ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Tandor

Emathides wrote: »

Usually some sort of compensation to the player goes well with an apology.

Let's hope you live by your own code and always offer compensation whenever you make a mistake in life.

JasonSilverSpring

billp_ESO wrote: »

This thread is confusing, and it's hard to figure out what RedShell really does.

1) Does it only activate when you click a RedShell-enabled ad? For example, ESO runs an ad on a website, and you click it. By clicking the ad, you trigger the collection of your data. Then, if you buy ESO and play it, they match the game to the ad, and know that ad worked. If you never click on an ESO ad, nothing happens. If this is the case, I see little problem.

2) Does it activate when you click ANY ad? For example, I click an ad on cats, and RedShell tracks that and sends it to ESO. Now I start seeing cat ads in game, when they pitch the cat pets in the store. That wouldn't be good.

3) Does it activate when you click on ANYTHING? For example, I click on a news story about cats, not an ad. RedShell still knows that, and matches that up with the game so that I start seeing ads for cats in game. Not good at all.

4) RedShell monitors all your activities, and sends that data along with your computer specs, location, etc, to anyone who wants to buy the data.

Does anyone know definitely which one of these it is?

Technically I believe it could do 1 through 3, but I suspect ZOS was focused on item 1. They offer a rather limited set of crown store items so it just does not seem practical.

TheTwistedRune

Ok. I know a website that’s got a special bargain on tin foil hats. Let me know in the comments if anybody is interested.

xaraan

I guess we can take Matt's word on this. I mean, it's not like ZoS does shady stuff like ignoring the dozens of threads asking about whether or not buying crown items for in game gold is legit.

DuskMarine

xaraan wrote: »

I guess we can take Matt's word on this. I mean, it's not like ZoS does shady stuff like ignoring the dozens of threads asking about whether or not buying crown items for in game gold is legit.

well their removing it so who cares right? if it doesnt we have antispyware for a reason right??

craftycarper73

hammer, nails, and wall.

dodgy barstewards.

umagon

billp_ESO wrote: »

This thread is confusing, and it's hard to figure out what RedShell really does.

1) Does it only activate when you click a RedShell-enabled ad? For example, ESO runs an ad on a website, and you click it. By clicking the ad, you trigger the collection of your data. Then, if you buy ESO and play it, they match the game to the ad, and know that ad worked. If you never click on an ESO ad, nothing happens. If this is the case, I see little problem.

2) Does it activate when you click ANY ad? For example, I click an ad on cats, and RedShell tracks that and sends it to ESO. Now I start seeing cat ads in game, when they pitch the cat pets in the store. That wouldn't be good.

3) Does it activate when you click on ANYTHING? For example, I click on a news story about cats, not an ad. RedShell still knows that, and matches that up with the game so that I start seeing ads for cats in game. Not good at all.

4) RedShell monitors all your activities, and sends that data along with your computer specs, location, etc, to anyone who wants to buy the data.

Does anyone know definitely which one of these it is?

The easiest way to put it is that redshell takes information from your computer hardware and creates an ID from that. This ID is paired up with the ID numbers redshell generated from other websites’ social media outlets, etc. Who are also using the redshell technology. This lets ZOS track which computers clicked on their advisement on which website or outlet. So ZOS can tailor their marketing better.

However, the problem is based on the emails people have gotten from redshell has the capability to link a person’s computer ID they generated to the account name people use in eso. Which is required for you to opt-out. So redshell and zos are lying when they say the generated computer ID’s are anonymous.

Basically, if you buy some shoes on a website who uses redshell’s tech it could inform redsell that computer ID 1234 bought xyz shoes. For zos they could get the information from redshell on what matching computer ID’s for each of their eso account holders brought what and where. ZOS is claiming that it will only be used for ZOS marketing but the reality is that ZOS could technically track what you purchased in other outlets who are using redshell tech. This is why people are upset about it. When you understand how the tech can be easily abused you might be also.

