Slashdot Mirror
Activision Blizzard Secretly Watermarking World of Warcraft Users
New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."
Is this known to be the case for any other games? IE: Diablo III?
*Tu du tu du du duuuuuuu*
*neh neh nah nah* [echo]
-----*neh neh nah nah*
There was an infamous cows shot from a hell level of diablo2 from years ago that my character surrounded by hundreds of cows. Wonder if that if that was watermarked?
It's not actually a watermark on the picture. It's a watermark encoded in your brain from playing too much WoW.
Ouch. That's gotta hurt. I think there's a case for even places like the EU commission there, if people are unknowingly distributing other's data.
That said, I don't really care because I've never touched WoW. But, yeah, I can see the problem. 4 years of IP -> client records, plus things like date-time stamps. If nothing else, that's a whole host of web-crawling to link people to IP's, accounts.
You kind of expect it in pre-release reviews or betas or something but in the full client and in every screenshot? Bit nasty.
More interesting - what other games do that?
HP (and others) used to, or maybe still do, use watermarking in printers to hide data revealing time, printer type, etc.
http://news.cnet.com/8301-10784_3-5811739-7.html
https://www.eff.org/issues/printers
~ Meta data is watching
Forward! -- Emperor Norton, 2012
Why would you upload and share your WoW screenshots anyway?
Also, whoever decided that screenshots should be saved as jpeg by default (assuming it is default) should be fired.
What?
"Watermarks do not work that way!!! Good night!"
Their TOS describes how and what info is SENT to them by the client. This is information on your own computer. They don't have to tell you all the places they store your information. Think copy protection. There's a good deal of sneaky things they're doing on your computer to make sure you're running a legit license. They don't have to tell you about any of that. If you take a file that their client makes, and upload it somewhere, it may contain identifying information in it. This just happens to be a screenshot / image, that you wouldn't normally expect metadata to be in.
It's not too different than say, your digital camera embedding metadata. And it does. A lot. Usually common things like date/time, fstop, exposure, etc, but also can include model of camera, CAMERA SERIAL NUMBER, gps location, firmware version, total number of shots taken, etc etc.
So you can take off the tinfoil hat. It's too late. They're already in your head.
I work for the Department of Redundancy Department.
No it's a sail boat!
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
This is what I think Blizz/Activision will say if you complain. What are you gonna do, go play another game? Even though they are losing subscribers, they have enough that they really don't care. I don't play WoW, nor do I even like it, but I have some relatives who are so addicted to it that Blizzard executives could break into their house and rape their children, and they would give it a pass. This is meaningless on that scale.
it's a pretty far done troll if so, if you read further to the thread(there was some disassembly from mac client).
(it would be entirely feasible that they remove the watermark at full quality.. because it would be obvious then).
this is blizzard we're talking about after all. (I don't think jpg artifacts would position themselves like that, not on any of my pron pics anyways)
world was created 5 seconds before this post as it is.
If you read the thread, other people have actually decoded those "compression artifacts", and even wrote a tool to do it so, no, those aren't just artifacts.
How do you account for the pattern then?
Has anyone actually done some work on the quality 10 screenshots to ensure that the pattern isn't actually still in the structure of the file?
It was my understanding that digimarc's tech was supposed to make their watermarks essentially invisible to the human eye, and perhaps it is a biproduct of lossy compression that's actually showing the pattern on lower qualities.
Has someone taken the eye-dropper tool to a large section of a quality 10 screenshot to verify that there aren't pixels that have a different color by even one bit?
This post has a script to save the watermark only
Next time, actually read the thread before posting.
Finally had enough. Come see us over at https://soylentnews.org/
From reading the thread, the artifacts do not appear when JPEG quality is set to 10 (i.e. maximum) or if a non-lossy algorithm is used (like TIFF or PNG). If this was meant to be a watermark, the programmer who wrote the algorithm should be fired.
These are most likely JPEG compression artefacts.
They did this on purpose, in order to avoid having their watermark identified when viewing the images in really high quality. An Assembly expert wrote some code that allows you to add this watermark on purpose in the high quality images: http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687 We also decoded the content of the watermark and it indeed contains the account information, as mentioned. It is NOT artifacts. Please read the full forum post before posting dis-informative comments. Thank you.
