Setting up "remote work" configuration

Hi folks,

we are working on 3rd year project and looking to add some unity people from across the globe. However our investors do not allow us just to send the project to developers with only legal protection and do want technical solution as well.

Do you have any idea how the big companies approach this?

Variant 1)
Installing Unity on server, where a developer can login with SSO and his working sessions is recorded. Will this lead to significant slow downs for the developer? What software is used for min lag, etc. Is there some Unity solution?

Variant 2)
Some kind of "locking" particular parts of the project? Probably Unity doesn't have such feature.

Thank you

 

Through contracts & NDA's. I.e. 'legal protection'.

Potentially you can have people work only on small parts of the project, and submit those as Packages.
However, if they need to do gameplay-programming, bugfixing, etc. they'll need access to the whole project.

 

working through remote desktop would surely slowdown progress (each click has latency..)

is there some content that is specifically not to be shared, like 3D models?
then could work with dummy models or reduced quality models (remove sensitive info/details/accurate measures).

 

Тhe investors are not worried about graphic design, as the project contains only .PNGs, which don't produce intellectual rights, but even if they did - this is easy solvable with "waiver of rights" and financial claims cannot be made.

The biggest risk factor in their view is someone taking the project and selling it to another company, which can reskin it. Actually this happened for the 2 of top grossing mobile games, exactly by ex-employees. In this case NDA / "Waiver or rights" is completely useless, as no one can proof anything, at least without video recording. Actually I know for fact, that one of the most known studios for mobile games, during the pandemic used SSO + video recording for the remote employees, but I have no idea how they do it.

 

Even SSO + remote desktop doesn't prevent Copy-Paste and/or uploads.
So it's fairly useless.

This is why non-competes exist. So you can finish your project before it ends.

 

Al legal stuff work, only if they can be proven. In case of reskin of project by 3rd party, nothing can be proven, only with non-compete.

 

If you can show reasonable cause, you go into discovery. You then do a 'diff' of the codebase, and see how much they literally copied from your game.
Pretty easy to prove unless they completely rewrote the game from scratch, in which case you go into IP-law, where it becomes more murky.

 

Yeah I recently had to hook up a monitor to a local computer that I was accessing the video of through a capture card (Elgato 4K60 Pro) because the latency was high enough that it was basically unusable. I don't think I'd trust remote desktop which will be worse than my card was for anything requiring actual productivity.

 

The chances to make another company to open their "trade-secret", especially if it's based in US / EU, based just on non-compete is 0. Exception is if you have a "video" of the leak and still the required sum to start a legal produce would be applicable only for multi-million companies. Even if you were right, It's still not up to me, but requirement from our investors.

 

The chance to go into discovery, if they simply did a reskin of your game, is near 100%.
Because the game will function exactly the same as your own, but with different graphics. Any judge that sees that will allow discovery. Discovery will then show that they have the exact same code-base.

Your investors are searching for a technical solution to something that is in essence a legal problem. A disgruntled ex-employee can write down the code on paper, or take a photo with his phone. There is no work-around for that.

 

Plus it's trivial to reverse engineer a game made with Unity. If someone truly wants what you've made you can't stop them from stealing it using technical solutions. It will happen eventually even if that's after the game has launched.

 

As said, it's not up to me and don't want to enter more in this off topic. Our investors use very expensive legal services and have made their mind, that it's not enough.

As mentioned earlier, there are companies who do this for their remote employees, hundreds of them -- so there is technical solution.

 

The best you can do is record both the screen & camera of your employees. That's still far from fool-proof.
The whole world went through this in 2020. Including schools. There are countless studies & articles on this.

Cameras On or Off? It Depends! What We’ve Learned from Students about Teaching and Learning on Zoom | Faculty Focus
Remote Learning and Cheating: Professors and Students Weigh In | Teen Vogue
How college students learned new ways to cheat during Covid (cnbc.com)
Reports Of Cheating At Colleges Soar During COVID-19 : NPR
(PDF) CHEATING, ACADEMIC DISHONESTY AND COVID-19 DISTANCE LEARNING (researchgate.net)
6895d467-e96a-4ab5-ab0d-d5641fb98d52.pdf (researchsquare.com)
Clark Chronicle | How distance learning caused a cheating pandemic

There is no technical solution, since you cannot 'wipe' the memories of your ex-employee (at least not as long as they don't have NeuraLink). As @Ryiah has stated: Reverse Engineering exists as well.

