I'm writing this in effort to get some kind of response from Blizzard, as Wardens behaviour after patch 2.3 has been changed considerably. If you already know what Warden is and about the previous conflict that happened between Blizzard and gamers who were afraid that Warden compromised their privacy then skip the points 1 and 2. This blog post is nearly an exact copy of a post that was done on the WoW Europe General forums at:
http://forums.wow-europe.com/thread.html?topicId=1640444508&sid=1
I have mirrored the post here in case the post on the WoW Forums gets deleted. I also encourage you to spread this information around by posting on guild forums and such. Please link to this blog post in case the post on WoW Forums gets deleted. You can contact me at wardn23@gmail.com . You can also join the channel #warden on QuakeNet for further discussion on this topic.
1. What is Warden and what does/did it do (PRE patch 2.3)?
Warden is Blizzards anti-cheat program that comes with WoW. If you're running WoW then Warden is running in the background. Warden is downloaded "on the fly" from Blizzard servers and can be updated at ANY time possible without the user noticing it, not only at the same time with patches. Warden runs several times in a minute. It reads ALL your Windows title bars, and scans the first bytes of ALL your running processes. Warden then "hashes" this information and compares it against a list of "illegal hashes"(cheat/3rd party programs). If it finds a match you might get banned.
2. So why should I be worried (PRE patch 2.3)?
Window titles and first bytes of your processes could easily include some private information, like social security & credit card numbers. Blizzard has previously stated that players should be OK with this information being gathered as it is not used for anything else except detecting cheaters. Already before 2.3 Electric Frontier Foundation labeled Warden as spyware and called it a "massive invasion of privacy":
http://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware
Here are links to related BBC and news.com articles, both published in 2005:
http://www.news.com/Game-players-say-Blizzard-invades-privacy/2100-1043_3-5830718.htmlhttp://news.bbc.co.uk/1/hi/technology/4385050.stm
3. What changed in 2.3 and why if I wasn't worried before should I be worried now?
Before patch 2.3 there were ways to expose what Warden was doing. There was a program called "The Governor" which allowed one to see what data Warden was dealing with. As of patch 2.3 Warden has been changed so that it includes a cryptographic function which effectively disables our ability to see what kind of information is being sent to Blizzard servers. Now we have no way of knowing if its just our processes and window titles that are being scanned, and that it is only this information that is being sent further.
As far as I know, by encrypting the data that is being sent by Warden Blizzard did at least momentarily achieve to disable a software called "ISXWarden" that was being used by some botters. This was a small victory for them though, since the amount of ISXWarden users compared to some other popular bots is low. The other popular botting programs remain unaffected by this change. But I am a lot more interested about my OWN PRIVACY than momentarily stopping an insignificant amount of botters. This Blizzards war can be (unfortunately) compared to DVD or Blu-Ray encryptions - with a software detection like Warden Blizzard may slow down the cheaters/botters but they will always find a way to go around it. And the normal users privacy gets invaded because of this.
For those who are interested in the technical details, here is a link to ISXWardens developers comments about the recent Warden change. Keep in mind that what he has posted in regards to the technical aspects of Warden and what it could do to invade our privacy are true but I believe that his main motive is not the potential invasion of privacy, but the fact that his software was at least momentarily rendered useless by this recent update: (he does bring up interesting points though)
http://onwarden.blogspot.com/2007/11/storm-is-brewing.html
Warden, as a program that is running on our computers could be made capable of (for example) scanning our hard-drives. Is our trust in Blizzard and all of their employees this great? We allow them to scan for all this information with a program that could be updated any second without us noticing it, now without even knowing what information they might scan for, just for the sake of cheat detection? What if a real hacker gets his hands on the "Warden server" and maybe decides to change the Warden code a bit?
Why are other ways of detecting hackers/botters/cheaters not implemented? Blizzard should concentrate on detecting the possible botters with means that do not invade our privacy! There are ways to do that, why are the GameMasters not doing their job and checking for possible botters ingame, why are the bots who have been reported several times by different people still running around? Why are the characters who are online 24/7 farming gold not being checked on? Does this game not bring enough money to Vivendi/Blizzard for them to hire a few more GMs?
4. But by accepting the EULA and TOS you agreed to all of this, stop whining crybaby!?
Blizzard knows that hardly anyone reads the EULA and can hide pretty much anything in that large junk of text that is hard for a normal human being to interpret without legal advice. If Blizzard is allowed to do this without any criticism at all, more software/game firms will learn that they can do it too and we will start seeing more and more "Wardens" invading our privacy. Furthermore, the EULA and TOS are largely not enforceable by laws in many (if not all) European countries. I am no legal expert but violating the EULA doesn't mean that you're violating the law.
Edit:
In response to the replies that the post on the European WoW forums has been getting: I'm not suggesting that Blizzard would look through all your personal files to check who your first love was and to check through your personal porn archive. I'm being concerned that such big companies are allowed to do this with no word raised against them, without them telling openly about Warden to the public, hiding it in the junk of text in EULA is definetely not that. Again, here are some of the articles published when Warden first was released, this was before patch 2.3:
http://www.eff.org/deeplinks/2005/10/new-gaming-feature-spyware http://www.rootkit.com/blog.php?newsid=358
http://www.news.com/Game-players-say-Blizzard-invades-privacy/2100-1043_3-5830718.html
http://news.bbc.co.uk/1/hi/technology/4385050.stm
Edit2:
The issue, in other words, as put by Ramshir from EU-Neptulon:
"While I agree that Blizzard would never abuse the information, I personally don't think that's the issue here. It's simply this: Is this the way we want things to work in the future? For every game you play you have a program scanning your PC. Different companies will have different policies on what they consider "appropriate". Smaller companies might not have a reputation like blizzards to protect and they might do something you wouldn't want them to. In short, it's the whole "I gave the little finger, over time they took the hand" -issue.
While the motives of the OP are just as much in question as Blizzards in the least, the issue is still a real one. I for one simply do not like the idea of having programs on MY COMPUTER that do stuff that I'm not aware of and stuff I can't supervise. A person having a camera in my apartment might not do me any real harm, but it would still make me feel uncomfortable. That's why I have the right to not have cameras in my apartment. It is my belief that a future where I have the same comparable rights when it comes to computer software is a better future than the one where I don't have those rights."
torstai 15. marraskuuta 2007
Tilaa:
Blogitekstit (Atom)
Warden invades our privacy