Forgot your password?
typodupeerror
Security The Courts Games

Blizzard Sued Over Battle.net Authentication 217

Posted by Soulskill
from the did-you-try-googling-your-problem-first dept.
An anonymous reader writes "A man has initiated a class-action suit against Blizzard over a product used to shore up Battle.net security. Benjamin Bell alleges that Blizzard's sale of Authenticators — devices that enable basic two-tier authentication — represents deceptive and unfair additional costs to their basic games. (Blizzard sells the key fob versions for $6.50, and provides a free mobile app as an alternative. Neither are mandatory.) The complaint accuses Blizzard of making $26 million in Authenticator sales. In response, Blizzard made a statement refuting some of the complaint's claims and voicing their intention to 'vigorously defend' themselves."
This discussion has been archived. No new comments can be posted.

Blizzard Sued Over Battle.net Authentication

Comments Filter:
  • This is ridiculous (Score:5, Insightful)

    by synthparadox (770735) on Saturday November 10, 2012 @04:49PM (#41945427) Homepage

    Not only does the $6.50 help cover postage and pay for the dongle, its completely optional and Blizzard makes the app available to as many platforms as they can. You can even install the authenticator on a Android simulator on a computer.

    I'm in shock as to how entitled this person is. I honestly just can't fathom how he can claim that Blizzard "makes money" off these authenticators.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Shouldn't the $60 purchase price and (possible) $15 monthly fee "help cover postage and pay for the dongle"?

      It's not "completely" optional, use of Diablo 3 RMAH requires it and/or the mobile app, and if you don't have a phone that can run the mobile app, then the authenticator is the only way to use an advertised feature of the game.

      Blizzard does profit, however little, from the authenticators. Do you really think that they take a loss on them? Or that $6.50 is the magical round number that represents exact

    • Not only does the $6.50 help cover postage and pay for the dongle, its completely optional and Blizzard makes the app available to as many platforms as they can.

      Their authentication software is available for the two dominant phone os platforms, Android and iOS. That's it.

      Just to put things in perspective, the Google authenticator, which is open source (Apache license), uses open authentication standards, and which could be used for free by Blizzard, can also be run from the command-line on Linux, Mac OS, and Windows, in addition to iOS, Android, and Blackberry.

      You can even install the authenticator on a Android simulator on a computer.

      How convenient.

      First of all, Android doesn't really have a simulator, it has an emulator. It's slow. It's

      • by arth1 (260657)

        How convenient.

        First of all, Android doesn't really have a simulator, it has an emulator. It's slow. It's heavy-weight. It's not much of a solution for the average joe. Speaking as someone who works with it daily, I don't think the Android emulator is something that should be required for a consumer who wants to play a game he supposedly just purchased.

        It's also neither offered by nor supported by Blizzard.

        The availability of an unsupported third party product[*] does in no way lessen any onus on Blizzard to provide customers who fulfil the requirements on the box with what's otherwise needed to play the game in full. Including the auction house.

        [*]: An SDK and an emulator, the set-up of which is so user-unfriendly that I'm sure a majority of Blizzard customers would give up during the initial installation, to say nothing about actually getting softwar

  • Going nowhere... (Score:4, Insightful)

    by Anonymous Coward on Saturday November 10, 2012 @04:50PM (#41945433)

    Question #1 will be : "Did blizzard make you buy one in order to play the game, and are there any consequences to not doing so?"... "No, and No"...."Case dismissed"

    • by Rockoon (1252108)

      Question #1 will be : "Did blizzard make you buy one in order to play the game, and are there any consequences to not doing so?"... "No, and No"...."Case dismissed"

      No, and Yes. An authenticator is required for some aspects of some of blizzards games, such as the real money auction house in diablo 3. This requirement most certainly was not advertised during initial sales, but the real money auction house feature was advertised during initial sales as a selling point. In fact, you will find slashdot articles about the real money auction house prior to the games release.

