Slashdot Mirror
Activision Blizzard Secretly Watermarking World of Warcraft Users
New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."
Is this known to be the case for any other games? IE: Diablo III?
It's not actually a watermark on the picture. It's a watermark encoded in your brain from playing too much WoW.
Ouch. That's gotta hurt. I think there's a case for even places like the EU commission there, if people are unknowingly distributing other's data.
That said, I don't really care because I've never touched WoW. But, yeah, I can see the problem. 4 years of IP -> client records, plus things like date-time stamps. If nothing else, that's a whole host of web-crawling to link people to IP's, accounts.
You kind of expect it in pre-release reviews or betas or something but in the full client and in every screenshot? Bit nasty.
More interesting - what other games do that?
HP (and others) used to, or maybe still do, use watermarking in printers to hide data revealing time, printer type, etc.
http://news.cnet.com/8301-10784_3-5811739-7.html
https://www.eff.org/issues/printers
~ Meta data is watching
Forward! -- Emperor Norton, 2012
"Watermarks do not work that way!!! Good night!"
Their TOS describes how and what info is SENT to them by the client. This is information on your own computer. They don't have to tell you all the places they store your information. Think copy protection. There's a good deal of sneaky things they're doing on your computer to make sure you're running a legit license. They don't have to tell you about any of that. If you take a file that their client makes, and upload it somewhere, it may contain identifying information in it. This just happens to be a screenshot / image, that you wouldn't normally expect metadata to be in.
It's not too different than say, your digital camera embedding metadata. And it does. A lot. Usually common things like date/time, fstop, exposure, etc, but also can include model of camera, CAMERA SERIAL NUMBER, gps location, firmware version, total number of shots taken, etc etc.
So you can take off the tinfoil hat. It's too late. They're already in your head.
I work for the Department of Redundancy Department.
No it's a sail boat!
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
it's a pretty far done troll if so, if you read further to the thread(there was some disassembly from mac client).
(it would be entirely feasible that they remove the watermark at full quality.. because it would be obvious then).
this is blizzard we're talking about after all. (I don't think jpg artifacts would position themselves like that, not on any of my pron pics anyways)
world was created 5 seconds before this post as it is.
One may also ask 'Why would you play WoW?' but the answer is not a pleasant thing to say.
If you read the thread, other people have actually decoded those "compression artifacts", and even wrote a tool to do it so, no, those aren't just artifacts.
This post has a script to save the watermark only
Next time, actually read the thread before posting.
Finally had enough. Come see us over at https://soylentnews.org/
From reading the thread, the artifacts do not appear when JPEG quality is set to 10 (i.e. maximum) or if a non-lossy algorithm is used (like TIFF or PNG). If this was meant to be a watermark, the programmer who wrote the algorithm should be fired.
These are most likely JPEG compression artefacts.
They did this on purpose, in order to avoid having their watermark identified when viewing the images in really high quality. An Assembly expert wrote some code that allows you to add this watermark on purpose in the high quality images: http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687 We also decoded the content of the watermark and it indeed contains the account information, as mentioned. It is NOT artifacts. Please read the full forum post before posting dis-informative comments. Thank you.
I'm not surprised the commenter above didn't read the posts following the first post of the source.
What's important are these posts:
1.) Disassembly from the Mac OS X client, which shows watermark functions triggered in the screenshot routine.
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-2.html#post2489452
2.) Using a memory modifier, the client is edited to only save the watermark (discarding the actual screenshot) even in JPEG 10 and Lossless formats. Completely disproves compression artefacts theory.
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687
3.) Further disassembly shows the following are included in the watermark: Account Name, Realm Info (Serialized, unknown content), Realm IP, Timestamp
http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-5.html#post2492494
You really should read some of the posts in between as well, linking Digimarc to Blizzard Activision, patents filed by Digimarc describing precisely this watermarking technique (and possible predecessors), and how the payload (88 bytes) is repeated multiple times exactly to 5808 bytes in order to survive anticipated resizing and further compression.
Whilst I'm sure they may have good intents (for support maybe? giving benefit of the doubt here), it's these kinds of tricks being pulled by digital companies whilst keeping consumers in the dark that really turns me off.
If you look at the JPEGs in a mirror you can see a hidden message "Hello, hunters. Congratulations. You've just discovered the secret message. Please send your answer to Old Pink, care of the funny farm, Chalfont."
Blizzard actually poisons the kernel entropy pool so cleverly that 'random' behaviors by the computer end up leaking identifiable information. Very sneaky of them...
