ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Cpt_Teemo

DanteYoda wrote: »

Isn't this crap illegal now due to the new EU security laws?

Yes, no notice or anything and didn't even bother to tell us what data they are collecting even though it isn't illegal in the US games have lost thousands to millions of players over this, IE: CE like someone posted before.

DanteYoda

I opted out no idea if it will stop anything..

https://redshell.io/optout?success=1

Cpt_Teemo

DanteYoda wrote: »

I opted out no idea if it will stop anything..

https://redshell.io/optout?success=1

If you want to opt out of games you have to email them, the instant opt out is only for browsers I believe

DanteYoda

Cpt_Teemo wrote: »

DanteYoda wrote: »

Isn't this crap illegal now due to the new EU security laws?

Yes, no notice or anything and didn't even bother to tell us what data they are collecting even though it isn't illegal in the US games have lost thousands to millions of players over this, IE: CE like someone posted before.

Hopefully some one will sue them.

Troneon

Syncronaut wrote: »

They didnt declare it in big text thats for sure:

When a company or organisation asks for your consent, you have to make a clear action agreeing to this, for example by signing a consent form or selecting yes from a clear yes/no option on a webpage.

It is not enough to simply opt out, for example by checking a box saying you don't want to receive marketing emails. You have to opt in and agree to your personal data being stored and/or re-used for this purpose.
(there is no option like this under account)

You should also be given the following information before you decide to opt in:

information about the company/ organisation that will process your data, including their contact details, and the contact details of the Data Protection Officer (DPO) if there is one
(they failed to disclose that - redshell)
the reason why the company /organisation will use your personal data
how long they intend to keep your personal data
(i didnt see this info unless i am blind)
details of any other company or organisation that will receive your personal data
information on your data protection rights (access, correction, deletion, complaint, withdrawal of consent)
(no idea what companys, they just say random companys)

All this information should be presented in a clear and understandable way.

In other words, they failed to re-present that information to us directly:

I maked parts in black where they failed to up-hold the law.
https://www.zenimax.com/legal_privacy
https://account.elderscrollsonline.com/privacy-policy

Everyone report them to correct authorities and get them fined to hell. This is completely illegal in UK/Europe.

Jimmy

I don't know how much longer ZOS is going to keep a large enough player base to turn a profit. A game with MASSIVE potential, being utterly destroyed by the boneheaded decisions of its developer. From crown crates, to RNG only crown mounts, to balance decisions, to spying.... poor ESO has noticeably become more and more vacant on NA PC. And I blame it on ZOS. If ZOS wasn't blinded by the greed to maximize money on the short term vs long term, ESO could of been a game to compete against WOW. But now... now... we watch it dwindle and spiral downward more and more after each DLC and Chapter. A sad fall from grace. I feel sad and robbed.

Alinhbo_Tyaka

karthrag_inak wrote: »

yodased wrote: »

Something that isnt being looked at here that i just dialed into.

How would i use this if i wanted to be evil?

Google, facebook and instagram analytics give me user hashes, i would use a service like onesignal to identify mobile and get push permission from them.

Then, you send specific tracking codes to the mobile that lead to a cookie place on a website with google and facebook tracking.

From there i can start linking mobile hash to website hash and link mobile to general hash.

Now. With redshell i can link a specific mohile push to a video which features a crownstore item. I can then track that purchase against players who opened the game after seeing that link.

From there. You aggregate allsources of data and say, yodased aka john doe aka steamuser yodased hopped these 4 cookies to buy this hat.

Advertise to yodased moar hats.

Tl;dr You are triangulating personal data from multiple sources and purchase data to identify users.

On its face, analytics isn't that bad - it's currently used most often to, in effect, give folks information about stuff they have shown prior interest in, as you have stated.

snip

I disagree to a fairly large extent. While it shows people things they tend to be interested in it also stops them from seeing new things that might peak their interest. Overtime it also shields people from things that they might be uncomfortable with. The end result is people end up in a bubble that reaffirms their ideology and beliefs instead of challenging them. I'll stop here to avoid this turning into a political discussion but it is one of the worst things to me as I read many news sources and it gets harder over time to keep a broad range as filters get applied based on my history. It is further compounded as many sites use techniques similar to Red Shell so you can't clear things to reset and start over.

GC0

I love this game.

mav1234

Disappointing... very disappointing.

Charliff1966

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

clocksstoppe

TelvanniWizard wrote: »

LumbermillOverlord wrote: »

yes, but i personally dont like this behaviour

Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

Get comfy while i block the *** out of *** because i can

Cpt_Teemo

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

Rosveen

yodased wrote: »

billp_ESO wrote: »

"Our service basically says "this computer clicked on a link from this YouTube video and the same computer played your game." " -- RedShell

So, when I'm playing ESO,, 3rd party spyware is watching what else I do and sending that data off to be sold to who knows who. And all with no warning, no option to not do it, or explanation as to what data it is actually collecting and what/who it goes to.

