The Guardian sums up the Camerloon proposals, personally I welcome the digital czar and his furry paws of security.
The linked article shows just how trivial it is to use metadata to identify the entity associated with the connecting device and start to unpick further details of their life, work and the supposedly secure stuff they’re working on.
If the ‘good guys’ have a backdoor then so do the criminals
If the ‘good guys’ can crack your encryption, so can the criminals
Having weak encryption would not have stopped the Paris attacks as the security services had already stopped monitoring them.
If you think “I don’t use encryption” then think again, when you bought something online you used encryption, when you made a mobile phone call encryption was needed to protect the setup of the call, your password is stored (or should be) in an encrypted format to prevent hackers from simply downloading a human readable list and so on. Encryption isn’t some dark evil used only by terrorists, it’s used by all of us for good reasons. The government needs to give better reasons for denying it to the public than “terrorists!!”.
Alternatively maybe they’ll be happy that all their governmental and private communications are no longer encrypted to make the job of the press easier in reporting on their deeds and misdeeds, for surely if they have “nothing to hide they have nothing to fear”
Been pondering and I think I’ve come up with a reason for this apparently stupid change which has no visible driving reason, no screaming customers, no mega threads on the official forums (or indeed on blogs) about how terrible it is to keep entering the authenticator numbers.
Nothing which really explains why they’ve made the change.
So, let’s fall back to the standard in any business or political field and follow the money.
Authenticators, how they work
Authenticators are a third party product which are made and branded for Blizz by Vasco, functionally they’re pretty much the same as the RSA secureID system which many people will have encountered in a work environment or indeed to the systems which many banks are rolling out to their customers for online access security.
At the backend these systems tend to be the operators own authentication system, coupled with an API provided by the security vendor and hardware authentication boxes (HSM in my field, hardware security module) which do the heavy lifting of actually performing the security check on the supplied number. Each of these machines as a finite capacity in terms of queries per second, usually some reasonably aggressive support contract response times (let’s face it having your auth system down is a bad thing) and often a license fee based on the number of queries over a set period (for example 90% of the peak value measured over the month).
All of which means $$$ to Blizzard, and the bad sort. It’s money heading out to Vasco.
We have a trail.. let’s follow
The problem Blizzard face is controlling the costs incurred by the security system, something which is funded mostly out of reduced support costs (less compromises and clean up). However that’s rather intangible and doesn’t keep the accountants happy. From an opex point of view the authenticators are an overhead and one which is increasing with time, from a risk perspective there is a chance to reduce the load on the HSMs without significantly increasing the changes of a compromise.
If we look at the entire bnet customer base and extract information on accounts which have been compromised, then pull out the numbers for those compromised with authenticators and then further filter factoring in ‘location’ information based on IP. Then I suggest that accounts which have an authenticator, log in from a ‘regular’ IP and have been compromised from that IP is a tiny fraction of the total.
Therefore altering the authentication mechanism such that it only checks for an authenticator value once ever “n weeks” or “z logins” when the auth is coming from a ‘regular’ location (defined as “the account has logged in from this location successfully using the authenticator Y times in the last P weeks”). With some reset mechanics thrown in to drop back to full security checking when there has been suspicious attempts. Then from the corporate point of view this is a good trade off. It lowers the load on the HSMs, it cuts back the licensing / support costs without greatly increasing the support costs in dealing with a higher load of compromises.
Additionally we have Diablo 3 on the horizon which means fresh players, fresh authenticators and additional load on the system. I have no doubt that the current bug which causes players to be kicked out when changing toons forcing a fresh login has also had some impact on their usage stats which might have triggered them making this live ahead of schedule.
This is the big fail from Blizz, they’ve been banging the account security drum for ages, with good reason. It’s bad PR for customer accounts to be hacked regularly, encourages criminal activity and generally annoys the paying customer. Annoy them enough and they’ll go and get their MMO crack from somewhere else.
The biggest fail was rolling it out, letting the “good location” database populate and then stop asking for authenticators. Which as any geek with an ounce of security sense would have told them will have normal players panicing. The system changed, it changed in a way which the players have been told means an account compromise.
