Researchers Shine Spotlight on OS X/iOS Masque Attack

Researchers at FireEye on Monday made public the existence of the Masque Attack, which threatens iOS and Mac OS X operating systems.

Their report comes one week after Palo Alto Networks reported its discovery of WireLurker.

Masque Attack exploits a flaw in Apple’s OSes that allows the replacement of one app by another so long as both apps use the same bundle identifier.

All apps, except those preinstalled on iOS, such as Mobile Safari, can be replaced. The fake apps can access the original app’s local data, including log-in tokens.

Among other things, they let attackers log into and loot victims’ bank accounts.

The attacks work because iOS does not enforce matching certificates for apps with the same bundle identifier.

FireEye researchers verified the vulnerability on both jailbroken and regular iOS devices on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta.

Attackers can leverage the vulnerability through wireless networks or USB ports.

“Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks,” said FireEye researchers Hui Xue, Tao Wei and Yulong Zhang in a blog post.

Masque Chicanery

The Masque Attack tricks victims into installing malicious apps that have attractive names such as “New Angry Bird.”

Users are exposed when they download apps from third-party app stores or corporate app stores, ignore the “Untrusted App” warning that pops up when such an app is opened, jailbreak their iOS devices — or set the “Gatekeeping” feature on their Macs to “Anywhere,” nullifying its protection.

WireLurker uses a limited form of the Masque Attack to hit iOS devices through their USB ports, FireEye’s researchers said.

“For WireLurker to deliver its payload, the user must install untrusted applications on a Mac; for Masque, an iOS user must install an enterprise provisioning profile,” said Joe Abbey, director of software engineering at Arxan.

“In both cases, the user may be incentivized to trust the malware,” he told TechNewsWorld. “Either they are offered free pirated software or otherwise misled to accept a certificate.”

The Masque of the BYOD Death

Masque is especially dangerous in enterprises that have BYOD policies; IT cannot distinguish fake apps from original ones because both use the same bundle identifier.

Further, attackers can use Masque Attacks to bypass the app sandbox and get root privileges by attacking known iOS vulnerabilities, FireEye warned.

“The most disconcerting part of this attack vector is the insider risk,” Arxan’s Abbey said, adding that insiders can install malicious apps unknown to the end user.

Owners of BYOD devices should “strongly consider the option of disabling provisioning profiles until Apple can address this risk,” he recommended.

A Brief History of the Masque Attack

The FIreEye researchers discovered the Masque Attack in July and notified Apple about the vulnerability July 26, they said.

Apple has yet to respond, they claimed.

WireLurker and the Masque Attack “are another example of the sophistication and automation of attacks that are growing inexorably into the future,” Steve Hultquist, chief evangelist at RedSeal, told TechNewsWorld. This highlights the need for automated proactive prevention.

To avoid malware such as WireLurker or the Masque Attack, users have to refrain from installing apps from sources other than the official App Store or their own organization’s app store. They should not install apps from third-party Web pages. Further, they should click on “Don’t Trust” and uninstall an app immediately if they see the iOS “Untrusted App Developer” alert.

Users can check the enterprise provisioning profiles on their iOS 7 devices to see whether apps have been installed through Masque Attacks. However, iOS 8 devices don’t show provisioning profiles of apps already installed, so users need to take extra precautions.

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it’s all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon’s Law still hold true? You can connect with Richard on Google+.

Americans have ‘no control’ of data
12 November 2014Last updated at 15:01

By Jane WakefieldTechnology reporter

Survey fact about most sensitive data

The vast majority – 91% – of Americans believe that consumers have lost control over how personal information is collected and used by companies, according to a survey.

A further 80% also felt that Americans should be concerned about government surveillance, Pew Research suggested.

It looked at attitudes to privacy and data in the wake of Edward Snowden’s allegations about government snooping.

One expert described the findings as “unsurprising”.

The high level of media attention given both to the Snowden allegations and to large-scale data breaches among well-known US brands means concerns about privacy are at an all-time high, according to report author Mary Madden.

“There is both widespread concern about government surveillance among the American public and a lack of confidence in the security of core communications channels,” she said.

