Slashdot Mirror

← Back to Stories (view on slashdot.org)

Activision Blizzard Secretly Watermarking World of Warcraft Users

Posted by timothy on from the information-theory dept.

New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."

34 of 272 comments (clear)

  1. Other games? by SJHillman · · Score: 4, Interesting

    Is this known to be the case for any other games? IE: Diablo III?

    1. Re:Other games? by Zocalo · · Score: 5, Funny

      I know surfing the web using Internet Explorer can be a bit of an adventure, but even so, I think that's probably the first time I've seen it referred to as a "game".

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:Other games? by tepples · · Score: 3, Funny

      So I take it the only way to win IE is not to play. In that case, how does one start with a store-bought PC and download something better such as Firefox, Chrome, or a whole different operating system, without playing?

    3. Re:Other games? by the+simurgh · · Score: 3, Interesting

      i wonder how long till a lawsuit is filled because activision basically gave hackers all the info they needed to hack accounts and never told account holders not to post screengrabs because it contained account info.

    4. Re:Other games? by Anonymous Coward · · Score: 3, Informative

      It contains the account name (which cannot be used to login anyways since you have to use a battle.net ID to login now), and the IP of the server you're playing on (which is public anyways), and the timestamp. Not sure if I know what info you're talking about that "basically gave hackers all the info they needed to hack accounts."

  2. Brain encoding. by Valor958 · · Score: 3, Funny

    It's not actually a watermark on the picture. It's a watermark encoded in your brain from playing too much WoW.

  3. Ouch by ledow · · Score: 4, Interesting

    Ouch. That's gotta hurt. I think there's a case for even places like the EU commission there, if people are unknowingly distributing other's data.

    That said, I don't really care because I've never touched WoW. But, yeah, I can see the problem. 4 years of IP -> client records, plus things like date-time stamps. If nothing else, that's a whole host of web-crawling to link people to IP's, accounts.

    You kind of expect it in pre-release reviews or betas or something but in the full client and in every screenshot? Bit nasty.

    More interesting - what other games do that?

    1. Re:Ouch by Anonymous Coward · · Score: 3, Informative

      More then you think. It was a feature in spore. It let you drag the image to the game and the game would pick up the animal in the image. It was an awesome feature.

    2. Re:Ouch by theArtificial · · Score: 3, Insightful

      A megacorp acts like an asshat and reveals personal data online via photo watermarking

      Personal information?

      Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

      The embedded IP address is the IP address of the server you're connected to. IP addresses are not personal information. The account name is not personal. If I follow this logic your email address is personal information, and so is your license plate? From their terms of service:

      For some activities, we may ask you to create a username and password and/or to provide other, non-personal information such as your age, date of birth, gender, and/or game and platform preferences; and, combine such information with your personal information.

      I've come to expect ALL megacorps act like asshats nowadays. It's a challenge to find one that doesn't.

      What do you expect, they're made up of people. I can see this really impacting someone who signed an NDA not to disclose things which they willingly agreed to in the first place. I'm sure you've never played Wow for any period of time because if you had, you'd realize when updates happen to their Terms, they present them to you and require you scroll through them and agree to them before you'll be able to access the game. I don't have some hardon for Blizzard but none of what they're collecting is personal.

      --
      Man blir trött av att gå och göra ingenting.
    3. Re:Ouch by theArtificial · · Score: 3, Insightful

      Yes, I consider those things my personal details, along with my street address, phone number, bank account number, etc. etc.

      Something interesting about public information and personal information is it varies from jurisdiction to jurisdiction. Email addresses are used by both individuals and businesses. In the case of politicians or when requesting public records, in many situations emails are public knowledge. Not to mention many email providers provide indexes listing their members which are opt in. Your address is public knowledge as well as personally identifiable and is even listed on the side of your house and often times painted on the curb out front, and probably listed in a phone book. Look out Google Streetview! Your phone number is public knowledge and personally identifiable. It's also spread around when/if you: sign up for any discount memberships through a supermarket, opened a new business, registered a domain name (without the 'privacy guard').

