[Solved] Website "Stealing" my Games - What can I do?

[jamespierce]

EDIT Sept. 24, 2018: If you are only now coming across this thread for the first time, you are probably most interested in the solutions. These quicklinks scroll directly to the relevant comment:

• Server-side solution with the help of @vornay: X-Frame-Options
• Client-side solution with the help of @Milton: CORS

-----------------------------------------------------------------------------------------------------------------------------------

Hey guys,

I've just discovered that this website http://www.game-game.com.ua/ has "stolen" 3 of my games, in other words publishing them without asking for permission or purchasing a license.

Blob'n Pop: http://www.game-game.com.ua/192320/
Monster Clean-Up: http://www.game-game.com.ua/192318/
Snot Kid: http://www.game-game.com.ua/192315/

Does anyone know how to proceed in such a case? I've already sent them a message requesting them to take down the games. But is there maybe some kind of organization online that can be contacted? If anyone has had a similar experience and some advice, I'd appreciate your insight. I live in Europe, but not in the European Union.

Edit: Is it even worth trying anything...?

Thanks!

[mazoku]

They are just embeding games from your own site. You can have ads and you will have revenue or you can block them or redirect to some info for the players to view your site instead. 

[Luminous Wizard]

If they are embedding your games and you don't feel comfortable with it (since they didn't license it), I suggest having a look where they are hosting your game from, and implementing a secure site-lock that will block the game from running. I found a few of my games on their site too. 

[jamespierce]

11 hours ago, mazoku said:

They are just embeding games from your own site. You can have ads and you will have revenue or you can block them or redirect to some info for the players to view your site instead. 

You are right, I could use this as an opportunity to bring more traffic to my ads. Thank you!

10 hours ago, Luminous Wizard said:

If they are embedding your games and you don't feel comfortable with it (since they didn't license it), I suggest having a look where they are hosting your game from, and implementing a secure site-lock that will block the game from running. I found a few of my games on their site too. 

I didn't know this was possible! Thank you so much!!

[b10b]

That's unlucky @jamespierce.  I also see lots of our games there ...

But what frustrates me more than seeing unlicensed games is seeing bad clones of our work.  I see both our original "Slalom Hero" game ... and the cloned mess that is "Ski Slalom 3D" ... here's the story:

Original: http://b10b.com/slalomhero/
Clone: http://www.game-game.com.ua/189841/

Someone, (aka devgru), decided to rip our game, change a few graphics and list it on Envato / Code Canyon.  From there it proliferated ... today I see it popping up all over the place, and it's getting worse.  Theft aside what really grinds my gears is how badly the ripoff was done - it's markedly inferior to the original with clipart graphics and watermarks!  Envato totally duck any responsibility - sure they responded quick enough to the DCMA take-down but they took no action to notify their customers (who bought our item without our permission) that they should surrender / destroy it and get refunded - hence the proliferation.  So - whatever you buy from Envato - be mindful that it may be stolen and you will never ever know.

But, back to topic ... don't sweat the small stuff, there's always someone unoriginal and meaningless ripping something off.  Whereas any party worth doing business with will be double checking licensing rights and permissions - and demanding assurances and quality!  Deal with them.

[jamespierce]

 @b10b oh wow I can't believe you went through that!! Okay I should not complain about my incident it is nothing compared to the level of rip offs like your game has to deal with ? Thank you for sharing the story.

[b10b]

@jamespierce oh thanks, and I didn't mean to cry a sob story  or take anything away from your situation - you have every right to grumble!  But yes, the primary goal is to avoid throwing away good energy on these issues and, instead, focus on first-to-market or domain-based IP protection.

[jamespierce]

@b10b it's not a sob story at all!! Just super devastated to hear it when I know about all the hard work that goes into a HTML5 game. I'm glad I got all these responses in this thread, really helped me get a helpful perspective on the whole issue. It is so easy to get distracted and this is just another thing that could cost wayyy too much energy and nerves, which would be better spent creating good games. After all, even the newest Hollywood movies are instantly uploaded somewhere for streaming... and still the movie business makes a profit!

[vornay]

Could your game check the URL that it is running from, and if it matches a known thief, display a warning?

[jamespierce]

10 hours ago, vornay said:

Could your game check the URL that it is running from, and if it matches a known thief, display a warning?

That sounds like a great solution. I need to check if it also works when they load the game in an iFrame!

[jamespierce]

On 9/22/2018 at 2:53 AM, vornay said:

Could your game check the URL that it is running from, and if it matches a known thief, display a warning?

I've just tested it and unfortunately it doesn't work if the game is loaded within an iFrame  "window.location.hostname" is still set to my website "browsergameshub".

[Milton]

Maybe something like 

if(parent && parent.document == undefined) { window.top.location.replace('http://yoursite/game'); }

[vornay]

Something like this (I just googled "can a web page tell if it is in an iframe")

https://www.pixelstech.net/article/1532747442-How-to-check-whether-a-web-page-can-be-loaded-in-iframe

 

[jamespierce]

11 hours ago, Milton said:

Maybe something like 

if(parent && parent.document == undefined) { window.top.location.replace('http://yoursite/game'); }

I can't use that because I also load my gameapps in an iFrame on my own website, to embed them in the game page template.

56 minutes ago, vornay said:

Something like this (I just googled "can a web page tell if it is in an iframe")

https://www.pixelstech.net/article/1532747442-How-to-check-whether-a-web-page-can-be-loaded-in-iframe

 

Setting the X-Frame-Options worked!!! If anyone wonders about the specifics, I followed the doc here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

And this is the code I added to my .htaccess file:

# X-Frame-Options
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Header always set X-Frame-Options "sameorigin"

Thank you @vornay !

[Milton]

4 hours ago, jamespierce said:

I can't use that because I also load my gameapps in an iFrame on my own website, to embed them in the game page template.

But on your own site parent.document wouldn't be undefined, so it would do what you want? CORS should be the solution here...

 

[jamespierce]

7 hours ago, Milton said:

But on your own site parent.document wouldn't be undefined, so it would do what you want? CORS should be the solution here...

 

I've just tested it, and you are absolutely right! So here's what I did:

I added the following JS snippet to my live game:

<script>
	console.log('iframe test');
	console.log(parent);
	console.log(parent.document);
</script>

On my own website, "parent.document" would return the #document object. However, on the Russian website that embedded the game unwarrantedly, it would throw the DOMException you've mentioned. See the following screenshot:

So you were right, it works indeed just as you've said it would!! The only drawback I see here is that the website admin could add an Exception Handler for this thrown exception and maybe find a way around it? But someone who lazily embeds other people's HTML5 games without authorization probably wouldn't go through this trouble. Thanks so much @Milton !!

[Milton]

Hey James.

I don't want to beat my own drum, but (forum) thank the right answers
That way people know where to look.

And luckily, there is no way around CORS.

[jamespierce]

1 minute ago, Milton said:

Hey James.

I don't want to beat my own drum, but (forum) thank the right answers
That way people know where to look.

And luckily, there is no way around CORS.

Thanks for the reminder! I could have sworn I've already clicked the "thanks" button ?