back to article Microsoft's DRM can expose Windows-on-Tor users' IP address

Windows users running the Tor browser can be tricked into uncloaking themselves, with a pretty straightforward trick based on Microsoft's DRM system. The discovery was made by Hacker House, which says it's been researching social engineering attacks made using DRM-protected content. What the UK-based security outfit found is …

  1. Adam 1 Silver badge

    > “If you want to build your own Microsoft DRM signing solution the price-tag is around US$10,000,”

    If it's only large content distributers that can unmask tor then that is pretty good. I can't imagine any reason why *they* would want to unmask sessions.....

    1. Mephistro Silver badge

      On the other hand a single signed file could be used to entrap many Tor users, so it'd make probably more sense for 'Them' to purchase one of these files from a company that already has the DRM signing solution.

      Unless I'm understanding this wrong, of course. I don't have to put up with this windows DRM thing thanks to having it blocked at several levels, including browser plugins, OSS media players, firewall, ...

      1. stu 4

        I think you ARE misunderstanding it then...

        though if it's a wmv - they have the ability to open browsers and load webpages anyway - which would be a damn site easier way to establish a connection and grab the source IP address. This has the benefit however of working without needed to open a browser, etc

        I believe the gist is something like:

        - you download your torrent or download from tor the latest blockbuster zip...

        -unzipped you find a large mp4 or mkv thats about the right size... but lo - when you try and play it it won't play - saying codec is missing or some mince.

        - there's another file there - a little file "watch me if movie does not play.wmv"

        - user plays that. all players that understand wmv/drm then connect to licence provider.

        - congrats, you have been pwned.

        WMV, like ASF before it were/are terrible containers that should never ever ever be used for anything EVER. Add AVI to that as well while you're at it.

        1. Mephistro Silver badge

          But...

          ...how does that harm my argument? Mr Robot purchases/hires the 'service'(a single DRM file) from a company with the infrastructure required to sign the keys, for a fraction of the price of purchasing their own DRM infrastructure, and afterwards use that same DRMed file in the way you described as many times as they please, pwoning lots of users. Profit!

          Please consider that this would be used for hooking visitors of "illegal sites"(think child porn, Silk Road clones, and in the UK sites depicting any sexual practice nor approved by the government ;-) and "political oposition sites" or "terrorist sites" (both of which categories sadly are still treated in many countries exactly the same way).

          Perhaps your point was that the hackers don't even need to do that, as they can create their own keys for free, as has been suggested in other comments in this thread?

          Postdata: I've been blocking access to DRM content for many years and, in my opinion, that's what any security-conscious user should do.

  2. Richard 12 Silver badge

    So MS lost the keys already

    What they've seen in the wild is someone managing to generate signed content, apparently without paying that toll.

    If true, that means the MS DRM system is now broken and useless.

    In fact, worse than useless because of the large quantity of money and effort needed to use it.

    1. Pascal Monett Silver badge

      Re: So MS lost the keys already

      Absolutely. As with all DRM, once again it is demonstrated that, where security is concerned, a closed-source "solution" is just a disaster waiting to happen.

      What this means is that there are people out there who could conceivably wrap a film with the proper DRM security (without MS' knowledge) and serve that up to unsuspecting victims in order to grab their IP address. For Tor, which is specifically a platform supposedly enabling you to hide it, it is nothing less than a targeted attack.

      I suppose this could also blow through most anon proxies as well, though I may be wrong.

      And, given that the people who have this capability are not any open-source advocates or geeky teenagers wanting bragging rights, there's a good chance that they are blackhats, which means that once they have the IP address, mayhem will ensue.

      Not good news in any case.

    2. MarkSitkowski

      Re: So MS lost the keys already

      According to Microsoft, DRM is obsolete, and has been replaced by MS PlayReally (something like that)

  3. streaky Silver badge

    WMV DRM

    Literally a million miles from the worst thing it does, if you have to watch wmv files (ouch why it's 2017) - do it via a competent video players like vlc.

    1. Anonymous Coward
      Anonymous Coward

      Re: WMV DRM

      it will still need the DRM to play back, unless I'm very much mistaken.

      1. stu 4

        Re: WMV DRM

        yup - exactly the point here. VLC will pwn u just as easily with this. It 'plays' DRM WMV files - hence it will check the DRM.