“At the same time, there’s an overwhelming sense that consumers have lost control over the way their personal information is collected and used by companies.”

Since contractor Edward Snowden began leaking details of the surveillance programs used by the US National Security Agency (NSA) and the British intelligence agency GCHQ, firms have sought to reassure customers that their personal data is safe.

Some, including Microsoft, Yahoo, Apple and Google, have promised higher levels of encryption for personal data to make it harder for governments to snoop.

Delicate balance

Graphic about lack of confidence in firms handling personal dataThere is very low confidence in the way firms handle data, according to the survey

The survey suggested that most customers remained suspicious of how companies used their data.

Some 80% of respondents who use social networking sites said that they were concerned about third parties such as advertisers or businesses accessing their online data.

Fewer, although still a significant number – 70% – were concerned about the government accessing the information they shared on these sites.

Large numbers – 64% – said that it was up to government to regulate the way advertisers accessed data.

Consumers indicated that they were pretty savvy about the delicate balance between privacy and access to services.

More than half (55%) agreed that they needed to share information about themselves in order to have free use of online services.

But the majority (61%) were not buying the idea that online services were made more efficient because of the increased access they had to personal data.

When asked what communication medium respondents felt was the most secure, the winner was the landline phone – although only 16% said they felt “very secure” using it to share private information with another trusted person or organisation.

Most and least secure communications graphic

Social media sites were regarded as the least secure, with only 2% saying they felt “very secure” using such services.

“People’s perceptions of privacy are varied but there are universally low levels of confidence in the security of communication channels,” said Ms Madden.

The survey, which recorded responses from more than 600 people, is taking place over the course of a year to chart changing attitudes to privacy.

The next survey, due next month, will look specifically at attitudes to how information is stored and secured and the following one will focus on behavioural changes in the post-Snowden world.

There is already evidence that people are considering changing the way they secure their personal information, with 61% claiming they would want higher levels of protection for their data.

“People aspire to do more – to use encryption or other tools to secure their information,” said Ms Madden.

Security expert Bruce Schneier said that the survey results were “unsurprising”.

“We know that people are concerned about privacy but we also know that they don’t think about it when they are sharing data on Facebook because we have to socialise,” he said.

“People give Google their data and share on Facebook. Surveillance is the business model of the internet. Google knows more about what you think about than any other company on Earth.”

He is also sceptical that people will turn to technology to solve the problem.

“People want legislative change rather than technology tools. People tend to do what is easy.”

Pedal power charges smartphones

A bike ride and a low cellphone battery helped launch a business for a group of teens in Sweden. The young entrepreneurs didn’t have much experience in electronics, but with some help, they have created a device that uses the spinning wheels of a bike to charge a cellphone.


Spinning Power UF, the name of business, is the brainchild of Philip Zachrison, 18, from Ängelholm, Sweden.  Zachrison, along with four of his classmates, recently won 4,000 Swedish Kronas ($550 dollars) in a “Shark Tank” style competition in his hometown. Although it doesn’t seem like much money for a startup, the group thinks the win and the cash boost will help launch their company, which is already being approached by other businesses looking to produce the charger.


“It’s exciting. Mainly because it’s real life, it’s no longer just a vision, it’s happening, we’re working and we want to do the best that we can,” said Zachrison.


“The Charge Up,” as Zachrison is calling it for now, was created as part of a school project where students create a business and run it for one year. With the success Spinning Power UF has had and the excitement generated by the product, Zachrison said he may try to keep it going beyond the one-year mark.


“If it’s possible, I would continue running the company. It’s be fun to see how far it could go,” he explained.


Although the device isn’t necessarily a new idea for bike enthusiasts looking to charge their smartphones, the group hopes that its design will be cheaper and simpler to use than some other commercially available bike phone chargers.


“We know there are similar products. The difference is mainly the price, we’re going to aim to be as cheap as possible,” said Zachrison. However, he doesn’t yet know what the device’s price will be.


The U.S.-designed Atom bike phone charger from Siva Cycle has a removable battery pack for power when not riding. It costs $129 and is now available to order after a successful Kickstarter campaign. But unlike the Atom, The Charge Up would only power the phone when the bike is moving and does not store energy in a battery pack. Zachrison hopes that will cut costs on production and make it a cheaper option for bikers.


