Gravity using ieSnare to track accounts to computer(s)
I've noticed that some time recently Gravity started using the ieSnare/DevicePrint computer tracking system.
If you use Firefox with the "NoScript" add-on you might have noticed it blocking "iesnare.com".
ieSnare company: http://www.iovation.com
It's basically a system that downloads a DLL onto your system (usually via a Flash module) that facilitates the reporting
of several of your unique software and hardware IDs, and flags if you are running under a VM, and have certain software
installed. It also maintains a hidden tracking "cookie" and some hidden/obfuscated tracking registry entries.
You might be thinking "..WTF spyware?.."
Technically via the common definition:http://en.wikipedia.org/wiki/Malware
"..is software designed to infiltrate a computer without the owner's informed consent.".
Did they get your consent to capture unique private data like your Windows serial number?
Often sites that use it do have some sort of "you agree.." in their site TOS for it.
It's understandable to what their goals are that they would do it this way..
What this means to you is if you allowed it to install then Gravity (at least for Requiem) can potentially track/key all your
accounts together. They will potentially know your account 'A' is attached to account 'B', etc.
Search your hard drive for "StmOCX.dll"; If it's there then it means you probably have ieSnare installed.
If you play(ed) online poker like "Full Tilt Poker" then it will probably already have been installed.
The reasons why I can think are numerous: Catch power leveling and gold farming companies, track bad and
exploitative players, catch fraudulent item mall users, etc.
If you Google for "ieSnare remove" it you should find out how to remove it.
Note it will just reinstall it's self the next time you go to http://www.playrequiem.com
unless you have it blocked somehow.
If you do actively play online poker, you will probably want to keep it installed anyhow else your money account(s) might get
negatively flagged if it's not there.
Note the DLL (StmOCX.dll) gets registered as a COM/ActiveX object. Thus it can be accessed via web page scripts.
Plus it has normal DLL exports so it can be loaded and used directly by an application (as some poker clients do).
I completely reversed it a few years ago. And as soon as I have the time I will write about how it works in detail.
At first I will least post how to remove and block it from being installed.