ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Oberick · June 2018

Its kinda funny they do something like this just weeks after the Facebook stuff and every other company then claims they want to be more transparent.

TequilaFire · June 2018

MLGProPlayer wrote: »

JasonSilverSpring wrote: »

People questioning how it accidentally got included should consider that they surely had included in some test branch to test it. Probably the code and files related to it got erroneously included in the live build.

I manage a group that does software development (not video gaming) and we have had test code get accidentally loaded. Embarrassing and frustrating but it can happen.

We won't know for sure which it is, but I will give them the benefit of the doubt.

I noticed in this thread that when people contacted RedShell there seemed to be some confusion about ESO and how to opt out. To me that supports the accident scenario.

Tinfoil hatters aren't always the most knowledgeable about the details of what they're protesting about.

Anyone with some development/online business knowledge, here and on Reddit, kept a level head throughout this whole thing.

Even the less informed have rights you know.

Cadbury · June 2018

TequilaFire wrote: »

MLGProPlayer wrote: »

JasonSilverSpring wrote: »

People questioning how it accidentally got included should consider that they surely had included in some test branch to test it. Probably the code and files related to it got erroneously included in the live build.

I manage a group that does software development (not video gaming) and we have had test code get accidentally loaded. Embarrassing and frustrating but it can happen.

We won't know for sure which it is, but I will give them the benefit of the doubt.

I noticed in this thread that when people contacted RedShell there seemed to be some confusion about ESO and how to opt out. To me that supports the accident scenario.

Tinfoil hatters aren't always the most knowledgeable about the details of what they're protesting about.

Anyone with some development/online business knowledge, here and on Reddit, kept a level head throughout this whole thing.

Even the less informed have rights you know.

Guess that explains why we have laws to protect them from themselves

Elsonso · June 2018

I, for one, accept the explanation provided by @ZOS_MattFiror

He shows up here very rarely, and this is something Gina and Jessica could have posted. Given that it is still their intent to use it at some point in the future, and how easy it is for unintended stuff to get into their builds, I have no reason to not believe it.

edit... besides, does it matter if that is the reason? What I am more interested in is when they decide they want to use it.

KingMagaw · June 2018

So it either goes 2 ways i see it from what Matt Frior said:

You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

OR

It was designed and patched onto the LIVE server to collect advertising data that ZOS will sell to other companies and use for specific targeting/SPAMMING of internet and in game advertising.

So, people cheat daily in ESO and this is where Matt Frior and ZOS is spending the budget provided by players/customers.

Cpt_Teemo · June 2018

lordrichter wrote: »

I, for one, accept the explanation provided by @ZOS_MattFiror

He shows up here very rarely, and this is something Gina and Jessica could have posted. Given that it is still their intent to use it at some point in the future, and how easy it is for unintended stuff to get into their builds, I have no reason to not believe it.

edit... besides, does it matter if that is the reason? What I am more interested in is when they decide they want to use it.

Might be acceptable to some, but no one "Accidentally" leaves something like that still coded into the update of that magnitude especially a day before a law gets put in motion.

DieAlteHexe · June 2018

Cpt_Teemo wrote: »

lordrichter wrote: »

I, for one, accept the explanation provided by @ZOS_MattFiror

He shows up here very rarely, and this is something Gina and Jessica could have posted. Given that it is still their intent to use it at some point in the future, and how easy it is for unintended stuff to get into their builds, I have no reason to not believe it.

edit... besides, does it matter if that is the reason? What I am more interested in is when they decide they want to use it.

Might be acceptable to some, but no one "Accidentally" leaves something like that still coded into the update of that magnitude especially a day before a law gets put in motion.

You might be surprised. I've seen it happen...twice. Not in gaming but in two programs meant for accessing USENET and the Internet. Wreaked havoc too and heads rolled both times. It was as simple as checking the wrong code out of the library. Tired people screwed up both times.

