It was a different time:
“Condor plans to spend one year in the development of Diablo. Personnel will consist of: one designer, one chief programmer, 2 junior programmer, 2 art director/artists, 1 illustrator/sculptor, 3 pixel artists, and 1 sound FX person”
So, 11 people for a year for Diablo. Meanwhile Diablo 4 took 300+ people 6+ years. So over 150x the cost, not accounting for the fact that game developers are paid much more now as well. People pretend it’s the same industry but it’s evolved dramatically.
Diablo 2 is pretty great. My only complaints about it surround harder difficulties. Those of us with accessibility issues (like me with a gimped hand) found hell to be super challenging.
Diablo 3 sucked when it launched, however, right now, it is absolutely amazing. Blizzard has absolute gold with the tiered difficulty/rift/season design. Unsure why they didn't improve upon it...
Diablo 4 has potential, but many of the great systems developed in 1-3 are gone.
What made previous diablo games great:
A fixed level/difficulty system
Randomly generated levels
A way to measure yourself against both yourself and others.
Potential for multiple unique build paths for every class.
An awesome loot/gear system that eventually makes you feel overpowered until you aren't.
This is the central aspect of fun for me in an ARPG. When I come back through that starting story area at level 40, I expect to absolutely melt the enemies I run into. If I get super fucking lucky on a roll and pick up a legendary (i.e. against the story/balance team's wishes), I should be able to have a goddamn romp through the world for quite a bit. This emergence of potentially-unintended gameplay outcomes in an ARPG results in the fun for me.
Maybe there's a way to do the multiplayer-friendly scaling thing that my dopamine loop would enjoy but I haven't seen it yet. Ultimately, it feels like Blizzard tried to solve a cursed problem and walked right into the predictable outcome.
Diablo 4 has no sense of progression because enemies level up as you do. In fact they increase in power faster than you, under the assumption you'll be itemising optimally, so if you level up but don't update your items fast enough, you'll find that mobs actually get harder and harder to defeat as you increase in level.
The level scaling is a really bizarre design choice. Every game with this feels bad. There is no sense of progression as your character gets punished for levelling up.
Some game designers think it’s a great idea though - hence it’s in D4. I’d love to hear their take.
Even though it still feels weird I can see why they did it: since the game is not linear at all (I think you can even do the first 3 acts in any order) compared to other Diablo games (didn't play 3) they kinda need to do this so you don't breeze through zones. It also helps when playing with under/over leveled friends since they just use the same system to prevent you from rushing them.
Personally I prefer linear narrative and gameplay for Diablo (it's like making linear games is a sin nowadays) but it's probably a wise choice given other design choices? Or at least understandable. It allows them to send you back and forth across regions and still present a challenge.
Anyways: I'm liking D4 (I'm surprised to say this of a Blizzard game in 2023) so not the worst design ever.
Level scaling isn't necessary for a nonlinear game. Plenty of games have nonlinear areas and no level scaling because they have relatively flat progression curves. D4 only 'needs' level scaling because it also 'needs' to be Cookie Clicker and Lootbox Simulator with an ARPG wrapped around it, and neither of those systems work with flat progression curves.
By not making level 70s cut through level 15 enemies like butter. If your level 70 is only 50% stronger than a level 15, if the enemies were challenging for a level 15, they won't be trivial for the level 70.
Thinking about it more, one cool thing about level scaling is I can play with my friends at whatever level they are. It doesn't really matter for the endgame at all, but when you're leveling up early on it is pretty nice.
It's the lazy way out to world design for non linear games.
Why put any effort in making sure player locality influences the surrounding quest level, if player can go anywhere, let's put level appropriate enemy everywhere.
Dungeon siege approach was so much better, even if the game was not as solid: minibosses or higher difficulties quests barred the access to higher difficulties areas. Within a zone, progression and choices were non linear. Item and enemies and xp reward were leveled to the zone, so the player had an incentive to not stick around in low level zones farming aimlessly.
