According to data-mining site hhSmithy, the Full Tilt Poker client was secretly collecting personally identifiable information, including Windows product keys, and sending the information back to the FT server. The software was also encoding information covertly in image files and the installer file.
Collecting certain identifiable information and monitoring windows processes is common with many poker clients to protect against a long list of cheating and abuse – including running bots, using banned software, multi-accounting and collusion. However, the collection of Windows product keys would be well beyond the expectations of the user and against the privacy laws in many jurisdictions.
Of further concern is allegedly the poker client was hiding certain personal information inside lobby image files using the cryptographic technique known as stenography. It appears the installation file itself was also uniquely fingerprinted.
Primarily a data-mining service, the hhSmithy team now lists “security analysis” and “vulnerability research” on their business cards with the group rising to prominence this week after “de-anonymizing” the anonymous tables at PartyPoker and Bodog and, in the process, uncovering a security vulnerability in the latter.
A video courtesy of the hhSmithy team is embedded below:
