[ISN] Warcraft game maker in spying row

From: InfoSec News (isn@private)
Date: Wed Nov 02 2005 - 07:15:27 PST


http://news.bbc.co.uk/1/hi/technology/4385050.stm

By Mark Ward 
Technology Correspondent
BBC News website 
31 October 2005

Game maker Blizzard has been accused of spying on the four million
players of World of Warcraft.

Net activists branded software used to spot cheats "spyware" because
it gathers information about the other programs running on players'
PCs.

In its defence Blizzard said nothing was done with the information
gathered by the anti-cheat software.

And many players seem happy to have the software running if it cuts
the amount of cheating in the game world.


Home invasion

The watchdog program, called The Warden by Blizzard, has been known
about among players for some time.

It makes sure that players are not using cheat software which can, for
example, automatically play the game and build up a character's
qualities.

However, knowledge of it crossed to the mainstream thanks to software
engineer Greg Hoglund who disassembled the code of The Warden and
watched it in action to get a better idea of what it did.

He found that it performed a quick analysis on other programs running
on a PC to see if their characteristics match known cheating programs.

But Mr Hoglund found that The Warden also scans the text in the title
bars of any Window for any other program.

Writing in his blog about what he found Mr Hoglund said: "I watched
The Warden sniff down the e-mail addresses of people I was
communicating with on MSN, the URL of several websites that I had open
at the time, and the names of all my running programs."

Mr Hoglund noted that the text strings in title bars could easily
contain credit card details or social security numbers.

Digital rights group The Electronic Frontier Foundation (EFF) branded
The Warden "spyware" and said its use constituted "a massive invasion
of privacy".

The EFF said that it was not acceptable simply to take Blizzard's word
that it did nothing with the information it gathered. It added that
the Blizzard could get away with using The Warden because information
about it was buried in licence agreements that few people read.


Fair play

Blizzard took to the forums on the central community site for World of
Warcraft to defend itself and correct what it saw as "misinformation"  
about its actions.

It said that The Warden did not gather any personally identifiable
information about players only data about the account being used. It
also re-iterated that the only thing done with data gathered was to
look for evidence of hack or cheat programs.

For their part many gamers seem happy to tolerate The Warden even
though they acknowledged that it eroded their privacy to an extent.

Jason Justice, speaking on behalf of members of the Low Red Moon
guild, said many in its ranks supported the programs used by Blizzard
if it kept the cheats out of the game.

"The concern most have is that the program has the capability to read
text from open programs, potentially compromising the privacy of some
sensitive programs."

"If someone is afraid of the program reading sensitive information
from their programs, one possible solution is simply to not run any
additional programs while playing World of Warcraft," he said, "which
is certainly advisable from a performance standpoint to begin with."

He told the BBC News website: "It is entirely Blizzard's
responsibility to protect their intellectual property and the fairness
of the game experience, and if they have code sophisticated enough to
detect when a cheater is running illegal programs on their computer,
they're doing a right good job of it."

Paul Younger, one of the administrators on WoW community site
worldofwar.net, said: "With cheating being a real concern to Blizzard
I feel they have few options other than to check what people are
running on their machines."

"Blizzard have learnt since Diablo II that cheating can seriously
hamper the enjoyment of a game," he said.

Warcraft players debating the issue on the worldofwar.net forums
seemed happy to have The Warden keeping an eye on what they are doing.  
Many said they trusted Blizzard not to exploit the information being
gathered.

Some pointed out that it would be hard for Blizzard to gather more
useful information than they already have given that most use a credit
card to pay the monthly fee to keep playing the game.

For those worried by what The Warden does, Mr Hoglund has produced a
program called The Governor that reports on what it is watching.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Wed Nov 02 2005 - 22:25:04 PST