: https://navi.gg/en/read/text/232-navi-prolongs-the-partnersh... (Note the logos on the uniforms)
Having quickly googled it, I've seen much criticism about their sale of grey market keys (keys sold cheaper to specific markets being sold to other markets) but those are legal. Many of the other criticisms are because some users are selling stolen keys, which puts g2a at the same level as Amazon or Ebay.
I don't think this has been a mystery to G2A and they've been at it for years / not been responsive to developers who have contacted them about it ...
G2A is fundamentally a consumer empowering type of market/organization, businesses who sell keys do not want their completely legitimately purchased keys resold, and if you don't think they are going to stoop to painting the people who enable that as horrible monsters, you have ignored the entire history of markets and PR.
G2A has a standing offer to pay devs 10x what any fraudulently obtained keys cost them, and they are making good on that offer here, the fact they are still being treated like some kind of mafia-esque organization in these comments says a lot about the power of PR.
Remember when the RIAA was coming out about the evils of used CDs and was asking congress to make their resale illegal?
We are at that point right now with digital goods, with the majority of people cheering on this blatantly anti-consumer bullshit and painting those that enable fighting it as scumbags
Now they simply (and appropriately) offer to repay proven fraudulent keys and chargeback fees.
G2A doesn't get much good press because many people empathize with indy games devs, and prior to this finding G2A loudly and broadly claimed that there were not stolen keys being sold through their storefront.
What matters is how they address it, and that is being completely ignored in these comments in favor of vague moralizing about the evils of consumer choice.
IMO this should be a congratulatory post "G2A owns up to their mistakes and follows through on their word" ...
But that was a genuine key.
PS: I just checked the listing you gave and yes - that is an OEM version where they clearly describe that you would need to personally register your copy over phone and that you can only use it for one PC.
It seems like you are at least partially wrong about them being generally a scam.
The reason they are so cheap is that EU laws protect the consumer right to resell things they purchase, and EU feels very strongly that this extends to software licenses. Most pre-built computers come with a bundled OEM Windows, which any EU resident can legally sell. Since a lot of computers bought by businesses, schools, hospitals, etc also contain Win 10 Home licenses, which are promptly replaced by whatever OS the site actually uses, and then immediately sold to someone reselling them, there is a healthy marketplace that has pushed license prices very low.
There's a full summary of the legal situation(in Polish, but I'm sure google translate will manage), with legal documents supporting it(it's actually been going on in early forms since 2000, but it's the ruling from 2012 that has cemented your right as a consumer to sell on software, regardless of whether the manufacturer allows it or not)
It would just mean that enforcing all terms of that license would be impossible.
Black market, hah.
Also keep in mind that in EU re-selling software is completely legal and that's where most of these keys come from(dismantled PCs, post-lease laptops etc). I bought a 100-user licence for Microsoft SQL Server 2016 for like $1000 because the company that used to own it went into liquidation and the assets were being sold off.
In a nutshell, fraudsters buy keys from the official Factorio store with stolen credit cards. They then sell these keys on G2A and Factorio gets charged back (+fees) when the real owners of the credit cards report the transactions as fraudulent.
Ouch. The charge back fee is as much as the item.
In a world of 12% commissions (ie. Epic Games Store) the effort to sell directly wouldn't be worth it and G2A wouldn't exist.
Epic has also recently enabled keyless integration with some 3rd-party stores eg. Greenman Gaming.
That doesn't match what I've heard before, do you have a source? This site says that there is no fee to generate steam keys to sell directly, and in fact, you aren't even allowed to mark down the price of those keys. You are actually required to pocket the commission!
They still had to eat the $20 fee per fraudulent transaction and deal with the pissed off customers though.
Blaming the banks here is akin to blaming the postal service because they delivered a bomb.
This raises the bar for theft and fraud significantly compared to the credit card system, where a simple copy of the numbers on it is enough to take any amount you want.
However, almost everybody I know never uses credit cards to buy anything. Everyone I know uses debit cards. With the rise of contactless payments there's an argument to be made that those are still usable, but it only takes a quick call to your bank to disable that.