Stupid, massively predictable and stupid
If Blizzard needs to fix one thing it’s their internal processes and communication.
The line here is simple, trust Facebook with nothing which you are not entirely happy making public to the entire world. If you don’t want it shared, remove it from FB asap.
Another day, another information horror story of sorts.
Someone has stuck a bot crawling Facebook for public information, collated it into a nicely presented format and slapped it up on a torrent for downloading. Let’s look at the impact of this. Fundamentally it changes very little, this is all information which users of Facebook have put into the public domain either actively or through not unchecking the right options. The difference is that it’s collated into a easily parsable format, ideal for spammers to grab and shove into their databases, quickly searchable and so on. We’re not talking about a zero risk event here, but something which is akin to moving fruit from a branch which requires a little bit of reaching to something at waist height.
So what is the impact here, hopefully a wake up call to all those users of services such as Facebook as to keeping an eye on what information they’re putting into the public domain, what links to friends they’re making public, what photos, what details of their personal life. Who hasn’t heard of the stories of people boasting on Facebook about pulling a sickie forgetting that a co-worker or boss is on their friends list. Making the dope habit public while the boss is known to be massively anti illegal drugs and so on.
Banks still use information such as maternal maiden name for authentication, how difficult is it now to find that information from the Facebook data dump for a number of users. While in itself that is not the key to your money it’s another piece in the puzzle, all of which makes it a little easier for the bad guys to get at your account and at the same time make it harder to convince the bank of your innocence.
The financial costs are normally recovered, at least in the EU, what about the time and stress in dealing with such issues, that cannot be claimed back off the bank. It’s not entirely their fault that their customer is putting their entire life into searchable databases. How about having to cancel that credit card and be issued with a new one, updating companies which are taking their money through recurring mandates, updating the booking with FlyCheapAir and the hotel room for the same trip and so on. All annoyance and pain.
So this is both a complete non-story “person puts information in the public domain into the public domain in a different format” it is also at the same time a major story “Millions putting information into the public domain which they rely on to secure the services they base their life on“.
For the moment.
Things have had a chance to calm down and settle though the rumblings are continuing, rather like the earthquakes we’re getting in the build up to Cataclysm. I’m hoping that it isn’t a portent of what is to come in the future. The storm on the forums and what I suspect was/is a sustained flow of cancelled accounts, especially given the reports of the account management system failing or being very slow thus indicating that it was at the very least under stress, Blizzard have completely backed down.
Well, no. They haven’t.
Our focus has all been on the forums announcement, however the underlying technology and direction remains, mapping our real names to our in-game personas and to our usage of games into the web of public information as much as possible. The statement from Blizzard makes this clear.
I want to make sure it’s clear that our plans for the forums are completely separate from our plans for the optional in-game Real ID system now live with World of Warcraft and launching soon with StarCraft II. We believe that the powerful communications functionality enabled by Real ID, such as cross-game and cross-realm chat, make Battle.net a great place for players to stay connected to real-life friends and family while playing Blizzard games. And of course, you’ll still be able to keep your relationships at the anonymous, character level if you so choose when you communicate with other players in game. Over time, we will continue to evolve Real ID on Battle.net to add new and exciting functionality within our games for players who decide to use the feature.
There we have it, Real ID is here to stay and Blizzard intend to make it a core element of their games and the way we interact with them, there is a massive social networking pie out there and they want to see a slice of it. Let’s be honest, there is big money in social networking. Investors love it, as a movement and as a technology it brings lots of people to the same place, provides a lot of demographic information, all of which is freely provided and normally costs vast amounts of money to collect through surveys. All of which gives plenty of information for marketing to get their hooks into to extract more money from us, the public.
Activision / Blizzard are a company, their prime reason for being is to make money, remember this, it’s important.
Everything the company does is designed to bring in cash, some of which is invested in current and future products, some maintained as a surplus ready to deal with issues, emergencies, unplanned expansions to their operation (a game is massively more popular than expected and more equipment is needed for example). The flip side of the balance is they maintain their core position in the market by providing good solid games which appeal (initial sales), which have long lasting appeal (ongoing subscriptions) and generate a lot of loyalty to the game and the company (pushback against other entrants to the market).
