upload your images on an external image hosting site: imgur.com
No one responded because they couldn't see them
Updated 12/09 (the watermarking apparently started in 2007):
DISCLAIMER: This thread post contains detailed information on how to view a hidden watermark which has been verified to exist embeded in JPG screenshots produced by the WoW client. The watermark itself includes, encoded in unencrypted bytes, the user's account name (\World of Warcraft\WTF\Account\), an HH:MM timestamp and the IP address of the server. If you do not care about Blizzard secretly watermarking your screenshots without any specific prior notification in the ToS or EULA, then this post probably isn't for you Thank you for your attention.
This post may have been moved to WoW General, but it still remains an exploit - one which is used against us...
1) Go somewhere where there aren't any (or a lot) of textures. I used the druid blink bug to go to the north end of the world but you should go below Dalaran in Crystalsong Forest, as bluesius suggested, because you will get a better screenshot if you stick your face in the pure white trees.
/console SET screenshotQuality "9"
Make sure you use 9, not 10.
3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white.
4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.
5) You are now looking at your character's WoW watermark / custom bar-code / qr code look-a-like / call it what you will:
Apparently, each user has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers").
Note that if your screen resolution is too high, the pattern will look something like this:
The pattern, which consists of approximately 88 bytes of data, repeats itself many times depending on the resolution of your screen. See below for a colored representation: the account id and realm information are depicted in red and the current time (seconds not included) is depicted in blue:
IMPORTANT NOTE: IF YOU CAN'T BOTHER READING ANYTHING ELSE, READ THIS:
The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.
Based on Blizzard's ToS (http://us.blizzard.com/en-us/company/legal/wow_tou.html), Blizzard is allowed to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. It never mentions anything though about embedding some of these data into every screenshot we capture using the WoW printscreen tool. The users [mistakenly] assume that Blizzard will use a safe channel via battle.net, not our public screenshots that we share with the world, unaware of their secret contents. This unencrypted watermarking mechanism fails to protect our privacy, not from Blizzard employees (they already know everything about our computer systems), but from malicious hackers looking for something or someone to take advantage of.
If they only wanted it for screenshot-authenticity reasons, as some argued, they could have just watermarked a unique version of their logo or perhaps an encrypted key. But we found account and realm information which means that its aim is to secretly track the users, in addition to the known tracking methods that we agree to in the ToS.
_Mike, schlumpf and Master674 have managed to disassemble the watermark data and help us verify which pieces of information are contained inside. Do note that this covert watermarking has been confirmed, by multiple sources, to have started immediately or soon after Patch 2.1.0 in 2007 (before the Activision deal), which introduced JPG screenshots for the first time (http://us.battle.net/wow/en/game/patch-notes/2-1-0), so you may want to delete/remove from the public domain all your JPG screenshots captured by WoW. Sorry Activision haters, looks like this one was on Blizzard
The contained information can be easily recovered and decrypted by malicious hackers (if we did it, so can they). For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach. They could unleash Web spider bots scanning for WoW screenshots, decode their hidden watermark data and quickly create a comprehensive database of which account has which alts in it, that they can then sell to anyone interested. Perhaps someone is already using this since the watermark has been around for five years already.
Bear in mind that when this started, back in 2007, we were still using our account name to login so, before the battle.net conversion in 2009, the watermarks actually had really sensitive information... Between May 22, 2007 and November 11, 2009, any malicious hacker who knew about this could have used a screenshot of a lucrative character to find their actual username & active realm and then either try to scam them out of their password, or just brute-force it.
It looks like when Blizzard decided to add JPG screenshots into the WoW client, they also teamed up with Digimarc (http://www.digimarc.com) to provide us this wonderful service of secretly tagging our in-game screenshots with our account and realm information. Although it has not yet been verified, it is possible that Blizzard is using an automated monitoring service which downloads image files from various Internet sites and checks them for the presence of their embedded digital watermark data, kindly provided by Digimarc: http://www.google.co.uk/patents/US7653210
I must repeat, once more, that these patterns are not "random artifacts", because random artifacts don't produce account IDs: http://www.ownedcore.com/forums/worl...ml#post2493377 (Looking inside your screenshots)
Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.
l0l1dk has developed a tool to disable the addition of watermarks in the lower quality screenshots but use it at your own risk/responsibility because it could corrupt the WoW client, which could then require a clean re-installation of the game (it's also against the ToS). It is much simpler to just set the JPG quality to max.
Finally, a lot of people are asking how we managed to decode the watermark pattern. Well it took a lot of teamwork, which you can find in the next pages here, and we came up with two source codes which successfully read the pattern data:
Try it yourselves. Read the rest of the thread for more information. If you have any comments, ideas or suggestions please share. Politeness is appreciated.
Last edited by Sendatsu; 09-13-2012 at 01:35 PM.
upload your images on an external image hosting site: imgur.com
No one responded because they couldn't see them
The Following 1 Members Gave Thanks To SniffingPickles For This Useful Post:hackerlol
For quite a while i suspected this kind of tracking was possible. thank you for researching & proving it to be true!
+cookies your way
Edit: To people who do not understand the importance, this shows how Blizzard has possible ways of tracking screenshots to the related accounts even with name/character model / etc censored out. It also provides knowledgeable people with more ways to censor the image to prevent the above from happening.
http://i.imgur.com/3FDgG.jpg). It's like a capital T merged with an inverted capital T (dots added for centering), so it basically looks like an Ξ with a smaller middle line for small resolutions and a larger middle line for large resolutions:
It's always in the middle of your screen, and always the same pattern per character. That is why my screenshots are so low-res, I couldn't afford them being recognized.
