digg

Facebook Connect Join Digg About

Blizzard potentially creating privacy issues?

onwarden.blogspot.com With the November 13th update of Blizzard's World of Warcraft their anti-bot detection software "Warden", now makes it impossible for customers to track what they are scanning and could lead to privacy issues.

Who dugg this? Made popular Nov 16, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

119 Comments

show profanity settings
expand all
  • Joet1980, on 11/16/2007, -6/+25Not so much that we can't trust Blizzard it's the principle.
  • Zavoc, on 11/16/2007, -3/+22The real issue being that I'm missing out on valuable WoW botting time.
  • devestator, on 11/16/2007, -6/+20I really do have to agree. I don't have a problem trusting blizzard, I do not believe they are ever going to start looking at things on my computer that they are not suppose to. But that is blizzard as a whole. What happens if someone that works for blizzard manages to hack into blizzards servers internally and modify the hashes in order to gain email addresses to sell mailing lists, or starts pulling in account names / passwords that may be saved in cookies or something like that. I'm sure blizzard has protection against things like this, but when it comes to computers no formof protection is unbeatable. Sure they may catch whoever did such a thing, but would it already be to late by the time they did, if it takes them even an hour to see it and catch them they could've already sold / given whatever information they collected to hundreds of people.

    With the possible bad things that could happen aside, it is definately to far in the gray area. I really hope someone with some weight (like say maybe MSNBC.com or something) reads about this and decides to put out and promote a story about it on how Blizzard is violating their customer's privacy, someone that can actually make Blizzard get worried enough to back off. As it is now a few of their users spreading word about it is not going to be enough to make Blizzard blink.
  • XBSHX, on 11/16/2007, -2/+15If you don't like it then don't play, its that simple.
  • TotalHalibut, on 11/16/2007, -2/+14EVERYONE IS OUT TO GET YOU, ESPECIALLY THE MAKERS OF STARCRAFT.
  • laxlacks, on 11/16/2007, -2/+13Tsurani / Duralt, while I appreciate your apparent knowledge of how hashes work, you are missing the actual points of the blog posting. In fact, I'm not sure you read it. The fact of the matter is that there is no way to verify, for all permutations of Warden, that the function in question is, in fact, a one way hashing algorithm. They could replace it with anything as they see fit, at their sole discretion. The issue is not that the hacker, as you say, cannot protect himself, because he can. The issue is that they can create 10,000 permutations of Warden, slip something into one of those, and in all likelihood, get away with it, simply because they are aware that it cannot be independently verified for all permutations of Warden. You keep championing your knowledge of hash algorithms here and on the World of Warcraft forums, but the fact of the matter is that your points are not relevant to the discussion.
  • TotalHalibut, on 11/16/2007, -0/+10ON A PRIVATELY OWNED INTERNATIONAL FORUM.
  • ChadMoran, on 11/16/2007, -8/+18Blizzard has been deleting topics on their forums reguarding this issue, don't stop digging!
  • Final, on 11/16/2007, -4/+14Your computer can be compromised by someone anytime you cruise the internet, everytime you input your information somewhere, and you are worried about a billion dollar company with more to lose from stealing your information, than gain, trying to abuse your privacy?

    Get a grip people, "oh no Bioshock has a virus" "blizzard is selling credit information" Grow up and pull your head out of your ass.
  • xOpifex, on 11/16/2007, -0/+9Don't you have to agree to Blizzard's privacy policy in order to use the game? I would say they probably aren't "violating your privacy" if you have to click an I AGREE button before you can even play. Now if Warden isn't included in that privacy policy then you can start screaming bloody murder.
  • RogueA, on 11/16/2007, -6/+15Honestly, I feel the same way as Devestator. Making the program un-trackable is opening a whole new can of worms. This article does need to get some exposure as well, as Blizzard has deleted and banned several folks who have posted it on the WoW forums so far.
  • daslog, on 11/16/2007, -3/+12ZOMG THEY CAN GET MY CREDIT CARD NUMBER AND EXPIRATION DATE!!11!!

    oh wait, I gave that to them when I signed up...
  • chaosium, on 11/16/2007, -2/+10OMG CENSORSHIP
  • goffy59, on 11/16/2007, -1/+9Warden first started on Diablo 2. Blizzard is pretty sneaky but sometimes I don't blame them. I hate people that dupe items or crash games.
  • itsJALbert, on 11/16/2007, -3/+11WAAAAAAH Blizzard is stopping me from botting.

