Blaming Users When You Screw Up
from the not-cool dept
We're always amazed when we see companies blame their users for their own screwups. The latest company to do this, as reported on TechCrunch, is Zynga, who gave out some codes to certain users for $120 worth of in-game currency in one of its games if those users moved off of one social networking platform to another. However, Zynga didn't take the most basic technical precautions to stop anyone and everyone from using the codes. So, of course, anyone and everyone started using the codes. These things happen and even though it's embarrassing, the company can just turn off the code and get on with life. Instead, it not only rolled back user accounts, deleting lots of things many had done, but also tried to blame them for "exploiting" their system:Attention:It wasn't an exploit, it was poor programming on the part of Zynga. With a company like Zynga that has so many users, I'm sure it doesn't really care that some are quite pissed off, but at some point, the company may realize that cavalierly blaming users for their own mistakes can come back to haunt them in a big way.
Our records indicate you have redeemed Rewards Points using an exploit. Please note that future use of exploits may result in disciplinary actions, up to and including the permanent banning of your account.
We will keep your account active at this point, but have rolled back your account to 06/08/2010, the date prior to the redemption of these unauthorized Reward Points.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Zynga games were always buggy...
The general feeling among users that were familiar with software development was that they would get the code to an alpha level of stability and release it. They would then rely on the users to "beta test" their code, occasionally to disastrous results. While likely not true, a favorite item passed around was a purpoted statement from a Zynga insider claiming they didn't have the resources to beta and with so many users, it was just easier to release and apologize than it was to build a quality product.
As far as this latest incident, color me NOT surprised. This is a fairly typical screw-up on their part and a standard reply, but with slightly bigger stakes than normal. I'm sure they're thinking that with so many users, they can afford to piss off some while they attempt to make people do what Zynga wants instead of accepting some responsibility for once... :-)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
that developers are spoiled, lazy and stupid and totally responsible for hackers doing what they do.
just kidding.
if you introduce a bug, someone will exploit it. this is why you test software before rolling it out. hopefully someone will exploit the bug in a manner that brings it to your attention without causing much harm, but that doesn't always happen. this is true for any system.
[ link to this | view in chronology ]
Re:
the issue here for zynga is that $120 of in game cash is likely enough to stop those users from ever buying anything in game, as it is enough to buy most of the things you would want. in that way, if everyone uses the $120, it is likely that zynga will never make a profit on the game.
[ link to this | view in chronology ]
Re:
Bugs don't appear out of thin air. A computer program is a set of instructions. The execution model for a computer program is deterministic, meaning that, under the same circumstances, the program will always do exactly the same thing. This means that bugs can't appear out of thin air, so that's ruled out (well, sorta...after many years I'm still not sure if Windows is deterministic or not :p).
The exploits could have been introduced by the programmer either intentionally as backdoors, or unintentionally because of stupidity. In the first case, it's a feature that can be abused, so it's bad programming. In the second one, it's just bad programming.
Finally the exploit could be created by someone that cracked or reverse engineered your program. There isn't much you can do about this if the application is meant to be run locally since you can't control the execution environment.
But, if it is supposed to connect to a server, you control the environment (mostly). But should still have measures in place to verify the integrity of your clients and their credentials. This ensures that unauthorized clients can't connect and also ensures that, once connected, clients can't do anything sneaky. Your server is still vulnerably to attacks, so you should protect it somehow. If sneaky users gain access to your server, your entire security model falls apart...
So yeah, all exploits result from poor programming.
[ link to this | view in chronology ]
And the Streisand effect claims another victim of stupidity in the name of the almighty dollar.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
God, I hate Zynga.
[ link to this | view in chronology ]
wtf?
Someone obtains something in game that the programmers didn't intend them to be the recipient of. The users exploited the lack of controls set up by the admins to their own personal profit.
In what fantasy world does that not constitute an exploit?
Pro-Tip: If the GMs DON'T take action against exploits, the entire game/economy collapses and everyone stops playing whose not interested in cheating.
