Log in with Battle.net on third-party sites

API Discussion
Many Warcraft fan sites are offering contests that use the log in with Battle.net OAuth approval to enter.

    https://dev.battle.net/docs/read/log_in_with_bnet

When you go through the process it asks for approval to give the 3rd party access to- "Your Battle.net Account ID and BattleTag".

    http://i.imgur.com/bfDdSrK.jpg

What exactly is your Battle.net Account ID? real name? email?

It is not immediately obvious to me what this is. On the Warcraft login screen and on the Battle.net account services webpage it refers to your email address as your "Account Name". Your real name is referred to as "Name".

I value privacy and would like clarification on what specific information the Battle.net login authorizes for 3rd parties.

For other Battle.net users-
    How comfortable are you with letting 3rd party websites build databases on your Battle.net account information?
    Should parental controls be able to restrict this type of "Login with Battle.net" to protect the privacy of children who can't necessarily make informed decisions about their privacy?
https://dev.battle.net/docs/read/concepts/AccountIds

Account Id

Blizzard uses an Battle.net Account Id to uniquely identify a particular user within a particular partition, and is a 64 bit unsigned integer.

You should use the accountId to link users into your applications wherever possible, as all other data associated with an account can change, including email addresses and battletags.
Thanks Chaud, that answer was not even in the realm of possibility of what I thought it might be.

The wording on the OAuth approval is too ambiguous for the average person to understand exactly what private credentials they are sharing with 3rd parties. I think the "Battle.net Account ID" phrase on the OAuth approval page should link to it's description to help the privacy minded user be more informed about what exactly is going on.

Although I am philosophically opposed to sharing account information, I like the warning mmochamp added to their contest entry page.

    http://i.imgur.com/WfDZnGW.jpg

Chaud, as a stakeholder in this kind of API interaction, do you think the "Login with Battle.net" should be able to be restricted with parental controls?
06/19/2016 07:01 PMPosted by Reddrake
Although I am philosophically opposed to sharing account information, I like the warning mmochamp added to their contest entry page.


The api is very well built by the Api team and absolutely no information that can come from the api can compromise your account, even your account id cannot without many other pieces of info we don't have access too.

and where it may be possible to add bnet login to parental controls... i don't see blizzard doing this in the future tho i could be mistaken.

the data is very safe and users are well protected that's why every login page is a blizzard page when you go thru the process...

i hope this has helped a little

absolutely no information that can come from the api can compromise your account, even your account id cannot without many other pieces of info we don't have access too.

the data is very safe and users are well protected that's why every login page is a blizzard page when you go thru the process...

[/quote]

I am not so much concerned with 3rd party sites compromising my account. As you probably know, some fan sites are around 10 years old and have a history of being compromised and serving malicious advertisements. I accept this as normal for a high traffic 10 year old website containing valuable ($$$) information, but what I don't accept is smiling and whistling with a song in my heart while I agree to spread my private account details to 3rd parties. Blizzard does, to some degree, agree that this information should be considered private or it would be publicly available information not requiring a log in.

I also disagree that my data is very safe. No data on internet accessible machines is safe. This is why I, and I am guessing many other Battle.net users, choose to restrict account information sharing as much as possible.

Children are unable to make these complex internet security determinations especially when a seemingly credible MVP poster only presents the peaches and creme version of the dark and gritty underbelly of the internet. I personally believe that the majority of the Battle.net users who sign up for these contests are resellers and children who see the carrot of Legion beta keys being dangled in front of them without fully understanding the technical interactions in what they are agreeing to.
Yes, no computer once on the net is 100% secure at all times there are always people trying to obtain data to sell to the highest bidder, and i agree children are unaware of some consequences of internet use. blizzard does point this out in their Privacy Policy
What about Children?

Children Under 13
Once a child states that his/her age is under 13, we do not collect or store any personally identifiable information such as name, address, or email address.

Note to Parents
We recognize a special obligation to protect personal information about young children. We urge parents to instruct their children to never give out their real names, addresses, or phone numbers, without permission, when on-line. Teenagers under the age of 17 and over the age of 12 should encourage their parents to review this policy and to contact us if they would like to evoke our opt-out policy or to raise any concerns. For more information, you may visit our Parental Controls area at https://us.battle.net/account/parental-controls/index.html.


located here http://us.blizzard.com/en-us/company/about/privacy.html

Tho in the end the choice to use 3rd party sites that offer battle.net logins is up to the user the data that is shared to these sites is all public minus the account id and this is not eben the fill account id but the 6-12 char version of the 64 char string (by my understanding) your battle.net id is public on the foums your characters can then be back traced tho a massive scrape comparing achivements and statistics matching characters in groups that would be rughly the same info as what is exposed in the "WOW OAUTH PROFILE /WOW/USER/CHARACTERS" end point.

and account/user/ merely returns 2 pieces of info

{
"id": 851631,
"battletag": "Ulminia#1676"
}


thos no other info is exposed ... and only once the user has been redirected to the battle.net login page and back again using a https protical

yes i'm a firm believer that the api is safe because of my many years using it i havent seen it used in a malicious way yet but i'm also not saying it wouldn't be possible ... tho improbable given it's a rest only api

im hoping a blue will weigh in on this soon ... lol im doing the best i can as im more of a code guy then a policy guy lol
Throm-Ka Reddrake!

06/19/2016 02:28 PMPosted by Reddrake
What exactly is your Battle.net Account ID?


As Ulminia mentioned above, the following URL will explain what your Battle.net Account ID is: https://dev.battle.net/docs/read/concepts/AccountIds

"Blizzard uses an Battle.net Account Id to uniquely identify a particular user within a particular partition, and is a 64 bit unsigned integer."

Your BattleTag is your Battle.net BattleTag that displays publicly in many areas of our websites and applications...for example, here on these forums.
I think this information should be more readily available to Battle.net users during the process of the "Login with Battle.net" process.

I am certain the vast majority of users that have agreed to these terms do not know what the term "Account ID" really means.

The definition provided is, in my opinion, not accessible to children. Children are not able to make informed decisions about their account security. Parental controls should allow Battle.net users to disable this functionality.
06/20/2016 09:38 AMPosted by Reddrake
I think this information should be more readily available to Battle.net users during the process of the "Login with Battle.net" process.

I am certain the vast majority of users that have agreed to these terms do not know what the term "Account ID" really means.

The definition provided is, in my opinion, not accessible to children. Children are not able to make informed decisions about their account security. Parental controls should allow Battle.net users to disable this functionality.


Thank you for the the feedback, I've passed it on to the development team.
Lok'Tar Ogar Andanion
I am using liquidsky a streaming service pc to play my pc games and I was wondering does this violate the blizzard tos
@scalth

This isn't the correct place for that question. You'd probably be better off asking customer service.
how can i play with my friend:( pc > xbox
03/01/2019 07:18 AMPosted by XANAXG0D
how can i play with my friend:( pc > xbox


wow a necro and an off topic question all at once. kudos!

Join the Conversation

Return to Forum