Originally posted by Hamish Wilson
View Post
When playing a game, you need to be able to trust your client (ok in closed and open source model), the server (ok in closed and open source model), but also all the other clients of the other users!
If, as a service provider, you want to certify the integrity of data sent by a client, you need to be able to certify that the client has not been modified. This is already very difficult to do in closed source form (not so many uncracked DRM schemes). This is much more complicated to do with an open source client (how many open source, DRM compliant softwares do you know?).
In fact, it is impossible without retaining at least some information from the users (at list a digital key hidden in the binaries, or use a dedicated hardware key not accessible to the user). You can publish the rest of the source, but it cannot be done without relying on some obfuscation (hiding keys in binaries or in hardware).
If you don't, you need to analyze client data and guess what is human and what's not. That means you have filters for specific behaviors, which can be circumvented easily (unless you don't tell users what your filters are... oh, obfuscation again).
So, you can open source up to one point, but the advantages are clearly not as high and obvious as from a security (from the outside) standpoint.
Leave a comment: