World of Warcraft: Cataclysm

[AlphaWolf]

It's your name that RealID is using, not an email address. If you're talking about creating an account with an alias yes, that's a fine workaround (although you best pray you never need account recovery services).

People will be victimized because of this, it's really just a matter of time. And the current security for your RealID in game is pretty much nonexistent at this time. People are able get names as easily as your gearscore.

 

[Kaotik]

It's your name that RealID is using, not an email address. If you're talking about creating an account with an alias yes, that's a fine workaround (although you best pray you never need account recovery services).

People will be victimized because of this, it's really just a matter of time. And the current security for your RealID in game is pretty much nonexistent at this time. People are able get names as easily as your gearscore.

Yes, but as there's tons and tons of people with exactly the same name out there (especially since it only requires you to use fore and surname, not the middle one(s)), and you can use address that you don't use anywhere else, connecting you to account somewhere else isn't that simple anymore

 

[AlphaWolf]

Yes, but as there's tons and tons of people with exactly the same name out there (especially since it only requires you to use fore and surname, not the middle one(s)), and you can use address that you don't use anywhere else, connecting you to account somewhere else isn't that simple anymore

Well that's fine for some. My name happens to be quite unique. At least in north america, I'm related to everyone with my surname and the only one with my first name.

 

[Grall]

People are able get names as easily as your gearscore.

Surely not?

From what I understand, for your name to be exposed you need to run an addon LOCALLY that inadvertently (one should hope!) exposes it. I haven't read anything about it just being broadcast left and right to any player that asks for it.

 

[pcchen]

Surely not?

From what I understand, for your name to be exposed you need to run an addon LOCALLY that inadvertently (one should hope!) exposes it. I haven't read anything about it just being broadcast left and right to any player that asks for it.

It looks like a bug because Addons shouldn't be able to get real names (i.e. the API should be protected).

 

[AlphaWolf]

Surely not?

From what I understand, for your name to be exposed you need to run an addon LOCALLY that inadvertently (one should hope!) exposes it. I haven't read anything about it just being broadcast left and right to any player that asks for it.

Well if you activate the RealID thing its supposed to only work on your friends and friends of friends. Currently there's some bugs that if you run certain addons they expose your RealID to anyone with certain addons. Obviously this isn't intended, but I think its a very real security issue.

And then there's the whole getting account hacked issue, in my guild I can think of at least a dozen people who have had their account compromised over the last couple years. So even if you were avoiding RealID these idiots could turn it on and spam up the forums using your real name provoking a lot of hate your way. Even the authenticators they sell are not 100% insurance against account vulnerability.

Also their account information page is great, it's way of protecting you is that it hides your street name but not the number or your postal/zip code. Genius.

 

[Grall]

Currently there's some bugs that if you run certain addons they expose your RealID to anyone with certain addons.

Yeah, that's what I said already.

I think its a very real security issue.

Most would agree with you.

So far I've not seen any list of plugins vulnerable to this misbehavior though; makes it kinda hard to know what to avoid...

So even if you were avoiding RealID these idiots could turn it on and spam up the forums using your real name provoking a lot of hate your way.

Yeah, well, that'd require a lot more effort than ye average hacker. You'd need people with real-life grudges against you, and there's always ways you can get compromised if such people get hold of your login credentials to anything. Your WoW account is a lot less personal than say, a Facebook account, yet a lot more secure at the same time if you bother to get an authenticator.

Even the authenticators they sell are not 100% insurance against account vulnerability.

Not 100%, but if you've got an authenticator the risk is so low it's pretty much insignificant. You'd need to get infected with a targetted piece of malware that does a man-in-the-middle attack against the WoW.exe client in order to circumvent the authenticator, and even with that exploit it's only good for one single login. The hacker can't commandeer your account permanently like they can if you don't have an authenticator.

So far I've heard of only one piece of malware that targets authenticated WoW computers, and I'm sure current antivirus packages detect it.

Also their account information page is great, it's way of protecting you is that it hides your street name but not the number or your postal/zip code. Genius.

Maybe you're overreacting just a little?

I don't think burglars are going to find any victims by hacking random WoW accounts.

 

[Malo]

I just think it's scary how much they want to implement RealID into everything they do. They've stated on several occasions they have big plans for RealID and plan on making all their games and systems into a "social-gaming network". RealID currently is fairly optional ingame, and mandatory for the forums. It's not going to stop there.

Combine with the complete integration with Facebook and the partnership with an ingame advertising company, which we've already agreed to allow them to download ads to our computers for displaying to us ingame. No wonder they've commented on looking at free-to-play down the line, they are moving to an advertising model. They have a massive database of players across many countries and demographics, so they've decided to leverage that through social-networking.

I think I'm going to have to reconsider all Blizzard products unfortunately.

 

[Scott_Arm]

When Diablo3 comes out I'll make sure I create a battlenet account using an email address different from the one I use for facebook. Not interest in having those things linked.

 

[green.pixel]

This flaming/trolling thing is just smoke screen for raking in more subscriptions from casual players.

 

[Scott_Arm]

This flaming/trolling thing is just smoke screen for raking in more subscriptions from casual players.

Do you have to pay for RealID on top of your game subscriptions?

 

[green.pixel]

No, but it doesn't change the fact that this is about social networks integration and $$$.

What do you think the real reason for this move and why do you think this isn't purely profit-driven? Do you really think it is because of trolling/flaming? If that was true, then it could be done with other ways easily.

 

[Scott_Arm]

I was just asking. I've never used battlenet or realid before.

 

[pcchen]

No, but it doesn't change the fact that this is about social networks integration and $$$.

What do you think the real reason for this move and why do you think this isn't purely profit-driven? Do you really think it is because of trolling/flaming? If that was true, then it could be done with other ways easily.

I don't think the two have any connections. They already require real names (and real E-mail addresses) with RealID, so even without showing real names in their official forums, they can do social network integration already. So saying "showing real names in the official forums is after money" does not make much sense.

Maybe what they want is just to lower the traffic on their official forums...

 

[green.pixel]

Maybe what they want is just to lower the traffic on their official forums...

And why whould they want to do that (except obvious BW costs)? It can vastly benefit them, people posting feedback. Are there other ways for that other than official forums btw?

If it gets passed, people will just stop posting and go to other places, because there is no choice. Either stop posting or risk privacy.

 

[pcchen]

And why whould they want to do that (except obvious BW costs)? It can vastly benefit them, people posting feedback. Are there other ways for that other than official forums btw?

Maybe they believe when people post under their real names they'll put more thought into their posts instead of random junks? At least that's what they said in their official statements. Simply put, they want to reduce the cost of filtering useless feedbacks.

If it gets passed, people will just stop posting and go to other places, because there is no choice. Either stop posting or risk privacy.

Of course, I think this will happen, too. They'll either have to abandon this policy, or risk closing a valuable channel of customer feedbacks. With this "real name" policy, both good and bad feedbacks are filtered.

 

[AlphaWolf]

Maybe you're overreacting just a little?

I don't think burglars are going to find any victims by hacking random WoW accounts.

It may not be common, but facebook has already been exposed as leading to a number of burglaries because people post when they go on vacation etc. Obviously you should be careful with what you put on the web and they were really setting themselves up, but the vast majority of people online are pretty naive. A lot of the account hacking is not an individual acting alone, there is organized crime at the heart of it.

Blizzard security without the authenticator is terrible. Requiring the use of your email? Using the same password for all blizzard products? And the authenticator is not free.

The 'hiding' of your street name was just an example of terrible security, its about as useful as covering up the street number on your house so no one can find you. If they hadn't bothered to put any security at all on that page you could at least think they weren't too worried about it, but the fact that they have really terrible security can only make me think they are incompetent.

 

[Malo]

So they caved on the forum real names. Still worried about all the other changes they are making for this "social-gaming network" of theirs.

Hello everyone,

I'd like to take some time to speak with all of you regarding our desire to make the Blizzard forums a better place for players to discuss our games. We've been constantly monitoring the feedback you've given us, as well as internally discussing your concerns about the use of real names on our forums. As a result of those discussions, we've decided at this time that real names will not be required for posting on official Blizzard forums.

