ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Elsonso · June 2018

billp_ESO wrote: »

From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

"RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

...Different "RedShell"

Cpt_Teemo wrote: »

lordrichter wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

Cpt_Teemo wrote: »

Charliff1966 wrote: »

JamuThatsWho wrote: »

Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

Yup it is.

Even if its legal in the US doesn't stop them from losing millions of players though

One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

Tell that to EU

Keep in mind that Redshell was put in place on PC before GDPR was in effect. The personal data they collect from Redshell needs to be covered by their privacy policies, and as long as they are doing that in accordance with GDPR, they are fine. It is up to the EU to determine whether that is the case.

Doesn't matter if its before or after its still against the law since it still continuously feeds information even after that date

GDPR does not prohibit data collection. It establishes rules regarding personal data that is collected. Because it was released before GDPR, all ZM has to do is disclose what types of personal data they are collecting, what they are doing with it, and various other things (I am not an expert and cannot enumerate what is not plainly stated on websites), including how to contact the data controller and how to have the data deleted. It looks to me like they are doing all of that. Is it good enough to satisfy EU investigators? I have no idea. That is for the EU to decide.

Now, after GDPR, I guess there are certain things that have to happen when they change what they are collecting. ZOS would have avoided all of that.

I still maintain that it took some serious cojones to roll that out on the eve of GDPR. They might as well have sent a personal invite to EU regulators to come investigate them.

AlexanderDeLarge · June 2018

Disgusting and disappointing. Now I have to be wary of the games I purchase from Zenimax/Bethesda?

NewbieOKS · June 2018

billp_ESO wrote: »

From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

"RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

Cpt_Teemo · June 2018

NewbieOKS wrote: »

billp_ESO wrote: »

From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

"RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

Yeah not sure why they decided to call it the same exact name as a Trojan

Minno · June 2018

Ssalaar wrote: »

Its sad but if they are collecting data such as IP address to get where i am from then the are collecting information on who i am at that timestamp. Doesn't take much work to work with the ISP and find out who had that IP at that time to get demographic information on me so that AT$T will know that i play ESO when ZoS sells the information for advertising purposes. Now that Net Neutrality is gone, the ISP can sell our information as well. They can decide what to give out, yes. I really wish that the US government was more "For the People" instead of currently "for the corporations" that line our pockets.

Its sad that we have become revenue victims for corporations to sell more stuff or sell the data on Joe ESO player likes ice cream so send him ice cream ad's to his PC.

I understand why EULA's are in place but they hide behind them to rip away our privacy. ESO wants to increase its revenue and get more people playing. I understand that. See it with the Twitch weekend. The people watching channels were 3x normal volumes. Now that they stopped it, the same Twitch broadcaster has 50 watchers where he had 300 over the weekend. Of course we all tied in our ESO ID to twitch so they can track us there as well. but needed to "reward" us. *SIGH*

ESO is not the only company to do this, i just wish it wasnt as accepted everywhere with the younger crowd. They just accept it because it is all they know and "normal"

That's only the surface. My favorite blurb from the TOS we "signed":

"Legally Required. We may also disclose your personal data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe necessary or appropriate to disclose personal data to law enforcement or other governmental or regulatory authorities or the courts (in any relevant jurisdiction worldwide), such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Privacy Notice; to respond to any claims against us; and, to protect the rights, property, or personal safety of ZeniMax, our customers, or the public."

Nothing says consumer loyalty like making you sign your rights over to Zeni which consist of your right to a fair due process of law lol.
Combine this with "third party access to your information" basically gives law enforcement the ability to go around you when sniffing around for evidence on any crimes (including warrants). Mind you this isn't me protecting criminals, but everyone has a right to a fair process of any prosecuting crimes they may or may not have committed. It boils down to you having the ability to retain a fair trial and without extra harsh charges applied to you.

And it doesn't stop there. You also forfeit your 4th amendment rights of privacy in your home, data collection obtained through back channels used to incriminate you, etc. Though some of these things are used to combat illegal activity that as grown on the internet. But some are used to trace people to a location and then use that location to say "person was here at this time, therefore they were there for the crime at X" even though the two are not related.

