ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

LumbermillOverlord

done on reddit
https://www.reddit.com/r/elderscrollsonline/comments/8nqzkt/zos_just_silently_installed_spyware_in_eso/

ssorgatem

Lol.

It won't work on Linux, through wine, as it will identify each WINEPREFIX as a different machine....


So it won't ever be able to link the ads I see from a native browser with ESO played through wine.
If even updating the GPU drivers or the kernel makes ESO think it's running on a new computer... I can't see how RedShell would be able to target me in any way.

xRIVALENx

This is off topic but @ssorgatem which version of Wine did you get DX11 running under? Was it 2.3? Haven't been able to run ESO on Debian since OpenGL was dropped.

MornaBaine

I've found my load screens to log in are wayyy longer since this most recent update. Now I know why.

ssorgatem

xRIVALENx wrote: »

This is off topic but @ssorgatem which version of Wine did you get DX11 running under? Was it 2.3? Haven't been able to run ESO on Debian since OpenGL was dropped.

I'm using wine 3.9 on Manjaro.
2.3 sounds like a prehistoric version.
But, since Dragon Bones, wine's WineD3D is unable to properly render some textures.

Not all is lost: with DXVK the game works better than with wine's WineD3D.

DXVK is a DirectX11 implementation in Vulkan, so you'll need to have Vulkan set up and working well on your host system and on wine (you'll require wine 3.5 or newer).

AFAIK, the Intel Vulkan driver isn't good enough yet for ESO. It works best on AMD cards, provided you use RADV (Mesa) >18.1 or even better from git. It also works on NVIDIA with the *latest* driver.

Debian is not the best distro to play on due to all these recent software requirements (unless you are on sid?).
Or you could give a try to Manjaro or Arch Linux, I'm the maintainer of the dxvk-git and dxvk-bin packages on the AUR

DoctorESO

Aren't they allowed to do this per their End-User License Agreement?

ssorgatem

DoctorESO wrote: »

Aren't they allowed to do this per their End-User License Agreement?

The EULA cannot override or bypass any law, including the GDPR.

MornaBaine

DoctorESO wrote: »

Aren't they allowed to do this per their End-User License Agreement?

Probably. Via that they probably have access to your kidneys and your first born child. Not the point though. This is intrusive and invasive and those of us who, as customers, don't like it, need to speak out. Yes, even if it changes nothing.

yodased

ssorgatem wrote: »

DoctorESO wrote: »

Aren't they allowed to do this per their End-User License Agreement?

The EULA cannot override or bypass any law, including the GDPR.

At least from my perspective, it's irrelevant if they are technically given quasi-permission to do something like this. The general business practices and what I personally mean to the company mean more to me than legalize.

Break it down.

sub model -> b2p/eso+ -> crown store -> per chapter cost upgrade -> Gifting crowns -> Internal marketing data share

If you cant see the slide into a typical F2p Korean MMO from that, then you aren't ever going to see it.

It's been a long and steady decline of the talent and the ethics of the company, they started strong wanting to build a new experience and community, and 4 years later are just another jaded mmo company printing money.

LumbermillOverlord

Syncronaut wrote: »

Maybe make it on this site:
https://www.mmo-champion.com/forum.php
Or
https://www.reddit.com/r/elderscrollsonline/

Just in case.

anyone have mmo-champion acc to post there?
if so, pls also link it here

DoctorESO

ssorgatem wrote: »

DoctorESO wrote: »

Aren't they allowed to do this per their End-User License Agreement?

The EULA cannot override or bypass any law, including the GDPR.

Does the law actually prohibit what the new information the program is collecting? Don't we consent to information collection in the EULA?

ssorgatem

DoctorESO wrote: »

ssorgatem wrote: »

DoctorESO wrote: »

Aren't they allowed to do this per their End-User License Agreement?

The EULA cannot override or bypass any law, including the GDPR.

Does the law actually prohibit what the new information the program is collecting? Don't we consent to information collection in the EULA?

Can't see any reference to sharing our data with RedShell in the EULA: https://account.elderscrollsonline.com/eula

yodased

ZOS, learn something

https://ylands.com/community/topic/5737-security-concerns-faq/

This, this is all you need, but you choose to as per usual stay silent. As per usual you let your wild rampant user base froth at the mouth at something that you probably could squash rather quickly.

