Maintenance for the week of December 23:
• NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
• EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

  • Elsonso
    Elsonso
    ✭✭✭✭✭
    ✭✭✭✭✭
    billp_ESO wrote: »
    From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

    "RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

    ...Different "RedShell"
    Cpt_Teemo wrote: »
    Cpt_Teemo wrote: »
    Cpt_Teemo wrote: »
    Wouldn't something like Red Shell be illegal now in the EU due to GDPR?

    Yup it is.

    Even if its legal in the US doesn't stop them from losing millions of players though

    One page back someone showed a reddit post which stated that ZOS will make a statement claiming what they do is legal.

    Tell that to EU

    Keep in mind that Redshell was put in place on PC before GDPR was in effect. The personal data they collect from Redshell needs to be covered by their privacy policies, and as long as they are doing that in accordance with GDPR, they are fine. It is up to the EU to determine whether that is the case.

    Doesn't matter if its before or after its still against the law since it still continuously feeds information even after that date

    GDPR does not prohibit data collection. It establishes rules regarding personal data that is collected. Because it was released before GDPR, all ZM has to do is disclose what types of personal data they are collecting, what they are doing with it, and various other things (I am not an expert and cannot enumerate what is not plainly stated on websites), including how to contact the data controller and how to have the data deleted. It looks to me like they are doing all of that. Is it good enough to satisfy EU investigators? I have no idea. That is for the EU to decide.

    Now, after GDPR, I guess there are certain things that have to happen when they change what they are collecting. ZOS would have avoided all of that.

    I still maintain that it took some serious cojones to roll that out on the eve of GDPR. They might as well have sent a personal invite to EU regulators to come investigate them.
    ESO Plus: No
    PC NA/EU: @Elsonso
    XBox EU/NA: @ElsonsoJannus
    X/Twitter: ElsonsoJannus
  • AlexanderDeLarge
    AlexanderDeLarge
    ✭✭✭✭✭
    Disgusting and disappointing. Now I have to be wary of the games I purchase from Zenimax/Bethesda?
    Difficulty scaling is desperately needed. 10 years. 7 paid expansions. 22 DLCs. 40 game changing updates including A Realm Reborn-tier overhaul of the game including a permanent CP160 gear cap and ridiculous power creep thereafter. I'm sick and tired of hearing about Cadwell Silver&Gold as a "you think you do but you don't"-tier deflection to any criticism regarding the lack of overland difficulty in the vast majority of this game.

    "ESO doesn't need a harder overland" on YouTube for a video of a naked level 3 character AFKing in front of a bear for a minute and a half before dying
  • NewbieOKS
    NewbieOKS
    ✭✭✭
    billp_ESO wrote: »
    From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

    "RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

    I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

    https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/
    https://signatur.eso-database.com/17868970/signatur.jpg
    ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    NewbieOKS wrote: »
    billp_ESO wrote: »
    From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

    "RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

    I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

    https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

    Yeah not sure why they decided to call it the same exact name as a Trojan
  • Minno
    Minno
    ✭✭✭✭✭
    ✭✭✭✭✭
    Ssalaar wrote: »
    Its sad but if they are collecting data such as IP address to get where i am from then the are collecting information on who i am at that timestamp. Doesn't take much work to work with the ISP and find out who had that IP at that time to get demographic information on me so that AT$T will know that i play ESO when ZoS sells the information for advertising purposes. Now that Net Neutrality is gone, the ISP can sell our information as well. They can decide what to give out, yes. I really wish that the US government was more "For the People" instead of currently "for the corporations" that line our pockets.

    Its sad that we have become revenue victims for corporations to sell more stuff or sell the data on Joe ESO player likes ice cream so send him ice cream ad's to his PC.

    I understand why EULA's are in place but they hide behind them to rip away our privacy. ESO wants to increase its revenue and get more people playing. I understand that. See it with the Twitch weekend. The people watching channels were 3x normal volumes. Now that they stopped it, the same Twitch broadcaster has 50 watchers where he had 300 over the weekend. Of course we all tied in our ESO ID to twitch so they can track us there as well. but needed to "reward" us. *SIGH*

    ESO is not the only company to do this, i just wish it wasnt as accepted everywhere with the younger crowd. They just accept it because it is all they know and "normal"

    That's only the surface. My favorite blurb from the TOS we "signed":

    "Legally Required. We may also disclose your personal data if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe necessary or appropriate to disclose personal data to law enforcement or other governmental or regulatory authorities or the courts (in any relevant jurisdiction worldwide), such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Privacy Notice; to respond to any claims against us; and, to protect the rights, property, or personal safety of ZeniMax, our customers, or the public."

