Game players say Blizzard invades privacy

A number of "World of Warcraft" players are up in arms over software being used by the game's publisher to scan users' computers for hacks prohibited under its terms of service.

Many publishers of MMORPGs (massively multiplayer online role-playing games) contend regularly with players crafting illegal software hacks that provide some form of gameplay advantage, such as increased speed, awareness of monsters or the like.

To that end, some publishers have deployed programs that can peer into players' computers in an attempt to detect the existence of such hacking software. Blizzard Entertainment, publisher of "World of Warcraft," is one of those companies.

We're not the police...
We have no interest in personal information because it has no direct bearing for our game."

--John Lagrave
Senior producer, "World of Warcraft" live operations team

Players sometimes cry foul about such practices, though, arguing that a game developer's need to keep out hackers doesn't outweigh customers' rights to privacy.

"It opens the ability for a company to do a whole list of things under the guise of security," said a frequent "World of Warcraft" player who asked to be referred to only by his first name, Dennis. "Once you give a company the right to scan your system, you've basically opened the door...Now you must fully trust that company with any data on your computer, because it's at their discretion that they download this data and do whatever they want to with it under the guise of stopping the hackers."

Another player, known as Malek, wrote in a forum on the official game Web site that users should be wary of Blizzard's motives.

"All of you people not concerned about this," Malek wrote, "are showing an awful lot of trust in Blizzard and its coders not to do anything malicious."

But Blizzard said that it isn't interested in anything other than whether users are trying to hack into the game.

"Our stance has always been that we really want to stop the hacker that actively attacks our game," said John Lagrave, senior producer on the "World of Warcraft" live operations team. "We have a system that looks for hacks into the actual game itself. We're not the police; we're not the Nazis. We have no interest in personal information because it has no direct bearing for our game."

Nevertheless, the history of MMORPGs suggests that sometimes game publishers underestimate players' desire for privacy. In one case, "Everquest" publisher Sony Online Entertainment quickly deactivated its own scanning software after players reacted angrily.

"We put a feature into 'Everquest' that was scanning background programs to find people who were hacking and cheating in the game," said Chris Kramer, director of public relations at Sony Online Entertainment. "We did it the wrong way. We put it into the game without alerting the player base first. We apologized to our user base and promised that in the future if we looked to use a scanning program, we'll let them know ahead of time."

Blizzard said that its own scanning of "World of Warcraft" players' computers is different from that of the "Everquest" situation, because Blizzard spells out in the game's end-user license agreement, or EULA, that the company maintains the right to perform such anti-hacking scans. Players like Dennis and others who have complained about the scanning on the game's official forums don't have much of a leg to stand on, Blizzard says.

"People should read contracts," Lagrave said. "Whenever we update our game, that EULA is always displayed so that people have to accept it every time. So it's been in their face many times."

Kramer agreed that players need to be more careful about reading what they agree to.

"People should read the EULA," Kramer said. If they don't, "that's like saying, 'I didn't read the contract before I signed it. Why does the devil own my soul now?'"

Privacy Concerns on PCs are already a Joke

This is nothing new; why would it become news now?

Anyone who read the user agreement would now they scan
memory.

But this is something basically inherent to Microsoft Windows
PCs: Any program you launch can and will violate your privacy.

Every time we download a program, we're trusting the
programmers not to do anything malicious with our systems.
This is how the computer was designed.

Unix variants, Apple computers, and other more mature
operating systems no longer have these issues.

Why is this news?

And how is knowing what other programs and drivers are
running, 'invading our privacy' when those programs affect how
the game program runs?

[mpmp0]

no problem with them scanning my memory...

or whatever i might be running while playing the game.

i do NOT want them scanning my hard drives or any USB drives i may have connected.

that is where some of us have issues.

[201293546946733175101343322673]

OSX Tigger is "mature"?

Are you on crack? :)

[Sam Papelbon]

ban anti-virus

it invades my privacy by scanning my files! save meh save meh!

Slag PC all j00 want ... but...

WoW runs on Macs, too. How do ye like them apples?

Strange analogy

The Blizzard rep's last quote seems to compare the EULA to a contract with the devil. Is that supposed the reassure their customers? Couldn't he come up with a better analogy than that? I think that Blizzard might want to look into hiring a better PR man.