BuddyAces

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

Elsonso

billp_ESO wrote: »

The easiest way to put it is that redshell takes information from your computer hardware and creates an ID from that. This ID is paired up with the ID numbers redshell generated from other websites’ social media outlets, etc. Who are also using the redshell technology. This lets ZOS track which computers clicked on their advisement on which website or outlet. So ZOS can tailor their marketing better.

However, the problem is based on the emails people have gotten from redshell has the capability to link a person’s computer ID they generated to the account name people use in eso. Which is required for you to opt-out. So redshell and zos are lying when they say the generated computer ID’s are anonymous.

Personal data is anything that can be related back to the data subject, directly or indirectly. Yes, this does include the IP address, so that also means that it includes any finger print from the computer used to access the internet. That means that it falls under the control of the EU GDPR, and that means that when an individual comes forward and makes a request about personal data Red Shell stores about them, someone has to know who you are in order to link the identity with the personal data.

To Red Shell, you are a unique digital fingerprint. To ZOS, you are a person. If the player cannot determine the Red Shell digital fingerprint, someone has to put the two together or GDPR compliance in not possible. That someone is ZOS.

Edit: (removed some of the quote that I was not addressing) My feeling is that you are anonymous with Red Shell until you make a request of them. They know you are there, and that you are unique, but they probably don't know who you are. To Red Shell, you are anonymous. Once you step forward, you have to say who you are, and you are no longer anonymous.

This is my understanding of the GDPR.

Syncronaut

BuddyAces wrote: »

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

Now that you mention it, there are some comments missing. Well its their site, so they can delete comments as much as they want. This is a reason why i suggested to use other sites.

Prospero_ESO

Absolutely disgusting business practice. Hopefully they get sued

Elsonso

Syncronaut wrote: »

BuddyAces wrote: »

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

Now that you mention it, there are some comments missing. Well its their site, so they can delete comments as much as they want. This is a reason why i suggested to use other sites.

Have you seen some of the comments? Personal attacks. Insults. Baiting people. I am more surprised that they did not announce they did it, like they usually do. For a thread this size (626 currently), it would take a miracle for there to be nothing in here in violation of the ToS.

If everyone would just be nice, we would not have this problem.

Cpt_Teemo

lordrichter wrote: »

Syncronaut wrote: »

BuddyAces wrote: »

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

Now that you mention it, there are some comments missing. Well its their site, so they can delete comments as much as they want. This is a reason why i suggested to use other sites.

Have you seen some of the comments? Personal attacks. Insults. Baiting people. I am more surprised that they did not announce they did it, like they usually do. For a thread this size (626 currently), it would take a miracle for there to be nothing in here in violation of the ToS.

If everyone would just be nice, we would not have this problem.

Usually for any company if they push something like this through they let you know what they did and have you resign the ToS again to give your consent.

xaraan

BuddyAces wrote: »

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

You'd be surprised. Both of the warnings I ever got on this forum were really really stretching to qualify as a warning under their rules. Their moderation is just as much about controlling the message as it is about controlling trolling behavior.

DuskMarine

lordrichter wrote: »

Syncronaut wrote: »

BuddyAces wrote: »

Holy crap Z-O-S, what's with the massive moderation going on here? I went to bad last night and now, just under 12 hours later, there are LOADS of comments (including one of mine) that are straight up missing from this thread and N-O-N-E of the missing comments were rude, off topic, or trolly at all. Not a single one of those comments warranted a removal in the slightest. I was really straining myself to believe your (lawyer wrote) explanation on what happened, puttin away the tin foil hat and all, but now with the removal of those posts....ffs ZOS. What's goin on? And don't give me crap about talking about moderation of posts because I know what those posts said and there was no reason to remove all of them.

Now that you mention it, there are some comments missing. Well its their site, so they can delete comments as much as they want. This is a reason why i suggested to use other sites.

Have you seen some of the comments? Personal attacks. Insults. Baiting people. I am more surprised that they did not announce they did it, like they usually do. For a thread this size (626 currently), it would take a miracle for there to be nothing in here in violation of the ToS.

