ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Arnorien16

MarbleQuiche wrote: »

Arnorien16 wrote: »

MarbleQuiche wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Almost there. The part I bolded will make you non-compliant with GDPR. European customers will either need to opt in, or be presented with two equally prominent options - to opt in or to opt out.

That aside, it's good to see you taking this seriously.

GDPR will come into play depending on the type of Data gathered, if PII is not recorded or data is anonymized the regulations are much more lax.

That's true. I was led to believe Red Shell records IP addresses, and they've confirmed they index data against Steam IDs. Something for Zeni to consider if they haven't already.

Google Analytics collects IP data too, they do it to record country/region and deletes the IP data .. Collection itself may not be the issue, use and records are. Region Locks, DDoS shield that filter traffic by IP etc collects IP too, but isnt against GDPR rules because of how they operate.

MLGProPlayer

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

You can open the file yourself to see what it does. It's checking to see how many people click the launcher ads. Every publisher does this. Whether they use Red Shell or an in-house tool, they do this.

MLGProPlayer

KingMagaw wrote: »

MLGProPlayer wrote: »

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:


You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

Yes i have and in my field of Confocal Microscopy i deal with competent professionals that check and verify work before signing off on it. This is what competent professionals do.


I am not convinced by any means this was a mistake and that 1 module continued working (Independently of all other modules) and by us disabling it ourselves game stops working which means it has an internal check for this module also running.

Great, then you would know that things like this happen regularly.

Scientific fields also have far more quality checks than consumer product industries.

Numerikuu

Jim_Pipp wrote: »

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Same. This was no accident, nor an oversight. If nobody had brought this up they'd have kept quiet about it and continued on as normal. If it has 'never been active/enabled' then why would removing it prevent you from playing the game? I smell something, and it ain't roses.

Arnorien16

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

There is a old Trojan Malware called RedShell and a Analytics Organisation called Red Shell that works with Steam and others. Verify which one they are talking about.

Numerikuu wrote: »

Jim_Pipp wrote: »

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Same. This was no accident, nor an oversight. If nobody had brought this up they'd have kept quiet about it and continued on as normal. If it has 'never been active/enabled' then why would removing it prevent you from playing the game? I smell something, and it ain't roses.

Because the version they implemented would list it among required dlls and it will be when it is finally implemented properly.

Belegnole

Arnorien16 wrote: »

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

There is a old Trojan Malware called RedShell and a Analytics Organisation called Red Shell that works with Steam and others. Verify which one they are talking about.

We weren't talking about the trojan.

Cpt_Teemo

Belegnole wrote: »

Arnorien16 wrote: »

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

There is a old Trojan Malware called RedShell and a Analytics Organisation called Red Shell that works with Steam and others. Verify which one they are talking about.

We weren't talking about the trojan.

Yeah, was really dumb of them to copy the same exact name as a freaking Trojan, great way to start a business lol

Arnorien16

Numerikuu wrote: »

Jim_Pipp wrote: »

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Same. This was no accident, nor an oversight. If nobody had brought this up they'd have kept quiet about it and continued on as normal. If it has 'never been active/enabled' then why would removing it prevent you from playing the game? I smell something, and it ain't roses.

Belegnole wrote: »

Arnorien16 wrote: »

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

There is a old Trojan Malware called RedShell and a Analytics Organisation called Red Shell that works with Steam and others. Verify which one they are talking about.

We weren't talking about the trojan.

Interesting, can you tell me why Red Shell is not banned or actioned against if they are illegal distributors of spyware? Dont they operate in the same way Youtube does?

Prabooo

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Dude, it doesn't work. Advertisement should be a thing of the past, good things sell by itself. You have a good product, don't spoilt it because some hipster company director tells you this is the **** for selling your product.

Cadbury

I wonder if the acronym PARS (Positively Against Red Shell) will start trending over the weekend.

Cpt_Teemo

Cadbury wrote: »

I wonder if the acronym PARS (Positively Against Red Shell) will start trending over the weekend.

More like WTSHTHPTSZOS (What The *** Happened To The Player Test Server Zenimax Online Studios)

Ananoriel

Let's say it is very 'interesting' how they accidentally added Redshell to the game. It is a very vague story, but I am glad that they are going to remove it again (and hopefully won't add back).

Arnorien16

Prabooo wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Dude, it doesn't work. Advertisement should be a thing of the past, good things sell by itself. You have a good product, don't spoilt it because some hipster company director tells you this is the **** for selling your product.

Judging from how much saled Bless Online had due to hype despite poor quality and repeated failures and how people still expect Star Citizen to actually release .... I am going to say that your kwel kid advice is stupid. Marketing and advertisement still works wonders ... I mean Elon Musk is a living testament to that.

Elsonso

clocksstoppe wrote: »

So after seeing the ZOS statement that they are not using the DLL, yet the game crashing if trying to run without it, I analyzed it and made my own spoof RedShell.dll (to see what it logs). Apart from loading and unloading the dll, ZOS does nothing with it for now.

Thank you for the confirmation.

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

I don't find the fact that they accidentally shipped it to be all that surprising. It's pretty simple, really. They accidentally shipped a product that was under evaluation. They knew it was there, and Firor says it was not supposed to be there when Summerset shipped. They intend to use it at some point in the future. We have been warned.

Frankly, I am less concerned about how and why it was in Summerset than I am about what they plan to do with it in the future.

Dithieon wrote: »

Seems like the only reason we got an apology is that they got caught red handed (pun intended).If they had not got called out,that shiz would be merrily humming away on all of our machines....

I might agree with this, but it is more likely that they noticed it and figured that, since they were not actually using it, it was not a problem. Then we noticed it and it became one.

Cadbury

Cpt_Teemo wrote: »

Cadbury wrote: »

I wonder if the acronym PARS (Positively Against Red Shell) will start trending over the weekend.

More like WTSHTHPTSZOS (What The *** Happened To The Player Test Server Zenimax Online Studios)

Clever, but mine fits on a t-shirt

Belegnole

Arnorien16 wrote: »

Numerikuu wrote: »

Jim_Pipp wrote: »

Are we idiots?

It was no accident that a third party (redshell) was installed, ZOS has to pay them!!! Look at the Redshell website, ZOS is their customer!

And it was not an oversight. I had a response from redshell telling me how to opt out before Firor said it was an oversight... so it doesn't sound like an oversight.

I do not believe Matt's statement and if he is lying to the players then I am not sure how I feel about ESO moving forward. I gave Redshell more personal info to opt out, but perhaps it is safer to opt out from something else.

Same. This was no accident, nor an oversight. If nobody had brought this up they'd have kept quiet about it and continued on as normal. If it has 'never been active/enabled' then why would removing it prevent you from playing the game? I smell something, and it ain't roses.

Belegnole wrote: »

Arnorien16 wrote: »

Belegnole wrote: »

MLGProPlayer wrote: »

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

1. It's not spyware
2. It happens all the time (spending one week in a workplace that deals with software development would teach you this)

People really shouldn't comment on things they don't know anything about.

Yes incompetence happens all the time with software development. I know this because I've spent years in that type of workplace.

As to the spyware bit. I would have to disagree with you. The excuse that it is run or used by a legit business is just rubbish. Just because I felt like being fair, I happened to ask four other separate people in the software industry today about this very instance. Funny how each of them said depends, until I told them what was actually happening and gave them the name Redshell. Then each one said... OH, spyware.

There is a old Trojan Malware called RedShell and a Analytics Organisation called Red Shell that works with Steam and others. Verify which one they are talking about.

We weren't talking about the trojan.

Interesting, can you tell me why Red Shell is not banned or actioned against if they are illegal distributors of spyware? Dont they operate in the same way Youtube does?

Well there's lots of spyware and quite a bit of it is not illegal. How the data collected is used has more and more come under debate as people come to understand what's going on. Now, because of that we have gdpr.

Honestly if most people knew how easy it is to find out everything about them on the web, they would lose their minds. That or they would say things like "doesn't matter, I have nothing to hide".

Alinhbo_Tyaka

I can give ZOS the benefit of the doubt that the release of the Red Shell code was an accident. Before retiring 8 years ago I had over 30 years in software design and development. In fact I started well before the invention of the comp sci degree and the term software engineer. While not frequent it wasn't uncommon for the wrong delta to be rolled up or for someone to grab the wrong build files and package them up. Usually this was caught in test but not always. Regardless ZOS says they are going to remove the code so I am satisfied for the time being.

I am more thankful for the heads up that ZOS let us know this is coming in some form or fashion down the road. I had made the decision that I was going to drop my Final Fantasy XIV subscription for an ESO+ sub once this FF release was done with its content drops. Due to the forward looking statement I've decided not to move my subscription and will play the B2P version on the side until the promised spyware is released. At that point I will drop the game entirely. It's too bad as I like the game and feel it is much improved over the original alpha and beta I participated in but I won't have my actions outside the game tracked by some party on behalf of ZOS.

JasonSilverSpring

KingMagaw wrote: »

MLGProPlayer wrote: »

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:


You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

Yes i have and in my field of Confocal Microscopy i deal with competent professionals that check and verify work before signing off on it. This is what competent professionals do.


I am not convinced by any means this was a mistake and that 1 module continued working (Independently of all other modules) and by us disabling it ourselves game stops working which means it has an internal check for this module also running.

