Anti-piracy company Denuvo announced a new technology designed to make upcoming Nintendo Switch games more difficult to emulate on PC. This move, which comes in the wake of Nintendo’s exceptionally punitive court case against Gary Bowser, could make pirating and emulation of Nintendo games more difficult, but is unlikely to stop the practice.

Denuvo is best known for its DRM (Digital Rights Management) anti-piracy tools, which have thus far been primarily designed for PC games. The company has a reputation for extending the time it takes for a given game to be pirated, at the expense of a game’s overall technical performance. This was most notable with TEKKEN 7, in which case the game’s director acknowledged that diminished PC performance was on account of Denuvo’s DRM process. These performance concerns, in addition to the kernel level access required by the software (which makes some worried about the security of their PCs), has earned the company a lot of ire in virtually every gaming community it comes into contact with.

This new tool is not designed to prevent ROMs from being pirated on Nintendo Switches, but prevent their emulation on PC which has become increasingly easy in recent years. Metroid Dread, for example, was cracked within a day of release, allowing some to play it on PC for free, instead of purchasing the game. It is worth noting, however, that despite the claims of many companies, it’s hard to prove that pirated and emulated copies of games directly translate to lost sales and, anecdotally, piracy can directly translate to sales on their intended platforms through word of mouth endorsement and the ability to demo games on an emulator in order to determine what is worth buying at full price.

Emulators and ROMs also play an essential role in maintaining gaming history, as they allow games to be preserved away from storefronts which companies can shut down on a whim. The Nintendo 3DS eshop, for example, is currently in the midst of a prolonged death in which credit card payments are being turned off in preparation for the store’s inevitable death. This will prevent 3DS owners from purchasing digital games, including download-only titles. Emulators and ROMs allow for copies of these games to be preserved and accessible by a future audience.

“Software publishers and Denuvo take great care to deliver the best gaming experience," told Waypoint. "The protection is designed not to affect the gamer’s experience, and it does not have any in-game performance impact. It is the same for this new solution when protection is only active in non-performance critical code parts.”

Denuvo’s software is designed to delay emulation, not to stop it altogether, the company said: “The situation with piracy on Switch is similar to the PC. It’s an ongoing development to make it harder for cracks to happen, extending the revenue window for publishers and keeping games fair for all players.” The company has had success previously in significantly extending the time it takes to crack games like Assassin’s Creed Origins, which is the ultimate goal of most anti-piracy measures. Denuvo’s tools attempt to protect games during their early release windows, when sales are at their highest, with the acknowledgment that they’ll likely be cracked later down the line.

Nintendo, with its massive catalog of exclusive games and ever-diminishing ability to access them, has been the target of emulators for a very, very long time and will only continue to be so going forward. Only time will tell if this new partnership with Denuvo will have any impact on its thriving emulation scene.

Nintendo did not provide Waypoint with comment in time for publication.

Apple has agreed to pay a total of $50 million to consumers who owned and had to replace a keyboard on a series of MacBooks and MacBook Pros produced between 2015 and 2019, giving at least the semblance of accountability for the environmental and usability disaster that resulted from Apple’s “butterfly” keys—the worst keyboard design ever put into mass production. 

The payment is part of a settlement in a four-year-long class action lawsuit. As part of the settlement, Apple did not admit fault (but has since totally redesigned its keyboards). Court documents note that the case involved the review of 1.2 million pages of documents and 38 depositions. As part of the settlement, people who needed multiple keyboard replacements will get up to $300, people who needed one keyboard replacement will get up to $125, and people who only needed key cap replacements will get $50.

As part of Apple’s seemingly singular quest during the mid-2010s to make its products thinner, more elegant, and more beautiful at the expense of usability, repairability, recyclability, and sustainability, the company introduced the Butterfly Keyboard in its laptops. This keyboard was included on roughly 15 million laptops sold in the United States, according to the lawsuit.