      TL;DR:
      Besides the financial information, it's a legal question and depends where you reside.

      --
      Man blir trött av att gå och göra ingenting.
  4. Reminds me of the Printer affair by Penurious+Penguin · · Score: 4, Informative

    HP (and others) used to, or maybe still do, use watermarking in printers to hide data revealing time, printer type, etc.
    http://news.cnet.com/8301-10784_3-5811739-7.html
    https://www.eff.org/issues/printers
    ~ Meta data is watching

    --
    Forward! -- Emperor Norton, 2012
    1. Re:Reminds me of the Printer affair by Anonymous Coward · · Score: 4, Informative

      https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
      http://miami.typepad.com/springyleaks/2012/05/foia-release-names-spy-printers.html

  5. Re:Just JPG artifacts by Anonymous Coward · · Score: 3, Funny

    "Watermarks do not work that way!!! Good night!"

  6. sketchy but legit by v1 · · Score: 4, Interesting

    Their TOS describes how and what info is SENT to them by the client. This is information on your own computer. They don't have to tell you all the places they store your information. Think copy protection. There's a good deal of sneaky things they're doing on your computer to make sure you're running a legit license. They don't have to tell you about any of that. If you take a file that their client makes, and upload it somewhere, it may contain identifying information in it. This just happens to be a screenshot / image, that you wouldn't normally expect metadata to be in.

    It's not too different than say, your digital camera embedding metadata. And it does. A lot. Usually common things like date/time, fstop, exposure, etc, but also can include model of camera, CAMERA SERIAL NUMBER, gps location, firmware version, total number of shots taken, etc etc.

    So you can take off the tinfoil hat. It's too late. They're already in your head.

    --
    I work for the Department of Redundancy Department.
    1. Re:sketchy but legit by fuzzyfuzzyfungus · · Score: 5, Insightful

      The difference with digital camera watermarking is that EXIF is a (not always obvious depending on the UI, and sometimes less standard that it ought to be) standardized metadata storage system. The internet is rife with amusing mistakes made by people who don't know about exif and upload anyway; but that's a UI/user problem. The fields are well known, easily viewed and edited with commonly available software, and not designed to be covert or strip-resistant in any way. Some imaging devices are, quite arguably, excessively chatty by default, and that is a legitimate concern given user ignorance; but there isn't anything sneaky about the technology.

      Watermarks, at least in this incarnation, are designed to be covert, strip-resistant, and are not intended for the creator of the image to be aware of.

      This is a 'prisons and fortresses share certain architectural similarties; but do not share purposes' situation...

  7. Re:That's no watermark... by Big+Hairy+Ian · · Score: 3, Funny

    No it's a sail boat!

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  8. Re:Unsubstantiated Rubbish by gl4ss · · Score: 3, Insightful

    it's a pretty far done troll if so, if you read further to the thread(there was some disassembly from mac client).

    (it would be entirely feasible that they remove the watermark at full quality.. because it would be obvious then).

    this is blizzard we're talking about after all. (I don't think jpg artifacts would position themselves like that, not on any of my pron pics anyways)

    --
    world was created 5 seconds before this post as it is.
  9. Re:Why? by iamagloworm · · Score: 3, Interesting

    One may also ask 'Why would you play WoW?' but the answer is not a pleasant thing to say.

  10. Re:Unsubstantiated Rubbish by Anonymous Coward · · Score: 5, Informative

    If you read the thread, other people have actually decoded those "compression artifacts", and even wrote a tool to do it so, no, those aren't just artifacts.

  11. Substantiated Fact by L4t3r4lu5 · · Score: 5, Informative

    This post has a script to save the watermark only

    Next time, actually read the thread before posting.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Substantiated Fact by Yvan256 · · Score: 3, Funny

      I'm sorry but that's totally false. The moon isn't made of cheese.