EULA's

What you can't agrea to any thing until you've opened the package which in and of itself is wrong. If their so confident about their EULA's then post them in the open where I can agrea before I buy, they won't, because they know publishing their EULA's would hurt sales. And as far as updates go, they change the EULA to fit their need, If I refuse to update because of the EULA then I can't play. If I were a lawyer or had the money they would be in trouble. Sony I believe was sued once because of their game. Adobe's EUAL was found un-enforceable in certain spot's Blizzards can be too, they shouldn't be so full of themselves, it will haunt them.

[markdoiron]

Have Your Minor Kid Install the Game

eula's (as with any contract) are unenforceable on minors.

mark d.

I have to agree

You sure cant take it back for a refund once the game has been opened, I usually tend to stay away from online multiplayer games now a days as most want to charge a monthly fee to play it online, so i play single player games most of the time, but if i do any multiplayer its over my lan and usually not over the internet, as far as cheats go, i see no harm in using them on single player games, but in online mutiplayer games they should never be used in order to keep the game fair between all players, as far as scanning for these things, i dont agree with the way it is implemented, if they would let me choose to send the data or not or even see what it is they are sending then maybe but since i dont know what it is they are recieving, i think this could become a real privacy issue.

[volterwd]

Whiners...

these cheaters should **** and stop ruining the game for legitimate players... ive quit too many games because of 13 y/o pimple heads who think they are hacking by dl'ing a script...

[Scott W]

cheats suck

steam and punkbuster do the same thing and make no secret of it. it's the fault of cheats that these programs exist. all they do is ruin the game for people who want to have fun. why? it's one of the biggest reasons people quit games. newbies get beaten by cheaters and think that everyone is too 1337 and experienced players get sick of having to put up with cheaters. i would like to see companies put a big warning in saying that the game conatins software that scans your computer rather than hiding it excusively in the EULA. at the very least it would stop people complaining as much since they would not play the game if they disagreed.

you are wrong.

..and you're probably 18. grow up. people's privacy is much more important than an integrity of your gaming experience. catching so-called "hackers" is the responsiblity of Blizzard, and this should not be done by invading people's privacy. Blizzard's stance on this is the same as if i walked into your house, checking everything in the closets, etc., telling you i'm only looking for something specific. this is uncalled for and ridiculous. i do hope this is not allowed to continue.

i recently made my son quit playin this game, World of Warcraft, because the fact he plays on a family computer. it is absolutely none of Blizzards business what is on OUR computer, regardless of any EULA. this is about principal, nothing other.

there is absolutely nothing Blizzard can say to approve what they are doing, nothing at all. with the advertisement of the game, should be warnings of the user giving up their privacy, BEFORE game purchase. not after purchase, as stores do not accept opened software on returns.

[bob donut]

The real consequence: lost money.

Guess what? I'm not going to play or join world of Warcraft, just because of this. I loved the original warcraft/starcraft, too.

Even worse, it's not technologically necessary. They could have public-private keys to authenticate their code, and avoided doing any hard drive scanning.

Guess what Blizzard?
You've just lost my money.

typical corporate garbage

"you should read the EULA"
How about you should RESPECT YOUR CUSTOMER! If the average person stopped to read every EULA that was shoved in front of them on a daily basis they wouldn't get a thing done. Not only that but half of them don't make any sense unless you are familiar with business law. And another thing, since company reps are so big on legalities of EULA's maybe someone should look into the legality of stipulating that you have to give up your privacy rights to actually play the game you just purchased. Or maybe just forget all that and just dump World of Warcraft altogether and let them figure out that you can't treat all your customers like POTENTIAL cheats just because some of them are.

[SeizeCTRL]

WTF?

What privacy are you concerned about? For instance VAC2 by Valve for Half-Life / Counter-Strike etc... scans your memory to see if you have any hacks running, like altered copies of opengl.dll. Punk Buster scans for cheats and the only people that complain about that are the people busted for cheating.

The game companies aren't data mining you, they aren't reading your freaking email... they are doing what must be done to maintain a level playing field and to make sure the games stay cheat free as possible.