Last edited by Sendatsu; 09-11-2012 at 12:58 PM.
For me it looks like JPG compression artifacts, remember thath JPG is a highly destructive algorithm.
Try entering this :
Redo your method and we'll see./console SET screenshotFormat "tga"
/console SET screenshotQuality "12"
Maybe this is just a watermark to prove it's from WoW itself and not a manipulated image (even the pattern changes).
But i will try to reproduce this and then I will try to decode it somehow.
Got those patterns too. But i think - like others in this thread told already - this is just because the jpeg compression. Can't see any difference on two different accounts on the same place.
Last edited by allesist; 09-08-2012 at 01:06 PM.
If this indeed was JPG artifacts I would expect them to spread throughout the image. If an image format expert can give some insight on this it would be great.
For now I am switching to JPG quality 10 until I know more. Thanks for the tip.
Long story short : JPG is bad, go PNG people.
@Frito : Tinfoil hats off to you
The file header is not visible in the image, so it's not that.The number used to calculate the quantization constants is stored in the JPEG image file’s header, making decoding of the coefficients possible.
Ok so let's say that what I'm looking at is the storage of a Huffman tree embedded into the graphics. How can two different images (http://i.imgur.com/nClSc.jpg & http://i.imgur.com/0PWKW.jpg) have the same hidden pattern inside? They are different images so a different Huffman tree must have been created for each. I merged the top part of the first image with the bottom part of the second and I found the same pattern repeated 5 times in 3 different rows (2-1-2).Since the output file contains Huffman codes, the original encoding information (like the Huffman tree or the data table generated from the Huffman tree) must also be stored in the output file in order for decompression to be possible. (...) One drawback is that the actual output file is larger than it needs to be. This is because information about the compressed data’s frequencies must also be stored in order to make data decompression possible.
Any suggestions? Politeness is appreciated
Interesting find, rep+
Blizz has alot of cash to develop such complex algorythms to track you.
I always knew they were monitoring me.
Last edited by pac7; 09-08-2012 at 04:59 PM.
You see, I was going through my old screenshots and I found one from early 2011 where I print-screened a buggy field that was all light brown:
I then sharpened the image and found this pattern:
This pattern is completely different from the current pattern that I found on my screenshots from yesterday and today (http://i.imgur.com/3FDgG.jpg).
Update: this happens when the screen resolution is too high because the pattern tries to make sure it will be visible enough so that at least one complete piece of it survives after any image modifications.
You asked me why I sharpen the image. Well if you zoom into my sharpened image above, you will see this:
===> http://i.imgur.com/Qc5ME.jpg <===
Does this remind you of something? Maybe this:
QR codes are basically visual representations of binary digits which, when translated into ASCII, form text. So, these patterns that I found in the images are not just random artifacts or removal of colors that the human eye can't see: they are actually machine readable data.
You are claiming that this extra padding has been added by the JPG compression algorithm Blizzard is using to assist with the decompression of the screenshots, and I respect that. I just don't see the reason why this extra "padding" has to be added in such a visible place in all images regardless of their compression needs. I captured a black screen with JPG quality 9 and it created a larger file than a JPG quality 10, because JPGs 1-9 also contain this extra padding inside, whereas 10s don't.
This could just be a method Blizzard is using to decrease the size of really colorful files, thinking that adding this padding (which might only contain decompression information) is worth it, because who ever captures monochrome screens, right? :P
I was a bit worried to discover a machine readable data pattern (custom bar-code, as I called it :P) hidden within every screenshot I shot since 2010.
1) I still don't understand why the new pattern is comprised of the same 3 elements repeating again and again (wasn't one time enough?).
2) I also don't understand why two different images produced the same patterns (if it were just decompression information, shouldn't it be different?).
3) And finally, if Blizzard indeed came up with their own proprietary JPG compression algorithm that uses padded pattern-data to assist with the decompression, how will all the image software applications of the world know how to understand this custom system if Blizzard never advertised it? Because I have never before seen so much intentional "noise" (ehem) inside a jpg file I sharpened.
Anyhow, I don't know how you translate these codes into binary digits and text but I would be really interested to ask a Blizzard developer what information is stored inside.
Last edited by Sendatsu; 09-09-2012 at 11:37 PM.
If they used EXIF/IPTC comments, anyone would be able to read their extra data in plain text format. By embedding the data inside the screenshot (by padding it among its bytes while at the same time keeping it as invisible a possible), they manage to create a mechanism where only their programmers are able to extract the hidden information contained inside (like steganography does). Still, this is "security by obscurity". If a hacker is dedicated enough, they can easily reserve-engineer it and figure out what it says.
Screenshots don't look malformed when you are viewing a lot of colors, but when it's monochrome it can be easily spotted. By using sharpening techniques you can "single out" the hidden data and can easily see that they create a standardized pattern that resembles a machine readable code.
Just because you can't see IR light, doesn't mean your remote control magically changes the channels of your TV every time you press a button. The hidden data are there; I just wonder what they hold.
Last edited by Sendatsu; 09-08-2012 at 08:22 PM.
For those of you who want to check it out... You don't have to take several screenshots and merge together. Just fly up to the world ceiling and take a screenshot just below the horizon.
Also, if you turn down the screenshot quality in-game you can see the effect without using any other image editing software. (Just remember to set it back to 10 after.)
/console set screenshotQuality 1
Last edited by McYawgi; 09-11-2012 at 02:10 PM.