Zachrison said that the group’s product won’t need complicated installation, adding that users can put their phone wherever they want on the bike.


“It doesn’t have to be stationary on the bike. It will only charge when you’re biking, that’s why it’ll be cheaper,” he explained.


The Charge Up needs the bike to be moving at roughly 3 miles per hour to generate enough electricity to charge the phone. It outputs the electricity as 5V/1A, the specs smartphones need.


But speed demons won’t be able to charge their phones any faster than casual riders. As long as the bike is going above 3 miles per hour, Zachrison said it would take around four and a half hours to fully charge a phone.  He also said the charging time can depend on the phone and condition of the battery.


Zachrison said that the group’s product will be compatible with smartphones from all over the world. The only requirement is that the phone’s USB cable has to plug into the USB port of The Charge Up.


“We’re looking at two types of customers; those biking regularly to and from work, and the other bikers on long rides through Europe, Sweden. Those who obviously need to charge devices along the ride,” said Zachrison.


For Spinning Power UF, all that’s left to figure out is the plastic casing. The electrical and technical aspects have been nailed down and now they need to design the device’s exterior. Zachrison said they hope to have that figured out by the end of November.


While Spinning Power UF’s prototype looks promising, if nothing else, Zachrison said the students from the business project hope to make contacts with other companies before heading off to a university or the workforce.  He said it’s been a great experience for the team to learn how to build a business and get a taste of what it’s like to run a start-up company.


“It’s amazing we get the chance to do this, not everyone gets this chance,” said Zachrison.


The next step for Spinning Power UF is to get the device into production and onto the shelves. “We’re going to try to sell as much as possible,” Zachrison noted. “Hopefully we’ll have some positive feedback.”



Lauren Blanchard is part of the Junior Reporter program at Fox News. Get more information on the program here and follow them on Twitter: @FNCJrReporters

Microsoft patches ’19-year-old’ bug
12 November 2014Last updated at 12:44

By Dave LeeTechnology reporter, BBC News

Rusty padlockMicrosoft’s Schannel protocol is the latest secure standard to be affected by security woes

Microsoft has patched a critical bug in its software that had existed for 19 years.

IBM researchers discovered the flaw, which affects Windows and Office products, in May this year – but worked with Microsoft to fix the problem before going public.

The bug had been present in every version of Windows since 95, IBM said.

Attackers could exploit the bug to remotely control a PC, and so users are being urged to download updates.

Microsoft has addressed the problem in its monthly security update, along with more than a dozen patches to fix other security issues, with a further two to be rolled out soon.

In a blog post explaining the vulnerability in depth, IBM researcher Robert Freeman wrote: “The bug can be used by an attacker for drive-by attacks to reliably run code remotely and take over the user’s machine.”

In computer security, a drive-by attack typically means making users download malicious software.

The bug had been “sitting in plain sight”, IBM said.

The vulnerability – dubbed WinShock by some – has been graded as 9.3 out of a possible 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.

Six figures

One of the other bugs affects Microsoft’s Windows Server platforms – putting the security of websites that handle encrypted data at risk.

Specifically, it relates to Microsoft Secure Channel, known as Schannel, Microsoft’s software for implementing secure transfer of data.

Schannel now joins the other major secure standards – Apple SecureTransport , GNUTLS, OpenSSL and NSS – in having a major flaw discovered this year.

Heartbleed logoThe bug has been likened to Heartbleed, a major security issue also affecting secure data transfer

Security experts had compared this latest flaw to other significant problems that had come to light this year such as the Heartbleed bug.

However, they added that while its impact could be just as significant, it might be more difficult for attackers to exploit.

As with Heartbleed, the exploit relates to vulnerabilities in the technology used to transfer data securely – known as SSL (Secure Sockets Layer).

Potentially ‘disastrous’

There is no evidence the bug identified by IBM has been exploited “in the wild”, but now that a patch has been issued and the problem made public, experts have predicted attacks on out-of-date machines would be “likely”.

The bug would have probably been worth more than six figures had it been sold to criminal hackers, the researchers added.