Or the embedded information can only be seen from sharpening when there is JPEG compression.
The watermark is probably in the uncompressed files too, you just can't easily pull them out with sharpening because the file is uncompressed.
JPEG compression artifacts? That's absurd! How would a random compression artifact contain the UserID, Time, and IP address? I'd be more likely to believe that was an actual picture of Jesus in my Sandwich. The reason the lossy compression just reveals the pattern.
Originally the game only saved screenshots as TGA, but at some point JPEG was made the default setting and you had to edit a config file to change it back. It might be a setting in the UI now, I don't know.
Yes, strategically place JPG artifacts caused by known compression techniques to create a readable barcode.
I'm not surprised the commenter above didn't read the posts following the first post of the source.
What's important are these posts:
1.) Disassembly from the Mac OS X client, which shows watermark functions triggered in the screenshot routine.
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-2.html#post2489452
2.) Using a memory modifier, the client is edited to only save the watermark (discarding the actual screenshot) even in JPEG 10 and Lossless formats. Completely disproves compression artefacts theory.
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687
3.) Further disassembly shows the following are included in the watermark: Account Name, Realm Info (Serialized, unknown content), Realm IP, Timestamp
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-5.html#post2492494
You really should read some of the posts in between as well, linking Digimarc to Blizzard Activision, patents filed by Digimarc describing precisely this watermarking technique (and possible predecessors), and how the payload (88 bytes) is repeated multiple times exactly to 5808 bytes in order to survive anticipated resizing and further compression.
Whilst I'm sure they may have good intents (for support maybe? giving benefit of the doubt here), it's these kinds of tricks being pulled by digital companies whilst keeping consumers in the dark that really turns me off.
If you look at the JPEGs in a mirror you can see a hidden message "Hello, hunters. Congratulations. You've just discovered the secret message. Please send your answer to Old Pink, care of the funny farm, Chalfont."
At some point we are going to start showing a little respect for ourselves as consumers, and stop supporting companies like this, right?
These companies know they can do pretty much whatever they want, because we're all just a bunch of consumer whores anymore.
Money talks. Stop buying their crap.
They claim it's been successfully decoded, but that code rule and examples are not provided. As they give the steps to generate such a picture, it would be otherwise easy enough to verify.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
I would have encoded that info into the game a long time ago. I was looking at the bot situation in wows early days and thought to myself that there should be some details encoded into the screen that would allow Blizzard to track back to the account.
It would not take much at all. There were several areas of the screen that would lend its self to encoding information. I am sure you could do it with just a few bytes of information. Enough bytes to indicate account ID index (3 bytes) and a small date (2 bytes). You could encode this in as little as 2 pixels on the screen (but it would stand out). Something like this could be encoded into border patterns on the edge of controls and would be almost invisible.
I know you can customize the heck out of the display, but this would catch a lot people.
Okay, so there's some pattern that shows up against a completely untextured view of the world. How would they recover such a faint watermark from an ordinary view of the world, complete with complex textures in the background? For that sort of thing, you need a copy of the image without the watermark so that you can take the difference between the two, and that doesn't seem to be the case here. And if you wanted to covertly record someone's data, why go to this effort when you could just send it to your server without telling them?
Linky please?
Why? What would be the point of lossless screenshots from a game? Do you really think everyone needs pixel-perfect screenshots from a game? Or do you work for a storage company and you want people to fill their hard drives faster?
Sigh. This kind of story makes me miss ignorant Ask Slashdot questions. I wonder if the OP would mind if I told him how to select the best network cable for use at home.
I'd like to know - the cheap cables I keep buying on eBay often fail after a few plug/unplug cycles, and the $20 Systimax patch cables seem like overkill.
At least read the summary.
and ask him wtf is going on? MMorhaime@blizzard.com
to play GW2.
From the frequent "how to I open a screenshot" posts that used to appear in the WoW TS forum, I suspect it was changed to lower support calls.
Got fed up with all the BS and emailed privacy@blizzard.com to have my account and all my games perma-deleted from their system. Took an untold number of weeks for them to finally follow through on it but I'm now no longer a zard-tard.
Doesn't look like many slashdotters here care, but if you actually do then claim your info back and stop affiliating with this once decent company.