Mike, at this point, I wonder if you have ever played a game with a virtual currency.
[ link to this | view in chronology ]
Re: wtf?
- Free points for being a "loyal player"
- Free points every time you level up
- Free points for completing various in-game achievements
- Free points to make up for system problems
Based on past experience, it's not that hard to imagine the code being a "get players back into the game" freebie. Their own lack of communication and planning is what did this.
Look at it this way - all the developers had to do was add a second prompt and some additional text to the code input screen:
Tagged Account:
* Warning: This code is intended for Tagged users migrating to Facebook. Unauthorized use will result in account rollback or cancellation.
Code use could be limited to once per Tagged account address and would have stopped the complaining on rollbacks since the warning was right there.
The real problem here is that Zynga never seemed to consider how their code would be exploited. In this day and age, any development should be done with security and stability in mind. You have to assume from the start that someone is going to abuse what you create. It's your job as a competent developer to prevent that. Anything else is just plain laziness.
/MMORPG player for 5+ years
//Developer for 15+
[ link to this | view in chronology ]
Re: wtf?
[ link to this | view in chronology ]
Re: wtf?
The programmers didn't take 5 minutes to secure their software and it's somehow their user's fault that the software was hacked?
[ link to this | view in chronology ]
Re: wtf?
[ link to this | view in chronology ]
of course it's an exploit.
It's a bit ironic that top-level gameplay for bestsellers these days demands exploiting any advantage: how else does one crack into the top 100 of 50,000 players?
Yes, I like the corporations to own up to mistakes, yet I doubt the game industry will learn anything from it. EA is still getting worse and worse and consumers are still buying more. I don't think gamers are near enough to bleeding from the pockets yet, unfortunately.
[ link to this | view in chronology ]
Yes it is an exploit
[ link to this | view in chronology ]
Google Software Engineering
[ link to this | view in chronology ]
Pathetic
[ link to this | view in chronology ]
Re: Pathetic
Honestly, I think TechDirt should allow insiders to see what domain someone posts from and what domains they have posted from before because I suspect Michael that you would show up from Zynga.
[ link to this | view in chronology ]
Re: Re: Pathetic
If i could safely prove to you that I was not from Zynga, I would. I imagine, however, if I were trying to defend Zynga as my company, I would have worded things differently. Such as defending Zynga as an amazing company or some other sort of similar argument. Instead, I, albeit indirectly, said Zynga games were not fun.
[ link to this | view in chronology ]
Re: Re: Re: Pathetic
What they should have done is to keep the economy stable (if this amount would've thrown it off by to much) is to give everyone the money and then raise the prices on things. Yes, people would've still complained, but they just got some extra money, so it would be less of a sting to them.
Over time then, slowly remove the money from the economy and generally lower prices to match being careful not to have any inflation. Once the money is removed (as the players themselves remove it and not the "gods"), things will be back to normal except the users will remember when they got some extra money and had fun with it.
TLDR: Balance the Economy by increasing the money in circulation. Not by removing it and causing users to get upset.
[ link to this | view in chronology ]
Re: Re: Re: Pathetic
[ link to this | view in chronology ]
Re: Re: Re: Re: Pathetic
Oh I get it, there are no corporations lobbying in Zanga, so nobody has their hand out waiting for a government bailout...
Oh well.
[ link to this | view in chronology ]
Re: Pathetic
"All of you guys who are whining are simply whining"
makes no sense. If you are whining, you are whining. Here. I have a facebook group for you to join..
http://www.facebook.com/home.php?#!/group.php?gid=336697012237
[ link to this | view in chronology ]
Re: Re: Pathetic
[ link to this | view in chronology ]
Re: Re: Re: Pathetic
[ link to this | view in chronology ]
Re: Pathetic
We're "whining" because Zynga developers didn't take 10 minutes to consider how the promotion could be abused and take some very simple steps to prevent it.