  • by Firehed (942385) on Saturday November 10, 2012 @04:51PM (#41945445) Homepage

    Like TFS says, the mobile version is free. Just another moron trying to make a quick buck.

    My concern with blizzard's authenticator is that they seem to have rolled their own implementation rather than adhering to an open, defined spec (HOTP/TOTP). And like so many of these services, there's no good way to move it to a new device without disabling 2FA temporarily. People do upgrade their phones, after all.

    • by synthparadox (770735) on Saturday November 10, 2012 @04:55PM (#41945479) Homepage

      They introduced a "restore" feature a while back that allows you to migrate devices without removing two-factor authentication. Basically, you enter the restoration code into the new phone/device and both devices will continue to generate the same seeded code. This can also be used to extend the authenticator to multiple devices like having a smartphone and a tablet both generate the same code. This is just an ease-of-use feature, especially when sometimes you can't find one of the devices you installed your authenticator on.

      • by Cinder6 (894572)

        I actually had to use the restore code last night--it didn't work. The restore code itself worked, but battle.net still said the authenticator code was wrong. It was fairly trivial to get them to remove the authenticator (enter a code sent via SMS), but by then I had "too many login attempts" and had to wait a few hours. Frustrating.

    • by Roogna (9643)

      Not sure about if it's their own implementation or not, but it IS very easy to move to a new device.

      They provide a serial number in the app, and a recover code. Simply entering both on the new mobile device and you've got a clone of the original.

    • by arbiter1 (1204146)
      I forgot site off hand but there is software based one you can run on your computer as well that is free, no need to buy a keyfab or a phone that can run the app. software has optional lock down to 1 computer and password option's
    • http://www.wowwiki.com/Battle.net_Mobile_Authenticator_Specification

      I'll just leave this here. But feel free to continue thinking you know everything. Also check out RFC 4226 and 6238 and compare it with this wiki article. Enjoy!
    • by Nyder (754090)

      Like TFS says, the mobile version is free. Just another moron trying to make a quick buck.

      My concern with blizzard's authenticator is that they seem to have rolled their own implementation rather than adhering to an open, defined spec (HOTP/TOTP). And like so many of these services, there's no good way to move it to a new device without disabling 2FA temporarily. People do upgrade their phones, after all.

      How is suing someone a quick buck? Unless they cave and decide to pay you off, you still have to pay filing charges, lawyer fees (providing you got one), and wait for the court date. Seems quite a hassle to be considered 'quick'.

  • If they win this suit, I'm going after Google to pay my phone bills since they give me the option of using SMS based authentication to protect my Gmail account.

  • It's not mandatory, and it's a game. A service provided to you, and a limited version that's free to use. The security problem is inherent to all MMOs -- and Blizzard is providing a way for people concerned with hacking to protect their investment in the game, at a reasonable rate. These authenticator tokens often cost a lot more than the cost of a meal at mcdonald's in other industries. The guy doesn't have a leg to stand on. He max-leveled in idiot.

  • by Kenja (541830) on Saturday November 10, 2012 @04:58PM (#41945507)
    It is made by Vasco and is sold in large quantity orders for around 6.50$, which is the same as what Blizzard charges for it. The idiot in question is basicly claiming Blizzard sold 400,000 Authenticators at a 100% profit margin.
    • by LordLimecat (1103839) on Saturday November 10, 2012 @05:06PM (#41945559)

      at $26 million, that would be 4,000,000 at 100% margin, which stretches the bounds of credulity.

  • Sometimes free (Score:5, Interesting)

    by jklovanc (1603149) on Saturday November 10, 2012 @05:04PM (#41945553)

    A friend of mine got hacked three times. Blizzard sent him an authenticator for free. It costs them less to send the free authenticator that keep fixing his account.

    This is just someone trying to make money on a frivolous law suit.

    • by Rockoon (1252108)

      A friend of mine got hacked three times. Blizzard sent him an authenticator for free. It costs them less to send the free authenticator that keep fixing his account.