To a degree you can also "hide" it in places where it is logical. E.g. if a game has an enemy faction that goes out of its way to attack the player, it does make sense that these attacks get stronger - if someone causes a faction more trouble, he gets more attention and stronger assets are sent to take them out, guards are reinforced, ... And maybe in reverse, weaker intelligent enemies make a point of avoiding the player (would some badly-equipped bandits really ambush a party that's clearly better prepared for combat than them?). That's then somewhat satisfying: clearly those enemies are stronger, and you now can beat them!
What makes little sense is if wildlife you've encountered before suddenly can take 4x more damage, or the same badly equipped guard suddenly fights back a lot better.
> Why put any effort in making sure player locality influences the surrounding quest level, if player can go anywhere, let's put level appropriate enemy everywhere.
That's not how it works in Diablo 4, enemy scaling only comes into play if you go to an area that is naturally lower level than yours. Looking at the world map and hovering over areas shows their minimum "recommended" level, and enemies there will start at that level.
So you absolutely can go as a lvl 10 character to an area that expects you to be 40+ and get smacked down in a few hits by a basic lvl 40 minion.
I believe (with zero supporting evidence) that Blizzard implemented level scaling reluctantly, in order to better facilitate ad-hoc group play. Unfortunately, they kind of screwed it up.
When you move around in the overworld, you sometimes run into another player. They're fighting some enemies, you jump in to help (or vice versa) and it's amazing. Those are some of my favourite moments in the game, and the only reason it works is because of the level scaling. Even if my character is only level 10 and theirs is level 40, we can fight the same enemies and have roughly equal impact, because for me those enemies are level 10, and for them those same enemies are level 40! It's really clever, and I think they felt the sense of progression was an necessary sacrifice to enable that kind of improvised cooperative play.
"But ordinary, you said they screwed it up!" Yeah, they did. Because what happens when the enemies are dead? You continue towards your quest, and they continue towards theirs, and poof, you're all alone again. These brief moments are tantalizingly close to true pick-up experience: you start playing, meet a few people, team up, and have a blast together for an hour or so, just like you could in Diablo 2.
Oh, and even if you do happen to have the same quest, unless you took the relatively scary step of formally inviting them to your (1-person) party, the moment you enter a dungeon, you each get your own instance, and you're torn apart.
And finally, there's no global chat, so the only real way you have of communicating with people you meet prior to inviting them to a party is a Hearthstone-style emote wheel. There are at least 3 quests that require you to use the emote wheel, so they really wanted you to know it's there and to learn to use it, but in practice no one does and it's useless.
Taken together, it just barely doesn't work and it's really unfortunate. And counterintuitively those brief moments of comradery make the game feel more lonely than if you never met anyone at all. Because time and again, you're confronted with the fact that people are out there! Having fun, kicking ass, taking names. Just... you know, not with you.
The only thing I can't quite figure out is why they didn't attempt to 'matchmake' players of similar levels together. There are literally millions of people playing Diablo 4 at any one time, surely there's someone who's doing the same quest at about the same level as me? Why don't I meet those people? Or maybe the odds just don't work out, even at that scale.
This combined with a few other balance issues is what makes hardcore entirely pointless for D4 in my view. The second you find respite, the balancing mechanics will take it all away from you. Anything that moves will be able to kill you in approximately the same amount of time no matter what.
D4 HC mode might as well just be a waterboarding simulator with regard to the player's experience.
That’s what great I think. Levels give you skill and paragon points which eventually makes you stronger so you can go to higher tiers where better gear drops. They give you many ways to customize your gear (affix modifications, aspects, gems) with your build and paragon board. That’s what it’s all about.
