Why Stop Killing Games Matters for Information Security Professionals

In 2025, an initiative called “Stop Killing Games” collected signatures to support inclusion of a proviso in Europe’s Digital Fairness Act to prohibit gaming publishers from disabling computer games that customers have paid for. The initiative garnered

Floppies, Floppies, So Many Floppies

In the dark ages of software, you paid a shop in return for physical media – DVDs/CDs, floppy discs, even tapes. Often this would be accompanied by some sort of key that you would enter initially to activate the software. This would usually not grant you ownership, but at least a license to use the software – generally in perpetuity. Failing all else, you still had the physical installation media, and if worse came to worse and a vendor went out of business, you could probably still install and use what you paid for.

You Won’t Own Anything, and You’ll Like It

Over the past two decades, software moved increasingly to first online license checking, then digital delivery via downloads or content delivery networks like Steam (or Gog, for a growing European alternative) for games – in line with a general trend towards “app stores” like Microsoft’s or Apple’s. In parallel, subscription and SaaS models such as Office 365 or Adobe, and drove the idea that not only do you not own software that you buy, you are actually only renting access to it.

This is a dangerous trend. Already in 2009, Amazon removed eBooks from customers’ Kindle devices in response to an intellectual property rights dispute. While users saw their US$9.99 purchase price refunded, the ability of a vendor to unilaterally, remotely nuke content that you had purchased, and were using or were counting on using is worrisome, to say the least, for reasons that are left to the reader to decipher.

Most end-user license agreements (EULAs) claim broad rights for IP owners, and drastically restrict options for recourse available to customers. Most EULAs are also incomprehensible to the average, reasonable person, long beyond the ability of that reasonable person to actually read, and depending on content and jurisdiction, not always enforceable. I suppose it doesn’t hurt to try, since few buyers will bother going to the trouble and expense of actually insisting on their rights.

Turning Off the Tap

As such, a SaaS provider can easily just disable your access to their website if you don’t pay your subscription fees. Or, technically, for any other reason – you may be legally in the right, but it’s up to you to sort the problem out.

Even when you have installed purchased software locally, anything requiring an Internet connection for software to function, such as for periodic license validity checking or mandatory software updates, makes users vulnerable to anything from technology failures and network outages, to publishers’ arbitrarily deciding to remotely disable their wares. Speaking as someone who’s been severely disappointed when wanting to waste time blowing up some stuff during a major network outage, “always-on DRM” (digital rights management) is an incredibly customer-unfriendly approach. I contracted a product/service, and my ability to enjoy it should not be subject to

This is especially a challenge for gamers, many of whom like playing older titles. A lot of modern games unfortunately require a live connection, and will not work without one – whether for purposes of DRM, or because it only supports online play. I’m old and cranky, and don’t often want to deal with screaming teenagers, so if I can’t play offline by myself, I won’t buy your game.

But what happens when a publisher decides a title’s no longer selling well and wants to turn off the DRM or gameplay servers, or goes out of business? The Internet is rife with “abandonware”. Stop Killing Games aims to force publishers to ensure continued access to software, so publishers can’t single-handedly decide to just cut off customers who have handed over their money.

This is Relevant for Technology Risk Managers

Gaming is a massive and growing industry, but probably not very relevant for most mainstream corporate software users or information security professionals. What does matter, however, is the idea of technology predictability.

Specifically, organisations must be able to know for sure what they have access to. Software in large enterprises has usually undergone a significant amount of risk assessment and testing. Introduction of alternatives takes time and money, and potentially introduces a massive rat’s tail of dependency risk. Users need to be retrained, file formats and APIs re-engineered, vendors vetted, the list goes on. Any such change is a potential vector for security vulnerabilities and instability. Worse, anyone who’s worked in healthcare or large banks will know the sheer amount of legacy systems still plugging away in a dusty cellar. AS400 and S/390 still have relatively large installed bases around the world…who knows what kinds of prehistoric commercial applications are still out there? How many of these are subject to some sort of remote “kill switch”, by design or unintentional?

Many CFOs and CIOs are drawn by the siren song of SaaS and cloud hosted resources – this is fine up to a point. Cloud services providers (CSPs) bear a whole raft of other issues – ranging from GDPR and DSA compliance for European users to geopolitical and jurisdictional challenges, for example when you want to sue someone for non-delivery of contracted services…sound familiar to the gamers?

Regulation plays a role in this. Specifically, regulators must ensure that users are protected from the vagaries of software publishers turning off something they’re using – whether because they decided you are going to migrate to a new platform (*ahem* Windows 11) whether you like it or not, or because the publisher went bankrupt. Stop Killing Games showed that end-consumers have a pretty strong appetite for legally mandated continued access to something they bought, regardless of license conditions, and that’s for games. Which are fun, or at least are supposed to be, not that you could tell by reading some gaming forums. What happens when we start talking about backend software in mission-critical roles?

The Final Word, Courtesy of the Free Market

Ubisoft has been particularly vocal and active in its hostility to customers. Per Director of Subscriptions (whatever that is) Philippe Tremblay in 2024:

“One of the things we saw is that gamers are used to, a little bit like DVD, having and owning their games. That’s the consumer shift that needs to happen,” he said. “They got comfortable not owning their CD collection or DVD collection. That’s a transformation that’s been a bit slower to happen [in games]. So it’s about feeling comfortable with not owning your game.” (source: Techspot)

In unrelated news, Ubisoft’s share price just hit its lowest level ever, having collapsed >90% from its height in 2018.

As Gabe Newell, CEO of Valve Software (who operate the Steam platform – which, while one of the least worst content delivery services out there, also has its share of problems with regards to customers’ rights) once put it,

“We think there is a fundamental misconception about piracy. Piracy is almost always a service problem and not a pricing problem,” he said. “If a pirate offers a product anywhere in the world, 24 x 7, purchasable from the convenience of your personal computer, and the legal provider says the product is region-locked, will come to your country 3 months after the US release, and can only be purchased at a brick and mortar store, then the pirate’s service is more valuable.” (source: The Escapist)

The Internet famously routes around failure. Companies (mostly) are a lot more shy about being sued for software copyright infringement than your average gaming enthusiast, so those who can’t be sure of having continued access to key resources they’ve paid for and come to depend on will look elsewhere for options. The risk of not being able to depend on your critical software functions is just too high.