Even World of Warcraft is tracking you!

Over the last few months I've written many times about how we're being monitored and measured then sliced and diced to either make sure we're not terrorists, drug smugglers or felons or so we can be more effectively sold to.

Just a couple of weeks ago I wrote about the terahertz scanners that can analyze our body chemicals, and before that it was the evaporation of our privacy, the loss of our internet rights, stopping employers from accessing our Facebook accounts, and how we are Google's product.

On and on goes the parade of our violated privacy, and the problem is that once the cat's out of the bag, the genie's out of the bottle, and the fat lady has started to sing, these lost digital rights are forever gone. You can't get your privacy back once it's been stolen any more than you can unmix a gin and tonic.

Now, as much as we all deplore the government's overreach in the name of national security, as well as their equally misguided overreach into protecting the intellectual property of the entertainment industry, there's at least a glimmer, misguided though it might be, of understandable need involved. But what is hard to fathom is why an online games company would use steganography (the secret encoding of information in an image) to watermark in-game screenshots without their users' knowledge.

The company in question is Blizzard Entertainment and the game in question is the company's incredibly popular World of Warcraft (WoW). Earlier this month it came to light that screenshots taken while playing WoW contain a hidden watermark that reports the account ID, a timestamp and the IP address of the current realm.

According to a post on a forum on the ownedcore.com Web site, these images are frequently uploaded to various online services and "[the data in the watermark] can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers."

The post explains and recounts how two users managed to decrypt the embedded data to reveal the watermark. What's really surprising is that this tracking technique appears to have been in use by Blizzard since 2007!

Apparently more recent changes in the architecture of the game have, it is assumed, minimized any risk, but as the forum post notes: "Bear in mind that when this started, back in 2007, we were still using our account name to login so, before the battle.net conversion in 2009, the watermarks actually had really sensitive information ... Between May 22, 2007 and November 11, 2009, any malicious hacker who knew about this could have used a screenshot of a lucrative character to find their actual username & active realm and then either try to scam them out of their password, or just brute-force it."

There appears to be some disagreement over whether this watermarking invalidates the game's terms of service or not, but one thing that WoW users will not like is that they are still trackable outside of the game play without their knowledge or consent.

The need for more extensive and comprehensive digital privacy laws is becoming increasingly clear, and now that we know even game companies are abusing our privacy, where it will stop? How long until there's no privacy left anywhere online?

Gibbs is has been tracked to Ventura, Calif. Reveal your whereabouts to backspin@gibbs.com and follow him on Twitter (@quistuipater) and on Facebook (quistuipater).

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mark Gibbs

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts