Hacker News new | past | comments | ask | show | jobs | submit login
Blizzard is secretly watermarking WOW screenshots (ownedcore.com)
380 points by mike_esspe on Sept 11, 2012 | hide | past | web | favorite | 93 comments

Some speculation in the thread about whether or not it's JPG artifacts, but if you make it to the 2nd page (post #21) someone included some information proving it's intentional: http://www.ownedcore.com/forums/world-of-warcraft/world-of-w...

Edit: Page 6 includes confirmation from a (supposed) Blizzard representative that this is for NDA leak tracking: http://www.ownedcore.com/forums/world-of-warcraft/world-of-w...

One reason Blizzard would do this is to combat RMT + selling your account to a third party. All they would need to do is set up a crawler on eBay or any other website where somebody has posted a screenshot of their account for sale, then dole out a warning / suspension / ban.

One reason nefarious people would use this is to gain verified account name information. Get enough of those and there are bound to be some passwords that are easily brute forced.

Furthermore as the article states blizzard could use this to track private servers.

You now log in to your accounts with your email address, so account discovery is something of a moot point.

What I don't understand is why the screenshot would contain your literal realm id, and not a hash that only Blizzard could understand.

As long as Blizzard is the only party that can glean meaningful information from these watermarks I see no problem with it.

A hash isn't really the right construct for that purpose. If Blizzard just produced a salted hash of user_id & realm, it would be pretty expensive for them to reverse it, even given possession of a complete list of user ids and realms. If they didn't salt it, they could keep one big "rainbow table", but then again so could anyone else.

What you'd really want is encryption. If you chose symmetric encryption, the key would be in every client (easy to steal). If you chose asymmetric encryption, the message would suddenly get much, much bigger to the point where it's harder to reliably encode in a screenshot.

You're over engineering this I think. The "hash" only needs to be an internal account id that can be plugged into Blizzard's database to get your account info. No encryption is necessary. There is no way to get a mapping of internal code to account info without their database.

The data wouldn't get much bigger - a 2048-bit RSA key requires the output to be at least a 256-byte block, roughly 3 times as much data as the current watermark has, not some insane amount of data. The watermark is repeated many many times in the image anyway, so it seems like the trade-off could be made between less copies of the watermark and more data in it.

Current speculation is that most of the 88 bytes of data in the existing watermark is an error-correcting code that hasn't been reverse-engineered yet, so in practice it has less actual non-redundant data than that.

We'll add this one to copier watermarks, printer watermarks, and fax machine watermarks.

So your account id and realm is available as a watermark in the screen shots, what nefarious problem does that cause? (I can imagine it helps identify griefers and people who cheat and brag)

I'd be concerned for lots of random people that take screenshots and post them online, making public their account ids. Probably not a huge deal, but it's more information that they're giving out that they don't need to be.

The people under NDAs, hackers, and griefers are going to know about this now and just turn them off. Which means the only people negatively impacted by it are the innocents.

Well it will be interesting if they go the other way, and try to 'spoof' it which is to say get someone banned by posting a screen shot of some bad behavior that points back to them.

My understanding (and it may be incorrect) that the character name and realm is embedded not the battlenet account id. so something Blizzard could turn into an identity but 'regular' users could not.

Lots of people under NDA can be pretty stupid when it comes to leaking information. I'm sure it will help blizzard catch a number of NDA breakers still.

People spend a lot of time and money on WOW.

Combine money and time and intense interest and huge number of users gives you the situation where people will find exploits.

People in real life have (very rarely) been murdered over video game items. It's probably a good idea to make sure any hidden information is carefully encrypted.

This is an old post so I don't know if anyone will see it, but I'm betting that this is used at least in part to crack down on private servers, thus the inclusion of Server IP.

If you've ever dealt with giving support to people, they usually love to give as little information as possible. I suspect this could potentially help solve any issues or disputes.

The only problem here is that Blizzard didnt encrypt the information in the screenshots. I can understand why they would embed this info, and 9/10 of those cases are ethically sound, but I wouldnt want some random skiddies get this information.

So why wouldnt they encrypt it? Not enough space?

probably due to wanting to recover as much information as possible in the event of data loss such as cropping, competing watermarks, compression, etc.

I don't feel like encrypting it would make it acceptable. Keys can be leaked.

I just don't feel like it's okay to secretly store someone's private information in a file they believe is safe to share publicly, no matter how well you think you've hidden it.

