ITsecurity
twitter facebook rss

Oculus VR’s DRM Tightrope

Posted by on July 25, 2016.

In any technological industry, being the first to market can carry as many risks as it does benefits. It seems that the new, burgeoning VR industry is no exception. In May 2016, Facebook-owned Oculus VR, creators of the first and flagship VR headset, the Oculus Rift, released an update intended to prevent apps and games designed for the Rift to be played on other headsets – particularly the HTC Vive, currently the Rift’s main competitor. While software purchased from the Oculus store will not run on the Vive by default, a third party developer had created a tool called Revive, allowing Rift runtimes to be translated for the Vive’s open-source code, opening the door for Oculus software to run on the HTC headset.

It’s not hard to see Oculus VR’s problem with Revive; many games and applications are exclusive to the Oculus store, whether because they’re developed by Oculus VR itself or because a third party developer has been offered an incentive or deal for exclusivity. In an interview with gameindustry.biz, Oculus’ head of content, Jason Rubin, has stressed that his company’s stance is that hardware exclusivity is a beneficial force for the industry. He highlights how investment in exchange for exclusivity can help smaller, indie developers – “generally, we say to them, here’s a much smaller amount of money just to get you to where you wanted to be, and in exchange, give us a short time in the store exclusive, but then do it for any platform.”

The problem with the anti-Revive update, however, was that it ended up effectively creating a backdoor for piracy. It left the Revive developer with only one option if they still wanted their tool to work; bypass the DRM check on Oculus software entirely. This made Revive no longer just a tool to translate runtimes to work on the HTC Vive, but a potential free-rein for pirates to play cracked, stolen games. “I really didn’t want to go down that path,” the developer of Revive said in a Reddit post. “I still do not support piracy, do not use this library for pirated copies.”

The update didn’t last long. On June 24th, Oculus released another update, removing the hardware check from their headset and dispelling the unspoken myth that “what’s done can’t be undone” when it comes to DRM. The news was a pleasant surprise for early adopters of VR hardware and the developer of Revive, but was a clear sign of where the company’s priorities lay. Despite their pro-exclusivity policy, protecting themselves against piracy took priority.

This potentially leaves Oculus VR in an awkward situation for the future. The reversal of this update is a tacit admission that they’ll tolerate Revive circumventing hardware exclusivity – clearly the lesser of two evils, in their eyes. But if the situation continues this way, it does scrub any advantage of exclusivity – at least from the point of view of Oculus and larger publishers. Indie developers can still benefit from the possibility of funding, of course, but with a tool to circumvent hardware checks freely available, the only incentive to buy the Rift above other headsets is the quality of the hardware itself.

It’s clear from Rubin’s statements that Oculus VR’s position is that hardware exclusivity benefits the industry. But if Oculus cripples the benefits it can provide to developers, is it even possible to realise those benefits? Has it made an even bigger blunder by reversing the effects of another blunder? It’s possible that they’ve overestimated the harm that piracy could do.

There has always been a lot of doubt as to whether DRM and anti-consumer practices have a genuine influence on rates of piracy, but one developers’ bold stance against invasive DRM has had intriguing results. CD Projekt Red, creators of the successful and critically acclaimed Witcher series, noticed a trend in piracy statistics beginning in 2012, with their release of The Witcher 2. The physical, CD release of the game shipped with SecuROM DRM, but distributed their digital version via GOG.com, a DRM-free service. This meant that anyone could purchase a copy of The Witcher 2 on GOG, then share the executable to as many friends as they liked – or even illegally distribute it via torrent – without any check to prevent illegitimate users from playing. What they found, however, was that the unprotected version of the game encountered negligible piracy rates when compared to the SecuROM version.

CDPR took this a step further in 2015, after the release of The Witcher 3: Wild Hunt. Shortly before releasing an early patch for the game, a post evidently made by a staff member on a torrent website revealed that there would be no restrictions on downloading the patch, whether users owned the game or not. Effectively, they were making the patch freely available to both legitimate users and pirates. The Witcher 3 went on to sell close to 10 million copies as of March, easily becoming the biggest seller of the franchise, and broke into many bestselling video game lists of 2015.

If the Witcher 3 was able to be such a runaway success in terms of sales while doing nothing to protect itself from piracy, was there ever a need for Oculus to be concerned about their update? Whether or not there was, reversing it was probably still the best decision, but they now have a dangerous choice to make. It’s not unlikely that they’re working on a new solution, one which will prevent tools like Revive from bypassing hardware checks without enabling easy piracy. Most likely, this will be accomplished by some new form of DRM, but this runs the risk of angering the VR community even further – and may even backfire on Oculus even more spectacularly.

It’s possible that Oculus have backed themselves into a corner here. They want to make the most out of hardware exclusivity while keeping the goodwill of the VR community, and also protecting themselves from piracy – if they leave things as they are, those exclusivity advantages are diminished, but any new kind of DRM will not only risk alienating their fanbase, but could also lead to an increase in piracy. Counterintuitive as it may seem, there are many precedents of publishers trying to arm themselves against piracy, only to shoot themselves in the foot.

Sometimes this takes the form of angering consumers and damaging the company image, and other times this can actually increase the rate of piracy for a game. For the latter case, one need only look at EA Games and the advent of SecuROM, used with the heavily hyped but critically disappointing Spore. Intended as a more proactive way of detecting illegitimate copies and preventing pirated versions of its game from playing SecuROM turned out to be both invasive and potentially destructive to the client’s computer – even if it was a legitimately-purchased copy of the game.

Backlash against SecuROM was so strong that the hacking community cracked and illegally shared a DRM-free version of Spore before it was even shipped to retailers. It has since been outstripped by other games, but not long after its release Spore became the most heavily pirated game in history up to that point – estimated to have been illegally downloaded about 1.7 million times before the end of the year of its release.

Even in its early days, digital DRM was causing problems for both developers and consumers. Rainbow Six: Vegas 2 was a notorious example of this, during the period when games were first starting to make the jump to online storefronts. Ubisoft distributed the game via Direct2Drive, one of the earliest digital distribution platforms, at the time owned by IGN. A common anti-piracy practice for physical copies of games is to code a simple check, making sure the CD is in the computer before the game can play. An oversight on Ubisoft’s part failed to remove this check from the game’s code for the digital version, resulting in many players completely unable to play their legitimately-bought copies from Direct2Drive, as the game would check for a CD that wasn’t there.

The solution turned out to be almost as much of a debacle as the problem. Shortly after patching the game to allow digital users to play what they’d paid for, it emerged that the “fix” was nothing more than a no-CD hack, originally coded illegally by a pirate group. After the use of this crack came out, Ubisoft offered very little explanation, saying only that “this was not the UK support team that posted this […] as soon as we find out more about this we’ll let you know” and later closing the support thread without further comment.

VR gaming is in a unique position – it’s both a brand new industry, and part of a prosperous, established one. It will have many of its own pitfalls to navigate, but there is an immense amount of potential to learn from the gaming industry up to this point. Time after time, draconian anti-piracy measures, invasive DRM and anti-consumer practices for the sake of trying to control the market have been shown to do more harm than good. The industry as a whole may be learning from DRM’s failures and mistakes, but Oculus VR has given itself a tightrope to walk, and it seems it will have to compromise somewhere, or risk pushing the VR community towards Sony or HTC.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Expert Views, Josh Townsend |