For example some keys are bought from publishers or devs with stolen credit cards to sell on those sites and then the owner of the credit cards will request a charge back one he notices the charges.
Now the dev or publisher has no money for the key, has a fee for the payment and or the charge back and the key is still getting sold on those sites.
Humble bundle once lost about 35k that way for example.
The key resellers should have security implemented to prevent such stolen keys from being sold but they don’t, enabling those scammers.
Because keys are randomly generated. To block them, you need some cloud infrastructure and force players to always be online. That’s expensive for indy developers and gamers hate online requirements for offline games.
Possibly, but doing that also opens up the potential for someone who is not legit to work out the algorithm used and build a keygen for it, then they could sell/distribute keys that shouldn’t exist or keys that already exist.
Some games only contact the key server once to tell the server that it’s activating the key with X account, then never contacting again, or only contacting again if an internet connection exists. This will prevent the same key activating twice, while also allowing for offline play post installation.
If a key can be generated, someone could steal a legit key and activate it before the legitimate key holder activates it, which would then result in a “key already activated” error, and a massive headache when the purchaser(s) complains and shows legit receipts.
This is why keys are usually randomly generated and logged server side at purchase, the key is then handed over to the user via secure connection. This not only allows for key activations, but will also allow the company to revoke the key if needed.
Most pirates get around this by blocking or spoofing the “activation successful” message and preventing contact with the activation servers.
Of course this is the general idea behind key and key activations, the true mechanisms are usually more complex than that, especially if a game launcher like steam, ea play/origin or Ubisoft connect is involved, but it all more or less accomplishes the same thing.
They’ll still get sold because the reseller sometimes doesn’t bother to unlist it. Devs can deactivate keys, but some are hesitant to do it because if someone buys from the shady reseller site thinking it’s legit, if the key gets deactivated after they buy and redeem the key, the game is removed from their account with (usually) no way to get a refund. Ends up as bad reputation for the dev even though it’s not their fault.
Apparently they do chargebacks, which costs the gamedevs money.
This is something that should have been in the opening post.
It explains why using these sites actually causes harm.
Instead of getting a game at a reduced rate without harming the dev much (just losing a sale) you’re actually harming the dev.
This is something I didn’t know and now I’ll look more at discounted games on official platforms instead of these key sites.
Fanatical and greenmangaming are two other sites that only sell legit keys. I usually try to only buy games that are on sale, so I check Humble, Fanatical, GMG and GOG whenever something I want is not on sale on Steam.
They steal a credit card, buy the game with it, and sell the game. Then the owner of the credit card (or the credit card issuer) discovers this and demands a refund from the game seller. Processing this refund requires extra work and additional money from the game seller.
I sorta blame big media companies for this. They have been trying to kill used movie/game sales for decades, moving to these (should be illegal) licensing models, etc. In doing that, they have failed to allow an infrastructure to form that would keep used or third-party purchases “legit” so you end up with sites that have no choice but to live in the grey area, even cdkeys.com that (allegedly) sources their keys 100% first-party legitimately.
Ultimately, credit card fraud will always be a risk. Someone installed a barcode copier on a local gas station machine a while back, and they bought 5 PS4s on it before the Bank got wise. It’s a little easier in other countries because there’s no physical shipping to deal with, but it’s not really creating the market. As a defrauded individual, you just can’t chargeback a playstation that was sold anonymously on ebay and already shipped.
ELI5, Why are resellers bad? Do they acquire the keys in a shady way?
For example some keys are bought from publishers or devs with stolen credit cards to sell on those sites and then the owner of the credit cards will request a charge back one he notices the charges.
Now the dev or publisher has no money for the key, has a fee for the payment and or the charge back and the key is still getting sold on those sites.
Humble bundle once lost about 35k that way for example.
The key resellers should have security implemented to prevent such stolen keys from being sold but they don’t, enabling those scammers.
How can the key still be sold after the chargeback? Is there no way for the devs to deactivate it?
Because keys are randomly generated. To block them, you need some cloud infrastructure and force players to always be online. That’s expensive for indy developers and gamers hate online requirements for offline games.
So if you know how the rng works and have a seed you could, in theory, generate keys that would work?
Possibly, but doing that also opens up the potential for someone who is not legit to work out the algorithm used and build a keygen for it, then they could sell/distribute keys that shouldn’t exist or keys that already exist.
Some games only contact the key server once to tell the server that it’s activating the key with X account, then never contacting again, or only contacting again if an internet connection exists. This will prevent the same key activating twice, while also allowing for offline play post installation.
If a key can be generated, someone could steal a legit key and activate it before the legitimate key holder activates it, which would then result in a “key already activated” error, and a massive headache when the purchaser(s) complains and shows legit receipts.
This is why keys are usually randomly generated and logged server side at purchase, the key is then handed over to the user via secure connection. This not only allows for key activations, but will also allow the company to revoke the key if needed.
Most pirates get around this by blocking or spoofing the “activation successful” message and preventing contact with the activation servers.
Of course this is the general idea behind key and key activations, the true mechanisms are usually more complex than that, especially if a game launcher like steam, ea play/origin or Ubisoft connect is involved, but it all more or less accomplishes the same thing.
They’ll still get sold because the reseller sometimes doesn’t bother to unlist it. Devs can deactivate keys, but some are hesitant to do it because if someone buys from the shady reseller site thinking it’s legit, if the key gets deactivated after they buy and redeem the key, the game is removed from their account with (usually) no way to get a refund. Ends up as bad reputation for the dev even though it’s not their fault.
Here’s a dev explaining it: https://lemmy.ml/comment/2618947
Apparently they do chargebacks, which costs the gamedevs money.
This is something that should have been in the opening post.
It explains why using these sites actually causes harm.
Instead of getting a game at a reduced rate without harming the dev much (just losing a sale) you’re actually harming the dev.
This is something I didn’t know and now I’ll look more at discounted games on official platforms instead of these key sites.
That’s why I stopped using those sites. The only reseller I buy from now is Humble Bundle, but most things I just buy direct from the Steam Store.
Fanatical and greenmangaming are two other sites that only sell legit keys. I usually try to only buy games that are on sale, so I check Humble, Fanatical, GMG and GOG whenever something I want is not on sale on Steam.
Yes.
They steal a credit card, buy the game with it, and sell the game. Then the owner of the credit card (or the credit card issuer) discovers this and demands a refund from the game seller. Processing this refund requires extra work and additional money from the game seller.
For a longer explanation, with successful results, you can read https://factorio.com/blog/post/fff-303 .
I sorta blame big media companies for this. They have been trying to kill used movie/game sales for decades, moving to these (should be illegal) licensing models, etc. In doing that, they have failed to allow an infrastructure to form that would keep used or third-party purchases “legit” so you end up with sites that have no choice but to live in the grey area, even cdkeys.com that (allegedly) sources their keys 100% first-party legitimately.
Ultimately, credit card fraud will always be a risk. Someone installed a barcode copier on a local gas station machine a while back, and they bought 5 PS4s on it before the Bank got wise. It’s a little easier in other countries because there’s no physical shipping to deal with, but it’s not really creating the market. As a defrauded individual, you just can’t chargeback a playstation that was sold anonymously on ebay and already shipped.