This keyboard used a new type of “switch,” the mechanism that detects when a key is pressed and pushes it back up to a resting position after it’s been pressed. The butterfly mechanism had less “travel” than other types of switches, meaning that the key didn’t go down as far after it’d been pushed. This led to a worse typing feel, but also, crucially, the butterfly mechanism was made of extremely fragile plastic and was also easily felled by specks of dust and crumbs. Eventually, multiple keys would get stuck in the pressed position, wouldn’t register key presses, or wouldn’t register key presses but then would register multiple key presses when you pressed it, an infuriating occurrence that seemingly happened to the vast majority of people who ever owned a MacBook with one of these keyboards.

To make matters much, much worse, these keyboards were incredibly difficult to repair or replace; for a while, Apple’s strategy to “fix” a keyboard that had a few broken keys was to simply replace the entire bottom half of the computer. This is, as you can imagine, incredibly wasteful, very expensive, and likely caused many people to upgrade their computers earlier than they would have otherwise had to. One of the best strategies for temporarily "fixing" the keyboard was to turn it upside down, blow on it, and slam on the broken key repeatedly, a ridiculous process that nonetheless was sometimes successful in dislodging a crumb or speck of dust.

Apple first slightly redesigned the butterfly keyboard, then did away with it entirely in 2020, bringing back the older but more reliable “scissor” switches. MacBook keyboards are now beloved by most. 

VRChat, one of the only virtual reality applications that comes close to implementing anything resembling futuristic visions of the “metaverse,” is in total chaos after the social VR company announced a security update will disable all user-made modifications. 

On any given day in VRChat, it’s possible for Winnie the Pooh to interview a war veteran dressed as Anakin Skywalker in a surreal forest or to slip into a hellish nightmare world designed like Disney merchandise from the 1990s. The security update, users say, will make some of that creativity and functionality more difficult.

What this means in practice is that many of the tools that VRChat users rely on to create dynamic, interactive avatars, as well as add accessibility features that make VRChat usable to people with certain disabilities, will no longer work. 

This update is part of VRChat’s implementation of “Easy Anti-Cheat” or EAC. EAC is a program commonly used in competitive multiplayer games to prevent the use of hacks and cheats. EAC would stop the bulk of VRChat’s mods even though these mods have nothing to do with “cheating” (it’s almost impossible to “cheat” in a game like this anyway).

The reaction from the VRChat user community has been swift and brutal. Users are review bombing the game on Steam, which now has a “mosty negative” score on the digital storefront. It was, until this update, rated mostly positive with more than 100,000 showring the app with praise. “I love the community and opportunities this game has provided to me, but this is just an awful move from the devs,” one recent review said.

The official VRChat Discord server is filled with too many complaints to keep up with. Unofficial VRChat modding and “erotic role playing” servers are preparing for ways to get around the new security features, or devistation of their communities. People with disabilities are begging VRChat to not implement the security update. 

For example, one VRChat user on Twitter explained that the “VR-CC” mod, which adds closed captions to movies in VRChat, allows deaf users to virtually view movies with their friends. “They’ve [VRChat] done absolutely nothing to address serious accessibility gaps on their platform,” they said in  a video where their fox avatar in VRChat explains the issue in captioned sign language. 

“Accessibility is always a concern for our team, and we're constantly looking into ways to make VRChat more usable for everyone,” a VRChat spokesperson told Motherboard in an email. “One way that we've done this is by adding in OSC [open sound control] earlier this year. OSC has enabled our users to have an entirely new dimension of creativity, as well as the ability to build accessibility tools to fit their needs.” The spokesperson said that users have already used these tools to create text-to-speech and voice control functions.

“In case you’re angry and want to show that there is some info from the [VRChat Modding Group] Teams post: it prevents you from having unlimited avatar favorites. It prevents you from using anti-crash mods. It prevents you from using all other mod features you’ve come to enjoy. It prevents you from using safe, open-source mods that never made anyone’s experience worse,” a moderator of an erotic roleplay server said on Discord.

The moderator, like many other VRChat users today, also suggested canceling VRChat+, a $9.99 a month subscription service offered by VRChat that provides some enhanced features such as extra avatar slots. “And do not launch VRChat for at least a week to produce a visible player count drop,” the mod said. “Anti-community measures like these from a greedy corporation should be protested as loudly as possible.”

