Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
August 31, 2014
arrowPress Releases
August 31, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


World of Warcraft secretly embedding user data in screenshots - report
 World of Warcraft  secretly embedding user data in screenshots - report
September 11, 2012 | By Eric Caoili

September 11, 2012 | By Eric Caoili
Comments
    23 comments
More: Console/PC, Social/Online, Business/Marketing



Blizzard Entertainment has reportedly been watermarking screenshots taken inside World of Warcraft with encrypted user data for years, though it never notified players that their information is shared in the images.

According to users who discovered the watermarks, each screenshot taken by players with the MMORPG client contains information that "can be easily recovered and decrypted by hackers," including account IDs, timestamps, and the IP address of the realm.

Though the watermarks do not contain account passwords or personal information (e.g. real names), the data shared could be used to help scammers target players. Blizzard could also potentially use the information to track down unauthorized servers and people engaging in prohibited activities.

Many are criticizing the practice due to user privacy concerns and Blizzard's decision to not explicitly inform players about the watermarks since it began embedding them some time between 2008 and 2010.

World of Warcraft's terms of use does mention that the company may obtain identification information about users' computers "for purposes of improving the game and/or the service, and to police and enforce" the MMORPG's rules, but it makes no mention of the screenshot watermarks.

This news comes just a month after hackers compromised Blizzard's Battle.net service, accessing user emails, encrypted passwords, and other information used to play games the company's games, including World of Warcraft and Diablo III.

It's unclear if Blizzard has employed the same watermarking practice in its other titles. Gamasutra has reached out to the company for a comment on the watermarks, but has yet to hear back as of press time.


Related Jobs

Backflip Studios
Backflip Studios — Boulder, Colorado, United States
[08.30.14]

Game Producer
Raven Software / Activision
Raven Software / Activision — Madison, Wisconsin, United States
[08.30.14]

Sr. Software Engineer (Gameplay)
Infinity Ward / Activision
Infinity Ward / Activision — Woodland Hills, California, United States
[08.30.14]

Producer - Infinity Ward
Infinity Ward / Activision
Infinity Ward / Activision — Woodland Hills, California, United States
[08.30.14]

Senior AI Engineer










Comments


David Amador
profile image
Seriously? what the hell. I wonder if they are in Diablo 3 and Starcraft 2 too?

Matt Robb
profile image
How is this data any different from what ends up embedded in every picture taken with a digital camera?

Yuliya Geikhman
profile image
You can remove EXIF info easily, and you know it's there. Unlike this.

Matt Robb
profile image
I'll concede the point about knowing its there, but this data would be easy to butcher as well.

Andy Lundell
profile image
It's a lot like EXIF data.

That's why...

1) It should be mentioned in the documentation. (Like cameras)
2) If more than just brand/model is stored, it should be disable-able. (Like Cameras.)
3) The data should be easily viewed and/or removed by the user (Like cameras.)


So I guess the answer to your question is that the data embedded by your camera is done so for the photographer's benefit. The data contained is usually camera settings and location. Things that film photographers have traditionally recorded on small paper notepads. And the data is easily accessible by the user with standard tools.

This Warcraft data is NOT stored for the user's benefit. It's stored for someone else's benefit, whether the user likes it or not.

To be honest, that strikes me as a pretty significant difference.

Matt Robb
profile image
That's a pretty good argument Andy. I suppose the EXIF data is only used for someone else's benefit when the person doing illegal things with their camera is too dumb to clean their product.

John Trauger
profile image
Choice?

Matt Robb
profile image
Take a picture or don't?

Ron Dippold
profile image
This is sometimes done with alphas/betas to track screenshot leaks. Given Blizzard's extremely lax development practices I can almost believe this has been there since before launch and nobody's bothered to remove it, or perhaps even remembered it was still in there. ow that TFA has loaded I see it was added some time after the Activision merger, but it could still be for one of the expansions.

Charitably, it's to help track down/verify bug reports with screenshots. Realm + player + timestamp should let you narrow the log search down to just the right area.

But they still should have mentioned it. That screenshot you took with all the UI removed and posted on a site like photobucket thinking it was anonymous is probably enough for someone to google up your blog/facebook page/etc using realm + player info.

Non-charitably it's so they can find rogue servers.

Duong Nguyen
profile image
WOW... no i mean wow! What an invasion of privacy and total betrayal of the users trust.

Matt Robb
profile image
Question for everyone: Where is the invasion of privacy?

"...including account IDs, timestamps, and the IP address of the realm..."

The only way this information is private is if you're violating the license and using their software on a 3rd party server. I expect the data values mentioned in the article are the naughtiest embedded in the images. If you're taking screenshots of your own violation of the license and posting them on the internet, that seems rather stupidly self-incriminating (or whatever the term is for not-really-criminal activities).

