After the longest time without an extreme fail post, I came across something that I just had to share.
For those who don’t want to read the whole thing, the important line is “in the near future, anyone posting or replying to a post on official Blizzard forums will be doing so using their Real ID — that is, their real-life first and last name…” Yeah, folks, you read that right. If you want to post on the public forums you have to use your real ID to do it. You know, that “so invasive you should only share it with real-life-friends or family” thing? Yeah, that one. That’s your new forum display name.
I can’t, for the life of me, figure out why Blizzard wants to give away my personal information to anyone and everyone they meet. Are they being paid to provide their customer’s personal information in a way that is easily gathered by marketers, but (supposedly) leaves them clean? Are they trying to strong-arm people into buying their supposedly-optional authenticator by tying account security to a single e-mail address that you then give to people (along with your real name) to people to add to your friends list? And now this bit of idiocy as (apparently) an anti-trolling measure. Seriously? There was no middle ground between “make unlimited level 1 forum trolls” and “I’m giving your real name to everyone on the forum”? Like, say, requiring a single avatar to be designated as your forum avatar (and perhaps have some additional level restriction or perhaps make this avatar default to the one with the most achievement points – ostensibly the person’s “main”). What’s next? Our phone numbers and addresses will be handily provided so that would-be stalkers and marketers don’t have to take the 10 seconds it takes to google them?
I’ve seen it argued that internet privacy is a myth. Maybe it is, to an extent. But that doesn’t mean we have to roll out the welcome mat to anyone who wants our personal information. The much-quoted example, Facebook, allows me to designate who can and cannot see my personal information. My pictures, birthdate, events, e-mail, etc. cannot be seen by anyone who is not on my friends list. And (here is the most important part) that’s only if you know my name to look for me to start with. Which none of you do. Because I have prudently chosen not to share that information with you. Just as I have cautiously and vigilantly failed to mention my real name or link this blog with my facebook page in any way. Anyone who looks to learn more about me on my Facebook page won’t find anything more than my name (and as we already established, if they find me on facebook, that’s what they had to start with). That being said, this information was shared as part of a social networking site: in other words, your name and a certain amount of personal information are required for the site’s function. A small, but guarded, invasion of privacy is an expected and necessary evil in that context. Which is why I made the decision to share it.
But how about reporting a bug in Warcraft? Why does my name need to be made publicly available to anyone and everyone free for the reading in that context? Does another user really need to know my name for a Blizzard employee to be able to fix their own faulty coding? Does Blizzard have *any* cause to *ever* publicly share *any* of the personal data required to start an account, especially considering that the terms stated at the time specifically claimed that your personal data would be kept private? The more Blizzard goes down this path the sadder I am that I chose to use a real name to start my account. Maybe this seems an overreaction when, after all, the data in question (your real name) is exactly the same in both scenarios. However, to me, there is a very large and very alarming difference between choosing to share my personal data, and a company deciding to share it for me. Especially when the involuntary sharing of information is required for what some would call necessary basics of the game (i.e customer service and technical support).
So under the new system, I make a bug report and my name is displayed for anyone to read. Someone takes that name and plugs it into facebook. They find a handful of people (one of whom is me) and thankfully get no further, because Facebook’s security is better than Blizzard’s. But this is the best-case scenario, as I am someone who is aware of some of the risks and actively seeking to guard his information. What about someone who was a little less guarded with their facebook page, owing to the expectation that these two worlds would never cross? Our scenario would end more like this: they find a handful of people and one of them is not set to private. They gather my birthdate and e-mail address and now have everything they need to steal my Blizzard account. In other words, the potential security risk isn’t just in the information itself, it’s in the link it makes between two previously-separate databases of information.
I hate to come off as some sort of rabid paranoid, but it’s like Blizzard is actively trying to undermine account security, all the while wringing their hands and acting all bewildered about why account theft is on the rise and grows higher with each “advance” towards Battle.net unification. I mean, you take a unique and secure username and replace it with an e-mail address. What could go wrong there? I mean, people have been really vigilant about not sharing their e-mail address with anyone, right? Because as we all know, an e-mail address is a secure piece of information that should be kept private and not some half-anonymous communication tool that we hand out to anyone who wants to contact us because it’s just a freaking e-mail address. And it goes downhill from there. In fact, Blizzard’s entire security philosophy seems to be hoping that everyone else (from social networking sites to your e-mail provider) has better security and privacy protection than they do. And that folks, is the very definition of extreme fail.