Report: Blizzard Blizzcon APP is spyware(video)

Powerbottom-zuljin · May 4, 2019, 10:49pm

Consent is exactly the point. Contracts / user agreements are not valid if they are entered on a false or illegal pretense. You can’t sign away your rights like that.

Locgar-the-scryers · May 4, 2019, 10:52pm

if you dont consent no badge and no entry.

Sharaesdel-staghelm · May 4, 2019, 10:55pm

Except make a good game. Well, a good game imo anyways.

Powerbottom-zuljin · May 4, 2019, 10:57pm

I know… Can we move past the obvious or does it need to be restated multiple times?

I see a few ways Blizz could be vulnerable to a law suit.

Does the user agreement actually detail everything this app has access to?
One of the data sets the app appears to have access to is the contact list. How many users on that contact list agreed to have their contact info harvested by multiple different companies?
Confidential info like debit card numbers, SS#, back account info has some decent protection laws. If this app is scraping that type of info (which some think it could) that’s beyond a mere invasion of privacy case are likely criminal behavior.

One idiot hitting “I Agree” doesn’t change what is legal and what is not.

Locgar-the-scryers · May 4, 2019, 10:58pm

yep you should read the link from the op.

Shenlong-dathremar · May 4, 2019, 11:00pm

Not from mobile game announcements your not!!

Powerbottom-zuljin · May 4, 2019, 11:02pm

/sigh

It isn’t even completely understood yet what this app will actually have access to when Blizzcon gets here. You don’t seem to understand what you are talking about.

Merridae-aerie-peak · May 4, 2019, 11:06pm

While you went a little ways into it (the pertinent part to be sure) there are more classifications for data than these.

Public - Information that may or must be open to the general public. It is defined as information with no existing local, national, or international legal restrictions on access or usage. Public data, while subject to disclosure rules, is available to all employees and all individuals or entities external to the corporation. Examples include:
- Publicly posted press release
- Publicly available marketing materials
- Publicly posted job announcements
Internal - Information that must be guarded due to proprietary, ethical, or privacy considerations and must be protected from unauthorized access, modification, transmission, storage or other use. This classification applies even though there may not be a civil statute requiring this protection. Internal Data is information that is restricted to personnel who have a legitimate reason to access it. Examples include:
- General employment data (not including data points like SSN, salary, disciplinary actions etc.)
- Business partner information where no more restrictive confidentiality agreement exist
- Contracts

These are often termed work product and can include charts graphs spreadsheets balance sheets agreements contracts (signed and unsigned) and if divulged without authorization could negatively impact the company or other entity in the form of increased regulatory scrutiny media exposure lawsuits and etc.

Confidential - Highly sensitive data intended for limited, specific use by a workgroup, department, or group of individuals with a legitimate need-to-know. Explicit authorization by the Data Steward is required for access because of legal, contractual, privacy, or other constraints. Confidential data have a very high level of sensitivity. Examples include:
- Payment Card Industry (PCI)
- Sarbanes–Oxley Act (SOX)
- HIPPA
- Personally Identifiable Information
  Exposure of this data without explicit authorization will lead to lawsuits, increased regulatory scrutiny, fines, and (depending upon how and what was exposed) possible criminal convictions and the potential for felony prison time.
Regulatory Data Classification - Information that’s protected by statutes and regulations, and governed by a regulatory body or council regarding the investigation, response, reporting and handling of incidents. Regulatory Data is sensitive in nature, and access is restricted. Disclosure is limited to individuals on a need-to-know basis. Examples include:
- Must be protected to prevent loss, theft, unauthorized access, and / or unauthorized disclosure as dictated by the regulating body or council
- Must be destroyed when no longer needed. Destruction must be per the body or council data policies
- Will require specific methodologies, procedures and reporting requirements for the response and handling of incidents
  Regulatory Data Classification Examples can include Industry standard regulated data via federal corporation standardization bodies or Federal Law Enforcement or Regulatory Organization such as:
  - Fanny Mae
  - Freddy Mac
  - National Electrical Regulatory Corporation (NERC)
  - SEC
  - FBI
  - CIA
  - NEST
  - NSA etc.
    Revealing Regulatory Data Classification Data without specific declassification and authorization through appropriate congressional oversight can earn the offender up to life in prison and tens of thousands of dollars in fines for the likes of Obstruction of Justice, Espionage, Treason, at an individual level and at a company level could result in loss of charter, fines, delisting, seizure of assets.