    I'd say if you don't like it, don't play it, but you don't even play it to begin with.
  • TotalHalibut, on 11/16/2007, -1/+8Evidence of this?
  • XBSHX, on 11/16/2007, -0/+6Yes, don't agree don't play and return the game to blizzard.
  • TotalHalibut, on 11/16/2007, -1/+7No you won't, you're simply being noisy. If even a handful of the people who said they were going to do something on Digg actually did it, I'd imagine we'd actually start seeing some real changes in this world of ours.
  • cerealman, on 11/16/2007, -0/+6"What happens if someone that works for blizzard manages to hack into blizzards servers internally and modify the hashes in order to gain email addresses to sell mailing lists, or starts pulling in account names / passwords that may be saved in cookies or something like that. I'm sure blizzard has protection against things like this, but when it comes to computers no formof protection is unbeatable."

    That same logic can apply to any software you use. Even OSS.
  • TotalHalibut, on 11/16/2007, -0/+6Yes, I love RPGs like Call of Duty 4 and Virtua Tennis.
  • TotalHalibut, on 11/16/2007, -1/+6I'd imagine because as usual, the WoW forum community are a bunch of shrieking ninnies who couldn't put a constructive or cogent post together if they tried and no doubt bandied about several ridiculous theories/accusations/outright lies in the process of trying to get their clumsy point across. That and Blizzard's always taken an extremely dim view of any post that is seen to heighten awareness of the existence of cheat-programs such as Glider.

    This is not some nutjob conspiracy and Digg are not secret agents.
  • TotalHalibut, on 11/16/2007, -1/+6Oh come off it this is Digg, the site that has, to my dismay and abject horror, become more sensationalist of late than the freakin' tabloids.
  • Shanobi, on 11/16/2007, -1/+6Yeah, they're totally going to ______.

    No way I'm going ot blindly trust lame blogs trying to scare the ***** out of me for no reason.
  • TotalHalibut, on 11/16/2007, -0/+5I bet you also think that 'ho ho ho' is sexist.
  • xOpifex, on 11/16/2007, -6/+11I'm sure Blizzard will really miss the whole 100 people who cancel over this /sarcasm
  • TheLoneWolf071, on 11/16/2007, -1/+6This is the problem that a lot of places run into. How do you stop people from doing wrong(Bots, Cheat) without having to get dirty? The problem is that the hackers are smart people, so they know it's just a matter of time before the security is broken, so blizzard is attempting to stay ahead of the curve. The problem here is that they are getting very aggressive and they are using methods that some see as an invasion of privacy. The Potential for abuse also comes into play, because potentially anybody inside blizzard with a disgruntled attitude and the know how could open your computer up for damage, or your credit cards, etc.

    Personally I like blizzard and I know they wouldn't do anything they didn't feel was necessary, also because they are a large company so they also have liability to their customers and investor(Are they publicly Traded?)

    It's a tough balance and I think we know that it will never always work... Oh well, C'est la vie.
  • MutatedNantuko, on 11/16/2007, -1/+5Go play it, then get back to the community. It's bad.
  • TotalHalibut, on 11/16/2007, -0/+4Ooooh shrieking ninnies, great term. That made me happy inside.
  • TotalHalibut, on 11/16/2007, -1/+5You act as if staying secure online is such an epic feat, whereas it is more akin to knowing that avoiding sticking your hand in a food blender is a good way to keep all your fingers.
  • dstz, on 11/16/2007, -1/+4People agree to it when they agree to the TOS. End of story.