All Dutch banks I've seen used online require at least SMS 2FA. Payment through mobile banking apps often do not, but the process of authenticating your phone with your bank is very cumbersome even for legitimate use. In my local banking ecosystem, digital fraud only really exists in the form of phishing. I don't think I even know anyone who's ever done a chargeback.
The credit card system is horribly designed and because of compatibility reasons (and fear of change) fraud is much more common than with banking like I'm used to. I use my credit card as backup on holidays and for paying on some foreign websites but I never feel at ease entering my card details. It's ridiculous how in this day and age credit cards are still so easy to abuse.
Why? Here in America CCs give fraud protection. Debit cards only after the first $50 after a fraud charge. Banks almost always reverse CC charges.
Because Europeans are weird about this, there isn’t really any reasonable explanation.
You can absolutely use a credit card online if you get the card number, date and those last three numbers on the back. No need for a pin there.
You can even use a stolen credit card these days in physical stores, because of the Contactless Payment on most new cards. As long as you don't spend too much, you won't need the pin.
Sane solution? For merchants, maybe. For consumers, no.
Authorisation is the system which verifies that you, the card's holder, authorised this payment. This is the part that EMV ("Chip and PIN") and lots of anti-fraud technologies are focused on, and yes its main purpose is to prevent you (though also the merchants) from defrauding the bank or other card issuer.
Settlement is the system which transfers money from your account to a merchant's account.
Authorisation is optional. If there is zero authorisation a settlement will still work, though there is some higher chance either the card holder later disputes it or the issuer decides it was fraudulent by their own methods.
Big merchants often just don't use Authorisation at all. Whereas if they didn't do Settlement they wouldn't get the money, not doing Authorisation just means it's harder for them to "prove" you agreed to pay, but they may find it just isn't worth fighting you anyway.
Knowing this you should read your card statements every time they're sent, in proportion to how careful you need to be about money (if you're Elon Musk maybe don't sweat any line item under $1000) because that's the first time you may find out that, for example a hotel in a country you've never visited has submitted Settlement data taking $500 for a hotel room you never booked. Mistake? Fraud? Who cares, if you don't spot it then you're out $500.
Yes banks may tell a jury in a fraud trial (against you, their customer who has been stolen from, convicting you of fraud means they aren't on the hook for the missing money) that only you should have known the PIN and therefore the jury should assume that your inability to explain how "someone else" had the PIN means you're lying. You will need a good lawyer and experts to explain that actually the bank's insiders can know the PIN (the bank will try to dodge this awkward fact, insider fraud at banks is common and banks would prefer you never think about that) and there are various means by which it could have been stolen that the bank doesn't do enough to prevent.
When EMV ("Chip and PIN") was introduced the main increase in fraud went like this: You hide a skimmer inside the PIN terminal, and it harvests card details (it could also harvest PINs). The terminals are supposed to have "anti-tamper" systems to defeat that, but they're trivially bypassed. Now, you can't use these to make EMV cards, but you can use it to make a convincing fake non-EMV card, and then use it in countries that haven't rolled out EMV.
This fraud mostly went away as more countries finished deploying EMV but other types replaced it. Some of these things are only possible because EMV is a typical "Hand rolled crypto" solution where nobody remembered to hire actual expert cryptanalysts to critique and revise the design before it shipped. Others aren't technical at all.
Hell, even having disposable credit card numbers that were locked to a single merchant upon first use would basically eliminate card fraud.
There are N+1 ways transactions could be improved, and each one probably has many reasons why "it can't be done". I don't feel like getting into all of that though, because it would take forever.
Does that also apply to online purchases?
What I don't understand is why banks and other financial organizations keep retaining G2A as a customer. Surely they must have hundreds if not thousands of cases involving G2A by now.
Merchant services providers do need some fees to accurately process chargebacks, and in the normal case it also functions as an incentive to make sure you perform transactions that you reasonably believe won't be reversed.
I imagine G2A is using a more fraud-friendly payment processor.
I wonder what the story is there, and I doubt those are the only companies capable of auditing.
It only really takes someone with a bit of technical expertise who both parties can trust. In this case you could probably find some enthusiast to do an excellent job for free. If Wube and G2A were able to agree the process was fair, that also seems good enough here - they don't need to satisfy a regulator or a tax authority, which are the main purposes of audits.