    2. Re:Substantiated Fact by crazyjj · · Score: 5, Funny

      Hell, sometimes I don't even read the comments before replying.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
  12. Re:Unsubstantiated Rubbish by kgkoutzis · · Score: 5, Informative

    From reading the thread, the artifacts do not appear when JPEG quality is set to 10 (i.e. maximum) or if a non-lossy algorithm is used (like TIFF or PNG). If this was meant to be a watermark, the programmer who wrote the algorithm should be fired.

    These are most likely JPEG compression artefacts.

    They did this on purpose, in order to avoid having their watermark identified when viewing the images in really high quality. An Assembly expert wrote some code that allows you to add this watermark on purpose in the high quality images: http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687 We also decoded the content of the watermark and it indeed contains the account information, as mentioned. It is NOT artifacts. Please read the full forum post before posting dis-informative comments. Thank you.

  13. Re:Unsubstantiated Rubbish by Anonymous Coward · · Score: 5, Informative

    I'm not surprised the commenter above didn't read the posts following the first post of the source.

    What's important are these posts:

    1.) Disassembly from the Mac OS X client, which shows watermark functions triggered in the screenshot routine.
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-2.html#post2489452

    2.) Using a memory modifier, the client is edited to only save the watermark (discarding the actual screenshot) even in JPEG 10 and Lossless formats. Completely disproves compression artefacts theory.
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687

    3.) Further disassembly shows the following are included in the watermark: Account Name, Realm Info (Serialized, unknown content), Realm IP, Timestamp
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-5.html#post2492494

    You really should read some of the posts in between as well, linking Digimarc to Blizzard Activision, patents filed by Digimarc describing precisely this watermarking technique (and possible predecessors), and how the payload (88 bytes) is repeated multiple times exactly to 5808 bytes in order to survive anticipated resizing and further compression.

    Whilst I'm sure they may have good intents (for support maybe? giving benefit of the doubt here), it's these kinds of tricks being pulled by digital companies whilst keeping consumers in the dark that really turns me off.

  14. Re:Absurd by fuzzyfuzzyfungus · · Score: 4, Funny

    Blizzard actually poisons the kernel entropy pool so cleverly that 'random' behaviors by the computer end up leaking identifiable information. Very sneaky of them...

  15. Re:Ask Slashdot by hawguy · · Score: 3, Funny

    Sigh. This kind of story makes me miss ignorant Ask Slashdot questions. I wonder if the OP would mind if I told him how to select the best network cable for use at home.

    I'd like to know - the cheap cables I keep buying on eBay often fail after a few plug/unplug cycles, and the $20 Systimax patch cables seem like overkill.

  16. Re:Why? by RogueyWon · · Score: 4, Informative

    I'm assuming you're just being sarky, but the question sort-of merits a proper answer in case anybody is actually interested. There are a few reasons:

    1) Proof of a particular achievement. Guild websites etc frequently post screenshots of kills of new bosses (or of Arena victories if they're PvP focussed) to demonstrate the level they're playing at as an aid to recruitment. You see less of this these days, since the game added an actual achievement system, along the lines of that seen on Xbox Live or Steam.

    2) Guides and walkthroughs for particular parts of the game (generally boss fights). There's a trend these days towards using youtube videos as a substitute for more traditional text-and-pictures guides. Now, youtube videos can have their place in describing MMO encounters (though I hate, loathe and despise them as a susbstitute for walkthroughs for offline games), but text-and-pictures is still much more convenient for a quick-reference guide and people are still making them.

    3) Requests for technical help. Something along the lines of "hey, guys, I installed addon x, but it doesn't seem to be working properly - here's a screenshot".

    4) Random silliness - either "look, I managed to get my character somewhere that's supposed to be inaccessible" (which you see less of these days) or "look, we used 500 dead gnomes to spell out "bumpoo" in giant letters across the Barrens".

  17. Re:Unsubstantiated Rubbish by JustOK · · Score: 4, Funny

    Why? What did it say?

