Blizzard revealed to be hiding information in WoW screenshots – blogger reactions

by on September 12, 2012


It’s been discovered that World of Warcraft embeds personal data in any screenshot you take – but just how big a deal is this?

Hobbyists discovered that WoW embeds personal data into most screenshots yesterday. Initially, there was some concern that the data could be directly used to hack an account – however, it has since been confirmed that the data is limited to an account identifier (not your BattleTag or email address), the IP of the realm you’re connecting to, and a timestamp.

Nonetheless, this is at best unexpected and at worst unsettling news, and there has been a lot of discussion of the implications:

  • I’d heartily recommend reading the Hacker News discussion of the topic, including discussion of non-obvious potential exploits and the technical details
  • Adam Holisky at WoW Insider claims that the information in these screenshots can absolutely not in any way harm you“Again, though, there is no information in these watermarks that connect your screenshots to you, the person behind your keyboard, living on Dreary Lane. Only to connect your public display of cheating to your World of Warcraft account and/or private server.”
  • Clockwork commented on the news minutes after it came out, calling it “somewhat alarming”“I see why they did it; most likely it is meant as a protection of NDA’s by allowing them to figure out who posted the picture (especially of unreleased content) so they can take proper action…but this opens up another can of worms.”
  • Kaozz is very uncomfortable about both the tracking and the thinking behind its implementation“It is pretty creepy to even think that a company would even want to ‘track’ customers through screenshots, or even to really dig up reasons why.”
  • Miri argues that you’re already sharing far more information than you immediately realise“There’s a lot of information already available thanks to search engines, standard “friendly” commentary, and ourselves. Protect yourself by limiting what you say and share. You can help control the amount of information that the world can use against you.”
  • Typhoon Andrew writes a balanced post looking at the practical details as well as his personal reaction“The fact it contains an account ID and not an internal unknown reference ID linked to the account ID makes me think that this was developed assuming security through obscurity.”
  • And Rades satirises the more extreme reactions to the news“Maybe it’s time travel,” he gasped, stopping abruptly in his frantic pacing. “Time travel! That has to be it! The Bronze Dragonflight! Maybe he’s a dragon!?”"

Personally, I’m not up in arms about this, but it’s a little concerning. There aren’t any trivially-obvious direct account security risks, but the extent to which this information could be used for datamining is a little worrying.

More concerning yet is the possibility of forgery. I can’t imagine it’ll be very long before there’s a tool available on the blacknets to erase and replace this steganographic information, meaning that if Blizzard don’t rapidly change their approach, it’d be possible to “frame” other players for private server usage, RMT, or other anti-TOS offences.

What do you think? Storm in a teacup, or a genuine outrage?

If you enjoyed this article, check out our other posts from these categories: World of Warcraft

{ 5 comments… read them below or add one }

Tesh September 12, 2012 at 6:31 pm

Game devs love metrics, especially on “live” games. I can see the mentality that produced this growing from that thirst for data.

That said, I do think this goes over the line of “creepy” behavior. It’s probably something we allow thanks to the EULA, though.

Reply

Hugh Hancock September 12, 2012 at 6:54 pm

If I get a chance, I’m going to ask some cyberlaw friends of mine how this interacts with EU and UK law. We’ve got pretty robust data protection and privacy laws over here, and I honestly don’t know if this breaches some of them.

Reply

Rades September 12, 2012 at 6:55 pm

Thanks for the link, Hugh!

Reply

Syl September 12, 2012 at 7:29 pm

In reference to what Tesh said, I dont have a wow Eula I can check these days, but given that this was something that had to be ‘discovered’ by somebody rather than Blizzard being straightforward about it, is what makes this such an alarming and frankly disgusting revelation.

not that it surprises me much…Blizzard has started to show signs of pushing privacy boundaries for a while now, on different fronts. It turns me off buying any of their products in the future, very similar to my suspicions of Origins. lose your player base’s trust once, it’s very hard to regain. of course many players are simply not as aware or sensitive about such issues. personally I really eye this trend with worry.

Reply

Miri September 12, 2012 at 8:23 pm

Thanks for the link! It was a fun post to write!

Reply

Leave a Comment

Previous post:

Next post: