Activision Blizzard Secretly Watermarking World of Warcraft Users 272
New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."
Other games? (Score:5, Interesting)
Is this known to be the case for any other games? IE: Diablo III?
Ouch (Score:5, Interesting)
Ouch. That's gotta hurt. I think there's a case for even places like the EU commission there, if people are unknowingly distributing other's data.
That said, I don't really care because I've never touched WoW. But, yeah, I can see the problem. 4 years of IP -> client records, plus things like date-time stamps. If nothing else, that's a whole host of web-crawling to link people to IP's, accounts.
You kind of expect it in pre-release reviews or betas or something but in the full client and in every screenshot? Bit nasty.
More interesting - what other games do that?
sketchy but legit (Score:5, Interesting)
Their TOS describes how and what info is SENT to them by the client. This is information on your own computer. They don't have to tell you all the places they store your information. Think copy protection. There's a good deal of sneaky things they're doing on your computer to make sure you're running a legit license. They don't have to tell you about any of that. If you take a file that their client makes, and upload it somewhere, it may contain identifying information in it. This just happens to be a screenshot / image, that you wouldn't normally expect metadata to be in.
It's not too different than say, your digital camera embedding metadata. And it does. A lot. Usually common things like date/time, fstop, exposure, etc, but also can include model of camera, CAMERA SERIAL NUMBER, gps location, firmware version, total number of shots taken, etc etc.
So you can take off the tinfoil hat. It's too late. They're already in your head.
Re:Why? (Score:3, Interesting)
Backmasked Message? (Score:2, Interesting)
Re:Other games? (Score:3, Interesting)
Screw Actizard, contact privacy@blizzard.com (Score:2, Interesting)
Doesn't look like many slashdotters here care, but if you actually do then claim your info back and stop affiliating with this once decent company.
Re:Unsubstantiated Rubbish (Score:2, Interesting)
Wait, they added un unencrypted watermark? Why on earth would you NOT encrypt a watermark of this kind?
Re:Unsubstantiated Rubbish (Score:5, Interesting)
Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.
From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.
Re:Bootstrap (Score:2, Interesting)
FTP which on windows workstations is handled, by default, by IE and to get a ftp client like filezilla you will probably use a browser, - chicken vs egg
or you could pop out the old linux disk and have any non IE/safari browser you want with a simple apt-get install, or simply while live booted grab the windows version of Firefox, Chrome, Konquerer, Opera, Seamonkey, elinks, whatever copy it you your windows partition reboot into windows install the new browser set all web related stuff to be handled by the new browser and kiss IE goodbye.*
*until the next windows update when it resets the default program for hyperlinks to IE again.