If you cannot make your investors understand this, then you're not doing your job correctly.

 

Search for "remote desktop with monitoring". Tons of results that should point you in the right direction. Just be aware that the enterprise companies you speak of use enterprise solutions that come with enterprise licensing costs. So if you're expecting the same capabilities without being a "big company" you will be disappointed.

 

There's no such thing. If people can access your project, they can steal it. So work with those you trust.

Big companies approach this through NDAs. Remote desktop monitoring solutions exist, but in general they will not stop your remote employee from doing something interesting. They'll only allow you to see when it happens.

So if you want maximum security, you'd' need on-site employees and not remote ones.

 

I would start with employees, to avoid anything which may impose potential risk to the project. You can reduce rsik, by veting out candidates cvs and during interview process. Secondary as discussed, is NDA.
Make sure your employees are within your legal jurisdictions.

Code can be easily proved if is copied. As long as you found stolen application online.

Many legal battles did show, how people did copied parts or whole of the software, without changing even comments. And that still the case for large companies.

Your issue will not be employees.
People will revamp your game, as soon it gets popular enough and it is simple enough to do so. It Is matter of the time.

Perhaps don't make games, which are easy target to revamp.

Provide update services to your application, so your application is always better, than any clone. Provide support.
Validate keys with let's say steam.
Release torrent version, so your own torrent market for your game from early on.

Don't force people to record via camera at the desk. People has personal stuff and families. You may not be permitted to do so, and make thing inne very complicated for your employees. As well driving morale down. Anyone having access to git project, or Unity project, has access to your project. And that regardless they are remote, or physically in the office.

You can constraint who got access to what. If need to. But don't limit productivity of the project foremost.

Working remotely on remote machine is always slower. Imposes issues to the workflow. Potential problems with responsiveness during production and game play testing. Potential problem with certain key combinations not working. Network connection drop outs.
Cost of providing good enough machines, to work on. Which can be offset by choosing right employees, with suitable hardware. Vet the ones, which doesn't got suitable workstations for the project. Vet out employees with weak hardware, as it will impose cost of duration, for each made task.

Value employees and their running cost, of home office, as remote workers.

 

Your investors apparently know nothing about the creative digital media industry. I'm thinking you got the wrong investors maybe?

You cannot technically protect a digital development project, period. It's hard enough to protect digital content and doesn't really protect, it's just going to slow any interested party down somewhat or requires them to ramp up their tooling.

Safest approach, like mentioned above, is to require every employee on premises and secure the office and the office network in a way that it isn't trivial to a) plug in and write to a portable drive and b) upload content anywhere to the Internet. The latter essentially means you'll have to configure the network using a whitelist of allowed IP addresses and ports. You will have a lot of frustrated devs if you do that because a lot of things will be broken and require assistance by IT. Been there, done that, never again!

 

You'll still need to steal their phones when they enter, and forbid them from using pen & paper.
Oh, and never hire anyone with eidetic memory.

Better yet: Just never let them leave. Ever. Lock them in the building.

 

You handle this by having enterprise level source control and NDAs. On git you can add external collaborators to your project and control their access.

Simply put though there is no way not to "send the project to developers" because if you add them to source control, they will clone the project to work on it. There is no way for them to do remote work without actually getting the codebase.

So NDAs and then control access via source control. If your investors are against that, then they are literally doomed to fail as they dont understand the industry at all.

I have worked in major companies including for projects for Royal Navy, London firebrigade, and a variety of global service companies. Simply put, everyone handles this the same way with NDAs and source control. Ive never heard of someone saying "we cant give access to the developers" so as long as you explain clearly why source control + NDAs are secure, your investors legal team should come around. Again if not, doomed to fail as they dont understand the industry.

 

Also, don't forget explosive collars. (/joke)

 

MadeFromPolygons
Thank you for useful information!