Blizzard is trying to block players who run cheat code that enhances the properties of characters in World of Warcraft, giving them an unfair advantage over competitors in its gaming community of millions.
Software engineer Greg Hoglund highlighted the privacy issue in Blizzard’s anti-cheat measure, known as The Warden, in his blog earlier this month.
“I watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimised or in the toolbar," he wrote. "These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.”
Hoglund described the program as spyware, and queried whether it amounted to a breach of privacy.
Blizzard has made no secret of running the program and, according to reports, it has the support of most World of Warcraft users, who do not want their games disrupted by cheats.
In a forum posting in August, the firm explained that the scans run by the program do not “review or retrieve anything that’s personally identifiable,” nor do they tell the firm anything other than when a computer is hacking into the game.
“If the scan alerts us that hacking is taking place, we take action against the account, basically cutting off the access of that account to the game," explained the posting. "Note that we have absolutely no need for any personal information from the player’s machine to take that action."
The firm also points out that the program and its consequences are detailed in the games’ terms of use.
But rights group the Electronic Frontier Foundation queried whether many users would actually read the terms of service or end-user licence agreements. It wrote in a web posting:
“Without some constraints on what a company can hide within these massive legal tomes, more and more companies will learn that they can invade our electronic privacy for any reason they wish – as long as they disclose it somewhere in the fine print. The cost of such a practice over time is not only access to our personal and private information but also control over our personal computers and devices. Then we really will be prisoners to the Wardens of the networked world.”
It described the program as a “massive invasion of privacy”.
Nav Sunner, a games law specialist with Pinsent Masons, the law firm behind OUT-LAW.COM, said The Warden may raise legal problems in the UK.
"We've got the Privacy and Electronic Communications Regulations of 2003 which say that any information – not just personal information – must not be stored on or accessed from a user's PC unless certain steps are followed."
He explained that these steps would require spyware providers to give clear and comprehensive information about what their software does, and they would need to give users the opportunity to refuse the storage of or access to that information.
"Games companies need to be careful about these rules. They must go further to bring tools like The Warden to players' attention than addressing them only in the small print," said Sunner. "A warning that cannot easily be missed is always safer."