> Levels give you skill and paragon points which eventually makes you stronger so you can go to higher tiers where better gear drops
Paragon points are only granted around level 50, and skill points stop making much difference around level 20-30 when all the core skills are unlocked. I got so bored of combat I stopped playing at around level 40. Particularly annoying is after getting a few items with good aspects, it's rare to find another item with the same or better aspect, so I have a choice of either sticking with the old item with bad stats and the good aspect (and dying really quickly due to low armor), or picking a new item with better stats but no good aspect. Yes it's possible to extract the aspect from an item and use it on another, but that can only be done once.
You can change the stats too. There’s a lot of room for customizing. Also you need to play on nightmare or higher and you’ll see legendary items far more frequently. The game opens up big time then. The story gets you into the endgame and the endgame opens it all up.
Can't say D3 had any sense of progression either because you simply did the same rifts with a bigger number attached to them. You got bigger numbers on your gear and then added some numbers to the rift level.
Compare that to finally reaching hell Diablo in Diablo 2... or scratch that... finally getting past the blacksmith in act 1 hell :)
I just can't agree. There is clear progression from first reaching the level cap and clearing T6 and eventually getting good enough gear to finally clear T16. Then continuing to improve your build and gear until you do GR70, 100, 130. Like, I'm never wondering if I'm actually getting stronger, because I know that if I try T6 on a fresh capped character, I'm going to get demolished. If I clear T6 successfully, I know that I've gotten stronger and the stronger I get, the easier T6 will continue to become and the easier it'll be to clear higher difficulties.
Nothing ever automatically matches your power level. You choose what difficulty to challenge yourself with. You choose whether you just want something easy (for your power level) to farm, or something difficult to see if you can clear it or how long it takes you. You always know the challenge you're going to get and how strong you are compared to it over time. That's something that level scaling fundamentally breaks and there's no way to avoid that.
I don't know how you can equate D3 with D4 in any way and say that D3's system had no progression or was in any way worse than what's in D4. It's just false, a complete misrepresentation of what the game is like.
So you're happy with bigger numbers? Because the content is absolutely identical from T1 to T2484... and there's absolutely no other way to increase the x in Tx except grinding lower levels to increase some stat on your gear by a small amount.
Like my other comments about PoE, I'm talking about what passes for endgame. Where you have all the recommended gear and can do mostly everything.
I know that you first need to acquire the epic set that matches what build you want to play and matching non set items. I've done it a couple seasons.
> So you're happy with bigger numbers? Because the content is absolutely identical from T1 to T2484... and there's absolutely no other way to increase the x in Tx except grinding lower levels to increase some stat on your gear by a small amount.
So ... like PoE? I'm not sure what you want here. Every game in the genre is like this. PoE doesn't do it any better. What you described is just wrong.
Diablo 2 didn't. Felt more satisfying to play it thrice on different distinguishable levels of difficulty than doing rifts or whatever poe calls those (i forgot) for 0.000001% improvements per run.
And there's a massive trickle-down in terms of what very small teams are able to accomplish now by leveraging modern tools, engines, and art pipelines. It astonishes me to this day that Hollow Knight was basically developed by three people, including all the writing, art, design, and programming— there's definitely more content in that game than what passed for triple-A in the PSX era, maybe even PS2.
It's easy to say "oh this modern indie game was made by only X people!" forgetting that the [open source] stack it was developed on has hundreds if not thousands of contributors.
So no, Hollow Knight wasn't developed by three people "including all the programming". It uses Unity. Unity is worth billions and employs thousands of people, many of them certainly programmers.
I agree though that very few people are needed nowadays for the art. With generative AI, even less. (But that's also sort of an [open source] giant to stand on the shoulders of with countless contributing artists.)
Definitely. This complexity creep is very visible with certain franchises which churned out a new game steadily every 3-4 years but not a peep for 10+ years now. (Elder Scrolls, Grand Theft Auto etc)
Said franchises - well, mainly GTA and now D4 - also are a live service though, in that they have recurring income from in-game purchases - in the case of GTA 5, it paid off to spend hundreds of millions on development, given it's earned the company billions ($6bn according to wikipedia).