I get that people don't like information about themselves being propagated without their knowledge, but it seems like on computers, we as a community get rather tinfoil hat about it. This really does appear to be only useful to Blizzard and only when tracing people violating some agreement or another. You give away more information by tying yourself to the screenshot wherever you put it on the internet.

Simon Ludgate
profile image
"Question for everyone: Where is the invasion of privacy?"

Your account ID is (ought to be) private. It's also 1/2 of the information needed to hack an account, giving you a very good reason to keep it private.

Matt Robb
profile image
If the ID is an identifier used internally, it's useless for hacking your account.

If by ID they mean your Battle.net Account Email, it's public knowledge sad to say.

Ron Dippold
profile image
If you leave the char name in the UI your alts can now be tied together using the account ID.

Alternatively, people often post anonymous screencaps. Names barred out, or all UI elements removed (the game will let you do this before taking a screenshot). You can upload images anonymously to places like imgur - there is no tying yourself to the screenshot. Well apparently they're not as anonymous as /expected/, which is the key word.

There's no catastrophic info here, just that something you had an expectation of privacy from is purposely leaking your information. That's a betrayal of implied trust, which makes people very upset, even if you argue that logically maybe they shouldn't trust Activision-Blizzard. But the whole kerfluffle could have been avoided with a simple 'Hey guys...'

Simon Ludgate
profile image
RealID was only introduced in 2010; prior to that accounts had an account ID chosen by users that was different from their email address. The original story does not specify if this is the mentioned account ID, or if it was an internal identifier, as you suggest.

Matt Robb
profile image
"If you leave the char name in the UI your alts can now be tied together using the account ID."

I'm sorry, but that really feels like reaching for something to be upset about. That would require people to be hunting down screencaps, cross-referencing the embedded data and possible names shown in the images themselves, and compiling lists for...what purpose exactly? If you left your character name in the UI, it was *you* that provided private information. Imgur may be anonymous, but the place you post the link likely isn't.

"RealID was only introduced in 2010; prior to that accounts had an account ID chosen by users that was different from their email address. The original story does not specify if this is the mentioned account ID, or if it was an internal identifier, as you suggest."

Was actually the advent of the new Battle.net accounts that made email addresses what you use for login. It would actually be more efficient (and smarter) for Blizzard to embed internal identifiers.


I've been playing Blizzard games since Lost Vikings, I'm actually really curious if I should be offended or feel betrayed, but I'm just not seeing it.

Ron Dippold
profile image
I guess you just really have no idea how bad guild drama can get or how much can explode if someone finds out whose alts are whose. I know some people who are freaking out about it specifically because of the alt thing. Yes, people are quite willing to hunt down screenshots, compare account IDs, and correlate with the character IDs because DRAMA. There's the whole jealousy thing, or I can think of a couple more reasons but will spare the whole list, since actual usage scenarios are obviously not helping.

I've given you some examples, based on my experience on several MMOs, and specifically on WoW, why this will make some people upset. I've been in enough guilds to know how people freak out, and I know how WoW players use screenshots, such as the anonymous posting you weren't aware of.

Of course it's all a tempest in a teacup, because it's just an MMO. But this is a site about creating games and hopefully not pissing off your users for no reason at all.

I gave you the invasion of privacy scenarios you asked about. But apparently it was a leading question you did not want an an answer to. You don't feel betrayed or offended at all by the specific examples, and neither do I, because we're not in the group of people who have secret alts and are posting screenshots, but oh there are plenty of them, and they just got zapped with a cattle prod. And plenty of other people are going 'OHSI was there anything incriminating...?' MMO drama is more serious business for some people than real life.

Matt Robb
profile image
Ron, I get the scenario you're describing, but the "secret alts to get a break from guild drama" situation doesn't even seem like it would be affected much. You'd have to have a suspicion that a person has a secret alt, have a problem with that, *and* have access to screenshots posted by them on characters you know about and the suspected alts (out of millions of screenshots on the internet). If the target was concerned about the secrecy of the alts, would they be posting screenshots of them?

At best you'd use this to verify what you already know through other means.

Youn Lee
profile image
this is lame.....they shouldn't do this.....

Nooh Ha
profile image
Doesn't this contravene EU privacy laws? Haven't companies been slapped with massive fines for less?

Mathieu MarquisBolduc
profile image
I agree with Ron. I bet this was to track people who were leacking info from pre-release days, and they forgot to remove it afterwards.

Ramin Shokrizade
profile image
When I provided screenshots and info for this first article on virtual goods and currencies back in 2000:
http://articles.latimes.com/2000/apr/20/news/mn-21581 ,
I only used my middle name for fear of being fired and sued by SOE. It was the first mainstream article on virtual economies and if there had been watermarks back then I either would not have co-written this article with Ashley Dunn, or I would have been in serious trouble for it and probably left the industry. This will have a chilling effect on some journalistic activity.

Terry Matthes
profile image
What an awesome technique to catch leaks and the like :)


none
 
Comment: