How do indie game developers protect themselves from cyber-crime?

4 posts (showing 1-4)

Market Level 0Community Level 0
0 posts

Hello fellow devs. I've been making free games for a while, but the game I am currently working on is my first serious project that I plan to sell on Steam. I work with the help of one artist and a few closed testers.


Thing is, now that I’m making a game for sale, I need to buff up my whole system to stay safe. So, what security advice should I take? Any examples of more popular indie game developers, and what they do to protect themselves? (Even the semi-popular ones count.) How do you guys protect yourselves? What do you do?


(Or, is cybersecurity simply less of a concern for indie game devs because we’re not churning out triple As? I hope not. Security seems like something too important to ignore.)


To add to the mix, I suffer from OCD and chronic paranoia. I have extreme anxiety and fears about getting hacked and having my game data stolen or deleted. I also fear having my Steam, Kickstarter or Paypal accounts hacked. With good reason too: Hackers’ targets are normally small businesses like ours, and they look for vulnerable accounts and systems. I would be wrecked if someone were to hack my Kickstarter account and ruin everything, or even somehow steal my game or corrupt it. What would I say to my backers? "Sorry guys, the project is cancelled because it's destroyed. Now how do I refund everyone?" That sounds like a complete disaster.


I also worry a lot about my reputation as a game developer. I had a very embarrassing past as a stereotypical teenager, where I posted a lot of nonsense, stupidity and drama on websites and forums. I worry about being spied on by hackers. What if a hacker were to show all my embarrassing past activities and postings I had on the Internet to my parents or friends? It would be very awkward for me.


I’m also anxious about what would happen if people were to make up and spread rumours or gossip about me. Remember Phil Fish, that guy who developed Fez? When I read about how he got hacked, it scared the daylights out of me. He literally had his life destroyed in one blow. People said he had a bad reputation and was very rude towards fans. So now I’m really worried about offending consumers too.


Then there’s the worry over getting doxed (having my real name, surname and address leaked out online). It’s really crappy in general to have so much of your private life revealed to the public. But say, say if I manage to hit the big jackpot. Get as famous as the guys who did Undertale, Five Nights At Freddy's, Starbound, Super Meat Boy, etc. Doxxing could get so much worse.


Like with those YouTubers and Twitch streamers who get their phone number posted online, so their phone explodes with messages and calls. Or the poor things whose addresses are shown and get pranked with mass pizza deliveries and worse.


And surely everyone has some kind of skeletons in their closets. Regrets, embarrassments, weird parts of themselves they don't want strangers to know. How do these people, who’ve reached a certain level of popularity, deal with having them? How do they deal with keeping their skeletons away from the public?


Let’s not forget the biggest target for hackers is where big money lives. So that’s another worry if I do end up making good money out of my game.


Lastly, no matter where my game-making takes me, staying anonymous is a big priority. I don't want stalkers or thieves to be able to reach me offline. I want to keep living my quiet, private life, but it seems like you can't if you want to hit it big. It seems like you can't make any sort of impact in the gaming industry at all, if you're not well known. What does someone do about that?


Actually, I may already be too late to keep complete anonymity. I shared my game screenshots and details under my real name back when I knew nothing about cybersecurity. Also, my current project takes place in the same universe as my free games do, and my free games were posted under my real name. Looks like there’s no way of separating them… unless anyone’s got ideas?


Maybe I wouldn’t have to worry about all this if I made my game really fringe and unpopular on purpose, but that’s really counterproductive. And maybe someone will say that I’ve got a weak mentality and shouldn’t be making games, just to save myself from all the stress. But making games is my greatest passion. I have wanted to make games ever since I was a kid, and I will never quit.


So, could you please help me out here, guys? Anything you or people you know do to beef up your cybersecurity, beyond that of an average joe, to keep your games and your privacy safe would be really welcome. Sorry for the long post, and thanks for reading.

posted 2016-10-27T01:10:53-07:00

Market Level 5Community Level 4
438 posts

Heres a small list of things I can think of:

  • I'd start with having a backup of your work (off the network)
  • try to keep your address and phone numbers private (like if you have websites or things registered to yourself) by using this companies hiding services
  • get some virus scanning software and malware removal software and keep them up to date and run them frequently
  • only download reputal software
  • keep business machine and personal machine seperate (like if you're visiting dodgy sites personally, dont use your business machine)
  • put a firewall on your router
  • don't add just anybody to your social media, make sure you know them personally
  • you could have a work phone and a personal phone
  • passwords for your web logins should probably be changed frequently with the usual 8 characters with symbols, numbers, etc

Hope that helps a bit, just the usual security type stuff.

posted 2016-10-27T05:15:10-07:00

Market Level 0Community Level 2
109 posts

Use Linux.

If people realy want to get your name, they will get it. Thats why i gave up caring about that.

And if people start to dig up stuff i did 20 years ago using a cable-modem, so be it - i was young. You cant preven that.

In case it ever gets extrem like stalking/telephone terror/lies, you have the law on your side, but step by step - first is getting famous ;)

As a side note, more important in password-strength is length, the size of the characterpool is less important.

posted 2016-10-29T20:30:45-07:00 | edited 2016-10-29T20:31:26-07:00

FGL AdminCommunity Level 4
321 posts

Posted on 27th Oct '16 by Down22

Lastly, no matter where my game-making takes me, staying anonymous is a big priority. I don't want stalkers or thieves to be able to reach me offline. I want to keep living my quiet, private life, but it seems like you can't if you want to hit it big. It seems like you can't make any sort of impact in the gaming industry at all, if you're not well known. What does someone do about that?

To answer this point, we have many devs who make a comfortable living through making mobile games who are not 'rock star' famous like the big devs who spring to mind when you think about fame (Phil Fish etc). It's actually very rare that you become that famous without working very hard for it - those who are in the spotlight tend to be super active on social media, real-life meetups and game jams, heavily integrated into the indie development community and put in a lot of effort to become well known. They also have 'lottery-winner' type games that have made significantly more money than you'd need to live on ($xxx,xxx or more per game rather than $xx,xxx).

It depends how you define "impact in the game industriy". What you say is probably literally true - to make an industry-defining impact, you are going to become famous in some capacity. That's just a fact, by definition - there is no way around getting attention for doing incredible/controversial things. However, if your aim is to make a living from something you love (making games), that is perfectly possible without turning the games industry upside-down :) And in fact if you are a little careful about your privacy, the chances of having a Flappy Bird story are incredibly, incredibly slim. There's a reason a story like that gets so much attention - because it is so insanely rare.

The examples you gave of people who were doxxed etc are people who put themselves into a controversial position. Phil Fish was very abrasive and yet very active in the community - a kind of "no PR is bad PR" kind of thing - and yet if you piss off a lot of people and draw a lot of attention you are eventually going to piss of the wrong people.

I think my point is, if you are a quiet developer who does not work hard to attract attention in the developer community (marketing is excluded, but that can be done easily as a company and without personal integration) you should be able to make decent profit with mobile games and a bit of effort and focus. At the same time, it should be very easy to avoid becoming an indie dev horror story like Phil Fish - just don't put yourself out there and voice arrogant, controversial opinions at every opportunity!

posted 2016-10-30T00:20:42-07:00 | edited 2016-10-30T01:23:57-07:00