Hi everyone,
Arman and WW contacted me a few days ago after this thread popped up... sorry for the delay in responding I've just been busy with the latest release.
I read through everything so I have some answers for things I didn't see answered yet:
1) play.goko.com/games/terms_of_services
this page never existed on play.goko.com and the URL was a mistake... the correct page (always been there) is:
www.goko.com/games/terms_of_service . Thanks to the people that pointed that out to us.
2) Tablet play is difficult on some devices:
the iOS and Android versions are in development. I've played them. Should be better once these are out. That said, when we first demo'd Dominion at Origins a ways back it was running in a browser on an iPad and people didn't have too much trouble. They had UI suggestions about the "buy" buttons in particular but for the most part it was playable fine. Once we have the native apps out for iOS/Android I'm sure we'll get a lot of feedback and we'll start adjusting those to suit.
3) This is pretty true:
"Yes, they rushed it. By rushing it, they didn't do due diligence on their server load capabilities or their JS-injection vulnerabilities. But I think it is understandable why they did so. There were lots of real-world pressures to show the community something cool... there was lots of crazy code to write for Dark Ages cards (which already had their programmers working double-shifts)... "
That said, we were running load tests... just the person at the time had designed them in such a way that they didn't expose the platform networking problem we had... and so when we opened the doors, that's what went kaboom. As I'm sure you're all aware, before we opened up to the general public again we not only fixed the problem but also went back and redesigned how we were doing the load tests and then fixed anything that got exposed by the redesigned tests as quickly as humanly possible. Those were some hard days.
4) Security
I addressed this one in another thread here on DS but just to make sure... we fixed everything that the security consultant found. We had him poking specifically at passwords, XSS, javascript injection, and the payment systems (again, we don't participate in the credit card/paypal/etc payment flow... most web sites that take payment don't... they use 3rd parties). He didn't find any major holes after we went through it ourselves and the issues that he did find were more about tightening up our policies around "Allow-Origin" for certain types of files, etc. I would call those more "preventative tweaks" rather than fixes for anything being exploited (which he wasn't able to do). As I said in other places, though, even the large companies like Apple/MS/Google/banks who have dedicated security teams have issues.
So.... all that said, after we opened up again I've seen threads or comments suggesting there's still some problem. In each case I've asked the person for specific information so we can verify. If there's something out there with security, we'll fix it immediately. So far, though, I think most people are just echoing the concern they had from the problem at launch (understandable) and aren't able to give us information about any currently existing problems. If you do know of any such problem then by all means email us at
support@goko.com .
Thanks!
John Q.