In his latest column, the pretend computer security “expert” John Eldridge again raises FUD (Fear, Uncertainty and Doubt) around Warden, regurgitating the following urban legend:
“It (Warden) reads the text in the title bar of every window you have open including that really embarrassing Furry fan site you don’t want your friends to know about. Yes Nekudotayim, Bliz knows about your pr0nz.!“
Yet in the following sentence, John contradicts himself (and actually gives a technically correct information):
“The Warden then creates a hash code (think fingerprint) of each window title and compares the results to a list of ‘banning hashes’ for potential matches and subsequent divine retribution.”
The rest of the post is full of the same ambivalence, alternating between factually correct information and fearmongering (comparing Warden to Spyware, insisting Blizzard knows about your browsing habits).
The key distinction John fails to make, though, is that while Warden “knows” without recognizing or understanding what is happening on your box, Blizzard doesn’t.
What exactly is a hash code? It’s quite simple. You take a word or sentence (for instance in the present case a browser window title), apply a non-reversible mathematical function (the same kind of operations used in modern encryption) and you get a relatively short alphanumerical code back – your hash code. As mentioned, the function is not reversible, in other words, from a given hash code, you cannot deduce the original word or sentence.
Blizzard takes a certain number of known cheat programs and sites and runs them through their hashing function. This gives them a dictionary of sorts, a list of suspect hash codes. Every 15 seconds, Warden hashes every running process name, the names of open windows and browser pages, and compares each hash code to that dictionary (or sends it back to Blizzard and the comparison is made there, it isn’t entirely clear where the action takes place). If any of those Warden-generated hash codes match what is on the dictionary, Blizzard’s processes against cheating will be set into motion. The rest of the hash code generated from your box is totally useless. There’s no way that Blizzard will be able to determine (and will even want to determine in the first place) that a specific code hashed by Warden on your computer is actually you looking at www.steamingtaurenaction.cw
Again, let me stress that point: Blizzard cannot identify any application, process or data gathered on your box which doesn’t match its list of potential cheating software.
Beyond that, my point made when patch 2.3 was launched still stands:
“As all the other reasonable commentators keep pointing out, if you do not trust Blizzard with your privacy, there’s only one solution, uninstall the game and quit now. What Warden does is totally irrelevant in that context, and focusing your ire on it at the exclusion of the rest of WoW basically just shows that what you’re really after is posturing on message boards.
Plus, face it, it’s not as if your private data was interesting anyway. Nobody cares about your secret pr0n stash on your home computer, least of all Blizzard. If it’s professional data, even simpler, you shouldn’t play WoW on a work computer no matter how lax your employer might be about that. The only thing Blizzard may want is your credit card number, and chances are, you gave it to them already.”
Face it, unless you’re cheating, your private information is not interesting to Blizzard (and anyone else). You’re not a special snowflake. Your draenei tentacle pr0n stash is boring. Your domestic accounting spreadsheet doesn’t matter to anyone but yourself. You disclose more information about yourself and your habits whenever you pay for your food with a credit or debit card.
WoWInsider has a long standing and bad habit to stir up controversy and fan flames in lieu of relevant discussion, starting at the very top with Mike Shramm himself. Computer security is, however, a grave enough subject that playing the same game of bait-and-switch hack posting representative of the worst the site has to offer is irresponsible and foolhardy. If you term yourself a computer security expert, feeding paranoia on false representation for the sake of generating comments and traffic is something which your work ethic should forbid you to do, at all costs.