Digital key sellers and grey market administrators G2A have issued a new response (actually, two responses) to the developer tinyBuild over stolen game keys sold on the G2A marketplace. They’re a particularly disingenuous and inadequate pair of replies, full of efforts to distract and deny any culpability, and worthy of a little deconstruction.
First of all, it’s important to remember that G2A’s initial line on this affair was to directly blame tinyBuild’s distribution partners (Humble Store, IndieGala and others). “Honestly I think you will be surprised in that it is not fraud, but your resale partners doing what they do best, selling keys. They just happen to be selling them on G2A,” was what the company wrote in their first statement.
TinyBuild have subsequently confirmed that none of their distribution partners have done any such thing, in an update (Update 2) to their original blog post.
With that excuse invalidated, G2A then attempted to just blame tinyBuild’s store payment systems, in a response to Russian games publication Kanobu. “G2A does not hold any liability for vulnerabilities in someone’s billing system. We are sorry that tinyBuild’s shop was attacked and that it impacted their negotiations with G2A,” this statement reads. “… We also invite all developers and publishers experiencing problems with chargebacks to use our G2A.Pay payment solution for their stores.”
As a reminder from a the first G2A statement on the matter regarding payment systems: “It is also worth pointing out that we do not take a share of these prices, our part comes from the kickback our payment providers (sic).” Emphasis mine.
After blaming tinyBuild’s distribution partners and then blaming them for being the victims of credit card fraud in the first place, G2A takes a different approach. Here’s the latest statement, in which the company gives the indie developer a three day ultimatum deadline to provide a comprehensive list of stolen keys and takes several more shots at them in the process. Despite hiding some of its own accusations in co-operative language, it doesn’t exactly convey a legitimate desire to help.
The first Update on tinyBuild’s blog explains the difficulties and complications in simply revoking keys and keeping track of which games in a given batch are the ones definitively leaked or stolen.
“You have some keys which are legit from bundles, others from a bunch of fraudulent credit cards, and random keys scavenged from giveaways. These would be from at least 3 different batches. How do we track which one to disable? How do we ensure actual fans don’t have a bad experience?” they write, drawing reference to the fact that in cases where keys originally purchased illegally are disabled, it’s often the developer or publisher who takes the blame.
Indeed, this occurred when Ubisoft (initially) disabled a number of stolen Far Cry 4 keys trafficked through grey market sites like G2A in January 2015, but were forced to relent to public pressure. Ubisoft’s general unpopularity meant they lost that public relations battle.
In an interview with GameInformer, tinyBuild’s Alex Nichiporchik goes a step further, stating “Even if we did [hunt down every individual key batch] and deactivated certain batches, each one of them will have a bunch of ‘legitimate’ redemptions.” Nichiporchik has reached the point where he doesn’t even trust G2A to handle a list of keys professionally, and throws out a barb of his own: “Everybody knows their reputation, so why would anyone even consider giving them a list of keys to ‘verify’? I believe they’d just resell those keys and make more money off of it.”
It’s hard to blame his lack of trust. At every step of this process so far, G2A have attempted to shift blame and divert eyes away from the possibility of illegally purchased game keys passing through their marketplace system. Sales from which G2A indirectly profit.
First it was tinyBuild’s partners who were at fault. Then tinyBuild themselves for being the victims of credit card fraud. Now, in an effort to be “open” and “co-operate”, G2A have given the developer a three day ultimatum. One which they know the smaller developer would find difficult to impossible to meet without throwing out a few false positives. At no point do they even consider culpability for stolen keys passing through their laissez faire marketplace, or propose any longer term solutions besides the ones (G2A’s ‘Shield’ insurance, G2A.Pay) which transfer the cost burden to the customer, pull a developer into a ‘partnership’ with a grey marketplace, and contribute kickbacks to the company itself.
Their handling of this matter has been inadequate at best, and borders on outright duplicitous.