Well then please explain what is difficult here. You initiate a purchase with bitcoin, valve instantly grants you access, then few hours later valve checks if the transaction has been confirmed in the blockchain or not. If it hasn't, then the entitlement is removed. What's not simple about it?
They already answered this question in their previous post... The fraudster scales up their account creation. You ban then after 2, they switch to a new account... which you ban after 2, and they switch to another new account, which you ban after 2... and so on, ad infinitum.
But then what? Someone downloads and plays a game for an hour, gets banned, then goes through the whole process of having to do all that again?
Doesn't seem like a good user experience. All to get a free hour of gameplay?
There are easier ways of pirating games. The only possible usecase for this kind of fraud would be if you can buy digital items, transfer and then sell those digital items.
But even then, that might be difficult to do all in 10 minutes.
I don't care how well it would work, and I'm not arguing any of your points... I don't even understand why you people like these video games, so I'm the last person who should opine on what constitutes a good UX.
My comment was intended to point out that it's parent comment didn't bother to read the grandparent comment, which had clearly answered the question it was asking.
But then the parent comment author edited themself, I assume to avoid looking foolish. So I guess it's irrelevant now.
...or so say the guys sitting in the cheap seats. In practice, it may well be more complicated than that, and involve all sorts of other tradeoffs. It usually is.
> In practice, it may well be more complicated than that
No, its not. If an account gets banned after an hour, all that happened is that the user got is 1 free hour of playing a video game. There are easier ways of pirating videos games than that.
So really, thats good enough.
You tried to claim "The fraudster scales up their account creation". And I am telling you, that if a fraudster wants to play a video game for free, there are much easier ways of doing so. By just pirating the game, for example.
So that specific point is wrong.
> or so say the guys sitting in the cheap seats
Actually, it seems like you are the one sitting in cheap seats. Because you have already straight up admitted that you don't really know much about the industry. Whereas, people like me, who do work in the games industry, do know about what a good user experience is for people playing video games, actually know more about this than you do.
So, in other words, you actually should "care how well it would work". Because how well it would work, is integral to the attack vector.
I worked five years in the game industry, mostly on (guess what!) security and infrastructure for a Very Large F2P game. I was nowhere near game design or any part of the game loop itself, but I did a lot of work on our account system.
> > In practice, it may well be more complicated than that
> No, its not...
You keep assuming that the information you already have is ALL of the relevant information about this issue. You're just a Monday Morning Quarterback, and you have no way to know whether the situation is more complicated than this. So you can't possibly make absolute statements about this... Unless you happen to work at Valve, on something that has given you actual experience with the Steam account system.
There are easier ways to pirate a game than this, as getting banned after an hour is not a good user experience, and the user would be better off just pirating the game.
For which you had no response.
The only specific reason that you gave, which was "they could just make more accounts" I refuted by describing how it would be easier to just pirate a game.
And then you refused to address the refutation, because you didn't have a response.
If you didn't have any specifics arguments about that point you could have just said so.
Because I was talking about the actual, specific arguments, about why your previous statement of "make infinity accounts" was wrong, and you are now continuing on being incapable of giving a response to that specific statement.
Making new accounts isn't trivial. You can add friction from suspicious attempts like requiring a phone number or making them wait some time. Some determined attackers might slip through but at the end of the day all you are losing is some bandwidth.
Are you suggesting that there may be a human being on earth who has the tenacity to enjoy games while creating new accounts, pulling off successful bitcoin heists every 1-2 hours and risking losing their save games? And doing that forever?
> Are you suggesting that there may be a human being on earth who has the tenacity to enjoy games while creating new accounts, pulling off successful bitcoin heists every 1-2 hours and risking losing their save games?
Most of the “tenacity” parts implied there are automatable, so it's mostly about “can people enjoy the paid-for experience of a game with ephemeral rather than durable accounts”, which, well, really depends on the design of the game.
