World Of Warcraft Embedding User Information In Screenshots

Written by: Gary Gannon (@garygannon) | September 11, 2012 11:51 am

World Of Warcraft Embedding User Information In Screenshots

27 Comments

Hold on to your tinfoil hats guys, because have we got a doozy for you. So, you know all those WoW screenshots you’ve been taking and then posting to Flickr, Facebook, your G+ account or whatever? Well, it turns out that since about 2008 you’ve been posting screencaps that include a watermark with pertinent player information encoded in it.

The watermark appears in the form of bars contains information such as the date and time of the screenshot, the server name, and the player location, as well as the server’s IP address. A WoW player going by the name Sendatsu recently posted his discovery of the watermark on the OwnedCore forums and asked for help in figuring out what the watermark was, and has expressed his concerns on the website.

“The contained information can be easily recovered and decrypted by hackers, which compromises the privacy and security of our accounts!” he wrote. “For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. Perhaps someone is already using this since the watermark has been around for at least four years already.“

And it goes on to address the fact that while Blizzard does warn players that they can gather information about computers being used to play the game, they never said anything about embedding watermarks into every screenshot made using the WoW print screen tool. At this point any WoW player who has taken a screenshot of the game could be affected by what many will likely feel is a breach of both security and trust.

If you’re interested in seeing what the code looks like, Sendatsu gives thorough directions in his forum post on how to get a peek at it.

**Correction** The embedded IP address is the server IP not the players personal IP address.

World of Warcraft

Patch 5.3 Release Date Confirmed

Patch 5.3 Release Date Is Confirmed By Blizzard on TwitterRead more »

68 comments
4:06

World of Warcraft

Patch 5.3: Purely Pandaria Profession Leveling!

The latest Patch 5.3 PTR build is up, and has brought some fairly major changes to the leveling process of Mining and Herbalism. Read more »

25 comments
9:55

World of Warcraft

Preparing for Patch 5.3

Patch 5.3 is coming and Blizzard have created a guide to the changes!Read more »

8 comments

http://twitter.com/Mortwatcher Mort

they can get your IP and all that from you post on official forums, so this is not really anything special imo
http://twitter.com/WaylandX JB

Crzy!! Tin Foil Hat time!!!!
http://twitter.com/Nathiest Nathiest

Cool. Oh come on! This is pretty damn spiffy.
http://twitter.com/Luke_Malcolm Luke Malcolm

God Damn Gary, I’m outta Tin Foil.
http://twitter.com/GrantElicious Grant Butler

Oh well, surely this is a good thing so say if you report a hacker via a screenshot, they can track it easier or if someone leaks beta screenshots under NDA etc.

I doesn’t exactly give out your credit card details or whatever lol.
nichayes

You miss quoted the IP address section, it is the IP of the realm not the user.
http://www.facebook.com/people/Bruce-Fauble/1466377126 Bruce Fauble

Has this been confirmed by somebody from Blizzard?
http://dev.gamebreaker.tv garygannon

We have made the correction. It is not the players personal IP address…it is the server IP.
- http://twitter.com/Luke_Malcolm Luke Malcolm
  
  - From Reddit
  
  Wow, that is brilliant. Catch people who are posting TOS-violating activities with their own screenshots.
  
  To people worried about privacy, you are not posting any Personal
  information – just your character, Realm and account ID. From the
  article:
  
  “The secret watermark which is being intentionally embedded inside
  WoW generated screenshots below top quality, DOES NOT CONTAIN the
  account password, the IP address of the user or any personal information
  like name/surname etc. It does contain the account ID, a timestamp and
  the IP address of the current realm. “
  - DoctorOverlord
    
    If it had been player personal IP address I would have been worried, but the server IP is another thing. That would make this seem like a clever way for ActiBlizz to track down people who post screenshots of their exploits.
    
    And now they know not to do so or at least not doing it without removing the embedded info.
    
    Hmmm, or *altering* the embedded info! I wonder if this could be used to frame someone? lol
http://www.facebook.com/urda.andrei Urda Andrei

In the end, this may be the money-hungry activison that wants to sue the pirate servers. But Blizzard has to gain from them. Mostly because a lot of people get frustrated with the bugs and out of date patches and just swallow their pride and pay 15$ a month and as time goes on, the game will become even more complicated to crack.

