World of Warcraft players discover watermark embedded in screenshots

Every closed beta I have ever participated in has asked the same thing of me: that I wait until they feel like the game is ready to share opinions and screenshots. In many cases, I sign agreements that say I will keep quiet until I am told. That’s the price you pay for getting to play the game before anyone else, and I for one pay it gladly. Inevitably, leaks happen, and game developers have needed to track them down. In response, a lot of companies have started hovering a unique ID somewhere on the screen to try and deter this kind of behavior. If you know you are being watched, you are less likely to misbehave, or so they hope. Blizzard has taken this one step further and embedded a custom QR code in World of Warcraft.

Users on a World of Warcraft forum recently discovered a series of repeating graphical artifacts hidden deep within screenshots taken when playing WoW. After some good old fashioned community wide poking and prodding, it was discovered that this graphic worked just like a QR code, and even had 88 bits of data embedded within it. After extracting the binary code from the graphic and translating it to text, it was discovered that the information contained a user’s account ID and the realm IP address. The information is mostly harmless, especially considering Blizzard stopped using account IDs publicly after the new service launched. Still, the idea that Blizzard was slipping this information in without the user being aware is pretty interesting.

Blizzard clearly states in their terms of service that this kind of activity is going to happen, but doesn’t spell out this scenario specifically. When asked for comment, Blizzard employees noted that it was used specifically for tracking down leaks when players are invited to participate in private beta tests. What’s more likely is that the information is also used to help track down users who are involved in behavior that violates the Terms of Service for the game.

There’s some concern from players that this information, however limited, would be enough for a user to be specifically targeted for in-game spam or more malicious activity. Some have gone as far as to release an application that helps quickly translate the QR code into binary. While Blizzard hasn’t responded to the security concerns specifically, I am sure that their response will end with “hey, have you checked out our Authenticator?”

I would expect behavior like to this to increase dramatically over the next year. Game developers rely on user testing to help them find and fix bugs before these games are released. That system only works as long as users are willing to keep their screenshots to themselves and follow the agreements they accepted when invited to play the game. In the particular case of Blizzard, their Beta program goes so far as to record your system information to ensure the game runs well on a variety of hardware.

At the end of the day, it’s a clever application of the QR code system and I tip my hat to the guys responsible.