Elder Scrolls kinda falls under that umbrella, given that Elder Scrolls Online is a subscription-based MMO that I believe is still receiving content updates. Unfortunately that's probably a lot more profitable and safe than developing a new single-player game that has to surpass the bar set by previous games.
Counterpoint: indie games, they will often have similar sized teams or smaller and come out with great games. AAA games build on top of gameplay mechanics from either older games or indie games, but need the extra staff and investment due to higher quality (and quantity) assets.
To generalize, indie games focus on the core gameplay loop, AAA games on high effort visuals.
This is why I've been playing indie ges almost exclusively lately. The core game play is just so much tighter in a small game vs. AAA games where they implement a huge amount of features.
They may pay for consistency, but they're not really getting it. There hasn't been a year since 'AAA games' were a concept that hasn't had multiple high-profile titles that failed to deliver.
I wonder how long it takes to go from “those who live near Google offices” to “all employees”. Once 80-90% of employees are back at work regularly it’s not a stretch to believe that those few people who are always remote will be seen as less effective and less connected to their peers going into the office everyday. This is likely one step of many.
> For those who are remote and who live near a Google office, we hope you’ll consider switching to a hybrid work schedule. Our offices are where you’ll be most connected to Google’s community
Definitely sounds like a veiled threat to one's career if they don't choose to be connected to the community
Though I applaud the effort to get age right and protect players, I'm not sure I'll ever be comfortable having me or my child scan our photo ID and selfie to upload it as part of a login flow to an application.
I would much prefer my government to take on responsibility for providing this sort of service as they do e.g. driver qualification.
Once upon a time the usual thing to get OK'd to rent a van (e.g. for students who are moving house) is you rock up to the rental place with the legal documents showing you're entitled to drive. You're relying on the fact that the person renting you a van doesn't much care and isn't keeping the exact details from those documents.
But although you can do this today, obviously the documents get scanned into a permanent data repository, so, that's not great. But, the UK government added a site so you can prove you're you, and get codes, which for a limited period show someone that yup, this person is legal to drive and so on.
They do this for right to work too. Although, annoyingly only for foreigners. If you're a citizen, you can't prove right to work this way, you need to be like "Look, I'm a citizen, here's proof" to your employer. But if you are foreign you can just go "Check this URL, your government says I'm entitled to work here" and they needn't know whether that's because your husband is a "Cultural Attaché" to the Russian Embassy, or you've got special refugee status, or you're actually an Italian and you just speak and look Russian for some reason, just that you're entitled to work here.
I in general agree to a sort of governmental (or even inter-governmental) services for lightweight identity verification. Lightweight in a sense that these services do not give any new personally identifiable information to clients, they are only given cryptographic proofs. If implemented very well, it may be usable for a whole lot of applications other than just age verification.
However a partial or faulty implementation of the concept can be very dangerous. South Korean websites used to receive a Resident Registration Number (RRN, 주민등록번호) for all imaginable reasons, including just catching double registration. RRN was and remains crucial for identity verification and it is estimated that virtually every SK national has been subject to multiple accidents that exposed their RRNs before such practice is forbidden. After that the Accredited Certificate of Authentication (공인인증서, nowadays the Recognized Common Certificate 공동인증서) is in place, which was another travesty that is based on X.509 but with non-standard practices based on ActiveX. Nowadays age and identity verification is commonly done with mobile phones, and there are multiple such services mostly run by CICs and telcos. This did dramatically reduce the use of RRNs and is much more convenient for typical people, but if you do not own SK mobile phones (e.g. you are foreigners) you can't use them and there are frequently no fallbacks. Also I generally don't trust the security of those services.
