Edit: Page 6 includes confirmation from a (supposed) Blizzard representative that this is for NDA leak tracking: http://www.ownedcore.com/forums/world-of-warcraft/world-of-w...
Furthermore as the article states blizzard could use this to track private servers.
As long as Blizzard is the only party that can glean meaningful information from these watermarks I see no problem with it.
What you'd really want is encryption. If you chose symmetric encryption, the key would be in every client (easy to steal). If you chose asymmetric encryption, the message would suddenly get much, much bigger to the point where it's harder to reliably encode in a screenshot.
So your account id and realm is available as a watermark in the screen shots, what nefarious problem does that cause? (I can imagine it helps identify griefers and people who cheat and brag)
The people under NDAs, hackers, and griefers are going to know about this now and just turn them off. Which means the only people negatively impacted by it are the innocents.
My understanding (and it may be incorrect) that the character name and realm is embedded not the battlenet account id. so something Blizzard could turn into an identity but 'regular' users could not.
Combine money and time and intense interest and huge number of users gives you the situation where people will find exploits.
People in real life have (very rarely) been murdered over video game items. It's probably a good idea to make sure any hidden information is carefully encrypted.
So why wouldnt they encrypt it? Not enough space?
I just don't feel like it's okay to secretly store someone's private information in a file they believe is safe to share publicly, no matter how well you think you've hidden it.
How many bits are they able to reliably recover from the screenshot, especially if they want to survive simple downsampling? I would guess not more than 500, probably less than that given the patterns we're seeing.
You can't generate a ciphertext smaller than your key size. And 500 bits is really not enough to do typical asymmetric crypto safely.
Actually seems like more than enough room to be encrypted. They probably just didn't think of it.
you can't evade the tracking dots.
Although I'm not aware of any implementations yet.
Tomorrow on HN: "Hi, we're Stump! It's like Bump for messaging but with the encryption of STEED!"
As for endpoint security being the weak link, I tend to agree with you, but it also depends on who is trying to snoop on your conversations, and what level of resources they have.
Your average door lock and a cheap padlock pose no challenge at all to a locksmith or a determined criminal with bolt cutters. However, they are still useful for individual security, in greater part because they are a part of social and legal conventions than they are as pieces of security technology.
There is also the matter of trust varying over time. 18 year old Suzy who's still in high school but wants to be president someday might think Bobby is a prince and be in love with him right now. A year later, she might think he's a selfish jerk. At that time, she might be glad of the ability to revoke the keys to her lingerie pics only viewable on that tablet app, just before she tells him they're breaking up.
Security savvy people will respond: Well, Bobby can always jailbreak his tablet, then all bets are off. True, but there is a big difference between malfeasance before the fact (someone setting up an ambush, or breaking trust and goodwill for possible future exploitation) and malfeasance after the fact. Right now, we can't protect against either and the bar is set at the "crime of opportunity" level -- which is to say, just above the level of someone picking up a dropped $20 bill on the sidewalk. Right now Bobby can concoct his revenge after the fact and strike a tremendous blow against Suzy without breaking any criminal statues.
Just like with consumer security devices, you don't need bulletproof security to make something of value which works well enough in practice. There is already a market for security just good enough to prevent crimes of opportunity.
If this was nefarious, I doubt they would give you such an easy way to disable it. Though I am curious what the default value of screenshotQuality is.
In any case, steganography remains awesome, as ever:
Some links that confirm this
A programmer has much more possibilities to include malicious code than a refrigerator engineer, simply because a program can have an almost arbitrary complexity while a fridge can not. Furthermore we see in programs today a spectra of shady behavior which ranges from user did not notice the obvious ( Facebook assumes private data is public) to outright fraud ( banking trojans). So the due diligence for users can not be too completely reverse engineer any program they use, but that programmers have a responsibility too create reasonably surprise free software.
1) Automatically attaching image galleries to the Armory* profile of characters based on account id
2) Easy to give credit to players providing screenshots for Blizzard run contests
3) Opens the Armory API a bit more
Obviously, these can all be exploited due to the "openness" of the screenshot format.
*For the WoW illiterate: The Armory is a public database of player's characters, items, achievements, etc...
It starts like this. How far from the day companies do this with the images you take with your mobile, with the videos you stream, etc.? The world will turn into a DRM fest.
That could be interesting for finding people posting some photos under their real name, and then identifying their other interests they'd prefer to keep separate (legal interests or not).
1. NDAs - if someone's in a closed beta, and starts posting screenshots, they can quickly identify the culprit.
2. Hacks - if someone anonymously boasts about finding some exploit in the game, and shows screenshots, they can be tracked down.
3. Abuse prevention - if someone posts screenshots of themselves abusing another player, or breaking the TOS in some other way - but with names blurred out - it would still be possible to find out who it was.
If a user emails support, and their email address is not directly traceable to their login(for example, if they use email@example.com for battle.net instead of firstname.lastname@example.org as the sending email), it allows support to add that to the ticket.
If it turns out to be true, it's a pretty cool yet creepy application of steganography in the wild.
I found it interesting and wanted to share.
I don't fault them for not mentioning it in release notes - if I make a change to my apps that the user won't notice, I don't mention it in the release notes.
To the extent that they introduced a security bug, they should admit it and fix it. But that's a technical lapse, not a moral lapse.
While I applaud the tenacity in prospecting and divulging the methods at which Blizzard has employed to create such "tracking" "watermarks," I highly doubt this is to discourage or indict anyone. Quite frequently, screenshots are used during support requests.
As the author states, "we [...] verified that there is no pattern included in high quality screenshots." I find this highly suggestive that Blizzard was rather interested in an easier way to debug their program, and the mode slipped out in production.
There's a work around, please remove your tinfoil hats.
I'm curious as to what your title would have been:
"Blizzard watermarking WOW screenshots?" - This is less informative, but removes the word "secretly?"
Paranoid stoners is my guess.