Slashdot Mirror
Activision Blizzard Secretly Watermarking World of Warcraft Users
New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."
Koooootiiiiiccccccccckkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk!
Mod me down, my New Earth Global Warmingist friends!
It's a space station!
Is this known to be the case for any other games? IE: Diablo III?
From reading the thread, the artifacts do not appear when JPEG quality is set to 10 (i.e. maximum) or if a non-lossy algorithm is used (like TIFF or PNG). If this was meant to be a watermark, the programmer who wrote the algorithm should be fired.
These are most likely JPEG compression artefacts.
But hey, better to post the troll article for the page views, right?
*Tu du tu du du duuuuuuu*
*neh neh nah nah* [echo]
-----*neh neh nah nah*
There was an infamous cows shot from a hell level of diablo2 from years ago that my character surrounded by hundreds of cows. Wonder if that if that was watermarked?
It's not actually a watermark on the picture. It's a watermark encoded in your brain from playing too much WoW.
Ouch. That's gotta hurt. I think there's a case for even places like the EU commission there, if people are unknowingly distributing other's data.
That said, I don't really care because I've never touched WoW. But, yeah, I can see the problem. 4 years of IP -> client records, plus things like date-time stamps. If nothing else, that's a whole host of web-crawling to link people to IP's, accounts.
You kind of expect it in pre-release reviews or betas or something but in the full client and in every screenshot? Bit nasty.
More interesting - what other games do that?
HP (and others) used to, or maybe still do, use watermarking in printers to hide data revealing time, printer type, etc.
http://news.cnet.com/8301-10784_3-5811739-7.html
https://www.eff.org/issues/printers
~ Meta data is watching
Forward! -- Emperor Norton, 2012
Why would you upload and share your WoW screenshots anyway?
Sigh. This kind of story makes me miss ignorant Ask Slashdot questions. I wonder if the OP would mind if I told him how to select the best network cable for use at home.
Their TOS describes how and what info is SENT to them by the client. This is information on your own computer. They don't have to tell you all the places they store your information. Think copy protection. There's a good deal of sneaky things they're doing on your computer to make sure you're running a legit license. They don't have to tell you about any of that. If you take a file that their client makes, and upload it somewhere, it may contain identifying information in it. This just happens to be a screenshot / image, that you wouldn't normally expect metadata to be in.
It's not too different than say, your digital camera embedding metadata. And it does. A lot. Usually common things like date/time, fstop, exposure, etc, but also can include model of camera, CAMERA SERIAL NUMBER, gps location, firmware version, total number of shots taken, etc etc.
So you can take off the tinfoil hat. It's too late. They're already in your head.
I work for the Department of Redundancy Department.
This is what I think Blizz/Activision will say if you complain. What are you gonna do, go play another game? Even though they are losing subscribers, they have enough that they really don't care. I don't play WoW, nor do I even like it, but I have some relatives who are so addicted to it that Blizzard executives could break into their house and rape their children, and they would give it a pass. This is meaningless on that scale.
This post has a script to save the watermark only
Next time, actually read the thread before posting.
Finally had enough. Come see us over at https://soylentnews.org/
JPEG compression artifacts? That's absurd! How would a random compression artifact contain the UserID, Time, and IP address? I'd be more likely to believe that was an actual picture of Jesus in my Sandwich. The reason the lossy compression just reveals the pattern.
If you look at the JPEGs in a mirror you can see a hidden message "Hello, hunters. Congratulations. You've just discovered the secret message. Please send your answer to Old Pink, care of the funny farm, Chalfont."
At some point we are going to start showing a little respect for ourselves as consumers, and stop supporting companies like this, right?
These companies know they can do pretty much whatever they want, because we're all just a bunch of consumer whores anymore.
Money talks. Stop buying their crap.
I would have encoded that info into the game a long time ago. I was looking at the bot situation in wows early days and thought to myself that there should be some details encoded into the screen that would allow Blizzard to track back to the account.