        1. joed

          Re: WMV DRM

          Not necessarily, even WMP (or Flash) has an option (default on) not to retrieve usage rights/send unique id from/to Internet. Also Firefox has the option to disable playback of drm encumbered content (courtesy of Adobe if I recall correctly). Needless to say, whoever cared and knew anything should have these options set accordingly.

          1. Mephistro Silver badge

            Re: WMV DRM

            "...even WMP (or Flash) has an option (default on) not to retrieve usage rights/send unique id from/to Internet..."

            The main difference here is that the OSS media player has a button for disabling the DRM crap and that you can trust that button to do precisely that. Oh, and that the option to use DRM in the OSS application is off by default.

  4. Steve Davies 3 Silver badge
    FAIL

    Is it just me

    or is MS getting more and more restricting and evil almost every day?

    MS seems intent on transforming itself into Big Brother and the day when W10/Cortana says

    "I'm sorry Dave I can't let you do that"

    are getting closer and closer.

    As has been said, use vlc or any of the other far better media players to view your content.

    1. Paul Crawford Silver badge
      Linux

      Re: Is it just me

      Come now! This started with XP's "product activation" feature and has been growing ever since. If you are still happy to use Windows then you are a hard-boiled frog by now.

      Ultimately that is my main reason for choosing Linux - it is MY computer and if I do something fsckingly stupid with 'sudo' then its my choice, my responsibility, but ultimately also my freedom to change/copy/modify/bugger-up whatever I like.

      1. RAMChYLD

        Re: Is it just me

        Well, there are still several drawbacks on Linux:

        Firstly, the fact that there are not many game companies supporting it. Steam is nice, but even then half of the games on Steam aren't available on SteamOS/Linux. And that's well, Valve is pretty much the best company when it comes to Linux gaming. EA and Activision-Blizzard don't give a hoot, and the latter even actively ban users caught using WINE to run their games. EA is slightly better in that they don't care if you use WINE, but a lot of their games are hard to get working in WINE anyway. Also, sadly, there has been no port of EA games to Linux ever since Loki Software folded.

        Secondly, hardware support. Linux devs need to listen to their users more. Last I tried only Ubuntu supports hardware RAID. The excuse that motherboard RAID isn't beneficial is not valid. A lot of modern motherboards also enable caching when RAID is enabled. Also, I've said this many times before, but the anecdote that the CPU is handling the scheduling just isn't true on certain chipsets- for example, the NVidia NForce chipsets has an ASIC to handle the RAID arrays and offload the task from the CPU. The distro developers shouldn't be all smug and tell users to just stick to AHCI - there are valid reasons to support motherboard RAID.

        Additionally, Radeon support on Linux still lacks CrossFireX/Dual Graphics support and even basic functionality like stippled and smooth primitives on certain cards. Ever since FGLRX support was dropped, many rigs went from competent to unusable. I was forced to convert one of my rigs that ran Ubuntu back to Windows because it FGLRX no longer supported it, and said rig happened to use a APU+GPU dual graphics configuration (1).

        Don't get me wrong, I still do have several Linux boxes dedicated to the cause. But losing FGLRX and being stuck with Ubuntu because it's the only Linux distro that supports motherboard RAID is pretty frustrating.

        (*1) https://www.x.org/wiki/RadeonFeature/

        1. Anonymous Coward
          Anonymous Coward

          Re: Is it just me

          >Well, there are still several drawbacks on Linux:

          Probably get downvoted but the big missing killer app on Linux for me is no streaming from my xbox one to my PC like with Windows 10. Sometimes when you are a family man your options for when and where you can game are limited especially if you prefer console gaming (don't ask me why). I of course still do all my browsing through Linux (Whonix in VMs).

        2. Paul Crawford Silver badge

          Re: @RAMChYLD

          "Well, there are still several drawbacks on Linux"

          There are several (at least) drawbacks on Windows. The point is you pay your money (or not) and take your choice. If playing games in more important than privacy and security that is your choice to make. You are not me, your goals and priorities are not mine, so it is up to you to evaluate what matters most to you and to act accordingly.

          1. Anonymous Coward
            Anonymous Coward

            Re: @RAMChYLD

            >If playing games in more important than privacy and security that is your choice to make.

            I do care more about privacy and security more on my phone (where the open source alternative is probably worse at least security wise) than games.

        3. eldakka Silver badge

          Re: Is it just me

          " Linux devs need to listen to their users more"

          No, they don't.

