| |
| ▲ | drorco 4 hours ago | parent | next [-] | | If you're actually curious, to gate a taste of the cost of compliance, I recommend taking a look into the different standards for website accessibility, GDPR, etc.
On paper it sounds great, who doesn't want a accessible websites or privacy? But in practice it's a total drain of resources, real legal risk even if you genuinely try and be compliant, and often you just pay a lot of $$$ for legal, compliance advisors etc. so you could tick off a box and have some sort of insurance in case you're being sued. Now you probably don't have a lot of empathy for big corps, but those laws often apply for small businesses as well (why wouldn't they?) and now imagine the struggling indie dev now also having to deal with another legal compliance so they won't lose their house to a legal troll, when they just struggle to get a game out there they have no idea if it's even going to ever be successful. | | |
| ▲ | acron0 3 hours ago | parent | next [-] | | I don't really buy this. From my personal experience, indie devs are more likely to use methods which make their server tech distributable (e.g. Minecraft). Large game publishers appear to go in the opposite direction for control and lineage reasons: "Crew 1 is dead so you need to buy Crew 2 now". Anyone who gamed before 2005 knows that games do not require magic, expensive, managed remote services. We all used to run our own servers! The GameSpy era! | | |
| ▲ | drorco 3 hours ago | parent [-] | | Well I'm talking from experience as a mobile indie game developer. Pretty much every year I'm getting warnings from Apple or Google, or 3rd party SDKs, that unless I make sure to update libraries, or comply with a new rule, they are going to take down the game. One of the latest rules was some sort of a digital services act (again another regulation) that made it very difficult for indie devs not to share their personal address and phone numbers. | | |
| ▲ | drbscl 17 minutes ago | parent [-] | | That's not related to SKG though, that's storefront policy. In principle, as long as _you_ are not blocking using the binary on hardware that supports (i.e. a player already has it installed on an old phone), you're in the clear. SKG is explicitly _not_ advocating for lifetime support, compatibility with new devices, etc | | |
| ▲ | drorco 13 minutes ago | parent [-] | | But there are 3rd party SDKs that rely on outside servers that will stop working and the app could have unexpected behavior. It doesn't have to be complete crash, but it might be enough to degrade functionality to a point where some players might say the game is unplayable etc. Being bootstrapped with no investors, there's no extra resources, and no financial benefit in making sure that the app can function well even with these 3rd party services, servers etc. not working. | | |
| ▲ | drbscl 7 minutes ago | parent [-] | | > degrade functionality to a point where some players might say the game is unplayable etc. Yeah, it's a good point, the law that may result from parliament does need to be clear on where the line is drawn. Personally, I would expect singleplayer and LAN to work at EOL Edit: on 3rd party libraries & services, I would expect that such vendors would need to make their software compliant for their customers after any law change on this front. No one is gonna buy GameLift if it's a legal liability for their EOL plan |
|
|
|
| |
| ▲ | JimDabell an hour ago | parent | prev | next [-] | | > I recommend taking a look into the different standards for website accessibility, GDPR, etc. On paper it sounds great, who doesn't want an accessible websites or privacy? But in practice it's a total drain of resources, real legal risk even if you genuinely try and be compliant, and often you just pay a lot of $$$ for legal, compliance advisors etc. so you could tick off a box and have some sort of insurance in case you're being sued. This is a really good analogy, except you made one mistake: it’s not difficult at all to design something to be accessible and respectful of privacy as long as you do it from the start. If you try to build something inaccessible and privacy-invading then get caught and have to retrofit accessibility and privacy at the last minute to avoid fines and lawsuits, that’s when it becomes difficult. And you see this exact mistake crop up in the Stop Killing Games criticism as well. People say that it’s difficult because they are thinking about taking the status quo and retrofitting longevity. For instance, trying to retroactively obtain licenses to distribute components that they didn’t originally have. When in practice, the effect of a law like this is that it would push game developers to make the right choices up front like picking appropriately licensed components, so there’s no barrier to keeping the game alive when the time comes to cease support. It might also have escaped your attention that the EU was perfectly willing to create accessibility and privacy regulations, so if you are likening Stop Killing Games to these things then it stands to reason that this is not a reason for the EU to avoid Stop Killing Games legislation. | | |
| ▲ | drorco 4 minutes ago | parent [-] | | This is my second business after already having experience with GDPR. Thinking of it in advance does make it easier but it can definitely still break a business and it's not a trivial cost. Moreover, it's still changing frequently, just about 2 years ago there was a major change were asking for simple consent was not good enough and now there's a whole CMP TCF2 protocol you have to implement. From research I made, the tools that provide good coverage are not cheap, I pay a lot of money for these services, and they are also 3rd parties that without them the game experience might degrade. Just a little example, if the privacy consent service times out, the game load time increases to about ~10s at least. Moreover, I have to also pay a company just to be my representative in the EU and have a stupid email address that is completely useless. I don't know these things definitely don't make my appreciate regulations, and I think if you want to add more layers of regulation, you have to be really thoughtful about them, because often like DRM, eventually they screw the little guys more than they screw the bad actors. |