It would not take much at all. There were several areas of the screen that would lend its self to encoding information. I am sure you could do it with just a few bytes of information. Enough bytes to indicate account ID index (3 bytes) and a small date (2 bytes). You could encode this in as little as 2 pixels on the screen (but it would stand out). Something like this could be encoded into border patterns on the edge of controls and would be almost invisible.
I know you can customize the heck out of the display, but this would catch a lot people.
Okay, so there's some pattern that shows up against a completely untextured view of the world. How would they recover such a faint watermark from an ordinary view of the world, complete with complex textures in the background? For that sort of thing, you need a copy of the image without the watermark so that you can take the difference between the two, and that doesn't seem to be the case here. And if you wanted to covertly record someone's data, why go to this effort when you could just send it to your server without telling them?
Blizzard: What?
and ask him wtf is going on? MMorhaime@blizzard.com
to play GW2.
Got fed up with all the BS and emailed privacy@blizzard.com to have my account and all my games perma-deleted from their system. Took an untold number of weeks for them to finally follow through on it but I'm now no longer a zard-tard.
Doesn't look like many slashdotters here care, but if you actually do then claim your info back and stop affiliating with this once decent company.
As long as it doesn't have the address of your parents basement, I see nothing to worry about.
:wq
If someone ever actually manages to find Mankrik's wife, they need to know who and when so they can send the prize.
http://ninite.com/.net-7zip-air-chrome-firefox-flash-flashie-foxit-java-opera-pdfcreator-reader-safari-shockwave-silverlight/
that covers just about everything you would need download (on another computer) shove it onto a flash drive and then run on your new computer (must have network connection)
Any person using FTFY or editing my postings agrees to a US$50.00 charge
Posting anon for obvious reasons.
I recently sold my Blizzard account.
I sold it in a famous Brazilian auction site (Mercado Livre). I didn't include and personal info (obviously) in the ad, and my login ID/password and e-mail are vastly different from those registered with Blizzard.
Somehow, BEFORE THE AUCTION ENDED, thus before the buyer tried to log-in from his IP, I received an e-mail from Blizzard along the lines of "we already noticed you're trying to sell your account"
Well, fuck you, Blizzard. You were too late!! The sale went without a hitch and the buyer never reported any issues (he even added the Android authenticator).
Screw their overprotective ToS. I no longer care for their DRM-laden games, so I passed it along. No, I didn't make tons of money, but at least I made someone happy and screwed Blizzard some.
The only people who'd need to worry are those exploiting the game who've distorted their toon names thinking that's all they need to do hide their identities.
I swear to God...I swear to God! That is NOT how you treat your human!
All of the claims made are extremely dubious. You have an incredibly small group of random people making these so-called discoveries. The very fact that you can't find the watermark in non-lossy JPGs is in and of itself a considerable dispute of the claim. The algorithms used in various JPG encoders can result in various natural patterns, because there really is no such thing as true random.
And the OP's post is very misleading. It's implies that they've decoded the watermark. I've been following the thread since before it ever ended up on Slashdot, and all they have is what they interpreted to be binary data, and then converted that into hex values. Their "confirmation" of the data being encoded player info is based on a single person's supposed reverse engineering of the WoW binary, which has resulted in an incredibly detailed code listing which you normally only come close to if there are debugging symbols present, which I severely doubt Blizzard would be foolish enough to do, as it would aid in private server creation.
I don't have WoW installed anymore to dig around in the binaries myself, but I did have my brother send me a screenshot. These artifact patterns can be revealed in various ways, from sharpening to gamma and levels adjustments. But when gathered from a non-solid color screenshot, they're nearly impossible to distinguish from the rest of the image, making their usefulness as a way of tracking anyone far less viable.
Until we have more than 3-4 people on some forum, where, conveniently, someone released a tool to disable this (which couldn't possibly be designed to steal your WoW account info!), then I call bullshit on the entire thing.
FTP
But how would people discover the hostname of the FTP server with Firefox? The old Firefox ads never gave the hostname of an FTP server, just the hostname of a web site that could be visited with an existing web browser (in this case IE). One could Google get firefox without IE to find this guide, but that too would require using IE.
USB flash drive [...] external hard drive.
Which requires bootstrapping. It's like finding someone to make a Free McBoot card for your PS2. What's the best practice for finding someone else who can provide this?