It's important to note that we still remain committed to improving our forums. Our efforts are driven 100% by the desire to find ways to make our community areas more welcoming for players and encourage more constructive conversations about our games. We will still move forward with new forum features such as conversation threading, the ability to rate posts up or down, improved search functionality, and more. However, when we launch the new StarCraft II forums that include these new features, you will be posting by your StarCraft II Battle.net character name + character code, not your real name. The upgraded World of Warcraft forums with these new features will launch close to the release of Cataclysm, and also will not require your real name.

I want to make sure it's clear that our plans for the forums are completely separate from our plans for the optional in-game Real ID system now live with World of Warcraft and launching soon with StarCraft II. We believe that the powerful communications functionality enabled by Real ID, such as cross-game and cross-realm chat, make Battle.net a great place for players to stay connected to real-life friends and family while playing Blizzard games. And of course, you'll still be able to keep your relationships at the anonymous, character level if you so choose when you communicate with other players in game. Over time, we will continue to evolve Real ID on Battle.net to add new and exciting functionality within our games for players who decide to use the feature.

In closing, I want to point out that our connection with our community has always been and will always be extremely important to us. We strongly believe that Every Voice Matters, ( http://us.blizzard.com/en-us/company/about/mission.html ) and we feel fortunate to have a community that cares so passionately about our games. We will always appreciate the feedback and support of our players, which has been a key to Blizzard's success from the beginning.

Mike Morhaime
CEO & Cofounder
Blizzard Entertainment

And the authenticator is not free.

It is if you have an iPhone.

 

[Grall]

It may not be common, but facebook has already been exposed as leading to a number of burglaries because people post when they go on vacation etc.

You can't flag yourself as being on vacation inside WoW, or on your account management screen though, so this worry isn't very big.

Even if you hack an american WoW account, chances are still very great that person lives very far from the hacker. In Europe, WoW spans from the arctic ocean to the mediterranean, from the atlantic ocean in the west to the pacific in the east. It's like 50 separate nations.

Worrying about your zip code being exposed isn't a very big concern really, when the biggest real-world risk of being hacked you're exposed to is from significant others, friends or classmates who know your login credentials (and thus also already know where you live)...

Blizzard security without the authenticator is terrible.

Well, it's not great, but it's no worse than Hotmail's for example, and there's much less personal info in a WoW account than your average email account.

Requiring the use of your email? Using the same password for all blizzard products?

Requiring use of email is terrible design, but same password for all games isn't a problem. Why would it be? They're just games.

And the authenticator is not free.

The physical dongle isn't obviously, as it has circuitry and electronics in it, a display, and a battery. You can download a free app for many types of mobile phones for free though.

 

[AlphaWolf]

You can't flag yourself as being on vacation inside WoW, or on your account management screen though, so this worry isn't very big.

Even if you hack an american WoW account, chances are still very great that person lives very far from the hacker. In Europe, WoW spans from the arctic ocean to the mediterranean, from the atlantic ocean in the west to the pacific in the east. It's like 50 separate nations.

Worrying about your zip code being exposed isn't a very big concern really, when the biggest real-world risk of being hacked you're exposed to is from significant others, friends or classmates who know your login credentials (and thus also already know where you live)...


Well, it's not great, but it's no worse than Hotmail's for example, and there's much less personal info in a WoW account than your average email account.


Requiring use of email is terrible design, but same password for all games isn't a problem. Why would it be? They're just games.


The physical dongle isn't obviously, as it has circuitry and electronics in it, a display, and a battery. You can download a free app for many types of mobile phones for free though.

The more your name is out there, the less secure you are. People certainly don't need this level of exposure from a game. Having a different password for different things is just good sense, if you have everything under one password if you get hacked you lose them all, not just one. And while most of the time nothing may happen regarding your home address being exposed, there's no good reason for it to be exposed. Even if the risk of something occurring is almost non existent it doesn't mean you should do so unnecessarily. And a decision I'd rather a major corporation doesn't make for me just to improve their own bottom line.

And again its like blizzard is saying "we're protecting you by hiding part of your address", when the part of your address they obfuscate is easily revealed by looking up the zip/postal code. It boggles my mind.

Blizzard backing off of the forum requirement is nice, but they really need to make it so that the client isn't being passed RealID information if you have it turned off. Just another unnecessary risk blizzard seems willing to take with your information.