It happens. Not good but it's not unheard of.

Jim_Pipp · June 2018

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Elsonso · June 2018

Cpt_Teemo wrote: »

lordrichter wrote: »

I, for one, accept the explanation provided by @ZOS_MattFiror

He shows up here very rarely, and this is something Gina and Jessica could have posted. Given that it is still their intent to use it at some point in the future, and how easy it is for unintended stuff to get into their builds, I have no reason to not believe it.

edit... besides, does it matter if that is the reason? What I am more interested in is when they decide they want to use it.

Might be acceptable to some, but no one "Accidentally" leaves something like that still coded into the update of that magnitude especially a day before a law gets put in motion.

Yeah, people accidentally leave all sorts of stuff coded into programs. This can especially happen if they are evaluating software, like what they said they were doing with Red Shell. ZOS is not exactly water tight in the code management department, if you catch my drift. (at one point, it seemed like a contest to see if a patch fixed more things than it broke) Yeah, someone knew it was still there and decided it wasn't critical to remove it, but I don't think that decision happened at the right level, which is why Firor was the one to deliver the message.

Minno · June 2018

lordrichter wrote: »

Cpt_Teemo wrote: »

lordrichter wrote: »

I, for one, accept the explanation provided by @ZOS_MattFiror

He shows up here very rarely, and this is something Gina and Jessica could have posted. Given that it is still their intent to use it at some point in the future, and how easy it is for unintended stuff to get into their builds, I have no reason to not believe it.

edit... besides, does it matter if that is the reason? What I am more interested in is when they decide they want to use it.

Might be acceptable to some, but no one "Accidentally" leaves something like that still coded into the update of that magnitude especially a day before a law gets put in motion.

Yeah, people accidentally leave all sorts of stuff coded into programs. This can especially happen if they are evaluating software, like what they said they were doing with Red Shell. ZOS is not exactly water tight in the code management department, if you catch my drift. (at one point, it seemed like a contest to see if a patch fixed more things than it broke) Yeah, someone knew it was still there and decided it wasn't critical to remove it, but I don't think that decision happened at the right level, which is why Firor was the one to deliver the message.

yea ill accept ZOS's statement for now; they owned up to it. They still did accidentally leave a data mining program which got installed across millions of users at once. That usually doesn't go away quietly.

ezio45 · June 2018

integrated by "mistake"

Arnorien16 · June 2018

Rohamad_Ali wrote: »

How does one accidentally release a spyware program ?

Calling it a Spyware is same as calling a Pug a Wolf. Red Shell is a bog standard data gathering and analytics group (that is partnered with Steam mind you) .... heck the Blizzard Client actually monitors and keeps tab of your hardware to authorize access to games (They have Hardware bans) and you guys are worried about what is equivalent to what Amazon does when you have their tab open.

MarbleQuiche · June 2018

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Almost there. The part I bolded will make you non-compliant with GDPR. European customers will either need to opt in, or be presented with two equally prominent options - to opt in or to opt out.

That aside, it's good to see you taking this seriously.

clocksstoppe · June 2018

So after seeing the ZOS statement that they are not using the DLL, yet the game crashing if trying to run without it, I analyzed it and made my own spoof RedShell.dll (to see what it logs). Apart from loading and unloading the dll, ZOS does nothing with it for now. Unfortunately, since the dll was activated at least once, whatever the *** those guys at RedShell wanted, it already executed. And yeah, these people are in the business of spying people and mining personal data, so it doesn't look good.

The one in the debug folder is never used.

Really disappointed with ZOS, that they could let this happen.

JasonSilverSpring · June 2018

Jim_Pipp wrote: »

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Of course ZOS is a customer if they are testing it, as Matt said. I doubt they can use their tool for free. So, having an account with RedShell does not mean that ZOS intentionally put this out on the live server.

TerraDewBerry · June 2018

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Thank you for owning up to this and making it right again.