Eveytime I make a hardware change, Valve wants to do a hardware survey report. Everytime I install WinAMP, it wants to submit annonymous stats, same with Google Toolbar and many other programs. There is so much spyware out there that makes identity theft a major world problem... yet a few people sit here and try to act all concerned about their PRIVACY because a game company is checking to see if they are cheating. **** you cry baby noobs! Don't hack and you have nothing to worry about. Pretty freaking simple.

open package to read EULA, then uable to return

Stores around here have policy against accepting returns on opened software. Nice racket. No worries for company about returns due to EULA as stores don't allow those to happen.

[SeizeCTRL]

Reason Why

Anyone could go buy a game or piece of software, open and install it, then go download a CD crack or whatever and then return the product yet, still have a working copy on their computer. That is why a lot of places do not allow open software returns. Plus the problem with duplicate keys being in use.

[Raife]

EULAs are NOT, "law"...

Numerous judges have already ruled that such "...software EULAs" are not even enforceable "...civil-contracts".

In fact, ...a few judges have even flatly-stated that many "EULAs" actually "...violate legally-protected consumer-rights".

However, I do honestly think it is going to take a lot more consumer-backlash, to finally put a stop to this CLEAR-ABUSE of customers by business.

[Mendz]

Just one of those ways...

Some software companies have piracy protection and product authentication tools. There are also tools and utilities like MD5, DRM, digital signatures, licenses, etc. All with the general intention of making sure a software product is authentic, serviceable and safe. Blizzard has the right to check against hacks because the game server is shared by a majority of likely "unhacked" and likely "non-cheating" users. I think Blizzard is only securing not only the game's integrity and credibility but also the gamers in general, new and veterans alike.

And yes, I'd rather trust them first because, at the moment, that's the only thing I can have for or against them...

Do they really sent the data out?

To my understanding, when they are scaning for hacks, they useed method similar to what Anti-virus software uses. They will scan files looking for cirtain string of code that match the known hacks. If they detected the matching, then They would report back to the server that the cheat has been found. Similar to Anti-virus, looking for strings of virus code. It would not make any sense to send user personal data back to the server as it will overload the connection.

If you do not agree with their EULA, then you should not agree to your antivirus software you have installed, as it do just that (scans your files possibly all of your files, scan your running process for like virus activities, scan your temporary downloaded webpage (preventing spywares nd viruses) before displaying.

So, if you have anti virus, anti spyware, firewall installed you should not be complaining about EULA crap. :)

[joelkatz]

Not to be rude, but

Why do people who have no idea what they're talking about feel the need to comment? The comparison is nonsense for so many reasons, I hardly know where to begin.

For one thing, no anti-virus program I know of will send any data to the manufacturer without your explicit permission. They all make this very easy to disable, and only functionality that can't be done any other way is lost when this data is not sent.

But the key issue -- no anti-virus program I have ever installed (and I think I've installed every major one around) asks for your consent to send any data in your computer's memory to the manufacturer without further consent or refuses to operate at all if you don't give this consent.

Further, we all know that anti-virus programs do in fact scan by templates. If they find a match, they tell you, and generally let you choose what to do or configure them to do what you want.

If they find an unknown program that looks suspicious, they tell you. They then ask you what you want to do, or again, let you configure it to do what you want.

If you want to approve any data before it's sent, they all give you that options. There is nearly no risk that anything you don't want sent will get sent, unless you configure it to create that risk in exchange for greater convenience.

Contrast this with a program whose method of operation is unknown, that probably does transfer anything suspicious to the manufacturer (so they can analyze it and detect new hacks). For all we know, they might transfer all running programs that aren't already in their database, without our further knowledge.

The comparison is just so incredibly wrong-headed, I don't even know where to start. It's like saying loaning your car keys to your son for two hours to get lunch down the road is just like leaving them on your doorstep with a flashing arrow pointing to them.

Trying to be rude...

b/c the comment above didn't go far enough ("so wrong headed I don't know where to begin")

***** "So, if you have anti virus, anti spyware, firewall installed you should not be complaining about EULA crap. "*****

If I have a FIREWALL I can't complain about "EULA crap" ? Wow. You are a bleeding head wound that needs salt. How is having a firewall even remotely close to what we're talking about in this article?

