ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

zyk

yodased wrote: »

If you are upset about the potential functions of red shell lets put you in camp a.

If you are upset about the lack of transparency and consistency of information we put you in camp b.

If you are upset that they added a 3rd party program and pushed it live by mistake we put you in camp c.

<snip>
Camp b:
fair enough, but they did own up to it and you dont have evidence that contradicts what the statement is. You can vote with ypur wallet and leave, or give them the benefit of the doubt and ride it out. Personally im in this camp and wont support these shady decisions any more
<snip>

I generally agree with you, but another option is to not accept their explanation wholesale, mark another mistrust tick against them and continue playing grudgingly. I'm not ready to quit yet, but this is definitely another strike against both ZOS and Zenimax.

It is impossible for us to prove they did not plan a full implementation but also practically impossible for them to prove they did not and that their explanation is a PR knee jerk.

Though I understand device fingerprinting and tracking occur in many different ways, if Red Shell didn't offer further insight, it wouldn't have value and we wouldn't be having this discussion.

The fact that tracking has become so ubiquitous shows that discussions of this nature and appropriate outrage are necessary because users should push back. I hope that as a result of this debacle, there is a greater understanding of the need to do so.

Raideen

Merlin13KAGL wrote: »

RinaldoGandolphi wrote: »

Arnorien16 wrote: »

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Yes it is.

Straight from the mouth of one of the largest internet security companies in the world:

Symantec Security Response

Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. These types of programs can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting a EULA from a software program linked to the spyware or by visiting a Web site that downloads the spyware with or without a EULA.

Kapersky
Spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses.

https://redshell.io/privacy-policy

• Does Redshell gather information about the users computer without their knowledge? Yes
• Does Redshell gather information and relay that information to another computer on the internet without the users knowledge? Yes
• Does Redshell gather information about what programs are on the users computer? Yes
• Does Redshell load or hook into another program without the users knowledge? Yes

Redshell is spyware and there is no grey area about it. Symantec, the worlds largest cyber computer security company with the largest Civilian Threat intelligence network in the entire world with over 174 million endpoints says your wrong. Kasperskyy(regardless of your political thoughts on them) agrees with Symantec.

Its Spyware, plain and simple.

Is Redshell malicious? No.

I won't even bother going beyond that, as it's not worth the time.

People have already made up their minds about all of this by now, however right or wrong they may be.

May I have your address and keys to your house? I am not malicious, I said so.

Kuwhar

Ok, I feel this warrants posting considering all the fear mongering. This is my netstat with ONLY ESO open and running on my machine.





When Matt said it was not active he was telling the truth. Those connections are: ESO, Microsoft, and Cloudfare. No Redshell.

NewbieOKS

RinaldoGandolphi wrote: »

Arnorien16 wrote: »

Red Shell is not a spyware, its legit analytics business that works for the likes of Steam in the same way Google analyses behaviors to tailor adds and searches. ZoS using Red Shell is not the mistake, not announcing it properly is the mistake ... which would make sense if it was a unintentional implementation.

Yes it is.

Straight from the mouth of one of the largest internet security companies in the world:

Symantec Security Response

Programs that have the ability to scan systems or monitor activity and relay information to other computers or locations in cyberspace. Among the information that may be actively or passively gathered and disseminated by spyware are passwords, log-in details, account numbers, personal information, individual files, or other personal documents. Spyware may also gather and distribute information related to the user's computer, applications running on the computer, Internet browser usage, or other computing habits.

Spyware frequently attempts to remain unnoticed, either by actively hiding or by simply not making its presence on a system known to the user. These types of programs can be downloaded from Web sites (typically in shareware or freeware), email messages, and instant messengers. Additionally, a user may unknowingly receive and/or trigger spyware by accepting a EULA from a software program linked to the spyware or by visiting a Web site that downloads the spyware with or without a EULA.

