Casual Game Dev

Leave it to Disney to take the lead in child protection tools for online games and virtual worlds. In a pair of announcements yesterday, Disney announced the launch of DGamer, a social network wrapper for its Nintendo DS games (also usable on the PC) and new parental protection tools for Club Penguin.

It sounds like these two initiatives are separate. It would certainly make sense for Disney (or others) to standardize, centralize, and consolidate child protection tools across multiple games.

For Club Penguin:

With the update, parents will be able to view account histories, change the password for the account and chat freedom levels, and, in the future, set time limits for play.

DGamer is not as far along:

Parents can choose the level of chat freedom their children have, ranging from working with pre-selected phrases, a moderated chat, or completely open conversation, though the latter requires that users exchange DS friend codes first.

This is excellent... inexpensive to implement and a good confidence building strategy for parents (who control the money, after all).

IMPORTANT SIDE NOTE: It would appear that Disney has managed to build its own online environment on top of the DS that is not a simple use of the much maligned friend code system. This may portend very interesting online capabilities as publishers and developers start innovating on top of Nintendo's platforms.

(courtesy of Virtual World News)

Noted with sorrow: a 5 year-old boy in Vietnam was kidnapped and then brutally killed by two 14 year-old boys who wanted 30 Million Dong (US$1,800) to play online games (Gia Dinh va Xa Hoi via Top News Law). This is the third notable case of crime tied to online gaming. Previously, a boy killed an elderly woman to get 100,000 dong (US$6) and another threatened to splash acid on a man's daughter's face unless he paid $600.

Valve Software has released its survey of gaming PCs. While it would be great to get general numbers from someone like Intel or Microsoft, this probably gives a good picture of PCs, but it may be biased a bit on the high side.

It would be interesting to see the evolution of these specs over time, but the picture seems pretty clear - people aren't replacing their PCs very quickly anymore... I say this typing on my ancient Sony Viao laptop that has a 1.6 Ghz CPU.

If you want to reach the largest audience, you have to shoot for minimal specs. If, say, you want to reach 95 percent of the market, what kind of PC are you looking at:

Less than 512 MB of RAM(!). Though the data is at a fairly high level, I would guess that you would lose 25% of the total game audience if you required more than 512 MB. This is almost certainly a function of hardware manufacturers cutting corners on the RAM and less sophisticated users not upgrading memory. To reach 99 percent of users, you would design for 256 MB.

Less than 1.7 Ghz CPU. To get to 99 percent of users, you would have to support less than 1.4 GHz... I'm not even sure HOW MUCH less than 1.4 Ghz.

Really minimal graphics. Graphics cards are all over the place. The industry complaint about people having poor graphics capabilities certainly seems to be a legitimate, but it is a reality. Even more importantly, among the gamer crowd, the market penetration of high end graphics cards is really, really low (probably totaling 20 percent). DirectX 7 Path is a default on just over 4 percent of the video cards. It looks like DirectX 9 Shader Model 3 Path is only supported on 60 percent of gamer PCs.

15 inch Displays. just over 95 percent of users are at this size (probably a lot of laptops). 16 inch and 17 inch are the most common sizes. To reach 99 percent of users, it would be wise to design down to 13" displays! Really large displays, 24"+, seem to be growing rapidly in popularity.

32 MB Video RAM. This gets you close to 99 percent. 64 MB Video RAM is still common enough that you would only reach 90+ percent of the market.

1024 x 768 resolution will get you almost to 99 percent of the surveyed machines. 800x600 still exists.

32-bit Pixel Depth - While people may not have high resolution, they want their colors. This would get you over 95 percent. Pull back to 16 bits for 99+ percent.

Audio is all over the place, so, shoot low. No microphones either.

Windows XP is the dominant operating system and while Vista has 14+ percent penetration, DirectX 10 is under 10 percent.

DVD will reach over 95 percent, but to get to 99 percent, use a CD.

Distressingly, 5 percent of PCs have less than 5 GB of hard disk available! and 10 percent have less than 10 GB, so stay small.

It is probably worth noting that these numbers probably skew slightly high as these are people who play games on Steam (the survey size was almost 1.73 Million PCs).

EA and Bioware abandoned a rather rigorous implementation of Sony's SecuROM digital rights management (DRM) system after a major backlash from game news sites, blogs, and lots and lots of player complaints.

What happened?

The initial plan was to require authentication of the software every 10 days. This seems to have provoked the most ire along with complaints about getting through firewalls and such.