They need to keep us satisfied & and happy.
We don’t own Azeroth, we just think we do
This is true in the most brutal sense, Blizzard own the databases, they own the servers, they employ all the people working on it. It is their sandbox, we are invited in to play there, for a certain consideration on a monthly basis. However we invest time, huge amounts of time, without that investment of time, love effort WoW would be far less than it is now. Consider how much work officers do in preparing and organising raids, farmers bringing materials to the AH, crafters converting those into the enhancements needed by players, RPers adding colour to the world. Outside the game what about the hours of effort in spent updating wiki’s, theorycrafting, the original builds for wowhead, wow.com and the myriad of other sites and blogs.
Would the attraction of WoW continue without the additional effort put in by all those volunteers? I’m sure it would, but something would be lost, some of the glue which links players across realms would disappear, without that glue there is less holding us in Azeroth, why not go have a look at something new, it might be shinier, there might be nicer people.
Battle.net is a logical development, when they have many games it makes sense to consolidate the account management into a single tool, I would suspect that the multi-player aspects of SCII are going to use technology taken from WoW and Diablo 3 will be using the next iteration of that development. That it was optional was something which would never last, there is simply too much money and effort to be saved internally from combining the function into a single system.
However, it has provided the additional linkage between players, their games and other meta information which has laid the foundations for the current mess Blizzard are in. There is also a tone being set which puts players backs up “Don’t worry, the new feature is optional” which becomes in a short period of time, “You can’t access this without using the new optional feature, but you don’t have to use it….” with a logic extension being “It is now mandatory, you must use real ID to be able to use any of the features of the service you’re paying for”. Many players have spotted this sequence and now tend to be suspicious of “optional” features.
I’ll set my stall out clearly at this point, the day Blizzard make the sharing of my name mandatory then I’m off elsewhere.
Who owns our information?
We store a lot of information online, there’s a stack of information inside Blizzard about us and our alts. Part of the key to the mystery is how the imformation is partitioned. The hard links between “me” and my gaming are only within Blizzard’s accounting database, that’s where they should stay unless I make the active decision to change that, either by ‘coming out’ on places such as this blog or by agreement with Blizzard. The forum change was not an example of that, effectively banning players from the forums unless they’re willing to share information which they keep private was heavy handed, would not solve the problem as stated (just look at old school usenet where some of the biggest trolls used their real identities).
This has wider implications as well, when companies start to believe that they have the right to do with our information as they will we are on the road to a dark place where we have no control over what a third party can do with our identities, our personal preferences etc etc. Do you really want all of your purchases from the local supermarket to become available to anyone who’s willing to pay for it? Yes, what about the purchases from the pharmacy in-store, details of the alcohol you’ve purchased? At the moment companies run serious risks in the market where they loose information, see the hammering T-Mobile got in the US after their main customer database was compromised, or the case where VISA numbers were held by a large chain which then got compromised and so on. Long may this continue, they need to remember that this information they’re holding has massive value, both to them, us and people who we would never share it with.
Unfortunately more and more companies are looking at these vast data silos, costing huge amounts of money to maintain and keep secure and wonder how they can monetise it further, expect to see more cases where the data protection laws globally are pushed to their limits.
The Social Networking angle
One of the largest elements in the Blizzard decision will have been from looking at the market and the use of the internet which is already happening. Millions of people are putting their entire lives, their histories, their locations (in some cases on a minute by minute basis) online and open to the world. From the corporate perspective we’re doing it already, we’re announcing every little detail of our lives to the world at large, while we’re on the move and so on.
Once again all of this is active decisions on our part, and does not take account of the different groups within the wider online community. While there maybe 400 million active Facebook accounts, about 50% of which are logged into daily, this is still only a fraction of those online (approx 11% of netusers are active Facebook users) and the defintion of ‘friend’ has been bastardised by Facebook and similar sites for years. Facebook additionally has a terrible record of security, something users are starting to notice, but usually only through media stories of identify theft & the regular kiddy fiddler scare stories.