Sigh. This kind of story makes me miss ignorant Ask Slashdot questions. I wonder if the OP would mind if I told him how to select the best network cable for use at home.
I'd like to know - the cheap cables I keep buying on eBay often fail after a few plug/unplug cycles, and the $20 Systimax patch cables seem like overkill.
and ask him wtf is going on? MMorhaime@blizzard.com
From the frequent "how to I open a screenshot" posts that used to appear in the WoW TS forum, I suspect it was changed to lower support calls.
I'm assuming you're just being sarky, but the question sort-of merits a proper answer in case anybody is actually interested. There are a few reasons:
1) Proof of a particular achievement. Guild websites etc frequently post screenshots of kills of new bosses (or of Arena victories if they're PvP focussed) to demonstrate the level they're playing at as an aid to recruitment. You see less of this these days, since the game added an actual achievement system, along the lines of that seen on Xbox Live or Steam.
2) Guides and walkthroughs for particular parts of the game (generally boss fights). There's a trend these days towards using youtube videos as a substitute for more traditional text-and-pictures guides. Now, youtube videos can have their place in describing MMO encounters (though I hate, loathe and despise them as a susbstitute for walkthroughs for offline games), but text-and-pictures is still much more convenient for a quick-reference guide and people are still making them.
3) Requests for technical help. Something along the lines of "hey, guys, I installed addon x, but it doesn't seem to be working properly - here's a screenshot".
4) Random silliness - either "look, I managed to get my character somewhere that's supposed to be inaccessible" (which you see less of these days) or "look, we used 500 dead gnomes to spell out "bumpoo" in giant letters across the Barrens".
Got fed up with all the BS and emailed privacy@blizzard.com to have my account and all my games perma-deleted from their system. Took an untold number of weeks for them to finally follow through on it but I'm now no longer a zard-tard.
Doesn't look like many slashdotters here care, but if you actually do then claim your info back and stop affiliating with this once decent company.
Wait, they added un unencrypted watermark? Why on earth would you NOT encrypt a watermark of this kind?
Why? What did it say?
rewriting history since 2109
The thread indicates it may have appeared during WotLK alpha builds and only contains:
- Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included)
- IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers).
- The time the screenshot was taken
I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Of course privacy zealots will say otherwise, but each to their own.
Dude have you ever tried to support clueless users? I would remind everyone this is WoW, a game that has everyone from Mr T to soccer moms playing the thing.
In hindsight was it a good idea to put this data in there without it being encrypted? Probably not but oh Lord I can see why they did it! Personally i wish I had an easy way to have the relevant data on the system just handed to me in a screenshot by the user pushing a single button than playing twenty questions like "What OS are you running?" what's an OS? "What version of Windows is on the machine?" Windows "Windows what?" Huh?
Now picture that conversation going on for a half an hour or more and you can see why tech support would want a way to have the facts just handed to them, because I can imagine with the volume of support calls with issues like "My Warcraft looks funny!" cutting through the bullshit would seriously cut down on support time.
ACs don't waste your time replying, your posts are never seen by me.
"This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time."
And, without a password to go with that user ID, none of these are what one should reasonably consider "personal" or "sensitive" in the first place.
IMHO, in terms of privacy concerns, this is a non-story. Simply presenting it to Slashdot as a neat graphical hack would make more tinfoil-free sense.
~ Whence do you come, slayer of men, or where are you going, conqueror of space?
Some years ago I developed my own steganography techniques and those pictures reminded me of that.
You only need such patterns to encode information in lossy formats due to the compression artifacts. If you use a lossless picture, where every bit of every pixel is perfectly preserved, there are much more efficient ways to hide any information in the picture.
Most likely the TIFF, PNG and other lossless formats contain the same information or even more, just encoded in a different way.
So, if you want to avoid leaking your account details, save screenshots in a lossless format and then convert it to a lossy format.
I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.
Or you have a dump the hackers made of their client list, which contained screen names as well as other info. They could then use this hacked info to get to any of the other data, especially by someone who posted a screen capture online. Using the leaked DB could tie that screen capture to MUCH more data.
today is spelling optional day.
It would be possible to use that information to get the first part of what is needed to actually log into an account. You've got the player name and realm, with that alone its easier to compromise an account. Although it is of course easier just to take the whole user list from Blizzard....
Blatant Advert: Android Apps!
Also, whoever decided that screenshots should be saved as jpeg by default (assuming it is default) should be fired.
From a cannon.
Into the sun.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
This is pretty interesting, but I think the OP is trying to spread FUD about what the implications of this data are. There is no personally identifying information contained in this watermark. It contains the server IP, server time, and account name. That's it. Now there's a lot of confusion about what "account name" means, so let me explain it for those who don't know.
About the same time that this watermark apparently showed up (2008, the 3.0 patch associated with the WotLK expansion), Blizzard converted the WoW login system so that it was integrated with their new Battle.net 2.0 login system. At this time, it became necessary to login to WoW using your account's email address instead of your traditional account name. That traditional account name is what's being encoded into the watermark, not your email address login. If you created an account after the Battle.net 2.0 merger, then your "account name" is a unique string that isn't even display to its owner. Anywhere in the account management webpage or login screen that this string would appear, it instead displays "WoW1", "WoW2", etc. (if you have more than one account).
So there's basically no way to associate this "account name" with your login information, real identity, etc. If you play on a private server, that account name is going to be based on the private server's login system, not Blizzard's login system.
It's pretty obvious what the real purpose of these watermarks were: to identify users who violated the NDA of their closed betas and ban them from the beta, identify users attempting to sell their account, and possibly to identify the IP address of private servers to assist in attempting to shut them down.
Further, the probability that these info could be used to help harvest accounts for gold selling or to phish for accounts seems ridiculous. It'd be highly inefficient to spend so much time on a single user when for far less effort you could just spam a million harvested email addresses.
Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.
From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.
Oof. You have no idea how many times I've seen people blame Exchange/Outlook because a link like that in an email didn't work. "It's all Microsoft's fault!" Well, I guess in a way it is, since MS enabled even idiots to use a computer.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
First of all, using a beta client as a basis, which is much more likely to watermark screenshots to begin with to make sure someone isn't passing around info they shouldn't be, is not an indication that the final client does or is doing anything. And I can't reiterate enough the uselessness of a watermark which is nearly impossible to use except in certain circumstances.
Second, I simply stated the facts. It's a group of 3-4 people who are "discovering" and dispersing all of this information. There is no correlation of this from anyone else of any reputable background. If you knew the definition of FUD, you would quickly realize that it's a group of unknown people shouting out something to fear based on unsubstantiated claims. Whoever posted this topic on Slashdot is completely irresponsible, and if it all turns out to be false, puts themselves at legal liability if Blizzard decided to make a stink about defamation.
So far, you effectively have a lot of coincidence and suspicions. Don't try to discredit me simply because I point out that fact. If you want to prove me wrong, then prove me wrong, and I will happily admit to being so. Otherwise, it all just appears like people want to hide and discredit my comment to keep the story alive for that much longer.
A schooner IS a sail boat stupid head!
ftp.mozilla.org uses "round robbin" style mirroring. You connect to that host, and it automatically directs you to an ftp server.
That's how I do it, anyway:
230 Login successful. /pub/firefox/releases/15.0.1/win32/en-US
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 ftp ftp 17790056 Sep 05 18:41 Firefox Setup 15.0.1.exe
-rw-r--r-- 1 ftp ftp 189 Sep 05 18:41 Firefox Setup 15.0.1.exe.asc
226 Directory send OK.
ftp> get "Firefox Setup 15.0.1.exe"
local: Firefox Setup 15.0.1.exe remote: Firefox Setup 15.0.1.exe
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for Firefox Setup 15.0.1.exe (17790056 bytes).
226 Transfer complete.
17790056 bytes received in 4.45 secs (3.9e+03 Kbytes/sec)
ftp> bye
221 Goodbye.
So if you are going to be taking screen shots of your cheating. Might as well get tracked down and banned because of it.
And if you *haven't* actually been cheating, but you've posted pictures of your WoW game for whatever reason over the years anyway, it's okay that identifying information was embedded without your knowledge (possibly to be used against you years later in circumstances like, oh... *this case*) even if you had good reason to want to remain anonymous?
Actually, I don't care whether the person *was* cheating, it doesn't excuse this sort of thing. If Activision had wanted to do this, they should have been open about it happening, if not the precise mechanics of how it was implemented.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
You confuse explaining a rational for doing sometime, with an endorsement for the practice.
The gaming company know that cheaters are a problem, then they need to figure out where to draw the line.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
FTP which on windows workstations is handled, by default, by IE and to get a ftp client like filezilla you will probably use a browser, - chicken vs egg
[Start] => Run => cmd.exe
>ftp ftp.mozilla.org
A native CLI FTP app has been included in Windows since (iirc) Win95.
What? No, dude, that's not how Internet debates are supposed to work! Dig in your heels, accuse the GP of backpedaling, and burn that strawman to the motherfucking ground!