. Exposing this via API/LUA is basically giving it to third parties, so.... something NQ should really think about. The US has no federal concept of PII laws, but many states have laws similar to GDPR.

Okay, now we're back to talking about RL...fun! Let's assume someone placed the same kiosk near the entrance of a local mall. It scans everyone that enters or leaves the mall. There's no consent, no TOUs, no permissions granted. Is that illegal...? No, it's basically a security camera. They can write software and create a profile with various analytics, like how often you visit or the likelihood that someone in similar demographics will visit again. Yes, they can sell that data to third parties... To Hazaatan's point, it works differently in DU because it records your actual player name. The equivalent RL technology would be the same mall scanner, but with facial recognition that can attach your real name to the record. Now you have credit reports, social media profiles, etc...all because someone dared to walk by a scanner they didn't know about. Here's the screwy part...that's still legal in the USA. And yes, they could still sell that data to a third party. One of the few "regulations" that does exist has zero mechanism for enforcement and is basically written as a "please be responsible" guideline rather than a specific law: Source: https://uclawreview.org/2020/09/09/protecting-personally-identifiable-information-in-the-united-states/ The reality is that the USA has no concept of protecting PII in federal law. Not trying to be political, just trying to provide perspective and reminding people in the EU not to take GDPR for granted lol.

Okay, I understand that now. Everyone calm down lol.

First, there's a different between something being legal and me agreeing with it ethically. People use bots to scrape forums all the time. There's no way to obtain my real name (or any PII) from the data available unless I actually post it, so feel free to bot away. Bots are already scraping every post in this very forum, programmatically extracting emails for spam lists. That's why you don't post information like that anywhere.... In the same way, there's no way to obtain PII (personally identifiable information) from someone's in-game avatar in DU...which is what people keep repeating time and time again. No one cares if your avatar is logged when visiting a market. That isn't an invasion of privacy because that information isn't private. Nor is it remotely useful to track you as a human being... There's a LOT to be concerned about with internet privacy, don't get me wrong...but this isn't really at the top of any list.

Lol, people have some really weird ideas about privacy and law. This very forum uses Google Analytics...it's literally the first lines of the source code. You're being tracked as you read this very message. Collecting anonymous data without your consent isn't illegal in the US. Collecting data and selling it to third parties isn't illegal, either! You must provide an opt-out form per California's new law (CCPA)...that doesn't make it illegal to sell your information without consent, it just mandates a method to opt-out of such transactions and requires you to burry some text in your TOUs. Spamming people isn't even illegal, there's plenty of wiggle room in CANSPAM. Hate to break it to you, but the law in the US really doesn't care about your online privacy. I don't know what you think people will do with this data that makes it so invasive...

Contact Xsolla directly and tell them you need to cancel and will contest/chargeback any future charge. If they still don't cancel the sub, do exactly that -- contest the charge with your CC or bank explaining that their ability to stop a sub was confusing or not functional.

Yeah, it's standard practice.......but. DU uses products like DynamoDB, which isn't all that cheap. If their data has significant heft (which is likely), replicating production data for testing becomes very material (thousands per month). Sure, you can load it with production data only when testing -- but that isn't fast and still has some cost. If NQ's dev team is already facing a mountain of technical debt and looming deadlines that will make or break their company, it doesn't surprise me that a dev might cut some corners in the name of expediency...hell, they probably explained the risk to their boss, who decided that testing production data was too expensive and time-consuming. Not making excuses, still a bad decision and bad policy. Baffling they don't have the tooling required to identify/fix exploits right after (or didn't want to use those tools if they exist).

IP in this context stands for intellectual property. E.g. they could sell the game and tech to a different studio. I highly doubt this would ever happen, but JC was able to pitch this product to investors and somehow secure over $20 million despite never working in game dev before...so it isn't outside the realm of possibility.

