Players of the ever-popular World of Warcraft developed by Blizzard has been caught watermarking screenshots taken from within the game bringing to light privacy issues with playing online games and sharing of images taken within them. Screenshots from the wildly popular MMO have been sussed out by enterprising amateurs, and appear to have been within the game since 2008.

The information embedded in the screenshots appears to be the account name (if pre-Battle.net it’s an account name, if post it’s a long numeric string), the IP address of the World of Warcraft shard that the screenshot was taken from, and the time the screenshot was taken. This information itself couldn’t be used to positively identify any user outside of the Activision-Blizzard IT infrastructure under normal circumstances. However, in light of the hack of North American Battle.net servers chances are anyone with access to that data could identify what user took the image by comparing account data in that leak.

Overall, it appears that the watermarks have been added by Blizzard as a security measure for protecting their own IP. It’s most likely it was added so that they could identify users who might be exploiting the system and then trading information on exploits; and it’s probably also been used to identify users who leak beta screenshots out from under NDA. Perhaps from before the Mists of Pandaria (and other expansions) dropped into publicly open but closed beta.

Watermarking is not uncommon to catch pirates of screener-release movie footage my major studios—who individually watermark footage sent to screeners so that if it gets leaked it’s obvious who leaked it. The MMO software industry might do the exact same thing.

Why watermark the official client?

While the screener-footage example above might cover why a large corporation might want to control the distribution of images of their product, it seems a little bit out of line that Blizzard is watermarking images from the official release client. With this information Activision-Blizzard would be able to identify and single out users who took screenshots of their game and posted them.

For many games, in game exploits and other behaviors are not tolerated as they are a violation of the Terms of Service; the go further to state that spreading information about those exploits is also a violation of the TOS. This includes speech outside of the game. As I mentioned above, screenshots of in game exploits could then be used to track down which user took the screenshot and find their customer account in the game.

There have been examples of games in the past such as RuneScape who have banned users permanently for just posting about exploits (and not using them themselves in game) once they positively identified the users spreading the information.

Blizzard is already well known for threatening cheaters with permanent bans for using cheats or mods in game; but this sort of watermarking could permit them to take it up a notch should they desire.

A technical look at the watermarking

The users at the Ownedcore forums did a good job in breaking down how the watermarking occurred and what was added to the screenshots.

First, they disassembled the Mac OS-X World of Warcraft client and discovered where the watermarking function were triggered when screenshots were taken. The possibility that the watermarks were actually artifacts generated by JPEG compression was falsified by looking at what settings the watermark saving function would be triggered under. Then continuing the reverse engineering, the users determined what data was included in the watermark and how it could be extracted by someone who knew it was present (Account Name, Realm Info, Realm IP, and Timestamp.)

It’s an extensive breakdown of the use of the watermarks and how they’re embedded in the images.