The Call of Duty: Modern Warfare II open beta kicked off this past weekend, and as players give their first impressions of gameplay mechanics via social media, the company that publishes the game, Activision, is collecting their data and using it to sell products. It's not a big secret, as the company lays out its data collection and retention policies in its privacy policy. Activision's privacy document is extensive, but is written in a way that's easy to understand and contains links to help users opt out of their targeted mobile advertising program. In the past, I've asked readers to check out privacy policies before using mobile apps. Here, I'm telling online gamers the steps you should take to keep your their data private while you play.
Why Game Developers Want Your DataAs noted by writers from the Brookings Institution in an article examining data-driven video game design, today's game companies collect a lot of data about their players to improve the playing experience for everyone. In the case of Activision, the company notes in its privacy policy that players should expect surveillance when it comes to their in-game chats or voice communications, as those may be monitored for anti-cheat, anti-fraud, and anti-toxicity purposes. If you're playing an Activision game and running other software on your gaming device simultaneously, Activision may monitor and record that activity. My initial reaction to this kind of tracking was negative. However, a quick Twitter search yields complaints from Call of Duty: Modern Warfare II players regarding others using software to cheat during the open beta. I think anti-cheat monitoring is necessary for everyone to have an equitable and fun gaming experience, so I'm okay with that kind of in-game observation by the company.
How Game Companies Collect and Lose Your Personal InformationI have less of a problem with player activity monitoring by game companies and more of a concern with the amount of data the companies keep about their players. The more player information companies retain, the more data there is for hackers to steal during inevitable data breach incidents. Earlier this year, a criminal breached the Neopets database, potentially exposing payment and personal information connected to almost 70 million accounts. In a statement, the Neopets website confirmed the hack and informed users that the information stolen might include the following: "...data provided when registering for or playing Neopets, including name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player's pet, gameplay, and other information provided to Neopets." The online security research site TechRobot recently published a report analyzing top game developers' privacy policies. TechRobot found that over half of the online game developers examined in the study retain data concerning who gamers play with, and nearly 90% of the game companies collect information gleaned from in-game chats. The most egregious data collector in TechRobot's report is Riot Games, the company behind the wildly popular free-to-play title League of Legends. Riot Games last reported a data breach back in 2013, when approximately 120,000 transaction records were accessed. I looked into the game's privacy policy and confirmed that Riot Games automatically collects information such as a player's IP address, geographic location, ISP, and chat logs. Riot also collects all the information players provide voluntarily, such as demographic information, hobbies, favorite games, and contact lists. Riot collects a lot of personal information, and it's exactly the kind of stuff that bad actors want when they're hatching their identity theft schemes. In the aftermath of a data breach, it's easy for criminals to combine all of those disparate pieces of personally identifiable information to create a victim profile. The crooks then use these data profiles to impersonate their victims and open up lines of credit in their names or create fake social media profiles used to scam the people in their contact lists.
How to Protect Your Data When Playing Online GamesBelow are a few ways you can reduce your online data footprint while still playing the games you love: Unlink your social media accounts. Many game companies, including the ones I've mentioned above, monitor all your in-game communications, which sometimes extends to social media posts. For example, according to their privacy policy, Riot Games gathers social data from users who link their Facebook accounts to their Riot Games accounts. Use a VPN while you play. A VPN is a privacy tool that can hide your IP address, thus concealing your geographical location and changing your DNS information. Remember that some games ban players from VPN use for location-locked release dates or region-locked in-game items. Since latency and speed can be affected by their use, we've rounded up a list of the best VPNs for gaming. Use a password manager to create and store your game account credentials. When the game company's servers are hacked in the future, you will be sitting pretty, knowing you created a unique password for that gaming account, so your other accounts won't be in danger of being compromised by reused passwords. Enable multi-factor authentication on your account. MFA secures your account by ensuring hackers need something you have (such as a hardware token or cell phone) or something you are (such as your fingerprint) in addition to something you know (such as a password), to access your account details.
Get this from a friend? Get it delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.
What Else Is Happening in the Security World This Week?This Malware Can Infect Your PC With Over 20 Malicious Programs. The NullMixer malware can download a large number of Trojans to a PC all at once, according to antivirus provider Kaspersky. UK Police May Have Arrested Hacker Behind GTA 6 Leak. Police in London say they've nabbed a 17-year-old on suspicion of hacking crimes. Twitter: Our Password Reset Function Failed to Log Users Out of Devices. It blames the now-resolved problem on a bug that was accidentally introduced last year. Meta Sued for Tracking iOS Users Even If They've Opted Out. The lawsuit also claims the Facebook app violates state and federal laws. Use the Google App to Request Removal of Search Results With Personal Info. Search result removals can now be requested via Google's Android app for some users. |
Comments
Post a Comment
Please leave a comment about our recent post.