This was not the first time something like this has happened. I remember at least 4 or 5 when I did play, but none with as drastic a reaction as this one. In the past, they just closed the loophole and were done with it - regardless of how badly it was exploited by players. Some of the "exploits" led to advantages just as bad or worse than this one. The reaction this time is over the top, especially for players that DO spend money on the game.
You'd think the developers, or at a minimum their managers, would have learned that players will abuse any opening they can to get ahead. They obviously still haven't learned their lesson.
[ link to this | view in chronology ]
Re: Pathetic
Read the article TITLE again. You DO NOT blame your users, especially customers.
Let's review the mistakes:
#1: Open code. BIG problem. All Zynga had to do was generate a system which related the user with a specific code. 10 minutes of coding. Done.
#2: Sharing open code. BIG problem. There's no damn excuse any developer should rely on the "honest system" in this day and age. What if someone's got malware on their computer, not realizing it, and the snooper took advantage?
I'm betting the contact wasn't done through https. Want to bet?
#3: Tucking tail and blaming others: BIG mistake. While they do have a right to correct the problem, they shouldn't have lied to the user saying it was an exploit. An exploit, for definition, *is when code is maliciously used against its purpose*. Redeeming this coupon violated no code purpose.
We're done here.
[ link to this | view in chronology ]
Re: Re: Pathetic
Regarding your points:
1. They're called bugs. Logic bugs, design bugs, error bugs, etc., they happen. Oops on their part way to call it out, call me when your company produces perfectly designed code. Two "we're done here."
2. See number 1. Three "we're done here."
3. It is by very definition an exploit, for actual definition:
exploit
verb |ikˈsploit| [ trans. ]
make full use of and derive benefit from (a resource) : 500 companies sprang up to exploit this new technology.
• use (a situation or person) in an unfair or selfish way : the company was exploiting a legal loophole | accusations that he exploited a wealthy patient.
• benefit unfairly from the work of (someone), typically by overworking or underpaying them : making money does not always mean exploiting others.
Four "we're done here"
"We're done here." -- You have no idea what you're saying.
[ link to this | view in chronology ]
Re: Re: Re: Pathetic
You're obviously not a programmer. A bug is when the system doesn't perform as expected.
This is not a bug. When someone entered the code, did it not do what it's supposed to? Seriously, get a clue, please.
"the company was exploiting a legal loophole."
Read this definition again and again until it sinks in. The users did not exploit the system. They exploited the coupon.
That's not the same thing.
The system did exactly what it was intended for: "Anyone entering the coupon gets this."
Zynga's fault was, and still remains, in that they didn't write the system as "This user entering this coupon gets this."
No way in hell are you going to convince me this is just a "bug". It's poor programming and any programmer will tell you this. Again.
SQL injections on a web page are an exploit. Programmers ignoring this potential exploit when all available solutions close them are at fault. Not the users.
Just ask Mike, as Techdirt found this out the hard way. I didn't see Techdirt blaming them, did you?
Learn from this.
[ link to this | view in chronology ]
Re: Re: Re: Re: Pathetic
I guess I didn't get through to you the first time. Read and comprehend everything before responding. You just simply do not understand. You don't even understand what you're saying.
Your definition, "a bug is when the system doesn't perform as expected." In this case, zynga created a system that was intended to entice people to from one platform to another. Unexpectedly, this also allowed all to use the code. Therefore the system is not performing as expected. So, as per your definition this is a bug, more specifically a design bug.
Try to read everything I write next time, instead of picking and choosing, you're missing the context, content, and points.
As an aside, it's poor form in an argument to claim that I am not a programmer because I don't agree with you.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Pathetic
No. What's poor form is making asinine statements in response from programmers who try to help correct those who don't know any better.
I may be tactless, but it's better than being ignorant.
You don't want to learn, your call. However, I'd suggest you read other people's replies than just mine. You may be surprised many agree with my position on the difference between an exploit and a bug.
[ link to this | view in chronology ]
Re: Re: Re: Pathetic
Have you ever programmed anything bigger than "Hello world" in your life?
