Moral obligation to notify users of peer to peer networking?

Peer to peer networking can mean a few things to people, such as a single user acting as a host while everyone connects to that single host (Listen server), or a true peer to peer network where everyone is connected to everyone.
However, regardless of how you interpret it, there is a big flaw with users connecting directly to users, which is the sharing of your IP Address.
I am sure this isnt news to any of you, but someone having your IP address could lead to DDoS/DoS or even Doxing.
Understandably, this can be seen as a big security concern. Many large streamers by now probably use VPNs or something to hide behind so their true IP does not get seen, or just only play on trusted servers.

Like probably most of us here, our games networking is going to be some form of peer to peer, where we contact a server to show all of the current game lobbies that we can connect to, which would then send a request and then the IP sharing begins. You give your IP, they give their IP, and now you play with each other.
Safer ways of handling this would be either a relay server, or trusted dedicated servers.

When I was younger, I would play peer to peer games (pure peer to peer, as in everyone connect to everyone), and I dont think I really knew about the whole IP sharing thing and why or if it could be a big deal. Heck, there was even a hack in the game that would show in chat everyones general location based on their IP Address, and while I think that kinda scared me, seeing how it didnt show my actual address, I didnt care too much of it and still played the game.
Even now, as I am older and know more about these things, I would play the game, however, knowing about the concerns with IP sharing, I would be much more weary as to how I act to try and not cause any negative attention to cause someone to do something malicious such as DDoSing my IP Address.

So now, as I am creating my game and planning my networking, I start to wonder if I/we have some kind of moral obligation to warn users that their IP address is indeed being shared with other users, whether its just the host, or all users in the room.
While it might be nice and easy to just put a little popup the first time they play the game telling them about my networking… was there ever a game/program that warned the users about these things?
If someone goes on my game and sees this popup warning about peer to peer right before they enter a game room for the first time, they would probably be scared off. Whats worse is, theyll get off my game and never return, only to go to a new game or previous game that also uses some form of peer to peer networking! They just never knew!
Whether its core gameplay, voice chat, extra game stuff, general lobby details, etc… chances are the game you are playing uses some form of peer to peer somewhere!

Here are some Big games that have some form of peer to peer.
Click to show list

And the list probably goes on and on and on… and many times, as seen in some of those links, people are complaining about ddos.

This thought of needing to tell people to relax my guilt, only to have them get scared and run away to a different game that also uses peer to peer without them knowing, has been plaguing me for a while and I would like to see what all your thoughts on the subject is =).

Edit- I am also only targeting steam, so Id assume their terms should legally cover me for something like peer to peer (especially when their voice chat in steamworks sdk is peer to peer).
Of course I would put any legal stuff I need to in the probably 99% never read terms box =). The main focus here is should I make dam sure the users know that they are using a peer to peer networking, that their IP will be seen and could lead to ddos/doxing.

Forget moral obligations. You likely have a legal obligation here. No one reads the privacy policy anyway, but you still should spell this out there.

I forgot to mention I am targeting only steam, so I assume their terms will cover me legally, but of course I would put any legal stuff I need to in the probably 99% never read terms box =). The main focus here is should I make dam sure the user knows that they are using a peer to peer networking, that their IP will be seen and could lead to ddos/doxing.

Is there a reason the IP address needs to be visible? Why not show their Steam name instead?

There IP will not be displayed in game, but people could sniff the packets easily to get the IPs.

To see what I mean, look at this network analysis of ubisofts recent new game For Honor and how all the players IPs are seen.

Go to around 10:00

https://www.youtube.com/watch?v=tAU5bIalbnc

Forget notifying anybody… given that you’re aware it’s a source of troubles with existing titles, and you’re aware of alternatives, I’m wondering why you still consider peer-to-peer a valid option in the first place. (The other problem with peer-to-peer is that you better be very sure you guard against other typical vulnerabilities in any publicly accessible endpoint. DDOS is annoying, but nothing wrecks your day like a buffer overflow.)

I’d make it clear the game uses p2p instead of dedicated servers on the store page, so that buyers can make an informed purchase decision. I think the responsibility to be aware of the implications and potential risks of using p2p online technology falls on them.
But kudos to you for even considering it!

The alternative probably is either unviable or too expensive.

Because any other option would cost money, of which I do not have. I can only assume the big titles also use peer to peer for money reasons.
(and I dont want this to turn into a business model discussion such as “if your game cant make the money to run the servers than you need to think of a new business model”)

Also, as far as I know, many of the unity networking options are listen servers, where you have a player be a host and all players connect to that host. That is a form of peer to peer. If its not a valid option, why is it used so much and even built into the engine now? Unless if you were talking specifically about pure peer to peer, which isnt really the concern here, its the concern of players seeing other players IPs.

I was planning on talking about it on the store page as well as one time in game. The game is planned to be free to play (with microtransactions) so I feel it isnt too necessary to warn on the store page in this case, but figured Id talk about it anyways.

The idea of only mentioning that the game is peer to peer, while not mentioning any of the risks of peer to peer and letting them search it on their own, is one option, but it doesnt calm my guilt, so I am not sure =), but that would probably be the very least that I would say.
My game is waaaay far from complete, but having ubisofts For Honor be released and seeing people talking about their peer to peer networking (which is a pure peer to peer similar to my goal network model), just made me start thinking again about this subject.

P2P like any other architecture has it’s pros/cons. While it’s important to be aware of it’s risks it’s not like it doesn’t have it’s benefits. Obviously disclosure should be done.

Cons-
-IP addresses are given to users that connect to one another. It is a minor concern but there are plenty of places where this gets divulged as well. Games that run analytics the devs will have the IP, websites that you visit will have the IP, etc.
-NAT will prevent some users from connecting with eachother. NAT traversal techniques will help some but not others.
-no central server means cheating is easier since you can’t just ignore bad data as easily

Pros-
-No expensive hosting needed.
-Users can have lower ping and play with eachother in their region better. While big companies do have hosts on all continents, even then its usually a decent distance away from some which is not ideal. As always the lower the ping the better.
-no central server means no place for a DDOS attack to take the entire game environment down. If you compare downtimes for xbox live on 360 vs xbox live on xbox one you will see this very easily. P2P networks have no central point to target so users can still play regardless of what various groups are targeting Microsoft, Sony, or Valve.

So you believe all games/program that use any form of peer to peer should notify the user? How much should we say though? Do we say just that we are using peer to peer, or also that peer to peer shows your ip address to other users who can potentially ddos/dox.

Also, I think the central point to target in a P2P system would be the matchmaking/lobby servers that users use to find game rooms to connect to, but since I am using steam, I assume that shouldnt be much of a concern to me.

Its not like we should go around warning everyone of every little thing that can happen with every little thing we do, but since ddos/doxing seems to be a big thing in gaming, I just feel there needs to be a warning, but at the same time I dont want to scare people off.

Your privacy policy is the appropriate place to make disclosures. To be honest even though people should always be educated most just don’t care. The specific risk of ddos or doxing is present everywhere in the world we live in now. People visit tons of websites, play free games that mine their info for analytics, etc.

To be specific if an end user was targeted for DOS the effect would be minimal. Usually they have more than one form of internet (home and mobile) would call up their ISP and get a new IP. Doxing is more serious but it falls into general privacy that while most people care about it, it’s eroding everywhere. Time and again if people are given fun free stuff, even if they know it’s essentially selling their privacy they’ll do it. They’ll tell you it concerns them but then there behavior will tell you it doesn’t concern them enough. Older people on average are ignorant but younger people aren’t and they still do it. Scaring people away can certainly happen so don’t put it in bright lights but people already have 10 plus things that are making vulnerable to doxing. Privacy policy is the place to put it.

Very well put.

I would argue though that in some cases people don’t have a choice. I mean literally everyone and their grandma is on Facebook. If you want something like Facebook but without the lack of privacy then you don’t have many other options (I don’t know of any).

Personally I became quite concerned about my privacy and being tracked online recently. Over Christmas I deleted Facebook. What concerned me was the realization that I may feel as if agreements to share my data to companies are isolated, but in fact all of these companies sell this data to each other. If you have enough info from as many different sources as possible it becomes possible to assemble a ‘profile’ of who is who. To me that is very scary. People say you shouldn’t put things online that you wouldn’t want others to know. If someone you know or you are investigated (or hacked) then those things can come to public light. Its important to realize that you don’t know everything about the people in your life. If they do something criminally stupid, then it is out of your control if suddenly you find yourself being questioned or investigated. Then all the things you’ve done which may be embarrassing or detrimental to ones reputation can come to light.

You cannot live in this modern age without the internet. The UN has pushed for access to the internet as a basic human right. To some extent I think the same goes for certain services. One cannot live (or at least have the same experiences) without some of them, because they are everywhere and everyone uses them.

I would estimate that some people truly don’t care. Others might care if they had a real idea of the implications of selling their data.

I don’t think it’s an accident that there isn’t a real choice. Anything that deals with social media requires critical mass. If site 1 has nine out of ten friends and site 2 has six out of ten site 1 will win. With that distribution site 1 would win even if it was a worse website.