Kapersky
Spyware is generally loosely defined as software that’s designed to gather data from a computer or other device and forward it to a third party without the consent or knowledge of the user. This often includes collecting confidential data such as passwords, PINs and credit card numbers, monitoring keyword strokes, tracking browsing habits and harvesting email addresses.

https://redshell.io/privacy-policy

• Does Redshell gather information about the users computer without their knowledge? Yes
• Does Redshell gather information and relay that information to another computer on the internet without the users knowledge? Yes
• Does Redshell gather information about what programs are on the users computer? Yes
• Does Redshell load or hook into another program without the users knowledge? Yes

Redshell is spyware and there is no grey area about it. Symantec, the worlds largest cyber computer security company with the largest Civilian Threat intelligence network in the entire world with over 174 million endpoints says your wrong. Kasperskyy(regardless of your political thoughts on them) agrees with Symantec.

Its Spyware, plain and simple.

I already had Kaspersky Internet Security running in my PC along with ESO. When a player created this thread, I immediately run a scan test on the targeted files (RedShell.dll) in all the ESO base game folder including the user setting files in My Document. However Kaspersky Internet Security software does not recognise as a threat/mailicious software/spyware.

Edit: typo erorr....thread change to threat

Elsonso

Alinhbo_Tyaka wrote: »

It was enabled in some form as the dll opened and was listening on 16 TCP connections to Red Shell servers on my machine.

How much data did it transfer?

DanteYoda

Inarre wrote: »

This thread is first rate conspiracy theory, fake-news A+++. I'm sure the internet histories here are also boasting other 5 star websites like TrueTrumpers.com.

Take two seconds to READ and EDUCATE yourself on what it is you think you're fearful of before preparing for the datapocalypse. Come on people.

Disclaimer: Not employed by ZOS

It doesn't matter what it does, the fact it got added without customers consent and its dials home without our permission.. If they start out with stuff like this, whats next?

The point is customers do not like having stuff like this doing crap without their knowledge..

DanteYoda

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Why do you just ask us or throw up some Zos official polls or even surveys instead of doing everything so shady and honestly this is pretty shady to customers..

Kuwhar wrote: »

Ok, I feel this warrants posting considering all the fear mongering. This is my netstat with ONLY ESO open and running on my machine.





When Matt said it was not active he was telling the truth. Those connections are: ESO, Microsoft, and Cloudfare. No Redshell.

How do you know the data isn't being stored at the same server..

Sixsixsix161

VaranisArano wrote: »

Judging by my internet advertising, the only thing the ad companies know about me is that I play ESO. So just like the current full screen ad in game, they keep trying to sell me Summerset, which I already own...

Same here. I pre-ordered Summerset several weeks ago. Next day, I started seeing ads all over several websites I look at each day - for Summerset.

Stupid.

Iselin

And people wonder why some of the better countries around the world are starting the process to regulate this industry.

Smasherx74

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

so u plan to give us in game ads?

ErMurazor

ADarklore wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

It amazes me how so many focus on the 'erroneously added' part and forget about the "it was never enabled" part. People still falsely believing that it is currently or had been collecting data when clearly, from Matt's own words, it was NOT collecting ANY data since it was never enabled in the first placed.

Matts own words!??!!!!! He just admits they implemented a spyware behind our backs and I should trust what they say now!?! ? You must be the most naive person i ever come accross.

StackonClown

quote from ZOS:

"....web content new players see to the eventual account that is created in the game."

Err.. then why is it installed for players who ALREADY HAVE AN ACCOUNT in the game?

I don't get this explanation ??

DoctorESO

Why did PLAYERS have to self-discover this and call you out on it before you admitted to having the program and agreeing to delete it? It shouldn't be like this.

Korah_Eaglecry

StackonClown wrote: »

quote from ZOS:

"....web content new players see to the eventual account that is created in the game."

Err.. then why is it installed for players who ALREADY HAVE AN ACCOUNT in the game?

I don't get this explanation ??

Because its a half truth. Its meant to placate those upset enough to create 15+ pages of outrage and possibly threaten bad press for them. Because now it looks like those who are already account holders and existing players dont have anything to worry about.

The truth is its meant for both. Old and New alike. They want to know which ads are drawing in the new players. And they want to know which ads are hitting the Old. That way they can adjust their approach and tailor their ads to each group. A new player is going to approach purchases differently than a player thats been with the game for x amount of years and has already bought in. So it makes no sense to try and advertise the same way to them, why tell a player thats already bought Summerset to buy it? If you know the site is often hosting players that have never played the game before. Then that ad would have a better chance of working. But a player with Summerset might be more interested in Elven Costumes to help them immerse themselves in their experience in Summerset. So heres an ad about a new dress or suit.

