I wonder what account data you 'save'? So strings on mounts, achievements, but even just quest completion and tons and tons and tons of things not even wowhead can track right? Love to know how much my WoW life would size up in actual bytes.
You can save your data locally? Won't there be a way to change the data files and get your the rarest mounts etc.? Seems weird to have a local savegame of online game progress.
Makes perfect sense to me, Blizzard can encrypt the "savegame" server-side with their private key. That would be completely secure. Then they allow players in other regions who "moved" from China to upload it there, and boom all your characters are back. An elegant solution, really.
Unless they make a gigantic implementation mistake or get hacked and the key is stolen, properly implemented encryption will be secure. To this very day World of Warcraft has never been hacked on the server-side (or the attackers kept it quiet, which seems unlikely) so I wouldn't worry too much about it.
Perhaps there will be a way to rotate the encryption keys from time to time to ensure it either stays encrypted or using the encrypted data in the live game is only possible after certain validation? Or Blizzard could take a snapshot themselves and compare it with the player's local data to validate it as well. Imo there are multiple ways to do this securely and deliver certainty that the only non-tampered accounts will be loaded onto new servers.
No need to encrypt the archive. They can just hash the archive contents to prevent players from altering it.
No possible way this could backfire
Definitely makes you worry about what happens if the security on that file does not hold up. Just a weird crappy situation for everyone involved honestly.
Sorry but, what's the point?If it's encrypted, then blizzard will be storing the decryption key for each user account on their servers. Why don't they just encrypt the character data themselves.And they WILL be storing individual, personally identifying decryption keys, and also they WILL be storing their email addresses; otherwise they could sell / trade their 'encrypted' character data to each other.So dumb...