(844) 627-8267 | Info@NationalCyberSecurity
(844) 627-8267 | Info@NationalCyberSecurity

PlayStation have updated their terms of service, and some of the updates are about hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Screenshot thanks to @Roc6d

If you log in to the PSN your PS5 or PS4 today, you might be greeted by an “Important changes to our legal documents” message from your console. We users usually glance over these messages, but today, as pointed out by scene member Roc6d, the legal update includes modifications regarding hacking.

PSN Legal Documents – what changed

Heading over to the “what’s changed” portion of the announce, here’s what Sony have to say about this legal update (emphasis mine):

We’ve made several changes throughout to improve clarity.  The most notable changes are explained below:

  • Clarified requirement to provide accurate and complete information related to your Account – Sections 3.1 and 3.6.
  • Updated and clarified storage and use of authenticating information – Sections 3.3, 3.4, and 8.7.
  • Simplified use of “a child” and a “Child Account” – Sections 4.2, 4.3, 4.5, and 4.9.
  • Updated our Code of Conduct – Section 5.
  • Clarified requirement for current, valid, and third party payment methods – Section 8.1.
  • Updated the possibility of conducting promotions that offer discounts with certain purchases, which may be subject to additional terms and conditions – Section 8.10.
  • Relocated the definition of Virtual Items and updated restrictions on the availability of cheats or transferring of PSN Content – Section 8.13.
  • Updated our ability to correct errors, inaccuracies, or omissions related to information on the PlayStation Store or related websites – Section 8.19.
  • Updated restriction on the use of bots or scripts for use with PSN Content or your Account – Section 10.7.
  • Clarified actions we may take in the event of a violation or potential violation of the Agreement – Section 12.2.

PSN Code of Conduct updated – focuses less on hackers, more on bullies

Now, a lot of those changes are related to scripting or automation, but the most significant change, in my opinion, happens in the “Code of conduct” section. That section has been entirely modified to be easier to digest. When this chapter used to be a series of bullet points (22 of them), it has now 9 subsections as follows:

  • Be inclusive
  • Be sensible. Follow the Law
  • Be Kind
  • Be Respectful
  • Be Responsible
  • Be a team player
  • Be discreet. Keep it decent
  • Help us ensure PSN is the Best place to play
  • Follow any specific rule for each product

This might be a sign of the times, but the updated code of conduct seem way more about being a decent person online, and less about “technical” attacks. Some of the hack-related sentences are entirely gone, others are slightly modified, but this carries some significant meaning for the hacking scene. For example (emphasis mine):

  • Do not cheat, or use any bugs, glitches, vulnerabilities or unintentional mechanics in Content or the PSN to get an advantage or to gain unauthorized access to Content.

Has been replaced with:

  • Do not use any bugs, glitches, vulnerabilities, or unintentional mechanics in products or PSN to get an advantage.
  •  Do not phish for or harvest any accounts, account details, or other credentials.

In other parts of the code of conduct, for example, mentions of “IP” or “Mac address” are removed. Maybe Sony’s general audience have evolved from very geeky folks to a broader group of people who don’t know/don’t care what a Mac address or IP address are. Or maybe IP address and Mac address aren’t considered super relevant in that kind of legal document at this point.

The changes are subtle, and I’m no lawyer, but I feel like the updated Code of Conduct is aimed more at “protect the users and their experience” rather than the old “protect the PSN from technical attacks” direction. It’s also good to understand why the rules are in place (with titles such as “Be kind” that IMO have more impact than 5 disconnected bullet points of “do not…”), rather than having them shoved down our throats. Just my two cents, obviously.

This isn’t to say that hacking the PS4 or PS5, let alone the PSN, is now fair game no matter what! Illegal activity is still illegal, breaking and entering into any corporate network without prior authorization is very, very not good (actual legal term). Generally speaking, it just feels like PlayStation have moved most of the “technical hacks” outside of the Code of Conduct section, to make it clearer that this part is about protecting the users and their experience, although technical hacks, unauthorized intrusions into the PSN, etc… are still mentioned here and there.

However, there is also this clear line added to the Code of conduct:

If you believe you have found a vulnerability in PSN products or services, tell us so we can fix it. Please visit HackerOne.com/PlayStation for information on our BugBounty program.

To my knowledge, this is the first time Sony mention their bug bounty in their terms of service, despite the program having been in place for more than two years. In practice, this doesn’t change anything on how PlayStation have been behaving with hackers over the past few years, but this is how I interpret this:

  1. The bug bounty has been a success for PlayStation, and is here to stay
  2. The rules haven’t changed for hackers, but the legal documents had been a bit stale compared to the actual situation: I’m assuming that the legal terms stating “you shall not attempt to hack us” started to look at odds with the bug bounty program’s “please try to hack and report” directive. So I’m feeling this is just a coat of fresh paint here, updating the documents to match reality

Other changes to the PSN Legal Terms

The Code of conduct update was by far the most interesting change to me. Other changes are less related to hacking in general.

For example, on account creation and authentication, in addition to slightly changing the wording in a handful of sections, PlayStation added the following paragraph:

3.6. We may request identifying documentation or information from you as part of your Account creation (or at any time thereafter) in order for you to create an Account or for us to provide certain offerings, functionality, or features to you; if we have a reasonable suspicion of fraud, illegal activity, that your Account may have been compromised, or that you or your Account is in violation of these terms; to avoid harm to SIE, its affiliates, licensors, or players; or as may be required by law. We reserve the right to suspend, terminate, or restrict your Account and PlayStation Device, and your participation in or access to offerings, functionality, or features, if you do not provide such documentation or information, or based on our review of such documentation and information.  

Nothing directly related to hacks in here. The same is true for Section 12.2, in which Sony outline what actions they can take against people who don’t follow the rules.

Old version

12.2.  Suspension or Termination of your Account or Console by SIE.  We may suspend or terminate any PSN Account or PlayStation Device, or indefinitely suspend or discontinue online access to certain network features or services, in the event of a violation of this Agreement, or as may be reasonably necessary to protect our PSN users, our partners, our platform, or other SIE interests. 

New version

12.2.  Suspension or Termination by SIE.  With or without notice, we may restrict, suspend or terminate your PSN Account and PlayStation Device, or indefinitely restrict, suspend or discontinue your access to or, or use of, certain PSN Content, offerings, features, products  and services, if you violate this Agreement or we have a reasonable belief such a violation has or will occur, or as otherwise may be reasonably necessary to protect our PSN users, our partners, our platform, or other SIE interests. 

Some of these changes can feel a bit ominous, e.g. Sony stating they could terminate your account if they believe that you will do something bad with it, but their Network, their rules, I guess.

The full PSN terms of service can be found here. Past versions on web archive.

Thanks to Roc6d for the tip!


Click Here For The Original Story From This Source.

National Cyber Security