Screenshots and Tin Foil Hats

Interesting article out there which indicates that the wow screenshots contain some traceable information about the user and server where they are taken. Darn tricksy.

As a first statement I am mad that a screenshot gives away some of my information. The account information should not be freely displayed, even if it is obfuscated by some form of clever image stenography. The fact it contains an account ID and not an internal unknown reference ID linked to the account ID makes me think that this was developed assuming security through obscurity.

Before I go all Tin-Foil-Hat it is worth noting that no hack has been linked to this. The ways to socially hack an account are enhanced by this type of information if used correctly, but this is not a shattering break by itself.

Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character’s account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think “private servers”).

…and…
The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

One of the folks in the thread even supplied a more normalised version of the watermark, so that we can “see” what it kind of looks like.

Machine generated and readable, but not consumable by humans visually, except maybe as a tease for a person addicted to the magic eye pattern puzzles.

What does this mean for ordinary players?

Each screenie you place online has these details in it, and that means the good guys (Blizzard) and the bad guys (who knows) have access to whatever is in there. Blizzard might be using it to track the other bad guys, private servers and the like. Essentially it is unknown. Geekosystem have a useful pragmatic post on this too which was a good balance between panic and meh.

What can you do?

It appears a solution at the moment is to set the JPG quality to 10 and WoW skips the watermark function by default. Try this command:

/console SET screenshotQuality "10"

Are other companies doing this, or going to in an effort to protect their IP?

Probably. In fact it is likely already present in some other Blizzard/Activision apps. Now that Blizzard have done it we may seem more out there too.

Advertisements

One thought on “Screenshots and Tin Foil Hats

  1. The free tool called Pixlr.com might be handy as you can change color depth, resize, and re-format images. By tweaking the saturation and some other changes this might get rid of the watermark. I’m playing with this at the moment.

Comments are closed.