Dear Game Company,
Thanks for the great game! As you know from your numbers, people are, in great numbers, choosing interactive, virtual worlds like yours over static forms of entertainment like television. As you also know, as the customer's computing power increases, so will your budgets for creating even more compelling, interactive, immersive and content-rich worlds to pull them (and their friends!) even more deeply in.
This is a good thing. As is plastered all over research sites like this one (though it's not the only one; a person only need Google to find a plethora of research on the topic), the brain may actually be more active while sleeping than while watching TV.
However, there's a problem. Your game runs on an operating system (or systems, huzzah Blizzard!) that is also used to download keyloggers, which, in turn, can send a player's login name and password to a database on the other side of the globe, which can then be used to login to the game in order to steal the player's virtual currency, items, and above all else -- the time spent working for it.
Now, keyloggers such as these do not appear on CNN or MSNBC. They show up in "comments" areas of sites that provide anybody the ability to post their opinion on a quest, item, or something else pertaining to your game.
Some sites take action to prevent this kind of thing (like GP does, after having been burned once a couple years ago), but as everybody knows, your general channels in-game are filled with people asking questions and being answered with "look it up at ..." followed by the latest info site. These sites are popping up all the time.
Some of them, if you take a look at the juggernaut of RMT (real money transactions for virtual items/characters/etc., which is against the EULA in the vast majority of games), IGE and their Zam/Wowhead/who-knows-who-else networks, are merely different skins wrapped around the same core engine.
Some however, are start-up sites with little to no experience in the security realm, using open-source or other software with frequently exploited vulnerabilities, unable to protect their users.
Which of those two is a bigger threat is up for debate. Some of them might even be in place solely to gather game logins and passwords, even though the percentage of people using the same login and password on a web site that they do to login to their game may be quite small (as was the case for a specific forum site that was just for players on a single server in a single game).
By the way: if you're one of the game companies that has your users login to your official web site using the same credentials they use to login to the game with, you might be contributing to the problem. Just an FYI!
Now, let's consider possible reasons why people go to these 3rd-party database sites:
- The official game web site you provide does not have the data they're looking for.
- The official game web site is too hard to use.
- The official game web site is too slow.
Any one -- or a combination of -- the above would be enough to provide a niche market for these sites to exist.
Providing data on items, quests, etc. Open it up! Either you will provide the data, or someone else will. If you don't want to write an interface for all this, that's fine; provide it via an API and license sites you approve to use it. Require that they only send a certain number of requests to your servers over a given time period, so that you don't get hammered, and the licensed sites will then only need to build a responsible request/caching system. The licensing is there to ensure that sites you don't approve of, such as RMT sites, don't have the data.
The licensing is particularly important. Demand full disclosure of company ownership, including parent companies, and parents of parent companies, until you know who's really running things, at the highest level, for your licensees.
If the data comes from you, then third-party sites can only provide value-added features or integration with what they provide, that you do not. Using GuildPortal as an example, the biggest overhead outside of the hardware and people required to make it run, is the amount of support required for a relatively complex web application with lots of customizable options. Add on top of that the expectation that more features be added and the interfaces both for the administrators (guild/clan leaders) and members be updated to Web #.# standards as they emerge, and the additional support incurred by doing that, and you have something that goes well beyond the scope of what a gaming company's web presence department would want to -- or should have to -- support. After all, do you make a game and have a web site that provides info/support for it, or are you in the business of making games and also in the business of hosting web sites?
Our members are constantly asking us to integrate with 3rd-party sites to provide game-specific data. Usually, we can't, because we have a policy against any kind of integration or partnership with sites that are owned by or even advertise for (even through multiple levels of parent companies) RMT companies, since the very existence of their business is unethical -- they sell products and services that require the customer to break an agreement they've made, every time they login to the game.
So then, providing the data you have openly (with the only option being users needing to go elsewhere for it), with an API for sites you license (can we be one, pretty please?) to provide value-added content/functionality (again, using GP as an example, having an active guild web site that people can visit outside of the game does keep them engaged in the people they play with and the game they play), is the best option.
Mythic did it for Dark Age of Camelot, Blizzard did it for World of Warcraft, and Mythic is at it again with Warhammer Online.
Maybe they're on to something!