Wait, they added un unencrypted watermark? Why on earth would you NOT encrypt a watermark of this kind?
Why? What did it say?
rewriting history since 2109
More people should read my post's parent.
As long as it doesn't have the address of your parents basement, I see nothing to worry about.
:wq
If someone ever actually manages to find Mankrik's wife, they need to know who and when so they can send the prize.
The thread indicates it may have appeared during WotLK alpha builds and only contains:
- Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included)
- IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers).
- The time the screenshot was taken
I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Of course privacy zealots will say otherwise, but each to their own.
What a retard you are. Just read the first few sentences, then click on the link.
Or do you actually need someone to come and fucking click on the link for you?
http://ninite.com/.net-7zip-air-chrome-firefox-flash-flashie-foxit-java-opera-pdfcreator-reader-safari-shockwave-silverlight/
that covers just about everything you would need download (on another computer) shove it onto a flash drive and then run on your new computer (must have network connection)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Posting anon for obvious reasons.
I recently sold my Blizzard account.
I sold it in a famous Brazilian auction site (Mercado Livre). I didn't include and personal info (obviously) in the ad, and my login ID/password and e-mail are vastly different from those registered with Blizzard.
Somehow, BEFORE THE AUCTION ENDED, thus before the buyer tried to log-in from his IP, I received an e-mail from Blizzard along the lines of "we already noticed you're trying to sell your account"
Well, fuck you, Blizzard. You were too late!! The sale went without a hitch and the buyer never reported any issues (he even added the Android authenticator).
Screw their overprotective ToS. I no longer care for their DRM-laden games, so I passed it along. No, I didn't make tons of money, but at least I made someone happy and screwed Blizzard some.
The only people who'd need to worry are those exploiting the game who've distorted their toon names thinking that's all they need to do hide their identities.
I swear to God...I swear to God! That is NOT how you treat your human!
Would you read an article about graphics cards where the author was looking at compression artifacts instead of the true anti-aliasing effect?
Online Games, it is the game makers best interests to be hard against cheater. Because if left uncontrolled they will ruin the game for everyone.
So if you are going to be taking screen shots of your cheating. Might as well get tracked down and banned because of it.
I remember back in them olden days of Lan Parties. A professor in my college actually hosted a WarCraft II Lan Party. So we were on two teams, One side had the professors 8th grade kid. He found a cheat that worked online. Once we found out both sides of the players (including his own team) in general told him that he cant play anymore. We wanted to play using our own skills if we won we won, if we loss we loss no big deal, not cheat, just to win.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Dude have you ever tried to support clueless users? I would remind everyone this is WoW, a game that has everyone from Mr T to soccer moms playing the thing.
In hindsight was it a good idea to put this data in there without it being encrypted? Probably not but oh Lord I can see why they did it! Personally i wish I had an easy way to have the relevant data on the system just handed to me in a screenshot by the user pushing a single button than playing twenty questions like "What OS are you running?" what's an OS? "What version of Windows is on the machine?" Windows "Windows what?" Huh?
Now picture that conversation going on for a half an hour or more and you can see why tech support would want a way to have the facts just handed to them, because I can imagine with the volume of support calls with issues like "My Warcraft looks funny!" cutting through the bullshit would seriously cut down on support time.
ACs don't waste your time replying, your posts are never seen by me.
To prevent additional artifacts when you resize and save the image to JPG again. If you're doing anything to the image before publishing it, you don't want anything wrong at all with it.
All of the claims made are extremely dubious. You have an incredibly small group of random people making these so-called discoveries. The very fact that you can't find the watermark in non-lossy JPGs is in and of itself a considerable dispute of the claim. The algorithms used in various JPG encoders can result in various natural patterns, because there really is no such thing as true random.
And the OP's post is very misleading. It's implies that they've decoded the watermark. I've been following the thread since before it ever ended up on Slashdot, and all they have is what they interpreted to be binary data, and then converted that into hex values. Their "confirmation" of the data being encoded player info is based on a single person's supposed reverse engineering of the WoW binary, which has resulted in an incredibly detailed code listing which you normally only come close to if there are debugging symbols present, which I severely doubt Blizzard would be foolish enough to do, as it would aid in private server creation.
