How data collected in gaming can be used to breach user privacy

Gaming firms collect user data to improve user experience but how that data can be used for malicious purposes? Here’s what researchers say.

“Surveilling the Gamers: Privacy Impacts of the Video Game Industry,” a new research reveals how personal and financial data collected by gaming giants can become a privacy disaster for unsuspected gamers.

The gaming industry today is worth more than $300 billion, thanks to the huge growth we have seen in the past few years. This naturally should attract the attention of the bad guys since the opportunities to cause harm are endless.

One such opportunity revolves around the data collected by video games which can be used by attackers for finding out sensitive user information having serious consequences.

In this article, we will be delving into a recent research paper by a team of German and Canadian researchers including Jacob Leon Kröger, Philip Raschke, Jessica Percy Campbell, and Stefan Ullrich which list down these threats.

Starting off, it is no secret that gaming companies have been collecting user data in order to help them make better games for the future and improve the existing experience as well. This is made easier by games being connected to the internet as the data can be sent back to the developers in real-time.

SEE: Winnti hackers hit gaming firms with backdoor malware

The data itself comprises a range of parameters depending upon the game including the “in-game actions” taken by the user in relation to their frequency, choice, accuracy, physical location, voice and other gestures employed (using sensors), hardware and software being used, personal data such as their contact information, and contact list.

The graph below from the researchers details this very well:

How data collected in gaming can be used to breach user privacy

Using all of this information, data analysis can help companies and other groups with access to the data deduce a person’s real identity, age, habits, preferences, and gender even when the end-user may not have chosen to reveal this information by will. Citing an example from a couple of games, the researchers state,

“…predicted the age of World of Warcraft players using 435 in-game features (e.g., character race, class, guild, level, faction, skills, achievements, and combat statistics), achieving a mean absolute error of ± 5 years for 53% of players. Using a similar set of features, Symborski et al. inferred the self-reported gender identity of Guild Wars players with an accuracy of 83%.”

But this is not all, data collection can also help companies find out about the user’s purchasing habits and financial status based on the console they are using, their purchasing habits within the game, and what type of resources they seem to rely on when playing.

All of this can be used by advertisers and companies alike to direct expensive in-game purchases and other adverts towards users who are believed to be richer or rank as their quick-money-spending users. An example given within the paper is as follows:

“Correlating the results of an online survey with log data from the popular sandbox video game Minecraft, for example, Canossa et al. found that money-conscious players tend to build fewer sleeping accommodations for themselves and prefer to use cheap in-game materials, such as stone, sand, and iron instead of precious materials, such as diamond.”

Thirdly, exploring the impact of the data collected by various sensors in the gaming process, the image below offers an overview of how an entire individual’s personality can be dissected:

How data collected in gaming can be used to breach user privacy

To conclude, the paper goes into much more detail but the essence of the entire discussion is simple: we need to hold gaming companies and console manufacturers more accountable for the data they collect about their users and ultimately how this data is being used.

SEE: Online gaming and protection against cyber attacks

Just as we expect social media sites and other businesses to have answers, it is our right to demand so of them as well. Otherwise, we risk our data being used to manipulate us in very subtle ways along with outright potential abuse in the case of any data breaches which have happened in the past.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts