October 20, 2005 | By corynne mcsherry

A New Gaming Feature: Spyware

Rejoice gaming fans, for the latest new "feature" of Blizzard Entertainment's smash hit multi-player online videogame World of Warcraft is here! No, it's not a new Sword of Destruction or Staff of Power—it's spyware! Yes, unbeknownst to many gamers, World of Warcraft now has an unwanted special feature—a hidden program called "Warden" that snoops gamers' computers looking for any "unauthorized third-party program" that "enables or facilitates cheating of any type."

According to Greg Hoglund, co-author of "Exploiting Software, How to Break Code," this hidden program opens every process on a gamer's computer, from email programs to privacy managers, and sniffs email addresses, website URLs open at the time of the scan, and the names of all running programs—whether or not those programs, emails, or websites could conceivably have anything to do with hacking.

Blizzard calls this an "anti-cheating system." We call it a massive invasion of privacy.

Blizzard has scrambled to come up with three responses to the widespread criticism:

Response 1: Warden doesn't collect personal information, so what's the problem?

Well, problem one is that gamers have no choice but to accept Blizzard's word on that. More importantly, if Hoglund is right, Blizzard has a pretty skewed idea of privacy—we can look at your personal info, but if we don't collect it there's no invasion? Hardly. We also wonder how Blizzard's executives would feel if we searched their homes, wallets, and bank accounts and read their letters and emails but didn't write down anything we found.

Response 2: Everyone's doing it. Blizzard points out that many companies use hack-scanning programs.

We all learned the problem with that reasoning from Mom ("If all of your friends jumped off a bridge...").

Response 3: Read the EULA. Blizzard advises gamers of its intent to invade in its terms of service. "People should read contracts," says Blizzard rep John Lagrave.

True enough—people should read contracts. But here's the really depressing part of this story—companies like Blizzard know few people read the terms of service and end-user license agreements that pop-up when they install new software or create new accounts, and fewer still have the time, patience, and knowledge to parse the legalese. Without some constraints on what a company can hide within these massive legal tomes, more and more companies will learn that they can invade our electronic privacy for any reason they wish—as long as they disclose it somewhere in the fine print. The cost of such a practice over time is not only access to our personal and private information but also control over our personal computers and devices. Then we really will be prisoners to the Wardens of the networked world.

UPDATE: Want to see what Warden is reading? Greg Hoglund has released a program, which he calls "The Governor," that "watches the activities of World of Warcraft, and clearly reports which data is being read from other processes."


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Canada poised to pass anti-terror legislation despite widespread outrage: https://eff.org/r.8dsy

May 5 @ 10:52am

France's National Assembly votes on a sweeping surveillance bill. Will they stand for freedom or for fear? https://eff.org/r.ea0y

May 5 @ 10:14am

Use JPay email to communicate with a relative in prison? Read the alarming clause buried in the terms of service https://eff.org/r.stln

May 5 @ 10:00am
JavaScript license information