Steganography in the Wild

Steganographic information is embedded in World of Warcraft screen shots.

Posted on September 13, 2012 at 6:15 AM • 57 Comments

Comments

Scott KSeptember 13, 2012 7:09 AM

As an avid WoW player, I give this person's concerns a big "so the hell what?!" Paranoid delusions, I swear.

Michael.September 13, 2012 7:23 AM

Scott K: you miss the point slightly... Just because a person is paranoid, doesn't mean they aren't out to get them. (Umm, just because a person is paranoid, doesn't mean they aren't out to get the person who is paranoid.)

In this case, Blizzard is doing it secretly. What else are they doing? This might seem minor, but they could easily have been embedding a heck of a lot more. Moreover, because it's closed source, it's a lot harder to find out just what exactly Blizzard is doing.

Personally, I would be very upset if I did play WoW. This is a violation of trust (no mention by Blizzard in any communication is there...), and should be enough to make any sensible person seriously reconsider their relationship with Blizzard.

Jeff HSeptember 13, 2012 7:36 AM

Given that it apparently only applies to JPGs and to quality 0-9 (rather than max which is 10) I can't see what Blizzard would be hoping to achieve, although many tinfoil & not-so-tinfoil theories are in that thread, such as catching NDA violators or people who post screenshots of exploits.

Surely you'd watermark all your screenshots, or none of them? From what I understand, actual steganography is intended to be hard to detect no matter the format/quality etc.

As for the data held, I wouldn't have thought account ID + realm IP is actually that useful to anyone other than Blizzard.

BenSeptember 13, 2012 7:40 AM

@Jeff h, They haven't found the watermark in Quality 10 screen shots, but that doesn't mean it isn't there.

They are looking by taking a screenshot of a white object then using "sharpen" a lot. In a quality 10 jpeg, there is much higher fidelity so the watermark could be much fainter and may not be brought out by that simple-minded method.

AnonSeptember 13, 2012 7:46 AM

Personally, I would be very upset if I did play WoW. This is a violation of trust (no mention by Blizzard in any communication is there...), and should be enough to make any sensible person seriously reconsider their relationship with Blizzard.

WOW players are happy to pay Blizzard a monthly fee for having their computer infected with spyware (http://en.wikipedia.org/wiki/...).

Nobody seems to mind a piece of software running on the computer, collecting data and sending it to Blizzard. (Just like EA's Orion). So why the fuss about the screenshot watermark?

vasiliy pupkinSeptember 13, 2012 7:51 AM

"Even paranoid has own enemies". Just forgot the source of that quote.
Concerns of paranoid today is type of 1984 reality for all 'normal' tomorrow, e.g. program 'Blue Bird'.

Jeff HSeptember 13, 2012 8:03 AM

Heh - despite my earlier comment that I didn't think account ID + realm IP is that useful, that's assuming that data is valid. As someone pointed out in the thread, if you can hack the game client (which seems to be quite common) to have the wrong account ID in memory for the duration of the screenshot, you could theoretically frame accounts for exploits or provide other misinformation.

Brent WSeptember 13, 2012 8:05 AM

To be fair Anon, we pay a $15 monthly fee to have other players' computers infected with spyware. In the realm of competitive online gaming Blizzard is basically unparalleled in cheat detection. It's worth the trade-off to me -- I wouldn't play the game otherwise.

Scott KSeptember 13, 2012 8:15 AM

So, lemme see if I've got this straight: I pay money monthly for an account, for the privilege of playing their game, on their servers, by their rules, all of which is logged, and if I use their software to capture an image of my avatar's activity in their game, I should be upset that the screenshot contains account ID, server, and timestamp info?

No OneSeptember 13, 2012 8:24 AM

A few points:
1. The default JPEG quality is 3. Most players don't change their screenshot settings from default.

2. The watermark would be far more likely to be detected on quality 10 (supposedly lossless) than on any lossy quality. Between the fact that they are avoiding detection by not watermarking lossless screenshots and are adding redundancy by duplicating the watermark multiple times per image it's pretty clear they /really/ don't want people to avoid the watermarks.

3. This watermark was probably added to detect screenshot leaks under NDAs.

4. This watermark can be used to attack private servers because it gives you the IP for those servers.

Whether you agree with me or care about any of these points is up to you.

