Hamster Kombat, a recently released tap-game in Telegram Messenger, raises significant discussions regarding its safety. Investigations show that its origins and network assets belong to Moscow, Russia. Local laws of the country suppose all the user data should be kept locally, and provided to Russian law enforcement agencies on demand, meaning that any participant is exposed to Russian Federal Security Service (FSB).
What is Hamster Kombat?
Hamster Kombat is yet another tap game that works internally in Telegram Messenger. Main target of the game is to earn virtual currency that may further be converted into cryptocurrency. Developers of the project claim listing the corresponding token in July 2024, converting earned virtual tokens into crypto. That is not the first game of its genre: Notcoin tap-game definitely has been an inspiration to Hamster Kombat.
Based on The Open Network (TON), a blockchain network of Telegram Messenger, it has the similar principle of action. Users tap on the screen, complete different tasks and increase the “profit per hour” stat. Actually, the latter is determinant for the amount of new tokens that the user will receive upon listing. But where does all this generosity come from?
Hamster Kombat Raises Concerns Over Russian Origins
Last week turned out to be disastrous to a seemingly innocent Hamster Kombat game. Quite a few newsletters, mainly ones from Ukraine, published detailed analysis of the game, tracing its roots to Russia. And it is hard to argue with their observations: the official website of the game, hamsterkombat[.]io (scan report), is registered in Moscow, the capital of Russia. The site itself, at the same time, lacks any details about the developers, with all the corresponding data being wiped from the domain reports.
The problem here is the law the Russian government passed back in 2015. It implemented a mandatory demand to store all the user data, and provide law enforcement access to it on demand. Effectively, Russian security services can get access to the data of Hamster Kombat users, any day, any minute.
One more problem here is that the game itself lacks privacy policy. Users register using their phone numbers – that, together with the username, is the minimal amount of data the program may access. At worst, Hamster Kombat may collect the entirety of user data – from the list of contacts and device’s gallery to location with regular updates.
What is the problem?
You may ask a rather logical question – what is the reason for all that fuss? Almost all big tech companies in the US and Europe collect user data to a certain extent, and ocassionally collaborate with law enforcement. Memes about Mark Zuckerberg having user data for breakfast would not appear out of nowhere, right? Well, there is an explanation.
The alarm about Hamster Kombat’s origins was mainly raised by Ukrainian media, as a warning for all Ukrainians against participating in the game. Immediately after the game was launched, a huge wave of advertising started in Ukrainian Telegram communities. Considering the Russian origins and absence of any declared limitations on user data collection, the concerns are rather realistic. The war between two countries is ongoing, and big data about Ukrainian citizens may be as valuable as reconnaissance data from profile agencies.
This bears resemblance to the theory about Pokemon GO being an undercover spyware that may uncover military bases and top secret objects. Users supposed that the game algorithm could have put rare Pokemons in the places where people don’t typically go. Military-related objects, at the same time, are exactly the places where you won’t typically expect crowds to appear. While a lot of people called it a conspiracy theory, it makes much more sense than most of the other ones.
The data from Hamster Kombat is unlikely to reveal military bases. However, considering all I’ve said about the Russian origins and laws that allow special services to access the data, it may still have a great value.
Is it safe to play Hamster Kombat?
The promotion of the new tap-game started spreading in Europe and English-speaking countries only recently. It will most likely become more intensive with time, as such projects always rely on scaling the audience. Thus, the security questions touch these countries as well.
From the data security perspective, I would not recommend playing Hamster Kombal. That is, of course, unless you’re OK with sharing potentially unlimited amounts of personal data with the country internationally accused of sponsoring terrorism. But politics aside, the aforementioned law allows for almost unsupervised access to user data. It may still be valuable for spamming or for sale on the Darknet
But without data safety concerns, the project looks more or less legitimate. It does not require any sensitive info – SSNs, ITINs, payment info, so you are not risking anything that may harm you personally. Newly minted tokens may sometimes soar in price pretty significantly, thus it can turn into a rather profitable investment. If you would not mind spending quite a lot of time tapping your smartphone’s screen, of course.
