The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Fri Nov 22, 2024 8:32 pm

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 193 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next
Author Message
 Post subject: Re: Re:
PostPosted: Fri Jul 09, 2010 7:53 pm 
Offline
The Game Master.
User avatar

Joined: Wed Sep 02, 2009 10:01 pm
Posts: 3729
Midgen wrote:
DFK! wrote:
You make me glad I never played WoW.


Glad I could be of service. :D


It's just that I know what you do for a living. Given that, when you say something provides a real and inherent threat to data security, I believe you.

_________________
“The duty of a patriot is to protect his country from its government.” - Thomas Paine


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Jul 09, 2010 11:22 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
I honestly don't have any particular insight into the realID code. I was just trying to answer the question and provide a little fundamental clarity.

I believe Khross has done some actual research into the matter at the code level, so I'll defer to him for anything specific.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sat Jul 10, 2010 12:14 am 
Offline
User avatar

Joined: Thu Sep 24, 2009 4:57 am
Posts: 849
When you say...

Midgen wrote:
In otherwords, you changing the setting only affects the way the actual game software presents your information to others. It doesn't actually remove the code that allows the information to be queried in the first place. As long as that exists, there is risk (and a significant one) that the personal information you have stored in the battle.net data stores is vulnerable.



...are you claiming that it's "safe" from some random Night Elf on my server, but not at all if I inadvertently got a piece of malware on my computer that fishes the data out without ever having to reach the "RealID is disabled" barrier?

...or instead, is it that you're saying there will always be a real likelihood that there will always be a new exploit that people can use to get the RealID info of people on their WoW server (or technically even found elsewhere such the Armory) even with it disabled?

And Khross mentioned billing information, but I didn't think that was included in the RealID information itself. I could be wrong though as I haven't had any want to really use it anyway and thus haven't looked into the details of the actual RealID information.

I consider the exploit available now (assuming it wasn't fixed) to be a pretty huge invasion of privacy made possible by RealID, but I'm also under the working assumption that it will be fixed. If it's more the case of malware itself that I'd have to get infected by, I'd probably have a lot bigger concerns than wow players finding out my name and messing with my account anyway.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Jul 10, 2010 7:55 am 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
If the data is linked in a database somewhere, there's the possibility that it can be compromised, Noggel. That possibility is increased substantially when there are numerous sanctioned, publicly facing API's to retrieve it, even if there's supposed to be something that will deny those API's in some cases. Thus, "turning it off" isn't good enough, until "turning it off" means removing your RealID data from the non-billing server. Until such time, it's still a substantially increased risk.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sat Jul 10, 2010 9:00 am 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Noggel wrote:
...are you claiming that it's "safe" from some random Night Elf on my server, but not at all if I inadvertently got a piece of malware on my computer that fishes the data out without ever having to reach the "RealID is disabled" barrier?


LOL Nope... i'm making no such claim. In fact I specifically stated that disabling RealID is just changing a setting... whether that is effective in preventing the random Night Elf on your server from accessing your personal information is entirely subject to the veracity of the security Blizzard implements at the code level.

Noggel wrote:
...or instead, is it that you're saying there will always be a real likelihood that there will always be a new exploit that people can use to get the RealID info of people on their WoW server (or technically even found elsewhere such the Armory) even with it disabled?


Yes, this is what I'm saying...

Anyone who chooses to continue to play, and who wants to protect the data that is potentially available via RealID (I have no idea exactly what data this is beyond battle.net account info and real first/last name) from unintentional disclosure, I would highly recommend using a lot of scrutiny when deciding what add-ons and such you use. And to just be that much more vigilant against virii/malware, etc... And even then, just be willing to accept that there is still going to be risk of disclosure...

I would guess that the RealID program interfaces will become a very popular target of nefarious identity wranglers on the world wide interwebs...especially those interesting in stealing accounts, etc...


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Jul 10, 2010 9:11 am 
Offline
The Dancing Cat
User avatar

Joined: Wed Nov 04, 2009 2:21 pm
Posts: 9354
Location: Ohio
Apparently they nixed it.

http://www.msnbc.msn.com/id/38171987/ns ... nce-games/

_________________
Quote:
In comic strips the person on the left always speaks first. - George Carlin


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Jul 10, 2010 9:31 am 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
As for the "linking your character back to the billing database", I'm struggling to think of any computer system account that uses a subscription model that doesn't do the same thing.