In the Discord server, some users are calling the game ableist, others are accusing VRChat of instituting a “police state,” and still others are saying that only furries and perverts will care about this change. Others call for solidarity: “Anime fuckers and furry fuckers, we need to band up together and put an end to this shit,” one user said. “Furries vs the world. Lets Go! Shit never changes!” another user said.

Users have also reported that they’ve been banned from VRChat’s official Discord after going there to voice their complaints.

So far, VRChat has only added Easy Anti-Cheat to a beta version of its popular social virtual reality app, and said the system will go on live servers in “the next few days.” It said it made the decision to make it harder for users to harass and attack others. 

“Every month, thousands of users have their accounts stolen, often due to running a modified client that is silently logging their keystrokes as well as other information,” VRChat said in a blog post about the change. “These users – often without even realizing it! – run the risk of losing their account, or having their computers become part of a larger botnet.”

“‘Modified clients’ are a large problem for VRChat in a variety of ways,” VRChat said in a blog post about the change. “Malicious modified clients allow users to attack and harass others, causing a huge amount of moderation issues. Even seemingly non-malicious modifications complicate the support and development of VRChat, and make it impossible for VRChat creators to work within the expected, documented bounds of VRChat.”

“While I'm not able to go into detail on internal security practices, I can say that we've seen an increasing amount of hostile traffic coming from accounts that have been clearly hijacked,” the VRChat spokesperson said. “These users have no idea anything is wrong, right up until they suddenly receive a suspension and then reach out to our moderation team. These types of hijacked accounts typically behave in a similar sort of way, and often these ‘bots’ can be taken advantage of by certain malicious clients. Those clients can then use these accounts to harass people in a variety of ways.”

Additionally, the spokesperson said that VRChat sees mods that users otherwise believe are benign that “report back” to a “home Discord.” 

“There, they share various bits of information: the mod user's name, what avatar they are wearing, what world they are in, and what other users are in their current world, just to name a few examples,” the spokesperson said. “This information can then be used to harass users and their friends, who have no idea that someone in their instance is using a modified client.”

“For years, we in the VRChat Modding Group have provided users with a curated selection of community submitted mods carefully checked by our Staff Team to ensure the safety of our users,” a moderator and staff member of the VRChat Modding Group Discord who goes by the name Hordini told Motherboard. “This includes everything from quality-of-life enhancements, to protection against negative exploits. The latter is especially important as history has shown in some cases it can take VRChat several months to resolve an issue that is actively being abused to bring harm to the community. With this change, open-source modifications will be next to impossible to provide, which may cause much of the community to explore closed-source modifications instead leaving them susceptible to potentially dangerous software.”

The disabled community is also upset by the changes as many use mods that modify VRChat’s client to make it accessible. “I’m partially sighted and have a condition called nystagmus, which makes it hard for me to see moving objects” one user said on Twitter. “I cannot see peripherals, so VRChat’s Vanilla Hud is impossible to see, so I have mods that make the hud more centered. It’s a reason I also have mirror/camera mods so I can somewhat see what’s going on around me. Immersive touch also helps in these instances because I can feel my surroundings and see how close another player actually is …I’m honestly going to switch to some other platform if this does indeed go through as it will leave me unable to play.”

UPDATE: This article has been updated with comment from the VRChat Modding Group.

Revealed: Documents Show How Roblox Planned to Bend to Chinese Censorship

Last year, Roblox launched a version of its game in China called LuoBuLeSi. Like other Western gaming companies that have entered the lucrative but heavily regulated Chinese market, it had to partner with a Chinese company, Tencent, who would operate the game in the country, and Roblox had to host user data on local servers, as required by law.

But newly released internal documents reveal that Roblox assumed and prepared for the possibility that any Chinese partner it worked with could try to hack Roblox. On top of that, Roblox expected Tencent to copy the game and create its own version of it. 

“Expect that hacking has already started,” one slide in a presentation from 2017, called “China MVP Ideas from Aug Trip; CONFIDENTAL,” read. The slide dates from before Roblox ultimately announced a partnership with Tencent. “Expect it to ramp up after a deal is signed, possibly even by partner.”

