Blizzard's New Add-on Policy?

[Metrech]

and if an author tries to circumvent the features that make his code not work with the game, they can sue him.

They have no case to sue an author of an addon for Wow. There is no "privity of contract" between Blizzard and that Author, especially if the author doesn't happen to play Wow. (e.g., the Author is a corporation and the EULA is with a person).

Even if there is something in the EULA, I doubt there is any enforceable contract that could be the basis of a lawsuit. Plus, it would be so expensive to do, that a lawsuit would only be launched in order to set a test case or if there was a malicious addon out there that did a lot of damage somehow to Blizzard (which could be the subject of a lawsuit anyway).

[Satrina]

They might try a DMCA case under the circumvention clauses, no? "We have said your addon may not run and we have used access controls to prevent it from running, which you have circumvented." It's somewhat similar to Lexmark v. Static Controls (which they lost), but isn't quite the same since Lexmark wanted to prevent any third party from providing cartriges, whereas Blizzard would be preventing select addons.

Edit: However, I believe that Blizzard really should have an SDK/API licensing agreement with addon authors.

Edit again: If it isn't actually enforceable, then it's really not in Blizzard's best interests to keep it as is. If they to try to go to court and get thrown out, they really do have a problem then.

[Metrech]

They might try a DMCA case under the circumvention clauses, no? "We have said your addon may not run and we have used access controls to prevent it from running, which you have circumvented." It's somewhat similar to Lexmark v. Static Controls (which they lost), but isn't quite the same since Lexmark wanted to prevent any third party from providing cartriges, whereas Blizzard would be preventing select addons.

Well, depending on what country you are in the DMCA may or may not apply, first of all. You may have to check the WIPO treaty implementation of whichever country you are in (Canada for example has tried to implement its own DMCA for about 3-4 Parliaments now and has not managed to pass it yet).

Secondly, what the DMCA prohibits is decryption and reverse engineering of code. If your addon somehow could be considered a "circumvention device" that decoded Blizzard's code, then that is one thing. (I used to have a T-shirt with the perl script for decoding DVDs on it that said "I am a circumvention device" until it fell apart...) However, I don't think that renaming your addon or obfuscating some of your own code so that their "baddon detector" doesn't work counts under the DMCA as you are not reverse-engineering their code per se or circumventing any encryption that prevents you from playing the game. There is a small grey area here, but it certainly isn't the same as a debugger or other similar software that you could use to run a "show-EQ"-type addon. A "Show-EQ" addon (or bot program that runs WoW in its own space to decrypt ram calls or the like) probably would fall within the DCMA rules, however.

[Molohk]

Even though it's not based on copyright laws. Couldn't Blizzard still go after addon developers for service violation? I think they could quote the Lori Drew case as a legal precedent, since in the end she was found guilty of misdemeanors related to violating MySpace's terms of service.

[Satrina]

Yeah, the whole legal jurisdiction thing is another point to the whole mess that leaves me wondering why they just are not using the existing provisions in the EULA to control it.

I read the DMCA again (whee fun?), and there are definite direct provisions for decrypting and descrambling, but then also a provision for "otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner". I believe that this is where Lexmark came in since it was not a decrypt or descramble thing, but a straight copying act to make the gizmo accept the non-Lexmark cartridges. Lexmark lost thier case, though, because they were trying to create a monopoly. There was also Chamberlain v. Skylink where they reverse engineered a rotating code system to make a product, and Chamberlain claimed it was circimventing technical measures. They also lost, but in both cases they got heard.

With that said, the reverse engineering part is possibly the key. The baddons database actually has 13 fields per entry, so it's almost certainly not based wholly on addon name, but likely some fairly loose code signature calculations. You'd have to reverse engineer the database and how its fields are used to circumvent it.

I suppose you have to look at "No person shall circumvent a technological measure that effectively controls access to a work protected under this title" and decide whether the baddons list is a technological measure that controls addon access to Blizzard's copyrighted work, and then if that counts under the DMCA. Neat stuff as brain candy!

[SirTolomay]

Okay this topic was so important i felt the need to actually register with the site and share my input.

What i think most of the people arguing the different legal ramifications are missing out on seeing is what would blizzard intend by this new policy vis a vis what would they gain. Needless to say there is not much to gain by it other than maybe making more people want to use their new interface which seems to be chock full of stuff that if not exactly the same as some add on functions then at least similiar. Yet there is another part of this that i am surprised so many tanks who should be aware of all around them did not pick up on. Notice the part that refers to accessing a players hard drive and then couple that with the section about having the code readily accessible. What is blizzards motivation here people. I think that it is plain and obvious that they are making a clear attempt to further protect thier players from hackers and those that would steal players personal information.
Unfortunately some of the good must be lost with the bad for the overall security of the game and its players. And since every bit of data that is processed through your computer gets saved into a encrypted section of your hard drive; collecting this data and counter-referencing it with the other millions of players data may allow a seasoned hacker the ability to crack the protections blizzard has in place and gain access to millions of peoples personal data all around the world. And if you think it cant happen let me assure it can and has. Most notably with some very popular gambling websites.

So before we all go crucifying blizzard maybe we should look at the big picture.

Oh and by the way it is perfectly with thier right to disable any add on they so choose or to not allow any add ons at all. And all add ons must be subject to any rules that they choose to impose with or without fair warning for them to comply. All of the add ons we use in the game some way or another interact with blizzards programming. therefore blizzard has every right under all laws, local and international to disable them anytime they see fit. Now if it were a program that operated outside of blizzards programming such as "Fraps" which interacts with your video card and not with any programs running then blizzard could not force compliance.

[Roana]

Unfortunately some of the good must be lost with the bad for the overall security of the game and its players. And since every bit of data that is processed through your computer gets saved into a encrypted section of your hard drive; collecting this data and counter-referencing it with the other millions of players data may allow a seasoned hacker the ability to crack the protections blizzard has in place and gain access to millions of peoples personal data all around the world. And if you think it cant happen let me assure it can and has. Most notably with some very popular gambling websites.

No.

The Lua code is sandboxed. Barring bugs, it absolutely cannot access anything outside what the Blizzard API allows it to do.

Any potential risks come not from the addons themselves, but from other items distributed with them (such as executable installers) or the websites that carry them. The addons themselves are toothless as far as breaking into a computer is concerned. And Blizzard's new policy does not do anything about the former: In fact, it encourages the use of "value adding" installers or other external programs that the developers then CAN charge for or use it for advertisements or to solicit donations.

[Satrina]

So before we all go crucifying blizzard maybe we should look at the big picture.

You should read this before deciding that I am on a crusade to "crucify" Blizzard: World of Warcraft - English (NA) Forums -> Discourse on the AddOn policies

I won't address the othe inaccuracies in your post other than to point you to previous posts in this thread (regarding hacking and personal information and addons, which is not possible in any way) and also at the multiple threads on the UI & Macros forum where such points have been repeatedly addressed over the past week. Except for this one:

And since every bit of data that is processed through your computer gets saved into a encrypted section of your hard drive;

Wherever did you come up with that?