If everyone would just be nice, we would not have this problem.

well censorship doesnt help anything as is it only makes people madder. its just best to let people get it off their chests and just roll with it as every gaming company has done for years. only thing that should be taken down honestly is like threats the other stuff just shows peoples distaste with the current situation.

Renoaku_ESO

We do not need 3rd party advertisements in ESO, this is actually what can lead to "Hacking" and "Computer Compromises" my friend works cyber security, and he can make "Advertisements" which infect anyones computer he want's and work based off Google AD's or other advertisements, in some cases do not even require the user clicking it.

Doesn't matter what Anti-Virus your using btw there are ways around that I won't talk about here.

But in short these are the dangers of having this crap in ESO, not launching the game again until it's removed !

Elsonso

Renoaku_ESO wrote: »

We do not need 3rd party advertisements in ESO, this is actually what can lead to "Hacking" and "Computer Compromises" my friend works cyber security, and he can make "Advertisements" which infect anyones computer he want's and work based off Google AD's or other advertisements, in some cases do not even require the user clicking it.

Doesn't matter what Anti-Virus your using btw there are ways around that I won't talk about here.

But in short these are the dangers of having this crap in ESO, not launching the game again until it's removed !

I don't think you will be seeing third party advertising in the game. I don't think they will do in-game product references, either, so we are safe from Coca-Cola Brands for sale at the McDonald's that replaces every inn, and stuff like that.

Although: If the put Disney characters into the game, please make them killable NPCs.

Belegnole

lordrichter wrote: »

Renoaku_ESO wrote: »

We do not need 3rd party advertisements in ESO, this is actually what can lead to "Hacking" and "Computer Compromises" my friend works cyber security, and he can make "Advertisements" which infect anyones computer he want's and work based off Google AD's or other advertisements, in some cases do not even require the user clicking it.

Doesn't matter what Anti-Virus your using btw there are ways around that I won't talk about here.

But in short these are the dangers of having this crap in ESO, not launching the game again until it's removed !

I don't think you will be seeing third party advertising in the game. I don't think they will do in-game product references, either, so we are safe from Coca-Cola Brands for sale at the McDonald's that replaces every inn, and stuff like that.

Although: If the put Disney characters into the game, please make them killable NPCs.

lol, I like the npc idea.

Merlin13KAGL

Let's try this one more time.

And full disclosure: I am not affiliated nor invested (other than my time) in either RedShell or ZoS.

Cpt_Teemo wrote: »

As someone stated before there are multiple listeners using that Redshell connection so yeah not malicious my ass.

Problem #1: Redshell, the legit version, not the similiarly named actual spyware version (feel free to Google the difference), sends info out. It doesn't need to listen for updates (The client can push them at will, so this is unnecessary), and the hash it needs to cross reference it gets locally.

#2:Spyware, actual, real, good (as in effective), spyware doesn't like to get caught, so it generally avoids things like opening sixteeen highly visible connections under its own name, because it tends to ring alarm bells.

#3:To further support this, it tends to do this when you're not looking. That is, it may listen only during a specific period of time, for very short durations, often at odd hours or when the system is otherwise idle.

#4:It propagates itself, again, because it doesn't want to get removed.

So, while i have little doubt that someone had sixteen connections of something on their machine, it isn't this.

yodased wrote: »

Im just gonna post once more here because i think a lot of things are being conflated and confused.

If you are upset about the potential functions of red shell lets put you in camp a.

If you are upset about the lack of transparency and consistency of information we put you in camp b.

If you are upset that they added a 3rd party program and pushed it live by mistake we put you in camp c.

Camp a:

They make it easier to identify your pathway theough eso, but in reality a smart data scientist could do that anyway right now with internal tools and you would have 0 knowledge or recourse. This is happening, everywhere. Nothing you can do short of leaving cibilozation brhind will fully insulte you from being identofied or aggregated in some way.