| |
| ▲ | pdpi 3 hours ago | parent | prev [-] | | The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly. Likewise, the legal risk for small indie games here rounds to zero. Most such games will, at worst, lose access to online leaderboards if their developers shut them down. | | |
| ▲ | drorco 3 hours ago | parent | next [-] | | I'm a developer of a mobile indie game and it's not true. Just to get started you need to implement tons of third part SDKs like Meta Ads, AdMob, Google Analytics, etc. These require actual handling of player choices, data sanitation etc. disregarding the loss of revenue with not being able to serve personalized ads, or even ads at all to large segments of players. And I'm talking about strictly optional rewarded ads. These already harmed a lot of small mobile game companies, while the bigger mobile companies had much better means to deal with these. I personally paid over $10K for different services just to comply, disregarding the loss of revenue over this compliance. | | |
| ▲ | acron0 3 hours ago | parent | next [-] | | Maybe don't fill your games with ads and release them on restrictive, exploitative platforms? | | |
| ▲ | drorco 2 hours ago | parent | next [-] | | Did you ever build a commercial project or any business yourself? The nature of your comment implies to me you haven't. I highly recommend you give it a try, it might actually change your mind! | | |
| ▲ | Orygin 2 hours ago | parent [-] | | I didn't know it was impossible to build businesses without inserting to Meta/Google/others ad SDK to spy on all my users. Maybe we should stop normalizing these behavior. | | |
| ▲ | drorco 10 minutes ago | parent [-] | | Yea good luck getting any reasonable visibility on App Store or Google Play without paying good amount of $$$ to meta, Google etc. Trust me I would have loved to throwaway this dependency on these platforms, I don't enjoy paying for ads. The market is not pretty, but there's a reason for why it's the way it is. For some reasons, players prefer downloading games for free and then paying potentially hundreds to thousands of dollars on IAPs, rather than everyone paying $5 for a game. I would have preferred it to be the latter personally, but the market doesn't seem to want to act this way. |
|
| |
| ▲ | hobofan 2 hours ago | parent | prev [-] | | aka "don't make games that anyone has the chance of playing" | | |
| ▲ | krige 2 hours ago | parent [-] | | That's an boggling misrepresentation of the market. | | |
| ▲ | hobofan 2 hours ago | parent [-] | | The "release them on restrictive, exploitative platforms" part of the comment excludes (depending on interpretation): any mobile platform + Steam So that excludes ~95% of addressable playerbase. |
|
|
| |
| ▲ | archievillain an hour ago | parent | prev [-] | | Your videogame is a data-harvester for the purpose of ad-serving, why on Earth would GDPR compliance be easy for you? It sucks that the mobile market is essentially just a glittery front over privacy invasion vectors, but just because it's normalized it doesn't mean it's right. "Serving third party ads" is exactly the kind of thing the GDPR exists to regulate harshly. |
| |
| ▲ | adrian17 2 hours ago | parent | prev [-] | | > The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly. I buy a VPS. I apt install nginx. Is it okay that by default, opening http://IP/index.html logs the IP address to /etc/log/nginx/access.log? Maybe yes, maybe no, maybe yes but I need a privacy policy (for an empty index.html). Maybe I need to ask a lawyer (who usually errs on side of caution) because people have been arguing about it for 10 years (and please don't answer here). And in the end, even if I didn't need to do anything, it sure is _some_ nonzero drain of my resources to have think about it at all (completely ignoring whether it's justified or not). | | |
| ▲ | esterna 26 minutes ago | parent | next [-] | | This hinges on two misunderstandings: - That data processing always requires consent. There are exactly six reasons for storing or processing data: consent, contract fulfillment, legal compliance, vital interests of a natural person, public interest/official authority, or legitimate interest. Collecting IP addresses can be a legitimate interest, but: - The real interesting question is what you do with the IP addresses after they're stored in a file. Securing your server is a legitimate interest. Tracking your users is generally not. Having lawfully collected data is not a carte blanche to do anything you choose with it. | |
| ▲ | za_creature an hour ago | parent | prev [-] | | > Is it okay that by default [...] ? Yes. IP addresses by themselves are not PII and may be logged indefinitely. It's only after you start correlating them with other shit that you're collecting that they become subject to GDPR. Same for cookies really. If you *only* operate a shopping cart, you don't have to display a cookie notice for "only technically required cookies". The point of the cookie notice is to dark pattern users into granting more access or just to annoy them enough that they continue not caring about privacy. |
|
|
| |
| ▲ | pdpi 3 hours ago | parent | prev [-] | | Consider for a moment that end-to-end encrypted messaging protects criminals of all sorts. Surely that’s a bad thing and requiring back doors for law enforcement shouldn’t be considered an attack on anybody? I absolutely agree that the practices SKG are fighting against are pretty abusive and that it is right and proper to restrict those practices, but I also understand why people see the appeal in anti-e2ee laws. The thing is, I have a good-enough understanding of cryptography to see why those laws are a terrible idea, and I’m infuriated by how clueless their supporters are. I’m self-aware enough to realise that I might the clueless one here and that me not seeing any legitimate issue with SKG doesn’t mean there isn’t one. |
|
