We need more encryption and security, not less

http://falkvinge.net/2015/01/14/hilarious-activists-turn-tables-on-political-surveillance-hawks-wiretaps-them-with-honeypot-open-wi-fi-at-security-conference/

The linked article shows just how trivial it is to use metadata to identify the entity associated with the connecting device and start to unpick further details of their life, work and the supposedly secure stuff they’re working on.

Security, a thought for the day

If the ‘good guys’ have a backdoor then so do the criminals
If the ‘good guys’ can crack your encryption, so can the criminals

Having weak encryption would not have stopped the Paris attacks as the security services had already stopped monitoring them.

If you think “I don’t use encryption” then think again, when you bought something online you used encryption, when you made a mobile phone call encryption was needed to protect the setup of the call, your password is stored (or should be) in an encrypted format to prevent hackers from simply downloading a human readable list and so on. Encryption isn’t some dark evil used only by terrorists, it’s used by all of us for good reasons. The government needs to give better reasons for denying it to the public than “terrorists!!”.

Alternatively maybe they’ll be happy that all their governmental and private communications are no longer encrypted to make the job of the press easier in reporting on their deeds and misdeeds, for surely if they have “nothing to hide they have nothing to fear”

Real ID, next steps

I’ve previously discussed my general thoughts around Real ID, the problems with it and some of the motivations which were driving Blizzard.  I do not actually ascribe malicious intent to Blizzard or Activision.  I know this goes against the received wisdom that Kotick is satan reincarnate but to be honest I think this is so much garbage.  It’s more likely that the system was put together without serious input from outside the company, much like Google’s Buzz, remember how much grief that caused when that launched, it’s largely the same principle at work.  Large corporations are used to sharing information internally, pushing contact details all over the place, there is also a tendency within large corporations for people to ‘share’ information about themselves as part of introductions in meetings, particularly for kick-off meetings without remembering that there are people who like to only share details of their lives on their terms.  I count myself in the latter group.

Anyway onto the meat of this post, thoughts on what we’re doing already out on the web for ourselves and where I believe Blizzard are going to try to use Real ID to provide ‘new’ services and make more cash off us.

Sharing, everyone is doing it!

Let’s have a look at what millions of people are already doing, without an apparent care in the world

  • “Friending” just about anyone (Facebook / LiveJournal / etc)
  • Sharing family details, relationship status, birthday with either the ‘friends’ list or the whole world
  • Sharing details about interests with the world
  • Sharing (almost) minute by minute location information
  • Writing in great detail about the ups and downs of their lives, their loves, sex, illnesses, financial woes, names of banks

Facebook is a fact of life, I read somewhere recently that they’ve gone through the 500 million subscriber window.  Even if only half of those are regularly users that still a huge number of people sharing their data with just about anyone.  For some users it’s a race to see who can have the most “friends” and be as open as possible about the most intimate details of their lives.

It would be complete nonsense to assume that at least some of Blizzards millions of subscribers use Facebook.   Indeed a significant number are using it to keep track of when raids are meant to be and build a social shell around a raiding core, to build interest and bonds which keep the group going through the slow periods.

Communities of interest

Blizzard wants to keep building on the guild model, it’s part of the social aspect to the game which keeps players within Warcraft rather than drifting off to another MMO or RTS game.  I’m as guilty as other people, one of the ties which keeps me playing WoW rather than exploring EVE or LotRO is that the ‘home’ guild is full of people I know, I think there’s only one I’ve not physically met and of the rest one who I’ve not shared a beer (or other alcoholic beverage) at some point in the last decade and a half, and that’s only because he’s underage.  So vent is part of how we play the game, running dungeons for run and relaxation is what we do, the social aspect is important.  The raiding guild (until it suffered from pre-cata collapse) had a different feel to it, friendly but not ‘social’ in the same sense, in my use of the game the raiding guild was there to provide the solid progression challenge and the home guild to provide the social base.

