One World of Warcraft gamer has discovered that his screenshots secretly contain user info like the current server IP address, and the time the shot was taken.
There's indication that Activision Blizzard has been watermarking screenshots captured with World of Warcraft's in-game client application since at least 2008. There's also indication that Digimarc is the company behind the client's watermarking tech.
According to reports, these custom marks include user IDs, the time the in-game image was captured, and the IP address of the local World of Warcraft server. Why? Possibly to track down users that are violating Blizzard's Terms of Service like hacking the game or running a private server.
"A few days ago I noticed some weird artifacts covering the screenshots I captured using the WoW game client application. I sharpened the images and found a repeating pattern secretly embedded inside. I posted this information on the OwnedCore forum and after an amazing three-day cooperation marathon, we managed to prove that all our WoW screenshots, since at least 2008, contain a custom watermark," reports Sendatsu.
As seen here, there's a list of steps to take for those who want to be able to see the watermark on their screenshots, including finding the ideal spot that doesn't consist of a lot of textures (like snow). Users must also type /console SET screenshotQuality "9", take the shot, and then open the image in an external editor. After that, users must sharpen the image until the watermark appears – it will be a pattern of information, resembling a bar code or QR code.
"Apparently, each character has a different set of these repeatable patterns, which contain account and realm information, and it looks like if they are scanned by software that recognizes them, they can reveal our character's account name/id, the time of the screenshot and the the full information of the realm, including its IP address (think "private servers")," the post reads.
The post also points out that Blizzard's ToS allows it to communicate information about our hard drive, CPU, operating systems, IP addresses, running tasks, account name and current time and date. What it doesn't make clear is that World of Warcraft can embed some of that data into every screen captured with the in-game client. Thus, the screens fail to protect users from hackers that could use the IP address to link characters to accounts.
"The contained information can be easily recovered and decrypted by hackers, which compromises the privacy and security of our accounts! For example, someone could use this to identify which account holds which characters and perhaps stalk and annoy its user, or help perpetrators choose their phishing victims with a more targeted approach," the post states.
So far Blizzard hasn't responded to the claims, so stay tuned. To read the full lengthy post – and to see the watermarked shots – head here.