WoW Screenshots contain hidden information

[thatwouldbestealing]

Hi,

Your WoW screenshots contain a hidden watermark, that can identify your player and realm.

Prevent the watermark:
/console SET screenshotQuality "10"

This is what the watermarks look like:


I've seen a number of people taking the time to 'mask' or mosaic their names (chat windows, UI, etc) in submitted screenshots. Which is cool, but did you know that is not enough? It is a fact that WoW screenshots contain hidden information that when deciphered contain your character name and Realm. Uploading unfiltered (blurred or otherwise filtered) screenshots could lead to your character and realm being identified. This patented watermark system could have been used by Blizzard as early as patch 2.1, or 2007-2008 and possibly licensed from a company named Digimarc.

TLR from the source:

IMPORTANT NOTE: IF YOU CAN'T BOTHER READING ANYTHING ELSE, READ THIS:
The secret watermark which is being intentionally embedded inside WoW generated screenshots below top quality, DOES NOT CONTAIN the account password, the IP address of the user or any personal information like name/surname etc. It does contain the account ID, a timestamp and the IP address of the current realm. It can be used by malicious hackers to link alt. characters to accounts and target specific spam or scam attacks, and it can be used by Blizzard to track down private WoW servers.

Coverage, speculation and FAQ:

Spoiler

Source that broke the story:
Looking inside your screenshots

Destructoid did a concise write up:
World of Warcraft screenshots contain hidden user data - Destructoid

EscapistMagazine, Kotaku and a lot of gaming news (sic) outlets covered the story and indeed even the Blizzard forums took some flack for it in on their forums. Whilst some forum goers cited privacy and personal rights' violations the Blizzard TOU and community consensus were both prevalent; this is perfectly legal, and generally a well received security measure.

• OMG so every Tom, Dick and Harry can see who I am?!!! No. The original key or code is needed. But there is a 'community' out there actively working to decipher it themselves. Supposedly it is impossible, especially when you consider post [upload to forum/Internet] jpeg-compression altering the original screenshot. If this was decoded, however, it could lead to character and realm identification. Most likely, this key rotates or changes with patches or hotfixes, meaning that it is unlikely for anyone outside of Blizzard to decipher identity from unaltered screenshots. At the moment there is progress being made, on understanding the watermark but developing a cipher to translate it may never happen.
  
• So I want to upload a screenshot, what should I do? Save as a gif or use the console command. Convert to a GIF when uploading, removing the entire JPG issue or use the WoW console command /console SET screenshotQuality "10" to remove the watermark completely.
  
• I read that the pattern repeats itself? Yes. This may be a countermeasure to users filtering certain parts of the real estate of the image, and/or cropping.
  
• No way is this possible!? Comments on the patent with diagrams, here. Link to the patent, for the mathematically astute of us -not me!
  
• They'll never break the cipher!? Progress is being made.
  
• Why would Blizz do this? General consensus is (1) identify users breaking agreed terms; and (2) identify private servers.
  
• This violates my rights!? See: Blizzard's Terms of Use, which you agree to by playing World of Warcraft.

It alarms me greatly when I see active botters uploading screenshots containing largely unaltered 'real estate' in their screenshots to the forums. I know [this and other] forums apply a lot of JPEG compression to attachments (which may or may not prevent the watermark from working); but I wanted to put out a word of caution as I couldn't find this topic covered elsewhere. I think this is a very current, serious, issue for the botting community, and especially effects those whom are trying to help others by submitting screenshots. This post is to help others in the way they submit future screenshots, not dissuade them. Perhaps it could even be mentioned in future releases or as a footnote in the forum guidelines.

I am sure there are some HonorBuddy users (new, current, lurkers or otherwise) out there, reading this forum whom are not aware of this.

All the best!

NB:
taken from a higher resolution screenshot:

focus on the repeating nature of the watermark:


EDIT: thank you theLord for the console command, updated!

 

[thalord]

Thanks to _Mike, we also verified that there is no pattern included in high quality screenshots like TGA and JPG/10. So, in order to avoid any further watermarking, type: /console SET screenshotQuality "10" which will set the quality of your screenshots to the maximum and create screenshots that do not include the watermark.

So it can simply "fixed"

 

[Alucardtnuoc]

if i recall correctly, if HB is loaded, it automaticly removes the watermark so you don't have to do any of this.