Social guilds tend to provide their own glue, with the interaction of the players keeping things ticking over, possibly with larger guilds having a forum or using such as Facebook for out of game communication and co-ordination.

For larger guilds and those focused on specific progression (raiding, levelling, RP, PvP and so on) there is a whole service industry

  • Guild websites
  • Guild forums
  • Sites collecting information about the game (wowhead, wowwiki, mmochampion)
  • Progress tracking sites
  • Guild recruitment
  • Guide sites (levelling, raiding, gold etc)
  • Blogs (by the metric tonne)
  • Facebook groups, both for WoW and for individual guilds / alliances
  • DKP development & sites
  • Voice communication (vent / teamspeak / mumble)

It’s huge, and the returns are paying for these services either through direct subscription or through advertising.

The community is incredibly powerful, but…

The problem, Fractures

At times in the game cycle where the game is lacking in draw, and the strength of the ties within the various guild types is not sufficient to hold players in the game.  It’s happening in WoW at the moment, progression has slowed massively, the noise on /trade on maintenance day for the weekly is a fraction of what it was 2-3 months ago.  RP levels are up in the home cities and the levelling zones are crawling with freshly hatched alts, Auction House traffic levels are down.

If there wasn’t an expansion due I’d be expecting realm closures and a winding down of the game.

However we all know what is happening and come November (or somewhere close) the numbers will ramp up again with a huge spike as Cataclysm hits the live servers, however the fallout at the moment is pretty terrible, raid groups are collapsing in on themselves, some people are leaving the game for good (too easy, vanilla was better) the group and social cohesion is breaking down as is seen in LFD with the increase in morons in groups.

Players want to know they can find good players they want to group with and push through the new content.

Also players are moving off onto Starcraft II and more worryingly from Blizzards point of view, they’ll be heading off out into the uncharted realms of Dragon Age and other MMOs.  If the social glue isn’t strong enough, why not go and explore something completely different?

No money for you Blizzard!

All of this adds up to a problem, Blizzard needs players, with products such as WoW and SCII it needs players to keep shoving coins in the slot every month, forget the sales of the boxes they’re nothing in comparison to the monthly subscription.  The model Blizzard rely on is to keep content going through social interaction & ‘progression’, let’s be honest without the driver of the badge grind and helping friends through the content who in their right mind would kill approximately 1800 5-man bosses in roughly a 2 year period on a single toon.

So the players need to be glued together or the subscription money dries up and more importantly it doesn’t come back to the same (or greater) level when the new content drops.  Prior to realID all the control on how the players grouped together and interacted outside of WoW was in their own hands, Blizzard had to do nothing, they could simply be there and ride on the back of it.  However this means they cannot direct it, add their own focus on where the playerbase should be looking for their next fix or indeed make some of the folding stuff.  I can imagine that relying on external forces for the ongoing growth and maintenance of your games is something which disturbed Blizzard/Activision.

Social Networking crawls from the Twisting nether

Like a twisted entity from the nether itself, intent on sucking the very life from everything it touches social networking tries to enter every aspect of our life.  We’ve already looked at how hundreds of millions of people globally hooked on social networking.  So the underlying fabric is there, Blizzard simply need to use the ideas and technology to start formalising that structure.

Within Activision

Stage one, the fabric is needed to link all the players together both within games and across Acti/Blizz games, that’s where Battlenet and realID enter the frame.  At the billing level this allows simplification of databases, authentication and the like, it’s also brought together the Real Name -> ${games}/${all_characters} mappings.  Now the fabric is in place let’s make it easy for anyone to talk to anyone else with the realID friending capability.

Problem 1 Solved: Players are glued back together within the Battlenet universe.

Stage two, while the above helps it risks leaving a large segment of the player base who have left for other MMOs, completely different games or even completely stopped gaming for the moment.  Let’s make it simple to hook Facebook contact lists to in-game account information.