Maura KSeptember 13, 2012 8:51 AM

Yes, the watermark can be used to attack private servers - the World of Warcraft server software is not publicly available, so any private server is pirated software. It's like stealing a laptop and complaining that LoJack violates your privacy.

None of the data encoded in these screenshots is user data - it's a Blizzard internal account ID, their server IP address, and a timestamp.

Fred PSeptember 13, 2012 8:57 AM

@Maura K-

Hypothetical private servers need not be bootlegged software. It is likely quite possible to reverse engineer the protocols to enable creating a private server with no Blizzard/ WoW code.

Maura K.September 13, 2012 9:10 AM

@Fred P -

True, a server can be completely clean, however anyone using the WoW client to connect to it is then violating the software Terms of Service. I would theorize that if the private server operators were taken to court by Blizzard, they would be in the same boat as file sharing sites - their server is used primarily to facilitate a copyright infringement (but IANAL.)

JasonSeptember 13, 2012 9:12 AM

@Fred: In practice, though, private servers do exist, and are universally run from bootlegged code.

You might be able to argue that your private server is reverse-engineered, and that the "no reverse engineering" terms in Blizzard's license agreement aren't legal, but that's for a court to decide. I think Blizzard has a legitimate interest in private server activity.

Clive RobinsonSeptember 13, 2012 9:14 AM

@ Jeff H,

... if you can hack the game client(which seems to be quite common) to have the wrong account ID in memory for the duration of the screenshot, you could theoretically frame accounts for exploits or provide other misinformation...

Looks like you are "getting it" with watermarks, their "secret use" is almost always to the detriment of those who are unaware of their existence.

If you think back to when MS where first caught out embeding PII style information (such ass PC MAC/IP address) the argument was because it was "for tracking" the reality is because the watermark is not protected in some way via a crypto function etc than "those in the know" can change it to what they wish. And their wish will almost always be the oposite of what you wish otherwise they would not do it to you...

Not protecting the watermark to prevent such tampering is approching the summit of irresponsibility and people should rightly be upset by such action.

stvsSeptember 13, 2012 9:25 AM

One more time, respecting html:

This looks like a false alarm to me, probably caused by IrfanView integer rounding funkiness.

The posted all-white image [uploaded at http://i.imgur.com/HyGGl.jpg] that's supposed to to contain the 53|

Here's a few simple tests.

Compare every single pixel's RGB value to 0xff in Matlab:

>> A = imread('~/Downloads/HyGGl.jpg'); >> size(A) ans = 225 400 3 >> A(1,1,1) ans = 255 >> all(A(:) == 255) ans = 1

Or just try to equalize it in Adobe Photoshop and get the error message "Could not complete the Equalize command because the image has only one brightness value."

That's enough, but let's take the opportunity to play with stegdetect (looks for a few common strategies) and look at the jpeg headers.

Sorry, Bruce. There's no there there.

$ sudo port install jhead stegdetect

$ stegdetect HyGGl.jpg
HyGGl.jpg : negative

$ jhead -v HyGGl.jpg
Jpeg section marker 0xdb size 67
Jpeg section marker 0xdb size 67
JPEG image is 400w * 225h, 3 color components, 8 bits per sample
Jpeg section marker 0xc4 size 21
Jpeg section marker 0xc4 size 20
Jpeg section marker 0xc4 size 20
Jpeg section marker 0xc4 size 20
File name : HyGGl.jpg
File size : 846 bytes
File date : 2012:09:13 09:46:50
Resolution : 400 x 225

stvsSeptember 13, 2012 9:27 AM

Grr:

The posted all-white image [uploaded at http://i.imgur.com/HyGGl.jpg] that's supposed to to contain the stego really is all white. Undoubtedly the poster has detected some silly rounding artifact from IrfanView, which doesn't use the greatest jpeg libraries. The rest of the comments are just a goose chase extracting meaning from rounding noise.

Scott R.September 13, 2012 9:40 AM

@Scott K:

You say:

So, lemme see if I've got this straight: I pay money monthly for an account, for the privilege of playing their game, on their servers, by their rules, all of which is logged, and if I use their software to capture an image of my avatar's activity in their game, I should be upset that the screenshot contains account ID, server, and timestamp info?