Korah_Eaglecry

ADarklore wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

It amazes me how so many focus on the 'erroneously added' part and forget about the "it was never enabled" part. People still falsely believing that it is currently or had been collecting data when clearly, from Matt's own words, it was NOT collecting ANY data since it was never enabled in the first placed.

Yes lets completely ignore the real reason this is even a topic and talk about something that is neither here nor there. It doesnt matter if it was turned on or not because it was already on peoples computers and all it took for them to use it was to flip the switch.

Anything else from the Shill Brigade?

ErMurazor

lordrichter wrote: »

clocksstoppe wrote: »

So after seeing the ZOS statement that they are not using the DLL, yet the game crashing if trying to run without it, I analyzed it and made my own spoof RedShell.dll (to see what it logs). Apart from loading and unloading the dll, ZOS does nothing with it for now.

Thank you for the confirmation.

Astrid_V wrote: »

Sorry but how could you accidentally install spyware to your own game and don't know about it? It sounds like bs written by your lawyer and I don't believe in it. @ZOS_MattFiror

I don't find the fact that they accidentally shipped it to be all that surprising. It's pretty simple, really. They accidentally shipped a product that was under evaluation. They knew it was there, and Firor says it was not supposed to be there when Summerset shipped. They intend to use it at some point in the future. We have been warned.

Frankly, I am less concerned about how and why it was in Summerset than I am about what they plan to do with it in the future.

Dithieon wrote: »

Seems like the only reason we got an apology is that they got caught red handed (pun intended).If they had not got called out,that shiz would be merrily humming away on all of our machines....

I might agree with this, but it is more likely that they noticed it and figured that, since they were not actually using it, it was not a problem. Then we noticed it and it became one.

If ZoS says so it must be the truth....

LumbermillOverlord

MLGProPlayer wrote: »

You can open the file yourself to see what it does. It's checking to see how many people click the launcher ads. Every publisher does this. Whether they use Red Shell or an in-house tool, they do this.

stop misleading people. you silly zeni emloyer

“We do not collect any personal information about gamers. We don’t collect names, emails, or addresses. Our service basically says ‘this computer clicked on a link from this YouTube video and the same computer played your game.’ We have no interest in tracking people, just computers for the purposes of attribution.”

and read again what Mattsaid, its not only launcher adds

Octopuss

ZOS_MattFiror wrote: »

The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content.

Someone translate this into human speech for me please.
What advertisements, what web content WHERE? There are no ads on the ESO website.

revenileb14_ESO

Octopuss wrote: »

ZOS_MattFiror wrote: »

The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content.

Someone translate this into human speech for me please.
What advertisements, what web content WHERE? There are no ads on the ESO website.

I think he means like "where to focus advertising ESO to people on the web." So like do they get a bunch of new players because of the trailers on youtube? Or from ads on websites?

James-Wayne

Kuwhar wrote: »

Nice one ZoS, owning up to it and removing it. Apology accepted

Only because they were busted haha

StackonClown

Still dont get this - what am I missing here ??

"The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created."

If this is only for new players that DONT have an account, then they dont have the game either right?
So then how on earth would they install redshell?? Or is that for steam or something?

It seems this has exclusively been installed on EXISTING accounts (by 'mistake' ) but serves no purpose apparently ?!?



Can someone pls explain?

TheInfernalRage

@ZOS_MattFiror, since a plan is at play to place RedShell eventually, I 'll just ask:

Where exactly are you guys planning to place the advertisements? In-game or in the launcher? And what location-based ads are you talking about?

LumbermillOverlord

RedShell can track your activities outside the game

so for example you watching youtube video with funny cats
next day ZOS will advert you a cat pet at your login in game

Heka Cain

Zos;Zenimax are just a drop in the ocean as regards scumbag moves like this! If you have fakebook just search online as to where your info goes...ever heard of a weapons manufacturer named Lockheed Martin? Now there is something for all of you to be worrying about!

TelvanniWizard

I can just point you guys to post #2 of this thread. The answers are there.

