In posts here and here, Xeni Jardin and Cory Doctorow at Boing! Boing! accuse Blizzard of installing spyware on their customers’ computers and then using “a bunch of PR spin” to justify said spyware. For once, I could not disagree more — if this spyware did not exist, I probably would not be playing World of Warcraft (hmmm…maybe I could get my life back then, and that would not be such a bad thing).
This particular dustup started with Bruce Schneier and Annalee Newitz complaining about a program called Warden that Blizzard runs in the background while a player is online in World of Warcraft. Warden pretty much rummages through your computer and looks at every single process that is running the same time as WoW. It then sends a hash of the process back to servers at Blizzard that compare the hash to known cheat programs. Get caught running a cheat program, and you can look forward to an account ban.
Schneier’s post was the most disappointing, as he has in the past generally talked intelligently about security issues and the need to balance competing interests of security and freedom. Here, though, he’s simply in all out paranoia mode. First, the source he relies on is an article by a programmer who has spent a lot of time trying to create cheats for World of Warcraft and, so far, been frustrated by Blizzard’s proactive approach to detecting and banning cheats. No, this does not invalidate the security concerns, but Schneier could have pointed out the self-serving nature of the summary he posted (I can’t imagine Schneier would let an essay by a Bush administration official on the Patriot act slip by as if it were merely disinterested commentary).
Second, Scheniers’ entire objection to Blizzard’s use of software like Warden is that some other company might abuse such technology,
Several commenters say that this is no big deal. I think that a program that does all of this without the knowledge or consent of the user is a big deal. This is a program designed to spy on the user and report back to Blizzard. It’s pretty benign, but the next company who does this may be less so. It definitely counts as spyware.
This known as the fallacy of the slippery slope. Blizzard’s actions should be judged not on how some hypothetical future company might act, but rather how Blizzard is acting now.
As Schneier concedes, Blizzard is pretty benign. Simply creating a hash for all running processes and running those against a database of hashes of known cheats is a good example of only collecting the very minimum of data needed to prevent cheating. The only area I think Blizzard does deserve criticism is for not making it more explicit that they are doing this. A short, plain English explanation of the process would more than allay all but the most paranoid of users.
In comparison to Schneier’s piece, Newitz’s article is laughable. She writes,
Whoa. That’s taking the anticheating spirit a little too far. I can see booting people out of the game if they’re repeat cheaters, particularly if they’re flushing other players off the servers and ruining the experience for paying customers. But snooping through the computers of innocent gamers looking for the bad apples who have installed a map hack? Give me a break.
Okay, I’m paying $15/month to play this game. If you wait until it is obvious that a player is cheating to boot him, I’ve already quit the game in disgust by that time. Blizzard simply cannot wait until after cheaters have ruined the experience for paying customers, or they won’t have any paying customers. People were pissed off at cheaters on Battle.Net which was free. My wife spends enough time getting ganked by Horde — if she has to worry that she doesn’t even have a chance because they’re using a cheat program, she’d probably go back to Sims 2 and Civ 2.
The thing that really pisses me off is that this is all being done in the name of having fun and playing games. I’m supposed to give up my Fourth Amendment rights in order to ax a bunch of warriors controlled by teenagers in Milwaukee? No thanks. I’d rather go back to playing Dungeons and Dragons, where at least I could roll the dice without the DM reading all my fucking e-mail. Breaking the rules isn’t nice, but this is a game, people — a game! It’s not a matter of national security; nobody is going to get killed except the stupid video game avatars. Do you realize the government would have to have a warrant to get the kind of information Blizzard claims it has the right to suck out of your computer to stop cheaters? Doesn’t that seem a wee bit wrong?
No, it does not seem wrong at all. First, we regularly give up rights in private settings that the government would never be able to force up on us. I visit a local newspaper and magazine store that has a very strict policy requiring patrons to turn off cell phones. Every time I enter the store, I turn off my cell phone. You realize that this is something that the government would have to get a court order to do, don’t you? Doesn’t that seem wrong to just browse a bunch of magazines?
But even this silly analogy is based on a lie. Blizzard is not reading or collecting any e-mail or other person content. It creates a hash of your e-mail program, if you have one open, and transmits that back to its servers. Blizzard is quite clear that Warden does not collect or transmit the sort of information Newitz claims it does. Presumably she chooses to prevaricate on this issue in order to dramatize the horrors of having her Fourth Amendment rights violated.
Source:
A Bugged Game. Annalee Newitz, Alternet, October 4, 2005.
Blizzard Entertainment Uses Spyware to Verify EULA Compliance. Bruce Schneier, October 13, 2005.