I'd bet that the sticking point in the negotiations was the cost of the audit.
Yes, definitely cost on that one.
I've always assumed that since I have money I can just walk into a hotel and pay "room rate" on the spot unless they're actually full, because why wouldn't they take the money? The advertised room rates are high, but in a pinch it's much better than sleeping under a bridge.
And then one night (after midnight) I arrive at my pre-booked hotel for the night and as I'm checking in an obviously drunk person in a tuxedo staggers in with a half-full bottle. He wants a room, he has cash, and I stopped for a moment to see if that works how I'd expect. It does not, the night staff tell the man their hotel is "full" (it's a quiet weekday night, fat chance) and so it's impossible to give the drunk man a room. The man tries arguing, displaying the cash, it makes no difference and he is escorted out of the hotel. Interesting.
London has an obvious excuse, three of the four are legally based there (the Big Four are all organised as groups of franchised firms, to reduce overall legal exposure, but they each have a group HQ and three of those HQs are in London). Even if you are quite sure they're committing billions of dollars of fraud (which I can't prove but you'd think a government might have the resources) some of those billions go into the UK economy via these HQs, so driving them away seems like a bad idea. The US doesn't even have that incentive, any replacement audit system would also spend a lot of money in New York and Washington as the current one does, but it could hardly be any more corrupt, so why not intervene?
1. Mr evil uses stolen credit cards to buy game licenses.
2. Mr Evil sells those game licenses on this marketplace to Alice.
3. Alice has paid her own money for this game, starts playing it, maybe buys a few in-game items.
4. The original card owner disputes the charges.
5. Now, if the game manufacturer disables the game remotely, they will take a PR hit from Alices vocal complaints on twitter. Yet if they don't disable the game remotely, they continue to loose revenue.
Typically the keys come from legitimate promotions such as the Humble Bundle, but purchased (as you said) with stolen card details.
Surprise surprise, the bundle sells 150 units, you make $5, and suddenly you have 50 copies of your game being activated everyday for the next year.
Just a note to indie devs out there: unless it’s a colossal site like Humble Bundle, all game bundles are scams. Ask them if they can return unused keys to you after the bundle finishes and they’ll suddenly stop replying. Legitimate sites have no problem doing this if sales really ended after the bundle did.
If the game is on sale in the poorer country, all the better for the reseller.
With the Internet, I imagine this is all very easily done.
Pretending to be an "influencer" so you get free press keys
Buying keys in a region with low regional pricing then reselling them in a higher region
Buying a bunch of keys during a sale, then reselling them a couple of months after the game is no longer on sale
Steam has lower prices in some countries. Factorio sells for the equivalent of $12 in India while it sells for $30 elsewhere. Most games are similarly discounted. That said, someone who buys it from Steam can't gift the game (or presumably extract a key) to someone in a different country. If you bought the game in India, only an Indian account can play it.
Notice that companies can do that with labor and buildings and tax evasion, and it's 'situation normal'... But when real humans try to, its bad and illegal and horrible.
Mindustry is a tower defense game with surprisingly deep supply chain, research, and crafting system bolted on to it. They're still very much secondary.
Factorio is a stupidly complex supply chain optimization problem, that also has an actual game bolted on to it, and some of the gameplay is tower defence related, sure (depending on your game settings).
They look similar, and both let you mine ore to turn into ammo for turrets, but the similarities end there. If you really enjoy the tower defence part of Mindustry, Factorio will probably seem like an overly complicated version of Mindustry that's not even as fun. If you're fine with the tower defense parts of Mindustry but you just really want to spend 6 hours redesigning your secondary copper smelter to iron out a throughput kink which is causing bottlenecks in your northwest electronic fabs, with flow on effects to your entire atomic energy program, then you'll love Factorio.
(Disclosure: I much prefer Factorio.)
Also, Factorio is quite moddable, and there are some interesting mods that make it even more insane, so there's that to look forward to as well.
If you're curious, I'd recommend giving it a try. If you're still cautious, there are a ton of really good streamers and lets plays on Youtube; they should give an EXCELLENT view of what the game is like and if it's "for you".
Finally, if you do like Factorio, I'd also recommend modded minecraft. Some packs focus heavily on massive, enormous research trees and automation.
