Hacker News new | ask | show | jobs
by loupol 1006 days ago
It does look like there is a lot of potential for abuse, depending on how installs are tracked. If it's some DRM system, pirated copies might or might not be counted, and of course "install bombs" would potentially be possible in theory. Which means a need to find ways to potentially exclude those installs from counting towards the count. This introduces crazy complexity when really you could have simple revenue share which is much more easily auditable.
1 comments
fragmede 1006 days ago
I mean, there's going to be a web endpoint that gets hit to count one installation. That is definitely going to remain a secret, so no one could possibly run wget in a loop to say their steam account installed it a million times.
link
numpad0 1005 days ago
Back in the days in parts of the Internet I've seen, though I've never joined those groups, it used to be a webapp stress testing tool called Apache JMeter. Participants(legit criminals, in hindsight!) were encouraged to download scenario files, referred to as "ammunition", through equivalents to Mega/mediafire at the time and join coordinated attacks. Nowadays I'm sure it will be scripts on GitHub, botnets of IoT appliances, and volunteered GPU farms for PoW algorithms.
link
everforward 1005 days ago
> Nowadays I'm sure it will be scripts on GitHub, botnets of IoT appliances, and volunteered GPU farms for PoW algorithms.

I'd be surprised if it's anywhere near that exotic. It'll just be a webpage with a list of games you can pick, input a number of "installs" to fake, and it'll fire the requests off with Javascript. Or maybe a browser extension if they feel the need to distribute the requests. Half the gamers will install it at some point when their favorite absurdly over-hyped game flops.

There's not much need to run an optimized and complicated tool like JMeter when each request costs the other side $0.20. I wouldn't be surprised if a browser extension could get out something in the ballpark of 100 requests/second.

link
salawat 1006 days ago
...How do you propose they'll hide the packet going over the network, that decodes to a GET or POST request?

I assure you. That endpoint will not remain secret no matter how hard they try.

link
nrabulinski 1005 days ago
I’m pretty sure that was exactly the joke they were going for
link