- June
Posted By : Adrian Chan
Repentance of a Spymaster: Lessons learned

Yesterday i posted an enthusiastic and embellished missive on the increasingly notorious game Spymaster. I was “in” and into the game at the time. Too much into it, some of you might say, but then I make social media user experience my business, and anything new and memetic warrants a test drive, at a minimum.

Later in the day, something odd happened. I sold a safehouse for the purpose of an upgrade to more distant and safer parts (Berlin to Rio). Funds from the sale didn’t appear in my dashboard. So I checked the link to the Swiss bank (which I’d not yet accumulated enough money yet to use). The bank showed 4.7B. Which I assumed must be the holdings of all bank members — for the number was too big for it to be mine. I checked with a friend, who said he had nothing in his bank account. Curious, I transferred money out. And there it was — tens of millions in my dashboard.

Thinking something weird must have happened — that i unwittingly gained the funds through an ill-fated assassination attempt on me by some extraordinarily rich player — I bought all the safehouses and loaded up on guns.

Well, it turned out that there was a player in the game who had figured out that one can transfer funds to oneself, and double their sum each time. After stashing away trillions, he transferred funds to members with accounts within a particular account number range (else he would have had to ask members for account numbers). Numerous unlucky players were quickly implicated in what the game authors called a money laundering scheme and player conspiracy, and after repairing the script bug that had enabled the hack in the first place, reset accounts to zero (and levels back to 1) for those involved.

An outcry went up on Friendfeed’s Spymaster group (launched to spare twitter from spymaster discussions, to allow those of us to talk game without upsetting our ungamely followers, and with all-good intentions, set up to help and provide feedback to the game authors). One of the members had posted a youtube video demo of how to transfer funds to oneself. The video suggested that players in on the hack get to work while it was still possible, and transfer monies to friends in the game.

Spymaster had caught this and taken blanket punitive action against all members with excessive funds. That discussion, well over 100 pleas, rebuttals, apologies, requests, not to mention a few epithets hurled and reprobations argued, can be seen at getsatisfaction, which ought to be renamed getdissatisfaction for the time being. The developers are in the process of eliminating bot accounts and restoring users to their levels (-1) prior to the banking fiasco. Kudos to them for not assigning culpability to users (most of whom were innocent, a few of whom exploited a script bug, and a small number of whom intended to game the game but probably not to ruin it for their friends). The blame belongs not with the user for something that was broke, and shouldn’t be placed on the user even for exploiting the bug. Responsibility for the game’s functionality clearly rests on the game’s developers.

But that’s about as clear as it gets. I’m “in” the game still and am writing this simply to process what happened and perhaps extract a few lessons and make a few observations. For they hold in general and apply to community relations, community management, and brand relations in social media. What’s fascinating to see in the reactions of users to the entire debacle is the diversity of responses. To wit:

Some of us have taken this as a matter of handling: the guys screwed up, there was a bug in the code, ok, the game’s in beta, but you didn’t have to reset our accounts! It wasn’t our fault!

Some of us have taken this as an exploitable game feature, a gameplay element that is not part of the game, but has become part of the game because a gamer decided to make it so — and that’s in the idiom of games (that are software based and sometimes imperfect).

Some of us have taken offense at having lost time and rank, and at having what we feel is a violation of our experience and personal investment.

Some of us believe that there is right a way to resolve the problem, and have offered suggestions along the lines of restoring user levels, funds, and stuff (some users even offer to lose some stuff, as if taking responsibility for exploiting the feature rather than pointing it out).

Culpability and responsibility, functionality, trust, rights, and handling. The user owns the experience. But the developers have authored a game/product. Who then owns it?

The notion of ownership, either of the experience and investment, sets up the claim to rights, based on trust. Users who feel violated claim rights to their own experience and insist that they are entitled to these rights. The claim implies that a higher authority governs the relationship of player/user to game/product, albeit one that is tacit unless stated in TOU (I don’t think spymaster had a terms of use agreement).

The notion of product/software/game sets up the notion of culpability, responsibility and is extended in the user’s expectation that the product function properly. Users who view the game as functioning/broken may then take the game’s corruption or instability as permission to include the malfunction in the game play itself. And attribute this perhaps to their own skill, domain experience, commitment, research, and so on.

The notion that a bug may be exploited at the game developer’s risk, and that a user is entitled to find and then make use of bugs, belongs to the notion that the idiom or genre of gaming involves a developer/player understanding: the rules of the game are transcended by metagame rules (some players who could be developers abide by a code of hacker ethics, some apparently not).

The notion of handling suggests to us that mistakes are forgivable, and developer/player relations negotiable, according to how conflicts and breakdowns are handled. In this case then etiquette, normative expectations, and authority may all be brought into the mix. Communication itself is how differences are resolved, and an agreement reached.

There are probably some other approaches to this, subversion being one, competition amongst developers being another. But the differences in user perspectives stood out for me. Who is responsible? What is proper and correct functioning? Who owns the experience? How are conflicts handled and resolved. What is the game — the game or the design of games?

The game authors stumbled but I want to say thanks for picking up the ball again, in what must have been a pretty thankless and exhausting if not also hair-pulling night of server and account maintenance, rescripting, microPR, and case-by-case user feedback resolution. For the record, I’ve posted my weaponry holdings here and ask that at some point they be returned to where they were before I began acquiring assault rifles in bulk. Same with safe houses. The maelstrom of misfits and mutineers you’ve just had to wade through is only testimony to your success with the game.

And whoever the hacker was who got everyone in trouble — kill him.


Leave a Reply