      What you are saying is that if they got $6.50 out of him instead of giving him the device for free, that it would have been an additional $6.50 in pure profit?

      Think about that for a moment.

      • No... what they were saying was that fixing the account and ensuring a continued revenue stream of $15/mo was favourable to him cancelling the account for want of a $6.50 one-time cost.

        While this is true for every account, and is an argument in favour of simply giving the things away, most accounts never get hacked, and they *do* simply give the things away to anybody with a smartphone. When they do get hacked, the labour costs for fixing the account are what makes sending the authenticator an option.

        It's n

      • by jklovanc (1603149)

        No,what I am saying is that Blizzard decided decrease their losses by spending $6.50 + S&H instead of spending much more every time he was hacked.

        The only way it would have been pure profit is if the got $6.50 out of him without sending the device. If the device was sent the profit would be $0 ($6.50 income - $6.50 cost of goods sold).

        People really need to understand the terms income, expense, cost of goods sold, and profit. It is a simple equation profit = income - (expenses+cost of goods sold).

        • by Rockoon (1252108)

          People really need to understand the terms income, expense, cost of goods sold, and profit

          "People" clearly includes you.

          You are buying a car for $20000. Just before you sign the agreement I run in and hand you a 10% off coupon. Thats $2000 is pure profit. It doesnt matter that the car still costs you $18000.

          If your friend had given blizzard $6.50 for that authenticator instead of simply accepting it gratis, its exactly equal to a $6.50 coupon that blizzard cashes in. Pure profit. A windfall.

          • by jklovanc (1603149)

            Profit is money you didn't have before, What you described is not profit it is less cost. The only person possibly making profit in the transaction you describe is the person selling the car and only if it cost him less that $18000. The definition of profit deal with the seller and not the buyer. It is a simple equation profit = revenue - expenses.

            This is irrelevant to the main conversation anyway. The premise of the suit is that Blizzard if profiting from the sale of authenticators and not that the plainti

  • Instead of taking personal responsibility for the security of their own account, they instead sue Blizzard. Blizzard CANNOT control the end user's computer (not as much as they wish they could, at least). Therefore, the security of your login credentials are the sole responsibility of the account holder. Blizzard can't keep your computer from getting infected with malware, falling for a phishing scam, or sharing your credentials with your little brother.

  • 1) Raise the price of the game client by $6.50.

    2) Include a "Free Authenticator!" in every box, or mail one to people who opt to download the client.

    3) Profit.

  • Suing over $6.50.... even with a complete victory he would probably end up with something like $.50 after the lawyers get their part. This must be somebody with too much time to waste.
    • by arbiter1 (1204146)
      you forget, its a Class Action suit, so he might not even get that much.
      • He's the actual plaintiff. If he wins (he won't) he'll probably get some ridiculously high number while everyone else are the people who gets nothing.

        Then again, he's not going to win this so it's irrelevant anyway.

  • I support it simply for this:

    He also seeks to stop Blizzard from requiring players to sign up for a Battle.net account.

    • by black3d (1648913)
      Why? How do you expect to play an online game without an account? Or do you seriously expect them to simply open servers up to the world, and rely on IP banning to deal with hackers?
      • by the_B0fh (208483)

        Did I say I expect to play online games without an account?

        However, I expect to play single player games *WITHOUT* a fucking online account, such as StarCraft 2 or Diablo 3.

        Further more, I expect to be able to play without having to RESET MY FUCKING PASSWORD EVERYTIME MY ISP CHANGES MY IP ADDRESS. This requirement is help push people towards authenticators.

        And real IDs.

        Make no mistake. This isn't really about authenticators, this is about collecting real IDs.

  • by kenorland (2691677) on Sunday November 11, 2012 @05:41AM (#41948549)

    So, the company did the right thing in terms of offering two factor authentication (I wish my bank would do that). They made it optional and made free apps available so that people aren't forced to use it. All of that is good.

    This lawsuit is frivolous, and the guy should not only lose, but have to pay court and defense costs.

Your own mileage may vary.

Working...