    --
    rewriting history since 2109
  18. Re:Unsubstantiated Rubbish by Mortimer82 · · Score: 4, Informative

    The thread indicates it may have appeared during WotLK alpha builds and only contains:
    - Account name that was used pre-BNET or otherwise a post-BNET numeric account name. (email address is NOT included)
    - IP address of the realm you are connected to, NOT the client IP. (However, this could be used to identify pirate servers).
    - The time the screenshot was taken

    I suspect it was most likely used to catch people leaking imagery of alpha builds which were not allowed to be made public. WotLK was the last WoW expansion Blizzard tried to keep secret for the alpha, but everyone was leaking it despite very clear NDAs having to be agreed to by all who participated. With their next expansion, they didn't bother with an NDA outside of a very small group of initial internal testers.

    I wouldn't call this any kind of breach of privacy as none of the information is personal. An account name can only be matched to a real name by Blizzard and only if you play on their servers.

    Of course privacy zealots will say otherwise, but each to their own.

  19. Re:Why? by Empiric · · Score: 5, Insightful

    "This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time."

    And, without a password to go with that user ID, none of these are what one should reasonably consider "personal" or "sensitive" in the first place.

    IMHO, in terms of privacy concerns, this is a non-story. Simply presenting it to Slashdot as a neat graphical hack would make more tinfoil-free sense.

    --
    ~ Whence do you come, slayer of men, or where are you going, conqueror of space?
  20. Interesting, but... by ildon · · Score: 5, Informative

    This is pretty interesting, but I think the OP is trying to spread FUD about what the implications of this data are. There is no personally identifying information contained in this watermark. It contains the server IP, server time, and account name. That's it. Now there's a lot of confusion about what "account name" means, so let me explain it for those who don't know.

    About the same time that this watermark apparently showed up (2008, the 3.0 patch associated with the WotLK expansion), Blizzard converted the WoW login system so that it was integrated with their new Battle.net 2.0 login system. At this time, it became necessary to login to WoW using your account's email address instead of your traditional account name. That traditional account name is what's being encoded into the watermark, not your email address login. If you created an account after the Battle.net 2.0 merger, then your "account name" is a unique string that isn't even display to its owner. Anywhere in the account management webpage or login screen that this string would appear, it instead displays "WoW1", "WoW2", etc. (if you have more than one account).
    So there's basically no way to associate this "account name" with your login information, real identity, etc. If you play on a private server, that account name is going to be based on the private server's login system, not Blizzard's login system.

    It's pretty obvious what the real purpose of these watermarks were: to identify users who violated the NDA of their closed betas and ban them from the beta, identify users attempting to sell their account, and possibly to identify the IP address of private servers to assist in attempting to shut them down.

    Further, the probability that these info could be used to help harvest accounts for gold selling or to phish for accounts seems ridiculous. It'd be highly inefficient to spend so much time on a single user when for far less effort you could just spam a million harvested email addresses.

  21. Re:Unsubstantiated Rubbish by Mortimer82 · · Score: 4, Interesting

    Their compromised database is indeed a very serious privacy issue. From a security point of view, fortunately they used a good enough password hashing technique that it is largely impractical to extract passwords from the dump.

    From my experience, with almost all people who have their accounts compromised, it was due to phishing or malware. Consequently, account names in screenshots will probably not make any difference to how many people have account security issues.

  22. Re:That's no watermark... by englishknnigits · · Score: 3, Funny

    A schooner IS a sail boat stupid head!

  23. Re:That's no watermark... by Anonymous Coward · · Score: 4, Funny

    My apologies- I thought your comment came across a bit like you (personally) were trying to excuse the company with that rationale, rather than merely explaining their position. I'm happy to accept that this was a misinterpretation.

    What? No, dude, that's not how Internet debates are supposed to work! Dig in your heels, accuse the GP of backpedaling, and burn that strawman to the motherfucking ground!