Why? Why let them question and bicker amongst themselves when you are the end all be all? You like watching them squirm?

Be honest for once in your companies history and let your player base know what data you are tracking, why you are tracking it, who it is shared with and how we stop you from sharing it.

It's that simple.

Turelus

Leandor wrote: »

Haenk better copy this thread's contents now and make sure it is retained. After your statement, it will be locked and hidden very very quick.

Note that even when hidden ZOS retains copies of the thread in an archived section for staff.
The conversations I've had with their staff it seems they don't actually delete any threads,.

They also only tend to archive the threads when it's an offensive one or spamming up the forums, most threads like this critical of their policies get locked but remain for people to view them.

Elsonso

yodased wrote: »

Remove client side processes.
Remove p2p connections.
Handshake with the server for all required verifiable data points that are exploitable. (A good software team knows their intrusion points, even if they cant fix them)
Hire in game monitors that are actually in game.

This all sounds nice, but it costs money. If they take that money and spend it on monetization, they can use it to make more money. It is a lot easier to measure the revenue benefits of monetization than it is to try to pin revenue benefits to anti-cheat mitigation.

ssorgatem wrote: »

Can't see any reference to sharing our data with RedShell in the EULA: https://account.elderscrollsonline.com/eula

I just want to point out that it is the Privacy Policy that applies here. You can read that for yourself by following the link at the bottom of the current web page.

yodased

lordrichter wrote: »

yodased wrote: »

Remove client side processes.
Remove p2p connections.
Handshake with the server for all required verifiable data points that are exploitable. (A good software team knows their intrusion points, even if they cant fix them)
Hire in game monitors that are actually in game.

This all sounds nice, but it costs money. If they take that money and spend it on monetization, they can use it to make more money. It is a lot easier to measure the revenue benefits of monetization than it is to try to pin revenue benefits to anti-cheat mitigation.

ssorgatem wrote: »

Can't see any reference to sharing our data with RedShell in the EULA: https://account.elderscrollsonline.com/eula

I just want to point out that it is the Privacy Policy that applies here. You can read that for yourself by following the link at the bottom of the current web page.

I was asked what i would do about cheating. I wasnt putting together a project plan lol, i dont even know the stakeholders.

NewbieOKS

Is there any solid proof? I just want to confirm whether it is just a hoax....

Willock

ZOS.

By all means, collect as much data as you want about how I'm using your product while I'm using your product, as long as it's legal then that's fair game.

What is ABSOLUTELY NOT OKAY is for you to install third-party data collection & analytics software onto my computer WITHOUT MY CONSENT that spies on what I'm doing outside of your program.

THIS IS ILLEGAL AND IMMORAL.

STOP IT.

xRIVALENx

Don't suppose anyone decrypted the SSL packets in Wireshark and took a look at what is actually being sent? Just curious as to what information they contain.

LumbermillOverlord

NewbieOKS wrote: »

Is there any solid proof? I just want to confirm whether it is just a hoax....

use search on your PC

Elsonso

yodased wrote: »

lordrichter wrote: »

yodased wrote: »

Remove client side processes.
Remove p2p connections.
Handshake with the server for all required verifiable data points that are exploitable. (A good software team knows their intrusion points, even if they cant fix them)
Hire in game monitors that are actually in game.

This all sounds nice, but it costs money. If they take that money and spend it on monetization, they can use it to make more money. It is a lot easier to measure the revenue benefits of monetization than it is to try to pin revenue benefits to anti-cheat mitigation.

ssorgatem wrote: »

Can't see any reference to sharing our data with RedShell in the EULA: https://account.elderscrollsonline.com/eula

I just want to point out that it is the Privacy Policy that applies here. You can read that for yourself by following the link at the bottom of the current web page.

I was asked what i would do about cheating. I wasnt putting together a project plan lol, i dont even know the stakeholders.

I get it. What you would do about cheating is build a plan and present that to the stakeholders, who would realize that if they didn't do it, they could invest the money in monetization.

deleted210304-002304

Of course they have done this, it fits in perfectly with their recent pattern of anti-consumer behaviour.

