Protect some game code

[PrimeArwyn]

Hello everyone, 

I noticed a weird trend as soon as we start talking about code protection issues within html5 games /simple-page applications . Everyone seems to say that "as soon as it is Javascript, you can't hide anything" .  Meaning  you can't prevent someone to uncover the hidden solution to level 5 by looking at your code, or simply to copy it. This spawns a lot of issues, especially piracy and game-design related. 

So, what are the most effective protection mechanisms you can add to your html5 game?

[dimumurray]

There isn't that much you can do to protect your code (at least not yet #WebAssembly). But there are a few steps you can take to make it a bit more difficult:

• Code Obfuscation
• If you're working on a multi-player game make it as server-authoritative as possible

[b10b]

Try focusing on protecting the transactions, rather than the code or assets.  First identify the transactions of value within the product, then create an intrinsic protection strategy for each.  Easier said than done, but today the chances are that most of our work is not worth the time to properly protect, so there is little damage to us if it isn't.  Besides, anyone who has actively tried to get their work copied will know how hard it is.

[PrimeArwyn]

Thanks for answering. To summarize:

- Code Obfuscation

- Sitelock

- Server-side protection

I will do some research on these subjects. Feel free to add if new strategies appears.

[Nikos123]

if you want to make your source secret then don't do videos like I done:

https://www.youtube.com/channel/UC0XiDgtbFR8ohoGlstuFgGQ

 

[totor]

the most effective (guaranteed 99.99 % against stolen code) : put the game on servers like nvidia grid then stream the video of the game, the client side is just the inputs. Needs good bandwidth though.

[PrimeArwyn]

On 10/31/2016 at 5:48 PM, totor said:

the most effective (guaranteed 99.99 % against stolen code) : put the game on servers like nvidia grid then stream the video of the game, the client side is just the inputs. Needs good bandwidth though.

Bandwidth will be an issue, especially on emerging countries/low connections

[mattstyles]

On 10/26/2016 at 10:12 PM, PrimeArwyn said:

This spawns a lot of issues, especially piracy and game-design related. 

Actually piracy is, in some ways, easier to prevent than traditionally. Traditionally you ship all your game and it runs stand-alone, but with a web game you potentially ship only part of your game to your user, the rest is hidden away behind a communication protocol and there are loads of ways to protect that, we wouldn't have any workable version of the internet without those concerns having been met long before mainstream gaming came to networks (actually, in part, we have MUD gaming to thank for much of the way the internet works, including security).

Server validation is the key for me, you can make sure your game only runs where you want it to run (mostly) and you can mitigate cheating. Obfuscation is easy, adds other benefits, and makes it difficult for people to learn how to break your systems, but, really, do you care if your code is stolen? Think of it this way, many of us grew up hacking around on games and getting the source for a game, even if it was unplayable, was like getting the best present. I'm not suggesting shipping source to the browser but if people steal your code what does it really matter? With sitelock/server-validation they can't play it, i.e. they can't take money away from you, at worst they could use your code to create a clone which maybe takes traffic but, seriously, who does that? (maybe I'm naive or idealistic). If I wanted to clone your game I'd rewrite it and there'd be naff all you could do about it except invite the healthy competition and improve your game faster than I improve mine.

Be a force for good, share your code, protect your transactions.

[PrimeArwyn]

Wow, great answer

[Emerge!Lord]

I totally agree with mattstyles and as an additonal remark: There is no point in stealing code because you will get almost everything already in the web for free and most of the time even well documented (just browse github for a lifetime). And at some point of complexity it would be much more effort understanding, maintaining and supporting stolen code  then simply rewriting the "idea" by yourself you trying to steal. In terms of money the value lies in the idea, business-model etc. not in the code.