SPORE: SECURITY HOLE, Besides SuckuROM, that is.

Whole thread.

To summarise: Spore's Creature Creator will use your Windoze login name on your stuff if it can't connect to the server to get your EA account name. Since it will also be attempting to phone home, either as a 'feature' or when you upload your shiny new stuffs, this will go hand-in-hand with your IP address. If your Windoze login name is your real name, this is a very bad thing.

So, business as usual for EA, then, really.

Seems to be a totally non-issue to me.

For a start, knowing someone's login name is pretty useless without their password. And only the terminally stupid would have no password set or have it set to something really obvious. If that's the case, they deserve anything they get. You're more likely to get hacked by getting your Windoze box infected rather than some hacker guessing your password.

And just how is this information meant to get on to the Spore server? If the Spore server is unavailable enough that it can't get confirm your Spore login name, then it's unlikely to be able to upload your creatures either, is it?

The issue is not hacking, it's identity theft. Well, that plus the fact that EA have no right or reason to be collecting login names in the first place.

Not at the same time, no. When it comes back up and you hit 'upload', though...

The issue is not hacking, it's identity theft.

Oh come off it, it's nowhere near identity theft. There is no way someone using your Windoze login could claim to be you - especially not on your own computer cos they won't have the password.

I guess they need some verifiable ID to associate to a creature so that they can track the people that will no doubt try and flood the system with penis monsters and other non-child friendly activities.

Not at the same time, no. When it comes back up and you hit 'upload', though...

You could hit "save" first, thus resetting the stored ID and then hit "upload"...Or just not play Spore at all

Spore will already phone home, and contain SuckuROM, both of which are suspicious activities and both of which will hand the IP address to the server. The idea of it collecting yet more random data about my computer on the basis that I might be a paedophile is not comforting. What are they going to do with this data then?

Yep, that latter's my plan. As of the FreeTime debacles, Sims 2 EPs are mysteriously finding their way onto my hard drive without my buying them, and no other EA product is even doing that.

Spore will already phone home, and contain SuckuROM, both of which are suspicious activities and both of which will hand the IP address to the server.

How is "phoning home" a suspicious activity in a multiplayer game?

It's not about paedophiles, it's about preventing people posting up penis monsters or other offensive content. It's far easier for them if they can see who is posting up the filth and ban them, rather than each creature's creator being anonymous and them having to painstaking check every creature. Cos the kinds of idiots who are going to cause trouble are likely to just create loads of dodgy creatures.

Of course it'd make far more sense if the name of the creator was added by the server when you uploaded it rather than your PC when you saved it, so don't think I think they're ideas are entirely sensible.

Some Pointy Haired Boss has probably had some kind of hissy fit about people playing offline and then uploading stuff when they go online next and not understand the problem and forcing the coders to put in a stupid idea rather than a sensible one.

It's not, until you realise that EA's single-player games (notably Sims 2) also phone home, even when auto-update is turned off. Which suggests that EA are in the habit of sending information back without player consent.

My primary point is that EA are a fundamentally untrustworthy company, and have been proved so many times over by now. I'm no longer willing to give them any leeway for incompetence, because this many spyware incidents can only be attributed to malice.

Oh, sure. IP and server username logging would do that just fine, though.

Possibly. But see previous paragraph re: EA's continued attempts to include spyware in their games.

I think its also a police that EA have that the customer is a criminal in how they deal with handling game copying. I think they feel more under threat that most companies with this as one of their primary methods of earning is expansion packs - just look at the sims and how many there are. After a few people start not wanting to spend £15-20 on another expansion pack - and they don't want to spend £30 on a bundle as they have some of them anyway. So there is more incentive for game hacking and copying -- plus my own view is that most of the expansions are not adding much more to the actual playing of the game anyway so are not as desirable.

Having read all of this, my head hurts and I no longer like EA. Never have anyway, since I had an Amiga 1000 (yes I am that old Alex) and one of their copy protection routines stuffed my nice snazzy new hard disk. A fantabulous and expensive contraption in 1989!