I'm not sure what is worse, the fact that ZOS has done this or the fact of that there are many short sighted devil's advocates that will support this and allow this sort of behaviour to continue unchallenged.

Samadhi

Turelus wrote: »

Leandor wrote: »

Haenk better copy this thread's contents now and make sure it is retained. After your statement, it will be locked and hidden very very quick.

Note that even when hidden ZOS retains copies of the thread in an archived section for staff.
The conversations I've had with their staff it seems they don't actually delete any threads,.

They also only tend to archive the threads when it's an offensive one or spamming up the forums, most threads like this critical of their policies get locked but remain for people to view them.

Having moderator experience for a f2p gaming company
can say that no post that ever appeared to be deleted was fully removed
everything was just made invisible to general forum users

If you want even more creepy
It is quite possible this line that you did not type
"Edited by Turelus on June 1, 2018 7:09AM"
works as a link for moderators, allowing them to view every aspect of your post that was changed
delete a word and replace it with another word to correct your grammar in a forum post?
It is all permanently logged.

Merlin13KAGL

General safety:

1. Everyone online should have a good firewall that monitors and restricts both incoming and outgoing traffic. Once you get it, you should at least learn the basics of how to use it.
2. Learn the options to block and allow traffic on your router.
3. Everyone with a PC should have a good antivirus program with up to date signatures.
   • You shouldn't be disabling this for anyone or any reason. Well written code doesn't need you to disable your security to see if your security is causing the software not to run properly. Good antivirus companies can both examine the program in question and work with Devs to ensure all works properly and all is well.
   • I'll say it again: Do Not Disable (even briefly) your antivirus, regardless of what IT, Customer Service, or anyone else would tell you.
4. Understand what you're agreeing to and what's actually going on. People tend to panic and assume the worst. I've included some sections from ZoS's own privacy policy below. Take from them what you will.
5. There are regulations in place to limit and oversee this sort of thing.
6. No system is infallible. If you can access it, then potentially someone else can too. The only prevention for this is zero access. Nothing is unhackable.
7. Finally, understand that if you're on this planet, your data is likely being mined, in some form, in some fashion, by some company. See the above point, and know that it's not always as dire as some make it out to be and it's not always a bad thing.

Here is (the relevant parts) of the privacy policy. Take from it what you will:

• 2. The Personal Data We Collect
  ZeniMax collects personal data directly from Users, automatically via their use of the Services, and in some cases from third parties. The personal data that ZeniMax collects about Users (which may be combined across Services and features) varies depending upon the particular Services used, and may involve the following:
  

  • D. User / Device Identifiers.
    When you access, play or use our Services, we may collect IP address, MAC address, console identifiers (e.g., XUID and PUID), and other device identifiers; we also assign account holders a unique user identifier, which we use to identify and link relevant information to your User account (e.g., in-game information such as statistics, scores, achievements and subscription levels).
    
    *Redshell also does this.
  • H. Automatically Collected Information.
    We also may automatically or indirectly collect information about you, your computer or mobile device (such as when you use our Services, read our emails, through social media channels). We (and our third-party providers) may record log files and use cookies, pixel tags, local shared objects, java script, and other mechanisms to collect this information about you. For more information, see the Cookies, Analytics and Personalization section below.
  • J. Information from Third Party Sites.
    We also may use third party tools to help us manage and analyze our social media presence, and report on comments, mentions and other content that is posted about us on social media sites and other public channels and forums. These third parties’ activities, and their information collection and sharing practices, are subject to the terms of the relevant social media site, channel or forum. We will use this information in accordance with this Policy.
    For our legitimate commercial interests.
    The personal data referred to under Section 2. D, E, F, G, H and I above may be used to improve and develop our products and services; analyse the use of our Services and generate aggregate statistics about our User community; personalize your experiences (e.g., for your geographic area); send or display targeted marketing; facilitate software updates; assist in security and fraud prevention; for system integrity (preventing hacking, cheats, spamming, etc.); facilitate our business operations and maintain appropriate business records; operate company policies and procedures; facilitate our response to legal process (e.g., a court order, warrant or subpoena); enable us to merge, sell, acquire, or transfer assets; and for other legitimate business purposes permitted by applicable law.
  Use of information based on your consent.
  We may use personal data about you based on your express consent, for example to send you marketing communications, surveys, news, updates and other communications. Users may be able to withdraw their consent at any time in accordance with applicable laws; please see the Marketing and Communications Choices and the Access, Amendment, and Other User Rights sections below for information on how to withdraw your consent.
  