Camp b:

fair enough, but they did own up to it and you dont have evidence that contradicts what the statement is. You can vote with ypur wallet and leave, or give them the benefit of the doubt and ride it out. Personally im in this camp and wont support these shady decisions any more

Camp c

the software development world is massively complex. The marketing department more than likely went to the architect and engineers to incorporate this into core net code. This kernel was then saved and pushed to test functionality. Instead or using proper version control systems, that kernal was then manually altered to 'turn off' or rather to 'not turn on' redshell instead of simply rolling back to a known good state. There are hundreds of reasons why this could happen. So many, but all stem on lack of a solid project manager and scope as well as lax version control. It isnt always malcious or evil, people make mistakes.

@yodased, fair enough, and sincerely sorry to see you go. I know you've been here since the start.

FWIW, I can respect your decision because at least you are informed enough to know why you're making it.

Truly, best of luck, wherever you go.

Raideen wrote: »

May I have your address and keys to your house? I am not malicious, I said so.

When would you like to visit?

You see, being a well informed and reasonable person, I have zero issue with this. Being wise, I'm also not just going to take your word for it.

So, you could certainly come to my house, unlock the door, and inspect whatever you'd like. Heck, you can even have a sibling tag along. So long as I'm seeing what you're up to, seeing that you're genuinely not malicious, and ensure you lock the door and hand back the keys when you're done, there is no harm in this.

In fact, come to think of it, I've had strangers in my house before. Turns out, my house is still here.

*Oh, is it okay if I encrypt my address before I provide it to everyone? That way only those that can actually decrypt the info can visit? The guard (firewall/antivirus/router) at the front will then inform me of your arrival.

anitajoneb17_ESO wrote: »

Merlin13KAGL wrote: »

Is Redshell malicious? No.

Define "malicious".

Does it harm my computer ? No.
Is that enough to not be malicious ? In my opinion, no.
ZOS knowing anything and everything I do in ESO ? Okay, why not. But ZOS knowing anything and everything I do, write, research and view, professionally or for fun, outside of ESO is definitely malicious in my view.

That's not how this works, feel free to scroll further down, as I explain one more time.

billp_ESO wrote: »

This thread is confusing, and it's hard to figure out what RedShell really does.

1) Does it only activate when you click a RedShell-enabled ad? For example, ESO runs an ad on a website, and you click it. By clicking the ad, you trigger the collection of your data. Then, if you buy ESO and play it, they match the game to the ad, and know that ad worked. If you never click on an ESO ad, nothing happens. If this is the case, I see little problem.

2) Does it activate when you click ANY ad? For example, I click an ad on cats, and RedShell tracks that and sends it to ESO. Now I start seeing cat ads in game, when they pitch the cat pets in the store. That wouldn't be good.

3) Does it activate when you click on ANYTHING? For example, I click on a news story about cats, not an ad. RedShell still knows that, and matches that up with the game so that I start seeing ads for cats in game. Not good at all.

4) RedShell monitors all your activities, and sends that data along with your computer specs, location, etc, to anyone who wants to buy the data.

Does anyone know definitely which one of these it is?

@billp_ESO all good questions:

1. Only ZoS/Bethesda ads. Whether it's a click, a mouseover, etc. Redshell makes money by associating client adds to client software. Will Redshell register a clock for a non-ESO product? It will if another company is using Redshell that way and (and this part's important) you own and use the other company's software as well.
   
   Part of the the encoded Unique ID that is created as an encrypted hash (similar in to WPA, only in this regard, so save irrelevant anecdotes) from a combination of hardware and software includes the client software.
   
   So the UID (It's unique in that it's virtually impossible to reverse to obtain the original information) and pretty doggone unlikely to get duplicated by another machine (exact same combo of everything) is different for Software A (Let's call it ESO) and Software B (anything else).
2. Watch the cat playing the piano to your heart's content. It's not what ESO is interested (unless you click an ESO ad while watching piano cat.)
3. Again, no. Relevant ads matched up to relevant software. Huge part of what doesn't make this spyware. It's tracking specific things and providing limited specific information. If it tracked everything and provided everything, one company could run it and happily send relevant information to any other companies (and Redshell would cease to make $).
4. Redshell doesn't monitor these, it uses these once to create the UID above. Further more, the UID doesn't provide any information directly and would be of zero use to another company. Redshell doesn't provide info to anyone except the original client(s) and it's not in that form. If they did, they would be legit spyware, and the FCC would be up their ass so fast, everyone's head would spin.