          Since most of them are volunteers donating their time for free, they work on elements that interest them personally. Some of them are nice enough to add features that others want, if they feel like it.

          If you can't convince a volunteer to spend their free time on something you want, then you have at least 3 choices:

          1) do without;

          2) pay someone to write the driver/feature for you;

          3) donate your own free time to writing code yourself.

          Also, the specific distribution is irrelevant. If Ubuntu has support for hardware RAID and it is provided as GPL'ed code, then that code will (80% likely if you are on the same CPU architecture and RAID hardware) work if you just download/copy the packages or (if different package management systems are in use) just the actual files (and any dependencies) to your Linux system. If this 80% chance fails, then you can get the source-code and compile it for your system, which should work 80% of the time (again same hardware). If that fails (i.e. the combination should work 96% of the time), then report the issue and persuade someone who's donating their free time to fix it, or see the 3 options above.

          That's the whole point of Linux. A non-commercial distribution is just someone's "favourite package combination" bundled up. If there's a program you see on a someone else's Mint Linux, and you are running Slackware, well, assuming it's not propriety licensed non-GPL software, you can go and get it and, worst case, compile the source code to make it run on your distribution.

      2. John Smith 19 Gold badge
        Unhappy

        "Come now! This started with XP's "product activation" feature and has been "

        Doesn't this date back to "Paladium" and "Trusted computing," where MS mean "Trusted by Big Corporate customer to prevent unauthorised access to any of their documents off site unless you pay them big money and/or a senior manager."

        In theory DRM could be used to allow individual artists to be receive micro payments and ensure you only pay once for something but each individual person does have to pay, rewarding creativity.

        But IRL what are the f**king odds of anyone implementing a system with such goals?

        Somewhat smaller than the googles revenue root of FA.

      3. Crazy Operations Guy Silver badge

        Re: Is it just me

        "Ultimately that is my main reason for choosing Linux - it is MY computer"

        Well, unless you use Ubuntu in which its now Amazon's computer. Since the whole 'Unity' search bullshit, I've pitched Canonical into the same bin as Red Hat. Specifically, the bin marked 'bastardized versions of Linux that I will never install on my equipment'.

    2. Adam 52 Silver badge

      Re: Is it just me

      Since this appears to be in the DRM implementation it's quite possible that other players are also vulnerable.

      Does vlc just refuses to play DRM protected files?

      1. Charles 9 Silver badge

        Re: Is it just me

        Yes, it'll give an error on a protected asf or wmv file.

    3. Annihilator
      Headmaster

      Re: Is it just me

      "the day when W10/Cortana says 'I'm sorry Dave I can't let you do that' are getting closer and closer."

      Well you'd need to change your name first :-)

      Beside, HAL wasn't evil. He was trapped with paradoxical mission parameters - report open and honestly, but secretly keep the mission objectives from the crew. HAL ultimately deduced that if the crew were dead, he wouldn't need to lie to them anymore. That could work for some of my stakeholders to be honest...

  5. creepy gecko
    Black Helicopters

    Tin Foil Hat alert?

    Do I detect the spooks of the NSA & GCHQ at work here?

    1. Dave 126 Silver badge

      Re: Tin Foil Hat alert?

      Don't let thoughts of conspiracy blind you to the possibility of cock-up (or vice versa!). I suspect the latter.

      I'm obviously naive - I thought TOR was just for buying drugs, or criticising the totalitarian regime you happen you live under - and I didn't realise WMV movies were still a thing.

      1. Smooth Newt
        Meh

        Re: Tin Foil Hat alert?

        Don't let thoughts of conspiracy blind you to the possibility of cock-up (or vice versa!). I suspect the latter.

        One man's cock-up is another agency's opportunity.

  6. RonWheeler

    Who in their right mind

    ...would download a WMV when alternatives exist?

    1. Paul Crawford Silver badge

      Re: Who in their right mind

      Who in their right mind would use Windows if privacy really mattered?

      1. Adam 52 Silver badge

        Re: Who in their right mind

        It's the wmv DRM implementation, so in theory at least would affect wmv players on Linux or Mac too, if there are any that request keys.

        1. Dave 126 Silver badge

          Re: Who in their right mind

          >It's the wmv DRM implementation, so in theory at least would affect wmv players on Linux or Mac too

          For sure, but as the article notes, Tails disables WMV key requests. If you were concerned about privacy enough to use TOR then you would use a Linux that was tailored for privacy.