StackonClown

Maybe some of the community ambassadors or class representatives can comment on this also, given they roles the have representing players ??

MarbleQuiche

Arnorien16 wrote: »

MarbleQuiche wrote: »

Arnorien16 wrote: »

MarbleQuiche wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

Almost there. The part I bolded will make you non-compliant with GDPR. European customers will either need to opt in, or be presented with two equally prominent options - to opt in or to opt out.

That aside, it's good to see you taking this seriously.

GDPR will come into play depending on the type of Data gathered, if PII is not recorded or data is anonymized the regulations are much more lax.

That's true. I was led to believe Red Shell records IP addresses, and they've confirmed they index data against Steam IDs. Something for Zeni to consider if they haven't already.

Google Analytics collects IP data too, they do it to record country/region and deletes the IP data .. Collection itself may not be the issue, use and records are. Region Locks, DDoS shield that filter traffic by IP etc collects IP too, but isnt against GDPR rules because of how they operate.

Like I said, something for Zeni to consider. This company collects one piece of PPI data and by its own admission indexes against another. One is absolutely against GDPR without an opt-in and Zeni need to be on top of what happens to that other. That's all I was saying. Chill.

Back to the thread at large. It's by the by whether its installation was a mistake. I work in software. It happens all the time. It's got little to do with incompetence. Software is one of the most complex engineering feats humanity undertakes. It's very nature means engineers often work blind (there's an art to it as much as a science). ESO is an incredibly complex piece of software.

What date Red Shell was packaged is irrelevant too. The GDPR stuff covers all data handling from 25th onwards. From a legal viewpoint, what if I had my computer off on the 24th and patches in the 25th? Zeni are currently distributing this piece of software. If it is collecting data that is then being stored in a personally-identifying way then they're breaking the law. Mistake or not. By means of a fictional example, Coca Cola don't automatically dodge culpability because they accidently put arsenic into their products. A court of law would decide on that.

However, user reports currently suggest this software does nothing. In which case, this whole thread is moot.

Kronuxx

First I see this post, then oddly enough after updating my hosts file and trying to log into the game, it constantly keeps crashing. I was pretty much on the way out with this game. Got tired of the constant bugs despite many reports in early PTS, the increasing ads, the increasing number of crown store items, and the consistent lies. It's time to move on. I've unsubscribed and deleted the game. For those of you on the edge, actions speak louder than words. Do not give them your money until they start fulfilling the necessary actions that many players have been requesting. Less ads, less items gated behind the crown store, improvement of server performance, and oddly enough improvement of game performance (I definitely did not see it with Summerset).

Facefister

Kronuxx wrote: »

First I see this post, then oddly enough after updating my hosts file and trying to log into the game, it constantly keeps crashing. I was pretty much on the way out with this game. Got tired of the constant bugs despite many reports in early PTS, the increasing ads, the increasing number of crown store items, and the consistent lies. It's time to move on. I've unsubscribed and deleted the game. For those of you on the edge, actions speak louder than words. Do not give them your money until they start fulfilling the necessary actions that many players have been requesting. Less ads, less items gated behind the crown store, improvement of server performance, and oddly enough improvement of game performance (I definitely did not see it with Summerset).

Funny thing is they don't have the content they're going to advertise for. Take WoW for an example, they're pretty straight forward with it but they offer large amount of PvP areas, PvE dungeons and raids. What is ZoS going to advertise for? A green, glowing cat for 2500 2000 crowns? Why should I get that, when I get the same "pet" in a different game with much more PvE/PvP content? They're extremely hostile towards the playerbase lately, first the Summerset scam with the so "long awaited" JCrafting grind, now this.

DoctorESO

Check this out: https://www.esrb.org/confirm/zenimax-confirmation.aspx

"ZeniMax is an ESRB Privacy Certified member in good standing.

1,722 users have endorsed ZeniMax for their responsible privacy practices.

About ESRB Privacy Certified

ESRB Privacy Certified helps companies implement responsible privacy practices. Program members display the ESRB Privacy Certified seal to show they are in compliance with applicable privacy laws and best practices."

The page has a button that allows you to endorse ZOS.

Or...

There's another button to contact the Privacy Certified people: privacy@esrb.org