The mechanism may change, but there must be that link. I'm not sure what mechanism Blizzard uses, but I seriously doubt anyone knows. Hacking can provide access to personal info...I'm not seeing anything new there.

That said, I'm all for folks voting with their $$.

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Jul 10, 2010 10:04 am 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
Common sense, Taskiss, (as opposed to knowledge of their systems) would indicate that in a good model (and, I would hope, their Pre-RealID model), characters are on a server with the account name (or even a numerical code standing in for the account name on this server) linked in the database; while account name and billing information (and thus your real name) and, if the character servers use account ID numbers, the account ID number, reside on an entirely separate database.

Thus, hacking the character database would not divulge your real name, and instead you'd have to hack both the character database and the billing database, which would be more heavily shielded by firewalls which would allow only traffic to and from the login server and their credit card processing service.

Adding your RealID information to the character server, so that it's available to in-game client calls and the exponentially wider range of connections this requires, is the potential security compromise.

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sat Jul 10, 2010 2:16 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Hopwin wrote:



Hopwin,

They nixed exposing real names in the forums. They did not nix the RealID integration into the game client. That 'feature' is still there, in game.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 10, 2010 2:20 pm 
Offline
User avatar

Joined: Thu Sep 24, 2009 4:57 am
Posts: 849
I understand the technical concerns better now, though ultimately I don't think this is as big a deal as people are making it out to be. Not so much here in this thread, but on other places, there has been a lot of overreaction I think.

Adding RealID to the game adds more vectors for hacking -- no doubt. Adding nearly any service adds more vectors, but in this case it's more relevant in a sense since this adds entirely new information for the gleaning. If I'm not mistaken, this information should be your name and your battle.net e-mail address (aka your login).

You definitely should be more wary of addons now, but IMO you always should have been quite wary to begin with. I've always been fairly picky with my addons to begin with, and I don't use the Curse client. Still, more cause from concern is more cause for concern no matter how you look at it.

The reason I say I don't think it's so big a deal is more about general levels of concern and effort. I'm going to assume Blizzard is going to fix any exploits where you can call another player's RealID information if they're not your RealID friend, especially if they have RealID disabled altogether. If they don't fix it I'll be very displeased with them, but I don't think this will be the case.*

It adds more vectors for malware, too, but I'm not too worried with this. Chances are if I get infected with a piece of malware that wants to report back personal information, that ship has already sailed no matter what Blizzard does with WoW or its other games. Standard smart Internet usage is a pretty big protection against this, too.

I mean, in no way do I think I'm just as "safe" now as I was before, don't get me wrong. I would be extremely unhappy with the security in place if it was protecting company secrets or extremely valuable information. But given that phone books aren't exactly very valuable to begin with, I'm not terribly worried.

I am tempted to risk making an analogy that it seems a lot of technical concern here and elsewhere on the Internet regarding RealID is people taking a Secret Service approach to security, where I'm seeing it more as a sort of "street smarts are good enough" sort of thing. Street smarts won't do a thing for me if organized crime is out to get me, I suppose, but for the average Joe it's good enough just to not be the low-hanging fruit.

Security through obscurity is no security, I know, but eh... for personal computing as a random nobody I'm going to go out on a limb and say it's very practical. My security is fine for me, but would not be fine at all for a big website or something else that draws attention. Though I finally started using AV software lately, I managed to go over 10 years online quite safely before that by simply following safe security habits. A strong password and an authenticator are going to protect your account pretty darn well regardless, and my name is already widely available to the world at large if people are out there looking for it. It's probably pretty hard to drop off the publicly-available-information grid, and though RealID in Blizzard games technically adds to it, I don't know that I could honestly say it makes me more vulnerable to any relevant degree. If a 7th whitepages-esque website adds my name, phone number, and address to paying customers, I'm technically more vulnerable, but effectively the odds aren't going up any appreciable degree.