Churn is inevitable with a sub-based product, especially one that hasn't really been updated in the 5 months since release. I doubt they expect subs to grow while in beta considering the lack of substantial updates. There's a lot they could do before giving up: They could push the game to release and delete these forums. Presto-chango, they have a bunch of new players and all their beta mistakes magically vanish. They could lay off a bunch of people -- which is the worst. We might have opinions about the game, but it is never good to see someone's livelihood affected by poor leadership. They could permanently close those expensive offices - I'd guess everyone is working from home, anyway. They could shrug and keep going. We have no idea how much runway they actually have left -- for all we know they still have funds enough for another two years of dev and they never really planned for beta users to generate significant revenue. Perhaps the reason they haven't amped up marketing/social growth is because they know the game isn't ready...and are saving those dollars for actual release. They could sell the IP and actually give up/go home, but I wonder if anyone would buy it.

A wipe doesn't make sense at this point IMHO. There's gong to be more issues between now and release. It isn't like their dev team will be gaining morale as time moves forward. They're facing ongoing churn, looming deadlines, and a project stuffed with six years of bugs. We just wanna play a neat game, they want to keep their jobs. Stress like that leads to shortcuts, which leads to more mistakes. In other words....if they do a reset tomorrow, there will be another exploit next month...so it isn't like it'll restore stability or fairness to the economy for long. A big part of beta is testing for scale -- resetting players back to square one would be counter-productive. NQ isn't just concerned about meeting some promise, it's critical that they are able to test for stability as the game's content grows. They probably see this as more important than (what they perceive as) short-term glitches in the economy. Should they have made an effort to reverse this damage...? Yeah, obviously....but records don't appear by magic. If they had ready access to a test server loaded with production data, this probably wouldn't have happened to begin with. Without that, there's no safe way to programmatically revert exploiters -- you'd risk further corrupting production data if you don't have a way to test such changes.

NQ had a very small window to execute a rollback. It might not have even been feasible if they didn't snapshot the data before the production rollout. This decision had to be made minutes after they realized the issue -- I don't know NQ's internal decision-making structure, but my guess is that JC made this call. Please remember that NQ's devs are spending all day wrestling with an old codebase trying to implement features that were never planned for while also trying to fix six years worth of bugs. I do sympathize. Morale is a huge deal in dev -- they're facing a narrowing timeline for releasing a big update, subscription churn, and mountains of tech debt. Disciplined release procedures aren't likely the top of their list. They might not even have approval to run a dev/test server -- DynamoDB can get pricey. 100 TB of storage is about $25k a month -- that's over 3,000 subs worth of revenue. Spinning up a dev instance is material at that scale (I have no idea how much they stash in Dynamo vs. Mongo or how much data they really have). They surely have a test environment, but possibly not a replication of production data due to cost. A careful reversion where they query the DB to precisely target and roll back exploiters...? That isn't necessarily simple -- it may not even be possible. We can only guess about what data NQ actually logs or how it is structured! If they don't even have a real dev environment to test changes to production data, doing a reversion like this would only introduce more risk. I'd be very nice to know how widespread this exploit actually was -- are we talking a small handful of players, or trillions in schematics? I guess time will tell?

It does matter. If terminology didn't matter and "no one cared", why would marketers be so eager to brand things as beta vs. alpha...? There's a reason the industry has abused these labels in marketing...they know that people will be more attracted to a beta product than an alpha. Not all consumers care about the labels, but enough do that it compels marketers. To be fair...if the point is "it's 4 months into beta, relax, it's not close to being finished" -- that point goes double for DU actually being in alpha. It'll take patience to see how the game evolves. Just remember that the game has been in dev for six years already. Not like these are early days and they have barely had a chance to dig in. Don't expect the pace of dev to rapidly accelerate as it nears release, and expect that "release" actually will mean "beta".

Yikes. This is the first I'm hearing of this...stupid work. Just like real life, my chances to become rich just slip on by. Does NQ not have dev/test servers...? Why are changes getting rolled straight into production without any testing, first...? I feel bad for whoever made the mistake...but this sounds like a general lack of discipline/caring from the dev team. There should be protocols for touching production data! I just hope they don't blame the dev/devs that screwed up but instead ask why the heck they were allowed to roll a change like this into production without testing...or if they did test, why it wasn't caught.

