Blizzard’s Snow Job: Security About As Tight As Parental Controls

Nov. 14, 2012 Call it karma, payback, or just ‘got caught,’ the class action lawsuit against Blizzard Entertainment (makers of mega-hits like Diablo, World of Warcraft, Starcraft etc) is really about gamers tired of being played.

Anyone who thinks youth and gamers “don’t care” about privacy and security might want to watch closely as this media mess unfolds, because it’s an interesting case of a corporation being called out for commodification of personal privacy, turning the safeguarding of sensitive  information into a fear-based ‘you’d better watch out’ pay for play gambit.

Citing data hacks in May and August, (which evidently impacted the free smartphone app too) players say they were strongly encouraged to use a keychain gizmo “Authenticator” add-on for $6.50 a pop, reportedly making the company about $26M in the process. (the authenticator generates random numbers to be entered as code before game play). The lawsuit accusations cry foul for deceptive trade practices to upsell and for not taking proper steps to secure players financial and private data in the first place.

The BBC reported “In 2009, Blizzard revamped to make it the over-arching system people must use when playing any of the company’s games.” One of the lawsuit injunctions is to drop that requirement, and stop the company from charging extra for its security gadgets.

The suit alleges Blizzard “negligently, deliberately, and/or recklessly” fails to properly safeguard player information, which has resulted in repeated security breaches, and “fails to disclose to consumers that additional products must be acquired after buying the games in order to ensure the security of information stored in online accounts that are requisites for playing.”

In Blizzard’s published response on Forbes, the gaming firm claims the suit is “without merit” and “patently false” citing a “misunderstanding” about what the Authenticators DO (e.g. help protect players’ account details OUTSIDE of their network infrastructure from malicious code, key-loggers, phishing attacks and such).

On their own Blizzard forum, Blizzard addresses the repeated security breaches directly, albeit with verbiage that resembles solutions-based implication if not a full recommendation to use the Authenticator as a logical security solution:

“While the authenticator isn’t a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand.”

Though the mud-flinging will no doubt get everyone dirty, I’m crying crocodile tears for Blizzard as the company has left me singularly unimpressed with the way they’ve disregarded security on the ‘parental controls’ front as well, making it almost impossible to report repeatedly compromised accounts.

In my own digital literacy/online safety work I’ve found Blizzard has left gaping holes for easy workarounds, like pilfering email accounts. VERY young kids can access their rather addictive daily dose of gaming shoot-n-siege d’jour, undermining parents at virtually every turn.

Blizzard is clearly aware of this, and as a former ad agency pro, I’ll be bold and say it’s not beyond plausibility that leaving those holes open could be part of an age compression ‘get ’em while they’re young’ marketing strategy. Blizzard addressed gaming addiction allegations using the court of public media, (see CNN health chat) prompting many parents to take note of the “5 warning signs of gaming addiction.” Clearly, concerns are not limited to kids in South Korea.

It’s not a big stretch for me to believe the commodification of data and profiteering from ‘enhanced’ security is out of Blizzard’s ethical reach, so color me incredulous. Some of our own youth gamers may disagree, but I hope they get a comeuppance. There’s my bias with full disclosure. Boom.

In fact, in the spirit of industry wrist-slapping with high hopes that corporations will start baking ethical privacy and practices into the DNA of their company’s offerings, here’s an ode to Blizzard’s gaming gaffes on the “parental controls” front.

It’s written with candor in “open letter format” to lift and reveal behind the curtain the high levels of absurdity parents face in dealing with predatory marketers who spin-doctor messages of “concern” to parents about their child’s access to sites, while making it difficult if not impossible to opt-out, report, close down, or shut off that valve, particularly when it’s a classic, compromised account breach where a child has obviously parlayed an email into a free ticket to be undetected by their own parents.

Again, Blizzard can position ‘teens’ in their word choice all they want, the kids who breached security by gaining access to my e-mail account to sign on to WoW were from a media literacy lesson in fourth grade at an urban after school program.

In short, on behalf of multitudes of parents, I’m calling out Blizzard Entertainment for what amounts to P.R. fluff and stuff.

