It’s amazing what a difference a little bit of time can make: Two years after kicking off what looked to be a long-shot campaign to push back on the practice of shutting down server-dependent videogames once they’re no longer profitable, Stop Killing Games founder Ross Scott and organizer Moritz Katzner appeared in front of the European Parliament to present their case—and it seemed to go very well.
Digital Fairness Act: https://ec.europa.eu/info/law/better-regulation/have-your-say/initiatives/14622-Digital-Fairness-Act/F33096034_en
Games should be required to have reproducible source for all components (client and server) sent to whatever the European equivalent of the Library of Congress is, to be made available in the Public Domain whenever the publisher stops publishing them.
Not only games. Goes for all electronics as well.
Sick of supporting your ‘old phones’? You’re required by law to disclose all binary blobs as source code to let somebody else pick it up the slack.
Feeling like bricking old Kindles? Fine, but users must be able to install alternative OS on your old device.
Not providing software updates for your TV anymore after you removed features? That’s your right, but so is the right of the effing device owner to install something else on it.
And it’s not just consumer electronics. (<caugh> John Deere <caugh>).
Not to be pro-corporate/anti-repair…but I feel I have to play devils-advocate here…
That sounds like a legal and security nightmare.
If you just give binary blobs and no sources, there’s no way to maintain the code/device long term. As exploits continue to be found in upstream dependencies, the hardware continues to become increasingly insecure.
But if the source needs to be released…I imagine that there are heaps of proprietary code that is still in use on “active” devices even after another model goes EoL…so if that code is released, there’s instantly thousands of nefarious eyes on it.
On top of the regular zero-days that are found out when a popular product reaches EoL.
I think that’s potentially a lot to ask of users. Will your technically-challenged great-Aunt switch to post-support build when her phone hits EoL, or will hackers be able to remote control her banking app and take away your inheritance before the community can even patch it (assuming there’s enough community support out there for an 8-year-old Galaxy A-series…)
Then there could also be licensed code that would need to be released as well…hence the legal nightmare.
Not saying it’s impossible…in fact, I greatly agree with your stance and stated position. Just saying that there are some blockers on this epic.
Security is constantly used as a guise for removing consumer rights and as someone who has been in the security industry for about 9 years I’m so sick of it.
First and foremost, everyone please understand: the user should be allowed to opt into your concept of insecurity: you do not know their threat model and you do not know their risk tolerance.
Using exploits in low level drivers in the wild is approaching APT level, and even if there were a simple one to use it’d likely be useless without some sort or local access to the device (bar some horror show bug in a Bluetooth or WiFi firmware). The risk is incredibly low for the average person. I’d put it pretty close to 0.
Wire transfers aren’t instant and for large sums (your inheritance) the banks will likely require more than just a request from your app. If the bank cares about that then they can also use the attestation APIs which would be more than sufficient, as much as I hate them.
This boogey man of the APT going after my technologically illiterate <family member> with nation state level exploits needs to die. Long ago we entered a new era of security where it just isn’t worth it to waste exploits. Especially when you can just text people and ask for their money and that works plenty well.
Security is not a valid reason to soft brick consumer devices at some arbitrary end of life date.
I like it. If the publisher no longer sells/supports the full game as purchased, then they no longer to get to complain about people pirating it.
I don’t like instantly throwing it public domain, that’s the wrong license to use. I think Creative Common CC BY-NC-SA would be more appropriate. (Credit the original, no commercial use, and any modified/redistributed version must follow same license).
This will prevent xbox from taking all the old PlayStation games, stealing an emulator, and selling them under game pass to people that don’t know those games are freely available.
I’d also add the game must be available as an individual 1-time purchase. If it’s only available as a bundle or subscription service (like game pass), that doesn’t count.
The Public Domain isn’t a “license.” It’s simply the default state of a work when copyright is no longer being enforced for it. I’m saying that copyright should immediately expire for any published work that is no longer being made available by some entity with the right to do so (phrased carefully so as not to break copyleft licenses, BTW) and that anyone should be able to get it directly from a government archive of all Public Domain works.
As for selling Public Domain works, that’s always been allowed and I don’t see any particular reason to change it, provided that regulatory capture doesn’t result in the public archive being the digital equivalent of hidden away in a disused lavatory in a locked basement with a sign saying “beware of the leopard.” If the free option is prominent and well-known but you want to pay money for some reason anyway (in theory, because the person selling it added value in some way), that’s your business.
If a studio is using the same base architecture for online services as a game that is currently active, you want developers to share their current live architecture and code?
Yes.
If they don’t like it, they can keep supporting their older stuff. Or better yet, rethink their decision to impose a “live service” business model now that they’d actually be held accountable for it, and consider going back to giving users the means to run their own servers.
(Also, by the way, “security by obscurity” is bullshit. If disclosing their server-side code leads to exploits, that just means they’re fucking incompetent. I have no sympathy at all.)