CD ROM, DVD
If you mean pressed discs, the official Mozilla store is by invitation only; I just checked today. If you mean recordable media, these have the same bootstrapping problem as above.
Posted without bonus.
What kind of camera puts it there???? Let me know so I won't buy that brand.
Instead of pumping out FUD because you feel like it.
Some versions of the osx wow mop beta client have all the function names in it, it was widely distributed in what was pretty much an open beta. (active account = you got in) This is a well known fact to those that pay attention to such things.
As for the rest, they have pretty much finished working out the encoding algorithm.
(lol @ the captcha I got: "binaries")
And on that CD you can place *programs*. Programs that you can *install*. Programs like *browsers*. They will also tell you the IP address to set your DHCP service to in the joining pack, along with your email address and various other things that, until you get a valid account, you cannot get through opening up IE even if installed.
Really. IF they can't be considered personal or sensitive, then they can't be used to track down the PERSON who breaks something in the TOS. And what, exactly, is it in the TOS that they might be breaking that warrants this anyway?
Uh just read that thread guys, it's confirmed. Already with POC in several languages.
Can I light a sig ?
you have no idea what you are talking about. the fact that this pile of shit became a front page topic makes me sick. do some research before you get on your soap box about the privacy of games you don't even play. automated anti-hacking. end of story
Cool discovery.
This is a minor privacy leak, when someone creates a program to decode the watermarks. It will also be worthless for authenticating screenshots, because when someone can read the watermarks, it doesn't take much to fake one. Blizzard should have encrypted the info with a public key to solve these problems.
As it stands, it may be useful for others than Blizzard, to identify the origin of a screenshot (in a non-adversarial situation)
Really. Tell a Steamer that you WILL NOT use Steam for a game and you'll get a hundred nastygrams telling you variously that you're a tinfoil, idiot, wrong headed, trolling, only saying that because you've never used it or, rather smugly "well, you'll miss out on the game".
It's the same deal with Diablo III.
Say you won't use it and you're ridiculed for paranoia. Told that it is THEIR RIGHT as the publisher to buttfuck you. When the TOS changes, you'll get "well, I don't like it, but I agreed to an EULA that says they can change at any time". When you get illegal clauses, told "you're wrong, you're a pirate!". Or told that the buttfucking is necessary to stop cheaters or pirates or protect the developers.
You WILL NOT be allowed to not buy it, and DEFINITELY shouted down if you try to tell anyone else about the downsides of an "agreement".
Surprise-surprise on who is 'exposing' this originally. The "community" of cheaters at ownedcore.
This is pretty interesting, but I think the OP is trying to spread FUD about what the implications of this data are. There is no personally identifying information contained in this watermark. It contains the server IP, server time, and account name. That's it. Now there's a lot of confusion about what "account name" means, so let me explain it for those who don't know.
About the same time that this watermark apparently showed up (2008, the 3.0 patch associated with the WotLK expansion), Blizzard converted the WoW login system so that it was integrated with their new Battle.net 2.0 login system. At this time, it became necessary to login to WoW using your account's email address instead of your traditional account name. That traditional account name is what's being encoded into the watermark, not your email address login. If you created an account after the Battle.net 2.0 merger, then your "account name" is a unique string that isn't even display to its owner. Anywhere in the account management webpage or login screen that this string would appear, it instead displays "WoW1", "WoW2", etc. (if you have more than one account).
So there's basically no way to associate this "account name" with your login information, real identity, etc. If you play on a private server, that account name is going to be based on the private server's login system, not Blizzard's login system.
It's pretty obvious what the real purpose of these watermarks were: to identify users who violated the NDA of their closed betas and ban them from the beta, identify users attempting to sell their account, and possibly to identify the IP address of private servers to assist in attempting to shut them down.
Further, the probability that these info could be used to help harvest accounts for gold selling or to phish for accounts seems ridiculous. It'd be highly inefficient to spend so much time on a single user when for far less effort you could just spam a million harvested email addresses.
