Security is all about risk management. People take risks all day long. They drive their cars, fly, and partake in many other activities that could be considered “unsecured”.
Nonetheless, we still opt to participate in activities that are not 100% secure because we are so used to managing the risks in our minds. We drive cars because we assume that, statistically speaking, we will not get into an accident if we drive well. Furthermore, we assume that if we do get into an accident we will most likely survive. There are, by contrast, very few people who don’t drive because they simply don’t trust themselves behind the wheel.
The Inherent Security Risks of Playing Online Poker
Playing poker online entails risks, which I have written about here in the past. These risks mainly emanate from not playing poker in a physical environment, as well as the fact that we do not have any control over who is viewing our hole cards. Is it possible for online poker room employees to view players’ cards as we play? The answer is a resounding “YES”! Anyone who makes claims to the contrary is simply lying or not well versed enough in the basics about computer software.
When we play poker online, we trust the poker room operator to do its job right and not let employees like administrators, programmers, and managers cheat players via the use of some kind of a back-door channel or “debug mode” to view our cards and wipe out our bankrolls.
The scenario I have just described is not as far-fetched as you might think; in fact, it has happened more than once in the online gambling industry. Nonetheless, some online poker room operators have proven themselves to be consistently reliable and most people trust them to provide a fair playing environment. We trust those companies to monitor their own workers’ activities and to block any attempt from insiders to view our private data (hole cards, deposits, withdrawals, etc…).
In a previous article, I mentioned that if you want to play online poker securely, one of the best protective measures you could take would be to have a dedicated, separate computer for this sole purpose. The reasoning is very simple: the more software you have installed on your computer, the more potential avenues you open up to a hacker with malicious intent. Of course, if you are playing for low stakes, there’s not much risk. However, if you routinely play online poker for higher stakes and deposit and withdraw large sums of money regularly, you certainly ought to be as confident as possible that the online poker environment and setup you’ve created is as secure as possible.
So What Does All of That Have to Do with Twitch?
Whether you prefer to ignore the reality or not, streaming an online poker session on Twitch by definition introduces the potential for additional security risks. These include:
External Servers and Company Employees
When you stream an online poker session on Twitch, you utilize a third-party “encoder” to send the data (including your hole cards) from your screen to an outside server. This server is not secured by your online poker provider, but rather by Twitch. Furthermore, you must place your trust in the employees, managers, hosting providers, and other server support personnel working for Twitch.
Time Delay Error
Many who choose to stream their online poker sessions on Twitch understandably utilize a time delay mechanism. If, however, there’s an error in the setup, you expose yourself to the potential for accidentally live broadcasting your game. Naturally, your opponents would capitalize on this error.
“Man in the Middle” Attacks
When you stream a live poker session on Twitch, you allow anyone “in the middle” (i.e., between your encoder and the Twitch server) to have the possibility to view your transmission live, even if you’ve programmed a time delay into the broadcast that viewers see when watching your Twitch channel (on the front end). In other words, the “Man in the Middle” wouldn’t be relying on Twitch to view your stream, but would instead be taking the feed right from the back end network.
I’ve already written in previous articles about how hard online poker rooms have had to work to earn our trust as players. With Twitch clearly owning the designation as “poker’s next big thing”, we players cannot forget the inherent security risks associated with using the Twitch live streaming platform.
3 Questions You Must Ask Yourself Before Streaming on Twitch
Based on my almost three decades of experience in the field of cyber security, I am of the opinion that it’s impossible to ever secure anything 100%. With that said, here are three questions you must ask yourself before entrusting Twitch or other live streaming platforms to broadcast your online poker sessions:
- When they allow for “delayed broadcasting”, is the delay on the server side or on the client side? In other words, what exactly is being delayed; the transmission from your computer to the Twitch server or the transmission from the Twitch server to the viewers of your channel?
- Is the stream from your broadcast to the Twitch server encrypted?
- Does Twitch use security certificates to ensure that there’s no “Man in the Middle” who is potentially able to highjack streaming online poker transmissions?
In closing, I’d like to remind readers that I am not only a cyber security expert, but I’m also an avid online poker player. I know that when I play $8 180-man MTTs, if I were to live stream my session on Twitch there would be no real risk. On the other hand, if I were live streaming a $400-$800 mixed game session on Twitch using a hotel Internet connection, that’s something that may turn out to be a very bad idea.