Quantcast RealID Privacy Concerns. - Page 3 - WoWInterface
Thread Tools Display Modes
05-31-10, 08:00 PM   #41
Slakah
A Molten Giant
 
Slakah's Avatar
AddOn Author - Click to view addons
Join Date: Aug 2007
Posts: 863
Originally Posted by Beoko View Post
I really think most of you are making too big of a deal out of this. I find it incredibly useful, and I will use it. If you don't find it useful or don't like it, for whatever reason, then don't use it.

Suggesting that people will cancel their accounts over this or that you're giving up any privacy by using it is ridiculous.
All I'm suggesting is that for me, this feature is completely useless, the only other person I know IRL who plays blizzard games is my brother so I will not be using it, as I'm not willing to share private details with friendly people I meet on the internet. All I'm really suggesting is Blizz change it to a steam like system, to make it usable.
  Reply With Quote
06-01-10, 04:30 AM   #42
Beoko
A Cyclonian
 
Beoko's Avatar
AddOn Author - Click to view addons
Join Date: Oct 2007
Posts: 41
Originally Posted by Slakah View Post
All I'm suggesting is that for me, this feature is completely useless, the only other person I know IRL who plays blizzard games is my brother so I will not be using it, as I'm not willing to share private details with friendly people I meet on the internet. All I'm really suggesting is Blizz change it to a steam like system, to make it usable.
I'm probably going to add some of my in-game friends as well since it will enable me to talk to them across alts, factions, servers, and other supported Blizzard games. I don't mean acquaintances, but people I've known for a long time and I consider them great internet friends. I value my privacy as well, but I don't think I'm giving away anything by having some of my in-game friends know one of my email accounts or my name. Their friends will only see my name, and that is probably the only part of it that I don't really like. However, it doesn't affect me enough to deter from the usefulness of the advantages of adding them as a friend to begin with.

Blizzard will probably improve upon it as they do most of their systems - especially considering this affects all of their games that support it.
  Reply With Quote
06-01-10, 05:01 AM   #43
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Beoko View Post
Suggesting that people will cancel their accounts over this or that you're giving up any privacy by using it is ridiculous.
It may seem ridiculous to you but to other people it's a really important issue.

Honestly people don't really need a good reason to cancel their account. A GM sneezes in their vicinity , a rogue looks at them the wrong way or Blizzard comes out with some new fangled thing that people object to and they vote with their wallets.

I would just raising the possibility that given how the Terms of Use are currently worded they may see some cancelled accounts over how the terms of use are currently worded regarding this feature.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
06-02-10, 09:19 AM   #44
dafire
Premium Member
AddOn Author - Click to view addons
Join Date: Jun 2005
Posts: 216
It will stay the email / battle.net account because of the planed facebook integration...

in starcraft beta you can already enter your facebook credentials into starcraft and it will get all email of your friends and tries to add them as real id.

btw.. if you try to add a real id friend you don't get an message of the email you tried is really a battlenet account unless the other allows to add.
  Reply With Quote
06-02-10, 11:59 PM   #45
Mars85
A Deviate Faerie Dragon
AddOn Author - Click to view addons
Join Date: Jan 2007
Posts: 15
The biggest problem I've with RealID at the moment is that in WoW you are your own friend and addons can get RL information about you (at least that is what I've read, don't know if still is still true) and can save and/or send them, even if you don't use RealID.

RealID itself with the facebook connection (so that you can't be sure that nothing is send to them even if you don't like it), the missing privacy settings (characters, friends-of-friends, ...), login-email and the possibility for addons to get the information has too much conceptional flaws for me, so I won't use it.

I hope it's possible to hook into the API functions so that you can modify them to return fake strings. Does anybody knows if that's possible (don't have active account)?
  Reply With Quote
06-03-10, 12:55 AM   #46
MidgetMage55
Grinch!
 
MidgetMage55's Avatar
AddOn Author - Click to view addons
Join Date: Feb 2007
Posts: 1,498
Originally Posted by Mars85 View Post
The biggest problem I've with RealID at the moment is that in WoW you are your own friend and addons can get RL information about you (at least that is what I've read, don't know if still is still true) and can save and/or send them, even if you don't use RealID.