Silence.

Other MMOs do this...

and they don't tell you anything about it. The best policy is not to tell anybody.

[joelkatz]

That won't work

Fortunately, you can't hide it. Other companies have tried, and people can fairly easily find out. You can tell what programs on your computer are doing if you look at them closely enough.

[SteveBarry687]

How to stop being the number one gaming company

I am really shock at John LaGraves remarks. Blizzard has always been the gaming company that goes out of their way to be friendly with their customers. They have always put out quality products.

John of course is NOT the PR person. He is much higher rank than that. This would be another example of why executives should not be allowed to be interviewed. They tend to have smug attitudes.

As for PCs being scanned for hacked code. This is not the same as an anti-virus program. If my anti-virus program detects a virus, it does not call up the AV company, who then bans me from the Internet. The AV program tells me how to fix it.

Can't the server detect if you are runnnig hacked code. I mean, if my Dark Elf Warrior is supposed to run at 35 pixels per second (or whatever the messurement), can't the server tell if I am traveling at 70 pixels per second? If my character is standing in Iron Forge one second and then I am in Scarlet Monastary the next second, can't the server detect that?

If not, why can't it?

[joelkatz]

Two questions

Please ask the guy from Blizzard two questions:

1) If I find the game in a retail store, how would I
read the EULA (or even know to read it) before I pay
for the game?

2) If I open the game and find I don't like the EULA, what retailers will allow me to return the opened game?

(What an arrogant ass.)

DS

[fujiJuice]

Two Answers

1.) Best Buy has a notice in the store that you can ask to see and products EULA before purchase.

2.) See 1.

[joelkatz]

Source?

Do you have any source to your claim that violating an EULA is copyright infringement? That strikes me as kind of strange. Copyright grants specific rights to copyright holders, like the exclusive right to distribute or make copies. Copyright law certainly doesn't say that after you buy something, you need some additional permission to use it.

[Don Key]

So stop playing

I don't get it. If you don't like the policy then don't play the game. Period. No one is forcing these people to spend 90 hours a week playing it. Problem is that they are all so hard core addicted that they can't stop playing. The only thing they will do is complain... but keep paying their monthly fee. They have to, most of these players have no life outside of the game.

[SteveBarry687]

Ummm.

Interesting approach. Attack people who play MMOs and this story isn't even about any of that. Way to go off topic and atack people that aren't even here, involved or are responding.

[Bob Brinkman]

I said it before, I'll say it again.

So Don, how's that cure for cancer comming? oh? you don't do anything important with your spare time either?

[SeizeCTRL]

BLAH!

These kids who act so concerned about the scan should simply shut up. As a gamer addict myself, BF2 / CS:S, nothing pisses me off more than playing against a bunch of idiots hacking. I'm thankful that Valve is getting VAC2 in working condition and saw a significant drop in cheats when it started kicking people. Punk Buster for BF2 is doing a decent job at keeping some servers cheat free. If you have something to hide, put it on another computer, or burn it to DVD. If you are vocal against anti-cheat scans, then don't hack and you have nothing to worry about. I doubt Blizzard, Valve or EA is going to be sending your name to the RIAA, MPAA or the kiddie pr0n police. Don't hack, simple as that!

That's not the end of line

Your 'suggestions' aren't reasonable:
Even if online gamers have multiple systems, its likely that they will use the gaming system to do some personal transactions - most likely online.

Its impossible to trust a gaming company's programmers once they have the 'license' to scan users' systems.

If they want to scan user machines, they might want to make the scanning code open-source or subject to 3rd party review.

EULA - I can't remember the last one I read. Sony's right if they are going to scan, then they have to let users know upfront about what the program does exactly and perhaps allow an open review of it.

[Bob Brinkman]

re:

Why does laziness on your part constitute bad behavior on Blizzards? If you don't read the EULA it's your own fault.

Besides, it seems to me that alot of people here are operating under the assumption that they are important enough for anyone to really care what they have stored on their computer. I hate to break it to you, but you aren't.

[Fray9]

Ok...

"Why does laziness on your part constitute bad behavior on Blizzards? If you don't read the EULA it's your own fault."