Yep, I've been through worse subs for sure. Hell, I've created worse subs than this by far...actual shady shit I'd rather not talk about lol. I appreciate that NQ added a real button in the account -- that's definitely an improvement compared to beta launch. Still, it really isn't that hard to create a sub system anymore. Plenty of providers other than Xsolla. Maybe they'll migrate to a new platform near launch.

Obfuscating the ability to cancel a sub isn't a best practice anymore and is increasingly uncommon. Most companies realize that hiding cancellation doesn't earn you more revenue -- it's counter-productive. If Netflix made me call in or hunt for a cancel link, the chance of my re-subscribing on a whim vanishes. It doesn't lower my desire to cancel, though. At the point where the customer wants to cancel, the only concern should be how to get them to re-sub later...if you make cancellation difficult when they've already decided to stop paying, you've shot yourself in the foot. Customers that cancel are also customers that once had interest enough to pay...it's good business practice to treat them as potential future customers rather than obfuscate cancellation for the sake of eeking out another month's sub due to annoyance. Visa even has new rules governing subscriptions which would have already gone into effect already were it not for Covid delays. Among other things, it mandates an "easy" way to cancel subs and requires a reminder email 7 days before any trial subscription converts to a paid one. I think younger people especially might not be familiar with the old school "hunt for the cancel link" style of subs...that doesn't make NQ "thieves", though. I don't think it is malice, just that they have other things to do and haven't thought about this UX (they definitely should, though). If you really have trouble cancelling, email or call Xsolla customer service and threaten to contest or chargeback future charges if they do not cancel billing immediately.

This is probably true. I think I'm especially biased against JC. It's just something about a PHD jumping straight into an MMO as their first ever game project and having a (perceived) lack of humility about the whole thing. I've said before that I can imagine exactly what sort of person JC is based on his titles ("CEO/Founder/Creative Director/phD"). Right or wrong, my opinion is that his leadership is a big driver of the game's issues -- and see it as an unsolvable problem because it's his company and he won't step aside to let more seasoned vets lead. I also think NQ has run into some bad luck with their rollout -- there's no rulebook for how to launch a product during an unprecedented global lockdown where people are generally more pissed-off about everything. Sure people are consuming more digital media...but they're also losing their jobs or not finding work, which hurts subscription-based luxuries like DU. I 100% agree with this...there's a lot of people that are so hooked on the premise of DU and its very real potential. I'm sure some of the negativity comes from this fact, too -- after following the project for so long and being fairly hyped for beta, it is disappointing to see the actual product. Honestly I should try to be more positive -- I don't just come around to talk shit and I hope everyone realizes that it's 100,000x easier to criticize something than to actually do it.

There's no social growth, like at all. Twitter, Reddit -- no one is talking about DU or engaging with DU's content. That's objectively bad. If the game were growing, so would social channels. They aren't. If only paid videos get views, this again underscores a lack of organic reach. Growing games have organic reach because people are actually interested in watching their updates/videos beyond paid advertising. I get that video views tend to increase over time (but not "always", not in significant numbers) -- and that I don't have real metrics. I'm not trying to "pitch to a client". Look at the actual context of the "event" videos. <5,000 people actually viewed the most recent event, despite NQ's email blast. Their email blast either has no reach or people aren't remotely interested in this content. There's no reason for this sort of video to grow in views over time as a one-off event -- the views they got in the first week are the views they can get through organic reach, which is truly awful. ...is your argument that DU's dismally stagnant social channels means very little and the game really is growing? Obviously I don't have access to real information or stats, but seems like I'm still right: there's low engagement all around and DU is not getting more popular. It doesn't take an "industry expert" to see no growth across major social channels and conclude "things aren't great".