RealID itself with the facebook connection (so that you can't be sure that nothing is send to them even if you don't like it), the missing privacy settings (characters, friends-of-friends, ...), login-email and the possibility for addons to get the information has too much conceptional flaws for me, so I won't use it.

I hope it's possible to hook into the API functions so that you can modify them to return fake strings. Does anybody knows if that's possible (don't have active account)?
Addons run in a sandbox environment so unless you provide that information to your addons it simply isn't there. WoW does not allow addons to access anything outside of the sandbox. And I'm fairly certain that RL info is not provided through API functions.
__________________

I think Hong Kong Phooey was a ninja AND a pirate. That was just too much awesome. - Yhor
  Reply With Quote
06-03-10, 01:12 AM   #47
Mars85
A Deviate Faerie Dragon
AddOn Author - Click to view addons
Join Date: Jan 2007
Posts: 15
According to http://www.wowwiki.com/Patch_3.3.5/API_changes it seems that addons can use the new API functions of 3.3.5 to get that information (including surname for example) and so could send them through hidden channels or something like that.

And it seems that you are your own RealID-friend so addons could let WoW send a message to yourself and then get the information. And I haven't read so far that these functions are callable by Blizzard code only.
  Reply With Quote
06-03-10, 01:56 AM   #48
MidgetMage55
Grinch!
 
MidgetMage55's Avatar
AddOn Author - Click to view addons
Join Date: Feb 2007
Posts: 1,498
So far as I understand it, since RealID is opt in the information shouldn't be there to return anything meaningful unless you choose to use the service. Admittedly my understanding of Lua and the API is fairly basic but those calls seem to indicate that you are in fact using the service to being with.

The information in the FAQ for RealID appears to support this.

Of course I could be totally wrong but I certainly hope not.
__________________

I think Hong Kong Phooey was a ninja AND a pirate. That was just too much awesome. - Yhor
  Reply With Quote
06-03-10, 02:09 AM   #49
Mars85
A Deviate Faerie Dragon
AddOn Author - Click to view addons
Join Date: Jan 2007
Posts: 15
I also hope that's not correct. But as I've read so far you can't opt-out being your own RealID-friend which means your addons can get your RL information.

I hope someone here who has access to PTR (I won't reactivate just to check that) can clarify that and can check if an addon could hook the functions and return fake strings.
  Reply With Quote
06-03-10, 08:24 AM   #50
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Mars85 View Post
According to http://www.wowwiki.com/Patch_3.3.5/API_changes it seems that addons can use the new API functions of 3.3.5 to get that information (including surname for example) and so could send them through hidden channels or something like that.
That page really doesn't provide enough information for us to make any concrete theories yet.

All it appears to be is a list of function calls ,their parameters and list of a variables new in the 3.3.5 patch.

We have no idea what each function does , how they work , what variables we need to use , what format those variables need to be in , which ones are protected etc etc.

Those functions may not do what you think they will do just from reading the name. And there isn't any indication that all of those function calls will actually be able to used in the 3.3.5 patch - Blizzard have in the past included stuff in their patches that aren't activated until a later patch. Some of it is never used.

I haven't seen anything yet on testing being done by addon authors on the current 3.3.5 API. Neither do I know how to.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
06-03-10, 10:43 AM   #51
MidgetMage55
Grinch!
 
MidgetMage55's Avatar
AddOn Author - Click to view addons
Join Date: Feb 2007
Posts: 1,498
Originally Posted by Mars85 View Post
I also hope that's not correct. But as I've read so far you can't opt-out being your own RealID-friend which means your addons can get your RL information.

I hope someone here who has access to PTR (I won't reactivate just to check that) can clarify that and can check if an addon could hook the functions and return fake strings.
See this is where I'm not sure i agree. According to everythign i have read you can choose to not use the service at all. What you saying is you can choose not to use the functions of the service but you are indeed involved in it regardless.

All i can find about this is that the service is not required. You can choose to use it or not. If not life goes on as normal. My thoughts being that if I'm not using the service than im not my own friend because i dont use the system. It would be like saying I'm a member of a club i never go to or signed up for but im part of it wether i like it or not.

