Concerning Q3 Privacy
November 28th, 1999 by CrusaderRegarding today’s fiasco over at Slashdot, where much ado was made about id gathering information on Quake 3: Arena video card usage statistics, I offer into the record (since it appears many have already tried and convicted id without reading documentation) this excerpt from the Q3Test 1.08 README:
=======================
== Section 11. ==
== MESSAGE OF THE DAY==
=======================When Quake 3 Arena starts a map up, it sends the GL_RENDERER string to the Message Of The Day server at id. This responds back with a message of the day to the client. If you wish to switch this option off, set CL_MOTD to 0 (+set CL_MOTD 0 from the command line).
November 30th, -0001 at 12:00 am
The only “mistake” I see is a simple one of accidentally leaving
mention of it out of the newest demo’s docs… And, I find that
a VERY trivial “mistake”, indeed… Especially since it WAS
clearly mentioned in the previous versions’ docs, so they
certainly weren’t trying to hide anything… It was a simple
bit of trivial documentation error; well, not even THAT really,
but more simply incomplete documentation…
But, the main point is, this information being collected is
absolutely harmless, and in no way compromises anyone’s
privacy… Some of the people at SlashDot are just going
absolutely nuts over NOTHING… This is just insane… As
Tim Sweeney (of Epic) pointed out on VoodooExtreme.com, virtually
EVERY single Internet client in existence will send info of this
nature… (Yep, UT does the same sort of thing…) Do people
also get worked up into a paranoid delusional state over the
stuff their web browsers are sending out in the HTTP headers??
Or, how about the E-mail clients sending out all kinds of juicy
info on what mailer and OS you’re using in the SMTP headers??
I mean, come on people, get an fsck’ing GRIP! If you are that
paranoid, well you just shouldn’t be using ANY Internet software
at all, because chance are it’s sending all kinds of info out,
all the time, when you use it…
And, id were even kind enough to provide a very simple method of
completely disabling this trivial, harmless feature, too… So,
if you don’t like it, then do like the (old) docs tell you to do,
and set “cl_motd 0″ (either in the console, or from the command
line, or in your config file… And, quit making a big deal out
of NOTHING! Geez… id is probably the coolest damned game
company on the planet; they’ve consistently produced excellent
games, and have supported Linux for MANY years now… And,
damned SlashDot goes and posts a story slamming them like that,
over absolutely NOTHING… It really pisses me off… *grumble*
November 30th, -0001 at 12:00 am
There have been holes to sneak onto client harddisks in Q1 and Q2, and I guess there also is one in Q3 as well. Yes I love those games too, but I don’t like getting spied on, or even knowing that while I play, somebody looks at files on my computer. It scares me that nobody seems care.
Do you want to know more?
http://www.insecure.org/sploits_all.html
Seatch for “quake” in the page.
November 30th, -0001 at 12:00 am
That it was removed from the documentation one infers that the function has been turned off/removed.
November 30th, -0001 at 12:00 am
The old Q1/Q2 security holes have nothing to do with this Q3
issue… They were patched ages ago… They were simple
security flaws; just about any Internet-connected server is
likely to have similarly exploitable holes, for those clever
enough to find them… But, that’s not at all the issue, here…
We’re not talking about any sort of security flaw, or anything
else; we’re talking about the very simple and trivial fact that
Q3 sends back your OpenGL renderer string to its servers…
That’s all… There’s no security vulnerability due to this…
There is no leakage of sensitive information… Unless, for
some bizarre reason, you don’t want people to know what OpenGL
renderer you are using… I can’t imagine any possible logical
reasoning for wanting to hide such info, though… However, if
you DO for whatever strange reason, id has been kind enough to
provide a very easy method for you to disable it: just set
“cl_motd 0″… So, with that, there’s absolutely NOTHING to
be bitching about, here… There is NO security or privacy
issue at all, here… The ONLY issue at all is about possibly
misleading documentation… That was a simple mistake on their
parts, which Carmack readily admitted to… But, that’s hardly
a major deal… Man, some people just look for ANYTHING to get
absolutely paranoid over… It’s just amazing… And, I
consider MYSELF to be fairly paranoid, but the levels of insanity
this insanely trivial little DOCUMENTATION issue (and, that’s
ALL that it is) has driven people to is just beyond belief…
November 30th, -0001 at 12:00 am
Come on people, all it does is tell ID what 3d hardware you are using. It allows them to get a feel for what type of hardware they should develop for in the future and what type of problems to expect. If it were telling ID what software I had on my computer, send back to contents of my mailbox or something more personal I would be very upset. If you dont think nearly every other piece of internet software you use is sending back info then you need to get off the net, and throw out your computer. ID even admitted to it and told us how to turn it off. I really like slashdot, but it has become almost outrageous and they seem to to be doing typical journalism by creating a sensation and working people into a frenzy over nothing.