Monday, 12 July 2010

So what have I learnt from the RealID debacle?

Was there a message for me, personally, in all that mess?

Several, actually.

I’ve been going about my online life moderately carefully so far. I do have a facebook account (err no – no link, thanks), but most of my settings are locked to “friends only”. I have (in retrospect) added a few too many people there – some who I’d only consider very casual acquaintances – while a few people are clearly missing. Professional “facebookish” services are not very widely used over here (yet?).

Unfortunately, that was not always the case. On a webpage I own, I had an email published for a very long time, complete with @ and .de, for every crawling spam-bot to find and abuse. Many bloggers already are better there, using (at) and (dot) and such in their descriptions – or going to even greater lengths to make sure a human reader will understand, while a machine will be stumped (hopefully).

So apart from cancelling an account (and reactivating once they had assured us it wouldn’t happen), what have I done?

Well, I’ve been over my facebook settings again – I’ve made triple sure it’s all “friends”, not “friends of friends”. I’ve changed and created several new email accounts – Blizzard has its own (so any “official email” not appearing there has to be phishing by default), as does the Blog and the other games. I wish I could have changed my name on the Blizzard account to John Doe – sadly phone support was never available, so I couldn’t even try.

I’ve also upped the general paranoia levels a bit. Basically: It’s Blizzards fault, but no future game subscription will see a real name ever again. There will be faked parts in it – added advantage: Should I get snail-mail at home with the fake name, I’ll at least know who sold out my name.

Larissa has waxed poetically about how much of a loss of trust this was – single employees are still okay in her book, the company as a whole has lost her trust.

I can’t say that I’d put it the same way. Some Blizzard employees apparently fall for the same traps that players do. They thought that sharing a bit of information wouldn’t hurt, that it would all be secure enough. Interestingly, those are also the people who don’t mind putting their name on the forums (see the case of the poor Community Person – weather it was his information or someone else’s doesn’t really matter at this point). Those who were the ones to cry for their privacy are likely also the ones who would have been hard to find anyway.

Still, the matter remains – it is not for a game company to decide (retroactively, I might add, otherwise I would have been John Doe since the start) to share my information with other people.

So yes… internet safety is not something we can ignore. It’s also something a lot of people do not take care of properly. There are guides for safety on the web (surprise, surprise) – and even though many of them are written for parents with children in mind, the general information does apply. Let me quote from the FBI “Parents Guide to Internet Safety”:

Instruct your children:

- to never arrange a face-to-face meeting with someone they met on- line;

- to never upload (post) pictures of themselves onto the Internet or on-line service to people they do not personally know;

- to never give out identifying information such as their name, home address, school name, or telephone number;

- to never download pictures from an unknown source, as there is a good chance there could be sexually explicit images;

- to never respond to messages or bulletin board postings that are suggestive, obscene, belligerent, or harassing;

- that whatever they are told on-line may or may not be true.

Now I don’t agree to all of those suggestions myself.

I have had, in fact, many very pleasant guildmeetings in real life. They were my choice to participate in, however, and there was a promise of beer and cocktails and pizza and long debates about the state of warlocks (or earlier: Dragontaming and Lightsabers).

I also may once or twice in my life have deliberately downloaded a sexually explicit image. Again, my choice (and I'd do it again).

I decided to trust those strange people I played games with enough to go out for a beer (at a youthful 25 or so for the first time – maybe I was still overconfident), and I decide what I download.

Especially the "don't meet strangers" line appears a lot more sensible for children than adults, though, and the rest of the lines basically describe what I do not want Blizzard to distribute to the public – or even for Blizzard to just possess. My name and phone number and my photo.

Lastly: Not everything told online is true (that line applies especially to companies that want to make a profit. Yes, that is really everyone. Up the paranoia please, it is a good idea) and replying to trolls never helped – and can be used by online companies as an excuse for a blatant abuse of privacy.

1 comment:

  1. "No future game subscription will see a real name ever again. There will be faked parts in it – added advantage: Should I get snail-mail at home with the fake name, I’ll at least know who sold out my name."

    An excellent idea. As a suggestion, your 'first name' when creating an account could even be relevant to the game itself, i.e., Wow Rambling, Lotro Rambling, Dido (DDO) Rambling, etc.

    After I got hacked I set up a brand new email account specifically for WoW, which I've not used for anything but WoW. (Unlike my previous, personal email which I naively used to create accounts at WoWhead, WoWwiki, etc.)

    I have yet to get any emails in that new WoW-only account other than one or two from Blizzard themselves, but I'm keeping an eye on it. If I do get any phishing emails there it will be proof positive that Blizzard themselves have a security leak.