Gavin Millard, from Tenable Network Security, said the fact there had been no known attacks yet should not dampen concerns.

“Whilst no proof-of-concept code has surfaced yet, due to Microsoft thankfully being tight-lipped on the exact details of the vulnerability, it won’t be long until one does, which could be disastrous for any admin that hasn’t updated.”

Follow Dave Lee on Twitter @DaveLeeBBC

US ‘to delay’ vote on net neutrality
12 November 2014Last updated at 12:07

People protesting about net neutrality rule changesHints that the FCC was considering allowing “fast lanes” for some internet traffic caused protests

US watchdog the Federal Communications Commission (FCC) will delay a decision about how it governs the internet until 2015, it is reported.

The debate over net neutrality, the principle that all traffic on the network be treated equally, has intensified in recent days.

President Obama has said this week that he wants the FCC to impose strong rules to protect net neutrality.

Service providers said they would fight moves to impose stricter regulation.

FCC press secretary Kim Hart confirmed to the BBC that the decision on the issue will be put off until the new year.

“There will be no vote on open internet rules in the December meeting agenda. That would mean rules would now be finalised in 2015.”

Earlier the FCC had said that it would make a decision by the end of the year.

The debate hinges on whether service providers should be allowed to charge some net firms in order to prioritise their traffic on the network.

Internet service providers (ISPs) argue they should be allowed to charge more for data-heavy services such as Netflix but net advocates say that doing so would undermine the principles of a free and equal internet for all.

Many ISPs were stunned when President Obama made a statement urging the FCC to reclassify them so that they could be regulated more like other utilities.

“Net neutrality has been built into the fabric of the internet since its creation,” the president said. “We cannot allow ISPs to restrict the best access or to pick winners and losers in the online marketplace for services and ideas.”

The FCC has received four million public comments urging the same.

In response, the telecommunications industry said that it would lobby the FCC not to go down that route and is willing to go to court if that does not work.

“We are stunned the president would abandon the long-standing bipartisan policy of lightly regulating the internet,” said National Cable and Telecommunication Association president Michael Powell.

The new rules are yet to be written but the FCC has hinted that it is paving the way to allow some traffic to be prioritised.

FCC head Tom Wheeler is seen as keen to pacify huge internet providers such as Comcast, AT&T and Verizon.

The Washington Post reported that he told a group of internet firms that he favoured a more “nuanced” solution than the one proposed by President Obama.

The need for the new rules came about following a legal challenge from Verizon which the court ultimately agreed with. While the court did not disagree with the need to protect net neutrality, it questioned the FCC’s legal approach.

Yahoo snaps up BrightRoll for $640m
12 November 2014Last updated at 02:34

YahooYahoo buys Brightroll for $640m to focus on video ads

Technology giant Yahoo said it will buy digital video advertising service BrightRoll for $640m (£402m).

The move would allow Yahoo to grow its video advertising platform, “making it the largest in the US”, the firm said.

BrightRoll does automated online video advertising for some of the world’s biggest brands and its net revenue is expected to exceed $100m this year.

A jump in video advertising would also help offset Yahoo’s slowing growth and boost declining display ad revenues.

“Here at Yahoo, video is one of the largest growth opportunities, and BrightRoll is a terrific, strategic and financially compelling fit for our video advertising business,” said chief executive Marissa Mayer in a statement on Tuesday.

Last month, Yahoo had reported that its third quarter revenue from ads fell by 5% from a year earlier. It has struggled to keep up with rivals like Google that have seen ad revenue grow by 17% in third quarter from a year ago.

The acquisition is also Yahoo’s first major purchase since receiving $9.4bn in September from selling part of its stake in Chinese e-commerce giant Alibaba.

News of the takeover comes after reports in October that said Yahoo was close to investing millions of dollars in mobile messaging startup Snapchat.

Are we ready for the ‘infosphere’?
12 November 2014Last updated at 00:16

Peter DayArticle written by Peter DayGlobal business correspondent

Luciano Floridi

Luciano Floridi is an Oxford University academic with an intriguing title: professor of philosophy and ethics of information. He works at the Oxford Internet Institute.