The documents also show the steps Roblox had to take in order for its game to comply with Chinese censorship laws: any maps created in the game had to “respect the integrity of the country and not misrepresent the Chinese territory,” including by recognizing Beijing’s claim of self-ruled Taiwan as part of its territory, according to a presentation given to Roblox by Tencent. Users and developers also “must not tamper with historical facts” and “must not appear any images or names of national leaders.”

There is no evidence that Tencent did target Roblox. The documents were originally obtained and then published online this month by a separate, criminal hacker who attempted to extort Roblox. Motherboard is publishing details from the documents despite them being obtained by a criminal hacker because of the overriding public interest in understanding the highly controversial steps major companies might take in order to break into markets in authoritarian countries.

Roblox also expected a group of hundreds of people to be working on reverse engineering any code that the company placed on Chinese servers. 

“Will need heightened security globally,” the Roblox slide on security continued.

Do you work at Roblox? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email [email protected].

In 2017, the Chinese market seemed wide open for Roblox. Although Tencent was likely to create a similar platform, and seemed to have one in the works in the wings, Roblox had no copycats in China yet, according to the slides. Roblox also pointed to Tencent’s repeated failures at launching user-generated content (UGC) gaming in the past few years.

Roblox, meanwhile, had a massive back catalog of user-made content it could bring to China. After games were translated to Chinese, Roblox could then make some of them visible in the country. The company had its own engine that developers around the world used to create their own virtual worlds. Roblox also had a strong social component, something that Chinese gaming company NetEase strongly recommended strengthening through top creators, the slides add. “Educational angle is a big advantage for us,” one of the slides reads.

“Strategically important to strengthen social networks,” another slide starts. “Best defense is a good offense—network effects will thwart copy cats.”

One slide that listed what Roblox needed to do to launch in China noted that the requirement that would take the most effort would be setting up local web servers. All personally identifiable information for Chinese players was not allowed to flow at all across the Great Firewall, the slides said. Other tasks included implementing phone authentication with SMS validation, something that Roblox was “doing anyway,” it reads. This authentication would use a “government validation API” and Roblox would also gather national IDs, the slides add.

“All players have national ID and real name, so less concerned about bad behavior towards children—easy to find the predators,” a related slide reads. Child predators are something that the main Roblox company fights off constantly.

Roblox had to carry out all of this preparation in part because the government review process takes 8 to 9 months, according to the slides. “Some missing translations are OK, but all critical features are required for both efficiency and government relations,” one slide reads.

At least in the short term, the plan was to entirely segment the Chinese version of Roblox from the international one. Although Chinese law allows non-Chinese players to play on the Chinese servers, those international players would also be subject to all Chinese laws, including those around data usage, the slides read. 

“Conclusion: Do not allow in near term—kids won’t understand this, and will likely lead to other concerns or difficult decisions,” one slide reads, adding that this could change over time.

The internal Roblox documents published by the hacker also detailed Roblox’s content moderation strategy, including teams of human reviewers and technology to assess user-generated content such as games, as well as the contents of messages between players. Given China’s intense censorship efforts, especially around user created content such as social media posts, Roblox would have to export that moderation effort to the country and potentially bring in another operator.

“Need fast-track moderation of games identified as bad. We have this internally—worth reviewing the tool for utility and security by third-party operator,” the slide says. A similar system would be needed for in-game items for the characters. “Like Games, all Catalog Items must be approved for China,” another slide reads.

For the moderation, Roblox’s potential partner of either Tencent or NetEase could help out as both had solutions at various states of maturity, the document says. There would be a cultural clash though: “Chinese companies err on the side of moderating content, not growth,” the slide adds, something that is generally unusual to U.S. firms.

In its internal presentation, Roblox weighed the pros and cons of working with Tencent or NetEase respectively. Tencent, on one side, is a “big player and knows it, seeking to leverage Roblox using their playbook, less flexible, likely requires us to keep our guard up,” one slide reads. Tencent would control the day-to-day operations if Roblox was to launch in China, and had a mission to “own all entertainment time across all devices,” it says.