Arnorien16 · June 2018

MarbleQuiche wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Almost there. The part I bolded will make you non-compliant with GDPR. European customers will either need to opt in, or be presented with two equally prominent options - to opt in or to opt out.

That aside, it's good to see you taking this seriously.

GDPR will come into play depending on the type of Data gathered, if PII is not recorded or data is anonymized the regulations are much more lax.

Marabornwingrion · June 2018

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

Dithieon · June 2018

Seems like the only reason we got an apology is that they got caught red handed (pun intended).If they had not got called out,that shiz would be merrily humming away on all of our machines....

Arnorien16 · June 2018

Dithieon wrote: »

Seems like the only reason we got an apology is that they got caught red handed (pun intended).If they had not got called out,that shiz would be merrily humming away on all of our machines....

It or its equivalent would be merrily humming in your PC soon enough, if it isn't already. Steam is one of Red Shell's primary customer, and Google+Youtube uses same methods. These are bog standard data mining and analytics practices and they are here to stay ... only thing ZoS technically did wrong was not announce the implementation, which is excusable if they really did make a honest mistake.

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Perwulf · June 2018

#crowncratecompensation

RANKK7 · June 2018

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

Yes, it sounds very similar to this, read what the Community Manager said in that case, essentially it's amazingly similar:

"Sorry for the concern regarding this. We actually intended to disable Red Shell, and we did - but one of the modules was still active"

A mistake, an oversight...

Personally I don't trust what ZOS said but in the end I don't even care if they lied or not, because that tracker is getting removed and that's all for now, though I'm waiting to see in future what will be their choices in regard, about transparency and about trackers (those that are going to stay).

MarbleQuiche · June 2018

Arnorien16 wrote: »

MarbleQuiche wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Almost there. The part I bolded will make you non-compliant with GDPR. European customers will either need to opt in, or be presented with two equally prominent options - to opt in or to opt out.

That aside, it's good to see you taking this seriously.

GDPR will come into play depending on the type of Data gathered, if PII is not recorded or data is anonymized the regulations are much more lax.

That's true. I was led to believe Red Shell records IP addresses, and they've confirmed they index data against Steam IDs. Something for Zeni to consider if they haven't already.

Viga_Brand · June 2018

Tried to delete redshell.dll from the steam folder and the game wont even run. Guess Im not playing this weekend and Ill be cancelling my plus membership.

MLGProPlayer · June 2018

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:

You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

MLGProPlayer · June 2018

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Myrrah · June 2018

this is interesting. i just read a very similar dev post/apology from conan exiles team regarding their inadvertently putting this in their full release-saying they will be removing it as well

KingMagaw · June 2018

MLGProPlayer wrote: »

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:

You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

Yes i have and in my field of Confocal Microscopy i deal with competent professionals that check and verify work before signing off on it. This is what competent professionals do.

I am not convinced by any means this was a mistake and that 1 module continued working (Independently of all other modules) and by us disabling it ourselves game stops working which means it has an internal check for this module also running.

Syncronaut · June 2018

ravenarc wrote: »

#crowncratecompensation

NO

Permanent removal of a spyware (red shell) is the only thing we will accept as a community:
A) It collects data

it will probaly still stay on PC even if we accept new Eula (slowing game down)
C) When we accept the new eula, it must NOT be installed on our PC
D) Generaly community managers have no idea what is happening behind locked doors and are generaly under orders to not tell anything if the topic is problematic (like in our case). The writing you see was 100% made by a Corporate lawyer and not the person who wrote it (or they helped them).
E) If community manager says something, before getting orders, they may end up getting fired pretty quick.

https://en.wikipedia.org/wiki/Corporate_lawyer

Remember this as wow players?
https://www.pcgamer.com/what-its-like-to-manage-a-gaming-community-on-fire/

I got banned on blizzard forums on that day for protesting that.

Belegnole · June 2018

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.