I don't have WoW installed anymore to dig around in the binaries myself, but I did have my brother send me a screenshot. These artifact patterns can be revealed in various ways, from sharpening to gamma and levels adjustments. But when gathered from a non-solid color screenshot, they're nearly impossible to distinguish from the rest of the image, making their usefulness as a way of tracking anyone far less viable.
Until we have more than 3-4 people on some forum, where, conveniently, someone released a tool to disable this (which couldn't possibly be designed to steal your WoW account info!), then I call bullshit on the entire thing.
FTP
But how would people discover the hostname of the FTP server with Firefox? The old Firefox ads never gave the hostname of an FTP server, just the hostname of a web site that could be visited with an existing web browser (in this case IE). One could Google get firefox without IE to find this guide, but that too would require using IE.
USB flash drive [...] external hard drive.
Which requires bootstrapping. It's like finding someone to make a Free McBoot card for your PS2. What's the best practice for finding someone else who can provide this?
CD ROM, DVD
If you mean pressed discs, the official Mozilla store is by invitation only; I just checked today. If you mean recordable media, these have the same bootstrapping problem as above.
Posted without bonus.
Because depending on how the screenshot looks, png may actually compress better?
What kind of camera puts it there???? Let me know so I won't buy that brand.
Instead of pumping out FUD because you feel like it.
Some versions of the osx wow mop beta client have all the function names in it, it was widely distributed in what was pretty much an open beta. (active account = you got in) This is a well known fact to those that pay attention to such things.
As for the rest, they have pretty much finished working out the encoding algorithm.
(lol @ the captcha I got: "binaries")
And on that CD you can place *programs*. Programs that you can *install*. Programs like *browsers*. They will also tell you the IP address to set your DHCP service to in the joining pack, along with your email address and various other things that, until you get a valid account, you cannot get through opening up IE even if installed.
Some years ago I developed my own steganography techniques and those pictures reminded me of that.
You only need such patterns to encode information in lossy formats due to the compression artifacts. If you use a lossless picture, where every bit of every pixel is perfectly preserved, there are much more efficient ways to hide any information in the picture.
Most likely the TIFF, PNG and other lossless formats contain the same information or even more, just encoded in a different way.
So, if you want to avoid leaking your account details, save screenshots in a lossless format and then convert it to a lossy format.
I once saw someone post a "link" to a screenshot on the forums that was something like "c:\documents and settings\username\desktop\World of Warcraft\screenshots\WowScrnShot_2353.tga." He didn't understand why nobody else could see it.
Really. IF they can't be considered personal or sensitive, then they can't be used to track down the PERSON who breaks something in the TOS. And what, exactly, is it in the TOS that they might be breaking that warrants this anyway?
Uh just read that thread guys, it's confirmed. Already with POC in several languages.
Can I light a sig ?
you have no idea what you are talking about. the fact that this pile of shit became a front page topic makes me sick. do some research before you get on your soap box about the privacy of games you don't even play. automated anti-hacking. end of story
Cool discovery.
This is a minor privacy leak, when someone creates a program to decode the watermarks. It will also be worthless for authenticating screenshots, because when someone can read the watermarks, it doesn't take much to fake one. Blizzard should have encrypted the info with a public key to solve these problems.
As it stands, it may be useful for others than Blizzard, to identify the origin of a screenshot (in a non-adversarial situation)
Really. Tell a Steamer that you WILL NOT use Steam for a game and you'll get a hundred nastygrams telling you variously that you're a tinfoil, idiot, wrong headed, trolling, only saying that because you've never used it or, rather smugly "well, you'll miss out on the game".
It's the same deal with Diablo III.
Say you won't use it and you're ridiculed for paranoia. Told that it is THEIR RIGHT as the publisher to buttfuck you. When the TOS changes, you'll get "well, I don't like it, but I agreed to an EULA that says they can change at any time". When you get illegal clauses, told "you're wrong, you're a pirate!". Or told that the buttfucking is necessary to stop cheaters or pirates or protect the developers.
You WILL NOT be allowed to not buy it, and DEFINITELY shouted down if you try to tell anyone else about the downsides of an "agreement".
