
G2A pays Factorio developer $40k over illegally obtained game keys - haunter
https://www.polygon.com/2020/5/20/21265275/g2a-confirms-it-sold-stolen-game-keys
======
css
G2A is, and has always been, a black market for software. They list Windows 10
for $27 [0], McAfee for $4 [1], among many other things [2]. They sponsor
professional esports teams to add legitimacy to their brand [3].

[0]: [https://www.g2a.com/microsoft-windows-10-pro-microsoft-
key-g...](https://www.g2a.com/microsoft-windows-10-pro-microsoft-key-
global-i10000083916004)

[1]: [https://www.g2a.com/mcafee-antivirus-pc-1-device-1-year-
mcaf...](https://www.g2a.com/mcafee-antivirus-pc-1-device-1-year-mcafee-key-
global-i10000178790001)

[2]:
[https://www.g2a.com/category/software-c5](https://www.g2a.com/category/software-c5)

[3]: [https://navi.gg/en/read/text/232-navi-prolongs-the-
partnersh...](https://navi.gg/en/read/text/232-navi-prolongs-the-partnership-
with-cs-go-players) (Note the logos on the uniforms)

~~~
lagadu
Why do you say it's a black market? Reselling of license keys is legal within
the EU. Granted the hundreds of keys mentioned in the article were originally
stolen, therefore illegal to sell but it seems they're taking steps to combat
those, including honoring the 10x agreement with the developers.

Having quickly googled it, I've seen much criticism about their sale of grey
market keys (keys sold cheaper to specific markets being sold to other
markets) but those are legal. Many of the other criticisms are because some
users are selling stolen keys, which puts g2a at the same level as Amazon or
Ebay.

~~~
duxup
The stolen key system (legit keys bought with stolen CCs) has been how G2A
keeps their prices low.

I don't think this has been a mystery to G2A and they've been at it for years
/ not been responsive to developers who have contacted them about it ...

~~~
driverdan
How is that different than someone selling products on eBay or Amazon that
were purchased with stolen cards?

~~~
jylam
It's not, but that doesn't make it legal.

~~~
throwaway2048
It also doesn't make G2A "A black market for software".

G2A is fundamentally a consumer empowering type of market/organization,
businesses who sell keys do not want their completely legitimately purchased
keys resold, and if you don't think they are going to stoop to painting the
people who enable that as horrible monsters, you have ignored the entire
history of markets and PR.

G2A has a standing offer to pay devs 10x what any fraudulently obtained keys
cost them, and they are making good on that offer here, the fact they are
still being treated like some kind of mafia-esque organization in these
comments says a lot about the power of PR.

Remember when the RIAA was coming out about the evils of used CDs and was
asking congress to make their resale illegal?

We are at that point right now with digital goods, with the majority of people
cheering on this blatantly anti-consumer bullshit and painting those that
enable fighting it as scumbags

~~~
falcolas
That standing offer is no longer a standing offer now that they've proven that
they are re-selling stolen keys.

Now they simply (and appropriately) offer to repay proven fraudulent keys and
chargeback fees.

G2A doesn't get much good press because many people empathize with indy games
devs, and prior to this finding G2A loudly and broadly claimed that there were
not stolen keys being sold through their storefront.

~~~
throwaway2048
Do you think Ebay is free of stolen goods and illegal credit card
transactions? G2A works exactly like Ebay does, and I don't see much hand
wringing about how we need to shut down the scum at Ebay, for the children.

~~~
hxegon
So you think because sometimes ebay listings are stolen goods that G2A selling
stolen goods is fine, gotcha. Seriously what is your point here.

~~~
throwaway2048
Its not fine, but its also completely impossible for G2A and ebay to fully
avoid, because both are marketplaces.

What matters is how they address it, and that is being completely ignored in
these comments in favor of vague moralizing about the evils of consumer
choice.

------
noname120
See the second part of this blog post[1] from 2019 for more context.

In a nutshell, fraudsters buy keys from the official Factorio store with
stolen credit cards. They then sell these keys on G2A and Factorio gets
charged back (+fees) when the real owners of the credit cards report the
transactions as fraudulent.

[1]
[https://factorio.com/blog/post/fff-303](https://factorio.com/blog/post/fff-303)

~~~
mindslight
These keys are effectively serial numbers, not blinded tokens, right? Why
don't the original sellers just revoke ones that were obtained through credit
card fraud?

~~~
NoodleIncident
How does that get the devs any of their money back?

~~~
mindslight
I don't know what you mean. Someone who wanted a key would have to buy one
that wasn't fraudulently obtained, thus supporting the developer. The seller
in fraudulent transaction would still have to eat the chargeback fee, but it
would be a better overall result than now where the fraudster profits.
Eventually they would do this quick enough that it would become pointless to
attempt the fraud, thus reducing the chargebacks.

~~~
slavik81
The fraudster profits regardless of whether the key is revoked or not, because
they sell the key to some sucker before the fraud is discovered. The fraud is
discovered when somebody looks at their credit card statement and notices the
unexpected charge, so the game developer has a very limited ability to revoke
fraudulently obtained keys more quickly.

------
conistonwater
> _G2A told Polygon at the time that it intended to use either
> PricewaterhouseCoopers, Ernst & Young, KMPG or Deloitte to perform the
> audit. Unfortunately, according to a blog post issued on Wednesday, G2A
> couldn’t come to terms with those large firms and just did the audit
> themselves._

I wonder what the story is there, and I doubt those are the only companies
capable of auditing.

~~~
dmurray
The total value of keys stolen was $4k and the settlement was $40k. The big 4
audit firms won't do a custom audit operation for that kind of price.

It only really takes someone with a bit of technical expertise who both
parties can trust. In this case you could probably find some enthusiast to do
an excellent job for free. If Wube and G2A were able to agree the process was
fair, that also seems good enough here - they don't need to satisfy a
regulator or a tax authority, which are the main purposes of audits.

~~~
conistonwater
$4k per the one game they looked at, not $4k total, right?

~~~
dmurray
Only one developer, who only develops one game, applied for the audit/refund
process.

------
LoSboccacc
all the "factorio friday facts" (blog title) leading up to the offer to audit
and the 10x settlement

[https://www.factorio.com/blog/post/fff-145](https://www.factorio.com/blog/post/fff-145)

[https://www.factorio.com/blog/post/fff-171](https://www.factorio.com/blog/post/fff-171)

[https://www.factorio.com/blog/post/fff-303](https://www.factorio.com/blog/post/fff-303)

------
Nextgrid
Just curious, how do these illegitimate keys get obtained to begin with? Is it
some kind of payment fraud where keys are obtained through fraud and the
payments then get reversed? If so why don't the keys get invalidated when the
associated payment is disputed?

~~~
dx87
A couple of ways I've seen are:

Pretending to be an "influencer" so you get free press keys

Buying keys in a region with low regional pricing then reselling them in a
higher region

Buying a bunch of keys during a sale, then reselling them a couple of months
after the game is no longer on sale

~~~
lagadu
All of those are completely above water, legally speaking. There's even a term
for that: arbitrage.

~~~
pmyteh
The first is probably Fraud by False Representation if you do it in England
and Wales. ("Made a false representation, dishonestly, knowing that the
representation was or might be untrue or misleading, with intent to make a
gain for himself or another, to cause loss to another or to expose another to
risk of loss.")

------
tgb
I just stared playing Mindustry [1] after someone on HN recommended it a few
days ago and I'm hooked. My understanding is that it's roughly a Factorio
clone, which I haven't played. Should I go play the original? Glad the
developer got what they were owed here.

[1] [https://mindustrygame.github.io](https://mindustrygame.github.io)

~~~
jl6
Don’t play Factorio if you have other responsibilities such as family,
friends, work or hobbies.

~~~
StavrosK
I avoided Factorio for years because it sounded like the sort of thing I'd get
addicted to. At one point about a month ago, I saw it here and decided to give
it a try.

I barely slept for the next two weeks, I played something like 100 hours in
that time, and kept going to bed at 7 am.

Luckily, I never played again after launching the missile, it's kind of lost
its appeal after I saw the full tech tree and there was nothing else to
research.

~~~
Obi_Juan_Kenobi
> the full tech tree

Thanks to modding, such a thing does not exist.

Bob's & Angel's is the most popular big mod. Krastorio2 is a recent 'vanilla+'
offering that I've been enjoying a lot recently. The 'familiar but different'
feel is very compelling. There are loads of smaller mods, but I've always like
the modpack approach a la Minecraft.

It's noteworthy that Wube has unofficially supported the Krastorio2 modders.
It demonstrates their commitment to the community, and was just a great
decision all around.

~~~
StavrosK
Oh huh, I'll install that, thank you. I like things that add new
functionality, but I'm not very excited about mods that just split the
existing tech tree into more/harder steps. Do these mods add new
functionality, or just make things like circuit types more numerous and
expensive?

~~~
buzer
Depends on what you define as new functionality. They can have things like
warehouses (huge chests), mini factories
([https://mods.factorio.com/mods/MagmaMcFry/Factorissimo2](https://mods.factorio.com/mods/MagmaMcFry/Factorissimo2)),
by-products that you need to manage (more complex versions of uranium/oil
processing), new equipment (like early game buildbots or huge late game
inventories) etc.

~~~
StavrosK
Thank you, those all sound interesting. I installed a Nanobots mod and the
game was twice as enjoyable, it really should have that built-in.

------
sammycdubs
"G2A couldn’t come to terms with those large firms and just did the audit
themselves"

That's not an audit, it's just deep introspection

~~~
curiousllama
Deep introspection is free... audits cost $100k+

------
SlackingOff123
Black/gray market aside, the G2A "shield" cancellation process is the epitome
of dark patterns.

[https://imgur.com/a/ql0iC](https://imgur.com/a/ql0iC)

Terrible company.

------
dreen
Please can someone explain to me this: Why cant game developers just make a
key retroactively invalid if it was found to be stolen?

~~~
CivBase
They could, but it wont hurt the person who purchases the codes with a stolen
credit card or the reseller who already offloaded the stolen goods. It just
hurts the people who unwittingly bought the stolen keys.

~~~
dreen
Perhaps but they wont make that same mistake again right? At least they would
never buy anything from g2a again

~~~
NoodleIncident
Usually they blame the developer and then go buy someone else's games on G2A

------
tmwed
exciting! i wonder if this will set a precedent going forward for any other
software impacted by G2A’s very grey area tactics .i do believe there could be
a marketplace which facilitates swapping keys for other keys, setting aside
any monetary value and basing it on a persons perceived value of the game they
would like to play.

------
nelaboras
The thing is the developer already knew they were stolen and resold. So this
is likely just a tiny sample of what might be much higher numbers that go
undetected. The burden of proof in their model is basically on the developers.

~~~
dmurray
The developer knows which keys have been stolen _from the developer_ , i.e.
ones it has allowed to be used, but hasn't received revenue for, possibly
because of a credit card chargeback.

It doesn't account for, e.g. having your laptop stolen with the games
installed on it, or charged-back keys that were never used. But the developer
knows about much more than "a tiny sample" of the thefts that actually affect
it.