Um, this is done client-side, no? How would they protect the encryption key?

Public/private key-pair. It wouldn't stop people from faking values, but at least only Blizzard can read them.

They don't really have enough bits here for asymmetric crypto.

How many bits are they able to reliably recover from the screenshot, especially if they want to survive simple downsampling? I would guess not more than 500, probably less than that given the patterns we're seeing.

You can't generate a ciphertext smaller than your key size. And 500 bits is really not enough to do typical asymmetric crypto safely.

"The pattern, which consists of approximately 88 bytes of data..."

Actually seems like more than enough room to be encrypted. They probably just didn't think of it.

Use public key cryptography.

Edit: Jinx

Public key cryptography.

I'm growing increasingly tired of technology being used by the large to monitor the small. I'd like to see an RFS from YC for companies that use data mining, machine learning, etc. to the advantage of the individual.

I believe the best defense would simply be education & knowledge of all the encryption/privacy tools available to the average user, if they feel their ISP/whatever is snooping or intruding too far.

yet you still carry your mobile phone everywhere.

you can't evade the tracking dots.

I have a project for DRM for the masses. (will also use watermarking)

A tangentially related idea that might be interesting: adding a mechanism as easy as Bump for transferring public keys between users, then automatically encrypting all communication between them. It'd be great for business; meet people at a conference, then easily communicate with them without worrying about MITM industrial espionage.

Love this idea. Surprising that it hasn't been done yet, has it?

Sounds like "STEED", which was announced about 11 months ago by the author of GnuPG: http://www.gossamer-threads.com/lists/gnupg/users/56053

Although I'm not aware of any implementations yet.

I've seen this pop up a few times on HN now, seems a good candidate for this type of setup.

Tomorrow on HN: "Hi, we're Stump! It's like Bump for messaging but with the encryption of STEED!"

Well, the bump service itself can be the MITM. And it's not clear to me that MITM is really the biggest threat out there - seems like endpoint security is the weak link these days.

For public key exchange, it doesn't matter who gets the keys along their path from phone to phone. But, for the paranoid, you would use Bluetooth or NFC, and show a key fingerprint on both phones (ideally in the form of an algorithmically generated graphic plus the original hexadecimal) so the users can compare the images side by side and make sure the keys are valid.

As for endpoint security being the weak link, I tend to agree with you, but it also depends on who is trying to snoop on your conversations, and what level of resources they have.

The Android application "TextSecure" for encrypting SMS using Elliptic Curve public key cryptography, by Moxie Marlinspike, allows you to validate the authenticity of keys by displaying a QR code on your phone, which the verifier scans using their phones camera.

Care to share this idea? I'm struggling to see how DRM can benefit the little guy.

The "little guy" has information of "diffuse value." It's analogous to a not-rich person with goods that can be safely kept locked up with your average door lock or in a shed with a chintzy combination lock.

Your average door lock and a cheap padlock pose no challenge at all to a locksmith or a determined criminal with bolt cutters. However, they are still useful for individual security, in greater part because they are a part of social and legal conventions than they are as pieces of security technology.

There is also the matter of trust varying over time. 18 year old Suzy who's still in high school but wants to be president someday might think Bobby is a prince and be in love with him right now. A year later, she might think he's a selfish jerk. At that time, she might be glad of the ability to revoke the keys to her lingerie pics only viewable on that tablet app, just before she tells him they're breaking up.

Security savvy people will respond: Well, Bobby can always jailbreak his tablet, then all bets are off. True, but there is a big difference between malfeasance before the fact (someone setting up an ambush, or breaking trust and goodwill for possible future exploitation) and malfeasance after the fact. Right now, we can't protect against either and the bar is set at the "crime of opportunity" level -- which is to say, just above the level of someone picking up a dropped $20 bill on the sidewalk. Right now Bobby can concoct his revenge after the fact and strike a tremendous blow against Suzy without breaking any criminal statues.

Just like with consumer security devices, you don't need bulletproof security to make something of value which works well enough in practice. There is already a market for security just good enough to prevent crimes of opportunity.

Ah interesting. Data Privacy is a very good example of where DRM for the little guy would be beneficial.

'in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.'

If this was nefarious, I doubt they would give you such an easy way to disable it. Though I am curious what the default value of screenshotQuality is.

In any case, steganography remains awesome, as ever:


I don't think its disabled, the finders just aren't able to retrieve it via the sharpening technique. There is some disassembly of the WOW binary several pages into the thread which I have no way to verify but if accurate is a strong indication that this is real.

The default setting is 3.

It's probable that with a 10 screenshot quality a different algorithm can be used.

So it looks like Glyph Lefkowitz's "extremist" opinion on software ethics http://glyf.livejournal.com/46589.html was completely right. When a program does something the user doesn't want, the programmer is in the wrong. Programmer is to user as lawyer is to client. We need a recognized and binding way for programmers to submit to this code of ethics.

Your premise is flawed. Programmer is to user as refrigerator manufacturer is to user. If the fridge fails and your food goes bad, caveat emptor. If you have a problem with that, nobody is stopping you from writing your own code.

I assume you build your own refrigerator, just in case GE did include some wiretapping device in theirs?

A programmer has much more possibilities to include malicious code than a refrigerator engineer, simply because a program can have an almost arbitrary complexity while a fridge can not. Furthermore we see in programs today a spectra of shady behavior which ranges from user did not notice the obvious ( Facebook assumes private data is public) to outright fraud ( banking trojans). So the due diligence for users can not be too completely reverse engineer any program they use, but that programmers have a responsibility too create reasonably surprise free software.

I don't think we can agree on philosophy. But how can we punish those who misrepresent what their software does, when a large portion of the software out there was released anonymously? At least, if software developers were held responsible for malicious code in their products, software that could not be traced back to a developer would be easierto create than software created by a company, which would likely need more developers to review code, and insurance to cover possible lawsuits.

In principle I see the problem, since we could potentially get a lot of lawsuits arguing if strcpy instead strncpy was a typo or malicious intent. However in practice ( and assuming a well written law) most cases should be a lot more clear cut, since an entire rootkit is clearly not a typo. So thinking a little more about these issue, I think a reasonable test would be, if the developer directly profited/exploited an bug.

Commercial software is copyrighted and sold by companies. Open source software comes with copyrights and licenses. What anonymous software are you thinking of? Viruses or something?

TOR maybe.

Being a former player, I can think of some good uses for this technology.

1) Automatically attaching image galleries to the Armory* profile of characters based on account id

2) Easy to give credit to players providing screenshots for Blizzard run contests

3) Opens the Armory API a bit more

Obviously, these can all be exploited due to the "openness" of the screenshot format.

*For the WoW illiterate: The Armory is a public database of player's characters, items, achievements, etc...

Yeah except they can be faked.

Clever, although I believe it's unethical.

It starts like this. How far from the day companies do this with the images you take with your mobile, with the videos you stream, etc.? The world will turn into a DRM fest.

I was wondering recently if there's an equivalent of inkjet-dots in popular digital cameras, either deliberately added, or accidentally in noise patterns, which would allow you to link two separate images to the same camera.

That could be interesting for finding people posting some photos under their real name, and then identifying their other interests they'd prefer to keep separate (legal interests or not).

It's being worked on, you can see research papers if you google "camera sensor identification". It can also be used to detect photoshopping if you have access to the sensor noise pattern.

something like this can be used to track down someone who does bootleg recordings. Say our bootlegger buys a camera from samsung, samsung uses a water mark like this which gives out a unique device id. The bootlegger who doesn't know about this tracking thing uploads his 1080p raw video. MPAA then collaborates with samsung to find out was the bootlegger(although that would involve tracking the sale from the reseller/distributer and contacting/capturing the bootlegger).I just gave MPAA a really nice idea.

Actually, imagine how much worse this could be: person on youtube posts (bootlegged | police harassment) video under one account, family video under another: bam they have you.

I was thinking the same thing.

Very interesting technology. Would be cool to see this put to good use. It's a lot easier to get someone to post a screenshot than it is to get them to email a dump.

Isn't this just steganography? I'm quite sure organizations of all flavors and kinds are putting it to good use as we speak :)

Spore saved its creatures in their portrait pictures: http://nedbatchelder.com/blog/200806/spore_creature_creator_...

I don't see the huge issue here. There's no real private information given by this, it's just character name and realm.

A minor point: the character name is not included, the account ID is. I don't think the account ID is that helpful for any prospective hacker, but this method might allow you to compare two screenshots and confirm that they were taken by the same person.

Why would Blizzard want to watermark their own screenshots?

A couple of hypotheses, off the top of my head.

