Please create an account to participate in the Slashdot moderation system


Forgot your password?
Privacy Games

Activision Blizzard Secretly Watermarking World of Warcraft Users 272

Posted by timothy
from the information-theory dept.
New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."
This discussion has been archived. No new comments can be posted.

Activision Blizzard Secretly Watermarking World of Warcraft Users

Comments Filter:
  • by gl4ss (559668) on Tuesday September 11, 2012 @09:25AM (#41299447) Homepage Journal

    it's a pretty far done troll if so, if you read further to the thread(there was some disassembly from mac client).

    (it would be entirely feasible that they remove the watermark at full quality.. because it would be obvious then).

    this is blizzard we're talking about after all. (I don't think jpg artifacts would position themselves like that, not on any of my pron pics anyways)

  • by Anonymous Coward on Tuesday September 11, 2012 @09:29AM (#41299495)

    Has anyone actually done some work on the quality 10 screenshots to ensure that the pattern isn't actually still in the structure of the file?

    It was my understanding that digimarc's tech was supposed to make their watermarks essentially invisible to the human eye, and perhaps it is a biproduct of lossy compression that's actually showing the pattern on lower qualities.

    Has someone taken the eye-dropper tool to a large section of a quality 10 screenshot to verify that there aren't pixels that have a different color by even one bit?

  • Re:Other games? (Score:3, Insightful)

    by Teancum (67324) <robert_horning.netzero@net> on Tuesday September 11, 2012 @09:39AM (#41299673) Homepage Journal

    Internet Explorer is indeed a game. It is just a game played at a higher level and you are unwittingly a participant in that game acting as a pawn. That you may or may not actually be using that software is itself a part of the game.

  • by fuzzyfuzzyfungus (1223518) on Tuesday September 11, 2012 @09:56AM (#41299951) Journal

    The difference with digital camera watermarking is that EXIF is a (not always obvious depending on the UI, and sometimes less standard that it ought to be) standardized metadata storage system. The internet is rife with amusing mistakes made by people who don't know about exif and upload anyway; but that's a UI/user problem. The fields are well known, easily viewed and edited with commonly available software, and not designed to be covert or strip-resistant in any way. Some imaging devices are, quite arguably, excessively chatty by default, and that is a legitimate concern given user ignorance; but there isn't anything sneaky about the technology.

    Watermarks, at least in this incarnation, are designed to be covert, strip-resistant, and are not intended for the creator of the image to be aware of.

    This is a 'prisons and fortresses share certain architectural similarties; but do not share purposes' situation...

  • Re:Why? (Score:5, Insightful)

    by Empiric (675968) on Tuesday September 11, 2012 @10:27AM (#41300331)

    "This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time."

    And, without a password to go with that user ID, none of these are what one should reasonably consider "personal" or "sensitive" in the first place.

    IMHO, in terms of privacy concerns, this is a non-story. Simply presenting it to Slashdot as a neat graphical hack would make more tinfoil-free sense.

  • by Anonymous Coward on Tuesday September 11, 2012 @10:53AM (#41300667)

    Some years ago I developed my own steganography techniques and those pictures reminded me of that.
    You only need such patterns to encode information in lossy formats due to the compression artifacts. If you use a lossless picture, where every bit of every pixel is perfectly preserved, there are much more efficient ways to hide any information in the picture.
    Most likely the TIFF, PNG and other lossless formats contain the same information or even more, just encoded in a different way.
    So, if you want to avoid leaking your account details, save screenshots in a lossless format and then convert it to a lossy format.

  • Re:Ouch (Score:4, Insightful)

    by theArtificial (613980) on Tuesday September 11, 2012 @12:13PM (#41301981)

    A megacorp acts like an asshat and reveals personal data online via photo watermarking

    Personal information []?

    Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

    The embedded IP address is the IP address of the server you're connected to. IP addresses are not personal information. The account name is not personal. If I follow this logic your email address is personal information, and so is your license plate? From their terms of service:

    I've come to expect ALL megacorps act like asshats nowadays. It's a challenge to find one that doesn't.

    What do you expect, they're made up of people. I can see this really impacting someone who signed an NDA not to disclose things which they willingly agreed to in the first place. I'm sure you've never played Wow for any period of time because if you had, you'd realize when updates happen to their Terms, they present them to you and require you scroll through them and agree to them before you'll be able to access the game. I don't have some hardon for Blizzard but none of what they're collecting is personal.

  • Re:Ouch (Score:4, Insightful)

    by theArtificial (613980) on Tuesday September 11, 2012 @06:29PM (#41306945)

    Yes, I consider those things my personal details, along with my street address, phone number, bank account number, etc. etc.

    Something interesting about public information and personal information [] is it varies from jurisdiction to jurisdiction. Email addresses are used by both individuals and businesses. In the case of politicians or when requesting public records, in many situations emails are public knowledge. Not to mention many email providers provide indexes listing their members which are opt in. Your address is public knowledge as well as personally identifiable and is even listed on the side of your house and often times painted on the curb out front, and probably listed in a phone book. Look out Google Streetview! Your phone number is public knowledge and personally identifiable. It's also spread around when/if you: sign up for any discount memberships through a supermarket, opened a new business, registered a domain name (without the 'privacy guard').

    Besides the financial information, it's a legal question and depends where you reside.

Any sufficiently advanced technology is indistinguishable from a rigged demo. - Andy Finkel, computer guy