Those who play World of Warcraft probably know about the little service it runs called The Warden. The Warden is a program that runs statistical analysis on a player’s system to make sure that no cheating programs are being used.
What Blizzard failed to mention, of course, was that the program also does some pretty damned insidious things while searching for cheating programs. For instance, it also looks through all open windows on the system and reads text information. Text information that could contain e-mail addresses, credit card numbers, or anything of that sort. And it does this every fifteen seconds to every person who plays.
Hmm.
This is the type of Big Brother scheme that entire RPGs are made out of. This type of thing would be perfect for a game involving, say, White Wolf’s Technocracy. Getting constant reports on what people are doing with their systems, credit numbers, e-mail addresses, etc for 4.8 million people? That would definitely make finding Reality Deviants a lot easier, wouldn’t it?
But back to reality. Surely, this isn’t THAT much of a concern, right? I mean, it only compares strings to a hash function locally then, if a match is made, sends the information to Blizzard. And you TRUST Blizzard, don’t you? Enough to give them a credit card number for billing purposes to play the game, at any rate. Indeed, many people on the forums seem to indicate they are happy with The Warden, finding all those evil cheaters.
But this doesn’t come down to JUST trusting Blizzard. You also have to trust everyone in the company, from the CEO down to the mail boy. Do you trust them ALL to not use information maliciously? Furthermore, you have to have insane amounts of trust in Blizzard’s IT department; it’d be so, so easy for one of them to insert a new copy of The Warden that searches for credit card or other information then give it to them. Furthermore, someone OUTSIDE THE COMPANY, if they managed to receive root access, could do the same thing and reroute the information to their own servers. Do you trust everyone on the planet? 4.8 million people is a big, juicy target. It’s only a matter of time before someone attempts it. And it’s not as if you can refuse it; the process runs constantly and updates constantly as well.
This is a severe violation of privacy and security and I, for one, am glad I don’t play the game. Shooting orcs in my room is not worth the invasion.
-Josh
References:
http://www.rootkit.com/blog.php?newsid=358
http://news.bbc.co.uk/1/hi/technology/4385050.stm
Simple solution to this: don’t run other programs while running WoW, which most everyone already does for simple performance reasons. Not that big of a deal, the only problem comes in the fact that Blizzard wasn’t completely forthright with it in the first place. Not that you can blame them for that, because there are too many privacy-nuts out there that would let such a thing stop them from playing the game.
If we could trust the whole world, then there’d be no need for a program like this to begin with. 😛
Personally I’d love for Blizzard to know what color underwear I’m wearing today, then my character might change to match. That’s the level of immersion and dedication that Blizzard stands for. I feel like a modern Nero with my statue of Zeus that is changed to match my dress each and every day, every minute of that day. (he changed midday sometimes just to make people work more/have a chance to kill them for failing)
…
I like World of Warcraft.
…
*drool*
http://www.securityfocus.com/brief/34
The two stories come together like the legs of Voltron in a robot-sex-party!
“Simple solution to this: don’t run other programs while running WoW, which most everyone already does for simple performance reasons.”
Why should you have to curtail your own computer usage just so Blizzard can’t record what you are doing?
If everyone were trustwo
Whoops, should finish my comment.
If everyone were trustworthy, then I could trust you to stop pooping in my pillowcase.
Yes this has been brought up before and yes they do it. Of course if you actually read all the mumbo jumbo Blizzard throws at you in the beginning, it says they can do it. By agreeing to the TOS/EULA you let them.