Research Paper : Privacy and Security Policies.

Privacy Policies in Games/Software

by definition Privacy Policy is a document that defines and details how the specific software/organization collects, uses and protects the personal information collected from the user. When it comes to the definition of what a personal information is it varies and is highly dependent on the context. but in general speaking with respect to the context of games/software those information provided by the consumer such as username, email address, postal address, IP address/geolocation, phone number user image, date of birth etc. The privacy policy should also detail how the organization will meet its legal obligations and how the consumer can seek recourse should the organization fail to hold its end. As per the present day standard in the software industry the presence of a privacy policy is a must and is required by the law especially within an application that collects the users personal information in one form or the other. In most cases games collect user information to provide a smoother and consistent gaming experience to the user for example like recording email and user name so that the progress the player made can be save and the be loaded for the next run. Collecting user information like IP address and geolocation becomes almost inevitable when it come to multiplayer games, as location and IP information of the user can be user for purposes to find the closest server for the optimal performance and latency. These days you need to enter at least one one of you personal information to access most of the gaming services out there. Especially if its a game that make use of the in game purchase feature its almost inevitable not to request users more sensitive information such as bank details and PIN code etc. The freedoms and restrictions on the privacy controls are greatly based on the type of game it is. Like for example if its a single player game. personal information like user name and email id might be asked to store player details and in some case it may not be needed as well. but say if its a massively multiplier platform, the platform can request and utilize a lot of personal information for to assist the facilitate an enjoyable playtime. Like for example in a multiplayer game a players location can b e used to find the closest hosting server as it can reduce the latency, packet loss etc. which can improve the performance and therefore the experience by a lot. But it wont be in the interest of some users to keep their profile and user identity for public viewing, some might lean towards having more stricter and privacy setting like provision of anonymity were only they themselves and the organization can view the user details. Well as everything good it comes with a tradeoff, the user wont be able to socialize and self advertise in case if the user is looking for more popularity and social traction. In most games the privacy policy is display to the user mostly as a dialogue box with a scrollable section which contains privacy policy of the game and a checkbox which the user could check and agree with the EULA presented. This is to avoid legal charges from the user regarding use and management of their personal information. The whole thing becomes gray and complicated when is comes to who is able to provide a valid consent for example in Canada a person under the age of 13 is considered not capable of offering a consent. In that case as per the Office of Privacy Commissioner the parent is the one who should consent for the game and also the parent should have the control over how the personal information is shared, the communication options available to the child and the types of content the child have access to.

Security Threats and Defenses

As we know that game industry is growing and is becoming a economic spot were begins to accumulate a lots of wealth. and is also a common knowledge that wealth attracts attention, and we can be sure that all of it won't be from benevolent once. Recently there have been a dozen of instance were companies with advanced software infrastructure has been hacked and their data being stolen by hackers. But speaking about the security threats faced by the user it would mostly fall into any of these 4 category. Infection happens when the player downloads a application/ cheat engine etc. for the game they are playing from unauthorized sources. In cases of popular games what happens is that malicious entities mimics the actual company and its style to mislead the player and make them download the application so that on installation they can plant their virus that executes their malicious plan. This can be easily avoided if the player choses to avoid downloading applications from unauthorized sources. Another common security issue is the Account Takeover. it happens when a hacker manages to find your password and email and also given that most people tend to use a same password for most purposes. The most common way of getting the password form the user is by mimicking a login page of some sort which resembles the games website so that the player accidently enters the credentials. The take over mostly done to access the users associated credit card information and other information that's financially beneficial. It avoid this the most simple precaution that the user can follow is the creation and use of different passwords for different applications, to help with this the player can use applications that stores the user password safely eg Dashlane. Swatting & Doxing is a form of psychological attack that a hacker can pull of once he gets your geolocation and place of residence. This is mostly done by sending a distress signal to the local law enforcement department or medical assistance services so that they would report at the said location with all the necessary measures for prevention and support causing the victim confusion and panic. This can also lead the person to be anxious about that someone else knows their exact location of residence and may trigger moving house. The means which they use collect the location can be varied, speaking within a technical context they may achieve this by finding you IP address by sniffing packets send from your client but for that they must first breach the game server, which can result from weaker security measures implemented by the gaming service provider. Speaking about what companies has to do to solve these security breaches. The company can secure their servers by taking preventive measures against common and known methods of hacking. like for example brute forcing. a simple well known solution to this is to limit the number of wrong tries that a user could make while entering password. Another very effective method is to use SSH encryption so that the data send and received is completely secured such that sniffing that packet becomes virtually impossible. Implementing two step authentication and biometric means to deactivate an account an greatly improve the security to the point the user can have complete control as they them selves are the key.

References

websitepolicies. (11, March, 2021). What is a Privacy Policy: The Definitive Guide. websitepolicies. https://www.websitepolicies.com/blog/what-is-privacy-policy

Office of the Privacy Commissioner of Canada. (31, May, 2019). Gaming and personal information: playing with privacy. https://www.priv.gc.ca/en/privacy-topics/technology/mobile-and-digital-devices/digital-devices/gd_gc_201905/

Rehman, S. Mohr, S. (November, 2011). IT Security Issues Within the Video Game Industry. ResearchGate. https://www.researchgate.net/publication/51952605_IT_Security_Issues_Within_the_Video_Game_Industry

Nicolls, D. (17, June, 2019). What is Biometric Authentication?. Jumio. https://www.jumio.com/what-is-biometric-authentication/#:~:text=Biometric%20authentication%20refers%20to%20security,%2C%20facial%20characteristics%2C%20and%20fingerprints.

IBM. (n.d).Network security protocols. https://www.ibm.com/docs/en/zos/2.2.0?topic=security-network-protocols

nintendo. (2020). Nintendo Privacy Policy. https://www.nintendo.com/privacy-policy/

Ubisoft.(2020). Privacy Policy. https://legal.ubi.com/privacypolicy/en-GB

Ben-Hassine, W. (n.d). United Nations. https://www.un.org/en/chronicle/article/government-policy-internet-must-be-rights-based-and-user-centred

Nathan, S. (10, October, 2020). Why The Video Gaming Industry Is A Viable Threat Vector For Security Breaches?. teceze. https://www.teceze.com/why-the-video-gaming-industry-is-a-viable-threat-vector-for-security-breaches