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Or you have a dump the hackers made of their client list, which contained screen names as well as other info. They could then use this hacked info to get to any of the other data, especially by someone who posted a screen capture online. Using the leaked DB could tie that screen capture to MUCH more data.
today is spelling optional day.
Rarely, unless it's an extremely small screenshot like 16 pixels by 16 pixels, but it'd be hard to play WoW on that.
It would be possible to use that information to get the first part of what is needed to actually log into an account. You've got the player name and realm, with that alone its easier to compromise an account. Although it is of course easier just to take the whole user list from Blizzard....
Blatant Advert: Android Apps!
Yes, because the majority of users who take screenshots are reviewing graphic cards.
Also, whoever decided that screenshots should be saved as jpeg by default (assuming it is default) should be fired.
From a cannon.
Into the sun.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Before publishing it? I guess this raises the question: what is the purpose of games having a snapstop feature? Is it to primarily aid people writing critical articles about games or hardware, or is it so that you'll have a memento of that time you killed the boss monster?
If it's the former, then of course you're right.
If it's the latter, then snapping as jpg isn't any dumber than all the consumer cameras which do that. If you think jpg is bad for that too (and that's not a totally unreasonable position, I'll admit, but I do disagree with it) then you might as well say lossy compression has no place at all, since you never know for sure, when you're generating a final product or generating an intermediate file that someone still needs to work on.
Because compression artifacts look terrible on most CGI
What?
privacy zealot... such a funny phrase.
the thing is....If you allow your privacy to erode from every angle, don't come crying when you find you have none. When every transaction, grade, infraction, coffee stop, and random comment you have ever made has been bought, associated, linked, sorted, indexed, and don't forget monetized (to be able to be looked up--for a modest fee), at that point you may reconsider.
Storage is cheap, Analytics is becoming more mainstream, and automated linking is just t the next step.
Good luck to you, I'm sorry we cannot hire you due to this phrase you stated in MegaGame202 18 years back.... it was outright offensive, and spoke poorly of our megacorp. we only hire people enthusiastic about our company, vision, and products! Now please move along.
Surprise-surprise on who is 'exposing' this originally. The "community" of cheaters at ownedcore.
This is pretty interesting, but I think the OP is trying to spread FUD about what the implications of this data are. There is no personally identifying information contained in this watermark. It contains the server IP, server time, and account name. That's it. Now there's a lot of confusion about what "account name" means, so let me explain it for those who don't know.
About the same time that this watermark apparently showed up (2008, the 3.0 patch associated with the WotLK expansion), Blizzard converted the WoW login system so that it was integrated with their new Battle.net 2.0 login system. At this time, it became necessary to login to WoW using your account's email address instead of your traditional account name. That traditional account name is what's being encoded into the watermark, not your email address login. If you created an account after the Battle.net 2.0 merger, then your "account name" is a unique string that isn't even display to its owner. Anywhere in the account management webpage or login screen that this string would appear, it instead displays "WoW1", "WoW2", etc. (if you have more than one account).
So there's basically no way to associate this "account name" with your login information, real identity, etc. If you play on a private server, that account name is going to be based on the private server's login system, not Blizzard's login system.
It's pretty obvious what the real purpose of these watermarks were: to identify users who violated the NDA of their closed betas and ban them from the beta, identify users attempting to sell their account, and possibly to identify the IP address of private servers to assist in attempting to shut them down.
Further, the probability that these info could be used to help harvest accounts for gold selling or to phish for accounts seems ridiculous. It'd be highly inefficient to spend so much time on a single user when for far less effort you could just spam a million harvested email addresses.
Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.
From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.
They were originally TGA, and you can still create TGA screenshots. They changed them to JPG by default for user convenience. Most WoW users are not computer savvy enough to convert their own screenshots.
Oof. You have no idea how many times I've seen people blame Exchange/Outlook because a link like that in an email didn't work. "It's all Microsoft's fault!" Well, I guess in a way it is, since MS enabled even idiots to use a computer.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
First of all, using a beta client as a basis, which is much more likely to watermark screenshots to begin with to make sure someone isn't passing around info they shouldn't be, is not an indication that the final client does or is doing anything. And I can't reiterate enough the uselessness of a watermark which is nearly impossible to use except in certain circumstances.
