Inscryption and Privacy

I feel like I say this about everything, but to me the most interesting thing about Inscryption is something I haven’t seen anyone else talk about. In this case, it’s the story’s subtle commentary on how games have contributed to the casual erosion of privacy.

I can’t even be sure it’s intentional. The game doesn’t call much attention to it and I’m pretty sure I care about this topic more than most so I could easily be reading too much into it. But there’s still something interesting here whether it was put there consciously or not.

The details I want to discuss come from pretty late in the game, so here’s your spoiler warning. I’m about to go into late-game narrative and mechanical spoilers for Inscryption.

So, in what is commonly referred to as “Act III” of Inscryption, the game has been taken over by the character P-03. He restructures it into a sort of deckbuilding RPG in which you must beat four bosses, each of which has a mechanical twist that gets a bit meta or breaks the fourth wall. One has you adding new rules to the game, another has you taking photos of the game board, one has you picking files from your hard drive to power your cards, and the last makes use of your Steam friends list and internet connection to generate and exchange cards.

(I have to fight to keep myself from ranting about the ways the fourth wall breaks don’t actually work within the game’s story, because that’s a different post, but I will allow myself to raise this one question: Why does Luke Carder, who is very clearly the player character, have my hard drive and my Steam friends list?)

These sorts of gimmicks are par for the course in a Daniel Mullins game, but this time there’s another layer to it. At the end of Act III, it’s revealed that P-03 wasn’t sending the player up against surprising and unusual bosses for the fun of it. He was doing it to trick them into giving him what he needed to accomplish his plan and upload Inscryption to Steam.

In the game’s fiction, Inscryption isn’t a Steam game, but is instead found on a mysterious floppy disk buried in the woods. By uploading it to Steam, P-03 can distribute it to many more computers–which would be bad because (in short) the game is haunted.

To accomplish this goal, P-03 needs several things from the player, and every boss fight is set up to trick them into providing one of those things. Adding rules finishes the not-quite-complete game. Taking photos of the game board populates a set of screenshots for the Steam page. Accessing the file system lets P-03 gather the files for the game, and finally using the internet connection allows P-03 to upload those files to Steam.

The game frames this reveal as being about P-03’s motivations. The twist that matters is that P-03 is manipulative rather than trying to make a fun game and now he must be stopped. But what’s happened here is this: a game creator wanted to use a player’s data and internet connection for selfish purposes, and tricked the player into providing them by sneaking them into the game. And this is 100% something that actually happens. So I feel like there’s a genuine applicable lesson here about how maybe we should take privacy more seriously and not let games do whatever they want with our data? That this kind of trust is perhaps a bit misplaced?

The story does make it clear that P-03’s plan would have failed if the player hadn’t participated and explicitly granted file system and internet access, but once the reveal comes the game all but forgets the player’s role and complicity. This ain’t no Spec Ops: The Line or even Bioshock. It’s more about the standard horror trope of the protagonist’s curiosity leading to the evil’s release, rather than dwelling on the aspects of the metaphor that make it applicable to real life.

I’ve felt for quite a while that the market is far too lenient toward games that upload data to remote servers without consent or even notification, even when it’s for something as innocuous as a high-score leaderboard. Reminding players that you don’t know what else is being uploaded feels valuable to me.

But that leads us to the part that amuses me - on my computer, Inscryption did not have internet access! I run NetLimiter on my gaming PC, which lets me control which other programs can go online. I block every single program for which I don’t actively want online features, which includes all offline or single-player games (and leaderboards are not a sufficient reason to grant access). Just about every game I launch - whether it has any online features or not - immediately tries to phone home without telling me or asking permission, which just reinforces to me that I shouldn’t be gaming without a tool like this.

Thankfully, the actual Inscryption in real life is still perfectly playable without an internet connection (the game has a backup plan and just pretends to go online). But as much as I want to proudly declare that P-03’s scheme wouldn’t have worked on me - I have to admit that if I’d gotten to that boss and the game legitimately couldn’t be played any further without giving it internet access - I probably would have rolled my eyes and granted it. Thankfully, in the real world, games are not haunted and most data collection schemes are far less subtle.