First of all, using a beta client as a basis, which is much more likely to watermark screenshots to begin with to make sure someone isn't passing around info they shouldn't be, is not an indication that the final client does or is doing anything. And I can't reiterate enough the uselessness of a watermark which is nearly impossible to use except in certain circumstances.
Second, I simply stated the facts. It's a group of 3-4 people who are "discovering" and dispersing all of this information. There is no correlation of this from anyone else of any reputable background. If you knew the definition of FUD, you would quickly realize that it's a group of unknown people shouting out something to fear based on unsubstantiated claims. Whoever posted this topic on Slashdot is completely irresponsible, and if it all turns out to be false, puts themselves at legal liability if Blizzard decided to make a stink about defamation.
So far, you effectively have a lot of coincidence and suspicions. Don't try to discredit me simply because I point out that fact. If you want to prove me wrong, then prove me wrong, and I will happily admit to being so. Otherwise, it all just appears like people want to hide and discredit my comment to keep the story alive for that much longer.
So lets stop giving these scummy companies our money.
How many times are you gonna let the same people screw you over?
Lets start showing a little self respect, huh?
I am sure that WoW's EULA covers this watermark, as it does the installation of The Warden service which actually tells Blizzard all the apps running on your computer at the time that you play their game. This is extremely intrusive, much more than this watermark.... I therefor suspect the wording used to perpetuate this EULA to encompass the warden would also apply to the watermarks.
Long Live WoW!
"Activision Blizzard Secretly Watermarking World of Warcraft Users"
Cool man!
That explains why I've seen all these people on the streets with that appears to be a photoshopped watermark on them.
What this world is coming to - is for you and me to decide.
Well, as a former WoW player, I decided to do due diligence and check my old screen shots. Any screenshots taken after WotLK due indeed have these watermarks. No they aren't jpeg compresion.
I am not affiliated with the researchers in any way.
It is easy to verify that screenshots have some kind of watermark by simply using a sharpen filter.
You have no indication that it's not jpg compression. Take any image, from anywhere on the internet, and sharpen it in this manner. Different images will give you different intricate patterns, depending on the encoder used.
You have no idea if this strange visual effect is really just a compression artifact resulting from light variations due to shaders which WoW employs, causing very subtle differences in the colors in certain equally spaced locations. As long as it visually looks fine, it wouldn't matter if their lighting techniques were a bit of a hack job underneath. Hell, look at the one image they linked on the forum, where a guy with a much larger screen resolution had a different pattern entirely.
Given that the most vocal detractor of my comment is also an Anonymous Coward, likely in order to retain moderating points, we'll just have to take your word that you're not him or part of the group.
IP address of the server, that seems harmless. Time, harmless.
Is the User ID secret or something that other players could see anyway?
People still play WoW? How much free time does the poster have?
Don't try to discredit me simply because I point out that fact
No, you gave your OPINION, not fact. Don't get the two confused.
Also, go back and RTFM, then go back and read it again until some FACTS sink in.
Such as your claim of "First of all, using a beta client as a basis, which is much more likely to watermark screenshots to begin with to make sure someone isn't passing around info they shouldn't be, is not an indication that the final client does or is doing anything"
If you'd read the forum properly you'd see that people on there are giving screenshots of NON-BETA clients that still have the watermark.
Don't try to discredit me simply because it proves you're a pedophile.
So all those times when we said we have screenshots of what happened and the GM staff says that screenshots are not valid?
Stay classy ActivisionBlizzard !
I can positively confirm this. It isn't in my earliest screenshots but it's definitely in my more recent ones. It's exactly the pattern they're talking about, and I've been able to successfully decode one using the same technique they have. It seems to be a DigiMarc watermark indeed: payload 88 bytes, including my numeric WoW account number (ending in #1), day, month, year, hour and minute (not seconds) and IPv4 of the realm. It's followed by a CRC-32, and repeated. On a 1920x1200 screenshot it starts at 176 pixels from the vertical, and it seems like the top and bottom "bands" are wide, and the middle one is "narrow" (the reverse of the pattern they observed, presumably in 1920x1080 screenshots?). It wasn't in 4.0.6. It is in current, live, released builds of WoW.