 

[handnavi]

Ooooh, what an old story!

 

[thatwouldbestealing]

/console SET screenshotQuality "10"

So it can simply "fixed"

Good call, I forgot to mention this!

if i recall correctly, if HB is loaded, it automaticly removes the watermark so you don't have to do any of this.

Hi I didn't know that, thanks for sharing. I'll try and find more info and will update.

Ooooh, what an old story!

I know it is an old story, I didn't claim otherwise. But I see people uploading undoctored screenshots and it concerns me. Try to think of it as raising awareness.

 

[tumbum]

use a screenshot grabber and dont upload original captures pictures out of wow.

 

[Kronz]

I have a question - if the watermark has never been independently decoded, how do we know what exact information it contains ?

Blizzard can tell us anything and nobody will be able to check it until the community has a way to decode these for itself.

Here is what would make the most sense for Blizzard to include in a watermark.

-Login email, as on Private Servers account ID is irrelevant to Blizzard
-Realm IP, to quickly tell where the screenshot was taken. This will eliminate the need for including additional information, such as Realm Type, Realm Zone, Realm Name
-Faction of the character
-Game World coordinates
-Account type, so if an Admin of a private server takes a screenshot, Blizzard will immediately know who to contact without investigation and delay, because they will have the login email
-Timestamp, probably in the format of MM/DD/YYYY-H/M/S/Time zone/Locale Settings/Server Locale Settings, so if a private server is running in Ukraine, they will know the exact IP, Hosting Provider and City
-Client IP, to quickly find who and where took that screenshot. GeoIP can be used to quickly identify the exact address, up to street, flat number, floor and subscriber full name and can be used to compare it to the IP's of their subscribers and link all of this particular IP's WoW-related activities, like postings on partner sites, Blizzard forums, Facebook activities, and any other places of interest and other WoW accounts he has logged into.

Possible debug info, which would make sense for them to include would be

-Character buffs, debuffs, usable inventory items, short event log, so if someone takes a screenshot from GM Island, they will have a rough idea of the tools used to get there and how it happened, or if someone posts a bug report on their forums with a screenshot, they will extract all needed debug info without begging for logs from people who barely know how to use a computer.

-Software and hardware environment, WoW settings, although the first two would be against a court ruling that they may not monitor anything outside of WoW, but since it's well encrypted they can do it and get away with it, as long as they don't appear to act on it and instead quote generic things such as "Violation of ToS", "Exploiting the economy" and so on without providing explanations that would give them out. This information can actually be compressed so, that it wouldn't take too much valuable space, and if it is compressed, it will never be discovered, as to the naked eye, even in decrypted form it will look like nonsensical gibberish and artifacts, or it will be simply unexplainable or attributed to imperfections of the decoding method or problems with the computer which took the screenshot.

Almost all of this information would be a major violation of privacy rights and laws and no ToS or EULA or contract may supersede a person's rights, or the law itself, which in this case their ToS is actually trying to do and they are getting away with it only because the way it's worded makes it very hard to contest it in court without a deep knowledge of the law or a very experienced, expensive lawyer and a lengthy court battle, which will be beyond the capabilities of a regular person. Things like the fact that it's all well-encrypted and possibly compressed make it that much harder for privacy advocates to make a claim, as they have no real proof that something possibly illegal is going on and getting Blizzard to disclose everything would be a small court war of its own, even before the real battle has had a chance to start.

 

[thatwouldbestealing]

Software and hardware environment, WoW settings, although the first two would be against a court ruling that they may not monitor anything outside of WoW

Warden has reach 'outside of WoW', as you put it; using the GetWindowTextA function to read names of Windows you have open or minimised.

 

[Bengan12]

Warden has reach 'outside of WoW', as you put it; using the GetWindowTextA function to read names of Windows you have open or minimised.

Yes and blizzard almost went to hrll for doing so as it is againjst the law in many countries.

 

[Spraymaster]

Old news, but glad more people are learning about it.

 

[Tryst]

Old news, is old news.

 

[thatwouldbestealing]

Old news, is old news.

FYI I learnt of this news when it was released. Yes I know it's old, but if you read my OP you'll see I'm just trying to raise awareness. It is only old news (sic) if you haven't read it. The thing is, I'll reiterate for you, is I find screenshots posted on the forums that would suggest *some* people are not aware of this news. Ok?