What I'm getting from your statement is you are part of the service and involved even on a rudimentary level regardless. The you are your own friend bit. If thats the case i forsee TONS of issues for blizzard. Im not doubting you have read this though personally i would like to see a reference. After which i may need to send a few cranky emails to blizzard.
__________________

I think Hong Kong Phooey was a ninja AND a pirate. That was just too much awesome. - Yhor
  Reply With Quote
06-03-10, 05:18 PM   #52
Shadowed
...
Premium Member
Featured
Join Date: Feb 2006
Posts: 387
You cannot add yourself to RealID, as far as I can see it's impossible for addons to get your own information. If you add other people to RealID, they can get theirs and maybe through the Friend of a Friend get your name. Regardless, that still requires you to be using RealID. If you decide to opt-out of it, an addon can't do anything and won't have any personal info to get.

As far as I can see, if you decide not to use RealID, nobody knows anything about you. The extent they can find out is "Somebody on battle.net has the email X," but nothing else.
  Reply With Quote
06-04-10, 12:49 AM   #53
Mars85
A Deviate Faerie Dragon
AddOn Author - Click to view addons
Join Date: Jan 2007
Posts: 15
It seems that "you always are your own friend" was a bug which is fixed in newer PTR versions. You can find at least two big threads on EU forums about that (in addition to those threads where many people complain about the way RealID is implemented especially according to privacy).

@Bluspacecow: The page list return values also which includes "givenname" and "surname".

However, I still hope these functions will be limited to call by Blizzard code only on live, even if I won't use RealID. I think there still is a risk that there could be a bug or something which could be used to get (own) RealID information by addons if these calls stay available to addons.
  Reply With Quote
06-04-10, 11:03 AM   #54
Shadowed
...
Premium Member
Featured
Join Date: Feb 2006
Posts: 387
Originally Posted by Mars85 View Post
It seems that "you always are your own friend" was a bug which is fixed in newer PTR versions. You can find at least two big threads on EU forums about that (in addition to those threads where many people complain about the way RealID is implemented especially according to privacy).

@Bluspacecow: The page list return values also which includes "givenname" and "surname".

However, I still hope these functions will be limited to call by Blizzard code only on live, even if I won't use RealID. I think there still is a risk that there could be a bug or something which could be used to get (own) RealID information by addons if these calls stay available to addons.
It's been a while since I've played with the social (friends/who/guild/raid) frame, but I highly doubt you will ever see them only restricted to Blizzard code. If you tainted the social frame at all, you would break the friends list. Even then, if somehow the bug popped up, an addon would have to take advantage of it and actually get the information out to a Bad Person. The addon systems sandbox already means the damage addons can do with your information is very limited.
  Reply With Quote
06-04-10, 11:20 AM   #55
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Shadowed View Post
Even then, if somehow the bug popped up, an addon would have to take advantage of it and actually get the information out to a Bad Person. The addon systems sandbox already means the damage addons can do with your information is very limited.
It's possible from there it might be mailed to someone else on the realm or PST'ed to somewhere.

This would mean the hacker would need to have a toon logged in 24 hours a day on every single realm out there both Horde and Alliance . Maybe with an auto message taker or something. With the 50 toon limit per account that's a fair amount of accounts. Not really worth it when there is other hacking attack vectors with a much greater payload and are easier.

I admit though the other possibility would be a master addon and a slave type addon that gets installed via social engineering. The slave type addon would have to be disguised as something else like a build of a populour addon except with this listening code embeded in it.

But the thing is. The addon community has so far been excellent at self-policing itself. There isn't any way that this sort of scam would be put up with in the community and if it was found out then there's no way the community will be quiet about it. There will be guides to telling you how to remove including addons written to block it. As long as you are getting addons from Curse and Wowinterface both of whom have teams that verify every upload there shouldn't be a problem with this.

The other thing is *despite* knowing the function names and what they return we have very little information about how they work and if what they return is in a form that we can use. For all we know they could all be Protected and what's returned is only for Blizzard addon and code to read and is encrypted.

I've not seen anything about anyone playing around with those functions ... Shadow you up for it ? Wanna mail me an addon to play around with this on the PTR ?
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
06-04-10, 11:41 AM   #56
Shadowed
...
Premium Member
Featured
Join Date: Feb 2006
Posts: 387
Originally Posted by Bluspacecow View Post
It's possible from there it might be mailed to someone else on the realm or PST'ed to somewhere.

This would mean the hacker would need to have a toon logged in 24 hours a day on every single realm out there both Horde and Alliance . Maybe with an auto message taker or something. With the 50 toon limit per account that's a fair amount of accounts. Not really worth it when there is other hacking attack vectors with a much greater payload and are easier.

I admit though the other possibility would be a master addon and a slave type addon that gets installed via social engineering. The slave type addon would have to be disguised as something else like a build of a populour addon except with this listening code embeded in it.

But the thing is. The addon community has so far been excellent at self-policing itself. There isn't any way that this sort of scam would be put up with in the community and if it was found out then there's no way the community will be quiet about it. There will be guides to telling you how to remove including addons written to block it. As long as you are getting addons from Curse and Wowinterface both of whom have teams that verify every upload there shouldn't be a problem with this.

The other thing is *despite* knowing the function names and what they return we have very little information about how they work and if what they return is in a form that we can use. For all we know they could all be Protected and what's returned is only for Blizzard addon and code to read and is encrypted.

I've not seen anything about anyone playing around with those functions ... Shadow you up for it ? Wanna mail me an addon to play around with this on the PTR ?
Do you have people added to RealID on it? If you don't mind, can add each other to RealID to check quickly, I'm 99% sure it's not restricted at all thought. If you already added someone, I can give you a quick thing to test.
  Reply With Quote
06-04-10, 11:50 AM   #57
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Shadowed View Post
Do you have people added to RealID on it? If you don't mind, can add each other to RealID to check quickly, I'm 99% sure it's not restricted at all thought. If you already added someone, I can give you a quick thing to test.
I has no friends on the PTR.

__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
06-13-10, 01:42 PM   #58
Seerah
Fishing Trainer
 
Seerah's Avatar
WoWInterface Super Mod
Featured
Join Date: Oct 2006
Posts: 10,721
Like many probably did, I received an email today from Blizz about the upcoming ReadID feature. I noticed this paragraph:
Friend Once, See All Characters: Real ID friends will automatically see all of each other's characters on their friends list - even characters created in future Blizzard games - helping players stay connected with the people they enjoy playing with most.
I assume that this is what people have been referring to about seeing other people's friends. But, while it could be worded better, that is not how the above reads to me.

It means that your real life friend will be able to see all of your characters on their friends list, and you will be able to see all of their characters on your friends list.


/edit: ah, wait... Now I see the section on the FAQ about friends of friends... Disregard the above. (That should have been listed in the email )
__________________
"You'd be surprised how many people violate this simple principle every day of their lives and try to fit square pegs into round holes, ignoring the clear reality that Things Are As They Are." -Benjamin Hoff, The Tao of Pooh


Last edited by Seerah : 06-13-10 at 01:45 PM.
  Reply With Quote
06-14-10, 05:08 AM   #59
Ashkir
A Cyclonian
Join Date: Oct 2007
Posts: 40
I finally got around to buying an authenticator.

I have no problem with my emails being known / name. I'm a bit of a public book. xD. I am an administrator with AboutUs so there is no use trying to hide my ID.

However, in game, only a select few well add me anyway. So, what's the risk?
  Reply With Quote
07-09-10, 01:46 AM   #60
seebs
Premium Member
Premium Member
AddOn Author - Click to view addons
Join Date: Jun 2006
Posts: 155
Originally Posted by Appi View Post
However, in game, only a select few well add me anyway. So, what's the risk?
The risk is that they might add someone untrustworthy.

Real-world example: Kid plays WoW. After a lot of discussion, his mom lets him use Real ID. He friends his sister, one of his close RL friends, and his guild leader.

The next day, trade chat is full of his sister's name, cell number, workplace... Turns out the guild leader was a bit of a jerk.

The thing is, his sister never friended anyone she wasn't directly related to. The FoF feature means you should not only never add people you don't trust, you should never add people who trust anyone you don't trust.
  Reply With Quote

WoWInterface » General Discussion » General WoW Chat » RealID Privacy Concerns.

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off