This sort of mistake isn't something where you go "oops, slipped by me, my bad". It's a huge mistake on their part. It's not even a bug, it's a design flaw.
[ link to this | view in chronology ]
Re: Re: Re: Re: Pathetic
This is called a pissing match. Please don't start that.
"It's a huge mistake on their part. It's not even a bug, it's a design flaw."
You should explain where you think design bug ends and design flaw begins.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Pathetic
Allow me.
Imagine if this were a security issue. Try saying to your boss, "But gee, I didn't intend for the world to have access by creating a single password account."
See how long you keep your job with a reply like that.
Hint: The unemployment line starts over there.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Pathetic
The reason I ask is because you don't seem to understand how a computer program works or how it is made. You should try it a few time (I suggest Python if you want it easy) and maybe in the future you will not make a fool of yourself.
"You should explain where you think design bug ends and design flaw begins."
There is no such thing as a "design bug". A bug is an unintentional programming mistake that causes harm or simply makes the program work in a way it's not supposed to. Bugs happen to anyone (just ask any programmer) because you were either tired or not paying attention or just because you mistyped something.
A design flaw is when the basic idea of what you were trying to implement is wrong or flawed. It is not a mistake, it is a planning failure. Your whole plan (or a critical part of it) is wrong, which is what happened here.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Pathetic
[ link to this | view in chronology ]
Re: Pathetic
[ link to this | view in chronology ]
Your point is ? cheating is ok as long as its a loophole !
And what is the point of playing a game if you intend to cheat and 'game' the system ?
And any complex online game will have hidden issues, bugs, and errors, but just because they exist does not give you the right to exploit them.
Its like finding a door unlocked, the right thing to do is tell someone to lock it, the wrong thing to do is open the door and see what goodies you can take from inside.
So its sad if your getting online to play an MMO and your intension is to cheat and game the system to give you unfair advantage over the honest game players, who you know actually follow the rules and spirit of the game.
So if I catch someone cheating in WoW (when I used to play) I would report them, because they are cheating.
No one likes a cheat..
[ link to this | view in chronology ]
Re: Your point is ? cheating is ok as long as its a loophole !
"Its like finding a door unlocked, the right thing to do is tell someone to lock it, the wrong thing to do is open the door and see what goodies you can take from inside."
Whoa!! Easy there control freak!
Finding an unlocked door means you should tell someone to lock it? Even opening the door isn't wrong unless the door is somehow labeled to indicate restricted access. Some doors are even meant to be unlocked. You're making a pretty big assumption deciding the door needs to be locked and it is now somehow your responsibility to find that person (if you want to be doing the right thing - says you).
The part where you take the stuff inside, that is what is "wrong/immoral/illegal".
I'm just saying...
[ link to this | view in chronology ]
Re: Your point is ? cheating is ok as long as its a loophole !
And what is the point of playing a game if you intend to cheat and 'game' the system ?"
It's not cheating if the game allows it or if it is agreed upon all player that it is not. I often give "super powers" (cheats) to players on my server and no one complained.
If the game owners do not enjoy people exploiting their game, they should fix the loophole that allows the exploit, NOT ban people for using what is, essentially, a game feature.
"And any complex online game will have hidden issues, bugs, and errors, but just because they exist does not give you the right to exploit them."
Hell yeah it does. It might be immoral and annoying, but if the game (the rules) allows it, I can, and will (well, not me, I don't like that sort of thing).
"Its like finding a door unlocked, the right thing to do is tell someone to lock it, the wrong thing to do is open the door and see what goodies you can take from inside."
Uhm, right. But that's in the physical REAL world, where if you take something from other people, you are depriving them of that thing. In this case, you are also trespassing, i.e., physically invading someone else's property.
You are violating rules. When using a game exploit, you are not since a computer program is a set of commands and rules...if you can do it, it's because the rules allow it. Not the rules in the game manual, but the ones that count. The ones in the game binary.
"So its sad if your getting online to play an MMO and your intension is to cheat and game the system to give you unfair advantage over the honest game players, who you know actually follow the rules and spirit of the game."
Don't like it, find a better server. Complain to the game masters and urge them to change the rules (patch the game). Better yet, create your own server and invite your friends. Play with bots too...they don't cheat (much).
If that's not an option, and since that's an MMO, get a lot of players to mob that player and beat the holy crud out of him. No amount of cheating will save him. Of course, good luck finding people willing to do that online...they are probably too busy "pwning n00bs" to help you...
And besides, I get a warm fuzzy feeling every time I whack a cheater. Sorta proves that I'm better than him, since I nailed him even though he cheats.
"So if I catch someone cheating in WoW (when I used to play) I would report them, because they are cheating.
No one likes a cheat.."
Meh. I used to play CoD4 online, and an occasional cheater popped up. Didn't do much and would generally leave after a while (or get kicked). If it was too bad, I could always switch to one of the other HUNDREDS of servers available.
And you shouldn't report them for cheating. You should report the exploit they are using so that the game makers can fix it (if deemed necessary).
[ link to this | view in chronology ]
Re: Your point is ? cheating is ok as long as its a loophole !
Actually, blizzard never bans anyone for exploiting a bug within the actual game. And certainly not without warning users that taking a certain action is a bannable offense.
[ link to this | view in chronology ]
Re: Re: Your point is ? cheating is ok as long as its a loophole !
[ link to this | view in chronology ]
If I report, does it delete the post or does it "gray out" and make them stand out less on other sites.
If someone marks me as Insightful, do I get cash? :P
Some advice, if the developer doesn't mind: How about a "Check out what we're doing!" page for TD. I'll read it. Promise.
:)
[ link to this | view in chronology ]
"It wasn't an exploit, it was poor programming "
And ofcourse this company took the correct action, there will always be bugs, and loopholes, and the word that there is some way to game the game travels very quickly among users.
But the vast majority of people who play these MMO's do so because they want to do the quests, and to do the hard grinding to get the nice things. They like to play in the spirit of the game, and not cheat to get their way.
And ofcourse if enough people are cheating, the honest players will say "screw this", and quit, why do all the hard grinding, when if your willing to cheat a bit, (and they know what they are doing, it IS cheating), to get an advantage over the honest players.
So this company could not just say, "my bad, you can keep the stuff you got" and all the honest players go without.
This is the only action they could fairly take, for the sake of game quality for the honest players.
To let them have it, would be wrong, just as it would be wrong to give it to everyone, some may not want a freebee, they may want to get it the way you should, by earning it.
Not exploiting a loophole, which does not have to be poor programming, it might just be an undiscovered issue, the players know what is honest and what is cheating. so do the game overlords.
[ link to this | view in chronology ]
Did someone forget to tell Zynga that Farmville isn't a real farm?
[ link to this | view in chronology ]
"Don't like it, find a better server. Complain to the game masters and urge them to change the rules (patch the game). Better yet, create your own server and invite your friends. Play with bots too...they don't cheat (much)."
People know when they are exploiting a game "feature". They are getting money, equipment, kills, etc in a way that is orders of magnitude quicker/easier than other methods of comparable difficulty in the game. It is not hard to figure out. There are rules against it, though by necessity they have to be vague. The owners of the server dictate them and respond accordingly via bans or punishment or whatever means they desire because they created the server and invited their friends (customers). Follow your own advice if you don't like how a server is run as you are the one disagreeing with how most long lived successful game servers operate. Or convince the owner that it's good business to let people who don't play by the spirit of the game to drive off the people who do.
That said there are unintended events that are less clearly against the spirit of the game. If someone finds a novel way to get money 1.5x faster than everyone else this is not the same as someone finding a way to get money 10x faster as any other method. Punishing a player for the former will hamper player creativity and fun because they won't know when they are using an "exploit" and not punishing the latter will harm player morale because why should a player work hard when someone else is going to use an exploit and make all their hard work pointless and possibly reduce the reward for their work.
