b.cognosco

I Spy With My Little EULA (Donna Wentworth)

You may recall that Blizzard is the videogame company that sued three software programmers for creating BnetD, a free, open source program that allowed gamers to play games they purchased with others on the platform of their choice. Blizzard claimed that the programmers violated several parts of the company's End User Licensing Agreement (EULA), including a provision on reverse-engineering. But it turns out that's not all that Blizzard's lawyers have inserted in the fine print. As Bruce Schneier reports, the company is also using its Terms of Use agreements to justify spying on gamers' computers.

Writes Greg Hoglund, co-author of Exploiting Software, How to Break Code:

I watched the [software] warden sniff down the email addresses of people I was communicating with on MSN, the URL of several websites that I had open at the time, and the names of all my running programs, including those that were minimized or in the toolbar. These strings can easily contain social security numbers or credit card numbers, for example, if I have Microsoft Excel or Quickbooks open w/ my personal finances at the time. ...[The scanning] certainly will result in warden reporting you as a cheater. I really believe that reading these window titles violates privacy, considering window titles contain alot of personal data. But, we already know Blizzard Entertainment is fierce from a legal perspective. Look at what they have done to people who tried to make BNetD, freecraft, or third party WoW servers.

As Schneier says, this is truly scary stuff. Yet even a few of the security-savvy readers at Schneier's weblog are downplaying its significance. Why? Annalee Newitz has a theory that rings true to me: people think of routine spying as normal. […]