If you're actually curious, to gate a taste of the cost of compliance, I recommend taking a look into the different standards for website accessibility, GDPR, etc.
On paper it sounds great, who doesn't want a accessible websites or privacy? But in practice it's a total drain of resources, real legal risk even if you genuinely try and be compliant, and often you just pay a lot of $$$ for legal, compliance advisors etc. so you could tick off a box and have some sort of insurance in case you're being sued.
Now you probably don't have a lot of empathy for big corps, but those laws often apply for small businesses as well (why wouldn't they?) and now imagine the struggling indie dev now also having to deal with another legal compliance so they won't lose their house to a legal troll, when they just struggle to get a game out there they have no idea if it's even going to ever be successful.
I don't really buy this. From my personal experience, indie devs are more likely to use methods which make their server tech distributable (e.g. Minecraft). Large game publishers appear to go in the opposite direction for control and lineage reasons: "Crew 1 is dead so you need to buy Crew 2 now".
Anyone who gamed before 2005 knows that games do not require magic, expensive, managed remote services. We all used to run our own servers! The GameSpy era!
Well I'm talking from experience as a mobile indie game developer.
Pretty much every year I'm getting warnings from Apple or Google, or 3rd party SDKs, that unless I make sure to update libraries, or comply with a new rule, they are going to take down the game.
One of the latest rules was some sort of a digital services act (again another regulation) that made it very difficult for indie devs not to share their personal address and phone numbers.
That's not related to SKG though, that's storefront policy.
In principle, as long as _you_ are not blocking using the binary on hardware that supports (i.e. a player already has it installed on an old phone), you're in the clear.
SKG is explicitly _not_ advocating for lifetime support, compatibility with new devices, etc
But there are 3rd party SDKs that rely on outside servers that will stop working and the app could have unexpected behavior. It doesn't have to be complete crash, but it might be enough to degrade functionality to a point where some players might say the game is unplayable etc.
Being bootstrapped with no investors, there's no extra resources, and no financial benefit in making sure that the app can function well even with these 3rd party services, servers etc. not working.
> degrade functionality to a point where some players might say the game is unplayable etc.
Yeah, it's a good point, the law that may result from parliament does need to be clear on where the line is drawn.
Personally, I would expect singleplayer and LAN to work at EOL
Edit: on 3rd party libraries & services, I would expect that such vendors would need to make their software compliant for their customers after any law change on this front. No one is gonna buy GameLift if it's a legal liability for their EOL plan
> I recommend taking a look into the different standards for website accessibility, GDPR, etc. On paper it sounds great, who doesn't want an accessible websites or privacy? But in practice it's a total drain of resources, real legal risk even if you genuinely try and be compliant, and often you just pay a lot of $$$ for legal, compliance advisors etc. so you could tick off a box and have some sort of insurance in case you're being sued.
This is a really good analogy, except you made one mistake: it’s not difficult at all to design something to be accessible and respectful of privacy as long as you do it from the start. If you try to build something inaccessible and privacy-invading then get caught and have to retrofit accessibility and privacy at the last minute to avoid fines and lawsuits, that’s when it becomes difficult.
And you see this exact mistake crop up in the Stop Killing Games criticism as well. People say that it’s difficult because they are thinking about taking the status quo and retrofitting longevity. For instance, trying to retroactively obtain licenses to distribute components that they didn’t originally have. When in practice, the effect of a law like this is that it would push game developers to make the right choices up front like picking appropriately licensed components, so there’s no barrier to keeping the game alive when the time comes to cease support.
It might also have escaped your attention that the EU was perfectly willing to create accessibility and privacy regulations, so if you are likening Stop Killing Games to these things then it stands to reason that this is not a reason for the EU to avoid Stop Killing Games legislation.
This is my second business after already having experience with GDPR. Thinking of it in advance does make it easier but it can definitely still break a business and it's not a trivial cost. Moreover, it's still changing frequently, just about 2 years ago there was a major change were asking for simple consent was not good enough and now there's a whole CMP TCF2 protocol you have to implement. From research I made, the tools that provide good coverage are not cheap, I pay a lot of money for these services, and they are also 3rd parties that without them the game experience might degrade. Just a little example, if the privacy consent service times out, the game load time increases to about ~10s at least.
Moreover, I have to also pay a company just to be my representative in the EU and have a stupid email address that is completely useless.