It's "Someone that looked at THIS ad on THIS site launched your game or possibly purchased THIS crown store DLC. We can't tell you their name, their address, or any damn thing relevant to them because we don't know ourselves - we encrypted it on day one."

Marketing doesn't care about your personal information in this regard (in that they don't need it) They simply want to know how effective the ESO ad on Piano Cat video was. That's it.

Cpt_Teemo wrote: »

Usually for any company if they push something like this through they let you know what they did and have you resign the ToS again to give your consent.

You did. Remember when they updated the Privacy Statement, and you had to agree to it before even being allowed to access the game?

It's covered there. Its spelled out, in detail, with relevant areas highlighted in a previous post, which I'd be delighted to link again.

• It's not malicious.
• They're gathering generic details about your system, encrypting them (irreversibly), and associating that code with certain activity (client marketing).
• It's not spyware in the sense that it looks only at what the client requests it to look at.
• It's the digital version of the person at the mall checking a box that said you looked a poster and as a result tried the double chocolate cherry fudge at the local sweet shop.
  
• They don't have your info. They don't need your info. Hell, they don't want your info. They just want to put posters in the places that sell more fudge.

Here's another theoretical analogy.
You buy a music CD from a company that hired me for marketing analysis.
The sticker on the front says "By opening this CD, you agree to our privacy terms*" which include use of certain marketing tools.
When first listen to that CD:

• I take your name and address, and I look it up in the 2015 phonebook for Lincoln County, Nevada.
• I write down the page, and the entry number.
• I go to the Greater Los Angeles Phone Book Museum and Depository.
• I note the GPS Lat and Long of the building above.
• I find that phone book. I note the floor, the rack, the shelf, and the position on the shelf.
• I put all of these things together to make a code (UID).

Then every time you open an ad from your original location, my redshell enabled ad (which also came up with that UID) makes not and associates it with that code. (It has to be your original location, or it would produce a different UID, not because they care one iota what your location actually is).

Once a month, I go to the producer and say UID that bought and listened to this CD, in all likelihood also looked at this ad, but apparently (due to lack of data) hasn't looked at the others you placed.

Not that I would (because prison and lawsuits, and stuff), but even if I did walk out the front door of the producer's office and give your code of "kjshdfkhsadfgiusdfiugsdlafgoiugyui" to everyone where I had lunch, it would be utterly and completely useless to them and would not disclose a single thing about your privacy in the process.

• If you're gonna stay, stay.
• If you're gonna go, go.
• If you want to register a complaint about how you feel your privacy was violated, register away - I provide, no, ZoS provided, I simply duplicated the info in another thread. By all means, give the Feds something to do so they can come back and let you know you have nothing to be concerned about.
• But PLEASE, can we stop flipping the *** out because we think something is doing something without proof or understanding of what that something even is.

Cpt_Teemo

Merlin13KAGL wrote: »

Let's try this one more time.

And full disclosure: I am not affiliated nor invested (other than my time) in either RedShell or ZoS.

Cpt_Teemo wrote: »

As someone stated before there are multiple listeners using that Redshell connection so yeah not malicious my ass.

Problem #1: Redshell, the legit version, not the similiarly named actual spyware version (feel free to Google the difference), sends info out. It doesn't need to listen for updates (The client can push them at will, so this is unnecessary), and the hash it needs to cross reference it gets locally.

#2:Spyware, actual, real, good (as in effective), spyware doesn't like to get caught, so it generally avoids things like opening sixteeen highly visible connections under its own name, because it tends to ring alarm bells.

#3:To further support this, it tends to do this when you're not looking. That is, it may listen only during a specific period of time, for very short durations, often at odd hours or when the system is otherwise idle.