Links (I really wish this was all from some tin-foil websites so I can ignore it lol):

https://www.washingtonpost.com/news/true-crime/wp/2018/04/27/golden-state-killer-dna-website-gedmatch-was-used-to-identify-joseph-deangelo-as-suspect-police-say/?noredirect=on

https://www.cnn.com/2012/08/30/tech/social-media/fighting-crime-social-media/index.html

https://www.npr.org/2018/02/01/578369420/report-alleges-police-use-secret-evidence-collected-by-feds-to-make-arrests

Hokiewa · June 2018

This thread is full of hilarity

Jake1576 · June 2018

TequilaFire wrote: »

Red Shell not available for consoles yet, but in development.
Safe from for a while. Wonder if it would fly with Sony and MS.

Yay something that might be good about finally playing on console at least for the time being lol but I'll take it

Cpt_Teemo · June 2018

Hokiewa wrote: »

This thread is full of hilarity

Good, guess i'll find some "hilarity" once they make profit off your personal info

umagon · June 2018

Cpt_Teemo wrote: »

NewbieOKS wrote: »

billp_ESO wrote: »

From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

"RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

Yeah not sure why they decided to call it the same exact name as a Trojan

Well it is installed without the user consent and it does take information from the target pc and sends it elsewhere. Without informing the user what, where and whom the information is going to before sending it.

Lake · June 2018

...Or the Red Shell in Mario Kart - a strong, homing attack item.

LumbermillOverlord · June 2018

good news guys we already on a radar of many gaming magazins and this topic spread out to other forums

randomkeyhits · June 2018

Already got a repeat order on the popcorn for this one!

As for GDPR readiness, have a read of this http://www.theregister.co.uk/2018/06/01/whats_next_for_whois_and_icann/ It gives an indication of what companies are realising what GDPR means to them, not us.

As for the EULA in the UK the unfair contracts law means you can ask to be refunded. Interesting enough this hasn't had to properly address electronic game accounts with accrued value, like say MMO accounts. There has been talk that the refund would include that accrued value as it also would have to be surrendered along with the account. Waiting for this one to be tested in court. If it went the way of the customer it would then mean that MMOs would basically have to have static EULA or be prepared for big refunds....

As for redshift, I'd be asking for the contact details of their auditors to ask them how they verify that redshift are GDPR compliant then offer myself as a test case for them to use.

Over two whole years companies have had knowledge of GDPR..... *sigh*

Jim_Pipp · June 2018

Haenk wrote: »

So here we go, just sent this to our Data Protection Center ("Datenschutzzentrum", which *will* do an official investigation, and they are not known to play around):

"
Mit dem weit verbreiteten Online-Spiel "Elder Scrolls Online" zusammen wird die Software "Red Shell" zum Sammeln von individuellen Daten verwendet. Dieser Sammlung wurde weder mit den AGB zugestimmt, noch wird sie dem Benutzer mitgeteilt. Die Ausleitung der Daten erfolgt mutmasslich in die USA, ohne entsprechende Datenschutzgrundsaetze.
Im Sinne der Datensparsamkeit sind diese Daten nicht notwendig zur Verwendung des Spiels.

Weitere Hinweise:
https://forums.elderscrollsonline.com/en/discussion/416267/zos-integrated-spyware-red-shell-into-eso-howto-block-opt-out/p1
"

Silence is not the way to go, ZOS. This is a serious issue.

I've only read to the end of page 9, but I feel like this is one of the most constructive posts in the history of the forums! A huge thank you to the technically minded people who have explained this to the people who are not techies, and in particular thank you to @Haenk for starting the ball rolling on the legality of this.

Personally this is a step too far for me, and I am ready to leave the game over this breach of trust - I have played nearly daily since PC launch, so this is not something I threaten lightly. We players ARE paying customers, and our data is not a product to be used against us or by other businesses.

I feel that there are two kinds of arguments supporting zos, and neither is relevant.
1) "If you use the internet then they already collect data." - yes, free services do, but we pay for the service zos offers.
2) this is just normal business practice - yes, but that is a little bit irrelevant, this is not a philosophical discussion about what is normal or ethical in capitalism, this is a specific discussion about whether ZOS needs to do this.

If you are not concerned about this then good for you, but I am pleased so many people are, let us respect each others views. I have e-mailed redshell about how to opt out (as others have), and if I don't post in these forums again it will be because I am not satisfied with their answers.

Raideen · June 2018

Cpt_Teemo wrote: »

Good, guess i'll find some "hilarity" once they make profit off your personal info

Their info was obtained before they got their first paycheck.