I don't know these things definitely don't make my appreciate regulations, and I think if you want to add more layers of regulation, you have to be really thoughtful about them, because often like DRM, eventually they screw the little guys more than they screw the bad actors.
> Thinking of it in advance does make it easier but it can definitely still break a business
If privacy regulations can break your business, then I think there’s a very high chance what you are doing is exactly the sort of thing the regulations are explicitly designed to discourage.
> now there's a whole CMP TCF2 protocol you have to implement.
That’s exactly what I’m talking about. There’s no regulation saying you have to implement that. That’s a consequence of you making the choice to trade user data. Somebody who does not choose to do that has much less work to do. This is an example of the regulations working as intended. You’re supposed to see the friction and make better choices up front to avoid it, not make the same choices then complain about the friction.
> eventually they screw the little guys more than they screw the bad actors.
If I have to watch ads, I personally prefer personalized ads as they waste less of my time if I happen to see an ad for something I would actually want. I think generally, scaring people with "oh noes they'll have your annonymuized data" is not that dissimilar from scaring about radiation radiation from their wifi router.
Anyway, the discussion was about the harms of regulations and why developers would resist these. I personally know several indie mobile developers that had games that their core business model was ad monetization, and the regulation made these businesses less viable, and it's likely that players who enjoyed these kind of games, will now see less of these indie games.
I personally think this regulation does more harm then good for small businesses and players alike. I think legeslation has to be super careful when it comes to regulating businesses, anytime I had to deal with compliance around accessibility, privacy, transparency etc. I saw how intentions were good, but execution was absolutely terrible, with so many holes that the ones who benefit the most are the big companies that can workaround these clauses, while good intentioned small businesses need to spend money on compliance before they even know if the business is going to be viable.
> I personally think this regulation does more harm then good for small businesses and players alike
Are we supposed to just accept that games will die because of the profits of some game dev studios?
> I saw how intentions were good, but execution was absolutely terrible, with so many holes that the ones who benefit the most are the big companies that can workaround these clauses
I think regulation is a superweapon that should mostly be used in cases where there can be severe long-term damage (physical and health dangers, loans, etc.) or in cases where what it regulates is simple and easy to comply with.
For example, it makes a lot of sense to regulate gasoline so there won't be any lead in it. It also makes sense to standartize and simplify loans which can also have severe impact on people. I don't think it makes sense to regulate games to that degree, which are merely a form of entertainment and have no severe consequences on people, especially not SKG.
> If it would be so important for players to ensure their games stay alive, they'd just stop buying these games and they'd apply pressure on devs to do that
Unfortunately, it only works on paper. In reality publishers can add stuff after the release when people already paid money for it (classic bait and switch). So buying only "good" games does not guarantee that they will stay that way. Also, we did try "applying pressure", it didn't work, that's why we are here currently.
> I don't think it makes sense to regulate games to that degree
Nobody is asking to regulate the games themselves, only how they are distributed after their end of life.
> which are merely a form of entertainment and have no severe consequences on people
People make money using specific videogames. So there are consequences of shutting down games for good.
Most of the discussions I've seen about this disregard the fact that on paper it's all nice, but in practice it's a rabbit-hole of constraints. Developers often use 3rd party SDKs and services that can render the game useless if they are not included is just one concern, and many times they cannot be technically or legally included in client versions for players.
Personally, for all I care, even as a game-dev, I don't mind if there'd be a law that would allow players to modify and even reverse engineers previous versions of the game for the sole purpose of playing the game.
This kind of regulation demands nothing from the game developers, doesn't force them to comply with anything, and doesn't incur any additional costs. Maybe there'd be some tiny loss of revenue, but it's arguably miniscule if the games are already abandoned.
It pretty much already happening with games like the C&C Generals that have pirated abandonware versions.
Most of the demands I've seen from the SKG crowd demand actual laws that define what developers must provide players, instead they should just legalize reverse engineering.
> Developers often use 3rd party SDKs and services that can render the game useless if they are not included
That is indeed a case, and potential solutions has been discussed. The main idea is that games that have already been made do not need to comply with this, so they don't need to change anything. Moreover, some videogames have already been released with middleware stripped out of them. From the top of my head: Doom 3, Blietzkrieg. So you can work around that.
> I don't mind if there'd be a law that would allow players to modify and even reverse engineers previous versions of the game for the sole purpose of playing the game
To my knowledge, you can already do that in most jurisdictions. That's why there are a lot of decompilation projects that started in recent years.