Prof Floridi has just written a book which takes a wide view of the great connectivity disruption of our times.

It is one of an interesting new handful of thoughtful volumes about technology which are a welcome distraction from that torrent of how-to-do-technology business books that have dominated publishers’ output until recently.

Prof Floridi’s book is called “The 4th Revolution: How the Infosphere is Reshaping Human Reality”. It is noteworthy because of the way he widens the high-tech horizon.

He applies big and perhaps timeless thoughts to something that is often merely talked about as baffling change.

Start Quote

The fundamental question addressed by Professor Floridi’s book is: What are we doing with all this personal and corporate computer power?”

End Quote

Something really important is happening – he says – to who we are and how we relate to each other, and the environment we inhabit.

This sort of profound change does not happen very often. Prof Floridi attempts to put it into a long perspective.

Plummeting prices

Early on in the book, there is an eye-catching diagram taken from the Hamilton Project at the Brookings Institution, a US think tank. It demonstrates how dramatically the cost of computing power has fallen over the past 70 years.

The Hamilton Project graph uses the standard measurement of computer performance: Mips, millions of instructions per second. The 2010 iPad2 (now outdated, of course) worked at 1,600 Mips.

An EAI TR-20 computer from the early 1960sEarly computers were light on processing power

The same computer power in the 1950s would have cost $100tn (£63tn) if it had been possible to yoke together a sufficient number of Univac or IBM mainframe machines. The 2010 cost of an iPad2? Roughly $600.

This extraordinary diminution in the price of computing is the other side of the famous roadmap for the semiconductor industry produced 40 years ago by Gordon Moore of Intel, the company which pioneered and dominated the evolution of the silicon chips that powered personal computers.

Gordon Moore noted then that thanks to manufacturing refinements, the computer power on a single chip was doubling every two years. It still is. This phenomenon provides the motive force for a continuing social and industrial revolution.

History lessons

The fundamental question addressed by Prof Floridi’s book is: what are we doing with all this personal and corporate computer power? And what is it doing to us?

This is a big theme. In the professor’s world, history itself is synonymous with the Information Age. That began a long time ago, with the invention or writing in Mesopotamia around 5200BC. From that moment on there were systems that could record events for future consumption.

This meant that it was possible for lessons learnt by one generation to be passed on more easily to the next. This was the very beginning of the Information Age. What happened in Mesopotamia and the city of Ur moved us from prehistory to history.

Graph showing the falling cost of computer power

But – says Prof Floridi – we are now entering a third age of human development. We have moved from being information-related, to being information-and-communications technology dependent.

We have moved into the “infosphere”.

Out of this come a series of big questions. But why should we ask a specialist in philosophy to tackle them? Here’s why, says Prof Floridi: We need philosophy to grasp better the nature of information itself.

We need it to anticipate and steer the ethical impact of information and communications technologies on us and our environment. We need it to improve the economic, social and political dynamics of information.

And – he says – we need philosophy to develop the right intellectual framework to help us give meaning to, and make sense of, our new predicament.

Man using an Apple iPadToday’s tablets have many times more power than the huge early mainframe computers

“We need a philosophy of information as a philosophy of our time for our time,” he says.

This may sound highfalutin’, but in a very elegant way it draws attention to just how different the 21st century is going to be. And how unpredictable.

Advanced societies are growing more and more dependent on information and communications technologies. Processing power is going to continue to get cheaper and cheaper. And the amount of data is going to reach unthinkable quantities.

Amid all this change, there are one or two familiar and remaining constraints, says Prof Floridi: time (the speed of communications) and space – the sheer need for more and more storage capacity for all this processed data. Both are lagging behind.

The professor puts this new historical situation under the scrutiny of philosophy. It is far too early to come to conclusions about where the new connectivity in cyberspace is taking us.

But his book has pointers to the questions we ought to be asking, in business and in civil society. For better or for worse.

Who owns our mobile health data?
12 November 2014Last updated at 00:12

By Ian RoseBusiness reporter

two sets of legs jogging

Gadgets that track your steps, sleeping and heart rate could help us live longer and cut national healthcare costs by billions – or so we are told.