    Nothing says consumer loyalty like making you sign your rights over to Zeni which consist of your right to a fair due process of law lol.
    Combine this with "third party access to your information" basically gives law enforcement the ability to go around you when sniffing around for evidence on any crimes (including warrants). Mind you this isn't me protecting criminals, but everyone has a right to a fair process of any prosecuting crimes they may or may not have committed. It boils down to you having the ability to retain a fair trial and without extra harsh charges applied to you.

    And it doesn't stop there. You also forfeit your 4th amendment rights of privacy in your home, data collection obtained through back channels used to incriminate you, etc. Though some of these things are used to combat illegal activity that as grown on the internet. But some are used to trace people to a location and then use that location to say "person was here at this time, therefore they were there for the crime at X" even though the two are not related.

    Links (I really wish this was all from some tin-foil websites so I can ignore it lol):

    https://www.washingtonpost.com/news/true-crime/wp/2018/04/27/golden-state-killer-dna-website-gedmatch-was-used-to-identify-joseph-deangelo-as-suspect-police-say/?noredirect=on

    https://www.cnn.com/2012/08/30/tech/social-media/fighting-crime-social-media/index.html

    https://www.npr.org/2018/02/01/578369420/report-alleges-police-use-secret-evidence-collected-by-feds-to-make-arrests



    Minno - DC - Forum-plar Extraordinaire
    - Guild-lead for MV
    - Filthy Casual
  • Hokiewa
    Hokiewa
    ✭✭✭✭
    This thread is full of hilarity
  • Jake1576
    Jake1576
    ✭✭✭✭✭
    Red Shell not available for consoles yet, but in development.
    Safe from for a while. Wonder if it would fly with Sony and MS.

    Yay something that might be good about finally playing on console at least for the time being lol but I'll take it :smiley:
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Hokiewa wrote: »
    This thread is full of hilarity

    Good, guess i'll find some "hilarity" once they make profit off your personal info
  • umagon
    umagon
    ✭✭✭✭✭
    Cpt_Teemo wrote: »
    NewbieOKS wrote: »
    billp_ESO wrote: »
    From spyware guide ( http://www.spywareguide.com/spydet_894_redshell.html )

    "RedShell is a trojan that is capable of spawning a shell on a remote computer, allowing a user the ability to connect up to the remote computer, [port 1337], and execute any commands they wish."

    I think it is different thing. Just for sharing, got it from the reddit forum with the same topic

    https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

    Yeah not sure why they decided to call it the same exact name as a Trojan

    Well it is installed without the user consent and it does take information from the target pc and sends it elsewhere. Without informing the user what, where and whom the information is going to before sending it.
  • Lake
    Lake
    ✭✭✭✭✭
    ...Or the Red Shell in Mario Kart - a strong, homing attack item.
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    good news guys we already on a radar of many gaming magazins and this topic spread out to other forums
  • randomkeyhits
    randomkeyhits
    ✭✭✭✭✭
    Already got a repeat order on the popcorn for this one!

    As for GDPR readiness, have a read of this http://www.theregister.co.uk/2018/06/01/whats_next_for_whois_and_icann/ It gives an indication of what companies are realising what GDPR means to them, not us.

    As for the EULA in the UK the unfair contracts law means you can ask to be refunded. Interesting enough this hasn't had to properly address electronic game accounts with accrued value, like say MMO accounts. There has been talk that the refund would include that accrued value as it also would have to be surrendered along with the account. Waiting for this one to be tested in court. If it went the way of the customer it would then mean that MMOs would basically have to have static EULA or be prepared for big refunds....

    As for redshift, I'd be asking for the contact details of their auditors to ask them how they verify that redshift are GDPR compliant then offer myself as a test case for them to use.

