Data Privacy for our Software
Data Privacy for our Software
All communications between our client software running on client computers and our servers is encrypted. It is important to note that strictly speaking, encryption itself does not guarantee privacy. For example, a site where pocket cards of all the players are transferred to everybody, is not secure regardless of encryption. That is why we have spent a lot of effort designing our security system and policies.
The first point at which security becomes an important factor is when the client software is downloaded from the PokerStars site. We must ensure that the client software is downloaded unmodified. To address this requirement, we built the following features into the client installer:
- The installer executable file is signed using an RSA 2048 bit code-signing certificate that was issued to Rational Services Ltd and can be verified with VeriSign, a public certificate authority which can be validated via your web browser.
- This ensures that the client installer came from the software publisher, PokerStars.
- It protects the client installer from alteration between the point of publication and later installation on your machine.
We have a number of built-in features to ensure the security of the game itself.
- Our client software uses the certificates issued by our own Certificate Authority (CA) to authenticate our servers
- Our client software uses the industry standard TLS protocol. We are currently using a 2048-bit RSA key, which according to RSA is sufficient until 2030. As we review and update private server keys every three months, we are secure within a large safety margin. We support the following ciphers: AES128-SHA (128 bits) and DES-CBC3-SHA (168 bits).
- No private data, such as pocket cards, is ever transferred to other players (except in accordance with the game rules).
- All client input is validated server-side.
Collusion is a form of cheating in which two or more players signal their holdings in a game, or otherwise form a cheating partnership to the detriment of the other players at the same table.
While on one hand it is easier to pass information between colluding players online than it is in brick & mortar rooms, it is much more difficult to avoid eventual detection, as the cards for all players can be examined after the play.
No matter how sophisticated the collusion is, it must involve a play of a hand that would not be played that way without collusion. Our detection methods are aimed to catch unusual play patterns and warn the security personnel, who will then make a thorough manual investigation. We will also investigate all players' reports about suspected collusion.
If any player is found to be participating in any form of collusion his or her account may be permanently closed.
"Anyone who considers arithmetic methods of producing random digits is, of course, in a state of sin." - John von Neumann, 1951
We understand that a use of a fair and unpredictable shuffle algorithm is critical to our software. To ensure this and avoid major problems described in , we are using two independent sources of truly random data:
- user input, including summary of mouse movements and events timing, collected from client software
- Quantis , a true hardware random number generator developed by Swiss-based company ID Quantique, which uses quantum randomness as an entropy source
Each of these sources itself generates enough entropy to ensure a fair and unpredictable shuffle.
- A deck of 52 cards can be shuffled in 52! ways. 52! is about 2^225 (to be precise, 80,658,175,170,943,878,571,660,636,856,404,000,000,000,000,000,000,000,000,000, 000,000,000 ways). We use 249 random bits from both entropy sources (user input and quantum randomness) to achieve an even and unpredictable statistical distribution.
- Furthermore, we apply conservative rules to enforce the required degree of randomness; for instance, if user input does not generate required amount of entropy, we do not start the next hand until we obtain the required amount of entropy from the Quantis RNG.
- We use the SHA-1 cryptographic hash algorithm to mix the entropy gathered from both sources to provide an extra level of security
- We also maintain a SHA-1-based pseudo-random generator to provide even more security and protection from user data attacks
- To convert random bit stream to random numbers within a required range without bias, we use a simple and reliable algorithm. For example, if we need a random number in the range 0-25:
- we take 5 random bits and convert them to a random number 0-31
- if this number is greater than 25 we just discard all 5 bits and repeat the process
- This method is not affected by biases related to modulus operation for generation of random numbers that are not 2n, n = 1,2,..
- To perform an actual shuffle, we use another simple and reliable algorithm:
- first we draw a random card from the original deck (1 of 52) and place it in a new deck - now original deck contains 51 cards and the new deck contains 1 card
- then we draw another random card from the original deck (1 of 51) and place it on top of the new deck - now original deck contains 50 cards and the new deck contains 2 cards
- we repeat the process until all cards have moved from the original deck to the new deck
- This algorithm does not suffer from "Bad Distribution Of Shuffles" described in .
PokerStars submitted extensive information about the PokerStars random number generator (RNG) to an independent organization. We asked this trusted resource to perform an in-depth analysis of the randomness of the output of the RNG, and its implementation in the shuffling of the cards on PokerStars.
They were given full access to the source code and confirmed the randomness and security of our shuffle. Visit the Online Random Number Generator page for more details.