Blizzard aren’t stupid
This change hasn’t come out of nowhere, the underlying technologies will have been on the drawing board 18 months or more ago, we’re looking at a long term plan. They’ve looked at the social networking market, the model of communication and the possibilities for hooking in other sources of revenue. What they then did was fail to properly understand just how much this would annoy their customer base, which does hint that there is a lack of understanding on their part as to how identity works within gaming communities, how geeks tend to control their ID and personal details online and how the privacy landscape is changing across the wider internet. In short their predictions on how the change would be accepted were massively mistaken, doubly so when it became clear within hours that the “stopping trolls” reason was a smokescreen. A smokescreen that was blown away by the market announcement made on the same day of the relationship with Facebook.
I believe that Actizard made an error in the timing of this, I understand that from a technical standpoint and logistics bringing this in before SCII drops is perfect timing, fresh releases, new code, new systems that’s all good and logical. However from a raw business (dare I say Goblin?) perspective it’s the wrong time. Only the beta players have invested time in SCII, so dropping their intention to buy is relatively painless, and only serves to drive up resentment against the company (you forced me into not getting the game I wanted, you bastards). In WoW the situation is slightly different but we’re at the end of the expansion, by my reckoning we’re looking to November 2010 for Cataclysm and there’s already a drop off in activity. Leaving now is painful but not as massively so as, say, one month after Cata has dropped and the entire community is into levelling, exploring the new zones, looking at what has changed. The inertia behind staying in the game at that point would be tremendous, the social pressures within guilds to stay and progress the new raids would be similarly high.
My view is that we’re looking at the next Real ID announcements as we head into the holiday period in December, after WoW has dropped, SCII is in full swing and players are less likely to leave. Also the wedge has been driven home that few milimeters, getting us to accept something less than the forum names but more than now will be easier because it’s “not as bad as they were planning“.
The end-game is still the same, my belief is that we’re watching a period of withdrawal and entrenchment ready for the next push.
Am I cancelling?
Not yet,this was a terrible move by Actizard, I believe a stupid, unnecessary and dangerous one. My main is a paladin, so this was a big enough hit to pop ardent defender, not enough for the kill but bringing everything low enough that the kill shot wouldn’t need to be huge.
I hope I’m wrong about their next moves, I suspect I’m not. Am I looking at what other MMOs are coming onto the market? You bet.
I’ll be coming back to this topic with some thoughts on where I think this is going, what Blizzard are eyeing up and why.
The Home Sec has just announced in Parliament.
About bloody time
Firstly an interesting article which might give some insight into one of the drivers for this change
Now, here is the news
BBC News – World of Warcraft maker to end anonymous forum logins
USA Today – ‘WoW’ studio Blizzard to require real names on forums
Associated Press & Affiliates – Bye-Bye Trolls? Blizzard Forums to Use Real Names
ABC News – http://abcnews.go.com/Entertainment/wireStory?id=11108240
ABC News – http://abcnews.go.com/Technology/wireStory?id=11109291
Yahoo! News – http://news.yahoo.com/s/ap/20100707/ap_on_en_ot/us_tec_blizzard_real_name
MSN Entertainment – http://entertainment.msn.com/news/article.aspx?news=509481&affid=100055&silentchk=1&
CVG – Fans rage over Blizzard forum plans
PCGamer (UK) – Why Blizzard’s new forum plan is an epic fail
The Register – Blizzard exposes real names on WoW forums
About.com – WoW Real ID: A Really Bad Idea
Ars Technica – Blizzard: post about StarCraft 2? Use your real name
Gamespy – Blizzard to Require Real Names on Official Forums
Kotaku – Blizzard Forums Will Soon Display Your Real Name
Kotaku – Blizzard’s Real Name Forum Policy Has Fans In An Uproar
Joystiq – Your real name to appear on Blizzard’s official forums
Inc Gamers – Blizzard Going Too Far With Real ID?
MTV Multiplayer – Blizzard Cracks Down On Anonymity In Official Forums
TechEYE.net – Blizzard forces users to show real names: Internet security they have heard of it
Product Reviews News – WoW Real ID System: Security Flaw Found
ITWorld – Blizzard to share your name with angry video game nerds
Voodoo Extreme – Is Blizzard’s Real ID Safe, Or A Playground For Sexual Deviants?