Emphasis mine. Regarding the first point, the rules are as defined by the Terms of Use. Now, I don't see anything in the TOU that states that Blizzard will perform such activities. Namely, having users unwittingly disseminate this information everytime they capture a screenshot.

It's not so much that Blizzard is capturing this information and displaying it. It's the fact that they are covertly tricking users into displaying this information, without their awareness or consent.

While this kind of activity may be covered in some general, vaguely worded legalese in the TOU, a more specific and explicit provision would be more appropriate.

Regarding the second point, about whether or not you should be upset. That's the rub, isn't it? You seem to have people on both sides. The answer is: it's up to you. There is no objective, absolute, answer to such a risk-based question. You, and only you, define what your risk tolerance is. If you decide that this is an acceptable risk, the that is your decision. Others may disagree.

But this is where the problem comes from. Those that don't wish to accept this risk still want to play the game. Given that the TOU doesn't make explicit mention of this activity as part of the "rules" then I'd say they can at least attempt to make a legitimate argument against this behavior.

Ultimately people would probably accept this risk, but acceptance of the risk doesn't forfeit acknowledging it, criticizing it, or working to reduce it as much as possible.

Fred PSeptember 13, 2012 9:42 AM

@Maura K - This is what "Chinese walls" are for. It's marginally more complex due to the "no reverse engineering" clause (assuming there is one), but that's just one more "wall" that's needed. Very roughly, one group plays the game (and thus are subject to the Terms of Service), another reverse engineers the outputs (and therefore aren't), and a third forward engineers a server from the second's abstract description (and thus have a presumably "clean" implementation). That said, in the unlikely event someone tries to do this from my description, note that I'm not a lawyer; I'd advise talking to one before trying it.

@Jason - I will take your word for it, although I'm surprised that they haven't secured their server code better. In case my initial statement was unclear, I was discussing a hypothetical; I have no interest in actually doing so.

AdamSeptember 13, 2012 9:46 AM

The rationale for this which appears sound is it would make it easier for Blizzard to track down people running rogue servers, and people engaged in illegal (by the game's terms) activities and who are then dumb enough to brag about it with a picture or video.

At the same time it is disturbing and makes one wonder what would happen if screenshots / photos from other games, apps or devices were systematically checked to see what they were hiding.

Scott R.September 13, 2012 9:48 AM

@stvs:

If that were the case then it seems that Blizzard would have been quick on the button to squash the rumors.

The creation of some algorithm to produce - from this noise - a User ID, an IP address, and a Time Stamp, couldn't have happened by accident. Either the information is really there, or they created an algorithm to deliberately produce such information from otherwise random noise. To say the information isn't there is tantamount to making an accusation of a deliberate hoax. I simply don't buy this being an accident.

Even less likely is the notion that this algorith, even if a deliberate hoax, would be reproducible over many images.

OttoSeptember 13, 2012 10:02 AM

@stvs: Continue reading the thread. Your theory that it's JPEG artifacts of some sort is disproven, and the code in the client to add the watermark has already been found.

Basically, yes it is a watermark, and the data it contains is known. The specific methodology of the watermark is unknown, however other unmodified shots have emerged where parts of the watermark are indeed easily visible.

Currently, they're working on writing code to extract the data reliably from unmodified screenshots.

stvsSeptember 13, 2012 10:05 AM

If that were the case then it seems that Blizzard would have been quick on the button to squash the rumors.

Zero entropy images cannot encode any steganographic messages. The image the poster has supplied is all white -- every single pixel equals 255. Check it yourself.

The creation of some algorithm to produce - from this noise - a User ID, an IP address, and a Time Stamp, couldn't have happened by accident.

Please provide a convincing link that this information has, in fact, been extracted.

stvsSeptember 13, 2012 10:13 AM

they're working on writing code to extract the data reliably from unmodified screenshots.

This is what the image looks like in Matlab. Please explain how anyone would be able to extract steganographic messages, or any message at all. I've replace 0xff with the character 'w' for "white":

>> strrep(sprintf('%x',A(1,1:10,:)),'ffffff','w')

wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww
wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww

A Nonny BunnySeptember 13, 2012 10:34 AM

@stvs

I'm fairly certain that the image you're considering at is a scaled version of a screenshot, not the original screenshot. So unsurprisingly the 1bit difference in color value has been lost in rounding.

