World of Warcraft == Spyware

Are you one of the four million players of the popular online game World of Warcraft?

Did you know that it is watching you?

According to Greg Hoglund, co-author of “Exploiting Software, How to Break Code,” this hidden program [installed by WoW] opens every process on a gamer’s computer, from email programs to privacy managers, and sniffs email addresses, website URLs open at the time of the scan, and the names of all running programs—whether or not those programs, emails, or websites could conceivably have anything to do with hacking.

Hoglund disassembled WoW’s spyware component, called “The Warden”, and

… watched the warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time.

Hoglund has made a utility program he calls “The Governor” available for free download that lets you log the behavior of The Warden.

Blizzard Entertainment, the makers of the game, does not deny that WoW incorporates this code. Their defense? It’s not illegal.

Whether it’s illegal or not, Blizzard should be ashamed of themselves. Lots of other publishers (EA and Valve jump to mind) manage to prevent cheating in their games without resorting to such gross and indiscriminate violations of privacy. There’s no reason why they can’t do the same for WoW.



December 13, 2005
2:43 pm

WTF? How can that be legal? In fact, why the hell would they feel the need to gather all that info? Very dodgy!

Jason Lefkowitz

December 13, 2005
3:31 pm

“How can that be legal?”
Welcome to America, my friend! 😉


December 23, 2005
12:36 pm

If a tree falls in the woods and no one hears it does it make a sound? Warden only gives the information to Blizzard if cheats or hack websites are found. If unthinking software is scanning your processes looking for the yes or no answer to the question if it’s a cheat or not, are you really being watched? This is an interesting topic.

Jason Lefkowitz

December 28, 2005
1:59 am

“If unthinking software is scanning your processes looking for the yes or no answer to the question if it’s a cheat or not, are you really being watched?”
Say what?
Under what possible understanding is having a script read your e-mail and the contents of all open windows the same thing as looking for a list of ‘known bad’ processes?
And as for the “it only tells Blizzard if it finds bad stuff” point, that sounds a lot like “the innocent have nothing to hide” to me. If you believe that, let me come over to your house and go through all your private stuff. Cuz you know, you have nothing to hide, so why worry? Right?