  In addition to marketing purposes, where required by applicable law, ZeniMax will obtain your consent to this Privacy Notice and our collection, use and disclosure of your personal data.
  
  *If you agreed to the privacy notice, you agreed to the data collection.
  
  
• 4. How ZeniMax Shares Personal Data
  ZeniMax may disclose your personal data as follows, and we will obtain your consent to do so where required by applicable law:
  
  Service Providers and Processor.

  We may engage vendors, agents, service providers, and affiliated entities to provide services to us or to Users on our behalf, such as support for the internal operations of our websites, online stores (including payment processors), products (such as our games) and services (e.g., message board operations, and technical support processing), as well as related offline product support services, data storage and other services. In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf. Our contracts with these service providers do not permit use of your personal data for their own marketing and other purposes.

  
  *Redshell doesn't get to sell your data.
  
  Notwithstanding anything else in this Privacy Notice, we may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and the individual cannot be re-identified.
  
  **No identifying information**
• 5. Cookies, Analytics and Personalization
  
  We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, gaming performance and use of the Services. We may combine this “activity information” with other personal data we collect about you. Generally, we use this activity information to understand how our Services are used, track bugs and errors, provide and improve our Services, establish matchmaking, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, as well as for targeted marketing and advertising, to personalize content and for analytics purposes (see the “ Access, Amendment, and Other User Rights” section below for information about opting-in out of certain uses of your personal data)
  6. Third Party Advertising
  
  We work with third party ad networks, channel partners, measurement services and others (“third party ad companies”) to display advertising on our Services, and to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information, and, with your consent, your device’s geolocation information; we and these third party ad companies use this information to provide you more relevant ads and content and to evaluate the success of such ads and content.
  
  
• Opt Out for alternate sites:
  
  Custom Audiences and Matching. Unless you have opted out, we may share certain information (such as your email address) with third parties – such as Facebook and Google – so that we can better target ads and content to our Users, and others with similar interests, within their services. These third parties use the personal data we provide to help us target ads and to enforce their terms, but we do not permit them to use or share this data with other third-party advertisers. You can opt-out of our sharing your personal information to target you this way by emailing us at privacy@support.zenimax.com. If you opt out, we will process your opt out in a reasonable amount of time.
  
  As noted above, you may control how Google, Facebook and other third parties display certain ads to you, as explained further in their respective privacy policies and ad preferences pages. You can also obtain more information about targeted advertising, and how to opt-out of receiving targeted ads from many third-party ad networks (including Facebook and Google), through the following:
  
  For U.S. Users:
  
  http://www.networkadvertising.org/optout_nonppii.asp (Network Advertising Initiative)
  http://www.aboutads.info/choices (Digital Advertising Alliance)
  For Users in the EU: http://www.youronlinechoices.eu (European Interactive Digital Advertising Alliance)
  
  For Users in Canada: http://youradchoices.ca/choices/ (Digital Advertising Alliance of Canada)
  
  Opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.
• 15. Access, Amendment, and Other User Rights
  ZeniMax gives Users several easy-to-use ways to access, amend and exercise their choices and rights regarding their personal data.
  In addition, Users may also have the right to request that certain personal data be exported to another provider where technically feasible, and, under certain conditions to object to or restrict our use of certain personal data.
  Marketing Preferences. You may change your email preferences and opt out of marketing communications through your profile settings.
  
  Access, Amendment and Other Rights. If you have registered with us and wish to access or update your profile, or exercise certain opt out rights, you may do so online by visiting the “profile” settings in your account. You may also contact our Privacy Coordinator as set forth below to access or amend your personal data, to request that we delete or stop processing your personal data, to withdraw your consent to our processing, and, if you are an EEA resident, to exercise your opt-out rights or place a data portability request.
  