Most of us here on the Glade have willingly made available a condemning amount of information if Internet stalkers are a concern. While I haven't given my address or even town out to all but 1 or 2 guildies, I have given enough information in guild chat that it opens up security holes. I'm "fine" with giving out the information I have on the Glade and in /gu... I know it's a negative, and I know it's a security risk, but IMO they all sort of pale in comparison to a lot of security risks we regularly engage in IRL anyway. I still may give a waitress my credit card. I still give out my phone number to a cashier, who may have my address in their computer. I can't argue that adding more security holes is a good or even a neutral thing, but I guess my overall point is that there is a degree of acceptability (that varies from person to person) for personal information. When we have to worry about getting infected with snoopy malware, a 0-day style vulnerability in Blizzard's new patch, or even someone hacking Blizzard themselves, those are all beyond my point of being a concern.

Disclaimer: I'll state again for the record I don't think RealID is a good idea to begin with. Battle.net definitely needed an upgrade to even compare to Steam or XBL, but I prefer the old system of a username. I agree that adding RealID adds security risks, and if you're the type to remove yourself from phone books and online directories then I can fully support your boycotting of any and all Blizzard products forever on. I can especially sympathize with those who have accounts for their kids.

*Man, I not only murdered pronoun usage, but I beat its corpse there.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sat Jul 10, 2010 9:20 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
You aren't just adding 'additional vectors'. You are also adding personal information, including real names, and account names to the pool of available data.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sat Jul 10, 2010 9:29 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
Midgen wrote:
You aren't just adding 'additional vectors'. You are also adding personal information, including real names, and account names to the pool of available data.

That association already exists on the server.

I have 3 different accounts, one for each of my sons and myself. They occasionally log into the account my character is on to access my banker, and when that happens and I'm on as a different character, I get kicked off the server.

There must be a connection between characters and account ID's in the information available on the server.

_________________
In time, this too shall pass.


Last edited by Taskiss on Sat Jul 10, 2010 9:46 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sat Jul 10, 2010 9:44 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Taskiss wrote:
Midgen wrote:
You aren't just adding 'additional vectors'. You are also adding personal information, including real names, and account names to the pool of available data.

That association already exists on the server.


Yup, and now the API's exist in your game client to peruse them....


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sat Jul 10, 2010 9:51 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
Midgen wrote:
Taskiss wrote:
Midgen wrote:
You aren't just adding 'additional vectors'. You are also adding personal information, including real names, and account names to the pool of available data.

That association already exists on the server.


Yup, and now the API's exist in your game client to peruse them....

I've turned off real id on my account and it fails to return data when the api call "/run BNSendWhisper(BNGetInfo(),"Test")" is made... I don't believe those api's have the ability to access that information anymore. Besides, the API is just a vector, not the information (which must already exist on the server).

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
PostPosted: Sat Jul 10, 2010 11:30 pm 
Offline
Doom Patrol
User avatar

Joined: Thu Sep 03, 2009 10:31 am
Posts: 1145
Location: The subtropics
Despite going back on the Real names on the forums, I have unsubscribed and will be deleting my account.

I heard and saw the general plan, and that is to sell my information to anyone. I can not tolerate that.

Sorry, you can't have my stuff, I already gave it away.

I played the game for fun and adventure, not to be another source of stress in my life.

But, darn, DDO was packed today!

_________________
Memento Vivere

I have local knowledge.
That sandbar was not there yesterday!


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sat Jul 10, 2010 11:46 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Taskiss wrote:
I've turned off real id on my account and it fails to return data when the api call "/run BNSendWhisper(BNGetInfo(),"Test")" is made... I don't believe those api's have the ability to access that information anymore. Besides, the API is just a vector, not the information (which must already exist on the server).


Uncle...


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 11, 2010 8:39 am 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
Noggel wrote:
You definitely should be more wary of addons now, but IMO you always should have been quite wary to begin with. I've always been fairly picky with my addons to begin with, and I don't use the Curse client. Still, more cause from concern is more cause for concern no matter how you look at it.

The reason I say I don't think it's so big a deal is more about general levels of concern and effort. I'm going to assume Blizzard is going to fix any exploits where you can call another player's RealID information if they're not your RealID friend, especially if they have RealID disabled altogether. If they don't fix it I'll be very displeased with them, but I don't think this will be the case.*

It adds more vectors for malware, too, but I'm not too worried with this. Chances are if I get infected with a piece of malware that wants to report back personal information, that ship has already sailed no matter what Blizzard does with WoW or its other games.

Or if your RealID friends do. Or their friends, even. How comfortable with your friends' addon and internet browsing and security habits are you?

