Writes Greg Hoglund, co-author of Exploiting Software, How to Break Code:
I watched the [software] warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. ...[The scanning] certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.
As Schneier says
, this is truly scary stuff. Yet even a few of the security-savvy readers at Schneier's weblog are downplaying
its significance. Why? Annalee Newitz has a theory
that rings true to me: people think of routine spying as normal.
Do you realize the government would have to have a warrant to get the kind of information Blizzard claims it has the right to suck out of your computer to stop cheaters? Doesn't that seem a wee bit wrong?
In a normal world, a sane world, people would be boycotting Blizzard for having the nerve to look through their kids' hard drives. They'd stop playing Blizzard games online and stick to LAN parties, where a bunch of people network their computers together for a group game that circumvents the Internet.
I think fans are still flocking to Battle.net for two basic reasons. One, most probably don't realize Warden is spying on them (it's hard to blame them for not reading all the way through the stultifying terms-of-use page). And two, they've convinced themselves that surveillance is normal. Sure, games are supposed to be entertainment, but in reality they're just compressed, contained reflections of our everyday lives. It should be no surprise that, in an era when Americans submit to having their bags searched on the subway to get to work, they are willing to let corporations riffle through the entire contents of their personal computers so they can have a little fun.
If word gets out about this, it will no doubt register with more people that they need to read their EULAs
, but the problem is much bigger than that. How many more of our rights will courts allow
companies to click-wrap away? And how do we stop digital era privacy norms developing that let people accept things like the government demanding
that ISPs and VoIP providers make Internet surveillance (even) easier, while claiming it has the right to turn
our cell phones into location-tracking devices?