In Canada we have https://verified.me/government-sign-in-by-verified-me/, which is ultimately “the government taking on responsibility for providing this sort of service” — but the government then turning around and delegating that responsibility to major banks (the Verified.Me service acting as the SSO intermediary, is a joint venture of seven major Canadian banks, and then supports other non-shareholding financial institutions as well.) Since you need a proof of identity to open a bank account, an SSO through your bank functions as a pretty good proof of identity.
Right now, the Verified.Me service sends through your actual non-anonymized identity (Social Security Number, I think) to the service being signed into, meaning it’s only really good for services you’d want to hand information like that to anyway (i.e. government service websites.)
But it’d be only a little tweak to enable a provider like this to send the service being logged into a persisted random-per-service token, or a per-service-salted hash of that info, instead. If this was done, a flow like this would then be perfect for KYC/AML: it would precisely restrict each legal person to only having one account per service, while also not revealing who that legal person is to that service. And the only person in this flow who’d ever see your ID, is the bank clerk you interacted with to open your bank account, years/decades earlier.
It's similar in Norway. There's a government service (IDporten) which aggregates a few commercial offerings (most notably BankID, a two factor auth scheme used by the banks). But it's very restricted who gets to use these services.
Not strictly (as the sibling comment says), but also, in practice it doesn’t matter, as there are effectively no “unbanked” Canadians the way there are “unbanked” Americans.
> In Canada, you have the right to open a bank account at a bank or a federally regulated credit union as long as you show proper identification.
> You can open an account even if you: don’t have a job; don’t have money to put in the account right away; or have been bankrupt.
But that requirement to show identification is important. What it means in practice is that everyone who resides in Canada except illegal immigrants can open a Canadian bank account.
And the fact that so many crucial government services assume that you have a Canadian bank account (not just for SSO, but also because they assume things like the ability to do direct deposit for tax refunds, welfare/unemployment, etc.), means that it’s really hard to be an illegal immigrant in Canada. Which is probably one reason among many that people generally aren’t interested in trying. (Other reasons: we don’t have any land borders except with the US, and it’s easier to be an illegal immigrant in the US, so why not just stop there? And: the Canada Border Services Agency is terrifying to interact with, even for Canadian citizens.)
I don't know about Canada specifically, but generally there are situations where one can be waiting for a residence permit or waiting to be fully registered as a resident, etc. It can take several months in some western European countries despite the same laws that nobody can be denied a bank account. This can create a lot of inconvenience for legal residents that recently immigrated since some of those countries also have systems that use banks for ID.
I would much prefer my government to take on responsibility for providing this sort of service
After witnessing enough leaks and hacks of government databases, this is one application where I'd favor a cryptographically secure, decentralized solution based on open-source code that's been competently audited to show the system keeps my sensitive info provably private.
Ideally something that's been in the wild under sustained and motivated efforts to hack it for long enough to convince me there's some substance to the claims.
Each government already has a complete list of all their citizens (probably multiple duplicated across various departments). Having the government have a service that provides temporary keys associated with an identity isn't much of an add toward security risk.
Sounds a bit like e-verify. Don’t forget to lard it up with some denials for folks on domestic terrorist watchlists, wife beaters, bench warrants for parking tix, etc. etc.
>But, the UK government added a site so you can prove you're you, and get codes, which for a limited period show someone that yup, this person is legal to drive and so on.
I'd rather not subsidize roblox with government systems. If they can't figure out an age verification system that works thats on them. The government shouldn't be verifying the age of people for businesses. It's a waste of tax dollars to subsidize a business with major profits.
No. If its not good for the public, then either don't use it, or pass legislation to ban it. subsidizing a business because they can't do it is wasting tax money for a video game.
Regulating that vast swarms of businesses need to make their own age verification system seems like a waste of economic value. Especially considering how many normal tasks that near everyone does would also benefit from such a government system: Loans, Rentals, Housing, etc.
You would also only need to provide the evidence once to the governing body that gave it to you in the first place, instead of giving it to dozens of companies.
My taxes shouldn’t provide economic value to random companies who want to verify age, and creating a centralized identification system that is available to non governmental entities is ripe for abuse.
This happened to me with twitter. made an account, followed some people, they locked the account and told me it exhibited bot like behaviour and I needed to scan some photo id to send to them for them to unlock it.
Never worried about twitter ever again. Probably the healthier choice in the long run.
With most of these, the service itself doesn’t demand your ID; they demand that you give your ID to some third-party KYC/AML provider, who then just sends a “yes, this account isn’t fraudulent” signal back to the service. It’s like really overwrought SSO.
And if that third party is the same that actually issues your ID (I.e. the government), you give no one anything they didn't have already. It could even be constructed cryptographically so that
1. the government doesn't know for what purpose it verified your identity, only that it did
2. The party receiving the proof of ID (or proof of age, or proof of non-duplicate registration - it could potentially be a lot more limited than full ID) gets it in a zero-knowledge form, so they can't turn around and give it to someone else.
That's only really comparable if you're exchanging a few hundred dollars worth of crypto. What if you need to exchange several thousand? The spreads are going to be terrible, as would be counter-party risk. Timing would also be an issue, which is important if you're trying to trade (as opposed to HODLing).
The fees and inconvenience are only an issue for regular traders that are repeatedly buying and selling. For 6+ figure amounts it is even better to use 'over the counter' peer-to-peer services. Companies that are buying hundreds of millions worth are not using exchanges. I found it easy to do 5 figure trades even in 2014. There are significant fees and inconveniences when moving fiat to centralised exchanges so it evens out.
My full name, physical address, and IP address were leaked with another game my kids play. I'm excited for my drivers license and picture to be leaked as well.
I don't think I'd be comfortable with this either, certainly not to play some game. On the other hand, the bizarre problems maintainers of online communities have to deal with are just wild and worth keeping in mind as context:
The worst are those that let you get invested and only then spring these requirements on you.
NBA Top Shot comes to mind. They allow you to buy with no problem. But, to sell on their platform you have to go through what is essentially a KYC check.
I think people on HN underestimate how easy it is to accidentally build a money laundering system —- which NBA Top Shot did and now has to correct with KYC checks.
>I think people on HN underestimate how easy it is to accidentally build a money laundering system, which NBA Top Shot did and now has to correct with KYC checks
Oh, I understand the "why", but seems to me NBA Top Shot is the one that underestimated how easy it is to build a money laundering system.
And, suddenly requiring KYC checks of all users--irrespective of amounts involved and without an option for refunds--isn't the most customer-friendly way to "correct" their oversight.
A component of my work is in digital identity, so I hope you don’t mind the question: what would make you comfortable doing so? For Roblox, I can see the exception taken, but some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
Edit: Thank you everyone for your feedback, it’s very helpful!
Generally I would be comfortable showing my ID to either an established bank or the government which issued the ID. And airport security. Otherwise if a private company wants me to upload my ID I would probably avoid using their service.
You've never been to a bar that swipes the mag strip on your ID? Or the many doctor's offices that take scans of your ID with your insurance card?
I'm totally on board with ID cards not having your address on them because of the stalking potential but it's an ID card, if it has to be secret for it for it to be useful it's a really shitty form of identification.
If at all possible, I would want a hard guarantee that my photo ID and all derived information (e.g. my real name (as in the case of Roblox, they don't care about your identity, just your age)) would be completely deleted as soon as possible, as well as a description of exactly when that would be (e.g. "we have to contact your federal government to verify the authenticity of this ID, and then ensure that they know that we've verified your user account, and then we'll delete everything immediately - this typically take 4-8 business days, and we'll email you when the process is completed").
Regardless of the above, I would require that no personal information linked to my ID would be used for any purpose (analytics, marketing, ads, or sale/transfer to a third party) except identity verification.
