Is there any organization or company that can resist surreptitiously tracking its customers?
Over the last few months I've written many times about how we're being monitored and measured then sliced and diced to either make sure we're not terrorists, drug smugglers or felons or so we can be more effectively sold to.
Just a couple of weeks ago I wrote about the terahertz scanners that can analyze our body chemicals, and before that it was the evaporation of our privacy, the loss of our internet rights, stopping employers from accessing our Facebook accounts, and how we are Google's product.
On and on goes the parade of our violated privacy, and the problem is that once the cat's out of the bag, the genie's out of the bottle, and the fat lady has started to sing, these lost digital rights are forever gone. You can't get your privacy back once it's been stolen any more than you can unmix a gin and tonic.
Now, as much as we all deplore the government's overreach in the name of national security, as well as their equally misguided overreach into protecting the intellectual property of the entertainment industry, there's at least a glimmer, misguided though it might be, of understandable need involved. But what is hard to fathom is why an online games company would use steganography (the secret encoding of information in an image) to watermark in-game screenshots without their users' knowledge.
The company in question is Blizzard Entertainment and the game in question is the company's incredibly popular World of Warcraft (WoW). Earlier this month it came to light that screenshots taken while playing WoW contain a hidden watermark that reports the account ID, a timestamp and the IP address of the current realm.
According to a post on a forum on the ownedcore.com Web site, these images are frequently uploaded to various online services and "[the data in the watermark] can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers."
The post explains and recounts how two users managed to decrypt the embedded data to reveal the watermark. What's really surprising is that this tracking technique appears to have been in use by Blizzard since 2007!
Apparently more recent changes in the architecture of the game have, it is assumed, minimized any risk, but as the forum post notes: "Bear in mind that when this started, back in 2007, we were still using our account name to login so, before the battle.net conversion in 2009, the watermarks actually had really sensitive information ... Between May 22, 2007 and November 11, 2009, any malicious hacker who knew about this could have used a screenshot of a lucrative character to find their actual username & active realm and then either try to scam them out of their password, or just brute-force it."
There appears to be some disagreement over whether this watermarking invalidates the game's terms of service or not, but one thing that WoW users will not like is that they are still trackable outside of the game play without their knowledge or consent.
The need for more extensive and comprehensive digital privacy laws is becoming increasingly clear, and now that we know even game companies are abusing our privacy, where it will stop? How long until there's no privacy left anywhere online?