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sun Jul 11, 2010 1:39 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Taskiss wrote:
Besides, the API is just a vector, not the information (which must already exist on the server).

Actually, this isn't quite the case. The billing data resides on a database server (or, more likely, a cluster thereof). When you log in, You transmit your username and password hash to the login/authentication server. It, in turn, queries the billing database on the backend for a matching account record. The billing database server(s) signal back to the login server whether a matching account could be found, and if so whether the account is active (paid).

If successful, the login server then issues an authentication token of some kind to your WoW client. Probably Kerberos or something similar. Your WoW client then presents this token to the game server when you connect to it.

Neither your WoW client nor the game server ever have access to account data of any kind, and quite possibly neither does the login server, per se. Providing a direct binding from the game servers to raw account data (or at least name data, in any case) is an entirely different arrangement from the status quo, and potentially enables a new class of information leak via interaction with the game server.

In other words, in the past, the scope of a security vulnerability in the WoW client's Lua API or client/server communication protocol were limited to in-game data and consequences. The scope of such a vulnerability is now wider than before.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
PostPosted: Sun Jul 11, 2010 4:29 pm 
Offline
User avatar

Joined: Wed Sep 02, 2009 10:48 pm
Posts: 753
Location: In some distant part of the Universe
Müs wrote:
Source: http://www.threadmeters.com/rTNdYG/A_Tr ... _PLS_READ/

A TRUE STORY OF REAL ID STALKING

When I signed on last night, I used the RealID system carefully. I friended 3 people I knew in real life. One of them is my boyfriend Bob (of course I realID friended my boyfriend, that's exactly what its for.) So I was careful. I only used RealID for a few real life friends. I care about my privacy.

Bob was not careful. Turns out that I can be responsible for the mistakes of a friend, or a boyfriend, because of the Friends of Friends thing.

Bob has a very, very active Wow social life. He added everyone he knew in the game who would pass on their email address. He added a lot of people including all the people he pugs raids with. I was teasing him about how many peoples RealIDs he had. He didn't even think about the fact that he was giving all those people MY name, too.

Bob added this kid I don't like much. This kid used to make really inappropriate comments to me because I'm a girl, so I stopped grouping with him, but Bob still raids with him. The kid is really immature, he likes internet pranks, and he has a very poor sense of humor. I've been kind of mean to him in the past so maybe it's my fault for provoking him...... he doesn't like me at all... maybe it's my fault??

I'm the only female name on Bob's friends list. Maybe when this kid was checking out Bob's RealID friends, he noticed my a girl's name on the list, and it didn't take much logic to put two and two together. Oooh! Now he has Bob's Girlfriends name! Lets have a little fun with Google!!

He googled me. My name is all over the internet - it's on my company's website.

THIS KID CALLED MY WORKPLACE THIS MORNING.

He wasn't malicious (except for the part where he freaked me out and irritated my coworkers). He thought it was funny. He's a little kid and he had too much time on his hands, and he was used to playing pranks like this on the internet. And we were all joking last night about this stuff last night in guild chat....... maybe I gave him the idea?! I don't know. I don't want to know.

I think it was funny. Would you?

I am so shocked that I basically handed this kid my name. Why? Because I real ID friended one person, my boyfriend. I used the system carefully but now I'm paying the price - my loss of privacy - for a mistake *someone else made*.

Why should we be responsible for who our friends friend... my boyfriend feels awful about it... but it's not his fault! This friend of friend thing sucks!! Why in the world would Blizzard share your name with who your friends friend??? How could they think this is OK?

TO READERS:
Be careful who you friend - and who THEY friend. You aren't just sharing your info with who you add - you are sharing your private info with every single person your friends add. You are now responsible for the safety of all your friends friends too. Blizzard has now made you responsible for your FRIENDS FRIENDS. Keep in mind that anyone you add to your list is sharing YOUR REAL NAME WITH ALL THEIR FRIENDS ANYTIME. Are your friends adding people you don't know? Are your friends adding people you wouldn't want to share your name with? Are you sure?

Are you ok with the fact that the moment you choose to realID friend *one single person* you give them permission to spread your real name *to anyone*?

TO BLIZZARD:
Why is the option to view Friend's Friends real names on by default? This is awful. Why is there no privacy setting? This was like the first privacy setting Facebook ever had! Friend Of Friend! We need control over what Friends of Friends see!

I get that you want us to use our Real Names. I wish I could use an alias, but I can't. So TAKE RESPONSIBILITY for it -

If you are going to force us to use our real names for RealID, GIVE US PRIVACY AND DONT SHARE OUR NAME WITH ALL OUR FRIENDS FRIENDS. How can you do that? I feel betrayed.

It's been less than 12 hours and ALREADY THIS HAS HAPPENED TO ME.

Please turn off friend of friend before it happens again to someone else.


This is the biggest issue I have with RealID, and the reason why I cancelled my account. It doesn't matter how careful you are with your friends or your add-ons, because, chances are, other people are NOT as careful as you. And once you friend someone using RealID, you just lost all control you had over it. Because all of their friends (and all of their friends' add-ons, I might add) can see your information.

Who in the hell thought it was a good idea to share your information WITH ALL OF YOUR FRIENDS' FRIENDS?!?!?!?! Dumbest. Idea. Ever!!!!

_________________
"I Live, I Love, I Slay, and I Am Content."
- Conan the Barbarian


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun Jul 11, 2010 5:08 pm 
Offline

Joined: Wed Sep 02, 2009 9:01 pm
Posts: 834
Funny random thought that popped into my head earlier while thinking about this.

When I signed up for my Everquest account back in the day, it was the first account I made on the internet that had billing info tied to it. I used a fake name for it, and friends called me paranoid.


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Sun Jul 11, 2010 6:27 pm 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
Stathol wrote:
Neither your WoW client nor the game server ever have access to account data of any kind, and quite possibly neither does the login server, per se.

Unless you can back this up with documentation, it fails the sniff test - like I posted above, when a character from the same account logs on, any existing characters from that account are disconnected.

There must be an active association between the character and the account.

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Mon Jul 12, 2010 7:36 am 
Offline
Peanut Gallery
User avatar

Joined: Thu Nov 26, 2009 9:40 pm
Posts: 2289
Location: Bat Country
I only communicate with friends using AES256 and MD5 to be on the safe side.

_________________
"...the line dividing good and evil cuts through the heart of every human being. And who is willing to destroy a piece of his own heart?" -Aleksandr Solzhenitsyn


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Mon Jul 12, 2010 11:25 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Taskiss wrote:
Unless you can back this up with documentation, it fails the sniff test - like I posted above, when a character from the same account logs on, any existing characters from that account are disconnected.

There must be an active association between the character and the account.

There is, but the game servers themselves don't have access to it. The authentication (login) server maintains that association and acts as a "taskmaster" for the game servers via the issuing of tokens and revocation data. If the same account requests an access token for a server when it already has one (for the same or different server), the auth server sends a revocation notice to the server corresponding to the existing token, causing it to disconnect you.

I may not have the details exactly right (they aren't published, duh), but I can guantee that the use an authentication scheme along these lines. No competent networking engineer would design a system of this scale wherin the game servers have access to billing/account data. That's the entire point of WoW having a discrete login server.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Mon Jul 12, 2010 11:39 am 
Offline
User avatar

Joined: Fri Feb 05, 2010 11:59 am
Posts: 3879
Location: 63368
Stathol wrote:
No competent networking engineer would design a system of this scale wherin the game servers have access to billing/account data. That's the entire point of WoW having a discrete login server.

I thought that was exactly the issue being discussed?

So, are you saying they don't do it now.. or are you saying they didn't do it before and they're doing it now?

I'm saying there has always been an association between the process running on the game server and the account. Even your description includes that such an association must exist (the "token" you speak of, and if it's kerberos then there needs to be a keytab if you use an authentication server). Where you go after that, well, it's a nice positive assertion but it flies in the face of current events.

_________________
In time, this too shall pass.


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Mon Jul 12, 2010 2:37 pm 
Offline
The Dancing Cat
User avatar

Joined: Wed Nov 04, 2009 2:21 pm
Posts: 9354
Location: Ohio
Midgen wrote:
Hopwin wrote:



Hopwin,

They nixed exposing real names in the forums. They did not nix the RealID integration into the game client. That 'feature' is still there, in game.

Well wtf? That makes me think the forum thing was a deliberate straw-man they built into their plot so they could pull it and satisfy most of their user base.

_________________
Quote:
In comic strips the person on the left always speaks first. - George Carlin


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 193 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 136 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group