World of Warcraft Screenshots Contain Your Account Info

nickpy

New member
Oct 9, 2010
124
0
0
Just a small pointer, but the statement "encrypted by a technique called steganography" is incorrect. Steganography is not encryption: you can encrypt data (rendering it unreadable to persons without the decryption key), or you can hide it inside other data (which is what steganography is), or both. I for example wrote a program that encrypts given textual data, then hides it inside the colour channel data of a PNG image using steganography.
 

tzimize

New member
Mar 1, 2010
2,391
0
0
Bhaalspawn said:
tzimize said:
Fappy said:
Shady practice is shady. Good thing I never shared any of my old screenshots.
Yeah. This seems borderline illegal. Is it really ok for Blizzard to be using this method? Could it open for lawsuits against them for something or another?
Considering it's in the Terms of Service, nobody suing Blizzard would have a case, since they agreed to it willingly.

Now I know most people don't read the Terms of Service every time it's changed. And those people are going to find out that harsh reality the hard way.
Yep, however I (thank god) dont live in the USA. I live in a country where customers actually have some rights :p So whatever the ToS says it cant make me agree to terms that are worse than my countrys customer rights. How that would work in an international lawsuit I have no idea, and its not that interesting to me since I wont be suing anyone. But in the USA people sue each other at the drop of a shoe (or so it seems anyway) so I'm sure SOMEONE will so blizz over this :eek:
 

Sean951

New member
Mar 30, 2011
650
0
0
tzimize said:
Bhaalspawn said:
tzimize said:
Fappy said:
Shady practice is shady. Good thing I never shared any of my old screenshots.
Yeah. This seems borderline illegal. Is it really ok for Blizzard to be using this method? Could it open for lawsuits against them for something or another?
Considering it's in the Terms of Service, nobody suing Blizzard would have a case, since they agreed to it willingly.

Now I know most people don't read the Terms of Service every time it's changed. And those people are going to find out that harsh reality the hard way.
Yep, however I (thank god) dont live in the USA. I live in a country where customers actually have some rights :p So whatever the ToS says it cant make me agree to terms that are worse than my countrys customer rights. How that would work in an international lawsuit I have no idea, and its not that interesting to me since I wont be suing anyone. But in the USA people sue each other at the drop of a shoe (or so it seems anyway) so I'm sure SOMEONE will so blizz over this :eek:
And then the court would look at what could be obtained and how useful it was to someone hacking said person and then toss the case.
 

LordLundar

New member
Apr 6, 2004
962
0
0
And to compound where I said nobody did any research, OwnedCore is a group that runs private servers of Blizzard games so they are competing (illegally mind you) with Blizzard itself and this encoding is a major threat to them.

Now given knowledge of the source, the info becomes even more suspect.
 

Atmos Duality

New member
Mar 3, 2010
8,473
0
0
Worked with software that put digital watermarks into pics long ago.
Fun stuff.

Though piss-easy to bypass with simple OS commands and other software.
 

LordLundar

New member
Apr 6, 2004
962
0
0
Blablahb said:
Doesn't matter because of anti-trust laws. Those forbid establishing a monopoly, so if Blizzard went up against OwnedCore for running servers, they'd lose because anti-trust laws forbid demanding a total monopoly on something.

OwnedCore may be a rival to Blizzard (they are only if they charge subscription for logging in on their WoW servers) but they can't be illegal competition because Blizzard shutting out everybody else would be a breach of anti-trust law.

In many countries, IP adresses are considered personal information, and abuse of it is a violation of privacy laws. Harvesting IPs illegally like done with these screenshots would for instance violate Dutch privacy laws, so Blizzard can't do a thing against someone in the Netherlands playing on private servers, since gathering that info was illegal, and any and all evidence created illegally is obviously inadmissable.
Wow, so much misinformation here.

There is no Anti-Trust issue here. Blizzard owns the Intellectual Property pertaining to their games so they have sole legal discretion on who uses their IP. Now if they actively tried to shut down every MMO, Anti-Trust lawsuits would be accurate. A bunch of people not seeking permission from Blizzard to put up their own server (which they wouldn't get anyway) is a violation of the DMCA and various international copyright laws and as such illegal. Get your facts straight.

As for your second one, Because Blizzard owns the Intellectual Property, they are also considered legal owners of the screenshots resulting from the utilization of it, so they are not breaching privacy laws. In fact, they're required to exercise their enforcement of it to comply with certain laws, the Dutch Data Registration Act included. You're saying that a private server host can go to court and say "We stole Blizzard's IP and now they're trying to shut us down!" and expect the court to rule against Blizzard. Not. Going. To. Happen. Now seeing that there's also other more direct ways of obtaining the private server's IP address (which needs to be integrated into the client software to override Blizzards server IPs) the screenshots don't even need to be administered into evidence.

