4 ways to protect your privacy while playing online games

The Call of Duty: Modern Warfare II open beta kicked off this past weekend and as players give their first impressions of the gameplay mechanics through social media(Opens in a new window), the company that publishes the game, Activision, collects their data and uses it to sell products. It’s no big secret as the company sets out its data collection and retention policies in its privacy policy(Opens in a new window).

Activision’s privacy document is comprehensive but is written in a way that is easy to understand and includes links to help users opt out of their targeted mobile advertising program. In the past, I’ve asked readers to read the privacy policy before using mobile apps. Here I tell online gamers the steps to take to keep your data private while you play.


Why game developers want your data

As noted by authors at the Brookings Institution in an article on data-driven video game design(Opens in a new window), today’s game companies collect a lot of data about their players to improve the gaming experience for everyone. In the case of Activision, the company notes in its privacy policy that players should expect surveillance when it comes to their in-game chats or voice communications, as they can be monitored for anti-cheat, anti-fraud, and anti-toxicity purposes.

If you are playing an Activision game and using other software on your gaming device at the same time, Activision may monitor and record that activity. My initial reaction to this kind of tracking was negative. However, a quick Twitter search(Opens in a new window) produces complaints from Call of Duty: Modern Warfare II players in relation to others using software to cheat during the open beta. I think anti-cheat monitoring is necessary for everyone to have a fair and fun gaming experience, so I’m okay with that kind of in-game observation by the company.


How game companies collect and lose your personal data

I have less issues with game companies monitoring player activity and more with the amount of data the companies have to keep about their players. The more player information companies keep, the more data hackers can steal during unavoidable data breach incidents.

PCMag logo Why you should play on a PC

Earlier this year, a criminal violated the Neopets database, potentially exposing payment and personal information related to nearly 70 million accounts. In a statement, the Neopets (Opens in a new window)website confirmed the hack and informed users that the stolen information could contain: “…data provided when registering for or playing Neopetsincluding name, email address, username, date of birth, gender, IP address, Neopets PIN, hashed password, as well as data about a player’s pet, gameplay, and other information provided to Neopets.”

The online security research site TechRobot recently published a report:(Opens in a new window) analyzing the privacy policies of top game developers. TechRobot found that more than half of the online game developers surveyed in the study retain data about who gamers play with, and nearly 90% of game companies collect information obtained from in-game chats.

The most egregious data collector in TechRobot’s report is Riot Games, the company behind the wildly popular free-to-play title League of Legends. Riot Games last reported a data breach in 2013, when approximately 120,000 transaction records were opened. I’ve checked the game’s privacy policy(Opens in a new window) and confirmed that Riot Games automatically collects information such as a player’s IP address, geographic location, ISP, and chat logs. Riot also collects all information that players voluntarily provide, such as demographic information, hobbies, favorite games, and contact lists.

Riot collects a lot of personal information, and it’s exactly the kind of thing bad actors want when hatching their identity theft plans. In the wake of a data breach, criminals can easily combine all those different pieces of personally identifiable information to create a victim profile. The scammers then use these data profiles to impersonate their victims and open lines of credit in their name or create fake social media profiles that are used to scam the people on their contact lists.


How to protect your data when playing online games

Below are a few ways you can reduce your online data footprint while still playing the games you love:

  1. Disconnect your social media accounts. Many game companies, including the ones I mentioned above, monitor all of your in-game communications, which sometimes also applies to social media posts. For example, according to their privacy policy, Riot Games collects social data from users who link their Facebook accounts to their Riot Games accounts.

  2. Use a VPN while you play. A VPN is a privacy tool that can hide your IP address, hiding your geographic location and changing your DNS information. Keep in mind that some games prohibit players from using VPN for location-locked release dates or region-locked in-game items. Since latency and speed can be affected by using them, we’ve put together a list of the best VPNs for gaming.

  3. Use a password manager to create and save your game account credentials. When the game company’s servers get hacked in the future, you’ll be fine knowing that you’ve created a unique password for that game account so that your other accounts aren’t at risk of being compromised by reused passwords.

  4. Enable multi-factor authentication on your account. MFA secures your account by making sure that hackers need something you have (like a hardware token or mobile phone) or something you are (like your fingerprint) in addition to something you know (like a password), to gain access to your account information.

Like what you read? Receive an extra SecurityWatch story in your inbox every week. Sign up for the SecurityWatch newsletter.

Recommended by our editors


What else is happening in the security world this week?

This malware can infect your PC with more than 20 malicious programs. According to antivirus provider Kaspersky, the NullMixer malware can download a large number of Trojans to a PC at once.

British police may have arrested hacker behind GTA 6 leak. London police say they have arrested a 17-year-old on suspicion of hacking.

Twitter: Our password reset feature can’t sign users out of devices. It attributes the now-fixed issue to a bug that was accidentally introduced last year.

Meta sued for tracking iOS users even if they opted out The lawsuit also alleges that the Facebook app violates state and federal laws.

Use the Google app to request removal of search results containing personal information. For some users, search results removal can now be requested through Google’s Android app.

Like what you read?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered straight to your inbox.

This newsletter may contain advertisements, offers or affiliate links. By subscribing to a newsletter, you indicate that you agree to our terms of use and privacy policy. You can unsubscribe from the newsletters at any time.

Leave a Comment