1. NDAs - if someone's in a closed beta, and starts posting screenshots, they can quickly identify the culprit.

2. Hacks - if someone anonymously boasts about finding some exploit in the game, and shows screenshots, they can be tracked down.

3. Abuse prevention - if someone posts screenshots of themselves abusing another player, or breaking the TOS in some other way - but with names blurred out - it would still be possible to find out who it was.


If a user emails support, and their email address is not directly traceable to their login(for example, if they use firstlast@gmail.com for battle.net instead of first.last@gmail.com as the sending email), it allows support to add that to the ticket.

There is no direct email address for support. You must log in with your Battle.net account and file a support ticket.

It's not uncommon for griefers or cheaters to anonymously brag about their exploits via screenshot. If the screenshot were watermarked, identifying their account and whatnot, then Blizzard could take action against them.

Definitely, but if it's common knowledge, will it still have the same ability? I would imagine people would adapt and find an alternative method.

It probably worked great until someone blogged about it.

The suggested idea (regardless of whether or not it's plausible) is NDA leak tracking: finding the people in private betas that are leaking information when they shouldn't be.

If it turns out to be true, it's a pretty cool yet creepy application of steganography in the wild.

I'm not very familiar with the product, but couldn't they just turn on the watermarking for the beta versions, versus all of production?

Sounds like it has information in it like account name and date. Could be useful for debugging.

"This item looks like it turned inside out, here's a screenshot!" (made up issue) -> now the support has all information they actually care about and which user may not even remember anymore - game version, time, servers, character ids, etc.

Curious question here: If you take the screenshot you get from WOW and open it up with photoshop/gimp/paint and save it now as PNG or different format, would it be possible to degrade the quality of the dots rendering it useless to be tracked?

PNG is a lossless format and will not cause the image data to change whatsoever upon saving. JPEG, on the other hand, is a lossy format, but until more is known, it's impossible to say whether or not this secret data (if that's what it really is) happens to be muddled by the lossyness of JPEG's algorithm.

Thanks. You got me thinking in the right direction and I found a Wiki page that talked about image formats and if they are lossy or lossless.


I found it interesting and wanted to share.

Probably not. It looks like this might be doing something clever and possibly relatively robust in the frequency domain, though the details haven't been reverse engineered yet.

Secretly seems a little strong... is there any sort of effort to cover this up, or did they just not mention it in the patch?

I don't fault them for not mentioning it in release notes - if I make a change to my apps that the user won't notice, I don't mention it in the release notes.

To the extent that they introduced a security bug, they should admit it and fix it. But that's a technical lapse, not a moral lapse.

I can see this being partially helpful when verifying that in-game screenshots have not been tampered with (for example. for support, when you claim you had an item and it disappeared etc), but I don't know if there are that many copies of it duped across the image.

There are a significant amount of logs for things like that. Screenshots are likely never accepted for that kind of request.

Is it just on my machine or does every single part of that web page start off a Amazon referral pop-up to Mists of Pandaria on click?

He give instructions on how to find the watermark. Am I missing what you mean?

Not sure whether to be upset about this or proud of the technical achievement

Textbook example of why proprietary software is bad for users.

I find the title inflammatory and ignorant; I would downvote this if I could.

While I applaud the tenacity in prospecting and divulging the methods at which Blizzard has employed to create such "tracking" "watermarks," I highly doubt this is to discourage or indict anyone. Quite frequently, screenshots are used during support requests.

As the author states, "we [...] verified that there is no pattern included in high quality screenshots." I find this highly suggestive that Blizzard was rather interested in an easier way to debug their program, and the mode slipped out in production.

There's a work around, please remove your tinfoil hats.

I'm not sure if the title was changed, but it currently reads "Blizzard is secretly watermarking WOW screenshots", which seems accurate enough to me.

I was mainly referring to the implication by omission that Blizzard had nefarious intent with its watermarking. Though, my comment was itself inflammatory; karma's a jerk.

The title, as currently, written, "Blizzard is secretly watermarking WOW screenshots" is pretty generic (and entirely accurate - They are watermarking WOW screenshots, and it is being done secretly).

I'm curious as to what your title would have been:

"Blizzard watermarking WOW screenshots?" - This is less informative, but removes the word "secretly?"

What is the omission in the title, and what title would you suggest? The title does not, to me, imply any nefarious intent.

You find facts inflammatory? Blizzard is indeed secretly watermarking WoW screenshots.

All speculation, guess work, no external sources, no reproducible results.

Paranoid stoners is my guess.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact