Category Archive

Video Game Technology

Gaming and Gambling: Microtransactions And Lootboxes

Gambling is widely considered an adult activity, and for good reason. It’s addictive, it has the potential to eat a lot of money, and it’s often difficult to stop!

However, these are also great reasons to introduce gambling into places where it doesn’t belong if the business likes money more than its ethics.


Games and Skins


When you see someone refer to a ‘skin’ in a game, they’re talking about the image used for the surface of the in-game item. Character skins change out clothing, while weapon skins might change the weapon’s color. Traditionally, skins aren’t supposed to do much, but sometimes the skins in a promotional package come with minor boosts to the weapon’s stats. Nothing that would tilt the see-saw into ‘impossible to beat’ territory, but just noticeable enough to add a nice bonus for pre-ordering the game.

Skins are one of the few things a game can go buck-wild with that won’t ruin the playstyle.

For a healthy group-gaming experience, games shouldn’t have the option to simply buy the good items with real money, and most games acknowledge that. In-game currency is one thing – looting crates and enemies is available to all players. When in-game currency is used, the best and most-well-regarded games don’t allow players to purchase it, or purchase too much of it at one time, to keep ‘whale’ players who have a lot of money to spend from stomping out beginners, or players who have more self-control. Games that don’t limit it aren’t usually very well-liked. It’s pay-to-win, not win-to-win. As such, most good game studios limit what you can actually buy with real money.

Skins are a rare exception to the real money rule because they don’t alter the playstyle, they’re purely cosmetic. If a game wants to offer up a 19.99$ knife skin that doesn’t make it stab any faster, players will buy it for fun, and players who don’t buy it don’t have any complaints. That’s totally reasonable. You don’t have to buy the skin to win. Skins became a way to show off money, and just like any real-money item, they became trading tokens, but otherwise most players were happy with the arrangement. Show off money, whatever – I’ve got a game to win.


The Curse of the Loot Box


Loot boxes are widely considered a scourge. They started out almost as a fundraiser, a way to keep money coming in from free-to-play games without overloading the end user with ads. However, it soon turned into a primary source of revenue for online and mobile games, and from there it transmuted into a monster. Games realized that people like gambling. For the rest of the population who didn’t, well, too bad! The game-makers take the fun nature of simply buying a stupid skin for your in-game weapon, and turn it into a slog, or worse – a paywall, depending on how long it takes to get your desired item. It’s fun for some of the players, but most have mixed feelings about them.

I’m not saying it’s a conspiracy that nobody gets the skin in the first box, but it’s certainly incredibly rare. But wait, the game could solve this by just offering the skin in the store, right? It’s fun to try and win a 15$ item with a 2.50$ loot-box when you have the fallback of simply buying it instead. You know what’s not fun? Gambling for something you really want with no promise of receiving it even if you do spend what it’s worth on loot boxes. Guess what a bunch of games do instead of offering a store.

In that case, the player could just not play for the skin, right? They could just… not buy the lootboxes, and not care about the skin? That’s where the issue with gambling comes in – that’s only a viable option if everyone behaves perfectly rationally. Players want the skin irrationally, and they’ll say “I’ll buy five boxes and then quit”. And then when the fifth box doesn’t have the ultra-rare item they want, they’ll either stop or keep going. “Well, maybe the sixth box”. “I’m feeling lucky number seven”. It keeps going in spite of their own judgement, and soon the player has blown way more money than they intended to, and sometimes they still don’t have the skin! Not everyone gambles, but enough people do to fund the game and create issues for the FTC.

Even Worse.


But wait – it gets even worse! Star Wars Battlefront II allowed players to play as characters from Star Wars, and it cost as much as a triple-A studio game usually costs, about 60$. However, there was one noticeable issue: microtransactions and lootboxes woven into the game. The lootbox mechanic allowed some players an obvious advantage over other players, and lootboxes were purchasable with real money. Suddenly it was super hard to have fun without spending money. Players were paying 60$ just to get stomped to death by another player who spent 200$ to win.

