As a first statement I am mad that a screenshot gives away some of my information. The account information should not be freely displayed, even if it is obfuscated by some form of clever image stenography. The fact it contains an account ID and not an internal unknown reference ID linked to the account ID makes me think that this was developed assuming security through obscurity.
Before I go all Tin-Foil-Hat it is worth noting that no hack has been linked to this. The ways to socially hack an account are enhanced by this type of information if used correctly, but this is not a shattering break by itself.
Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character’s account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think “private servers”).
The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.
One of the folks in the thread even supplied a more normalised version of the watermark, so that we can “see” what it kind of looks like.
What does this mean for ordinary players?
Each screenie you place online has these details in it, and that means the good guys (Blizzard) and the bad guys (who knows) have access to whatever is in there. Blizzard might be using it to track the other bad guys, private servers and the like. Essentially it is unknown. Geekosystem have a useful pragmatic post on this too which was a good balance between panic and meh.
What can you do?
It appears a solution at the moment is to set the JPG quality to 10 and WoW skips the watermark function by default. Try this command:
/console SET screenshotQuality "10"
So do not panic, but take whatever measures you feel are needed to protect your own information. I’m going to see what effect down-sampling and reformatting the images has, as I suspect that the data may be eroded by multiple edits in lossy formats.
Are other companies doing this, or going to in an effort to protect their IP?
Probably. In fact it is likely already present in some other Blizzard/Activision apps. Now that Blizzard have done it we may seem more out there too.
- Activision Blizzard Secretly Watermarking World of Warcraft Users (games.slashdot.org)
- Blizzard may be hiding information in your screenshots, but it can’t hurt you (wow.joystiq.com)
- Blizzard is secretly watermarking WOW screenshots (ownedcore.com)
- World of Warcraft Screenshots Are Being Embedded With Hidden Watermarks (hothardware.com)
- World of Warcraft hiding information in screenshots (massively.joystiq.com)
- There’s More Information Than You Think Buried In Your World of Warcraft Screenshots [World Of Warcraft] (kotaku.com)
- World of Warcraft screenshots taken in-game reportedly include user account names, server IP (vg247.com)