POL System Scan Privacy Issues? OP Updated 5:39am EST Mar 9Follow

I am, for the record, an American citizen living in Canada.

I like to think that I have some very sound ethics and ethical beliefs.

Among those I wholeheartedly believe I have the right to my privacy, that neither the government nor any business has any right to dig through my belongings, virtual or not, for any purpose you can concieve, without my consent.

If they'd bothered to disclose this in their policy (again, see Blizzard's WoW policy), I'd be fine with it.

Disclosing it means that it's then my responsibility read the (hypothetically, in this instance) updated policy, and then to agree with it and log on, or to not agree with it, uninstall their software, and cancel my account.

As the policy was not updated, and this action was not disclosed, I was given no choice in the matter.

If true, this is truly incredible. Nice work OP. It's a HUGE violation of privacy to scan running processes on a computer without disclosing that such scans occur, or without disclosing the precise nature of the information gathered from such scans. Of course, SE has every right to scan and record all data that you send them from your computer, not to mention the data involving you on their own network. But to assume that they can scan and monitor all running applications on your computer, and then associate the results of such scans with particular individuals, is not only likely inconsistent with the privacy laws of California, but probably just about every other State in the US, and most countries in the Western world.

For precisely this reason, I'm surprised that SE would leave themselves so vulnerable to crippling civil litigation. My gut feeling is that you are incorrect: they probably just monitor all data sent back and forth between your computer and their servers, but, if you're correct, then they might want to slap their lawyers in the head and ask them to start doing their jobs.

It's good that you got the privacy commissioner involved in CA, but I might also suggest contacting your member of the State Assembly (who could embarrass them publicly or contact the Justice Dept), as well as some privacy interest groups who have the resources to get more attention than a lone individual.

...if this is indeed a violation of the privacy laws in California (I know nothing about CA law), then SE at the very least needs to hear that they aren't covering themselves too well in the event of a future civil suit (read class action, god Forbid, if anything malicious were to happen to this information).

Good job OP.

And SE doesn't need to scan running processes on your computer to detect cheating. If you can manipulate it on your computer and SE doesn't want you to manipulate it, then they should move that information server-side. If it's already server-side, then recording the data from and to your computer is more than enough to detect abnormalities--but to conclude, I'm quite confident that this is how they manage cheat/hack detection in any event.

Oh, and Pornography isn't even close to the only application that people run that they might not want other people to detect, let alone be able to associate with a particular name, address, age, phone number and credit card number.

Lastly, the airport security comparison fails for the simple reason that one involves an unnecessary intrusion to detect cheating in a video game, and the other involves a necessary intrusion to prevent plan hijackings/bombings etc. In cases such as these, the common legal standard involves a comparison of the gravity of the violation, the necessity of the violation, and the purpose of the violation. That said, I agree with Sioux that the cameras in your house analogy is unfair as well.


Basset



Edited, Mar 8th 2007 2:51pm by basset

I edited my post above. But seriously, Erawyn, look at my sig, if I didn't miss the point at least sometimes I'd have to remove it.

I'd have picked "OMGWTFBBQ" or "shock" before I'd have picked "outrage" to describe my anger :P



Me too, apparently :D

EDIT: I did want to comment on this tho


It's a decent analogy, but you're right, it is lacking.

So I vote we replace it with "You're renting an apartment, and the owner decides to install a camera in your apartment without telling you, then takes a picture every time you enter your apartment."

I haven't run POL longer than it took to reread the policies since before the update, and I don't really intend to play until they update their policy. (Kind of sitting at wait and see. Would be easier if I could just casually say "Hey guys, respect our privacy rights and disclose now and in the future and I'll keep tossing you my $13, k?")

Edited, Mar 8th 2007 4:57pm by Arketa

Please scan the letter once you receive a copy. I'm sure many of us would like to see it.

By the way how did you determine that POL was scanning? I haven't ran POL since the update (still at work), did something tip you off?

The only thing i'm afraid of right now is if their scan isn't "Built well"....like, say you have a 3rd party program running, but the scan will only send this information back as "3rd Party software"...

Then again, i don't know...i'm just a little worried that if i have limewire running music if it'll confuse that with windower in the process. Hmmm....i really hope not....i'm an actual legit player ><.