Unfortunately it seems like "hard guarantee" for most things in tech is almost laughable, and if there is a chance data can be gathered, probably not even worth dreaming about
Indeed. Plus even if they "hard guarantee" it at service launch they could and likely would quietly change it after the press has moved on, with a TOS update on line 194,404,4008 that nobody will read.
Putting photos of my ID documents online just seems like an incredibly bad move for my security and privacy.
The only time I'd even consider sharing photos of my ID documents over the internet is if I'm sharing them with an organisation I have a multi-year high-trust relationship with (like my e-mail provider of 20 years). And even then, I'd prefer not to if I can avoid it.
>but some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
I never had to do this when booking a flight. The max I had to do was provide my personal info (name, birthday, passport number). If they asked for a passport scan and a selfie I would have noped out.
Some applications do require this level of identity proofing (scanning your passport in an airline mobile app to book an international flight comes to mind).
I don't know about presently but historically, you didn't need a passport to buy an international ticket. You needed a passport to get on the plane at the airport. So if you buy a ticket in a fake name, it's your problem if you can't fly and tickets aren't refundable for this.
Which is to say that no app space comes to mind when I think of something that needs id scanning - or the only apps like this are extensions of state control to the virtual space (virtual parole hearings or whatever).
Basically, anything that isn't the state should use it's own fricking account system to relate to people online. And the state itself is kind of iffy.
I did it for a crypto exchange, but that was for KYC / AML verification and I intentionally chose an exchange that's regulated by my country's KYC/AML regulator, so I was expecting to have to do it.
Giving up that much PII for a game is insane. I'd uninstall it without even thinking. Any industry that's not regulated to require photo ID when they're asking for it doesn't need to ask for it.
Nothing would make me comfortable doing so, any more than sharing my bank credentials with a 3rd party for example. The only question is whether the benefit or necessity of doing so outweighs my discomfort.
Built-in watermark support. When the system eventually gets hacked and the pictures end up in the hands of hackers, their use will be limited due to a "COMPANY + DATE" watermark plastered all over.
Reality disagrees with your theory though. Most companies that get their data breached are still in business and class action lawsuits aren't even a thing in most countries in the world (maybe the US is the only country that has that?).
The watermark is an extra threshold. It's like an extra bike lock, they'll get the bike with only one lock instead.
(I think) I feel like I'd be similar in opinion about this with the OP, so hopefully you don't mind me putting my thoughts here!
The main issue that I have is that it's down to a matter of trust. I'm mainly using the article on Roblox as an example for my thoughts here, but I'm sure it could be easily translated to other services/companies doing digital ID verification.
I don't like digital identity verification at all however I am open to other options. I have no trust in these identity verification companies using my ID for the sole purpose they say it will be used for. I have no idea if they're holding onto the ID and using it for training their algorithms, or if they sell it to a data collection agency, or if they etc. etc. etc. - why do I need to read a 10+ page privacy policy document to figure that out?
For a company like Roblox - I don't see why they couldn't roll out their own system for digital verification. Yes, you'd have an absolutely massive influx of users at this point since they seem to _just now_ be adding age verification, but after a month or two - barring special events/promos in game - I'm sure an ID Verification department could be handed out to a few people.
That being said - I'm not considering any issues in other aspects like Legal issues, Privacy issues, data retention issues, number of users, numerous ID types etc. etc. etc. and I'm sure those are HUGE factors as to why people aren't "rolling their own" solution.
In Britain they proposed an anonymous system for checking age before viewing pornography. (It was cancelled.)
The idea was you could show your ID to someone qualified to check (like a shop selling alcohol), they'd give some sort of pass, and that could be used to access the website. I wouldn't mind that, so long at the shop person only looks at the ID.
(And I've never been asked to scan a passport when booking a flight.)
Not OP but there is NO SITUATION where I'd EVER do this for a web site. There are NONE I trust enough for that kind of information and NO web site offers sufficient value to even consider the risk.
