Well, this is more than a little upsetting. A picture, our forefathers (or someone’s forefathers, anyway) said, is worth a thousand words, but I’m willing to bet they’d have upped that wager a little if their pictures contained bits of decryptable info that revealed very sensitive personal information. Reports coming out of the world of World of Warcraft, however, suggest just that, and – given that hackers tend to flock to Blizzard products like ravens to places that will soon be dooooooooomed – it’s a bit worrisome, to say the least.
After suspecting that something was up, users on the OwnedCore forums did some digging and discovered watermarks within official (read: not taken by third-party programs, ala FRAPS) screenshots that, when decrypted, reveal three key pieces of information: 1) your account name, 2) a timestamp of when the screenshot was taken, and 3) the IP address of your current realm. (Note: that’s not your IP address.) Many users – among them, PC Gamer – then went on to verify that this is, in fact, true. Apparently, this practice dates all the way back to sometime between 2008 and 2010.
That information alone, thankfully, isn’t enough to compromise your account. It could, however, certainly aid in the process. The OwnedCore thread provides an example:
“The contained information can be easily recovered and decrypted by hackers, which compromises the privacy and security of our accounts! For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach… It can be used by hackers to link alt characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.”
That last part, users speculate, is why Blizzard implemented the sneaky tech in the first place. Private servers, after all, have a way of going kerboomsplat when all their secrets are shouted from immaculately rendered images of mountaintops.
The forum post, meanwhile, also raises another rather pressing issue: this certainly doesn’t match well with Blizzard’s own terms of service. Admittedly, the company is allowed to cherry pick bushels of information from our machines while WoW’s running, but only under the provision that said information is “communicated back to Blizzard.” These screenshots, on the other hand, theoretically communicate information to everyone. That said, the watermark info (account name, timestamp, server IP) could be construed as under Blizzard’s jurisdiction to begin with, meaning that it could easily wave away that rule in this scenario.
I’ve contacted Blizzard for comment, but in the meantime, there’s at least a way to ensure your screenshots stop morphing into giant, neon-lit “SCAM ME” signs. High-quality screens, for whatever reason, don’t carry the watermark, so simply type the following: /console SET screenshotQuality “10”.