Microsoft has just launched its first wearable health gadget, the Band, in the US ahead of its global launch.

Similar products from Samsung and Google are already on the market and early next year the much-hyped Watch from Apple will go on sale.

Millions of us are going to be having our most intimate bodily functions monitored by these gadgets, creating more health data than has ever existed before.

Why do these machines help us stay fit and more importantly what happens to all that information we are generating and sharing?

Tim Cook introducing the Apple WatchApple will soon follow Microsoft and Google into the mobile health device market

Massive market

Before the giants of the tech world realised that wearable, health-focused gadgets were the new big thing the market was already thriving.

In March the European Commission published its green paper on mobile health, which contained some mind-boggling statistics.

It suggests that 97,000 apps are on sale in the mobile health sector, which includes tracking apps but also apps that help patients make appointments and keep track of medication.

It predicts that by 2017 more than 1.5 billion people around the world will be using these apps, generating total revenues of £14.5bn ($23bn).

In the EU alone it is estimated that these apps and gadgets could reduce health costs by £77.5bn (99bn euros).

Sector pioneers

Most of the growth has come from start-ups that saw the potential early and now face a competitive onslaught from the big technology companies.

Five years ago French firm Withings launched its wireless scales – the device feeds data back to you, by plotting a graph of your weight over time.

“It started with the scales because we thought that was the one dimension that would make sense for people to track,” Julien De Preaumont, chief marketing officer at Withings, says.

“The first rule of data is to make people aware of their health to make them realise how their weight is evolving.

black wireless scales by WithtingsThe wireless scales by Withings uses data visualisation to help dieters lose weight

“The curve reveals the impact of life changes, it will show how a divorce, a diet or a new job will affect your weight.”

After the scales took off, Withings launched wearable gadgets that track your movement, heart rate, blood pressure and sleep.

The company maintains that the data it collects belongs to the user only.

But it has published reports revealing the most obese cities in France and the US, as well as another study showing sleep patterns across Europe.

Withings says this does not compromise the privacy of the individual user’s data because it is aggregated and anonymised.

Business games

While Withings has grown to be a global business, US firm Fitbit has also seen its business thrive beyond its borders.

Founded in 2007 Fitbit offers wireless scales, wearable devices that monitor movement, heart rate, sleep and blood pressure, and is evangelical about the motivating power of targets and data on our health.

Fitbit also offers companies its gadgets and software for corporate use.

Its “corporate wellness” scheme started in the US and companies can use the scheme to get a rebate on their taxes.

A screengrab from a Fitbit challengeGames and challenges can be used to motivate people to compete against each other

Clients so far include blue-chip multinationals such as BP and Time Warner.

Employees can sign up and different divisions can compete against each other over the number of steps taken or stairs climbed.

“The key is to make the product sticky,” says Gareth Jones from Fitbit, and the key to that is gamification.

“Our software incorporates challenges like daily showdowns and weekend warriors which motivate people and keep them coming back.”

But should employees be worried about sharing their every movement, 24 hours a day with a corporate scheme?

“We don’t have data about this, it’s very much a choice of the individual as to whether they sign in for the programme. We see the result of that as purely the people who agree to participate and the people who don’t,” says Mr Jones.

“We might share with the corporate administrator information that 50 people have been invited and 45 have said yes. How the company uses that information is up to the company.”

‘In the hands of the people’

The potential of all the data that is now being collected is huge, both for business and for public health bodies.

Imagine going to the doctor and being able to show them how much exercise you do, how much sleep you get and your blood pressure for the last year.

While the insurance industry is using mobile applications for arranging appointments and giving health information, they are yet to fully embrace the use of wearable devices and the data they collect, though it is a development that could completely change their business as many research papers suggest.

Continue reading the main story

power of big data series branding

Can big data really revolutionise our world? We explore how the explosion of information and analysis will impact our lives and our privacy.

Meanwhile the use of the data for medical research is also a long way off.

Professor John Newton from Public Health England would like to see a more joined-up approach.

“We’ve got the world of apps, a huge investment from the technology companies, but the healthcare sector hasn’t made the link,” he says.