PS: i’ve looked over the thread and haven’t been able to find the screenshot above. If that’s one of the real “watermarked” ones, it shows a relative date that can mean the start of these actions by Activision-Blizzard. “patch 2.1.2 is now live” written in the chat box. That patch was live between the 19th of june and 10th of july 2007, more than 5 years ago.
Kagitaar

So there is no more information in the watermark than one could obtain from looking at it normally…what a conspiracy!
http://www.facebook.com/people/Joao-Vicente/100000881627920 João Vicente

Can’t wait for crazy Legendary theory’s!

Personally it does not bother me.
Revanhavoc

This is unconstitutional get the Republicans on this quick they have nothing else to do!
sourt

That looks like a standard unsharpen filter for images…
http://profile.yahoo.com/KEZVTITPXJ5K55O2HXR4D5K4XE steve

Don’t post screen shots on a public forum. Yay! Problem solved!
Bryan Reis

“At this point any WoW player who has taken a screenshot of the game could be affected by what many will likely feel is a breach of both security and trust.”
Not really. It prevents doctored screenshots from affecting the community feedback process or falsely incriminating players while giving Blizzard a way to crack down on illegal servers. If you post a screenshot of my character /yelling obscene things at you, Blizzard will know it’s fake. Unless you’re in my guild, then it might be legit.

Now that players have discovered the watermark, we should have a way to verify a SS’s authenticity too, not that we’ve ever really had a need to. It doesn’t seem to give any information that isn’t already available, so it’s a big stretch to call this a breach of either security or trust.
- Old Ben
  
  > If you post a screenshot of my character /yelling
  > obscene things at you, Blizzard will know it’s fake.
  
  Why would Blizzard ever care about screenshots? They have the server chat logs.
  
  > Now that players have discovered the watermark,
  > we should have a way to verify a SS’s authenticity
  
  You seem to have it backwards. Now that the watermark has been found, it’ll take at most a couple of weeks until someone releases a utility to create watermarks listing whichever server IP and whichever time stamp you want.
  
  Watermarks are never a good way to “verify the authenticity” of images, anyway. The only way to do that is by matching something in the image to information kept elsewhere (ex., on the server). And since Blizzard has never and will never give players access to the server logs, players will never have a way to do that.
  
  And it very much is a breach of security and trust. Any images you may have posted online contain your account name, which you may not have wanted to reveal publicly. and it’s also very much a breach of trust, because Blizzard never told its customers that the screenshots contained that information.
http://www.facebook.com/thewownoobchannel Tommy Jensen

I must follow this story, cause it’s good, but a little bit scary at the same time.
https://www.youtube.com/watch?v=TvHBpyoYKbU
http://www.facebook.com/thewownoobchannel Tommy Jensen

Well, keep us up to date on the story, this could be a big one..
pc11

Its all part of Blizzard’s plan to take over the world…
- http://twitter.com/Luke_Malcolm Luke Malcolm
  
  Wait I thought that was Google ?
http://twitter.com/dularr Dularr

Did anyone ever figure out if it really was just the game ID? From what I understand it’s different from my Real ID, Battletag or Battlenet login email. Heck, is it a similar account ID as WOW1 and WOW2 attached to my battlenet account.
http://www.facebook.com/lpeace.88 Leo Lamphier

So does this mean your account can be hacked if someone sees your screenshots?
- http://twitter.com/dularr Dularr
  
  Unlikely. If it really is only a game ID and server IP, that’s not nearly enough information to hack someone account.
  
  You are more at risk if you created an account on the third party Web site you posted the screen shot and used the same email and password as your WoW Battlenet account.
http://www.facebook.com/stradus.woods Stradus Woods

Hmm this is interesting since I am starting to think blizzard actual makes money off the bots and hackers in D3. Frankly this wouldn’r surprise me if it was true.
- HinganDingan
  
  Why would they stop the most profitable activity in their game?
  
  Bots get banned, owners buy new game, bots get banned, owners buy new game.
  
  It was speculated in the old days that Blizz and IGE had an agreement because no other website acted with such impunity.

World Of Warcraft Embedding User Information In Screenshots

Patch 5.3 Release Date Confirmed

Patch 5.3: Purely Pandaria Profession Leveling!

Preparing for Patch 5.3

Monday

Tuesday

Wednesday

Thursday

Friday

Sign in to your account