A lot of people have been asking about revoking keys. It seems like an easy no brainer solution – simply disable the keys that leaked or are being sold illegally. The problem with this is a bit more complex than you might think.
In short, there is no way to track which keys leaked and where. If I make a batch of 200 keys for a giveaway, and 50 of them make it onto an illegal resale site — I can’t cancel the whole batch, otherwise everyone who participated in the giveaway would have a bad experience of the game suddenly getting deactivated. This would leave fans upset, which is the last thing we want.
Take that into a more complicated situation. You have some keys which are legit from bundles, others from a bunch of fraudent credit cards, and random keys scavenged from giveaways. These would be from at least 3 different batches. How do we track which one to disable? How do we ensure actual fans don’t have a bad experience?
Large corporations tackle this by having a ton of people working on tracking smaller batches, but we want to stay small & nimble. This means automating as much as possible. And even if we were to spend a ton of time on micromanaging this, it wouldn’t solve the overall problem. Awareness of the general issue is what makes an impact.