If we absolutely need to have software that has this level of identity, then we need to build infrastructure to support it. That infrastructure already exists to some degree as notaries and could be expanded and modernized to allow privacy preserving identity verification.
I don't ever want to provide a storable version of my ID to you. I don't trust you or anyone else to keep it safe. I would expect my identity to compromised over and over as companies get breached.
>scanning your passport in an airline mobile app to book an international flight comes to mind
I'm curious as to why this might be necessary.
Whenever I've traveled internationally, while I've had to provide the airline with a bunch of info when booking my flight, I've never had to provide a scanned version of my passport.
Rather, when I arrive at my destination (at both ends) I need to show the nice customs folks my passport.
Which airlines require providing them with a scan of a passport to book a flight? I ask so that I can make sure never to use those airlines. Thanks!
Absolutely nothing. "Digital" identities should be exactly that. I will never be comfortable identifying myself beyond my activity. If you require more data, then your services aren't for me, unless you're a municipal provider.
>>scanning your passport in an airline mobile app to book an international flight comes to mind
Why? Proof of ID would be required at boarding time, and by Security who simply verify the supplied info matches the actual ID, but does not actually scan and store the document (nor should they)
I am unclear what in a booking process would require a person to scan in your passport to book the travel?
How would this work if I am a corporate booker needing to book flights for others, do I need to maintain a copy of their ID's?
Your example is pretty flawed, as is most examples you will come up with because in reality there is no reason to have to upload your ID. It is draconian and should be resisted by everyone for any purpose
To be fair, it's not part of their login flow, it's part of their verification flow. It's a one-time thing, not an every-login thing.
I also see no problem with this. What could they realistically use this information for that would be nefarious? It doesn't actually store the ID in any real sense, as they explain in the link, and I see no reason for them to lie about that.
It's real easy to scream, "But My Privacy!!!", and probably a decent amount more difficult to come up with an actual and practical risk there.
Honestly, if your threat model includes "video game companies that lie about age verification systems", I don't think you're taking your security very seriously.
In the Netherlands we have a government app that blacks out the sensitive stuff called kopieID.
Honestly if you are going to ask for identification ask for a passport or driver's license not this idiocy of credit cards and bank statements. That's just insulting my intelligence.
Pretty wild. May be buying Adjust for a low price here, but the vertical integration of Applovin (a game developer/ad tech platform) owning Adjust (the biggest mobile attribution platform) and its data and all the data of its game developer partners seems... pretty questionable.
I love this letter. This is exactly the type of direction and freedom to come up with solutions that I would expect from a strong CEO or leader. Not prescriptive, but clear on which problems are critical to solve.
As someone who works in the video games industry, I can guarantee it is the lockdown. Stay at home orders align really closely with significant lifts in new players, increased hours played, and many other core metrics across the industry. And many games have seen significant lifts in their existing live service performance (not just new games).
I also work in games and I can confirm this too - even our older games which had dwindling player numbers have gotten a massive increase in player numbers in the last 2 months. In some cases we've had to spool up our network infrastructure to levels higher than at launch, since the numbers are so high.
Also could be a large uptick in unemployment. Lots more people sitting at home with nothing to do. Games are on sale most the time and can be had for 10-15 dollars on steam. That's the same price as a case of beer in some places and you get far more entertainment hours out of a video game than a six pack.
Uptick in console sales (far more expensive than $10-15) suggest money isn't the sole motivating factor. If it really were, you'd expect people to flock to netflix and other streaming services which are cheaper
Curious whether VC funding anticipated this long a timeline for autonomous driving and VR or if they all got swept along with the hype too. Countless billions invested with a very long time horizon.
So, 11 people for a year for Diablo. Meanwhile Diablo 4 took 300+ people 6+ years. So over 150x the cost, not accounting for the fact that game developers are paid much more now as well. People pretend it’s the same industry but it’s evolved dramatically.