I know that I said I would be aiming for writing posts for Wednesday releases, but this is too interesting to let go for too long. A hacker (and I mean this in the earliest form of the word) who goes by the handle 'Sendatsu' has posted on ownedcore that he has found tracking information in the form of a watermark on in-game screenshots taken by the World of Warcraft client. Without getting too into the details, which you can find at the website linked in the previous sentence, it has been determined that the watermark in question is not jpg compression artifacts although it seems that the developer who put in the watermark did indeed aim to make it seem that way. By default, screenshots are captured at a "quality level 9" jpg, which is a fairly destructive compression algorithm even at that "lossless" level. Kicking the quality up to 10 causes the watermark to disappear.

However, another hacker going by '_Mike' posted a hack that showed the application deliberately removing the watermark when set to a more lossless format (or a level 10 quality jpg). For those who are not following here, _Mike has essentially shown that there is an if-else block of code in the application that says "if really high quality [subtext - so we cannot blame the watermark on compression artifacts], do not show the watermark, else show the watermark". He essentially wrote some assembly code to run at the system level that patches the World of Warcraft application to never satisfy the first if-block and therefore always show the watermark regardless of the quality or image type.

A few other guys on the forum went so far as to decipher the watermarks from their in-game screenshots and discovered that the information is mostly character name, realm ip, and account name. Mostly, this information is innocuous in and of itself except that Blizzard is doing it without telling their user base in either the ToS or contract agreements to which we must agree every time there is a patch. So, if the information shown is just for tracking purposes (i.e., they can tell 'at a glance' who/where/when they are looking at), then to what end are these watermarks used?

I have read through the forum post and it seems that most people have only found screenshots as far back as early Wrath of the Lich King, but there is at least one person who claims that he might have a screenshot from 2003 (well before WotLK) that has the watermark, but he has not be able to decode it like the more recent screens; so far, it seems it may actually be jpg artifacting he is seeing in this early screenshot. Okay, so we have a time-frame with WotLK and that was the most tight-lipped Friends and Family Alpha experience to date.

My guess? I would say that this was put in place to try and fish out who was leaking the early alpha screens to the various rumor sites at the time. The Burning Crusade had the same type of NDA during its alpha/beta phases, but it was basically Blizzard's first go at an expansion and keeping the lid on such a huge project (remember that it had 6+ million users at the time of TBC's alpha all clamoring for info and that population was still growing). When WotLK came around, Blizzard knew what was to be expected of their FaFA NDA, so they probably put this watermark trick in place to see who was the leak. Basically, posting a screenshot to one of the wow rumor sites that was never wrong (I do not recall any of the sites urls, sorry) would show the public an image with that user's account information. As soon as Blizzard sees the screenshot, they run it through a tool they designed and they know exactly which account is to blame.

It is probably too early to tell whether or not there is any real malicious intent from the watermark, but the feeling I get from the examples posted so far seems like tracking in the most devious of cases and probably nothing more than a staple to catch leak-prone insiders. That being said, I will continue to follow the story and post more as information surfaces.