Problem 2 Solved: Players are glued together with the current leader in the social networking sphere.

Stage three, profit

Both the previous phases of this are about preserving revenue, they do nothing to increase it.  The relationship with Facebook brings some viral advertising possibilities which might draw in new gamers but I cannot see this is anything more than a percentage point here or there.  Gamers will already be looking at the big launches, non-gamers may be pulled in but they’re more likely to be recovering gamers who’ve managed to shake off the habit for a while.

There is another group of gamers out there, let’s call them timelapse gamers.  Farmville is the classic example, unlike SCII, WoW or the other online properties there is no need for these gamers to all be online at the same time, everything is done in a manner which is more akin to “chess by mail” where actions are taken and shoved onto the stack and the other players react to what’s happening on the stack.  With a major focus on social progression, in that “I must keep my farm growing and well-tended to keep ahead of $other_fb_user”.  However I’m not convinced that Activision is seeing this as a particular growth area for the company.

So features which they could be bringing out (all as additional services, naturally), much of what follows is a stream of consciousness approach to the issue… so.. sketchy on details.

  • Facebook hosted guild functionality
  • Building DKP or something similar into the game, they are putting a lot of effort into making guilds very attractive to players.
  • Raid planning / organisational tools which hook into FB or similar
  • We have external access to the Auction House, why not the calendar, in-game chat, generating in-game mail?
  • Messages from Facebook into the various games?
  • “PUGbook” – a completely random unfleshed out thought which has drifted through my mind
  • Possibly stupid thought, but a Farmville game focused around pets earned / purchased within the likes of SCII / WoW?  If people are willing to keep a non-existent field growing with imaginary crops, why not feeding a WoW dragon and raising it’s young from eggs?

I certainly see nothing unlikely about Blizzard taking ideas and services which are already in wide use in the community and creating their own versions, they’ve never been shy about taking the best and most popular ideas from the Addon community and integrating them into the core game.  So extending that reach further is well within their mode of operation.

Advertising

It’s been denied many times, but there have been announcements in the past and I think it’s safe to say that any company will do what it thinks will bring in the most profit for the minimum of acceptable risk to its bottom line and where the organisation wants it’s reputation to be.  This will not necessarily align with the views of all its current or potential customers.  Opening up to Facebook brings solid gold information on the hobbies and interests of millions of users and how those users are linked.  Advertisers want solid information, with the way the media is evolving getting relevant adverts to the eyeballs of internet users is where the money lies.

Will they bring adverts into the games?  This depends on the game, WoW, not yet.  It would smash the immersion which does exist into many tiny pieces, this doesn’t mean we won’t see it on the launcher or on the official sites.  The FC channel can work both ways, once you’ve confirmed the BNet to FC link you’ve also let Blizzard see your interests as logged on FC, targeted advertising again, focused high value eyeballs.

How far can this go

As far as the paying customers are willing to let it, Blizzard will continue to develop along these lines for as long as the profit / risk balance is acceptable.  We’ve seen already how pressure from the community, and I suspect the realisation of just how much at risk their staff were has caused them to back off.  However my belief is that we are seeing only a tactical withdrawal and futher attempts to drive this forward will be coming our way.  If the users accept the changes then more will be around the corner, given how the concepts of ‘friend’ and ‘privacy’ have been changing over the last decade I am not holding out much hope for the medium term.

Latitude

Google Latitude, it’s cool technology, I have nothing to dispute there.  It’s the technology and capability my teenage self dreamt of.  Today I got an invitation to share my location with someone I know (someone who I do count as a friend, not the lobotomised definition that Facebook, Livejournal et al have given us).  However I have to ask myself the question.  Why would I want to share my location, it’s amazing that my phone can work out where I am within a very small margin of error, translate that into global co-ordinates, send it back up into Google who track and log the information and present that information on a map for people to view.

What is the benefit to me, what is the benefit to the person I know?

