Blizz warden!!!!!!! breaking privacy? : World of Warcraft General Discussions

/bump for admin can read!!!!


recently performed a rather long reversing session on a piece of software written by Blizzard Entertainment, yes -- the ones who made Warcraft, and World of Warcraft (which has 4.5 million+ players now, apparently). This software is known as the 'warden client' -- its written like shellcode in that it's position independent. It is downloaded on the fly from Blizzard's servers, and it runs about every 15 seconds. It is one of the most interesting pieces of spyware to date, because it is designed only to verify compliance with a EULA/TOS. Here is what it does, about every 15 seconds, to about 4.5 million people (500,000 of which are logged on at any given time):

The warden dumps all the DLL's using a ToolHelp API call. It reads information from every DLL loaded in the 'world of warcraft' executable process space. No big deal.

The warden then uses the GetWindowTextA function to read the window text in the titlebar of every window. These are windows that are not in the WoW process, but any program running on your computer. Now a Big Deal.

I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.

Once these strings are obtained, they are passed through a hashing function and compared against a list of 'banning hashes' -- if you match something in their list, I suspect you will get banned. ...

Next, warden opens every process running on your computer. ... I watched warden open my email program, and even my PGP key manager. Again, I feel this is a fairly severe violation of privacy, but what can you do? It would be very easy to devise a test where the warden clearly reads confidential or personal information without regard.

This behavior places the warden client squarely in the category of spyware. What is interesting about this is that it might be the first use of spyware to verify compliance with a EULA. I cannot imagine that such practices will be legal in the future, but right now in terms of law, this is the wild wild west. You can't blame Blizz for trying, as well as any other company, but this practice will have to stop if we have any hope of privacy. Agree w/ botting or game cheaters or not, this is a much larger issue called 'privacy' and Blizz has no right to be opening my excel or PGP programs, for whatever reason.

So yes The warden is breaking privacy!!!!! and this is highly ilegall......

Puting blizz in a position of being sued

So pretty much blizz is spyware!!!!!!!!!!!!!!11111

Wat i think, this is going way to far!!!!1111

For all you out there you mite want to cancel your accounts now with them going through your private info!!!!!!!!!!!!11111

Well, they probably have an agreement to this somewhere IN the EULA or w/e it is called. That way you can't sue them. I should read those things more.

Good attempt at erasing the queues for the servers ;-P

But you are right that what blizzard is doing is invading our privacy, but we agree to it by logging in to play.

wow this post is as worse as Bushes Propoganda, ok according to the terms of rights that you agree to before makeing your account and after every patch up, that they can search your account logs IF they have reports of hacking and shnuff.

Yeah, you agreed to that when you first played the game. It says in the Terms of Use Agreement:

"Blizzard Entertainment may, in its sole and absolute discretion, take whatever action it deems necessary to preserve the integrity of World of Warcraft." (Part 6 of the Terms of Use Agreement)

Basically, all of those rules that are listed in the previous sections, Blizzard is allowed to do whatever it feels like in order to make sure that everyone is following them. So what they are doing is perfectly legal.

This also goes along with the last section in the ToUA (Section 13, part A):
" When running, the World of Warcraft Client may monitor your computers Random Access Memory (RAM) AND/OR CPU processes for unauthorized third party programs running concurrently with World of Warcraft."

Parts C, D, and E all deal with getting information from your computer for either demographic purposes or for the purpose of stopping cheaters. So as long as they don't use the information for other means, they can search anything thats running at the time you're playing WoW.

So their warden program is legal, through and through. And then when they find you, under section 6, they can do what they want. It's actually a very well written ToUA which allows for a lot of elasticity on their part.



And i'm sure Blizzard isn't trying to steal your passwords. If you are really worried, don't run Quicken while playing WoW.

I know all that they are finding hacks and and stuff for ppl cant steal your password!!!!!!1111

But i dont feel it should be rite to look through private info.....
If you get wat i mean!!!!111

Well, they won't violate it so you don't have to really worry.

Can we stop putting a million !!!!!!! and 11111 at the end of every sentance. It is annoying.

Also, If you weren't doing anything wrong why worry about it. I don't care if they scan my computer.

yeah, I don't have a problem with this either. Though, I do understand that some people feel insecure with this. You shouldn't worry about this at all as long as you haven't done anything wrong. This sort of reminds me of the patriot act.

BTW danceofthedead yeah the 1111's are especially annoying, the !!!'s aren't as bad.

Yeah, I definitely thought of the exact same thing. Obviously this isn't the place to discuss these things, so i won't put any opinions, except that I as well was reminded of it. Eh, I suppose that makes this a rather useless post haha. oh well.

locked.