Another comment mentioned this modpack:
If you want a concrete insane example, try Project Ozone 3.
Somewhat like Factorio, most modded Minecraft assumes you already know what you're doing so it can be pretty daunting for a beginner. Obstacles that come to mind (but I'm far from a beginner and may well have forgotten some):
JEI ("Just Enough Items" and predecessors including "Not Enough Items", "Too Many Items") knows all the "things" that exist in your game, and usually how to get them or what to do with them, but it mostly assumes you actually knew and were just looking for a reminder. I know I can probably make an electrum ingot by melting gold and silver ore in this TiC smeltery and waiting for the alloy to form, and technically the JEI says that, but chances of a beginner going from "I need an electrum ingot" to "I need to build a TiC smeltery" are almost zero without help.
Some "vanilla" Minecraft trivia takes on a great significance in most mod packs. Knowing how to make a "Cobblegen" (a structure with lava and water which produces one or more cobblestone blocks that when mined are replaced each time) and a "Mob farm" (a place where enemies are endlessly created and, perhaps later, killed automatically in order to get the "loot" they drop) are things you'll do in modded Minecraft that you may never have needed in casual play of the original game.
If it doesn't hurt your enjoyment, try watching a "Let's Play" of a pack you think you might be interested in. The nature of random seeds and different preferences means you will end up doing something different than what you see unlike in a linear narrative game, but you can pay attention to how the gamer you watch deals with problems you had, and you will likely see techniques you want to imitate or clues to how something you didn't understand works.
As to specific mods though (packs will usually advertise which mods are used, though the pack might change how they work or when you get access to them):
AE: Applied Energistics (these days most commonly Applied Energistics 2): What if instead of storing things in chests you had a storage network to keep everything in, so you can type "Gold" hit tab and see all the gold things you own? What if this network could also be used to automate crafting, now you can type "Gold" and it'll offer things you don't have yet but the network knows how to make from what you do have? Doesn't building and debugging this network sound like fun too?
RFTools: Everything should clearly be powered by electricity. Smelting, obviously, but also potion manufacture, planting and harvesting food and wood, creating and destroying enemies, making entire dimensions to explore...
Integrated Dynamics: Obviously under the hood Minecraft is just a bunch of data you could program. Some mods expose parameters (an RFTools machine with 4059RF that needs 5000RF to do something is exactly 941RF short) but many do not, however those details must exist. ID lets you dive down there. e.g. I have built a Predicate (a boolean function that given an input returns either TRUE or FALSE) that decides whether my Astral Sorcery crystals are "finished" or not and then that Predicate is installed in a machine that pulls TRUE crystals out of the liquid starlight they're bathed in for further processing. Astral Sorcery isn't a technical mod, but ID doesn't care, there's a data structure and so you can write a predicate to examine the structure and make decisions.
Extreme Reactors (previously Big Reactors): Just the fun "optimisation" part of managing a fission power plant without the explosions and deadly radioactivity (if you want those other mods can do that, I find dying in an explosion to be unsatisfying but each to their own).
As for what modpack, I'm not sure. I haven't played in a couple years and the scene moves fast, and plus, there's a lot of different types of packs. For example:
Some packs are tech focused, and expect you to start from sticks and mud and grind your way up the tech tree to create an enormous factory dedicated towards building a massive fusion reactor.
Others are magic focused, and instead want you to build elaborate alchemical labs, summoning circles, or similar.
Skyblock packs start you in a vast empty void, often on a single block of dirt, or a 3x3 block of stone, or on the branches of a single tree or similar, and expect you to build from there up to a "normal" endgame; generally there are special mechanics to help you do this (like being able to place barrels to collect water when it rains, or being able to sieve gravel looking for nuggets of ores), and often a quest system to reward you with key items by completing certain challenges. There's more work to do (you have to build the island from scratch, one block at a time, and there's always risk of falling off), but you have more control than if you just found a flat-ish plain and started building huts.
Some packs are "kitchen sink" packs that just have every mod the curator can find and get mostly working, focusing on changing the game as MUCH as possible.