I can think of a few specific cases where I’m trying to meet up with someone but the need for the databases of my position and the like just aren’t needed.  So for the moment I won’t be sharing my location, if you need to know where I am, ask me then and there.  If you need to know where I’m going to be, ask me.

Online information & security

Another day, another information horror story of sorts.

Someone has stuck a bot crawling Facebook for public information, collated it into a nicely presented format and slapped it up on a torrent for downloading.  Let’s look at the impact of this.  Fundamentally it changes very little, this is all information which users of Facebook have put into the public domain either actively or through not unchecking the right options.  The difference is that it’s collated into a easily parsable format, ideal for spammers to grab and shove into their databases, quickly searchable and so on.  We’re not talking about a zero risk event here, but something which is akin to moving fruit from a branch which requires a little bit of reaching to something at waist height.

So what is the impact here, hopefully a wake up call to all those users of services such as Facebook as to keeping an eye on what information they’re putting into the public domain, what links to friends they’re making public, what photos, what details of their personal life.  Who hasn’t heard of the stories of people boasting on Facebook about pulling a sickie forgetting that a co-worker or boss is on their friends list.  Making the dope habit public while the boss is known to be massively anti illegal drugs and so on.

Banks still use information such as maternal maiden name for authentication, how difficult is it now to find that information from the Facebook data dump for a number of users.  While in itself that is not the key to your money it’s another piece in the puzzle, all of which makes it a little easier for the bad guys to get at your account and at the same time make it harder to convince the bank of your innocence.

The financial costs are normally recovered, at least in the EU, what about the time and stress in dealing with such issues, that cannot be claimed back off the bank.  It’s not entirely their fault that their customer is putting their entire life into searchable databases.  How about having to cancel that credit card and be issued with a new one, updating companies which are taking their money through recurring mandates, updating the booking with FlyCheapAir and the hotel room for the same trip and so on.  All annoyance and pain.

So this is both a complete non-story “person puts information in the public domain into the public domain in a different format” it is also at the same time a major story “Millions putting information into the public domain which they rely on to secure the services they base their life on“.

BBC Report

Real ID, some blue updates

Another day, another update on Real ID (Updated Blue on Real ID), Let’s look at some of the interesting points.

Addons

A bit of a dodge here by Blizz, apparently as long as you don’t install an addon designed to collect the data there’s no risk.  However how many of us spend the time to download addons and check them line by line looking for attempts to access Real ID information.  Sloppy implementation by Blizzard, I’m surprised that they’re still dodging this, though it is stated that there are attempts ongoing to change the behaviour.

GameBook

The end-game is announced, they want to be a social networking / gaming company.

Other stuff

There is another blue floating around where Blizz have stated that they are working on changes to make the friend of a friend sharing optional / configurable.  Once that is in I might be more interested in it as a feature, though I still personally want the ability to have “stealth” alts / games, there are times when I what I want to do is slack on another alt and just kill things.

http://blue.mmo-champion.com/t/14135575992/answers-to-common-community-questions-real-id

Real ID, the battle is over

For the moment.

Things have had a chance to calm down and settle though the rumblings are continuing, rather like the earthquakes we’re getting in the build up to Cataclysm. I’m hoping that it isn’t a portent of what is to come in the future.  The storm on the forums and what I suspect was/is a sustained flow of cancelled accounts, especially given the reports of the account management system failing or being very slow thus indicating that it was at the very least under stress, Blizzard have completely backed down.

Well, no.  They haven’t.

Our focus has all been on the forums announcement, however the underlying technology and direction remains, mapping our real names to our in-game personas and to our usage of games into the web of public information as much as possible.  The statement from Blizzard makes this clear.

Forum Announcement

I want to make sure it’s clear that our plans for the forums are completely separate from our plans for the optional in-game Real ID system now live with World of Warcraft and launching soon with StarCraft II. We believe that the powerful communications functionality enabled by Real ID, such as cross-game and cross-realm chat, make Battle.net a great place for players to stay connected to real-life friends and family while playing Blizzard games. And of course, you’ll still be able to keep your relationships at the anonymous, character level if you so choose when you communicate with other players in game. Over time, we will continue to evolve Real ID on Battle.net to add new and exciting functionality within our games for players who decide to use the feature.

There we have it, Real ID is here to stay and Blizzard intend to make it a core element of their games and the way we interact with them, there is a massive social networking pie out there and they want to see a slice of it.  Let’s be honest, there is big money in social networking.  Investors love it, as a movement and as a technology it brings lots of people to the same place, provides a lot of demographic information, all of which is freely provided and normally costs vast amounts of money to collect through surveys.  All of which gives plenty of information for marketing to get their hooks into to extract more money from us, the public.

Activision / Blizzard are a company, their prime reason for being is to make money, remember this, it’s important.

Everything the company does is designed to bring in cash, some of which is invested in current and future products, some maintained as a surplus ready to deal with issues, emergencies, unplanned expansions to their operation (a game is massively more popular than expected and more equipment is needed for example).  The flip side of the balance is they maintain their core position in the market by providing good solid games which appeal (initial sales), which have long lasting appeal (ongoing subscriptions) and generate a lot of loyalty to the game and the company (pushback against other entrants to the market).

They need to keep us satisfied & and happy.

We don’t own Azeroth, we just think we do

This is true in the most brutal sense, Blizzard own the databases, they own the servers, they employ all the people working on it.  It is their sandbox, we are invited in to play there, for a certain consideration on a monthly basis.  However we invest time, huge amounts of time, without that investment of time, love effort WoW would be far less than it is now.  Consider how much work officers do in preparing and organising raids, farmers bringing materials to the AH, crafters converting those into the enhancements needed by players, RPers adding colour to the world.  Outside the game what about the hours of effort in spent updating wiki’s, theorycrafting, the original builds for wowhead, wow.com and the myriad of other sites and blogs.

Would the attraction of WoW continue without the additional effort put in by all those volunteers?  I’m sure it would, but something would be lost, some of the glue which links players across realms would disappear, without that glue there is less holding us in Azeroth, why not go have a look at something new, it might be shinier, there might be nicer people.

Battle.Net

Battle.net is a logical development, when they have many games it makes sense to consolidate the account management into a single tool, I would suspect that the multi-player aspects of SCII are going to use technology taken from WoW and Diablo 3 will be using the next iteration of that development.  That it was optional was something which would never last, there is simply too much money and effort to be saved internally from combining the function into a single system.

However, it has provided the additional linkage between players, their games and other meta information which has laid the foundations for the current mess Blizzard are in.  There is also a tone being set which puts players backs up “Don’t worry, the new feature is optional” which becomes in a short period of time, “You can’t access this without using the new optional feature, but you don’t have to use it….” with a logic extension being “It is now mandatory, you must use real ID to be able to use any of the features of the service you’re paying for”. Many players have spotted this sequence and now tend to be suspicious of “optional” features.

I’ll set my stall out clearly at this point, the day Blizzard make the sharing of my name mandatory then I’m off elsewhere.

Who owns our information?

We store a lot of information online, there’s a stack of information inside Blizzard about us and our alts.  Part of the key to the mystery is how the imformation is partitioned.  The hard links between “me” and my gaming are only within Blizzard’s accounting database, that’s where they should stay unless I make the active decision to change that, either by ‘coming out’ on places such as this blog or by agreement with Blizzard.  The forum change was not an example of that, effectively banning players from the forums unless they’re willing to share information which they keep private was heavy handed, would not solve the problem as stated (just look at old school usenet where some of the biggest trolls used their real identities).