A. The majority of EULAs are illegal anyways so there's usually no harm in agreeing since it cant be enforced.
B. They are worded specifically to prevent people from understanding what they say. For the majority of people they can either agree to it not knowing what it means or throw the game away and lose $50. Which would you do if you couldnt read legalese?

"Besides, it seems to me that alot of people here are operating under the assumption that they are important enough for anyone to really care what they have stored on their computer. I hate to break it to you, but you aren't."

So no one would find your credit card numbers and access information to your bank account interesting? Must be a very nice and safe little fantasy world you live in.

In fact.. since none of us are important enough for our information to be of interest to anyone, why dont you be the first to volunteer your bank login and credit card numbers?

I agree with Don

If you don't like a company's policy then don't support it. There are currently several companies that I refuse to give my hard earned money too because of reasons just like this. That is the only way to get thier attn anyway. You think blizzard cares about half a million complainers when they continue to flood thier purses with monthy fees? No. If those same half a million subscribers suddenly terminate thier subscriptions then it might raise a few eyebrows. It's all about the bottom line... Just my 2 cents

[f00b]

Abundant with idiots

With high end assembly coders using their skills for changing game code or altering packets sent back to online gaming servers, neophitic games programmers and even "security specialist" don't have a leg to stand on.

Take Counter Strike for example, the most hacked game online. Hacks were everywhere until memory scanning came into play and then the "hack programmers" really just "script kiddies" got onto IRC(internet relay chat) and found REAL some real coders to help with their projects. So now you have Elite Programmers helping some script kiddies just for fun and you suddly have a group.

These groups worked together to try and foil the momory scans that VAC/VAC2 used to find their hacks.... this they found easy enough by randomising the process ID generated by the hack's .exe or .dll file resident in memory, along with some other thing I need not get into.

Due to this and the underground IRC scene, which allows the hacks to be distributed "discretely" without the need for use of a web of ftp server these hacks are considered "elite" due to the fact that they are not public and because of this they are never detected due to the fact that most online anti-game-hack personel need a copy of the hack to actually reverse engineer and thus make it detectable to VAC/VAC2/PB or what have you.

I read further up someone saying he felt safe with VAC2 now ... well if you go to www.japsclan.com you'll find a copy of GDSC sitting pulicly for download, Undected by VAC2, all they can doo is change the offset used withing the hack's every so often making it nessisary to update the hack... what an inconvenience! :)

If people want to cheat then they will if they are smart enough to follow through with it. I am sick of online gaming companies crying wolf when they are invading your privacy via your upper memory. If you know what you're doing then grab a packet sniffer and take a look for yourself, see what blizzard, steam/valve, EA Games, and all the rest are really recieving. Can't monitor what they're monitoring all the time ... kinda takes the fun out of the game.

f00b a.k.a isiah

Does it always have to be the Nazis?

Quote: "We have a system that looks for hacks into the actual
game itself. We're not the police; we're not the Nazis.[http://..|http://..]"

To be quite honest, I feel pretty annoyed by the trend to to
compare each and every bad move to the atrocities of Nazi
Germany. Why the hell not choose a more fitting example like
"we're not the guys who dropped two A-Bombs" or maybe "we're
not part of the Watergate fiasko"? As a non US-citizen, and I
sincerely hope I don't start a flamewar here (not my intention,
honestly!) I think the States have enough skeletons in their
closet without having to run the fascist line every time.

Just my two cents on a PR statement which leaves a bad taste in
my mouth.

[Networkjoe]

Think about big picture of agreements

When you buy a software product, it would seem that by now, one should know they are going to have to agree to an EULA. I haven't bought any software in the last 5 years that didn't have one.

That said, you should attempt to find a copy of the EULA to read before you buy the software, since, as already mentioned, most places won't refund opened software.

The EULA for WoW was easily obtainable online at http://www.worldofwarcraft.com/legal/eula.html

By purchasing a game you agree to (IMO) use the game as designed by the software company AND to the terms of the EULA. If you don't agree to those terms, don't buy.

FYI - I do play WoW

[djpaisley]

WoW - hacks

well.. if I was playing WoW I would want people that are using 'sploits to beremoved form the game... if i put in 72 straight hours in on a game and then some f'ing botter comes along... i will have wished that Blizzard scanned them first.