Slashdot Mirror

← Back to Stories (view on slashdot.org)

Activision Blizzard Secretly Watermarking World of Warcraft Users

Posted by timothy on from the information-theory dept.

New submitter kgkoutzis writes "A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark. This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time. It can be used to track down activities which are against Blizzard's Terms of Service, like hacking the game or running a private server. The users were never notified by the ToS that this watermarking was going on so, for four years now, we have all been publicly sharing our account and realm information for hackers to decode and exploit. You can find more information on how to access the watermark in the aforementioned forum post which is still quite active."

9 of 272 comments (clear)

  1. Re:Unsubstantiated Rubbish by Anonymous Coward · · Score: 5, Informative

    If you read the thread, other people have actually decoded those "compression artifacts", and even wrote a tool to do it so, no, those aren't just artifacts.

  2. Re:Other games? by Zocalo · · Score: 5, Funny

    I know surfing the web using Internet Explorer can be a bit of an adventure, but even so, I think that's probably the first time I've seen it referred to as a "game".

    --
    UNIX? They're not even circumcised! Savages!
  3. Substantiated Fact by L4t3r4lu5 · · Score: 5, Informative

    This post has a script to save the watermark only

    Next time, actually read the thread before posting.

    --
    Finally had enough. Come see us over at https://soylentnews.org/
    1. Re:Substantiated Fact by crazyjj · · Score: 5, Funny

      Hell, sometimes I don't even read the comments before replying.

      --
      What political party do you join when you don't like Bible-thumpers *or* hippies?
  4. Re:Unsubstantiated Rubbish by kgkoutzis · · Score: 5, Informative

    From reading the thread, the artifacts do not appear when JPEG quality is set to 10 (i.e. maximum) or if a non-lossy algorithm is used (like TIFF or PNG). If this was meant to be a watermark, the programmer who wrote the algorithm should be fired.

    These are most likely JPEG compression artefacts.

    They did this on purpose, in order to avoid having their watermark identified when viewing the images in really high quality. An Assembly expert wrote some code that allows you to add this watermark on purpose in the high quality images: http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687 We also decoded the content of the watermark and it indeed contains the account information, as mentioned. It is NOT artifacts. Please read the full forum post before posting dis-informative comments. Thank you.

  5. Re:Unsubstantiated Rubbish by Anonymous Coward · · Score: 5, Informative

    I'm not surprised the commenter above didn't read the posts following the first post of the source.

    What's important are these posts:

    1.) Disassembly from the Mac OS X client, which shows watermark functions triggered in the screenshot routine.
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-2.html#post2489452

    2.) Using a memory modifier, the client is edited to only save the watermark (discarding the actual screenshot) even in JPEG 10 and Lossless formats. Completely disproves compression artefacts theory.
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-4.html#post2491687

    3.) Further disassembly shows the following are included in the watermark: Account Name, Realm Info (Serialized, unknown content), Realm IP, Timestamp
    http://www.ownedcore.com/forums/world-of-warcraft/world-of-warcraft-general/375573-looking-inside-your-screenshots-5.html#post2492494

    You really should read some of the posts in between as well, linking Digimarc to Blizzard Activision, patents filed by Digimarc describing precisely this watermarking technique (and possible predecessors), and how the payload (88 bytes) is repeated multiple times exactly to 5808 bytes in order to survive anticipated resizing and further compression.

    Whilst I'm sure they may have good intents (for support maybe? giving benefit of the doubt here), it's these kinds of tricks being pulled by digital companies whilst keeping consumers in the dark that really turns me off.

  6. Re:sketchy but legit by fuzzyfuzzyfungus · · Score: 5, Insightful

    The difference with digital camera watermarking is that EXIF is a (not always obvious depending on the UI, and sometimes less standard that it ought to be) standardized metadata storage system. The internet is rife with amusing mistakes made by people who don't know about exif and upload anyway; but that's a UI/user problem. The fields are well known, easily viewed and edited with commonly available software, and not designed to be covert or strip-resistant in any way. Some imaging devices are, quite arguably, excessively chatty by default, and that is a legitimate concern given user ignorance; but there isn't anything sneaky about the technology.

    Watermarks, at least in this incarnation, are designed to be covert, strip-resistant, and are not intended for the creator of the image to be aware of.

    This is a 'prisons and fortresses share certain architectural similarties; but do not share purposes' situation...

  7. Re:Why? by Empiric · · Score: 5, Insightful

    "This watermark includes our user IDs, the time the screenshot was captured and the IP address of the server we were on at the time."

    And, without a password to go with that user ID, none of these are what one should reasonably consider "personal" or "sensitive" in the first place.

    IMHO, in terms of privacy concerns, this is a non-story. Simply presenting it to Slashdot as a neat graphical hack would make more tinfoil-free sense.

    --
    ~ Whence do you come, slayer of men, or where are you going, conqueror of space?
  8. Interesting, but... by ildon · · Score: 5, Informative

    This is pretty interesting, but I think the OP is trying to spread FUD about what the implications of this data are. There is no personally identifying information contained in this watermark. It contains the server IP, server time, and account name. That's it. Now there's a lot of confusion about what "account name" means, so let me explain it for those who don't know.

    About the same time that this watermark apparently showed up (2008, the 3.0 patch associated with the WotLK expansion), Blizzard converted the WoW login system so that it was integrated with their new Battle.net 2.0 login system. At this time, it became necessary to login to WoW using your account's email address instead of your traditional account name. That traditional account name is what's being encoded into the watermark, not your email address login. If you created an account after the Battle.net 2.0 merger, then your "account name" is a unique string that isn't even display to its owner. Anywhere in the account management webpage or login screen that this string would appear, it instead displays "WoW1", "WoW2", etc. (if you have more than one account).
    So there's basically no way to associate this "account name" with your login information, real identity, etc. If you play on a private server, that account name is going to be based on the private server's login system, not Blizzard's login system.

    It's pretty obvious what the real purpose of these watermarks were: to identify users who violated the NDA of their closed betas and ban them from the beta, identify users attempting to sell their account, and possibly to identify the IP address of private servers to assist in attempting to shut them down.

    Further, the probability that these info could be used to help harvest accounts for gold selling or to phish for accounts seems ridiculous. It'd be highly inefficient to spend so much time on a single user when for far less effort you could just spam a million harvested email addresses.