ZOMG SE isn't doing anything to stop RMT, botters or 3rd party hackers.
ZOMG why is SE even trying to stop them with updates, they'll just adapt and be back in ten minutes.
ZOMG SE tried to stop them and the changes affect my <mining, quest, crafting, income, farming habits, etc> so now I'm pissed.
ZOMG SE shouldn't nerf anything, they should just ban all RMTs, botter and hackers and I don't care if they can't figure out who they are, they should just know!
ZOMG SE made the missions too hard and take too much time.
ZOMG SE made the missions too easy and now everyone can do them and I'm not as cool as I used to be.
ZOMG SE is scanning my processor list to find hackers onto their system and they didn't tell me. I hate them ONLY becuase they didn't tell me.

Okay the last one I'm actually on the side of players - but I think we can cut SE a little slack because:

A) SE is probably going to release an update of the TOS to take into account this new action.
B) SE is doing so much to meet everyone's needs that I think we can cut them a little slack.
C) It's possible their legal team is still drafting the updates. It's possible that they just didn't post the update yet.
D) Considering how much WIN this update had, we should be willing to give them the benefit of the doubt.

I started my update around 3pm EST yesterday, it didn't complete until around 10pm EST (my connection is teh poopy for big downloads - they get speed capped after a short time >:( grr), so I got bored.

Then someone posted this and I thought "haha another thread about 'In Soviet Vana'diel, FFXI hacks you!'" hell, a few posts in IN says he sees it every update, then some seeming conspiracy nut comes in and talks about SE keylogging you, and I even posted a picture of the 'suspected' ZOMG Super Secret Key Logging Program.

Haha, fun and games, right?

Anyway I was too tired last night to want to play so I went to sleep, woke up this morning, had a Dr Pepper browsed some websites, remembered the bit about the whole scanning thing and went "I wonder..."

Mostly I figured the screencap of ProcGuard was a photo manip. So, I blocked everything I had running from being read, and ran pol, and sure enough, pol seemed to care that I was running MSN, Thunderbird, Photoshop, and IE, none of which have a damn thing to do with FFXI.

But that doesn't mean anything, mind you. I mean, for all I know, it's scanning PIDs to make Windows ensure that it's running properly.

But still being a curious kitty and stubbornly unwilling to comply with Occam's Razor (and possessing more than my fair share of free time), I phoned POL and straight up asked.

I asked if pol.exe was scanning my processes, and was told yes, it was scanning processes and virtual memory looking for third party applications. At which point we get to the OP-OP I made above & me saying "but that's against the policy"

So, in short: about 1% suspicion based on other users' posts, and 99% me asking outright.

"Yes, Mr. Corporation, I am willing to bend over and grab my ankles while you thoroughly violate me because a) you lack foresight b) you have an iota of customer service set up c) you're lazy and/or have lawyers who weren't pushy enough to make sure you had your *** covered before you stuck it our there and/or d) you updated your game."

Pardon the sarcasm here, but when the entire US lacks any firm, well drawn out legislation regarding your privacy rights (and otherwise) in the digital world, I'd prefer that, 20 years from now, we not all be screwed over because people like you didn't want to speak up over a violation because of "how much WIN this update had".

I think while SE probably means well, the fact they are trying to hide it bothers me. It bothers me a lot. While I mostly play on PS2, I do have a copy of the PC version, one of which is installed on my work PC with confidential data.

If they scan processes now, and nobody says or does anything, whats to stop them from scanning files on your PC? on your network? What if they look at your web browsing history to find what sites you visit, get email addresses from your address books, and sell the information? What if the data they collect gets hacked? What if their collection method gets hacked?

I'm not saying that any of this will happen, but it's all definately possible, and by not speaking up now, you make it easier for them to do it in the future.

The road to hell is paved with good intentions.

EDIT : I'm leaving the following post up, but be aware that i had started writing it before the OP had posted up his complete story :) The confusion was worked out on page 2.

I've been keeping up with this thread, and don't think i saw anyone mention any facts backing up that SE is doing this at all. the OP just started off with a phonecall to SE about privacy, he didn't really tell us what tipped him off. An no tech-savvy people have come on here saying "I checked and it's there, monitoring indeed" along with info on how to see the proof yourself.

I duno this thread is definitely one to watch, but I still have a nagging suspicion that this is just a SE representative's BS statement (just agreeing with whatever you ask to get rid of you) blown outa proportion. What hapened to this week's "Pics or it didn't happen" theme? I'd like some kind of substanciation that this scanning thing is hapening at all.

Point is, someone tech savvy check for this monitoring and report back! And OP if you did mention finding some kind of proof please point me to it cuz i missed it.

Edited, Mar 8th 2007 5:36pm by RattyBatty

Edited, Mar 8th 2007 6:14pm by RattyBatty