Second, I simply stated the facts. It's a group of 3-4 people who are "discovering" and dispersing all of this information. There is no correlation of this from anyone else of any reputable background. If you knew the definition of FUD, you would quickly realize that it's a group of unknown people shouting out something to fear based on unsubstantiated claims. Whoever posted this topic on Slashdot is completely irresponsible, and if it all turns out to be false, puts themselves at legal liability if Blizzard decided to make a stink about defamation.
So far, you effectively have a lot of coincidence and suspicions. Don't try to discredit me simply because I point out that fact. If you want to prove me wrong, then prove me wrong, and I will happily admit to being so. Otherwise, it all just appears like people want to hide and discredit my comment to keep the story alive for that much longer.
So lets stop giving these scummy companies our money.
How many times are you gonna let the same people screw you over?
Lets start showing a little self respect, huh?
I am sure that WoW's EULA covers this watermark, as it does the installation of The Warden service which actually tells Blizzard all the apps running on your computer at the time that you play their game. This is extremely intrusive, much more than this watermark.... I therefor suspect the wording used to perpetuate this EULA to encompass the warden would also apply to the watermarks.
Long Live WoW!
"Activision Blizzard Secretly Watermarking World of Warcraft Users"
Cool man!
That explains why I've seen all these people on the streets with that appears to be a photoshopped watermark on them.
What this world is coming to - is for you and me to decide.
A schooner IS a sail boat stupid head!
Well, as a former WoW player, I decided to do due diligence and check my old screen shots. Any screenshots taken after WotLK due indeed have these watermarks. No they aren't jpeg compresion.
I am not affiliated with the researchers in any way.
It is easy to verify that screenshots have some kind of watermark by simply using a sharpen filter.
Hmm, my browser failed to render your sarcasm tags.
Forget diamonds, copyright is forever.
You have no indication that it's not jpg compression. Take any image, from anywhere on the internet, and sharpen it in this manner. Different images will give you different intricate patterns, depending on the encoder used.
You have no idea if this strange visual effect is really just a compression artifact resulting from light variations due to shaders which WoW employs, causing very subtle differences in the colors in certain equally spaced locations. As long as it visually looks fine, it wouldn't matter if their lighting techniques were a bit of a hack job underneath. Hell, look at the one image they linked on the forum, where a guy with a much larger screen resolution had a different pattern entirely.
Given that the most vocal detractor of my comment is also an Anonymous Coward, likely in order to retain moderating points, we'll just have to take your word that you're not him or part of the group.
IP address of the server, that seems harmless. Time, harmless.
Is the User ID secret or something that other players could see anyway?
You really should read some of the posts in between as well, linking Digimarc to Blizzard Activision, patents filed by Digimarc describing precisely this watermarking technique (and possible predecessors), and how the payload (88 bytes) is repeated multiple times exactly to 5808 bytes in order to survive anticipated resizing and further compression.
This does not look like a Digimarc watermark. The linking seems to be "Activision is doing this, Digimarc has patents, ZOMG."
People still play WoW? How much free time does the poster have?
Don't try to discredit me simply because I point out that fact
No, you gave your OPINION, not fact. Don't get the two confused.
Also, go back and RTFM, then go back and read it again until some FACTS sink in.
Such as your claim of "First of all, using a beta client as a basis, which is much more likely to watermark screenshots to begin with to make sure someone isn't passing around info they shouldn't be, is not an indication that the final client does or is doing anything"
If you'd read the forum properly you'd see that people on there are giving screenshots of NON-BETA clients that still have the watermark.
Don't try to discredit me simply because it proves you're a pedophile.
(it would be entirely feasible that they remove the watermark at full quality.. because it would be obvious then).
Not just entirely feasible - someone later in the thread claims to have found the code that disables the watermark on full-quality images and figured out how to patch it out, so that the watermark is present even in uncompressed TGA screenshots.
Blizzard has to deal with cheaters on a scale never before encountered by any game company. Even at the CS cheating peak when it rolled out PunkBuster, Valve never had to deal with as many cheaters in one game. Because of the economic incentives, gold farmers and others have tried with varying degrees of success to get past the protections in the game. Blizzard has made it reasonably clear that it takes certain actions to find cheaters, some of which are fairly rootkit-like in their implementation and ability, and that it does not disclose all of these methods to the end-user.