    Digg becomes as painful as Blizzards forums, what a bunch of stupid whiners.
  • Radar3D, on 11/16/2007, -0/+3No, at least in WoW you catch the dragon.
  • vileS, on 11/16/2007, -0/+3It's not illegal in anyway. You have to agree to a terms of use before the software is even activated on your PC. If you don't like it, don't install it.
  • Asianwaste, on 11/16/2007, -0/+3Anything to kick those damn cave defenders!
  • ashmael, on 11/16/2007, -0/+3Its not feasible at all that hackers could change their code such that a hash of the modified code is identical to the unmodified code.
  • chaosium, on 11/16/2007, -0/+3That cheated like mad.
  • cerealman, on 11/16/2007, -1/+4But how do you know someone malicious won't join Blizzard and steal them!!! OMG!! And the same for Apple and Microsoft!!! And I bet you've never checked every line of source code from that OSS you use, amirite?
  • knodi, on 11/17/2007, -0/+2I'll take those nude pics of your wife.
  • foopace, on 11/17/2007, -0/+2Few points in general for the people who keep repeating the same old stuff from the wow forums.

    First, the botting program in question has been usable again for over a day. If you're spinning a storyline that relies on this being about an inability to crack Blizzard's new protection (from the standpoint of protecting the cheating app, that is) then you might want to take this into consideration.

    Second, I will grant your 'Blizzard has all the info they need already' points if you can tell me how their billing database can be used to push malware onto your system. What was that about red herring arguments, btw? Go read about PCI standards and credit card transaction security and realize how foolish this argument is before we even address the other things Warden could potentially be subverted into doing that the billing db can't.

    Third, as for the "ain't doin nothing wrong ain't got nothin' to hide" types ... so you're cool with leaving your door unlocked so I can have a look through your house while you're at work right? Because if you're uncomfortable with the idea of an invisible stranger going through your stuff - illegal or otherwise - then you understand where those of us concerned by this are coming from whether you realize it or not.
  • janodandre, on 11/16/2007, -1/+3uh no.. Tripwire is commonly used to check *the code* looking for that data, not the results from that scan.

    That code is visible when it runs and therefore is detected by Tripwire, that notifies the rootkit hidden from Blizzard and takes appropiate action. In fact thats how the Glider bot works, and yesterday his tripwire successfully detected a warden update and stopped Glider until that code is analyzed and Tripwire definitions updated. This is done in the event that the new code, somehow, is able to detect the actions of the Glider rootkit on the operative system, but illustrates how you can still watch the watcher.
  • rabidbob, on 11/16/2007, -0/+2Slowly with murloks. :-(
  • Yazilliclick, on 11/16/2007, -0/+2Because
    A) The wow forums are filled to the brim with whiners and sensationalists that are just tryign to stir up problems and spam their stupid stories.
    B) Warden is their anti-cheat security in the game, why would they details on the innerworks that can help peopl bypass them posted on their own forums?
  • Swanston, on 11/16/2007, -0/+2@Final
    Word.
  • tdous, on 11/16/2007, -0/+2You're right. But the perspective on Digg makes it a little more depressing. With the tabloids we can say "Damn stupid tabloids with their sensationalism and exaggeration. Why do people buy that trash?". Here the exaggerating and sensationalising is done by the people themselves.
  • TotalHalibut, on 11/16/2007, -2/+4Yes I remember the 1000s of lives that were destroyed by that...
  • ImpactedColon, on 11/16/2007, -2/+4Automatically digg down ANY reply beginning with ummm...
  • tdous, on 11/16/2007, -0/+2I'd love to see a logical flow chart of that argument that doesn't just have monthly fees at one end and bot-detection at the other.
  • DryMaltExtract, on 11/16/2007, -0/+1if the act they were performing was found to be illegal it doesn't matter that you agreed to it.
  • benitojuarez, on 11/16/2007, -0/+1when digg, when will we have a damn delete button.
  • benitojuarez, on 11/16/2007, -0/+1Im actually tech support for a large bank, why do I have to be a burger flipper?
  • Hewbie, on 11/16/2007, -0/+1one ring0 to rule them all,
    rouge employee/ or Trojan/Worm made for sole purpose of gaining control of watcher used to spy on the user i.e. Stealing personal information, account details, etc
  • Fetching more discussions...
    Show 51 - 100 of 119 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.