NetEase had a different approach, in that it was specifically a gaming content company. “Direct, down-to-Earth, flexible problem solvers, acting in the interests of a joint venture,” the slide on NetEase reads.

Despite the apparent reservations in the slide presentation, Roblox eventually partnered with Tencent and announced their work together in May 2019. In its own presentation also included in the hacked documents, Tencent spelled out what sort of content was and was not allowed in games in the country. The November 2018 presentation was called “China Government Policy” and had Roblox characters on the first slide.

Games weren’t allowed any mistreatment of corpses, couldn’t display horror characters or scenes, and couldn’t contain revealing characters or pictures.

“Must not promote or go against basic moral values,” they continue. “Must not promote polygamy or one-night stands. Must not promote the values of money is all, power is all and so on.”

With historical figures, companies “must not tamper with historical facts, cultural events and historical figures,” the Tencent slides continue. The slide includes two images of Adolph Hitler marked with a red X.

“The map in game must respect the integrity of the country and must not misrepresent the Chinese territory,” it added. The slide shows a map of China, and four areas marked in red circles that are “prone to errors.” Those areas highlight Taiwan, the South China Sea, Tibet, and Aksai Chin. 

“Must not appear any images or names of national leaders,” the slide adds. 

The leak also included a spreadsheet of terms for different languages. In the Chinese spreadsheet, words included under a tab labeled Risk Level 5 included words like “abortion,” “Hitl3er,” and “victoria secret.”

On religion, games in China “must not incite national hatred, promote ethnic discrimination or undermine national unity.” As widely covered in media, government, and NGO reports, the Chinese government has embarked on a systemic and widespread cultural genocide against Uyghur muslims in the western region of Xinjiang.

Roblox was also expected to collect and authenticate the real names of players in China. “The main purpose is to provide necessary safe guard for minors,” the presentation reads. And, it had to comply with China’s anti-addiction policies, such as only allowing people to play the games for a few hours every day. In one of its own documents, Roblox said that this feature was a “must in China” but that is also presented a “great option globally.” The idea was to create this feature across the entire Roblox platform, and then make it a requirement in China and an option for parents in the rest of the world, another slide says.

Tencent also pointed to China’s rules on in-game purchases, and how they would specifically relate to Roblox. “There needs to be a cap on the amount that underage can purchase both every day and every month,” the slide read, next to a screenshot of a Roblox interface offering the sale of Robux, the platform’s currency. The slides also include images of Roblox cosmetics and other microtransactions.

Then in July 2021, Roblox launched LuoBuLeSi, the Chinese version of its platform. Other documents show some of the mechanisms it had in place for complying with Chinese regulations, including a game “whitelist” and moderation features for display names in the country. 

Roblox’s time in China was exceptionally short lived. In December 2021, the company closed down LuoBuLeSi without going into detail about why. Soon after it shut down, the company said that it was working to relaunch after making “necessary investments” to its “data architecture” but did not provide any additional information about closing..

Some of the slides then document the fallout: In the wake of the shutdown, Roblox refunded all player spending and made sure that existing players could no longer login. The company planned to delete Tencent player personal identifying information, but at the time the exact scope and timing of that was to be determined, the slides read. Roblox also scaled back its Chinese team while retaining enough staff to recruit in the country, the slides read.

Regarding the possibility Roblox saw that Tencent may hack the company, a Roblox spokesperson told Motherboard in an email that “The slide you reference was from 2017, before we had a formal joint venture relationship in place. As normal for a company entering into a new market, we consider risks and opportunities and plan for them.”

“Roblox policy is to comply with the laws of the regions in which we operate, including China,” the spokesperson added.

When, or if, Roblox does launch its game again in China, it plans to give players a free avatar and spending rebate, the slides add. When asked if Roblox has a date for when it may relaunch in China, a Roblox spokesperson told Motherboard in an email that “at such time that we can provide an update on when the application will be available to us.” Roblox said that, as of writing, the company still has a presence in China, including an office, employees, and Roblox Studio. 

Tencent did not respond to a request for comment.

“Tencent & Roblox stay fully committed to long-term China & Luobu success,” one of the hacked Roblox presentations reads. “Keeping current license paramount for future relaunch.”

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.