Comparing that to a video game is not realistic.

The game probably tried to load the module but not make code calls with that library. Someone confirmed they could strip functionality from the dll and the game worked.

ADarklore

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

It amazes me how so many focus on the 'erroneously added' part and forget about the "it was never enabled" part. People still falsely believing that it is currently or had been collecting data when clearly, from Matt's own words, it was NOT collecting ANY data since it was never enabled in the first placed.

RinaldoGandolphi

Arnorien16 wrote: »

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Yes it is.

Straight from the mouth of one of the largest internet security companies in the world:

Symantec Security Response

Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. These types of programs can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting a EULA from a software program linked to the spyware or by visiting a Web site that downloads the spyware with or without a EULA.

Kapersky
Spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses.

https://redshell.io/privacy-policy

• Does Redshell gather information about the users computer without their knowledge? Yes
• Does Redshell gather information and relay that information to another computer on the internet without the users knowledge? Yes
• Does Redshell gather information about what programs are on the users computer? Yes
• Does Redshell load or hook into another program without the users knowledge? Yes

Redshell is spyware and there is no grey area about it. Symantec, the worlds largest cyber computer security company with the largest Civilian Threat intelligence network in the entire world with over 174 million endpoints says your wrong. Kasperskyy(regardless of your political thoughts on them) agrees with Symantec.

Its Spyware, plain and simple.

zyk

ADarklore wrote: »

It amazes me how so many focus on the 'erroneously added' part and forget about the "it was never enabled" part. People still falsely believing that it is currently or had been collecting data when clearly, from Matt's own words, it was NOT collecting ANY data since it was never enabled in the first placed.

Without opening the can of worms about why, a lot of players have reasonable trust issues when it comes to ZOS. The cynicism does not surprise me at all.

Alinhbo_Tyaka

KingMagaw wrote: »

MLGProPlayer wrote: »

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:


You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

Yes i have and in my field of Confocal Microscopy i deal with competent professionals that check and verify work before signing off on it. This is what competent professionals do.


I am not convinced by any means this was a mistake and that 1 module continued working (Independently of all other modules) and by us disabling it ourselves game stops working which means it has an internal check for this module also running.

Standard coding practice is to check for the success or failure when loading code you are going to call later in the program. This lets you issue error messages and terminate in an orderly fashion. Failure to do this results in your program being abnormally terminated which is not considered an orderly process as the operating system has to handle it. To use a Windows analogy it is the difference between Windows shutting down normally or you getting the BSOD.

Alinhbo_Tyaka

ADarklore wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

It amazes me how so many focus on the 'erroneously added' part and forget about the "it was never enabled" part. People still falsely believing that it is currently or had been collecting data when clearly, from Matt's own words, it was NOT collecting ANY data since it was never enabled in the first placed.

It was enabled in some form as the dll opened and was listening on 16 TCP connections to Red Shell servers on my machine.

CiliPadi

Is this why the game is so laggy and crashes all the time? Game stability over this? Oh wait it's ZO$ , figures.

Doctordarkspawn

EasyTiger wrote: »

If you believe they added it erroneously you'll believe anything. They actually think we're that stupid.

Eitherway, result is the same.

Merlin13KAGL

RinaldoGandolphi wrote: »

Arnorien16 wrote: »

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Yes it is.

Straight from the mouth of one of the largest internet security companies in the world:

Symantec Security Response

Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. These types of programs can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting a EULA from a software program linked to the spyware or by visiting a Web site that downloads the spyware with or without a EULA.

Kapersky
Spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses.

https://redshell.io/privacy-policy

• Does Redshell gather information about the users computer without their knowledge? Yes
• Does Redshell gather information and relay that information to another computer on the internet without the users knowledge? Yes
• Does Redshell gather information about what programs are on the users computer? Yes
• Does Redshell load or hook into another program without the users knowledge? Yes

Redshell is spyware and there is no grey area about it. Symantec, the worlds largest cyber computer security company with the largest Civilian Threat intelligence network in the entire world with over 174 million endpoints says your wrong. Kasperskyy(regardless of your political thoughts on them) agrees with Symantec.

Its Spyware, plain and simple.

Is Redshell malicious? No.

I won't even bother going beyond that, as it's not worth the time.

People have already made up their minds about all of this by now, however right or wrong they may be.

KingMagaw

MLGProPlayer wrote: »

KingMagaw wrote: »

MLGProPlayer wrote: »

KingMagaw wrote: »

So it either goes 2 ways i see it from what Matt Frior said:


You have incompetent staff with a proven track record who have access and can accidentally compile this code into a 'working' version on LIVE. ZOS have trouble making the most simple patches go smooth, yet this got patched and was working giving no errors or signs to the user.