  Privacy requests should be directed to the ZeniMax Media Inc. Privacy Coordinator at privacy@support.zenimax.com, or 1370 Piccard Drive, Rockville, MD 20850 USA. Please keep in mind that certain Services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal data. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.
  You also have the right to lodge a complaint with a supervisory data protection authority.
  
  17. Contact Details
  The controller for your personal information is ZeniMax Media Inc.,1370 Piccard Drive Rockville, MD 20850 USA. In addition, for purchases made by Users in the EEA, ZeniMax Europe Ltd., Reg. No. 06333300, Haymarket House, 29-29 Haymarket, London SW1Y 4SP, is a joint- controller for your transaction data. This privacy notice applies to both ZeniMax Media Inc. and ZeniMax Europe Ltd., and data subjects may exercise their rights with respect to their EEA transaction data with both entities by contacting ZeniMax Media Inc. as set forth below.
  If you have any questions, complaints or comments regarding our Privacy Notice or practices, please contact our Privacy Coordinator via email at privacy@support.zenimax.com or by regular mail at:
  Privacy Coordinator
  ZeniMax Media Inc.
  1370 Piccard Drive
  Rockville, MD 20850 USA
• Register a complaint:
  As previously mentioned, we are a licensee of ESRB’s Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at http://www.esrb.org/privacy/contact.aspx or:
  ESRB
  Attn: VP, Privacy Certified Program
  420 Lexington Avenue, Suite 2240
  New York, NY 10170 USA
  privacy@esrb.org
  
  EDIT: Formatting.

NewbieOKS

LumbermillOverlord wrote: »

NewbieOKS wrote: »

Is there any solid proof? I just want to confirm whether it is just a hoax....

use search on your PC

I used steam and try the regular windows search using key “red shell”,...

Result is none...is there any specific search term?

Kuramas9tails

purple-magicb16_ESO wrote: »

I was going to say,

EVERY BUSINESS USES SOMETHING LIKE THIS

Seriously! Google uses it. Facebook uses it. Any website you go to which sells ANYTHING, uses this. Just because you don't see this product being used on Amazon doesn't mean they don't use it.

LumbermillOverlord

NewbieOKS wrote: »

LumbermillOverlord wrote: »

NewbieOKS wrote: »

Is there any solid proof? I just want to confirm whether it is just a hoax....

use search on your PC

I used steam and try the regular windows search using key “red shell”,...

Result is none...is there any specific search term?

NewbieOKS

LumbermillOverlord wrote: »

NewbieOKS wrote: »

LumbermillOverlord wrote: »

NewbieOKS wrote: »

Is there any solid proof? I just want to confirm whether it is just a hoax....

use search on your PC

I used steam and try the regular windows search using key “red shell”,...

Result is none...is there any specific search term?

Ok found it..is it ZOS or steam who installed it? Since only impact steam players who install ESO through steam

yodased

@merlin13kagl not about the permissions its about communication and transparency towards users.

This company may be the worst when it comes to being open about what is actually going on

Samadhi

Samadhi wrote: »

Turelus wrote: »

Leandor wrote: »

Haenk better copy this thread's contents now and make sure it is retained. After your statement, it will be locked and hidden very very quick.

Note that even when hidden ZOS retains copies of the thread in an archived section for staff.
The conversations I've had with their staff it seems they don't actually delete any threads,.

They also only tend to archive the threads when it's an offensive one or spamming up the forums, most threads like this critical of their policies get locked but remain for people to view them.

Having moderator experience for a f2p gaming company
can say that no post that ever appeared to be deleted was fully removed
everything was just made invisible to general forum users

If you want even more creepy
It is quite possible this line that you did not type
"Edited by Turelus on June 1, 2018 7:09AM"
works as a link for moderators, allowing them to view every aspect of your post that was changed
delete a word and replace it with another word to correct your grammar in a forum post?
It is all permanently logged.

Oh also,
check your Discussions tally in your forum profile sometime
then check it again after a thread you participated in is hit with a mod stick
The Discussions count will go up, because when individual posts are removed from a thread
they are archived as a new, separate thread in the staff section

We actually had two protocols for sweeping -- random individual spam posts were moved to a megathread of spam,
while arguments and so forth across multiple posts within a thread would be swept into a new thread to keep them organized as a batch