The Helter-Skelter World of Video Game Piracy and DRM


Piracy has been an ongoing problem in the video games industry for decades.

With online piracy of all kinds having risen during the pandemic, what better time to take a look at how DRM has been used in the fight between the industry and pirates – and how genuine customers can sometimes be caught in the middle.

Those of an older generation may remember early attempts at anti-piracy: from adverts proclaiming “don’t copy that floppy” to codebreaker wheels supplied inside a game’s box requiring a specific code to prove you had actually bought the product. With the advent of CD-ROM gaming, anti-piracy measures amounted to little more than performing a ‘CD check’ to make sure a genuine copy of the CD was in the drive. This would prove unsurprisingly easy to bypass, with pirates simply writing “cracked” files; they’d take the original files and remove any code that checked for a disc.

As pirates became more adept at finding ways to bypass built-in securities, developers and publishers could no longer rely on catchy slogans, code wheels or a simple CD check to protect their revenue. This is where DRM comes in. But what is DRM, and why is it so important?

What is DRM?

DRM, which stands for Digital Rights Management, is a form of copy protection prevalent across digital media. It came to be, at least in the US, following the Digital Millennium Copyright Act in 1998 (the same DMCA that allows copyright holders to take down copyrighted content from websites such as YouTube) and is kind of a catch-all term for a set of controls that protect against piracy. When you buy a digital game, or movie, or music album, you aren’t necessarily paying for that product, but instead paying for a DRM licence to use it. That digital game you’ve purchased directly from PSN or Xbox Live? You don’t technically own the game, just a licence to play it. When you load that game, the DRM protection will attempt to verify that you do own that licence and let you play. If it can’t verify, you’re out of luck.

While PSN and Xbox serve DRM on consoles, it’s arguably a lot more of a controversial topic on PC. Most PC players will be familiar with Valve’s Steam game launcher service, acting as DRM itself with titles being bound to a player’s specific account, meaning no two players can play the same game from the same account at the same time. Further anti-piracy protections are provided through encrypted executables as well as features that pirates couldn’t replicate access to, even on cracked copies, such as achievements and cloud-saving. These days, Steam is so ubiquitous in the industry that it didn’t take long for other companies, such as EA, Rockstar and Ubisoft, to follow suit and develop their own launchers. But there was a time when Steam wasn’t the behemoth it is today – if you can believe it – so, for better or worse, other methods of DRM were used to fight piracy.


One of the most derided amongst the PC gaming community was Sony’s SecuROM. SecuROM took to video game piracy like a sledgehammer, effectively treating paying customers as if they were already guilty of something. It limited the number of times a game could be installed and verified, and required an online connection to periodically communicate with the server to keep playing (which in turn relied on servers being up and running properly).

This proved particularly problematic for the PC release of BioShock, which was originally limited to a Scrooge-like two activations before freezing the player out. Mass Effect fared similarly poorly, needing to be reactivated online every 10 days before consumer feedback forced EA to remove that feature. Even if the game was uninstalled, SecuROM would hang around on your computer making it more comparable to a rootkit than anything else, being so deeply embedded into the Windows operating system that it needed its own separate removal tool.

Despite its high impact and even higher inconvenience, SecuROM wasn’t infallible and still found itself “cracked” by pirates. Some developers took this in their stride, delivering unique payloads in their games specifically for cracked versions. Pirates of 2009’s Batman: Arkham Asylum would find that, should the DRM have been circumvented, Batman would refuse to do what Batman does a lot of: glide. This would make access to certain areas (and at least one achievement) impossible. And Rockstar released Grand Theft Auto IV with a camera that would swing wildly, as if Niko were perpetually intoxicated, should the game be pirated.

For The Witcher 2, pirates were in for a surprise when they found that the model of any character Geralt attempted to romance was replaced with that of Marietta (shudder) Loredo. Instances such as these would lead to pirates flooding message boards with complaints, only to be politely reminded by both developers and even their own peers that it’s probably best to actually pay for things. The message was clear: don’t pirate, or we’ll humiliate you.


But this wasn’t, ultimately, enough. According to data marketplace firm TruOptik video game piracy had cost the industry $74 billion by 2014. Enter a new contender in the fight against piracy: Denuvo, and its Anti-Tamper technology. Denuvo’s tech can be licensed out to game developers and embedded directly into the game’s code, with the company promising an average of “68 crack free” days while using the DRM. This 68-day promise is important, as Denuvo cites that the first two weeks of a game’s release can make up for 59% of a game’s entire revenue. While this claim is up for debate (games secure revenue in various ways, after all) the logic extends that if a game can be protected from piracy for as long as possible, the more revenue can be secured by the developer. The more revenue a developer retains, the longer they can keep their doors open and not get bought by EA.

On paper, this sounds like a good solution to an ongoing problem. If you’re playing the game legally – like you should be – you won’t have any trouble, right? While it is absolutely correct that you should pay for a game legally, the Denuvo method has received serious criticism for its implementation. For a start, the 68-day window has been reduced to near-enough 68 minutes in some cases, with games being cracked within hours of their release, and others being cracked within the first week. We’re going to have to chalk that one up in the “ineffective” column.

But the problems go deeper still. Denuvo’s website will tell you that there is “no impact on game performance”, yet there has been significant evidence to suggest the opposite is true. The PC releases of Tekken 7 and Sonic Mania both featured Denuvo which had a notable impact on the games’ performances. A similar fate befell Assassin’s Creed Origins, which used Denuvo alongside a lesser-known form of DRM called VMProtect. Due to this double-whammy of embedded DRM, players found that Origins would use around a third of their entire CPU when playing on PC. While Ubisoft would deny the DRM was responsible, there is evidence that removing the extra layers of protection notably improves the performance.

More recently, tech guru Richard Leadbetter of Eurogamer’s Digital Foundry outlet published a video highlighting that Resident Evil Village ran significantly better on PC when its DRM, which included Denuvo, had been stripped from the game’s executable. The intention to protect developer revenue is laudable, but you can’t help but think it is those who legally purchase a game that end up getting punished.

Denuvo continues to refute any claims that the technology affects game performance, but backlash can be difficult to quell once it gets started. Earlier this year, French developer Amplitude Studios announced that it would be removing Denuvo from its latest release, Humankind, ahead of launch due to impact on performance during the game’s testing phase. Two Point Studios, developer of Two Point Hospital, likewise removed Denuvo from its game less than one week after release and instead chose to rely solely on Steam’s built-in DRM protection. Denuvo’s Anti-Tamper and Anti-Cheat products were also removed from DOOM Eternal with many assuming, despite id Software stating otherwise, the DRM was largely responsible for notable performance issues. The PC version of the DOOM sequel had, bizarrely, already shipped with a separate, cracked Denuvo-free executable included on launch – though this would be immediately patched out by an update. While this was most likely an innocent mistake, it’s not a good look for anyone involved.

Consumer-friendly alternatives

As game development becomes more and more expensive, requiring larger teams and longer development times, it becomes all the more important for those responsible to secure their revenue. While Denuvo does have its share of relative success stories, even Denuvo itself admits that no game is “uncrackable”. What we’re left with is something of a battle of attrition. Games can have their DRM bypassed within days of release, so developers and publishers look for stronger and stronger methods of anti-piracy, which are then cracked, and so on. It’s a battle that, unfortunately, doesn’t appear to be going away anytime soon. What can a conscientious gamer, who’s looking to properly support a developer for their work but not suffer the negative impact of DRM, do?

You’ll inevitably run into some form of DRM at some point. It’s more or less unavoidable, on console or otherwise. For PC gamers, particularly for indie or older titles, your best bet is Run by CD Projekt Red, GOG is an online game store that offers its entire library DRM-free. You may not find every new release available, but its practices are much more consumer-friendly. If GOG doesn’t offer what you want, there are some DRM-free games on Steam (they can run outside the Steam client, though you’ll need to look at the Store page carefully before buying).

Either way, it’s still important to purchase games legally either physically or through a digital service. And if you do get stung with bad performance due to DRM, make your voice known to the developer – there’s every chance they’ll remove it.