Dear Blizzard Entertainment:  (and other gaming industry honchos using automatic parental permissions with ‘no reply’ or ability to opt-out of the “sign me up” silliness…)

When you send “Dear Parent or Guardian” letters to me about my non-existent child who has signed up for XYZ site, with no way to inform you I have no such child, nor does this ghost-child have permission granted for squat…you are creating laughable media moments for a case study format in how to lose all credibility.

I’m not your worst nightmare, nor do you qualify as mine; your e-mails are a pesky gnat-like annoyance that I feel the need to share with my cranky pants on, as it appears you are not learning it’s uncool to take advantage of parents and ‘policy’ in the digital sphere.

By designing a built-in, self-awarded CYA hallpass for being ‘in compliance’ (in a twisted sort of don’t ask, don’t tell wink and nod approach to children being granted ‘permission’ to hang out in your gaming communities despite very obvious account breaches of “tween” 8-12 proliferation) you are thumbing your nose at COPPA regulations for kids under 13, and I frankly hope they upend your tail.

I realize tougher standards for COPPA could create new privacy issues, but you haven’t even attempted to play by the ‘old rules’ much less any new proposed FTC rules and that’s just plain corporate Blizzard/Activision arrogance in my opinion. So here goes, my parenthetical editorial comments are in color/italics. Ready?

Received from Blizzard Entertainment 4:07pm,

“Hello parent or guardian…

…”You are receiving this email because your teen has created a account, which is used to play games on such as World of Warcraft and StarCraft II.”

(No, actually, I’m receiving this because under 13 kids at various after-school venues have swiped this e-address and/or have lousy after-care program supervision, enabling opportunities to create workarounds, take private/unsecured info off teacher’s desks, etc. but whatevs) 

“This e-mail provides information about your teen’s account and parental controls, and confirms that you have reviewed and accepted the Terms of Use on behalf of your teen.”

(Um, no, it confirms you sent a link to Terms of Service (ToS) that no busy parent has time to open much less peruse, amidst a digital deluge of hundreds of emails a day–see average CORP inbox)

“To begin managing your teen’s play schedule and social settings, simply click the link below — and be sure to hang on to this email and keep it safe and secure, as it serves as your key to Parental Controls if you’d like to make changes in the future. Be aware that if you bookmark the page this link goes to (or retain browser history) that others using your computer’s web browser can potentially access your parental controls. In addition, be sure to visit for all your Parental Controls needs.

Well, hey Blizzard, this sounds cool, but looking at the FAQs, it sounds like “Real ID” is a bit of a biggie and knowing how to enable/disable requires me to actually KNOW my child’s account info, which you have not provided in this email, nor have you acknowledged the possibility that I don’t even have a child playing this game…

Then, dear Blizzard, you go on to state that if I have MORE than one child I need to set the parameters INDIVIDUALLY…Yet, again, you give zilch for user names, access, what child you’re speaking of, or a way to respond to ask you these things…

So, um…How is an after-school educator or parent who receives one of these notices (much less a barrage of them) supposed to KNOW which of the umpteen kids they deal with daily has used/breached their account when you don’t give folks this data…? Just sayin’…

“We believe that real-world priorities such as homework, chores, and family dinner should take precedence over entertainment – that’s why we offer Parental Controls to help parents manage their teens’ World of Warcraft play schedules and determine how they use the social features of when playing online.”

Oh pish-posh. Now we are simply hip-wading and slogging through massive excrement at this point. I am amused and disheartened simultaneously wearing high boots in the deep muck. 

“With Parental Controls, parents can:

> – Set daily or weekly limits on the number of hours your teen is allowed to play World of Warcraft and StarCraft II.

> – Create custom World of Warcraft and StarCraft II play schedules, or select from pre-set schedules such as “weekends only”.

> – Receive weekly World of Warcraft play-time reports via email.

> – Manage access to in-game voice chat.”

Ooooooh, impressive obfuscation of the fact that we have no idea WHO is playing the game since you haven’t sent us the user name or email data, but wow, what an impressive empowerment ploy to make parents feel like they’re managing media…Limiting and controlling this unnamed ghost-child in some alternative form of pretend-play under the auspices that we media savvy parents could actually DO something, ostensibly. Except we can’t, cause we don’t have a real child in the game…just someone else’s child playing under our email…woohoo.

