Patch 5.4 patch notes
Virtual Realms feature revealed
The Proving Grounds are coming
The latest patch 5.4 newsESRB unintentionally exposes email addresses of people who filed complaints over Blizzard's Real ID system [Updated]
by Gregg Reece 
Jul 12th 2010 at 9:55PM
During the recent Real ID catastrophe on the forums, many players decided to appeal to an industry source that might have been able to sway Blizzard to change its mind. These players contacted the ESRB (Entertainment Software Rating Board) as a Better Business Bureau-type middleman in this situation with their concerns. The ESRB itself has championed such causes in the past with its Privacy Online program, which is designed to help companies meet various privacy laws like the Children's Online Privacy Protection Act (COPPA).
Since Blizzard recanted its decision about the forums, the ESRB faithfully followed up with those concerned.
Unfortunately, in that followup email, the ESRB exposed individuals to a new set of privacy concerns.
The letter and more information after the break.
The email reads as follows:
However, it appears as if the ESRB don't necessarily understand the basics themselves. In what could be called a rookie mistake, the ESRB did a Reply All to everyone who had emailed them with concerns, thus unintentionally exposing almost 1,000 email addresses to the other recipients.Thank you for contacting the Entertainment Software Rating Board (ESRB) regarding the policy recently announced by Blizzard Entertainment which would have required participants in its official forums to post comments using their real first and last names, and for expressing your concerns regarding potential privacy implications.
It is our understanding that Blizzard has provided an update announcing that it will not be implementing the above-referenced policy with respect to its forums, and users will not be required to post using their real names. You can read Blizzard's announcement regarding this most recent development at http://forums.worldofwarcraft.com/thread.html?topicId=25968987278&sid=1&pageNo=1.
Separately, if you have questions regarding Blizzard's implementation of its Real ID option -- which by our understanding is unrelated to Blizzard's plans for its forums -- and/or the new capabilities this option offers, they will likely be answered by reviewing the information posted at http://www.battle.net/realid/.
ESRB, through its Privacy Online program, helps companies develop practices to safeguard users' personal information online while still providing a safe and enjoyable video game experience for all. We appreciate your taking the time to contact us with your concerns, and please feel free to direct any future inquiries you may have regarding online privacy to our attention.
Regards,
Entertainment Software Rating Board
I'm sure the irony of the last paragraph in the ESRB's letter isn't lost on anyone.
Filed under: News items, Account Security
Reader Comments (Page 6 of 10)
Rob Jul 12th 2010 11:09PM
Hrm - I must have lucked out? The only e-mail I received from them was sent to me via BCC.
Konoo Jul 12th 2010 11:09PM
I wonder how much that list of names was sold to gold farmers for...
ESRB get a clue
Stardusted Jul 12th 2010 11:09PM
BTW WoW.com - Kudos to you. Doing a quick search on google (web and news searches) showed you as the first source to find and post this story. Seems to be a news story that you broke first.
Leviathon Jul 12th 2010 11:27PM
Or it's just since it isn't that big of a news story.
Stardusted Jul 12th 2010 11:38PM
I beg to differ. Internet privacy has been a growing source of media attention, the Real ID debate for example was in many big name news outlets. Google is in the news daily as of late over internet privacy breaches in Germany and Australia. Same with Facebook.
When people see these "gold" stars that designates a company or product has been certified as secure, safe, private, or anything, people tend to trust that certification. They need to know if the people issuing that gold star aren't living up to their own standards.
People need to ask, "Honest mistake or incredible ineptitude? What exactly are your credentials to be issuing these certifications?" Asking these questions will lead to a better understanding as to what the ESRB is and their goals. Who the people are running the ESRB and why we should trust them. If this story was never reported, these questions might not ever get asked.
If this isn't considered a news story, its only because we have a lazy media.
Leviathon Jul 12th 2010 11:58PM
http://arstechnica.com/gaming/news/2010/07/esrbs-privacy-badge-all-about-best-practices-not-anonymity.ars
Explains ESRB worked with Blizzard to make the RealID system and so in the end it really isn't a big deal. The ESRB works with companies to make sure your stuff is secure internally but doesn't protect your anonymity.
Stardusted Jul 13th 2010 12:21AM
Right...I posted that same link on this same forum about an hour ago. I'm guessing you copy pasted it from my post...
It hardly addresses the sort of questions of ESRB that given their recent behavior we should be asking.
From that very same article:
"This includes addressing issues like what types of personal information can be collected, how companies must handle that information with respect to individuals' right to privacy, and ensuring that people are informed of exactly where and how their information will be used."
So did the ESRB inform all of those people on that email that their information ( e-mail address) would be used on an open mass mailing list? Given the current situation, doesn't that statement just smack of hypocrisy and raise further questions and concerns. If the ESRB can't seem to handle basic e-mail privacy rules, who the hell are they to tell me or anyone that a company is going to respect my privacy?
chilisizzle Jul 12th 2010 11:39PM
The irony is that exposing an email address is 100x more of a "threat" to privacy as making one's real name public and nothing else, which is what the complaints were about in the first place.
John Jul 12th 2010 11:33PM
*cough* And we trust the government to do what????
Sigh. Well it's only how many million dollars a year in taxes?
phoenixblight Jul 13th 2010 12:03AM
Noob. ESRB is not a government agency. It is a system similar to the MPAA which is ran by the industry not the government.
Fryiuer Jul 12th 2010 11:35PM
I'm sorry, but that's what they get for complaining to the ESRB... a faux government agency - about their messageboard.
logicalfundy Jul 12th 2010 11:39PM
Ouch.
Note to ESRB: Don't leave the intern in charge of handling mass mailings.
NecDW4 Jul 12th 2010 11:45PM
HAHAHAHAHA Owned.
Clown Jul 12th 2010 11:53PM
we should all file a complaint to ESRB about ESRBs mailing system :) im awaiting a reply.
whyhellothere Jul 13th 2010 12:02AM
looks like someone wasn't told how to Blind Carbon Copy.
Webwolf Jul 13th 2010 12:05AM
And I am suddenly very glad that I used a fake email for this.
Oriflame Jul 13th 2010 12:14AM
Comprehensive privacy laws and an agency that actually enforces them? Hell no! the US could never make any use of that. Industry self regulates just fine...
Or maybe those of us in the us should write to our senators and congressmen on this topic from time to time.
votesmart.org can give you the email address you need.
Aericyn Jul 13th 2010 1:12AM
Perhaps we can still trust the USPS service?
ESRB
Attn. Director, Privacy Online
317 Madison Avenue, 22nd Floor
New York, NY 10017
My gosh you know being the ESRB I would have thought they would use an automated tool, not an office cube tool...
HallowayC2 Jul 13th 2010 1:14AM
I guess this is what they get for complaining about privacy issues. Kar~ma~
XD
ArrA Jul 13th 2010 1:39AM
hahah awesome!!!