“If you were able to make the link between a hospital service like a diabetic clinic with a patient’s mobile phone data, they could tell immediately whether that person’s diabetes was going out of control.”

His message is clear: “Put the data into the hands of the people who can use it to make a difference.”

Like all the new data that is being recorded and analysed the possibilities are massive but the ethical and privacy issues surrounding our personal information will not go away quickly.

Pondering life after Warcraft
12 November 2014Last updated at 00:00

By Regan MorrisBBC News, Los Angeles

World of Warcraft fans

Please turn on JavaScript. Media requires JavaScript to play.

The BBC went to BlizzCon and asked gamers what it’s like meeting in real life and what it is about the World of Warcraft which inspires such devotion ten years after the game was created.

In the World of Warcraft, warlocks, trolls and elves battle for survival in a magical world which boasts some of the most devoted fans in the entertainment industry.

But as the video game turns 10 this month, even some of the most diehard players are questioning how the game will adapt to survive another decade.

The popular role-playing game has 7.4 million subscribers who pay $15-a-month (£10 in the UK) to play the game.

That’s serious commitment – but the numbers are well down from a record high of 12-million subscribers.

As many of the game’s original fans age and create careers and families, they can’t devote the time needed to play World of Warcraft.

World of Warcraft fanA recent update to World of Warcraft underwhelmed many fans

“I’ve seen many people meeting and losing their spouses due to World of Warcraft,” says Dmitri Williams, chief executive of Ninja Metrics, a gaming analytics company. “It takes a big time commitment.”

And the younger generation of gamers is more reluctant to pay a subscription fee when there are so many free to play games available.

But Williams says he expects World of Warcraft to remain a powerhouse in the gaming world.

“A bad day for them would be a great day for just about any other gaming company,” says Williams.

“There are games that have more players but if you look at hours spent and commitment and money spent – it’s tough to beat World of Warcraft.”

Gamer Stephen Gillett says he is confident his six children will follow his footsteps into the World of Warcraft – but he thinks the company will have to change the game to make it less of a time commitment.

World of Warcraft fansBlizzcon is an event that brings together Warcraft fans – this year held in Anaheim, California

“I turn off the graphic destruction so they can play when it’s not so grimy,” Gillett says of his three older children who he brought to BlizzCon, an annual gathering of Blizzard Game fans.

This year, the event was held in Anaheim, California and Gillett travelled from Northern California to be at the convention, which attracted more than 25,000 fans from around the world, many dressed as their World of Warcraft avatars and meeting each other “in real life” for the first time.

He says the subscription model keeps the level of gamer high – something serious players appreciate.

Well of Eternity

Blizzard executives say they’re not worried about the dip in subscriptions. World of Warcraft executive producer J. Allen Brack says the company “takes a long view” of their games and don’t react every time the numbers go up or down.

“We’re not worried about what the subscriber numbers are today. We worry about ‘are we delivering a great gaming experience that’s going to satisfy the fans,'” he says.

World of Warcraft fansPlayers of Warcraft exist in a vast, but tight-knit, online community

“When I first started out it was when you finished your game, you put in a box, put it on a shelf and people bought it – that was basically it.

“Now we have mobile devices, we have free to play, we have pay as you go, we have subscription models, we still have box model games. We have a lot of more choices as players, which honestly I think is great.”

Fans have been clamouring for an expansion to World of Warcraft and they will get one on 13 November with the much anticipated, and some say long overdue, Warlords of Draenor.

Many fans at BlizzCon said they let their subscriptions lapse in the last year because they got bored waiting for the expansion and moved on to other games. The last expansion Mists of Pandaria underwhelmed some fans.

Blizzcon conference floorAt Blizzcon, a new game, Overwatch, was announced

There is also a new documentary about World of Warcraft out and a feature film based on the game is coming soon. But for Blizzard game fans the anniversary of World of Warcraft has been overshadowed slightly by buzz surrounding Blizzard’s plans to release a new game, Overwatch.

It’s a team-based shooting game and a very different genre from World of Warcraft – but it’s expected to have cross-over appeal for gamers. Blizzard game developer Chris Metzen says creating Overwatch has reinvigorated them as a company.