This is all moot for the case in hand because if Mike C is correct, many users who did this had no idea that what they were doing was not the intended use, and apparently the amount was so much that its presence greatly disturbed the game environment. So punishing the players makes no sense and leaving things unreversed is unsustainable (according to discussion thus far). Throw into the mix that people pay real money for these game credits complicates things further because then it makes the option to increase the cost of things in game less tenable. If it were up to me I would partially revoke the the unintended game credits. I.e. take away enough that the economics of the game are not totally screwed up and to those who lose the credits give something special. I don't know exactly how these game works but something along the lines of a unique "I survived the 2010 game exploit" item, that doesn't affect the game, but is somehow special would go a long way toward reducing customer dissatisfaction with this major mistake. (Actually from what I've read about Zynga, I think it should commit corporate suicide but I don't think that's going to happen.)
[ link to this | view in chronology ]
"ALL exploits ARE the result of poor programming." exept the deliberate ones... so not ALL
"ALL exploits ARE the result of poor programming."
Yes ALL ARE,,,, EXCEPT..
Just may be,, an intensional, or deliberate exploit.
It fun how people here are so black and white, for them there can be no levels of grey. It's either that, or it is NOT that.
Which is odd, and its clear the world is not binary, all copyright, patents and IP are NOT "bad" or "good", they just are what they are.
But I think Mike has been to the Richard Stallman school of the "redefinition of words".
He likes to use emotive terms to get a reaction, and you guys seem to suck it in like cotten candy.
Mike is trying to redefine the economy, the markers, IP laws, computer security laws, he was to retask musicians and movie makers to sales men and torrent site hosters.
Sorry, I digress.
"ALL exploits ARE the result of poor programming."
ALL is a strong word, that mean NO exploits are good programming, and ofcourse, exploits can be great programming, they could do exactly what the programmer intended.
BTW: programmers dont think of "good" or "poor" programming, they program.
A painter does not go to work and say "today I will paint poorly" or "today I will paint good".
They paint, program the best they can, programmers do not start with a blank sheet, they are given a requirements and specification document. That tells them what they need to program.
If that specification is incorrect, the programmer can write fantastic code, exactly meet the specifications laid down. But if the specs are wrong or incomplete. The result code would be wrong.
And how is that the programmers fault, he delivered product that met the specs, he cant mind read and deterine that the person who wrote the specs was actually think something different.
So programmers dont work in total isolation, and they are not required to design the system, system archetechts to that.
They write code to a specification, if that specification is flawed, the programmer can do everything right, make perfect code. That still does not do what it was really intended to do.
[ link to this | view in chronology ]
Re: "ALL exploits ARE the result of poor programming." exept the deliberate ones... so not ALL
Just may be,, an intensional, or deliberate exploit.
It fun how people here are so black and white, for them there can be no levels of grey. It's either that, or it is NOT that."
We are talking about computer programs here. It IS black OR white. You can't have something in between. Learn a little about how CPUs work. Also, learn how to program...not only will it make your life a hell lot easier, but you will learn a thing or two about how this world works.
And of course the exploits can be intentional. But that is still a bad programming technique, because if YOU can exploit it, so can I. You could argue that because you hid it so well, it will be hard for me to find that exploit, but consider this: You are one person. How many people you think are in the world that are capable and willing to crack open your software?
About the rest of your rant:
If you are given the wrong specifications the code output will always be BAD. You can't call code that deliberately cripples an application "good code".
Picture this: you are an engineer and you are told that you must build a car with two wheels on a four-wheel car frame. Do you think the output will be good? Can you end the work and say: "Now there's a job I am proud of"? Of course not. You will feel miserable throughout the whole project and even more miserable when you must show that poor excuse for a car to the rest of the world.
In short: bad plan == bad code.
[ link to this | view in chronology ]
Mafia Wars Blackout
http://www.facebook.com/event.php?eid=131003793592977&index=1
[ link to this | view in chronology ]
Petition to Zynga...
[ link to this | view in chronology ]
[ link to this | view in chronology ]