The first question one has to ask is whether EA or Bioware really felt that they needed this more rigorous level of license checking? It would appear that they did not, considering how quickly they backed down on the issue.

The current model seems to be to have an initial authentication check and then an additional check every time the player wishes to download additional content. This should work quite well for Spore as it is designed to have a lot of online content, but it is less clear that the model will work well for Mass Effect.

The comment about getting through firewalls seems a red herring. There is no reason that a simple license check could not be done with a standard HTTP POST or GET and thus not require any ports to be opened or other changes to a firewall. In fact, not using this approach just creates problems.

How many pirates does EA think it would have stopped with the 10 day check approach vs. the single authentication check? It would seem that once a hack gets around the DRM system, additional authentication checks are unnecessary.

Another question is what do do once a game fails to authenticate? Personally, I think "nagware" that reminds a person to purchase the game (perhaps with a nice little meter about how many hours that they have played) is much better than stopping them from playing. For a game with an online service, such players can be marked as "trial members" and have reduced privileges. The goal should be to convert them to paying customers, not serious pirates. This can also help track the number of pirated copies available.

It is certainly worth noting that any sales that come from converted "pirates" are going to be much more profitable than retail customers as there is no revenue share involved.

The key to conversion is to give players a reason to pay rather than pirate. Something as simple as registration for a sweepstakes, lunch with Will Wright, pretty much anything can be used. Also, there is the opportunity to upsell these customers on additional products without expensive acquisition costs.

Online game developers seem to be petrified of children. The prospect of complying with COPPA and not marketing to kids, privacy issues, etc. seems to have driven many companies to restrict their market to children 13 and up or adults.

Virtual World News had an interesting article a while back about the heavy involvement of parents in many "kid's games". In one such world, Stardoll:

Out of 868 surveyed younger members, 80% visit daily. What's surprising, though, is that girls' mothers are almost as engaged: out of 158 mothers, 54% visit daily, 75% visit with their daughters once per week, 64% visit by themselves, and 60% have their own accounts. (courtesy of Kzero

The article concludes with the excellent thought:

is it time to start looking at kids worlds as a way to reach out to parents?

I recently registered at a kids virtual world (as a kid... I lied) because I was interested in its security features, but it struck me that one could avoid all of the COPPA issues, security policy issues, etc. if there was no direct registration in these worlds by kids. That all of the account and other information was done in a parent's name and that the child was simply a "secondary" account. No email, no individual information except what is provided by the parent.

Now this does create a bit of a bump in effort for participation, but the reduced risks and natural tools for parental controls probably make up for it.

PLUS, you get to market to Mom. Directly.

And Mom has the money.

LAWYER QUESTION: Does this get around COPPA (which really isn't that bad)? Are there any other legal issues that need to be addressed or that using a main parent account would help with?

NHN's Naver search engine and portal has been declared a monopoly in Korea with just over 48 percent of internet portal traffic and over 70 percent of search queries(!), according to Cho Jin-seo of The Korea Times.

An interesting bit of news, but what does it have to do with gaming?

Well, apparently, the concern is that the Korean government will go after card games that are played for virtual currency (like blackjack and poker) at NHN's game portal Hangame.

Search and portal traffic is not NHN's main source of growth, but these "web board games" for cyber currency:

``NHN has a high growth rate not in the search and portal sector but in that of Web board games. We think the quality of growth at NHN has deteriorated in general,'' said CJ Investment & Securities analyst Shim Jun-bo.

This cyber currency can be converted in to real money at a number of black market sites (similar to the gold farming markets in the US).

Several non-governmental organizations want to go after NHN for tolerating, if not encouraging, these transactions which turn "games for fun" into gambling.

A cautionary message for anyone, in Korea or elsewhere, that uses non-convertible virtual currencies to avoid gambling restrictions.

What does it take to protect kids online? Lane Merrifield, co-founder of Club Penguin, states in an interview with GamesIndustry.biz, that the company employs 100 real-time moderators and typically adds 500 to 1000 words to its filters a day (new slang) to support their population of 12 million users and 700,000 paying subscribers (at $5.95 per month or $57.95 per year - at time of their acquisition by Disney last summer - via VentureBeat and at 15 million registered users as of January 2008 via Kzero). SIDE NOTE - I guess the Price to Sales ratio was around 10.7 to 1(!).

So, if you have 24x7 monitoring, that means 5 real people per "live" moderator, so that is 20 live moderators at any given time.

Not too many people, actually.

