Thanks - we've added an update to the article.
Thanks - we've added an update to the article.
In sound signal processing you can find a faint repetitive signal hidden in noise by superimposing sample slices of the same length as is the sought signal's wavelength (1/frequency), which makes the sought signal to stand out from the background noise, that gets "averaged out" with each consecutive iteration of overlaying sample slices. I believe the same principle would apply here. You know where and how big the regions containing watermark data are, and being more than one of them on the screenshot might just be so this kind of "filtering" is possible.
My 2c.
I really fail to see where the issue is. In fact, I don't think that there is an issue at all.
Okay, so the watermark contains, as Schlumpf said on page 7, the account name, not your email adress, but the account name which is a different thing. Remember, before Battle.net 2.0 we used to have account names instead of e-mail adresses. So, now, instead of [email protected] you have something like 107642169#1 (see here (Looking inside your screenshots).
It also stores the IP adress of the realm you're actually playing on (and not your IP adress) and the date and hour of the screenshot.
How on earth can you be "hacked" when the only data hackers can have is an account name like "107642169#1" ?
If you try to enter this account name while logging into the game you have this message :
And you get redirected to a page that asks you your email adress and your password.
So, please. Tell me how this can be used to "hack" someone or compromise accounts.
From what i understand the watermark gets generated when World of Warcraft trigger their own screenshot function and wow saves the screen shot?
If above is correct why the hell would you install some kind of hack to disable it? Just use the OS built in screenshot function and not World of Warcraft screen shots?
Mac user: Cmd + shift + 3.
Windows: Printscreen button then go to paint and press ctrl + v.
Problem solved?
Last edited by thedruid; 09-11-2012 at 01:09 PM.
It does solve it but it means you have to copy it from your clipboard and save it where you want it. A lot of people like to randomly prt screen during a boss encounter (or similar) as they get something cool without having to stop. The tools just provides more flexibility, and you could just set quality to 10 which is a single in game command that doesn't break the ToS.
Someone make a non blizzard screenshot capture app that doesnt create any watermark or use the prntscr Function for now I guess. But very interesting find.
Answers:
There is a much simpler solution. You just set the JPG quality to 10 and WoW skips the watermark function by default.
/console SET screenshotQuality "10"
It's really interesting that you decided to use this "playing dumb" approach, by even trying to login using an account name instead of the battle.net email...
A malicious hacker could unleash Web spider bots scanning for WoW screenshots, decode their hidden watermark data and quickly create a database of which account has which alts in it, that they can then sell to anyone interested because information is power and sells for a profit.
If the malicious hackers who recently attacked Blizzard (http://us.blizzard.com/en-us/securityupdate.html Important Security Update FAQ - Battle.net Support) also managed to grab the account names (it is not clearly stated in the official report, it only says "emails"), then they could combine the two to create a really comprehensive database of battle.net ids and characters, for anyone who is interested in buying it.
Last edited by Sendatsu; 09-11-2012 at 01:45 PM.
This thread makes me very curious if it could be a similar system GW2 used during their closed beta where people allowed in had to sign an NDA. As far as i remember, they banned several accounts even though the character and/or account names were never visible.
I’m not at all competent to discuss the technical aspects of this. TBH, when I first saw the thread I dismissed it as fear mongering nonsense. However, since the OP and others have been persistent in following through with their research, I’ve been converted and now think it is likely that indeed there are hidden watermarks in our images. So assuming that they are in fact embedding watermarks, here are my thoughts:
IMHO, under US law, I don’t see anything in what Blizzard is doing that is likely to be held to be “illegal”. Remember the three contracts that we agree to in order to be able to use the game (The World of Warcraft Terms of Use Agreement (the “TOU”), The World of Warcraft End User License Agreement (the “EULA”), and the Battle.net Terms of Use Agreement (the “BNTOU”)) all clearly state that what we are purchasing is the right to use the service and limited license therein. They go on to further clarify that we do not have any ownership right in any of the part of the game.
In particular the EULA states in relevant part (emphasis added):
I think it is highly likely that a U.S. judge would read that laundry list to include screenshots. Meaning, that any screenshot we take, is still the property of Blizzard. As such, Blizzard could put any information it desires into their screenshots, provided such information does not share otherwise legally protected information of the user.Ownership.
All title, ownership rights and intellectual property rights in and to the Game and all copies thereof (including without limitation any titles, computer code, themes, objects, characters, character names, stories, dialog, catch phrases, locations, concepts, artwork, character inventories, structural or landscape designs, animations, sounds, musical compositions and recordings, audio-visual effects, storylines, character likenesses, methods of operation, moral rights, and any related documentation) are owned or licensed by Blizzard. The Game is protected by the copyright laws of the United States, international treaties and conventions, and other laws. The Game may contain materials licensed by third parties, and the licensors of those materials may enforce their rights in the event of any violation of this License Agreement.
The EULA also states (emphasis added):
I think a screenshot is very likely to be classified as a “derivative work” and as such I think Blizzard would claim it owns the copyrights thereto. IMHO, it would likely be successful in making that claim.WORLD OF WARCRAFT®
END USER LICENSE AGREEMENT
Last Updated August 22, 2012
IMPORTANT! PLEASE READ CAREFULLY.
THIS SOFTWARE IS LICENSED, NOT SOLD. BY INSTALLING, COPYING OR OTHERWISE USING THE GAME (DEFINED BELOW), YOU AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, YOU ARE NOT PERMITTED TO INSTALL, COPY OR USE THE GAME. IF YOU REJECT THE TERMS OF THIS AGREEMENT WITHIN THIRTY (30) DAYS AFTER YOUR PURCHASE, YOU MAY CALL (800)757-7707 TO REQUEST A FULL REFUND OF THE PURCHASE PRICE.
This software program, and any files that are delivered to you by Blizzard Entertainment, Inc. (via on-line transmission or otherwise) to "patch," update, or otherwise modify the software program, as well as any printed materials and any on-line or electronic documentation (the "Manual"), and any and all copies and derivative works of such software program and Manual (collectively, with the "Game Client" defined below, the "Game") is the copyrighted work of Blizzard Entertainment, Inc. or its licensors (collectively referred to herein as "Blizzard"). Any and all uses of the Game are governed by the terms of this End User License Agreement (the "License Agreement" or "Agreement"). The Game may only be played by obtaining from Blizzard access to the World of Warcraft massively multi-player on-line role-playing game service (the "Service"), which is subject to a separate Terms of Use agreement (the "Terms of Use") incorporated into this Agreement by this reference. The Game is distributed solely for use by authorized end users according to the terms of this License Agreement. Any use, reproduction, modification or distribution of the Game not expressly authorized by the terms of the License Agreement is expressly prohibited.
With that in mind, I think there are potentially some interesting and unclear legal issues with regards to screenshots (suppose I take a screenshot that is Ansel Adams beautiful, and people want to buy it from me and I want to sell it, would I have the right? Could Blizzard stop it?), but those issues are separate from, and should not be confused with, the issue of whether or not Blizzard has the right to control what information ends up in the file dump that is created when you hit the screenshot button. The fact is that all the information that goes into the screenshots is dictated by Blizzard’s programing and this watermark information is just a small part of what their program creates. It would be very hard to argue that they are free to control all the other information (color info, etc) but not this information, since their program “makes it all”.
They give the disclosure, and the opt-outs, in the TOU, EULA, and the BNTOU. We all accepted that the first time we installed and used the game and after every patch since.
That is probably a bad assumption on the part of the user. There is nothing in the TOU, EULA, or BNTOU (“the Agreements) that I read which would lead me to think I have an expectation of privacy in how Blizzard choses to enforce the Agreements when it comes to non-personal information (e.g. server name, server address, server time, etc.). If they were submitting, and “broadcasting” personal information (e.g. my credit card info, address, real name, etc.), that would be a different story. But, since:
I don’t think a judge would hold that Blizzard is under any obligation to keep account id, timestamp and realm IP address private. This is particularly true given that this information is arguably still private, it is well hidden and none of us knew about it for years. Even now we still can’t extract this information from a “normal” screenshot (i.e. if Blizzard was obligated to keep this information private, which I don’t think they are, then they have probably met their burden by using the current method).
I think that’s a bad analogy. What you are essentially saying, if I understand you correctly, is that you want the right to violate the Agreements, but still use the software with complete privacy. I think you give up what little expectation of privacy you might have, when you chose to violate the Agreements.
A better analogy might be a thief who steals my camera, but thinks I should not be allowed to look at the exif data on the photos to prove it was taken with my camera, since he took the photo and it’s his artwork? Not to imply you are a thief of course.
As I stated above, I don’t think they used illegal methods of tracking private servers. The code for these watermarks was assumedly in all released copies of WoW, it was not somehow stealthily injected into only the copies of suspected private server users. I also have a hard time seeing how this information can be seen to be “endangering their privacy and security in the name of profit”. Frankly, I respect the work you’ve done in this thread, but these sorts of statements needlessly undermine the creditability of your legitimate technical findings.
I’ve been a member of this forum for a long time (mainly a lurker), please don’t read any of the above to mean that I support what Blizzard is doing, or that I am against the creative activities we enjoy and discuss: I just don’t think it’s worth wasting much effort or hope on thinking that “we have Blizzard by the balls this time! What they are doing is illegal!!” I think the truth of the matter, is that they are likely fully within their rights to embed such information into screenshots.
Thanks for making us aware of this, and I for one will certainly take it into consideration when posting public screen shots in the future.
Disclaimer: I am an attorney, but I am not your attorney. The thoughts expressed in this post are my own personal opinion on the issues discussed therein, and should not be viewed or interpreted as legal advice. My thoughts expressed do not represent the opinion of anyone else on the forum or the forum itself (or the owners, employees, officers, or directors thereof). My opinions should not be relied upon to make decisions regarding any course of action you may or may not have against Blizzard. If you think you have been wronged, you should consult your own personal attorney.
I find this thread hilarious. Sendatsu posted it and instantly got flamed and now after research and bringing up evidence people instantly edit their flame posts.
Sendatsu you owned them hardcore.
Well there was an overlay that filled the screen with your email address during alpha and beta... So unless someone managed to remove that overlay and still got banned for leaking NDA stuff, I don't think anyone has been banned during alpha/beta because of a similar system.
Abra su mente a la realidad.
Do NOT contact me about trading section stuff. Contact a section MOD instead.