Yeah basically, if you trust them, they are not sharing or selling this data. But this is also the company that slid this in amongst a huge content patch and hoped we wouldnt notice.

This is what bugs me. I don't mind when my playing habits are being tracked and I can even accept tracking what I do outside the game as long as I know it's going only to the devs and nowhere else. I understand how helpful it is in evaluating your marketing campaigns etc. If they'd just talked to us about it.

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

Turelus

Jimmy wrote: »

I don't know how much longer ZOS is going to keep a large enough player base to turn a profit. A game with MASSIVE potential, being utterly destroyed by the boneheaded decisions of its developer. From crown crates, to RNG only crown mounts, to balance decisions, to spying.... poor ESO has noticeably become more and more vacant on NA PC. And I blame it on ZOS. If ZOS wasn't blinded by the greed to maximize money on the short term vs long term, ESO could of been a game to compete against WOW. But now... now... we watch it dwindle and spiral downward more and more after each DLC and Chapter. A sad fall from grace. I feel sad and robbed.

Pretty sure all of your issues are not because of the developers. All of ZMI's games are going more cash grabby, however they all still show developer passion for the people actually making them.

billp_ESO

Rosveen wrote: »

yodased wrote: »

billp_ESO wrote: »

"Our service basically says "this computer clicked on a link from this YouTube video and the same computer played your game." " -- RedShell

So, when I'm playing ESO,, 3rd party spyware is watching what else I do and sending that data off to be sold to who knows who. And all with no warning, no option to not do it, or explanation as to what data it is actually collecting and what/who it goes to.

Yeah basically, if you trust them, they are not sharing or selling this data. But this is also the company that slid this in amongst a huge content patch and hoped we wouldnt notice.

This is what bugs me. I don't mind when my playing habits are being tracked and I can even accept tracking what I do outside the game as long as I know it's going only to the devs and nowhere else. I understand how helpful it is in evaluating your marketing campaigns etc. If they'd just talked to us about it.

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

"I can even accept tracking what I do outside the game"

This is where I draw the line. ESO the game has no right to inspect anything else on my computer except the game itself. I could make an allowance for ESO trying to detect cheat programs.

If ESO is indeed tracking what we do OUTSIDE the game, and is sending that information to someone else with no notice to me, no indication of what data is being sent, and no indication of where it is going, that is a line I'm not going to cross.

sha-ext

Rosveen wrote: »

Snip
I understand how helpful it is in evaluating your marketing campaigns etc. If they'd just talked to us about it.

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

Exactly this is the problem. Be upfront, explain your reasons. Anything else is just shameful!

Charliff1966

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

Serjustin19

If it's true, then Console could have it to and no way of shutting off. If it's true, why not ZOS lock this thread.

Raideen

Charliff1966 wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

I doubt its legal in the UK. Not sure about USA. Regardless, legal does not mean ethical.

Cpt_Teemo

Charliff1966 wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

Tell that to EU

Elsonso

Rosveen wrote: »

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

I am pretty sure the idea of "sneaking it in hoping no one would notice" was not even a thing. I think they put it in, not caring whether we noticed or not. This is part of the parent-child relationship they have with the community.

Cpt_Teemo

lordrichter wrote: »

Rosveen wrote: »

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

I am pretty sure the idea of "sneaking it in hoping no one would notice" was not even a thing. I think they put it in, not caring whether we noticed or not. This is part of the parent-child relationship they have with the community.

Yeah pretty fun relationship installing spyware silently without anyone getting a heads up or a freaking ToS to resign since they implemented it

Rosveen

billp_ESO wrote: »

Rosveen wrote: »

yodased wrote: »

billp_ESO wrote: »

"Our service basically says "this computer clicked on a link from this YouTube video and the same computer played your game." " -- RedShell

So, when I'm playing ESO,, 3rd party spyware is watching what else I do and sending that data off to be sold to who knows who. And all with no warning, no option to not do it, or explanation as to what data it is actually collecting and what/who it goes to.

Yeah basically, if you trust them, they are not sharing or selling this data. But this is also the company that slid this in amongst a huge content patch and hoped we wouldnt notice.

This is what bugs me. I don't mind when my playing habits are being tracked and I can even accept tracking what I do outside the game as long as I know it's going only to the devs and nowhere else. I understand how helpful it is in evaluating your marketing campaigns etc. If they'd just talked to us about it.

But they decided to sneak it in at the worst possible time and hoped no one would notice. Why? Did no one at ZOS really realize how badly it could backfire, now when everyone's paying more attention than usual to data protection? *sigh*

"I can even accept tracking what I do outside the game"

This is where I draw the line. ESO the game has no right to inspect anything else on my computer except the game itself. I could make an allowance for ESO trying to detect cheat programs.