A lot of people talk about how DU is "dead" or "dying". Unfortunately, I think that the few objective numbers we have tend to back up that claim. I don't think there's been a singular "mass exodus" but a slow and steady churn: 8 months ago (official trailer) 1.6 Million Views 7 months ago (pvp trailer) 742k views 4 months ago (beta trailer) 659k views 2 months ago (official building trailer) 167k views 3 weeks ago (DU: a look ahead) 10k views 1 week ago (DU Lost in transit event) <5k views Reddit ~50 people online on average, 8k total members, low engagement Twitter 15k followers, low tweet engagement all around I get that many people don't use social networking at all...but a growing game has a growing social presence...certainly not a shrinking one. Also, NQ no longer has any job postings -- maybe they filled them all (in which case dev should be going faster lol) or maybe they realize their runway isn't going to last for as long as they first expected.

Only NQ can answer if the daily login alone is enough "fresh currency" to avoid deflation...keeping in mind that the player base is churning (hard), not growing -- and each player that quits takes how many days of login cash with them into oblivion...? It is really absurdly baffling that NQ hasn't thought about the economy...like at all. I've never even heard of an MMO that lacks a way to print currency, but here we are. Considering how easy this test would be, I agree that they should rip out ore bots and see how it impacts the economy. If it really isn't working after a week or two, just put them back... Frankly, I've given up trying to figure out what NQ's devs actually do all day. It's been almost 5 months and there's been no major updates...yet somehow the game will be release ready by end of year...when they don't even know the basics of how freakin' currency works?! But sure, keep spending time on those wonderful events -- gotta earn those 4,000 youtube views somewhere, right?

No, "my boy", it isn't. It's a game with PvP as a feature. If PvP was soooo important, NQ would've spent more time on it -- it's an afterthought after six years of dev. It barely has an implementation at all today, hence the safezone and warp bubbles. Rust is a PvP game. Overwatch is a PvP game. These are products built with PvP in mind as the core gameplay element that simply do not function without it. DU isn't that. Maybe you want it to be, but NQ clearly doesn't or they would've invested their development time accordingly. Instead, they still don't know what to do with PvP...they still don't have an ETA or plan, or at least not one communicated to the players. Does that sound like a "pvp game"...? No, it sounds like a game that slapped PvP onto an existing design with no obvious cohesion and no plan. I don't agree at all with NQ's approach -- I think it is absurd and backwards and highly disingenuous bordering on false advertising. I wish there was a lot more development around PvP. A lot. The game will not work without robust PvP. But...I disagree with the idea that all it takes is ripping down the barriers that exist because NQ hasn't spent time developing their key features. The reality is that DU is still very much a game about building and that every PvP feature must keep that in mind to achieve balance -- it isn't as simple as actual "PvP games" where the game balance was built around PvP since its inception. Realistically, NQ doesn't have the design experience (or even like...basic planning skills) to handle this balance easily, nor do they have the development competence to iterate quickly to test changes...we're all in the same boat: a long, boring cruise until NQ can deploy actual changes.

You know you have nothing to say of substance when you resort to arbitrary judgement values like "carebear". If you care so much about PvP, how about playing a PvP game?! DU isn't a PvP game. It's a building game with PvP slapped on top as a crude afterthought, with core pillars of the PvP gameplay unknown or undecided by NQ...and with no known ETA on changes. Welcome to DU's Alpha. Be patient or just move on and play a game with actual PvP as a core feature. DU isn't that game. Frankly I don't understand how they will ever create anything close to "civilization" if they attract that crowd of people that loves to throw around "carebear" like it's the ultimate pejorative. Bears are great. Just visit pride sometime. Some people think combat is insanely boring (especially DU's version), others think coding in LUA all day is boring, others think mining and hauling is boring. If you can't get over the fact that different people like different things, why bother playing a multiplayer game at all...? Anyway....I'm over people whining because PvP doesn't yet work. Nothing really works yet. Everyone is in the same boat. It isn't because "carebears" want to avoid danger -- it's because NQ hasn't come close to finishing their game. Get over it, be patient, or move on.