> This kind of regulation demands nothing from the game developers
The problem is that for games with online components you also require server binaries, which you don't always have access to. So developers would need to provide at least those binaries. So unfortunately even in this case there will be something that developers must do.
> C&C Generals
That's a good example because EA made source code available last year for most C&C games. So people have been improving unofficial versions.
> Most of the demands I've seen from the SKG crowd demand actual laws that define what developers must provide players
SKG itself does not demand anything specific, that's the idea. People who support the initiative do provide some potential options, but I don't think they are forcing it on anyone.
The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly.
Likewise, the legal risk for small indie games here rounds to zero. Most such games will, at worst, lose access to online leaderboards if their developers shut them down.
I'm a developer of a mobile indie game and it's not true. Just to get started you need to implement tons of third part SDKs like Meta Ads, AdMob, Google Analytics, etc. These require actual handling of player choices, data sanitation etc. disregarding the loss of revenue with not being able to serve personalized ads, or even ads at all to large segments of players. And I'm talking about strictly optional rewarded ads.
These already harmed a lot of small mobile game companies, while the bigger mobile companies had much better means to deal with these.
I personally paid over $10K for different services just to comply, disregarding the loss of revenue over this compliance.
Did you ever build a commercial project or any business yourself? The nature of your comment implies to me you haven't. I highly recommend you give it a try, it might actually change your mind!
I didn't know it was impossible to build businesses without inserting to Meta/Google/others ad SDK to spy on all my users. Maybe we should stop normalizing these behavior.
Yea good luck getting any reasonable visibility on App Store or Google Play without paying good amount of $$$ to meta, Google etc.
Trust me I would have loved to throwaway this dependency on these platforms, I don't enjoy paying for ads. The market is not pretty, but there's a reason for why it's the way it is. For some reasons, players prefer downloading games for free and then paying potentially hundreds to thousands of dollars on IAPs, rather than everyone paying $5 for a game. I would have preferred it to be the latter personally, but the market doesn't seem to want to act this way.
Your videogame is a data-harvester for the purpose of ad-serving, why on Earth would GDPR compliance be easy for you? It sucks that the mobile market is essentially just a glittery front over privacy invasion vectors, but just because it's normalized it doesn't mean it's right. "Serving third party ads" is exactly the kind of thing the GDPR exists to regulate harshly.
That's cool and all, I really don't have a problem with the requirement to tell players to their face that if they play the game for free, they are sharing their data and preferences with 3rd parties. Denying content creators the ability to (a) restrict content to free loaders who refuse, (b) forcing companies to pay for services that so they could reasonably comply, mostly because the legal language is so ambiguous and broad, is something I do not appreciate.
> The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly.
I buy a VPS. I apt install nginx. Is it okay that by default, opening http://IP/index.html logs the IP address to /etc/log/nginx/access.log? Maybe yes, maybe no, maybe yes but I need a privacy policy (for an empty index.html). Maybe I need to ask a lawyer (who usually errs on side of caution) because people have been arguing about it for 10 years (and please don't answer here). And in the end, even if I didn't need to do anything, it sure is _some_ nonzero drain of my resources to have think about it at all (completely ignoring whether it's justified or not).
- That data processing always requires consent. There are exactly six reasons for storing or processing data: consent, contract fulfillment, legal compliance, vital interests of a natural person, public interest/official authority, or legitimate interest. Collecting IP addresses can be a legitimate interest, but:
- The real interesting question is what you do with the IP addresses after they're stored in a file. Securing your server is a legitimate interest. Tracking your users is generally not. Having lawfully collected data is not a carte blanche to do anything you choose with it.
Yes. IP addresses by themselves are not PII and may be logged indefinitely. It's only after you start correlating them with other shit that you're collecting that they become subject to GDPR.
Same for cookies really. If you *only* operate a shopping cart, you don't have to display a cookie notice for "only technically required cookies". The point of the cookie notice is to dark pattern users into granting more access or just to annoy them enough that they continue not caring about privacy.
Now you probably don't have a lot of empathy for big corps, but those laws often apply for small businesses as well (why wouldn't they?) and now imagine the struggling indie dev now also having to deal with another legal compliance so they won't lose their house to a legal troll, when they just struggle to get a game out there they have no idea if it's even going to ever be successful.