          If you choose to walk through a maze to make sure you're not being followed, you'd make sure you didn't wear the same jacket that you wear down your local pub.

          1. NonSSL-Login

            Re: Who in their right mind

            Even if WMV keys are not disabled in Tails, the routing is at OS level so any out of browser requests still go via the Tor network so your real IP would not be leaked anyway.

            Although virtualisation is not recommended for Tails, running it in a VM window on a machine connected to a VPN has benefits when it comes to things that NIT's that want to unmask your real IP via whatever exploit.

  7. Baldy50

    You are explicitly told....

    Do not open anything! Any application may call home and reveal your IP address and other info.

    1. Charles 9 Silver badge

      Re: You are explicitly told....

      What about a secret iframe?

      1. asdf Silver badge

        Re: You are explicitly told....

        >What about a secret iframe?

        Can be blocked easy enough with NoScript.

        1. Charles 9 Silver badge

          Re: You are explicitly told....

          Not if it's same-domained and the site requires a script to run. Part and parcel problem.

          1. Kiwi Silver badge

            Re: You are explicitly told....

            If you're valuing your privacy/security enough to use TAILS, you're running NoScript.

            From what I am told NS blocks Iframes on TAILS (I don't have it to hand so can't test myself I do have NS installed here and blocking Iframes but what is set on a default NS install and what is on TAILS could well differ). I assume iframes are different to JS since they have different settings in NS.

            And the really obviously simple thing.. If you're valuing your privacy and a site requires a script to run, you go elsewhere or do without. Hell, I do that with sites that demand 3rd party cookies or 3rd party scripts (aside from CDN's and sometimes some Google API's). If it wants to run to much I don't trust, I don't run it.

            There is no circumstance that requires you to run risky scripts, especially if you're protecting your identity (and have some clue about what you're doing/follow the very clear instructions)

  8. Dazed and Confused

    What? you mean

    192.1.0.1 ?

    Isn't that what most home PCs use?

    Or is it the IP address of your router, lots of ISPs NAT those too.

    OK, so I'm an awkward bugger with routed IP address blocks at home, but most people don't.

    1. RAMChYLD

      Re: What? you mean

      > 192.1.0.1 ?

      > Isn't that what most home PCs use?

      Nope, the valid class-C private address is 192.168.x.x, anything 192 but not 192.168 is still fair play iirc.

      1. Dazed and Confused

        Re: What? you mean

        Firstly 192.168.X.X is not a class C address, it is a contiguous range of 256 class C address ranges and therefore constitutes a /16. Except the whole concept "class C" or A&B was deprecated not long after Noah realised he was going to need slightly more than an umbrella and at about the same time it became practical to have dial up Internet connectivity at home in the UK.

        Well of course any 192.168.X.X is a reserved private address block, other 192 addresses have other jobs, I used to "own" 192.195.something.orother. But when did you last see a non technical home user ever change it, or even a technical one for that matter, there is almost never a reason to change it from the one your ISP has setup when they ship you a router (assuming you run the router they give you). My point was that the private IPv4 address that most people use is of no practical use to anyone as a means of identify you and it isn't even persistent. There could easily be a hundred million PCs currently using that IP address.

        The article completely fails to give any details of how the attack compromises you. It's bad that information can be leaked, but a limited sort of bad in most cases.

        Sure if you run routed IP address blocks then a quick whois will give the miscreant your name, address and phone number. The PC I'm typing this on would fall into that category. The one next to it is using an RFC1918 private address which admittedly isn't 192.168.0.0/24, for reasons of a private joke.

        One thing the article doesn't say is whether it is just the IP address of the PC itself, I'm assuming that is all that can be leaked here. So if you are DNAT'd then there isn't much to worry about for most people.

        If you are running IPv4 real public address or you're using IPv6 (which is more likely to use public addresses) then you might well be being left open to identification.

        Personally I think everyone should use NAT'd address for client only systems to avoid casual identification. I don't see any reason why people should be forced to walk around the Internet with a label stuck to their foreheads with their name and address in large print for anyone to read. The backers of IPv6 don't seem to agree with me. Sure there are protocols which NAT buggers up but in most cases the answer should be to fix the bloody protocol not make everyone pull their pants down and show their privates.

