Last week Bodog updated its client software to remove screen names from cash and tournament tables. Player names have been replaced with seat numbers and, as a result, HUDs have been rendered useless. All hands are now played anonymously.
Or are they?
Enter data mining outfit HHSmithy, who has developed a rudimentary program to reveal screen names at Bodog. Instead of anonymising the data server-side, Bodog has left it available on the client. As a result, the data is available to any (semi) competent programmer.
“It is a well-known tenet of IT security: you never trust the client, especially with proprietary information. If you send it to the client, no matter how obfuscated it is, the user can eventually figure it out,” explains HHSmithy’s Kyle Boddy.
He highlights Poulsen’s Law, where information is only secure when it costs more to get than its worth.
Programmers at HHSmithy have also developed a similar tool for revealing screen names on PartyPoker’s “anonymous” tables, where the same client-side flaw has been exposed. PartyPoker, which allows regular screen name changes, has optional anonymous tables for heads-up games.