Now looking at what AXS app asks you to agree to allow them to access would mean that likely if you worked for say Edison Electric or Westinghouse or a mortgage servicer or as an analyst for a financial firm with access to account information, Blizzcon would not be something you would be able to attend this year using your mobile phone (most of these companies allow employees to do Air Watch to Email or similar to get work emails on their personal devices and this sounds like it would violate those restrictions).

There is a lot of data out there and folks who download that AXS App should be aware that downloading that app might not be the best idea that ever came across the table.

Is it Probable that some engineer at a Nuclear Power Generation plant would go to blizzcon and have his data compromised to the point that someone gains access to information that could be used to cause a SCRAM? Doubtful. Is it possible? Yes. If that doesn’t emphasize the seriousness of this potential cluster then I really do not know what will.

Locgar-the-scryers · May 4, 2019, 11:06pm

read the op’s link everything you want to know is there.if you dont want to read it its on you.

Davrille-moon-guard · May 4, 2019, 11:10pm

Yup, because I no longer have that phone. XD

Powerbottom-zuljin · May 4, 2019, 11:11pm

Except actually seeing the final version of the app that will be used, smarty pants. Still got 6 months before Blizzcon. That app used will likely have an update or two. Given the backlash seen already, it could be completely overhauled or scrapped.

So no, not “everything” is in that link, is it??

Argronak-queldorei · May 5, 2019, 12:12am

Implying there were Saints until now…

Kelgar-the-scryers · May 5, 2019, 12:12am

vote with your wallets its the only power the public has.

Alfgerdhr-moon-guard · May 5, 2019, 12:41am

…and all the contact info that went with that number also magically disappeared, as well?
Oh, the amount of sweet summer children here today.

Wigglytüff-stormrage · May 5, 2019, 12:46am

I’m not sure how a company requesting billing information so that you can pay for a service/product they’re providing constitutes “criminal behavior”…

Alfgerdhr-moon-guard · May 5, 2019, 12:54am

Which company would that be?
Blizzard? They already have that info otherwise how to play this game?
The ticket app themselves, as a company? All they do is sell/lease their software to customers who want to sell tickets: they are just the medium, in this matter.
so if this admittedly third party acquires and then uses our info, gained through the auspices of Blizzard, then yes there could be cause for concern.
And charges.

Noctyth-stormrage · May 5, 2019, 12:56am

you can buy pretty cheap prepaid smartphones just for the event.

Kurinia-zuljin · May 5, 2019, 1:04am

I use the dongle authenticator. Problem solved.

Rhielle-sentinels · May 5, 2019, 1:11am

Definition of spyware

Spyware is software that is installed on a computing device without the end user’s knowledge. Any software can be classified as spyware if it is downloaded without the user’s authorization. It is installed in a computer without the user’s knowledge and transmits information about the user’s computer activities over the Internet.

The app isn’t spyware, people. You download it, you agree to use it. The app isn’t secretly installed. Terms of service tells you everything it does.

Do people forget FB and Google and Apple and many others have all of this info, too?

If you don’t want your info sold, then use the support kiosk at Blizzcon to get your passes without a phone.

Qubert-proudmoore · May 5, 2019, 1:18am

Not reading all of this. Just in case no one pointed it out.

If companies didnt sell your info they would have to charge, or charge more depending on the company. You want to use google for free? If so then deal with the sharing of info. Same with many companies.

Most of it is harmless anyway. Google remembers i like playing WoW. So i get info on new games, and so on. System generally works great for all parties. I get info i want or may want, and the companies may get a sale out of it.

I have seen the down side. Give the wrong people your info and your email gets flooded.