Some packs are narrowly focused on a theme or mechanic, or have an actual story line. Crash Landing (https://ftbwiki.org/Crash_Landing) is a bit old now (but should still work fine!) and could EASILY have been a standalone game; it was a great story of trying to survive in a hellish desert after your ship crash landed and is one of my top 50 favourite games period really.
Some packs focus on making things hard. Their tech trees are aggressively deep, and your starting tools are sharply limited. These often contain GregTech (if tech focused).
Some packs focus on allowing creativity. Some mods let you create extremely elaborate base designs and decorations, or craft enormously powerful custom armor.
I'd recommend looking around the Feed The Beast (FTB) subreddit (https://www.reddit.com/r/feedthebeast/), installing the FTB launcher, trying out a couple recent packs, look at what packs people are chatting about, etc.
I haven't played any of these, but based on how things worked previously:
Direwolf20 1.12 Pack will be a middle of the road pack, and a popular streamer (Direwolf20) will have a very extensive lets play series of videos about it, so it's easy to get started.
FTB Stoneblock 2 is a reverse skyblock (you start in an infinite world of stone) with lots of quests and tweaks to make that work.
FTB Builders Paradise is more about building cool stuff than grinding out crazy tech trees.
FTB Continuum is just about grinding out crazy tech trees.
FTB Interactions is meant to BIG, well integrated, and since it has Gregtech, probably a bit slow.
There are many other packs (some of the most popular packs are NOT official FTB packs, but it's easier to find info on the current FTB packs), and many other launchers, and the above may not be right for you, but if you try a couple of those, and poke around the FTB subreddit, you should at least get a feel for what direction you'd like to go in.
Also, I highly recommend finding lets plays to watch at first; modded minecraft can be hard to get into because it's basically a series of new games, built out of mods, built on top of a hacked API, built on top of a sandbox game; there's a LOT of layers to the onion, and not a lot of documentation. :) Stuff like learning how to use JEI to quickly lookup items and how to craft them is critical when trying to understand a new modpack that might literally add thousands of items and recipes.
I barely slept for the next two weeks, I played something like 100 hours in that time, and kept going to bed at 7 am.
Luckily, I never played again after launching the missile, it's kind of lost its appeal after I saw the full tech tree and there was nothing else to research.
Thanks to modding, such a thing does not exist.
Bob's & Angel's is the most popular big mod. Krastorio2 is a recent 'vanilla+' offering that I've been enjoying a lot recently. The 'familiar but different' feel is very compelling. There are loads of smaller mods, but I've always like the modpack approach a la Minecraft.
It's noteworthy that Wube has unofficially supported the Krastorio2 modders. It demonstrates their commitment to the community, and was just a great decision all around.
My issue is that 15 years of using Steam have taught me to almost never buy a game unless it's on sale, and Factorio doesn't go on sale. I get they're taking some sort of principled stand or whatever, but honestly I am way more likely to buy a game listed for $40 that's "on sale" for $30 than one that's just $30. Hell I'm probably more likely to buy the game "on sale" for $32 or $33. Obviously this is a stupid psychological trick and I recognize I'm falling for it, but it definitely happens to me, at least where Steam is concerned.
SF is different in that as you explore the world, you can find alternative and perhaps more different recipes and combat against the passive monsters is entirely player vs monster.
That's not an audit, it's just deep introspection
An MVP Implementation would require Something to determine if a key was stolen. Let's just imagine it's something that keeps a Key tied to a given Order number, and can mark a key as invalid if there's a chargeback on the order.
You probably need another subsystem to periodically re-check the key if you weren't already doing that.
You'll also need additional CS / PR staff to deal with the eventual case of people who bought keys complaining and blowing your company up on Social media.
Pulling numbers out of the air, I'd guess that this would add 50-100k to the overall budget of the game. Possibly a high number but I'm assuming at least one additional staff member would be required to deal with the potential fallout of such a move.
But even then the catch rate would be limited; within the first 1-3 months it will likely be cracked anyway and your protection mechanism will be meaningless to the people who really want to steal your software. Assuming your thieves buy the keys day 1, it would likely take a good 2-3 months for the chargeback to happen...
Great factorio blog post on the topic:
It doesn't account for, e.g. having your laptop stolen with the games installed on it, or charged-back keys that were never used. But the developer knows about much more than "a tiny sample" of the thefts that actually affect it.