This has wider implications as well, when companies start to believe that they have the right to do with our information as they will we are on the road to a dark place where we have no control over what a third party can do with our identities, our personal preferences etc etc.  Do you really want all of your purchases from the local supermarket to become available to anyone who’s willing to pay for it?  Yes, what about the purchases from the pharmacy in-store, details of the alcohol you’ve purchased?  At the moment companies run serious risks in the market where they loose information, see the hammering T-Mobile got in the US after their main customer database was compromised, or the case where VISA numbers were held by a large chain which then got compromised and so on.  Long may this continue, they need to remember that this information they’re holding has massive value, both to them, us and people who we would never share it with.

Unfortunately more and more companies are looking at these vast data silos, costing huge amounts of money to maintain and keep secure and wonder how they can monetise it further, expect to see more cases where the data protection laws globally are pushed to their limits.

The Social Networking angle

One of the largest elements in the Blizzard decision will have been from looking at the market and the use of the internet which is already happening.  Millions of people are putting their entire lives, their histories, their locations (in some cases on a minute by minute basis) online and open to the world.  From the corporate perspective we’re doing it already, we’re announcing every little detail of our lives to the world at large, while we’re on the move and so on.

Once again all of this is active decisions on our part, and does not take account of the different groups within the wider online community.  While there maybe 400 million active Facebook accounts, about 50% of which are logged into daily, this is still only a fraction of those online (approx 11% of netusers are active Facebook users) and the defintion of ‘friend’ has been bastardised by Facebook and similar sites for years.  Facebook additionally has a terrible record of security, something users are starting to notice, but usually only through media stories of identify theft & the regular kiddy fiddler scare stories.

Blizzard aren’t stupid

This change hasn’t come out of nowhere, the underlying technologies will have been on the drawing board 18 months or more ago, we’re looking at a long term plan.  They’ve looked at the social networking market, the model of communication and the possibilities for hooking in other sources of revenue.  What they then did was fail to properly understand just how much this would annoy their customer base, which does hint that there is a lack of understanding on their part as to how identity works within gaming communities, how geeks tend to control their ID and personal details online and how the privacy landscape is changing across the wider internet.  In short their predictions on how the change would be accepted were massively mistaken, doubly so when it became clear within hours that the “stopping trolls” reason was a smokescreen. A smokescreen that was blown away by the market announcement made on the same day of the relationship with Facebook.

Tactical Errors

I believe that Actizard made an error in the timing of this, I understand that from a technical standpoint and logistics bringing this in before SCII drops is perfect timing, fresh releases, new code, new systems that’s all good and logical.  However from a raw business (dare I say Goblin?) perspective it’s the wrong time.  Only the beta players have invested time in SCII, so dropping their intention to buy is relatively painless, and only serves to drive up resentment against the company (you forced me into not getting the game I wanted, you bastards).  In WoW the situation is slightly different but we’re at the end of the expansion, by my reckoning we’re looking to November 2010 for Cataclysm and there’s already a drop off in activity.  Leaving now is painful but not as massively so as, say, one month after Cata has dropped and the entire community is into levelling, exploring the new zones, looking at what has changed.  The inertia behind staying in the game at that point would be tremendous, the social pressures within guilds to stay and progress the new raids would be similarly high.

My view is that we’re looking at the next Real ID announcements as we head into the holiday period in December, after WoW has dropped, SCII is in full swing and players are less likely to leave.  Also the wedge has been driven home that few milimeters, getting us to accept something less than the forum names but more than now will be easier because it’s “not as bad as they were planning“.

The end-game is still the same, my belief is that we’re watching a period of withdrawal and entrenchment ready for the next push.

Am I cancelling?

Not yet,this was a terrible move by Actizard, I believe a stupid, unnecessary and dangerous one.  My main is a paladin, so this was a big enough hit to pop ardent defender, not enough for the kill but bringing everything low enough that the kill shot wouldn’t need to be huge.

I hope I’m wrong about their next moves, I suspect I’m not. Am I looking at what other MMOs are coming onto the market?  You bet.

I’ll be coming back to this topic with some thoughts on where I think this is going, what Blizzard are eyeing up and why.