“It’s like we didn’t go anywhere, but we’re back,” he says.

“I feel like this studio’s sense of just raw energy and creativity and it’s kind of focus and appreciation for like maybe even smaller scale projects has kind of been rekindled.”

“It has no bearing at all on the fact that World of Warcraft is our most precious product and we have obviously a really great team driving that business.”

Firefox Develops a Case of Selective Amnesia

Roughly 10 years to the day after the release of Firefox 1.0, Mozilla on Monday announced an updated version of its open source browser complete with a new Forget button aimed at protecting users’ privacy.

“Forget gives you an easy way to tell Firefox to clear out some of your recent activity,” explained Firefox Vice President Johnathan Nightingale. “Instead of asking a lot of complex technical questions, Forget asks you only one: How much do you want to forget? Once you tell Firefox you want to forget the last five minutes, or two hours, or 24 hours, it takes care of the rest.”

Also new in version 33.1 of Firefox is the inclusion of DuckDuckGo as a preinstalled search option. DuckDuckGo is best known for delivering search results without tracking users or what they search for.

Mozilla on Monday released a brand-new version of Firefox tailored for developers as well.

Off the Record

“I think the Forget button is tremendously important,” John Simpson, privacy project director with Consumer Watchdog, told LinuxInsider.

“Many users share computers and don’t want a list of the websites they’ve visited available to others,” Simpson explained. “This lets users easily erase the record.”

As for DuckDuckGo, it’s “the search engine to use if you don’t want the search engine to profile you,” Simpson said. “It’s an excellent, privacy-friendly addition to the search engines featured in the tool bar.”

Working With Tor

Also as part of Mozilla’s Monday suite of anniversary announcements, the nonprofit kicked off Polaris, a new privacy initiative that it’s undertaking in partnership with the Center for Democracy & Technology and the Tor Project.

As part of Polaris, Mozilla launched two experiments. In one, Mozilla engineers are evaluating the Tor Project’s changes to Firefox so as to determine if changes to Mozilla’s code base could enable Tor to work more quickly and easily.

Mozilla also will soon begin hosting its own high-capacity Tor middle relays to make Tor’s network more responsive and allow Tor to serve more users.

In the second Polaris experiment, Mozilla aims to explore how Firefox can offer a feature that protects users who want to avoid invasive tracking without penalizing advertisers and content sites that respect a user’s preferences.

A Strong Need

“I think Mozilla is dealing with an important specific need — a need that is probably quite strong amongst the type of user that uses Firefox,” said Al Hilwa, program director for software development research with IDC.

“The use of DuckDuckGo is a great new addition because that search engine promises not to retain data about user identity,” Hilwa told LinuxInsider.

“The Forget feature simplifies a complex task usually provided to users through multiple checkpoints in terms of different types of content and cookies to erase,” he noted.

“Mozilla should be commended for adding these features,” Hilwa said. “Users should not have to understand deep browser architecture to figure out how to stop websites from tracking them.”

A False Sense of Privacy?

It is “great to see that Mozilla is making progress when it comes to simplifying user interfaces for privacy features,” observed Jeremy Gillula, a staff technologist with the Electronic Frontier Foundation.

At the same time, “I’m concerned that features like this might lead people into a false sense of privacy,” Gillula told LinuxInsider. “After all, the Forget button can’t erase the logs a Web server has of your visits, or any data that a malicious third party might have intercepted while you were browsing.”

So, “as long as users understand the limits of this sort of feature, it’s great,” he concluded, “but we need to make sure people really understand those limits.”

Not a Needle-Mover

Firefox’s heightened privacy focus is unlikely to have a major effect on its market standing, Greg Sterling, vice president of strategy and insights for the Local Search Association, told LinuxInsider,

“Firefox has lost share to Chrome, now the world’s No. 1 browser,” Sterling noted. “This appears to be a bid to partly differentiate on the basis of privacy.”

Giving people additional choice and control over their browsing history is “a good idea and will be appealing to many,” Sterling concluded, “though it probably won’t significantly impact the market share figures.”

Katherine Noyes has been reporting on business and technology for decades. You can find her on Twitter and Google+.