The entire crux of your argument is based around someone committing IP theft and saying that Blizzard cannot stop them when court history worldwide says very different.
 

SpAc3man

New member
Jul 26, 2009
1,197
0
0
Baldr said:
Pretty sophisticated technology for 2007. Still don't know about what the data actually contains.
More like very simple method to implement in any lossless image data. Hiding an ASCII string inside a bitmap image is surprisingly trivial for any half decent programmer who knows how bitmap image data is organised.

A good method I would use is modifying subpixel values to be odd or even numbers to represent binary 1 or 0 so you can encode the binary values for each character.

You could even have it set up to represent odd values as black pixels and even numbers as white pixels so you end up with an image of the text you want to hide if you transform the image with a simple bit of code.

Could get a bit tedious with a language like C++ but something like Matlab is perfect for very easy implementation of the above methods.

Sorry if that went over anyone's head.
 

Zing

New member
Oct 22, 2009
2,069
0
0
Misleading title is misleading.

In-game pictures contain your account ID, a timestamp, and the IP address of your server
None of these things can be used to put an account in danger.
 

Aethren

New member
Jun 6, 2009
1,063
0
0
I love threads like this, it really weeds out stupid people. Or people who don't fully read an article, which are typically the same thing. I needed a good laugh, and reading how people think that these watermarks could somehow threaten accounts...Good laughs are obtained. That said, it was a rather badly-worded article. Blizzard should do more things like this, they're a multi-million dollar company, they clearly know more about what they're doing than most people on here.

The Escapist is starting to read a lot like Cracked for me, but it's the posters that really provide the humor.
 

Zing

New member
Oct 22, 2009
2,069
0
0
Buretsu said:
Zing said:
Misleading title is misleading.

In-game pictures contain your account ID, a timestamp, and the IP address of your server
None of these things can be used to put an account in danger.
But, but.. They could find out who you are and what server you're on... AND BE A DICK TO YOU.

And now a call to paranoia:

Sure we know they have ID, time, and IP... BUT WHAT OTHER INFORMATION DOES IT HAVE THAT NOBODY'S FOUND OUT ABOUT YET??
Not to mention it's the server IP, which are all publicly available [http://www.wowwiki.com/US_realm_list_by_datacenter].
 

Ashannon Blackthorn

New member
Sep 5, 2011
259
0
0
Aethren said:
I love threads like this, it really weeds out stupid people. Or people who don't fully read an article, which are typically the same thing. I needed a good laugh, and reading how people think that these watermarks could somehow threaten accounts...Good laughs are obtained. That said, it was a rather badly-worded article. Blizzard should do more things like this, they're a multi-million dollar company, they clearly know more about what they're doing than most people on here.

The Escapist is starting to read a lot like Cracked for me, but it's the posters that really provide the humor.
Maybe, but I find the sheer amount of idiotic asinine BS that spews on here enough to give me cluster headaches... I envy your ability to not get annoyed at the stupidity.
 

DiamanteGeeza

New member
Jun 25, 2010
240
0
0
The Lugz said:
guys, this is total crap even if it's true which frankly i doubt
it's supposedly hidden in the jpeg compression data
so save your files as bitmaps, or tga and said data is gone.
also save any jpeg with compression and sharpening up 99% and you'll see odd artifacts, banding blocking and blurring such as :

http://shutha.org/node/829

jpeg just has crappy algorithms

until someone comes up with a program that can read jpeg artifacts and get out data that isn't nonsense it's pure tinfoil hat

Why disable the hacked compression data when altering the quality of the jpeg file output?
Why not create .bmp .tga ect encoding programs?

it makes no logical sense to attempt to spy on activities when your only seeing certain screenshot settings
You don't 'hide' data in actual image data (especially not a lossy compression format such as JPEG - you'd never get your data back in one piece). Pretty much every image file format contains a 'miscellaneous data' block for applications to use as they see fit. Software such as Photoshop uses it to put things like "created with Photoshop vX.X" - that's where the data will be stored, not in the actual pixels data.

Oh, and just for the record, the JPEG algorithms are not crappy. If you set your quality setting to crappy, you'll get a crappy result because it's a LOSSY compression format. Set your quality correctly and you'll get an excellent result for a relatively small file size.
 

Schadrach

Elite Member
Legacy
Mar 20, 2010
1,977
347
88
Country
US
The Lugz said:
Why disable the hacked compression data when altering the quality of the jpeg file output?
You have less available "noise" to disguise your data as on higher quality compression settings.

The Lugz said:
Why not create .bmp .tga ect encoding programs?
There are algorithms for doing exactly that. There aren't well known ones that can survive being converted to a different format though. The strength of steganography is in not being apparent that you are trying to send a message in the first place. In fact the term comes from a book on cryptography and steganography that itself is disguised as a grimoire titled Steganographia.

Steganographic encoding methods are generally pretty fragile -- I'd be surprised if something like this survived resizing the image or any other kind of image manipulation (such as blurring out character name or chat), otherwise it would be expected to be more noticeable and seen before now.

Now, if it was just in the data tags on the image, as someone else suggested above, then it's ridiculous that no one noticed until now.
 

Jadak

New member
Nov 4, 2008
2,136
0
0
How is this relevant?

User ID is publicly visible when playing the game, right? Timestamp matters even less... And the IP of Blizzards servers is hardly personal information, nor private or a secret... If they included the users IP, that's something else, but their own? Whatever...

Soo...Big deal?
 

LordLundar

New member
Apr 6, 2004
962
0
0
Blablahb said:
Uh, nope. Blizzard does not own a patent on having servers and thus can't forbid others to operate software on servers. Neither do they have a patent on game servers.
Did I say servers? Nope. I said the game. Certainly they can run servers, but they can't have servers running Blizzard's games without their permission. If they do, they are violating Blizzard's IP and is illegal.

Blablahb said:
Nope, doesn't work like that. And that should be quite obvious. Otherwise, camera manafacturers would own the rights to all photographs ever made. Doesn't work like that.
You're confusing physical ownership with Intellectual Property. The proper comparison is if someone took a picture of an artist's painting without the artist's permission. The artist has full legal right to demand all copies of the photo either be turned over or destroyed.

Outside of the example, you are using Blizzard's software to create the screenshot of Blizzard's IP, so Blizzard retains all copyright permissions to the screenshot.

Blablahb said:
IP adress is personal information when it's used to connect it to a person, and tracing that back is illegal:
http://www.cbpweb.nl/Pages/uit_z2000-0340.aspx
Did you even read that? The last paragraph says that the IP addresses did not link to individuals and as such is not a breach of privacy laws. Seeing that the screencap contains the SERVER IP ADDRESS it is not considered to be tracing to an individual person and as such is not a breach of privacy laws. Whoops!

Blablahb said:
No such law exists. We do have a personal data protection act (wet bescherming persoonsgegevens) however, which Blizzard violates when illegally logging IPs.
I stand corrected on the act, but the WBP once again protects on personal information. Private servers running Blizzard IP is NOT considered private information because the software is owned by Blizzard and is used without their permission.

Blablahb said:
All their evidence is gathered illegally. Heck, the trace required to make it from IP adress to specific person is even a crime because it involves illegal entry into protected systems. Hiding spyware to gain acces to information like Blizzard did is also hacking, and illegal.

If all indications are gathered illegal and even by crime, there's no option but to throw out the case. Heck, you could juggle the actual servers in the court room and hold up a huge banner that "I pirate your stuff" and it would still need to be thrown out as based on illegality. It's a very important technicality which protests citizens against inquisition-like practises.

The BREIN foundation, an private group payrolled by the copyright mafia which goes after software pirates, tried this stunt before and suffered defeat after defeat in court, even though their illegal hacking brought them to catch companies pirating software red handed, they always lost in caught because they did so by illegal and criminal means. To my knowledge they only ever got one guy, a 21 year old from Oud Beierland, because he was dumb enough to confess to the police in the first informal interview.

Here's the verdict in one of those cases they lost:
http://zoeken.rechtspraak.nl/detailpage.aspx?ljn=AY3854

The court literally ruled that fishing for IP adresses and looking them up is illegal.
Brein was actively using information they do not own and acquired illegally to trace IP addresses of individual people which is illegal in the bulk of the world.

Blizzard on the other hand is not doing this. They are not actively tracing IP addresses using information they would not legally have access to. Instead pictures taken using Blizzard software containing Blizzard Intellectual Property containing the IP addresses are being put out for public display, including Blizzard staff. They are using that information (which they could probably get from either the Private server's website or from reverse engineering the illegally modified client which is perfectly legal, though time consuming as well) To track the server (which in the link you gave above does not qualify as personal information) and stop people from running their software without their permission.

See the entire thing you're forgetting is Blizzard owns the software that Private servers are using. They are well within their rights to use the information that their software is generating to prevent people from using it without their permission.

This screenshot thing is no different than if there was code in the server itself to call back to Blizzard servers to let them know where the server is calling from. And seeing as there is no personal information attached (the IP address as stated in the very example you give indicates it is not protected and the Account ID is something Blizzard owns anyways), the only ones who are threatened by this is the ones hosting private servers such as OwnedCore who are spreading misinformation to protect their illegal activity.

Stop ignoring information that disproves your argument.