        1. Cynic_999 Silver badge

          Re: What? you mean

          When WMP phones home, then it is likely to do so without going through the Tor router. This obviously reveals the public IP address you are connecting through. In a home environment that will usually equate to (or an easily determined) physical house address. Sure, it will not reveal which PC was responsible - so that's why if the activity is suspected of being illegal (e.g. drugs, kiddypron etc.) the police will bust down your door and take ALL of them for examination.

        2. cbars

          Re: What? you mean

          @Dazed

          The article is quite easy to understand, Cynic_999 is perfectly correct (about the IP stuff, rather than door busting). I hope you weren't the one to downvote him, seems unfair.

          I also find it odd that you don't think someone knowing your name, address and phone number would be a problem for someone using Tor... but that is only possible if you're using a fixed IP and you have a domain registered under your own details and they do a reverse lookup first.... but I'm going off track.

          Let's see:

          - Tor browser arrives at webpage which serves a WMV

          - Browser attempts to launch WMV

          - Windows Chooses your default player

          - Player checks for DRM

          - DRM is there, Player checks for validity

          - Yep, valid and signed by Microsoft, player fetches license key from the content producer server without popping up a warning [HINT: this is how you get identified]

          And, to state the obvious:

          - Player then requests content producer uri

          - Player is not using Tor

          - URI request goes out through the router in the same way as normal internet traffic (if you've got a VPN configured on your router then at least you're partially hidden (not from TLAs though))

          - Content provider server receives request, and as per normal in a TCP session, gets your public facing IP so it can talk to you

          - Ta Dah - Your Public IP is now known - you may or may not be totally fucked - depending on who the content producer is.

          Bit of a problem for most people using Tor:

          If it's a TLA - prepare for APTs, social engineering or the old fashioned plod shakedowns;

          If it's something illegal, prepare to be arrested (whether or not we're talking Iran vs N Korea vs 'legal highs')

          Hope that's cleared it up for you

          :)

          1. Dazed and Confused

            Re: What? you mean

            @cbars

            Firstly it wasn't me that downvoted Cynic, any cynic is OK by me.

            As to whether the article is clear, I clearly didn't feel it so, hence the original question about whether it was the IP address of the PC or whether it was the IP address of the router. I'd read the article as saying that the Windows media shit was exposing the IP address of the PC, as presumably (my guess from the article) that was inside any packets. OK, perhaps I'm in the tin foil hat brigade but when I resort to TOR I make sure there are no other routes off the PC.

            > I also find it odd that you don't think someone knowing your name, address and phone number would be a problem

            What I was saying was the exact opposite of this. I'd said that if, like me you run fully routed addresses which can be looked up in whois then you're wide open. But if it is the NAT'd address which is exposed then there isn't much harm and that everyone should do this to avoid casual identification.

            Lots of ISPs also NAT the routers IP address and these are not persistent. So to the casual observer the only thing which would be visible would be which ISP you're using.

            What I'd not considered was state sponsored snooping where of course the ISP is likely to reveal your ID to the hacker. Or perhaps where the hacker is the ISP.

            My other mistake was not to realise that people using TOR would be allowing non-TOR traffic at the same time.

            Thanks for the explanation and please accept 1 up vote for your trouble.

        3. Pedigree-Pete
          Pint

          Re: What? you mean

          Personally I prefer 10.x.x.x because I;'m a lazy typist. PP

    2. Steve the Cynic

      Re: What? you mean

      As others have noted, you probably meant 192.168.1.1, and no, that's usually the ADSL/fibre/cable routermodemlboxthingy.

      And of course, at home I do have a public IP address on my PC. IPv6, that is. 2A01:stuff. I also have a 192.168.1 type address. But that IPv4's not interesting for the alphabet soups and the hackers.

      But I'm not sure why the story is news. It's pretty much self-evident that any DRM solution that doesn't involve a physical token attached to the PC (including having the original installation medium in a local shiny-biscuit reader) will need to check on the Internet, and that might involve an IP check, and that might involve using the public IP that the DRM servers can see, and in a way that links your TOR activities to that IP.

      And because it *might* involve such things, you must, if you are operating in full-on tin-foil-hat mode, assume that it *will* involve them, and that it will leak information about you.

      1. asdf Silver badge

        Re: What? you mean

        >if you are operating in full-on tin-foil-hat mode,

        Then you won't use digital communication at all because the traces you leave behind (always some) are forever.

        >When WMP phones home, then it is likely to do so without going through the Tor router.