Scott R.September 13, 2012 10:37 AM

@stvs:

I don't have a link, I'm simply going of an intuition of the math involved. To take randon noise and produce a sequence of numbers that reliably mimics: A) a User ID; B) the four octets of an IP address; C) the components of a Time Stamp; is not going to reliably happen by accident.

I conclude, based on that alone that either: A) the information is actually there; or B) the algorithm they used to produce the above numbers was created deliberately to do just that - convert random noise into those numbers.

I won't dispute you that the image you are working with is pure white. Yet if that is the case, then from whence arive these rounding errors you've spoken of? Can you reproduce them? When you do, do they look like the subsequent images on the site?

Also, have you considered that maybe the image you are analyzing is not an accurate duplication of the author's source?

I consider the following events to have taken place:

1. The author perform his initial analysis as described, privately validating his conclusion.
2. The author perform his photomanipulation again, for posting publicly on his blog.
3. The author uploaded the images to the blog.
4. You downloaded the image for your own analysis.
5. You analyzed the image.

At any point in steps 2-5 something could have happened to the image to make it differ from whatever images the author used in 1. Maybe the image he uploaded was incorrect or got corrupted. Maybe the imagine you downloaded got corrupted. Maybe something you did during your analysis corrupted it.

stvsSeptember 13, 2012 10:38 AM

stvs: Perhaps you found the JPEG quality 10 image?

Perhaps, but I don't believe so: I simply downloaded the first image the poster links to, http://i.imgur.com/HyGGl.jpg, and explains his process:

3) Take a few screenshots of the clear, no textures, white area by zooming into a tree and hitting ALT Z, so that your entire screen is white. [ http://i.imgur.com/HyGGl.jpg ] 4) Open this image in an image editing program like IrfanView (it's freeware), click CTRL+E, select the Sharpening filter, use the highest possible sharpening value (99) and click OK. Now do this two more times, again: CTRL+E, Sharpen 99, OK.

This image is all white -- every single rgb value equals 255.

stvsSeptember 13, 2012 10:44 AM

I won't dispute you that the image you are working with is pure white.

Can anyone provide an imgur.com link of an image that's supposed to contain steganography? The all-while link provided, http://i.imgur.com/HyGGl.jpg, cannot have any stego.

Can anyone provide a convincing link that UIDs, IPs, etc. actually have been extracted from this same image?

MatthewSeptember 13, 2012 10:46 AM

The all white image is 400x225 pixels. Is that the expected size for a WoW screen cap? If it has been resized, the steganographic information would be mutilated at best.

MatthewSeptember 13, 2012 10:50 AM

stvs, the OP at that forum didn't originally upload his images to imgur. He added them as attachments, and the forum software apparently only allows members to view the images. If it's worth your time to register for the forum, you could check to see if the original attachments have different data.

MatthewSeptember 13, 2012 10:52 AM

The imgur jpg is a thumbnail, only 1.7 KB in size, but all of the images attached to hist post are larger, and if the first one listed is the blank screencap, then it is 19 KB.

stvsSeptember 13, 2012 11:18 AM

the OP at that forum didn't originally upload his images to imgur. He added them as attachments, and the forum software apparently only allows members to view the images

That's it -- thanks. I retract my comments above based on the imgur.com file—when you look at the poster's original files, not the imgur.com files, you clearly see the watermarks by simple sharpening.

Furthermore, stegdetect gets a hit with the F5 algorithm:

$ stegdetect -t F scr2sm.jpg
scr2sm.jpg : f5[0.312094](**)

stegbreak doesn't go after F5, but I'd look to F5 crackers first to extract the information. Anyone done this yet?

maurakSeptember 13, 2012 11:21 AM


For your cryptograhpic pleasure, here is a link to an unaltered WoW screenshot from before the story broke:

noble_serfSeptember 13, 2012 12:14 PM

If anyone has ever read the WoW EULA, they may have found they had agreed to this.