StrawberryKitsune · June 2018

Having just had the longest most boring meeting on GDPR. You better get your lawyers to check this *** out ZOS as you might be in breach of European Legislation that just came into force on 25th May. It doesn't just apply to European companies but all companies doing business with the EU. So.... awkward. Can I have a copy of your privacy statement plz? You have also not sent me an email asking me for my consent to have my details stored. ^^ Unauthorized targeted marketing is one of the BIG reasons GDPR is a thing here and you most definitely do not have my authorization as an EU citizen. ^^

MLGProPlayer · June 2018

Does anyone actually know what this is or are people just baselessly fear mongering?

ZOS already has all of your personal information (you gave it to them when you signed up for the game). They don't need "spyware" to get it from you, so that's not what this is.

Raideen · June 2018

MLGProPlayer wrote: »

Does anyone actually know what this is or are people just baselessly fear mongering?

ZOS already has all of your personal information (you gave it to them when you signed up for the game). They don't need "spyware" to get it from you, so that's not what this is.

That is exactly what it is.

Redshell was installed on my PC by Zenimax on 5/24/2018. The GDPR became enforceable on 5/25/2018. Coincidence? I think not.

NewbieOKS · June 2018

LumbermillOverlord wrote: »

good news guys we already on a radar of many gaming magazins and this topic spread out to other forums

I’m not a technical savyy or legal background...but spreading and making new threads with the same topic is a bit overreacting (as of now, I seen the same thread in steam community, and a another mmo based forum...and who knows what next)...

my question as a non legal and IT background person...is RedShell made by Innervate, Inc is truly a spyware or not? What is the definition and characteristics of a spyware? Does all information colleting software are considered as a spyware?

Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

arasysb14_ESO · June 2018

It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.

MLGProPlayer · June 2018

Jimmy wrote: »

I don't know how much longer ZOS is going to keep a large enough player base to turn a profit. A game with MASSIVE potential, being utterly destroyed by the boneheaded decisions of its developer. From crown crates, to RNG only crown mounts, to balance decisions, to spying.... poor ESO has noticeably become more and more vacant on NA PC. And I blame it on ZOS. If ZOS wasn't blinded by the greed to maximize money on the short term vs long term, ESO could of been a game to compete against WOW. But now... now... we watch it dwindle and spiral downward more and more after each DLC and Chapter. A sad fall from grace. I feel sad and robbed.

1.Devs don't make financial strategy decisions, publishers do
2.The game's population has never been higher

MLGProPlayer · June 2018

arasysb14_ESO wrote: »

It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.

It's just monitoring the click through rate of their ads (like the launcher ad and the giant in-game ad everyone complained about). It's standard business practice. They have no way of knowing if their ads are working otherwise or not.

NinetyNineTails · June 2018

NewbieOKS wrote: »

Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

Which means they will try to mitigate this PR disaster by any means necessary. Do you expect to hear the truth? Please...

Just fill a GDPR complaint and let the regulators sort it out.

LumbermillOverlord · June 2018

everyone who casually defending ZOS here - probably their employeers

MLGProPlayer · June 2018

LumbermillOverlord wrote: »

everyone who casually defending ZOS here - probably their employeers

Or they don't wear a tinfoil hat.

MLGProPlayer · June 2018

NinetyNineTails wrote: »

NewbieOKS wrote: »

Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

Which means they will try to mitigate this PR disaster by any means necessary. Do you expect to hear the truth? Please...

Just fill a GDPR complaint and let the regulators sort it out.

Not telling the truth is illegal and would result in huge fines and possibly even jail time for Zenimax executives. I think they'll tell the truth.

FreshlyB8ked · June 2018

MLGProPlayer wrote: »

arasysb14_ESO wrote: »

It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.

It's just monitoring the click through rate of their ads (like the launcher ad and the giant in-game ad everyone complained about). It's standard business practice.

Well then ZOS should have no issue stating this then. Yet they remain silent. Interesting.

LadyAstrum · June 2018

I'm about to find out who I can report this to. I live in the UK, so....you know...not really appreciated. I don't want spy software getting data from my system, especially when I didn't know it was there.

Darlon · June 2018

LumbermillOverlord wrote: »

everyone who casually defending ZOS here - probably their employeers

Lol, comments like this actually make me take anything you say a lot less seriously...

Belegnole · June 2018

RedShell is a 3rd party software

LadyAstrum wrote: »

I'm about to find out who I can report this to. I live in the UK, so....you know...not really appreciated. I don't want spy software getting data from my system, especially when I didn't know it was there.

https://www.gov.uk/data-protection/make-a-complaint

https://ico.org.uk/make-a-complaint/

edit: added link

houjo2000b16_ESO · June 2018

TL:DR of this thread;

PC master race on full display.

/popcorn