Voodoo Extreme – Blizzard Forums To Require Use Of Real Name, Rage Ensues
Examiner National – World of Warcraft Players WoWed by Blizzard’s REALID announcement
EuroGamer – Blizzard forums to require real names
GameFocus – Blizzard To Kill Anonymity On Forums
Strategy Informer – Battle.net removes “veil of anonymity” on forums, real names used
HuskyStarcraft – Blizzard Forums: First and Last Names [VIDEO]
[url=”http://www.youtube.com/watch?v=FBwTpHNZDpQ“]YouTube- Blizzard Forums: First and Last Names
AusGamers – Blizzard Switching Forums to Real ID System
Australian Gamer – Blizzard decide to give out subscribers’ real names
Zeroday – Is Korean Law Driving Policy at Blizzard?
Hell Mode – Why Real ID is a Really Bad Idea
Tank Spot – RealID — Unethical and Dangerous
So firstly what are they doing and what are they not doing.
- New forums will be opened for Starcraft II & Cataclysm
- The new forums will be using Real ID, and will be showing your real name on the posts
- The old forums will not be changed
- The old forums will be closed once the new ones are open
- There is an explicit opt-in on the new forums making it clear that your name will be made public
- The parental controls have been updated so minors can be blocked from the forums
So, where’s the problem, surely having your name on the net has happened a lot of times already.
True but I’ve controlled, as far as possible what my name is associated with on the net, having come online around 15 years ago when the mantra was “never give out your real name”, usenet was a brutal place and keeping some security and privacy was a critical lesson to learn and learn quickly. As was having to deal with the trolls.
What Blizz appear to have forgotten is that data should only be released where there is a clear benefit, and where it cannot be achieved through other means. In this case a fixed alias for each battlenet account would do the same trick of cleaning up the forums, it stops the creation of level 1 alts, it allows a mapping of one account -> one identifier (not necessarily one person though) and without having to release additional information and the associated meta information, think of all the players who if they want to use the forums will expose their gender, their ethnic origin etc etc. There are plenty of morons out there who will latch onto that information, some in the antipication of trolling and others (white knights) in the vain hope they might get laid.
What about the players in gay friendly (or gay only) guilds, if they have decided to keep their sexuality private outside of WoW then can no longer post to the forums.
As things stand (and we need more information) there is also the breaking of the namespace. At the moment we know that each ‘name’ is unique as it’s <alt name>+<realm>+<region>, we know that has to be unique because of the way the system is built. How is that going to be managed when there are 200 John Smith’s posting to the forum. There is no realm tie in, so there is scope for trolling on a grand scale with confusion over who is responding to who.
Releasing more meta information is bad where it’s not needed, at the moment there are a few people who know my real name within WoW, I think it’s about 13 people, with another 10 who might be able to make the right connections. Pushing my identity out into the wider world in connection to WoW gives a scammer another hook to try and catch me, why not guess at the email address I use normally? Scammers aren’t afraid of spamming the world in the hop of a 0.01% return rate, this would allow better targetting of their attempts.
Follow the Money
The change isn’t happening in isolation to clean up the forums, there’s a bigger game afoot, social networking and the piles of money corporate execs see in it. So Blizzard/Activision are teaming with Facebook, that highly respected paragon of good data security and practice.
Is this the final act?
Not a hope in hell, I personally believe these are opening moves, what was once optional (realid in game) has become “optional but we’re going to freeze you out of part of the service” and I’m sure will become “optional, unless you want to log into the game“. One thought which has surfaced already would be embedding realID information into tooltips / in-game nameplates etc etc.
I’m not sure where they’re going to go, but as I said above look for the money trails, look for where they can make the extra cash off their database. This is what the world is about at the moment, all the large companies are looking to do something with their databases, the suits see them as money in potentia and want to convert it into big piles of the folding stuff as quickly as possible before the current bubble bursts.
The last word
I’ll leave the last word on this to Ctrl-Alt-Delete