Xbox Tracked Internal NDA Leakers with Ingenious Serial Number Embedding Trick

Xbox Tracked Internal NDA Leakers with Ingenious Serial Number Embedding Trick

To track NDA breakers and leakers, Microsoft slyly found a way to sneak identifying data withing beta versions of the New Xbox Experience for Xbox 360.

Ever wonder how some NDA leakers get tracked down by developers and publishers? Often it comes down to small little tricks hidden within the programming, and any private beta worth its salt has some form of protection. This apparently included the internal beta of Xbox 360’s New Xbox Experiences UI, according to some Microsoft employees.

Posting about it on Twitter, user @cullend mentioned that one of his favorite projects while working in Microsoft was finding out how to slyly project an Xbox 360’s serial number in the waves beneath the Xbox logo:

For anyone new to the development or testing process, both commercially or internally, most users are asked to agree to non-disclosure agreements (NDAs) which they will be penalized for breaching. In case you miss what they are talking about, focus on these rings here:


While this may just look like normal graphic design to make a cool wave-like reflection, this would actually break down into numbers that would tell Microsoft the machine that the leak came from.

Even more interesting, the strategy worked. In a follow-up reply from Microsoft’s Jason Short, he affirmed that there “was more than one internal person busted that way”:

Thankfully, this didn’t affect the gaming scene at large. While NXE would later ship after the successful beta, it wasn’t shipped with this identifier included. This method of identifying leaks was only used internally to track NDA-breakers within Microsoft:

And while this is absolutely a cool story about the development solutions happening from years past, it is still an important lesson for anyone looking to share footage or pictures of something under an NDA. There may be dozens of hidden tricks that companies are using to make sure their confidential information is being enforced. Even worse, you may end up in a situation where they penalize you through removal of games within your library or taking you to court.