        If you are using the Whonix workstation to do so it wouldn't be able to. Without breaking out of the VM its nearly impossible for any app to get the internet facing ip address unless of course the dumb meat sack starts typing it (or more likely their name and address) into web entry forms.

    3. Paul Crawford Silver badge

      Re: What? you mean

      Just try going to this site:

      https://ipleak.net/

      It will tell you a lot about what is publicly seen from your computer, and you might want to follow up on the WebRTC aspect... If you are running Linux (or I guess have 'dig' for Windows somehow) then this will do it simply from the command line:

      dig +short myip.opendns.com @resolver1.opendns.com

      No doubt the El Reg commentards will have many, many more methods to do the same.

  9. Frank Bitterlich

    Just to check...

    ... that I understand the issue correctly: The actual problem appears to be that the media player launches IE to access the "information" site instead of using the Tor Browser, and that bypasses Tor and so snitches your IP address, right?

    I'm not using Windows, so I have to ask: isn't there a way to prevent IE from launching (or otherwise cripple it)?

  10. adam payne Silver badge

    WMV is a terrible format and I didn't think anyone still used it,

  11. Frank N. Stein

    Hmm...

    Stop downloading WMV porn files. Flash files, instead. Problem solved.

  12. Ramazan

    transparent proxy

    If you use transparent TOR proxying, all TCP requests (from DRM modules, Flash plugins, Java, JavaScript and shit) would go via TOR instead. But even transparent TOR proxying won't stop commercial software from running "ipconfig" on your host and sending the result to DRM server, MS, Google, CIA, FBI or NSA. Together with your address book and keyring.

    1. Gary 24
      Paris Hilton

      Re: transparent proxy

      Errrr ipconfig will just return a private IP address? e.g. 192.168.0.1 not your WAN IP address...

      1. eldakka Silver badge
        Flame

        Re: transparent proxy

        @Gary 24 wrote:

        Errrr ipconfig will just return a private IP address? e.g. 192.168.0.1 not your WAN IP address...

        Unless you are using IPv6 which doesn't support NATing (NAT is why in IPv4 your PC will have a completely unrelated internal private address than your internet-visible external address), therefore the local address on your PC is the world-wide unique visible address of your specific PC.

        The IPv6 evangelists didn't consider security as part of the IPv6 standard.

        1. Charles 9 Silver badge

          Re: transparent proxy

          Actually, IPv6 actually supports and encourages the use of NAT. What it doesn't like is one-to-many NAT, but it's entirely cool with one-to-one NAT, including ephemeral NATs for outgoing connections (so that they can't be back-hacked) as well as topology-scrambling NATs for incoming connections (so no one can figure out how your network is structured).

          Just remember it's not the NAT that keeps your internal LAN safe but the firewall, which BTW is still encouraged in the IPv6 world.

  13. Anonymous Coward
    Anonymous Coward

    Just don't use bloody Windows. it's not difficult to do. If you're serious, don't use it.

    for me, i can't think of a single thing that i would like to watch, download (or whatever) which will have DRM on it .. but i'm fussy with content, i gave my TV away years ago (not because i'm being trendy) but because when 'Young Fishmonger of the Year' hit the screens, i decided TV had lost it's way. Films that everyone seems to bleat on about nowadays are mostly all utter crap, TV is either soaps, propaganda or UNreality TV and everything else has to have narcissistic wannabe's and a panel of f*%king judges too. so why download this shite ?

    1. Charles 9 Silver badge

      "Just don't use bloody Windows. it's not difficult to do. If you're serious, don't use it."

      Unless you're a serious gamer who happens to do some serious WoW and/or Overwatch or other PC-exclusive top-end game that simply won't run on Linux. So if you're serious about security AND gaming, you can only pick one or the other.

      1. Pascal Monett Silver badge

        And that is indeed the only reason I still use Windows, of which 7 will be the last Windows I will ever have at home.

        By the time the hardware requires 10, I'm guessing between Steam and some others that will surely crop up, I'll be able to kiss that infested swamp good bye without (too much) regret.

        I just hope Blizzard will grow up about it all, because Diablo III is great fun a half hour at a time.

        1. Charles 9 Silver badge

          The situation between Blizzard and Valve is the same as the situation between say BT and Sky: both are competing for the same audience and want to conquer the other. To them, sharing is surrendering. Blizzard knows they have hits with WoW and now Overwatch. People willingly pay bookoo bucks each month for the former, so they have proven natural draw and really don't need a third party to help them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019