Just get a WoW screenshot, unsharp mask it with max strength with a radius of 1.0 pixels, and you'll probably be able to see it. I thought the JPEG compression was a bit poor quality compared to if I went out in TGA and packed it myself an intentional watermark wasn't what I expected - but there it is.
Disassembly of the WoW client shows the function specified in the thread at the offset they specify too, and it does indeed contain a call to a recognised DigiMarc watermarking function. I presume decoding uses autocorrelation of some form, given how regular it is.
I'm not sure it is necessarily a privacy issue: it doesn't contain any of your personal information directly--unless, of course, there is a way to look up account numbers. I'm not sure there is, although I've definitely seen them before somewhere I don't precisely recall.
To reiterate: I can confirm. The live client does this, on the default settings. Just try it and see.
Supposedly, if you /console SET screenshotQuality "9"
the "watermarking" goes away. Which, frankly, makes me extremely suspicious.
Either (1) that's a bug, (2) Blizzard took a decision to watermark some screen shots and not others, or (3) this is (as several people have suggested in the linked thread) a jpeg compression artifact, and not a watermark at all.
I notice that, so far, the information on how to read the supposed watermark (which would allow us all to independently confirm that a watermark is indeed what we're seeing) doesn't appear to have been published. Until it is, my money is firmly on (3) - a compression artifact.
Blizzard can easily monitor a users activeity outside of their network by "scraping screenshots". You don't think there's a privacy issue with that?
Especially since they've kept it under wraps for years and failed to mention it in the privacy policy?!
Hey by the way every time you post a screen we will track you. And be warned that anyone else who views your screenshot could potentially figure out what your User ID is. And if you upload the screenshot to a forum there is a chance that the forum software might have a vulnerability that allows virtually anyone to connect your WOW UserID to your Email Address on the forum and your IP address at which point they could figure out where you live, who your ISP is and pretty much everything else ...
So when google spiders stuff on the internet with the "default allow" of the internet requirement, this is real bad to copyright content owners. But when it comes to copyright content owners, default allow of their customers production is just fine and dandy...
>pedophile
Okay, troll confirmed, moving on to factually accurate articles.
They WILL NOT let you not buy it. They will hound you, insist you're wrong, insist that you MUST buy it, that it is your DUTY to buy it.
But you, being one of the retards going like a fapper over companies buggering everyone sideways, are being a twat.
Who gives a fuck? It's not like you wow addicts are going to stop throwing money at them anytime soon...
Their client their software they can do whatever they want. They have all the rights you have none.
Now get back to spending money and grinding you lusers.
Reducing the JPEG compression to minimum or switching to TGA makes the supposed "watermark" go away, when in reality (if it was indeed a watermark), it would make it easier to decode. These are clearly compression artifacts. Unsurprisingly, they haven't actually been able to read any data from this "pattern", or shown that the same user always gets the same pattern. They're just applying some random filters to an image and then speculating that the compression pattern means something about the user account.
is this the same blizzard that frowns upon people selling gold for cash, but turns a blind eye if that cash is used before-hand to purchase blizzard's own time cards or vanity pets/mounts? pet..kettle...black.
Its ironic that there is an add for WoW on this article.
The reason why the watermark is not mentioned in the TOS is because there is no moral, ethical, or most importantly legal reason to do so, because nothing in the watermark payload is information that can compromise a user's privacy. Blizz started using the watermarks to enforce NDAs with its beta testers, and probably also to locate non-licensed private game servers. Hard to see how you could get your knickers in a twist about this, unless you are a paid shill for one of Blizz's competitors, in which case you've now outed yourself and will be hitting our plonk files in short order.
I haven't seen anyone mention why this matters. If you get a kill in the game, you used to be required to post a screenshot to prove it in the online forum, although this isn't necessarily de rigueur anymore with the advent of the achievement system. Thus, SSDD, screenshot or it didn't happen. It could still be important though to back up your argument in some type of situation.
what's wrong with wget?
What's wrong is that "'wget' is not recognized as an internal or external command, operable program or batch file." In order to download, install, and use Wget without ever opening IE, one has to already know on what FTP server the Windows binary of Wget is stored.