Blizzard WoW SC2 Real-ID

Hello world!!

For my very first entry something that has a nice intersection of my interests/passions: gaming and information security - identity management: Blizzards decision to introduce realid (a system that shows your real name when you post on forums as well as when you are playing a Blizzard game such as World of Warcraft or the upcoming Starcraft 2). This is a major (for gamers and infosec people) change from what it used to be which was your handle or character name was displayed only.

Just like sex and humour everything is in the timing, I am not going to rant about the evils of realid because interestingly enough bowing to public / pundit opinions Blizzard has just announced that realid will be scrapped. As people know me would attest though, that is not going to stop me from having an opinion about it and I actually hope that it gets introduced in an improved form.

Kim Cameron who I respect immensely and who I have been a follower of for a while has an excellent post on the topic where he naturally ties it to his laws of identity. I really want to elaborate on my real life experiences implementing identity management systems in enterprises and how they comply with the laws identity but that's for another post.

I have always been a person that loved a debate and would like to think I can see the pro's and cons in most things (even killing baby kittens :). So I would like to say what I liked about this real-id proposal and what I didn't like about it. However I definitely don't sit on the fence on much so there is a thumbs up or thumbs down at the bottom.


  • It had about a 30-40% probability of significantly reducing trolling and silly forum posts - achieving key project objective not bad.
  • It is really handy to be able to know when your friend is online, regardless of the character they play and the game they play
  • As far as I am aware you could still put/change a fake name
  • From a Blizzard bottom line perspective definitely a way to leverage the massive, hugely loyal fan-base for additional monetization as a social network


  • Choice, consent and opting in - turning this on without a public/forum discussion period, a pilot and trial period, not enlisting (or not enlisting the right/motivated) IDM experts to advise or not listening to them. Also not learning any lessons from companies that done this before and got the t-shirt e.g. Facebook. Basically this and probably many other factors, resulted in a draconian system which game users very little choice, options to opt-in/out and that violated privacy and identity principles and alienated their most valuable asset
  • Potential for some very real and practical breeches of privacy and the exposure of a user identity in a context they did not approve or want e.g.:
  • The ability for someone to search on all posts for all posts by someone and then tie that to other identity identifiers that they have revealed with our without their knowledge / consent e.g. social networking sites such as Facebook / linked in or just Google which picks up things like honours and awards from schools, clubs, professional organizations
  • The potential for an in game bully to follow a target across games and characters (already a risk to a degree without real-id)
  • The ability for an employer, girlfriend/boyfriend etc to identify and link a person they know in another context (e.g. work, interview, date) to a Blizzard game profile and behaviour - some would see this as a good thing if you have nothing to hide, you behave properly and you are always "yourself" to everyone in every context. But I'm not so I have a issue with it.
  • Overall: I am glad it was scrapped because it was not designed nor implemented in manner that respected their users nor complied with privacy and identity principles. However I would be disappointed if this is the last we hear of real-id, with the right requirements, design and implementation process Blizzard could achieve their monetary and gaming experience objectives while balancing the user impact. 

Some simple suggestions which many people smarter than me have already made include:

  • don't re-invent the wheel, 
  • align to the identity laws and privacy principles e.g. EU privacy directive, 
  • provide users options such as opt-in/out, delete all posts, which characters and games real-id applies to
  • get user consent for use of their Blizzard identity in the contexts proposed - make this simple, transparent and easy to use and change
  • Comments / contrary views / corrections welcome. If you got this far, thanks for reading.


  1. Come home to Melbourne if you're so free dawg.

  2. My main question around this whole proposal is was it just restricted to people that would be posting on the forums? If so, I don't see any problems with it because posting on the forums is not necessary to playing the game and it's a completely voluntary thing, if on the other hand a gamers "Real Name" was to become visible in the game itself, then that's a different scenario, but that wasn't what was being proposed was it?

    Benjamin Smee

  3. @strerror it was both forums and in game. The idea was that it was voluntary in game where you chose with whom you became real-id friends with. But due to a security / implementation "flaw" it got enabled for everyone and it was complicated to opt out involving setting up parental controls

    Also some snippets from the forums (which got to 2500 pages):
    “…when you click on one of your Real ID friends, you will be able to see the names of his or her other Real ID friends, even if you are not Real ID friends with those players yourself.”

    “…your mutual Real ID friends, as well as their Real ID friends, will be able to see your first and last name (the name registered to the account).”

    “…Real ID friends will see detailed Rich Presence information (what character the Real ID friend is playing, what they are doing within that game, etc.) and will be able to view and send Broadcast messages to other Real ID friends.”

  4. ok so that's just completely botched, which at that points means you can't defend Blizzard. However, I do stand by the call that if it was implemented SOLEY within the forums, I don't see how you can realistically have a problem with it.
    Most of your simple suggestions at this point, just don't apply, as your suggestions are more aimed at implementations that reveal, with no opt out, private information, rather then voluntary participation in a specific forum. The very fact that it is voluntary would negate all the concerns about legality, and that's without openning the can of worms as to WHICH privacy directive would be applicable on the big bad net ;)


  5. I largely agree with what they want to do, here is my supporting argument.... John Gabriel's greater internet fuckwad theory.

  6. @sterror - totally agree if it was just for the forums but I think they have greater ambitions of leverage to become more like Facebook and the social advertising revenue that goes along with that. Hopefully my suggestions and many made by others do make sense for this type of scope.

    @Michael O - love that comic and love penny-arcade



Written by