Personally, I don't see a problem with this. I find the rootkit behavior a much bigger issue, but I'm willing to live with that in part because I know so many people at Blizzard (and I'm not just talking about a few customer service or QA people) and I trust that they're not going to do evil things with that ability. If they're willing to have that level of inspection on their computers, I don't see why there's so much fuss over the watermarking.
You can never go home again... but I guess you can shop there.
So all those times when we said we have screenshots of what happened and the GM staff says that screenshots are not valid?
Stay classy ActivisionBlizzard !
I can positively confirm this. It isn't in my earliest screenshots but it's definitely in my more recent ones. It's exactly the pattern they're talking about, and I've been able to successfully decode one using the same technique they have. It seems to be a DigiMarc watermark indeed: payload 88 bytes, including my numeric WoW account number (ending in #1), day, month, year, hour and minute (not seconds) and IPv4 of the realm. It's followed by a CRC-32, and repeated. On a 1920x1200 screenshot it starts at 176 pixels from the vertical, and it seems like the top and bottom "bands" are wide, and the middle one is "narrow" (the reverse of the pattern they observed, presumably in 1920x1080 screenshots?). It wasn't in 4.0.6. It is in current, live, released builds of WoW.
Just get a WoW screenshot, unsharp mask it with max strength with a radius of 1.0 pixels, and you'll probably be able to see it. I thought the JPEG compression was a bit poor quality compared to if I went out in TGA and packed it myself an intentional watermark wasn't what I expected - but there it is.
Disassembly of the WoW client shows the function specified in the thread at the offset they specify too, and it does indeed contain a call to a recognised DigiMarc watermarking function. I presume decoding uses autocorrelation of some form, given how regular it is.
I'm not sure it is necessarily a privacy issue: it doesn't contain any of your personal information directly--unless, of course, there is a way to look up account numbers. I'm not sure there is, although I've definitely seen them before somewhere I don't precisely recall.
To reiterate: I can confirm. The live client does this, on the default settings. Just try it and see.
Supposedly, if you /console SET screenshotQuality "9"
the "watermarking" goes away. Which, frankly, makes me extremely suspicious.
Either (1) that's a bug, (2) Blizzard took a decision to watermark some screen shots and not others, or (3) this is (as several people have suggested in the linked thread) a jpeg compression artifact, and not a watermark at all.
I notice that, so far, the information on how to read the supposed watermark (which would allow us all to independently confirm that a watermark is indeed what we're seeing) doesn't appear to have been published. Until it is, my money is firmly on (3) - a compression artifact.
That's not actually true. jpg images can contain steganographic data in them just fine. For instance, there is a steganographic message in this image using steghide:
http://www.climagic.org/images/mystery-developer1.jpg
It could be that steganography didn't survive post processing. I just tested the image above by posting it to Facebook and the stego data didn't make the transfer. Maybe Blizzard developed a more hardy watermarking technique.
Blizzard can easily monitor a users activeity outside of their network by "scraping screenshots". You don't think there's a privacy issue with that?
Especially since they've kept it under wraps for years and failed to mention it in the privacy policy?!
Hey by the way every time you post a screen we will track you. And be warned that anyone else who views your screenshot could potentially figure out what your User ID is. And if you upload the screenshot to a forum there is a chance that the forum software might have a vulnerability that allows virtually anyone to connect your WOW UserID to your Email Address on the forum and your IP address at which point they could figure out where you live, who your ISP is and pretty much everything else ...
So when google spiders stuff on the internet with the "default allow" of the internet requirement, this is real bad to copyright content owners. But when it comes to copyright content owners, default allow of their customers production is just fine and dandy...
>pedophile
Okay, troll confirmed, moving on to factually accurate articles.
How about png? All modern OSes has png support, right?
What?
So if you are going to be taking screen shots of your cheating. Might as well get tracked down and banned because of it.
And if you *haven't* actually been cheating, but you've posted pictures of your WoW game for whatever reason over the years anyway, it's okay that identifying information was embedded without your knowledge (possibly to be used against you years later in circumstances like, oh... *this case*) even if you had good reason to want to remain anonymous?