“Please note that if you manage more than one teen’s account, you will need to adjust Parental Control settings for each one separately. If multiple World of Warcraft accounts are associated with each account, the Parental Controls settings you choose will apply to every World of Warcraft account.”

I’m sorry, this is as clear as that mud in your lawsuit.

Every year parents who try to ‘limit screen time’ to keep addictive gaming habits from turning kids into zombies that would rival your game characters, are met with copious quantities of roadblocks and barriers making it ludicrously difficult to place parameters on users, even grossly underage ones.

The fatigue factor for parents trying to navigate your multi-player worlds to get kids back on real terra firma now and then is exhausting. You’ve ‘gamed it’ to your favor, ensnaring as many young players as you can in your corporate web with no way out for parents to extract them. We know it, you know it, and even the kids know it…so let’s not feign profound concern, shall we? 

As Vonnegut would say, “And so it goes…”

Game over.

Critical Thinking On Media Management, Gaming and Ethics

Media Management: Addiction Vs. Agency Pt 1

Media Management: The Context of Control Pt2

Media, Medicos & Critical Thinking: Addiction vs Agency Pt3

War Games Blitz: Halo 4, Call of Duty Black Ops2 Livestream

Gaming Ethics: Are Game Cheats a Misnomer? Pt.1

Kids, Gaming Ethics & Immersive Virtual Worlds Pt2

Community Solidarity: Kids Online, Marketing Cheats Pt3

Clamping the IV Digital Drip: Pt1

Unplug: Digital Detox for Media Management

Media Slave, Reshaping Habits For More Summer Fun

Amy Jussel On Kids Media Mgmt & Childhood Matters Radio

Geolocation: Facebook Places Is It Only ME? Disabling for Privacy



  1. woohoo! An update from Blizzard from those trying to use my account…this is good progress…kudos to their team for trying to plug some holes. Check this out:


    “Dear parent or guardian,

    You are receiving this email because your child has expressed an interest in creating a account, which is required to play games on (such as World of Warcraft and StarCraft II), purchase items in the online Blizzard Store, and use the social features of our online-gaming service. During the account-creation process, your child was asked to provide the email address of a parent or guardian in order to proceed.

    If you would like your child to be able to use a account, you will need to create one for him or her at this website:

    You must create the account in your own name. During the process, you will need to provide an email addresses that will be used as the account name, and another that will receive instructions on how to use’s Parental Controls features. You may use the same email address.

    For more information on these features, please visit our Parental Controls website. If you would like assistance setting up an account or Parental Controls, please contact our Sales, Billing, and Account Services team.

    If you believe you received this email in error, please disregard it.

    Thanks, Account Team”


  2. Welp, it’s been a coupla years, and Blizzard hasn’t figured out security on breaches of “parental controls” yet…just received this in my inbox: (reminder… I DO NOT HAVE A CHILD ON THIS SITE…I’VE INFORMED OF THE ACCT BREACH MANY TIMES…)

    “Dear parent or guardian, We have confirmed your request, made through Parental Controls, to receive weekly World of Warcraft play-time reports for your child’s account:

    Every week, you will receive a report detailing your child’s play time for the week. This report will include the dates, times, and total play time of each gaming session. You can use these reports to keep tabs on your child’s playing habits.

    You can manage Parental Controls for this account at any time by clicking the link below.

    For information on how these controls work, visit the Parental Controls FAQ. Regards, The Team

    If you no longer wish to receive these Play Time Reports, click here. You may be required to log in to Account Management”

    Oh, the irony…not only have I never had an account but the breached one is now gaming the parental controls workarounds too…such a farce. Oh, and when you click the ‘delete ‘ as noted above, you have to log in, with info which of course you don’t have because you’ve been breached, and there’s no way to ‘reply’ to the email to inform them of this, so the breached acct trundles on…with unabashed brazen workarounds…sigh. Farce. Farce. Farce.

Speak Your Mind