Is Streaming Online Poker on Twitch Worth the Security Risk?

Twitch poker

Image credit: Calvinayre.com

Security is all about risk management. People take risks all day long. They drive their cars, fly, and partake in many other activities that could be considered “unsecured”.

Nonetheless, we still opt to participate in activities that are not 100% secure because we are so used to managing the risks in our minds. We drive cars because we assume that, statistically speaking, we will not get into an accident if we drive well. Furthermore, we assume that if we do get into an accident we will most likely survive.  There are, by contrast, very few people who don’t drive because they simply don’t trust themselves behind the wheel.

The Inherent Security Risks of Playing Online Poker

Playing poker online entails risks, which I have written about here in the past. These risks mainly emanate from not playing poker in a physical environment, as well as the fact that we do not have any control over who is viewing our hole cards. Is it possible for online poker room employees to view players’ cards as we play? The answer is a resounding “YES”! Anyone who makes claims to the contrary is simply lying or not well versed enough in the basics about computer software.

When we play poker online, we trust the poker room operator to do its job right and not let employees like administrators, programmers, and managers cheat players via the use of some kind of a back-door channel or “debug mode” to view our cards and wipe out our bankrolls.

The scenario I have just described is not as far-fetched as you might think; in fact, it has happened more than once in the online gambling industry. Nonetheless, some online poker room operators have proven themselves to be consistently reliable and most people trust them to provide a fair playing environment. We trust those companies to monitor their own workers’ activities and to block any attempt from insiders to view our private data (hole cards, deposits, withdrawals, etc…).

risk managementMinimizing Risks

In a previous article, I mentioned that if you want to play online poker securely, one of the best protective measures you could take would be to have a dedicated, separate computer for this sole purpose. The reasoning is very simple: the more software you have installed on your computer, the more potential avenues you open up to a hacker with malicious intent. Of course, if you are playing for low stakes, there’s not much risk. However, if you routinely play online poker for higher stakes and deposit and withdraw large sums of money regularly, you certainly ought to be as confident as possible that the online poker environment and setup you’ve created is as secure as possible.

So What Does All of That Have to Do with Twitch?

Whether you prefer to ignore the reality or not, streaming an online poker session on Twitch by definition introduces the potential for additional security risks. These include:

  1. External Servers and Company Employees

When you stream an online poker session on Twitch, you utilize a third-party “encoder” to send the data (including your hole cards) from your screen to an outside server. This server is not secured by your online poker provider, but rather by Twitch. Furthermore, you must place your trust in the employees, managers, hosting providers, and other server support personnel working for Twitch.

  1. Time Delay Error

broadcast delayMany who choose to stream their online poker sessions on Twitch understandably utilize a time delay mechanism. If, however, there’s an error in the setup, you expose yourself to the potential for accidentally live broadcasting your game. Naturally, your opponents would capitalize on this error.

  1. “Man in the Middle” Attacks

When you stream a live poker session on Twitch, you allow anyone “in the middle” (i.e., between your encoder and the Twitch server) to have the possibility to view your transmission live, even if you’ve programmed a time delay into the broadcast that viewers see when watching your Twitch channel (on the front end). In other words, the “Man in the Middle” wouldn’t be relying on Twitch to view your stream, but would instead be taking the feed right from the back end network.

I’ve already written in previous articles about how hard online poker rooms have had to work to earn our trust as players. With Twitch clearly owning the designation as “poker’s next big thing”, we players cannot forget the inherent security risks associated with using the Twitch live streaming platform.

3 Questions You Must Ask Yourself Before Streaming on Twitch

trustBased on my almost three decades of experience in the field of cyber security, I am of the opinion that it’s impossible to ever secure anything 100%. With that said, here are three questions you must ask yourself before entrusting Twitch or other live streaming platforms to broadcast your online poker sessions:

  1. When they allow for “delayed broadcasting”, is the delay on the server side or on the client side? In other words, what exactly is being delayed; the transmission from your computer to the Twitch server or the transmission from the Twitch server to the viewers of your channel?
  1. Is the stream from your broadcast to the Twitch server encrypted?
  2. Does Twitch use security certificates to ensure that there’s no “Man in the Middle” who is potentially able to highjack streaming online poker transmissions?

Conclusion

In closing, I’d like to remind readers that I am not only a cyber security expert, but I’m also an avid online poker player. I know that when I play $8 180-man MTTs, if I were to live stream my session on Twitch there would be no real risk. On the other hand, if I were live streaming a $400-$800 mixed game session on Twitch using a hotel Internet connection, that’s something that may turn out to be a very bad idea.

9 Comments

  1. JP Stivala
    JP Stivala April 28, 2015 at 11:34 am

    You have raised some interesting points, in my opinion playing poker and streaming poker are both a learning experience, recreational and fun (this is the way it should be)

    The truth prevails in all situations – with more players resorting to this type of online activity… the need for security while streaming poker is here and happening.

  2. cardplayerlifestyle
    cardplayerlifestyle April 28, 2015 at 11:38 am

    Thanks for reading and for the comment JP; much appreciated.

  3. Carl Pion
    Carl Pion April 28, 2015 at 2:56 pm

    This article definitely raises the question about whether Twitch has the best interests of the poker players at heart. Twitch is making a huge push to attract more and more gamers to their platform, and one can only assume that they are taking all necessary steps to protect the integrity of the streams.

    We believe no player should ever leave it up to Twitch to protect them, and that they should personally handle security related matter on their own.

    At Global Poker Link we are building a global stream team and one of our recommendations to our team members is to only stream low limit buy ins so as to reduce risk. With this article, we now have more information that we can direct to our streamers.

    So thank you Eddie!

  4. cardplayerlifestyle
    cardplayerlifestyle April 28, 2015 at 3:20 pm

    Thanks for reading and for the detailed response Carl. We appreciate it!

  5. JP Stivala
    JP Stivala April 28, 2015 at 4:15 pm

    After giving this some more thought. I think I am much more concerned about the security features of popular poker HUD’s. For example this week JIVARO reached 10,000 users for it’s beta program HUD. I would be really interested to learn more about this from Eddie Harari, maybe this could be the topic for his next article.

  6. Eddie Harari
    Eddie Harari April 28, 2015 at 7:22 pm

    I will try to get to it … thanks for all your remarks…

  7. Eddie Harari
    Eddie Harari April 28, 2015 at 7:27 pm

    Someone posted this video on facebook , i think you should all see it …

    the “hero” is twitching his session and by mistake he had shown the “teamviewer” software window with ID and passcode to login.
    So one of the audience waited for the break, and as the hero went away from the computer he used the information revealed earlier in the stream and logs in to “hero” computer using teamviewer(computer remote control software and transfers 1000$ to himself from the hero’s account….

    https://www.youtube.com/watch?v=CVuo2h355vI

  8. RakeAdvisory
    RakeAdvisory May 14, 2015 at 5:11 pm

    You do realize poker rooms have to respect extra-tight security standards in order to obtain their license? Just play at the rooms that have a good reputation.

  9. cardplayerlifestyle
    cardplayerlifestyle May 14, 2015 at 5:15 pm

    Thanks for the comment. You make a good point and I agree (I’m sure Eddie does too) but obviously this article also deals with factors exclusive to the online operators; i.e., Twitch’s platform.

Leave a Reply