Tuesday, September 15, 2015

Baldur's Gate: Shady Multiplayer Privacy Practices

Two days ago, an Anonymous individual posted this comment to my blog regarding Baldur's Gate.  It does not show up in the comments section and only appeared in my email.  His comment was so thorough that I thought I should post it in full here:

"'While there was no central matchmaking service like Battle.net integrated into the game, TCP/IP hosts were supported.'  [This is what I said in the previous blog entry, his or her comments follow]

Unfortunately, this is not correct. "Unfortunately" because Bioware integrated hidden GameSpy registration matchmaking functionality into the multiplayer module and enabled it by default for TCP/IP hosts. Yes, you read that right. If you hosted a TCP/IP game, BG would clandestinely register the game at the Gamespy servers - without your knowledge or consent. If you were hosting a TCP/IP session anyone could and would appear (unless you either disabled the functionality/otherwise blocked connections with your firewall or/password protected the game/disabled "listen to join requests").

This had to be disabled with a setting in baldur.ini (not documented, just like the hidden GameSpy functionality wasnt) as follows:

[Gamespy]
Enabled=0

That's what the strange vague reference to the Gamespy "region" setting in the README.TXT file and the Baldur's Gate Config utility refer to - configuring which region to register the hidden in-game Gamespy multiplayer matchmaking functionality with (which is based on DirectPlay functionality) in the baldur.ini file.

So yeah any time you hosted a game all the details of it were listed and advertised (unbeknownst to you most likely unless you disabled it of course) at the GameSpy matchmaking servers for all the (GameSpy) gamingverse to see...and join, if they so chose.

In fact, BG even came with the GameSpyLite client (not documented and installed without consent along with the HEAT client) so that you could find these "undocumented hidden" multiplayer games (through Gamespy/HEAT).

So while its true there is no "in-game" CLIENT matchmaking service, there IS an "in-game" SERVER matching-making service - the undocumented hidden auto-enabled Gamespy server registration. And it was easy enough to find any/one of these games via the GameSpyLite client (or any other GameSpy client etc) which one could Alt-Tab to if needed to find a game.

In fact, when this clear violation of user privacy/connectivity control (not to mention lack of transparency and forced third party software install with no user knowledge or consent) was later made known to BioWare circa 1999/2000, they at first officially denied it, then later officially claimed that "privacy and security was not a concern when the game was first published back in 1998".

So there you have it, the scandalous sordid history of BG's in-game hidden undocumented Gamespy server registration for hosted TCP/IP games.

FWIW, some people find that disabling the (now useless due to GameSpy defunctness) hidden Gamespy server registration for hosts/servers fixes direct connection issues with clients
."


This is rather unusual for this time.  The days of TAGES and SecuROM and copy protection that would install rootkits on your PC without your knowledge or consent were not yet upon us.  Big Data in the form of Google services and all its competitors was still in the future.  Windows 10 is always sending some kind of data to Microsoft but what Baldur's Gate did is comparatively tame.  

I never used the multiplayer back in the day, I always assumed that you used it solely by typing in the IP address of the host computer if not trying to connect via a LAN.  That is what the manual says and that is how the interface works.  A GameSpy client could save you the trouble of finding IPs hosting games and typing the IP in.  But was it always present?  Consider the following version list for Baldur's Gate :

        1.0.4309  -  Full Release - Baldur's Gate
        1.1.4312  -  Beta Patch - Baldur's Gate
        1.1.4315  -  Release Patch and Product Revision - Baldur's Gate
        1.1.4320  -  DirectX 8.0 Multiplayer Fix - Baldur's Gate (executable only)

        1.3.5508  -  Full Release - Tales of the Sword Coast
        1.3.5512  -  Release Patch and Product Revision - Tales of the Sword Coast
        1.3.5521  -  DirectX 8.0 Multiplayer Fix - Tales of the Sword Coast (executable only)

The 1.1.4315 version's readme is where they first mention Gamespy.  My DVD-ROM has 1.1.4315 and it presumably installs the Gamespy service.  It contains the Gamespy Lite and HEAT applications.  The readme for 1.1.4315 states that "Gamespy software is automatically installed" and "Region:  This setting is used for Gamespy connections".  My Tales of the Sword Coast CD also has the Gamespy Lite and HEAT applications.

My original version, 1.0.4309, does not appear to have any Gamespy connection at first.  It isn't mentioned in the manual, the readme and the GameSpy Lite or HEAT applications are not present.   However, I have the UK release, not the US release, and the GameSpy logo is on the back of every US big box I have seen.  It does not appear to be on the UK big boxes.  When I do a straight 5CD install, no patches, no Expansion Pack, the Region setting is present in the configuration program and the is an entry for the Gamespy region is in the Baldur.ini file. Therefore, it appears to be present from the day the game went Gold.  I am not sure there are any software differences between the US and the UK launch versions outside the readme file.

Now, I am sure that someone must have wondered how strangers were joining their multiplayer servers when they had not advertised that they were hosting outside their chosen circle of friends.  When people said I saw your game on GameSpy, the next thing that the person running the server must have asked is "How does GameSpy know I am running a multiplayer BG game?"  A Yahoo Search later (remember, this is the late '90s) and I'm sure most people could figure out that their information was being communicated to GameSpy in some manner. Not that this should excuse Bioware of deceptive, security compromising practices.  Fortunately, you no longer have to worry about this since GameSpy has been shut down since 2013 and its Baldur's Gate matchmaking servers were probably shut down years earlier.  You can still host your own multiplayer game of Baldur's Gate with your friends and disable the GameSpy services using the ini entry above to ensure that you can receive your maximum performance and bandwidth.  

3 comments:

  1. Nice entries about this great game ;)

    Now i am in the mood for complete this and all expasions, i wonder if you know what is best to use as a guide, the ones in gamefaqs for example or some of the printed ones?

    I've been looking in amazon for printed, found only Bradygames and reviews are very low.

    If anyone knows the best printed guide to play BG fully .... thanks!!

    ReplyDelete
  2. The walkthrough at dudleyville, http://www.forgottenwars.com/bg1/, is excellent and covers anything you wanted to know about the game and its expansion with maps. Those book bound strategy guides are pretty poor. They sometimes do not even come with maps, and when they do, the maps are hard to read. I don't recommend using a walkthrough unless you get stuck.

    ReplyDelete
  3. ok!, i was looking more for a starting guide, chars, magic system, etc... that full walktrhough, thanks for suggestion!!!

    ReplyDelete