    Over two whole years companies have had knowledge of GDPR..... *sigh*
    EU PS4
  • Jim_Pipp
    Jim_Pipp
    ✭✭✭✭✭
    Haenk wrote: »
    So here we go, just sent this to our Data Protection Center ("Datenschutzzentrum", which *will* do an official investigation, and they are not known to play around):

    "
    Mit dem weit verbreiteten Online-Spiel "Elder Scrolls Online" zusammen wird die Software "Red Shell" zum Sammeln von individuellen Daten verwendet. Dieser Sammlung wurde weder mit den AGB zugestimmt, noch wird sie dem Benutzer mitgeteilt. Die Ausleitung der Daten erfolgt mutmasslich in die USA, ohne entsprechende Datenschutzgrundsaetze.
    Im Sinne der Datensparsamkeit sind diese Daten nicht notwendig zur Verwendung des Spiels.


    Weitere Hinweise:
    https://forums.elderscrollsonline.com/en/discussion/416267/zos-integrated-spyware-red-shell-into-eso-howto-block-opt-out/p1
    "

    Silence is not the way to go, ZOS. This is a serious issue.

    I've only read to the end of page 9, but I feel like this is one of the most constructive posts in the history of the forums! A huge thank you to the technically minded people who have explained this to the people who are not techies, and in particular thank you to @Haenk for starting the ball rolling on the legality of this.

    Personally this is a step too far for me, and I am ready to leave the game over this breach of trust - I have played nearly daily since PC launch, so this is not something I threaten lightly. We players ARE paying customers, and our data is not a product to be used against us or by other businesses.

    I feel that there are two kinds of arguments supporting zos, and neither is relevant.
    1) "If you use the internet then they already collect data." - yes, free services do, but we pay for the service zos offers.
    2) this is just normal business practice - yes, but that is a little bit irrelevant, this is not a philosophical discussion about what is normal or ethical in capitalism, this is a specific discussion about whether ZOS needs to do this.

    If you are not concerned about this then good for you, but I am pleased so many people are, let us respect each others views. I have e-mailed redshell about how to opt out (as others have), and if I don't post in these forums again it will be because I am not satisfied with their answers.
    #1 tip (Re)check your graphics settings periodically - especially resolution.
  • Raideen
    Raideen
    ✭✭✭✭✭
    ✭✭✭
    Cpt_Teemo wrote: »

    Good, guess i'll find some "hilarity" once they make profit off your personal info

    Their info was obtained before they got their first paycheck.


    Edited by Raideen on June 2, 2018 1:48AM
  • StrawberryKitsune
    StrawberryKitsune
    ✭✭✭
    Having just had the longest most boring meeting on GDPR. You better get your lawyers to check this *** out ZOS as you might be in breach of European Legislation that just came into force on 25th May. It doesn't just apply to European companies but all companies doing business with the EU. So.... awkward. Can I have a copy of your privacy statement plz? You have also not sent me an email asking me for my consent to have my details stored. ^^ Unauthorized targeted marketing is one of the BIG reasons GDPR is a thing here and you most definitely do not have my authorization as an EU citizen. ^^
    Edited by StrawberryKitsune on June 1, 2018 4:56PM
  • MLGProPlayer
    MLGProPlayer
    ✭✭✭✭✭
    ✭✭✭✭✭
    Does anyone actually know what this is or are people just baselessly fear mongering?

    ZOS already has all of your personal information (you gave it to them when you signed up for the game). They don't need "spyware" to get it from you, so that's not what this is.
  • Raideen
    Raideen
    ✭✭✭✭✭
    ✭✭✭
    Does anyone actually know what this is or are people just baselessly fear mongering?

    ZOS already has all of your personal information (you gave it to them when you signed up for the game). They don't need "spyware" to get it from you, so that's not what this is.

    That is exactly what it is.

    Redshell was installed on my PC by Zenimax on 5/24/2018. The GDPR became enforceable on 5/25/2018. Coincidence? I think not.
  • NewbieOKS
    NewbieOKS
    ✭✭✭
    good news guys we already on a radar of many gaming magazins and this topic spread out to other forums

    I’m not a technical savyy or legal background...but spreading and making new threads with the same topic is a bit overreacting (as of now, I seen the same thread in steam community, and a another mmo based forum...and who knows what next)...

    my question as a non legal and IT background person...is RedShell made by Innervate, Inc is truly a spyware or not? What is the definition and characteristics of a spyware? Does all information colleting software are considered as a spyware?

    Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

    https://signatur.eso-database.com/17868970/signatur.jpg
    ESO-Database provides statistics for Elder Scrolls Online characters and guilds. This information is collected by the ESO-Database Client and ESO Database AddOn https://www.eso-database.com/en/ Huge thanks to @Keldor for this amazing add-on
  • arasysb14_ESO
    arasysb14_ESO
    ✭✭✭✭
    It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.
    Arasys Llanor, CP 800+ Magicka Sorcerer NA

    Please do not use the same Fallout 76 engine for TES VI
  • MLGProPlayer
    MLGProPlayer
    ✭✭✭✭✭
    ✭✭✭✭✭
    Jimmy wrote: »
    I don't know how much longer ZOS is going to keep a large enough player base to turn a profit. A game with MASSIVE potential, being utterly destroyed by the boneheaded decisions of its developer. From crown crates, to RNG only crown mounts, to balance decisions, to spying.... poor ESO has noticeably become more and more vacant on NA PC. And I blame it on ZOS. If ZOS wasn't blinded by the greed to maximize money on the short term vs long term, ESO could of been a game to compete against WOW. But now... now... we watch it dwindle and spiral downward more and more after each DLC and Chapter. A sad fall from grace. I feel sad and robbed.

    1.Devs don't make financial strategy decisions, publishers do
    2.The game's population has never been higher
  • MLGProPlayer
    MLGProPlayer
    ✭✭✭✭✭
    ✭✭✭✭✭
    It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.

    It's just monitoring the click through rate of their ads (like the launcher ad and the giant in-game ad everyone complained about). It's standard business practice. They have no way of knowing if their ads are working otherwise or not.
    Edited by MLGProPlayer on June 1, 2018 5:20PM
  • NinetyNineTails
    NewbieOKS wrote: »

    Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

    Which means they will try to mitigate this PR disaster by any means necessary. Do you expect to hear the truth? Please...

    Just fill a GDPR complaint and let the regulators sort it out.
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    everyone who casually defending ZOS here - probably their employeers
  • MLGProPlayer
    MLGProPlayer
    ✭✭✭✭✭
    ✭✭✭✭✭
    everyone who casually defending ZOS here - probably their employeers

    Or they don't wear a tinfoil hat.
  • MLGProPlayer
    MLGProPlayer
    ✭✭✭✭✭
    ✭✭✭✭✭
    NewbieOKS wrote: »

    Since RedShell name have been taking attention (just google it guys), I think they will release an official statement since it is impacting their brand, company and their other clients as well (not only ZOS and Bethesda).

    Which means they will try to mitigate this PR disaster by any means necessary. Do you expect to hear the truth? Please...

    Just fill a GDPR complaint and let the regulators sort it out.

    Not telling the truth is illegal and would result in huge fines and possibly even jail time for Zenimax executives. I think they'll tell the truth.
    Edited by MLGProPlayer on June 1, 2018 5:22PM
  • FreshlyB8ked
    FreshlyB8ked
    ✭✭✭✭
    It's another layer of analytics tool and it most likely links your data with other data sources to give them even more actionable marketing statistics to monetize the game. As a paying subscriber I really don't want to deal with redshell and having this right after GDPR guidelines is typical unethical marketing strategy. Shame on you zos.

    It's just monitoring the click through rate of their ads (like the launcher ad and the giant in-game ad everyone complained about). It's standard business practice.

    Well then ZOS should have no issue stating this then. Yet they remain silent. Interesting.
    Edited by FreshlyB8ked on June 1, 2018 5:24PM
  • LadyAstrum
    LadyAstrum
    ✭✭✭✭✭
    I'm about to find out who I can report this to. I live in the UK, so....you know...not really appreciated. I don't want spy software getting data from my system, especially when I didn't know it was there.

    ~ "You think me brutish? How do you imagine I view you?" - Molag Bal #misunderstood ~
  • Darlon
    Darlon
    ✭✭✭✭✭
    everyone who casually defending ZOS here - probably their employeers

    Lol, comments like this actually make me take anything you say a lot less seriously...
  • Belegnole
    Belegnole
    ✭✭✭✭✭
    RedShell is a 3rd party software
    LadyAstrum wrote: »
    I'm about to find out who I can report this to. I live in the UK, so....you know...not really appreciated. I don't want spy software getting data from my system, especially when I didn't know it was there.

    https://www.gov.uk/data-protection/make-a-complaint

    https://ico.org.uk/make-a-complaint/

    edit: added link
    Edited by Belegnole on June 1, 2018 5:30PM
  • houjo2000b16_ESO
    houjo2000b16_ESO
    ✭✭✭
    TL:DR of this thread;

    PC master race on full display.

    /popcorn
Sign In or Register to comment.