Most games with lootboxes that allow advantages are at least free-to-play, meaning you can enter for free and spend money on upgrades or lootboxes as you desire. It’s a trade-off: no upfront fee, smaller optional fees later on. Plague, Inc., a free-to-play mobile game, has extra content behind a paywall, but the game itself is complete without that extra content. It’s still possible to win without it (and it’s also much cheaper). Star Wars Battlefront II is charging a door fee to lose to someone with more money, and EA, when questioned on Reddit, responded with “too bad”.



That comment got them the single-most disliked comment in Reddit history, and they were forced to move away from their lootboxes and microtransactions to get their players back. It just goes to show how warped the gaming industry’s idea of their players is! People don’t have to buy games, and big game studios were getting a little too complacent with microtransactions.

Addictive – For What?


Loot boxes are an easy way to take advantage of the addictive nature of gambling, without trading anything of real value to the player for their money, even when it is just skins. At a casino, you know what you’re walking into, and they’re required to have a certain return rate. Some casinos even advertise that they’re ‘looser’ than the state requirement out here in Vegas. You win money if you win, and if you don’t, then at least you got to play the game knowing what the odds were.

Game loot boxes are a totally different beast. You sit down to play a ‘game’ against a computer that doesn’t have a law-specified return rate, so you have no idea if you’re actually capable of winning what you want. You can lose 40 dollars and get common skins or minor boosts for items over and over and over again. Well, you might not have meant to spend that much money, but – just like a casino – the game hijacks common sense and rational thought.

All the addictive science of the casino, none of limitations associated with going out to one. If someone comes into a casino with only cash, and they left their cards at home so the ATMs wouldn’t tempt them, they’re going to find it much harder to stop when the game only takes a credit card. Cash has a hard limit, either you have physical money or you don’t. Digital cards are immaterial to an addict.

In fact, skin-gambling in games like CSGO is such an issue that a gray market of skin-trading has popped up. People who have the money to drop on lootboxes over and over and over again can rustle up some rare skins to sell into the market, where horse-betting levels of money get involved. The FTC doesn’t like these sites very much, but it’s difficult to actually get them on anything – the closest they can get is charging them with failures to disclose sponsoring. Speaking of which, sponsoring and advertising is also a big issue with lootbox systems!


Ethical Issues with Loot Boxes


‘Mystery boxes’ started appearing IRL. To be perfectly clear – I’m not talking about blind bags. Blind bags are little toys in packaging that keeps the buyer from seeing inside until it’s opened. The toys can all be differing levels of rarity and collectability, but they A) don’t usually cost more than ten dollars and B) give a real item no matter what. It’s incredibly low-stakes, even if you do get a repeat of a common item, you still receive a physical toy. These ‘mystery boxes’ don’t promise to pay out with anything, which – given the cost – is horrifying.

See the scandal with Youtubers like RiceGum and Jake Paul advertising a gambling service to their largely underaged audience, via a website called Mystery Brands. Sure, you could win a car for 50$ – but the odds are lottery-levels of unlikely. Verging on statistically impossible. Most people who studied the incident called it a scam, as it might literally be impossible to win some of the prizes, like a house the site advertises even though they don’t own the deed. Even if you do win, you might not get what you ‘won’ – users complain of fake products and boxes that don’t ever ship.


Kids don’t know that.


A small study from Australia shows that children misperceive ‘winning’ in gambling as a skill, instead of pure luck. They literally don’t understand how much the odds are stacked against them, which is exactly why they’re being targeted. Personalities sell things all the time, but most of the time the endorsement is for, like, cereal. It’s dangerous to put gambling mechanisms in front of kids and say ‘buy this!’. It’s why the FTC works to prevent these things. Loot boxes and mystery boxes are close cousins, and both appeal to the same part of the brain that answers to gambling.


For the Children


Intermittent rewards are the most rewarding of rewards. Give a rat a treat every time it presses a lever, and it will only press that lever til it’s full – give a treat to the rat on random intervals of lever-pulling, that rat’s just going to sit there and pull the lever all day. Gambling engages this behavior in humans, which is why gambling addiction is such a real issue.

Not to go all “Think of the children!” on this, but it really is a danger to them. The link between violent video games and violence IRL is basically nonexistent in studies, but gambling in games? Develop an addiction to gambling via these lootbox games, and it will follow them for life. Not to mention the harm done to them in the ‘now’! Teens are the perfect mix of impulsive, emotional, and easily misled by idols (and popular games!!!) for gambling companies to latch onto and suck dry, which is why they got Jake Paul and Ricegum to sell it, two Youtubers popular with the under-eighteen crowd. If they wanted adults playing these games, they would have sponsored someone else.