Alas, no data on Average Concurrent Users, but the overall ration of 15 million total to 100 moderators is quite lean (say the active user ratio is 1 in 10, then the population is closer to 1.5 million to 100 or 1 moderator for 15,000 kids!... if one takes this down to 1 in 100, then there is 1 moderator per 1500 children which still is pretty low).

Club Penguin does have a restricted communications mode (see previous article) that only allows players to build phrases from a pre-screened vocabulary list, these players don't create any monitoring "load" except for physical griefing (which, hopefully, Club Penguin's game and interaction design precludes).

Or, conversely, each moderator is adding 5 to 10 words per day... amongst other tasks.

The article also notes that 2/3 of the total staff is moderators, so this would imply a total team size of 150?

Pretty lean. for $65 Million in revenues and $35 Million in profit (so, $30 Million in costs staff, space, servers, and such - projections for 2007 via TechCrunch).

Chris Taylor of Gas Powered Games was quoted at GDC as saying "PC gaming isn't dead. PC gaming — the old model — probably is. Secure PC gaming is the future — it's going to thrive and we've all got to get on that."

But, this week, EA announced rather draconian security for Mass Effect and Spore with server authentication required every 10 days via Sony's SecuROM product, according to Kotaku and others.

It is worth noting that Apple's success with iTunes is based as much on ease of use and reasonable prices as its FairPlay DRM system which has been regularly broken.

Maybe simply lowering prices would be better security. After all, the "Free to Play" business model online is drawing in more and more players to games by lowering the cost to play.

Look at all the debit cards available at supermarkets - impulse purchasing is powerful. If games cost what a paperback does, how many more would be sold?

If gaming is as "mass market" as everyone alleges it is, lower prices will make reaching that audience easier... and make piracy less appealing.

Also, if developers think this way, they can divide the game into a $10 (or $5 or $8) module sold at retail and then add downloadable content (DLC) as Guitar Hero and Rock Band have shown. Even better, this additional content would come with a direct customer relationship AND no revenue share with a retailer.

... ADDED GREEN GAMING BENEFIT - we could get rid of those stupid boxes that don't hold manuals anymore and just have nice little slip covers for disks.

Make games an impulse entertainment purchase, not an investment.

Turn up the Irony Meter to 11. After all, with all of the complaints in the US about gold farming, it takes the Chinese to stand up and do something about it.

Yep, police in China has arrested 2 men for running a World of Warcraft gold farming operation and charged them with "unfair revenue distribution" (CHINESE READER ALERT - what in the world is "unfair revenue distribution"?).

The two men ran the operation for 7 months and earned 1.4 Million RMB (just over US$200,000). They had 20 computers and 20 employees (no shifts, I guess) and were based in Chengdu's Shuangliu county. The men were targeting The9's China-based World of Warcraft operation... I'm not sure if this makes their revenue more impressive or not.

(Chengdu Evening News via Pacific Epoch)

Hacking on the Wii just got a lot worse with digital piracy of WiiWare games. Hackers have apparently demonstrated (see video below) the ability to use the existing "Twilight Hack", a Save Game hack, to launch Japanese WiiWare titles without paying for them. The attack looks particularly serious as it seems to access Wii functionality (not just Gamecube features) as had been demonstrated previously.



This could be a real threat to Nintendo as WiiWare is already shaping up to be a great tool to remonetize old games. Also, it could be a threat to Nintendo's efforts to reach out to independent developers.

The next step in this attack would be to spoof a full Wii game via the SD interface (or other port) using this hack or something similar.

If Nintendo or any of its partners start utilizing online features more seriously, this style of attack would likely be useful for abusing achievements and persistent play features (as has already been seen with Xbox Live).

The bane of the next-gen consoles seems to be their "Save Game" systems.

What is unfortunate is that these types of problems CAN BE ADDRESSED via intelligent use of cryptography. Interestingly, traditional digital signatures are not necessarily the right answer.

The question is whether the vulnerabilities are deeply ingrained in the platform or if they can be addressed via a firmware / OS upgrade. I suspect that the problem will be difficult to really clean out as it is highly likely that developers are not using the Save Game services uniformly.

The Wii does have an advantage over Sony's PSP (potentially) - while the PSP had security problems, it was not selling many games, but the Wii is selling games pretty well, especially if WiiWare is included (though I don't know if a WiiWare game can be used to push an OS upgrade).... unless a downgrader can be created, of course

(via Wiifanboy via Joystiq)