Cost comes into play and to get 9 out of 10 people “free” is the only way to achieve that. If you had to pay something even if it was really small you aren’t going to get 9 out of 10 people. It’s just another way of saying that while people will say that they care more about privacy than cost, their behavior fairly clearly says that most care more about cost than privacy. This essentially forces any up and coming social network to be “free” so there is no choice because if it’s “free” we know what business model they will be adopting (data mining plus advertising). The fact that there is no alternative to actually pay is essentially “chosen” by the public because that is what the majority cares more about. This is only a requirement of things that require critical mass but even in areas that don’t the “free” option is usually much bigger than the alternatives (but at least they are possible) but the size of the market share shows again that people usually prefer “free” over privacy.

Just ads are possible without data mining, however when you combine them the profits are a lot more and obviously that drives the decision.

I’d say you have no moral obligation to notify people of using p2p protocol.
You probably also have no legal obligation to do that.

This is a technical detail about your game’s operation protocol, and in general a user wouldn’t want to be bothered with it.

Someone who wants to ddos/dox another player represents a tiniest minority of player base, so annoying every player because of one idiot possibly existing is not a good idea. I think a lot of fighting games operate on p2p protocol and nobody really cares.

Indeed. I think fighter games (like street fighter) are always peer to peer since its usually (always?) just 1 vs 1 and connecting directly to the player can be faster than alternative methods. I think this is the same reason ubisofts For Honor game uses peer to peer, since its somewhat like a fighting game except sword based (but I think its 4 vs 4). Though not needing to pay for dedicated servers was also probably a big factor.

However, I am not sure if the players dont care about the peer to peer, or just dont know why they should/shouldnt care.
I wonder how many people actually know about this IP Address business.

The way I see it, if your goal is to make games, it is not your job to teach people network security. It’ll take some time for some people to wrap the head around idea that connecting to something makes your address known.

…Aren’t dynamic IPs supposed to be common anyway? Changing IP address is often a matter of rebooting the router.

This happens with literally anything you connect to. It’s how the Internet works.

Does your web browser come with a disclaimer that it tells servers your IP address?

I understand that the distinction here is that the IP address is given to other users rather than just the service provider, and it is good that people are starting to consider these things these days. In an ideal world I certainly don’t think we should have to explain this to people since it should be common knowledge to Internet users that, yes, to communicate with each other computers need to identify themselves to each other somehow. But, this isn’t an ideal world, and people are rightfully becoming more aware of privacy and online security issues.

The main concern here is Doxing. DDoS is bad, but that would mainly be bad for me/my game since people that keep getting DDoSed would just stop playing.

I guess another way to ask the question is…
If a game had the town you lived in displayed in the scoreboard for everyone to see, except only you couldnt see it so you never knew of it showing, would you want to be told?

Maybe I don’t understand this because I live in a country where dynamic IPs are the norm, but how does one get doxxed just from someone knowing the IP?

I dont think dynamic IPs have anything to do with it. From what I know, dynamic IP just means the IP you have now could change later, which is great for getting out of a DDoS, but when doxing someone, you must immediately check where the IP leads to in the world since the IP could change later.

As far as I know, you usually cant just Dox someone based on their IP. I read how someone was able to social engineer their way into getting someones full info based on their IP by contacting their ISP provider, but that probably wont work most of the time.
When doxing, they gather any info they can get.
Lets say someone is trying to dox you in the game, they grab your IP and now have the town you live in. Thats not enough info, but its a great start.
Now they might check your in game name and scan the internet for anything with a similar name, or try to see your email address or anything that might lead to a real life name.
If they get a name, they might be able to maybe look into a phone book of the town and find all with your name. Probably lots of people, but they are still getting closer and closer.
With enough gathered info, they could possibly not only pinpoint your home address, but your phone number and what not.

Keep in mind, there are many sites online that help with all of this.

Of course, probably not many people are going to bother doing this if your some nobody on the internet. However, in a rage inducing game, such as Call of duty, it could be kinda worrying, but even so, probably nothing to really worry about.

I can see how theres not really an obligation to tell what exactly goes on with everything.
For example, some people viewing a website might not realize a image on the page could potentially hold virus code. Now, do we go warning everyone on our site about this? Sure the virus code is meaningless unless something actually executes that code, or there is an exploit with your image viewing software, but are we obligated to warn them before we display it? Probably not.

Actually, I think I read a while ago that when viewing google images, when you click an image to enlarge it, you are actually now connecting to the website that the image is from. Meaning the website could now be talking to your browser trying to do malicious things without me knowing. I always thought that as long as I dont click the “Visit Page” button, that I am not actually visiting the website, but I guess not.
Should google have warned me? Well honestly, I kinda wish they did, but I guess the real question is, am I now going to just stop clicking the images? Probably not, though I might be a bit more cautious.
(I am not 100% sure about this though as I did not test myself)

Ill probably just end up saying the game is peer to peer and leave it at that, but that doesnt make me very happy o.o