I don't think anyone ever reads a game EULA, unless they are in a corporate law class or they work in the legal dept. of said game publisher.

/sarc

A Nonny BunnySeptember 13, 2012 12:19 PM

@stvs

It doesn't look like F5 to me, that algorithm doesn't produce such an obvious and easy to find pattern in the image it creates. (It's specifically designed not to; and I tried the java implementation available at google code.)

Joseph R. JonesSeptember 13, 2012 12:19 PM

I assure you, this is not the only example of steg in the wild, particularly if you consider digital watermarking to qualify as steganography (which it clearly does.)

FredSeptember 13, 2012 12:46 PM

WoW private servers are not copied from Blizzard. They run open-source software, developed from scratch by reverse-engineering the client-server communication data. One of the popular forks is called TrinityCore.

JasonSeptember 13, 2012 1:32 PM

@stvs: I may be the only person on the planet who uses Warcraft, MATLAB, and posts on this blog. I'll take a clean screenshot and analyze it tonight.

mooSeptember 13, 2012 6:00 PM

@Jeff H, and others:

It doesn't matter that clever players might trick the WoW client into falsifying its watermarked data in screenshots... they don't just trust it blindly, they have to confirm its authenticity using other investigative methods.

The point of these watermarks is just to give them some user identit(ies) to start their investigation with, when someone posts screenshots of Alpha builds of an expansion pack that hasn't been released yet, in violation of the NDA. Or when the feds show up with a screenshot of some perv's chat log of him grooming an underage player. Or whatever.

The watermark info just gives them a starting point, obviously they have to investigate further using Warden and other stuff (comparing the IP addresses from the ones recorded by the site the images were posted on, etc.) before they can act against that user.

I'd think these watermarks were much more useful to Blizzard before they became public knowledge. But then again, they might still be useful against stupid users (which is most of them) or even against savvy users who just missed the news about the watermark.

WatchguardSeptember 13, 2012 7:23 PM

@ Moo

100% agree with what you are saying. This looks like a tactic on Blizzards part to be able to track down the source of images using the watermarking.

I actually think it's an incredibly good idea on their behalf to be able to protect their IP.

skreidleSeptember 14, 2012 1:55 AM

@Scott R:

I suppose my point is more "What's the actual risk here?"

What harm could possibly come to me or mine by someone knowing the IP address of the server I was playing, my account ID (which probably only meaningful to Blizzard) or the time I was playing?

DanielSeptember 14, 2012 2:11 AM

I have a larger question. How difficult is it for a camera manufacturer like Canon to watermark digital output with the serial number of the camera that took the shot. Or is what Blizzard doing something different entirely.

I can think of a lot of cases where LEA would be interested in that info.

Clive RobinsonSeptember 14, 2012 2:11 AM

@ moo,

It doesn't matter that clever players might trick the WoW client into falsifying its watermarked data in screenshots... they don't just trust it blindly, they have to confirm its authenticity using other investigative methods

Err no, it actually does matter in many jurisdictions for criminal law, and in some for civil law.

Those creating the watermark have a duty of care to ensure that any watermark is fit for purpose. Now if it can be shown that the watermark can be falsified fairly readily then it is at best questionable circumstantial evidence at best.

It would appear from the various descriptions that this watermark can be fairly readily found, removed and replaced or changed. The fact that there are well known and well understood authetication methods (code signing is but one example) that could and should have been used to protect the watermark from being changed or replaced, and they chose not to use them makes them negligent.

That sort of negligence is a major issue in civil cases and leaves them wide open to attack.

Worse the reported very granular nature of the timestamp means that tying it back to a particular event in a log file will be problematical. And if the log file and the server it is on are not properly protected...

Now I don't know very much about WoW nor do I particularly wish too, because this level of negligence gives rise to the realistic thought that the rest of the security is highly questionable in it's actual implementation as well (think back to Sony et al on lack of security on servers etc).

All I need say is that we currently have an example of what can happen with AntiSec and the FBI over the database of Apple UDIDs.

AntiSec claim they got the database of an FBI employees laptop, (they have not said how). The FBI are in effect claiming "they have been framed" (fitted up / whatever your local vernacular is).

Now this may well be the case, but proving it might easily be impossible. For instance let us assume that AntiSec did indeed have access to the FBI employees PC and it is found to have the DB one it. One of two equally probably things could have happened,

1, AntiSec found the DB on the PC and downloaded it (which is what they claim).
2, AntiSec found the DB somwhere else and uploaded it onto the PC.

Proving the latter is going to be somewhat difficult retrospectivly. Many not familiar with ITSec might say it's "highly improbable" but we are aware of quite a few cases where files have been uploaded onto users machines (that's what malware is folks) and in some cases it has involved questionable content that has then been used for the purposes of blackmail / extortion. So not only do we know it's possible we also know it's actually been done in the past.

Thus unless the "other investigative methods" you allude to are verifiably secure and form a secure "chain of evidence" which I very much doubt exist in this case the prosecution will not "meet the burden of proof" required to meet "beyond reasonable doubt" to ensure a conviction [1]

Sadly though these days justice is very much what you can afford and shop around for thus not justice at all. Worse various political persons (eg UK's Tony Blair PM and long term friend Lord Falconer) are quite happy to unbalance the thousand years or so of hard won protection rights built into justice systems in the name of efficiency...

Thus actually getting unreliable evidence that comes from an insecure source with insecure chains of evidence thrown out is getting steadily more difficult. Thus making the framing of some one via falsified evidence much easier.

[1] In many jurisdictions the prosecution will just proceed any way. In the US we know there are people in jail serving sentances for murder where the prosecution either offered no evidence only supposition or relied on the defendant not being able to defend themselves (e.g. Kim Hricko http://www.justicedenied.org/kim.htm )

anonySeptember 14, 2012 3:29 AM

@Jason,

You might very well be the only schneier.com poster who uses MATLAB and plays WoW...

But I'm another poster who uses R (*cough* switched from MATLAB) and plays FFXI.

No OneSeptember 14, 2012 6:42 AM

@skreidle: It allows for impersonation. Do something that would get you banned or at least investigated but wouldn't show up in server logs, take a screenshot with an altered watermark to impersonate someone else, upload picture somewhere it'll get noticed.

It also allows others to correlate alts. Say I have two characters on the same account and I upload screenshots from each of them in different settings. Someone reads the watermark and realizes both characters are on the same account ID. Now, this would matter more on a game like Eve, where spies and such would be commonplace, but I'm sure WoW players could find some value in it.

It's a privacy concern. Say your boss knows you play WoW but doesn't know where or when. The boss sees screenshots in your Facebook feed go up on a weekend. He checks the watermark and finds you were actually playing Tuesday night at 3 AM before an important meeting on Wednesday. Even though you did fine on Wednesday he thinks this is unprofessional and disciplines you.

There, three possible attacks that use this information. Sure, none of them are all /that/ likely, but neither is any crime (except speeding) in absolute terms.

JasonSeptember 15, 2012 11:47 AM

As I mentioned above, I'm a Warcraft user and a MATLAB afficionado. I followed the procedure exactly as described in the ownedcore link, and analyzed the byte-values in my own screenshots using MATLAB as described by stvs.

A white screenshot is nothing but 255's. There is no hidden data. The JPG file I created is only 20 kb in size, regardless of what compression level I choose in the client -- this is roughly the minimum size for a compressed JPEG the size of my screen.

This is either a hoax, or an honest mistake, or Blizzard has changed their client software to remove the steganography since the news broke. (There have been several client patches since then.)

ClintSeptember 15, 2012 1:55 PM

If a user posts a screenshot claiming someone has broken the rules, how do you prove the screenshot is valid before taking action? It would be trivial to setup a private server, create a couple toons (actor and camera), and stage any misbehavior you want.

Kudos to Blizzard for doing this and protecting innocent players from being framed.

curtmackSeptember 17, 2012 2:39 PM

@Clint Now that the watermarks and their formats are mostly well-understood, how do you prove that somebody hasn't done this, and also forged the watermark?

Unless the watermark has some sort of internal verification, it just adds a layer of false authenticity to what it says. Verification would be easy to implement; since the game is online, the watermark could have just been downloaded from the server, in which case it could have been cryptographically signed.

As Jason mentioned above, it seems that new screenshots no longer exhibit these watermarks, so the point might be moot.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..