Battle.web customers are involved over a safety flaw that won’t exist

The new replace installs a Certificate Authority to your PC, permitting Battle.web to immediately validate connections with net servers. This is seemingly to deal with a bug with sure browsers, together with Mozilla, being unable to immediately talk with Battle.web for login permissions utilizing public CAs. More mainstream browsers, like Chrome and Firefox, had been capable of immediately deal with browser-to-app communication, so this was a non-issue for many customers.

However, this new CA was put in to the identical location that holds System Root certificates, the identical certificates which your OS makes use of to validate on-line safety. No one appears fairly positive about how a lot permission the Battle.web CA has to make its personal certificates. In concept, a malicious or hacked root CA might drive your laptop to current a pretend web site – say, your private financial institution – as a trusted, safe website.

But it appears any worst case state of affairs is a few pointless doomsaying. While the brand new Battle.web CA is put in to the foundation location, it doesn’t seem to truly have root permissions. Instead, it’s solely capable of validate native Battle.web hyperlinks that time to your individual PC, with new keys and certificates generated for every set up.

In response to customers’ concern over the potential overreach of the brand new CA (greatest summed up by this Reddit thread), Blizzard issued an announcement by way of the official forums. “Our recent update to the Blizzard Battle.net desktop app made sure players could properly use features like logging in to Battle.net via a social network, or joining a Blizzard group via an invite link. To facilitate these features, we updated the local webserver to use a self-signed certificate to be consistent with current industry security standards.”