Have you ever worked in development or with a development team? Unintended code makes its into live patches all the time. It has nothing to do with competence. People make mistakes, especially in fields of work as complicated as this one.

Yes i have and in my field of Confocal Microscopy i deal with competent professionals that check and verify work before signing off on it. This is what competent professionals do.


I am not convinced by any means this was a mistake and that 1 module continued working (Independently of all other modules) and by us disabling it ourselves game stops working which means it has an internal check for this module also running.

Great, then you would know that things like this happen regularly.

Scientific fields also have far more quality checks than consumer product industries.

Quite to the contrary i do not see things like this happen regularly where i work so i am not quick to excuse incompetence, especially for a paid service.

To be honest, for me personally, ZOS have been making many silly mistakes for the length of my game time. ESO is fine i can take those on the chin and always attributed that to them being mediocre but now they are aggressively targeting me and spamming me with advertisements to buy Collector's Edition even though i bought it weeks ago, on every character swap of my 15 a day, is too much for me personally. In the fashion they have tried to introduce it also, it shameful.

Troneon

This is a joke.

First ZOS/Redshell steal your information ILLEGALLY WITHOUT YOUR KNOWLEDGE and then TO ALLOW YOU to opt out of this FORCED INTRUSION OF PRIVACY AND SECURITY then want MORE PERSONAL INFORMATION or THEY WILL NOT ....

W....

T.....

F......

Hello,

In order to opt you out from tracking, we need to pull your Bethesda ID. If you can provide the email address and the username tied to your account, Bethesda can provide us with the internal ID we need to complete your request. Once we receive the email address and username, we can get the process started on the Bethesda side and email you an update as soon as your opt-out is completed.

To opt-out of web tracking you'll need to make sure you press the Opt-out button on this page: https://redshell.io/optout This will prevent our system from recording information about any Red Shell links that you may click on in the future. It is important to note that if you clear your browser's cookies you'll need to click on that button again to re-opt out.

In order to opt you out from tracking in other games we need to know your SteamID64. You can find this ID if you don't already know it using a website like https://steamidfinder.com/

Let me know if you have any other questions,

Cpt_Teemo

Merlin13KAGL wrote: »

RinaldoGandolphi wrote: »

Arnorien16 wrote: »

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Yes it is.

Straight from the mouth of one of the largest internet security companies in the world:

Symantec Security Response

Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. These types of programs can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting a EULA from a software program linked to the spyware or by visiting a Web site that downloads the spyware with or without a EULA.

Kapersky
Spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses.

https://redshell.io/privacy-policy

• Does Redshell gather information about the users computer without their knowledge? Yes
• Does Redshell gather information and relay that information to another computer on the internet without the users knowledge? Yes
• Does Redshell gather information about what programs are on the users computer? Yes
• Does Redshell load or hook into another program without the users knowledge? Yes

Redshell is spyware and there is no grey area about it. Symantec, the worlds largest cyber computer security company with the largest Civilian Threat intelligence network in the entire world with over 174 million endpoints says your wrong. Kasperskyy(regardless of your political thoughts on them) agrees with Symantec.

Its Spyware, plain and simple.

Is Redshell malicious? No.

I won't even bother going beyond that, as it's not worth the time.

People have already made up their minds about all of this by now, however right or wrong they may be.

As someone stated before there are multiple listeners using that Redshell connection so yeah not malicious my ass.

yodased

Im just gonna post once more here because i think a lot of things are being conflated and confused.

If you are upset about the potential functions of red shell lets put you in camp a.

If you are upset about the lack of transparency and consistency of information we put you in camp b.

If you are upset that they added a 3rd party program and pushed it live by mistake we put you in camp c.

Camp a:

They make it easier to identify your pathway theough eso, but in reality a smart data scientist could do that anyway right now with internal tools and you would have 0 knowledge or recourse. This is happening, everywhere. Nothing you can do short of leaving cibilozation brhind will fully insulte you from being identofied or aggregated in some way.

Camp b:

fair enough, but they did own up to it and you dont have evidence that contradicts what the statement is. You can vote with ypur wallet and leave, or give them the benefit of the doubt and ride it out. Personally im in this camp and wont support these shady decisions any more

Camp c

the software development world is massively complex. The marketing department more than likely went to the architect and engineers to incorporate this into core net code. This kernel was then saved and pushed to test functionality. Instead or using proper version control systems, that kernal was then manually altered to 'turn off' or rather to 'not turn on' redshell instead of simply rolling back to a known good state. There are hundreds of reasons why this could happen. So many, but all stem on lack of a solid project manager and scope as well as lax version control. It isnt always malcious or evil, people make mistakes.