If ESO is indeed tracking what we do OUTSIDE the game, and is sending that information to someone else with no notice to me, no indication of what data is being sent, and no indication of where it is going, that is a line I'm not going to cross.

I consider it on a case by case basis. Generally speaking, I agree; it's not ZOS's business what I do on the internet while I'm not playing their game. But there are certain uses of this data that I can accept, as long as I know what I'm accepting.

Even if what Red Shell is doing is perfectly legal and permissibly by the ToS we all agreed to, it's still iffy to put third party trackers on our PCs without the slightest warning. Yes, it's happening all the time everywhere, yada yada. That doesn't make it a good thing. This is in large part of what GDPR is about: really driving home that companies can't just gather whatever data they want without the users' explicit consent. Open and honest communication is the key. Alas, the folks at ZOS have never been particularly good at it (but to be fair, they've improved in certain areas since the game's launch).

Ssalaar

Its sad but if they are collecting data such as IP address to get where i am from then the are collecting information on who i am at that timestamp. Doesn't take much work to work with the ISP and find out who had that IP at that time to get demographic information on me so that AT$T will know that i play ESO when ZoS sells the information for advertising purposes. Now that Net Neutrality is gone, the ISP can sell our information as well. They can decide what to give out, yes. I really wish that the US government was more "For the People" instead of currently "for the corporations" that line our pockets.

Its sad that we have become revenue victims for corporations to sell more stuff or sell the data on Joe ESO player likes ice cream so send him ice cream ad's to his PC.

I understand why EULA's are in place but they hide behind them to rip away our privacy. ESO wants to increase its revenue and get more people playing. I understand that. See it with the Twitch weekend. The people watching channels were 3x normal volumes. Now that they stopped it, the same Twitch broadcaster has 50 watchers where he had 300 over the weekend. Of course we all tied in our ESO ID to twitch so they can track us there as well. but needed to "reward" us. *SIGH*

ESO is not the only company to do this, i just wish it wasnt as accepted everywhere with the younger crowd. They just accept it because it is all they know and "normal"

billp_ESO

From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

"RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

Elsonso

Cpt_Teemo wrote: »

Charliff1966 wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

Tell that to EU

Keep in mind that Redshell was put in place on PC before GDPR was in effect. The personal data they collect from Redshell needs to be covered by their privacy policies, and as long as they are doing that in accordance with GDPR, they are fine. It is up to the EU to determine whether that is the case.

Valkysas154

Even blocking it i still don't like it on my pc and seeing how i am done with summerset other than maybe 6 side quests or less
i will keep playing until i am done -prob to day some time then i will log out and not log back in until a Zo$ response about this if it's not that they are removing this spyware from there game then i will cancel my account there are plenty of games out there especially with summer sales coming up on steam and since i bought this game on steam a long time ago but don't need to use steam to play i think i will leave a neg review about them sneaking spyware on players pc's to

eirinnpryderi

Well...they gonna have a rough time if they think I can be easily seduced with ADs to buy their stuff....bring it on ZOS, the game is on!

Night_Watch

Wow! 12 pages already at time of reading. I'm not going to pretend to be a lawyer or that well versed in the issues raised here. There are issues here though. Particularly, the new GDPR in EU needs to be considered.

@ZOS_GinaBruno
@ZOS_JessicaFolsom
@ZOS_MattFiror
@ZOS_Edward

You guys really need to step in here with some sort of placation or explanation.

For those insisting Zos is a US company and GDPR does not affect them or that Zos terms and conditions take promenence over EU law, you are plainly incorrect as a quick look up of GDPR will show. This is not me being an armchair lawyer it is just demonstrable fact.

It seems that many of us, either side of the debate, do not have the full facts and this is starting to cause the debate to degenerate. Let's at least try to stay civil.

Web links that Zos or consumers may find interesating;

https://www.gov.uk/data-protection
https://www.lexology.com/library/detail.aspx?g=3a02f14c-828b-47ba-bb91-cbddb41bbce3
https://www.gov.uk/data-protection/make-a-complaint

As stated, I am no lawyer. It will be interesting to see how this thread goes though.

I'm off to the kitchen! Got to make some new tinfoil head gear. I also have to go out to my illuminati meating later so may not have time to further respond.

Kindest regards all and happy gaming.

Minor edits to clean up.

Cpt_Teemo

lordrichter wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

Tell that to EU

Keep in mind that Redshell was put in place on PC before GDPR was in effect. The personal data they collect from Redshell needs to be covered by their privacy policies, and as long as they are doing that in accordance with GDPR, they are fine. It is up to the EU to determine whether that is the case.

Doesn't matter if its before or after its still against the law since it still continuously feeds information even after that date