Actually, I don't care whether the person *was* cheating, it doesn't excuse this sort of thing. If Activision had wanted to do this, they should have been open about it happening, if not the precise mechanics of how it was implemented.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
They WILL NOT let you not buy it. They will hound you, insist you're wrong, insist that you MUST buy it, that it is your DUTY to buy it.
But you, being one of the retards going like a fapper over companies buggering everyone sideways, are being a twat.
You confuse explaining a rational for doing sometime, with an endorsement for the practice.
The gaming company know that cheaters are a problem, then they need to figure out where to draw the line.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Who gives a fuck? It's not like you wow addicts are going to stop throwing money at them anytime soon...
Their client their software they can do whatever they want. They have all the rights you have none.
Now get back to spending money and grinding you lusers.
Reducing the JPEG compression to minimum or switching to TGA makes the supposed "watermark" go away, when in reality (if it was indeed a watermark), it would make it easier to decode. These are clearly compression artifacts. Unsurprisingly, they haven't actually been able to read any data from this "pattern", or shown that the same user always gets the same pattern. They're just applying some random filters to an image and then speculating that the compression pattern means something about the user account.
I clicked the damn sailboat.
You confuse explaining a rational for doing sometime, with an endorsement for the practice.
My apologies- I thought your comment came across a bit like you (personally) were trying to excuse the company with that rationale, rather than merely explaining their position. I'm happy to accept that this was a misinterpretation.
The gaming company know that cheaters are a problem, then they need to figure out where to draw the line.
Systematically compromising *everyone's* anonymity without telling them so is (IMHO) quite clearly over that line.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
Of course you don't see the fuss about watermarking. You just said you're fine with Blizzard installing a root kit on your machine! Waht the heck is a measly watermark compared to that?
is this the same blizzard that frowns upon people selling gold for cash, but turns a blind eye if that cash is used before-hand to purchase blizzard's own time cards or vanity pets/mounts? pet..kettle...black.
More people should read anything before commenting. Seems half of the people here post by gut-reaction, not any fact they have observed. The thread linked in the story is conclusive for anybody with half a brain. Of course that assumes that half brain is actually put to use...
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
In my defense -- the first page of the linked comments was heavy on insinuation, light on actual decoding work.
Its ironic that there is an add for WoW on this article.
What? No, dude, that's not how Internet debates are supposed to work! Dig in your heels, accuse the GP of backpedaling, and burn that strawman to the motherfucking ground!
That's exactly my point, much as you might attempt to trivialize it. I don't have a problem with the watermarking because the rootkit behavior is so much more severe in comparison. I don't see why anyone else would get bent out of shape over the watermarking if they're willing to put up with the rootkit.
You can never go home again... but I guess you can shop there.
there's no anonymity to begin with, its a game server. it IS paywalled, but that isn't perfect security either.
you can look up any WoW character and see their equipment grade from blizzard's site. that doesn't help hackers steal accounts and neither will this.
My kingdom for a mod point.
Ceci n'est pas un sig.
The reason why the watermark is not mentioned in the TOS is because there is no moral, ethical, or most importantly legal reason to do so, because nothing in the watermark payload is information that can compromise a user's privacy. Blizz started using the watermarks to enforce NDAs with its beta testers, and probably also to locate non-licensed private game servers. Hard to see how you could get your knickers in a twist about this, unless you are a paid shill for one of Blizz's competitors, in which case you've now outed yourself and will be hitting our plonk files in short order.
I haven't seen anyone mention why this matters. If you get a kill in the game, you used to be required to post a screenshot to prove it in the online forum, although this isn't necessarily de rigueur anymore with the advent of the achievement system. Thus, SSDD, screenshot or it didn't happen. It could still be important though to back up your argument in some type of situation.
"There is no privacy get over it" - Scott McNealy. If Blizz had put this out in the open it would have been self-defeating, cheaters would have taken steps to blur or remove it. As a Wow player, I'd rather they caught the cheaters and removed the privacy of the attention whores who post their shots up on youtube.
what's wrong with wget?
What's wrong is that "'wget' is not recognized as an internal or external command, operable program or batch file." In order to download, install, and use Wget without ever opening IE, one has to already know on what FTP server the Windows binary of Wget is stored.