Loot boxes evade parents because they don’t look like gambling. And yet, loot boxes take real money. Even though the stakes are smaller, it’s still offering up the same gambling mechanism to kids with the same addictive rewards output. The prize doesn’t have to be a full-blown car for it to turn into an addiction, it just has to stimulate that part of the brain that wants rewards and is uncertain about getting them; it only gets easier to siphon cash from them as they get older. Game companies looking to make a quick buck are hooking kids into spending real money on immaterial rewards.

Look at it like smoking – kids who make it to 18 without smoking are much less likely to ever start, and cigarette companies used to make ads with fun cartoon characters to try and suck kids in before then. Gambling is much the same: start early, and potentially create a life-long habit of gambling in games.



Emulators: Legal Gray Area

History of the Emulator


An emulator is a program that emulates a game console, usually for the purpose of playing a game that is – either by price, age, or device – inaccessible. Streamers commonly use emulators to play Pokemon games made for the Gameboy, so they can screen-record their gameplay directly from their computer instead of having to somehow hook the Gameboy up to it. Zelda fans might want to play Ocarina of Time, but they might also find that the console to play it on is awfully expensive for one game, but an emulator is pretty cheap! In certain cases, games are geolocked – countries restrict access to certain forms of art as a means of censorship. Emulators can make those games accessible to people who want to play them in that country.

In the 1990s, consoles were on top when it came to games. Computers were rapidly gaining in power, however, and some folks realized that the console could be recreated using a home computer. The first emulators were born via reverse-engineering console coding. They evaded legal action by only copying devices that were outdated, but that changed too with a major emulator made for the Nintendo 64 while it was still in production. Nintendo pursued legal action to stop the primary creators, but other folks who had already gotten their hands on the source code kept the project going.

Ever since then, emulators have lived in a delicate balance of making games available and making them so available that the parent company decides to step in and try to wipe it out, which is nearly impossible once it’s out on the open web. Gamers simply won’t allow a good emulator to die!




Copyrights are crucial to the gaming ecosystem, and it’s a delicate balance of allowing fan art, but disallowing unauthorized gameplay. Allowing game mods, but disallowing tampering that could lead to free copies being distributed against the company’s wishes. Copyright laws are always evolving – new tech comes with new ways to copy, create, and distribute intellectual property. Generally, though, copyright falls back to permission: did the original company intend for their IP to be used in this way?

Emulators and copyright don’t get along very well at all! Emulators are, by their very definition, creating access to the game in a way the original company didn’t intend. As such, it’s unofficial, and if money is exchanged, it’s not normally between the copyright holder company and the customer, it’s the customer and some third unauthorized party.

Games aren’t selling you just the physical disk. You’re buying a license to play the game. If you take it as far as Xbox intended to back when the Xbox One was coming out, friends are only allowed to come over and play with you on your license because the company can’t enforce it. It’s a limitation of the system that they can’t keep you from sharing disks.

Not every company thinks like this (see the Playstation 5), but that’s the most extreme possible interpretation. You bought a disk so you could play a copy of their game that they have licensed out to you. You own the right to play that copy of the game, you don’t own the game itself.


Consider: Death of a Console


When a console dies, it’s taking all of its content with it. There is no more money to be made off of it, and the games are going to slowly disappear into collections and trash bins.

Does art need to exist forever, or is it okay if some art is temporary? Not every Rembrandt sketch is still in trade – some of it was just sketches, and he obviously discarded some of his own, immature art. Immature art is interesting to see, but it’s not what the artist wanted their audience to see. Otherwise it would have been better kept. Think about the ill-fated E.T. game that Atari made, they weren’t proud of it, they didn’t want it seen, and they saw fit to bury it. So they buried it. It was directly against their wishes for people to find this game and then play it. Emulating it is obviously not what the programmers who made it wanted for it.

But then consider all the little games included on a cartridge that’s just forgotten to the sands of time, made by a programmer who didn’t want it to fade away? Acrobat, also for the Atari, isn’t very well-remembered, but it still made it onto Atari’s anniversary console sold in-stores. 97 games on that bad boy, and Acrobat was included. It’s not a deep game, it’s nearly a single player Pong. But the programmers who made it didn’t ask for it to be excluded from the collection, so some amount of pride must exist over it, right? Does the game have to be good to be emulated? Is only good art allowed to continue existing officially?

Is all art meant to be accessible to everyone?

If some art is made with the intent to last forever, is it disregarding the creator’s wishes to not emulate it, against their production company’s wishes?

If art’s made to last forever but the artist (and society) accepts that that’s simply unrealistic, is it weird to emulate it, in the same way it’s weird to make chat-bots out of dead people? Every tomb we find, we open – even against the wishes of the grave owner, in the case of the Egyptians, or against the wishes of the living relatives, in the case of Native Americans. Video games are kind of like tombs for games that have lived their life and then died. But they’re also kind of like art.

When you get past the copyright, it’s a strange, strange world to be in.


Ethical Dilemma


Stealing goes against the ethics of most societies, modern or not. The case against emulators is that it’s stealing.  It often is! An emulator/ROM (ROMs act as the ‘disc’ or ‘cartridge’ for the emulator) for Breath of the Wild was ready just a few weeks after the game launched, which could have seriously dampened sales if Nintendo didn’t step in to try and stop that. That first emulator, the one for the Nintendo 64, also drew a lot of negative attention for the same reasons, potentially siphoning away vital sales.

However, there’s a case to be made for games and consoles that aren’t in production anymore.

Is this a victimless crime, if the original game company really can’t make any more money off of it? It’s one thing to condemn piracy when the company is still relying on that income to make more games and pay their workers, it’s another entirely when the game studio isn’t interested in continuing support, and the console had a fatal fault in it that caused many of them to die after 10 years. That game is as good as gone forever without emulators. With no money to be made, why not emulate it?

In less extreme circumstances, the console’s still functioning, but the cartridges that went to it are incredibly rare. The company could potentially make money off of the game if they someday decided to remaster it, but that’s unknowable. Licenses could be available for purchases… but they aren’t right now.

Or, even better, the cartridges are still available for purchase in the secondary market. You just don’t happen to have the console, which has now spiked to a cost of 400 dollars due to reduced supply over time. You buy the cartridge – you’re still buying the license, you just don’t have the car, right?

According to copyright, you need a specific car for a specific license, but ethically, you’ve done the best you can as a consumer.

Assuming you have tried to buy a license for the car. The biggest issue with emulators is that they allow unlicensed drivers access to cars, making piracy much easier than it should be.


Brand Name


Much like Disney did with Club Penguin’s many spinoffs, emulators are kind-of sort-of overlooked up until they start eating into sales. Most companies just don’t want to spend money to enforce an issue like emulators – their game is still being played, their brand is still out there, and the users are going to be very upset if this big company decides to step in and ruin fun when they don’t need to. It may do more harm than good to try and wipe the emulator out when most people want to do the right thing.

Obviously, they’ll need to put a stop to emulating new games – the goal is to spend just enough money to do that effectively without also overstepping and destroying emulators for consoles no longer in production. It takes money to make games, games should earn money as a result. Removing emulators for games and consoles no longer in production isn’t helping them earn money – as such, many are allowed to stay. For now.




Blizzard Entertainment’s 2012 Hack: An Example of How to Do It Right

In 2012, game developers were beginning to experiment with a principle known as “always on”. “Always on” had many potential benefits, but the downsides keep the majority of games from ever attempting it. Many of the notable standouts are games that require team play, like Fall Guys or Overwatch. Others without main-campaign team play tend to fall behind, like Diablo 3 and some of the Assassin’s Creed games. Lag, insecurities, perpetual updating, etc. are all very annoying to the end user, so they’ll only tolerate it where it’s needed, like those team games. It’s hard to say that this hack wouldn’t have happened if Blizzard hadn’t switched to an “always on” system… but some of their users only had accounts because of the always-on.

Blizzard’s account system was designed with their larger, team games in mind. It was forwards facing, and internet speeds were getting better by the day. Users were just going to have to put up with it, they thought. Users grumbled about it, but ultimately Blizzard was keeping data in good hands at the time. You wouldn’t expect accounts created purely to play Diablo 3 to lose less data than the user profiles in the Equifax breach, right? Blizzard didn’t drop the ball here! What did Blizzard do right to prevent a mass-meltdown?

Hacker’s Lament


The long and the short of it was that Blizzard’s stuff had multiple redundancies in place to A) keep hackers out and B) make the info useless even if it did end up in the wrong hands. Millions of people had lost data in similar events before, and security experts were more and more crucial to keeping entertainment data safe. Blizzard was preparing for the worst and hoping for the best, so even when the worst struck here, they were prepared.

The actual hack was defined by Blizzard as ‘illegal access to our internal servers’. It released the listed emails of players (excluding China), the answers to security questions, and other essential identifying information about accounts into the wild. However, due to Blizzard’s long-distance password protocol, the passwords themselves were scrambled so much that the hackers might as well have been starting from scratch. This is still a problem, but it’s not a world-ending, ‘everyone has your credit card’ problem. Changing the password on the account and enabling 2FA was considered enough to shore up security.


Potential Issues


Lost email addresses aren’t as big of a problem as lost passwords, but they can still present an issue. Now that the hacker knows an email address was used on a particular site, it’s possible to perform a dictionary attack, or regular brute forcing! This strategy will eventually work, but the longer and more complicated the password is, the less likely it is to succeed on your account in particular.

A secondary problem is the lost security questions. Those are a form of 2FA. Depending on the question asked, guessing something that works or brute forcing it again is dangerously easy. Sparky, Rover, and Spot are very popular names for American dogs, for example. If the hacker is able to identify that the player’s American, and then guess the name of their first dog, they’re in! They can change the password to keep the legitimate player out. (Part of Blizzard’s response is forcing users to change their security questions for this reason). 2FA that uses email or mobile is generally preferred. acted as an overarching account for all the games, and made the stakes higher for an account breach. All the online Blizzard games went through Losing access could mean losing access to hundreds of hours of game progress. Or worse: credit card data and personal info.


Online, Always, Forever


The event provided ammo for anti-always-on arguments. There was no option to not have a account if you wanted to just play Diablo’s latest game. Some users were only vulnerable as a result of the always-online system. If they’d simply been allowed to play it offline, with no special account to maintain that always-online standard, there wouldn’t have been anything to hack! Previous Blizzard games didn’t require People who stopped at Diablo 2 seem to have gotten off scot-free during the hack. This is annoying to many users who only wanted to play Diablo 3. They might not find value in anything else about the system. Why bother making users go through all this work to be less secure?

When discussing always online, there’s good arguments to be made for both sides. Generally, always on is better for the company, where offline gaming is better for the consumer. Always on helps prevent pirating, and it gives live data. Companies need data on bugs or player drop-off times, which can help them plan their resources better and organize fixes without disrupting the player experience.

On the other hand, consumers with poor internet are left out, as lag and bugs caused by poor connection destroy their gaming experience. As games move more and more to pure digital, buying a ‘used game’ only gets more difficult for the consumer. Companies treat purchased games as a ticket to a destination, rather than an object the consumer buys. Games used to be objects, where anybody could play the game on the disc even though save data stayed on the console. Buying access to Diablo 3 via means that there’s no way to share that access without also allowing other people to access the account, which stores the save data. It’s the equivalent of sharing the console, not just the disc.




The response to the stolen, scrambled passwords was for Blizzard to force-reset player passwords and security questions, just in case the hackers somehow managed to unscramble them.

2FA is always a good idea, and Blizzard strongly recommended it too. 2FA will do a better job of alerting you than the default email warning  ‘your password has been changed’ will after the fact. After you’ve received that email, the hacker is already in. Depending on when you noticed, they could have already harvested all the data and rare skins they wanted by the time you get your support ticket filed! Setting up 2FA first means that you’re notified before that happens.

All in all, Blizzard handled this particular incident well! Companies are required to inform their users about potential online breaches, but some companies do this with less tact than others. Formally issuing an apology for the breach isn’t part of their legal requirements, for example. What made this response possible in the first place was Blizzard’s competent security team, alongside a set of policies that were strictly followed. Logs and audits in the system ensured that Blizzard knew who accessed what and when, which is critical when forming a response. Blizzard was able to determine the extent of the problem and act on it quickly, the ultimate goal of any IT response.