#4:It propagates itself, again, because it doesn't want to get removed.

So, while i have little doubt that someone had sixteen connections of something on their machine, it isn't this.

yodased wrote: »

Im just gonna post once more here because i think a lot of things are being conflated and confused.

If you are upset about the potential functions of red shell lets put you in camp a.

If you are upset about the lack of transparency and consistency of information we put you in camp b.

If you are upset that they added a 3rd party program and pushed it live by mistake we put you in camp c.

Camp a:

They make it easier to identify your pathway theough eso, but in reality a smart data scientist could do that anyway right now with internal tools and you would have 0 knowledge or recourse. This is happening, everywhere. Nothing you can do short of leaving cibilozation brhind will fully insulte you from being identofied or aggregated in some way.

Camp b:

fair enough, but they did own up to it and you dont have evidence that contradicts what the statement is. You can vote with ypur wallet and leave, or give them the benefit of the doubt and ride it out. Personally im in this camp and wont support these shady decisions any more

Camp c

the software development world is massively complex. The marketing department more than likely went to the architect and engineers to incorporate this into core net code. This kernel was then saved and pushed to test functionality. Instead or using proper version control systems, that kernal was then manually altered to 'turn off' or rather to 'not turn on' redshell instead of simply rolling back to a known good state. There are hundreds of reasons why this could happen. So many, but all stem on lack of a solid project manager and scope as well as lax version control. It isnt always malcious or evil, people make mistakes.

@yodased, fair enough, and sincerely sorry to see you go. I know you've been here since the start.

FWIW, I can respect your decision because at least you are informed enough to know why you're making it.

Truly, best of luck, wherever you go.

Raideen wrote: »

May I have your address and keys to your house? I am not malicious, I said so.

When would you like to visit?

You see, being a well informed and reasonable person, I have zero issue with this. Being wise, I'm also not just going to take your word for it.

So, you could certainly come to my house, unlock the door, and inspect whatever you'd like. Heck, you can even have a sibling tag along. So long as I'm seeing what you're up to, seeing that you're genuinely not malicious, and ensure you lock the door and hand back the keys when you're done, there is no harm in this.

In fact, come to think of it, I've had strangers in my house before. Turns out, my house is still here.

*Oh, is it okay if I encrypt my address before I provide it to everyone? That way only those that can actually decrypt the info can visit? The guard (firewall/antivirus/router) at the front will then inform me of your arrival.

anitajoneb17_ESO wrote: »

Merlin13KAGL wrote: »

Is Redshell malicious? No.

Define "malicious".

Does it harm my computer ? No.
Is that enough to not be malicious ? In my opinion, no.
ZOS knowing anything and everything I do in ESO ? Okay, why not. But ZOS knowing anything and everything I do, write, research and view, professionally or for fun, outside of ESO is definitely malicious in my view.

That's not how this works, feel free to scroll further down, as I explain one more time.

billp_ESO wrote: »

This thread is confusing, and it's hard to figure out what RedShell really does.

1) Does it only activate when you click a RedShell-enabled ad? For example, ESO runs an ad on a website, and you click it. By clicking the ad, you trigger the collection of your data. Then, if you buy ESO and play it, they match the game to the ad, and know that ad worked. If you never click on an ESO ad, nothing happens. If this is the case, I see little problem.

2) Does it activate when you click ANY ad? For example, I click an ad on cats, and RedShell tracks that and sends it to ESO. Now I start seeing cat ads in game, when they pitch the cat pets in the store. That wouldn't be good.

3) Does it activate when you click on ANYTHING? For example, I click on a news story about cats, not an ad. RedShell still knows that, and matches that up with the game so that I start seeing ads for cats in game. Not good at all.

4) RedShell monitors all your activities, and sends that data along with your computer specs, location, etc, to anyone who wants to buy the data.

Does anyone know definitely which one of these it is?

@billp_ESO all good questions:

1. Only ZoS/Bethesda ads. Whether it's a click, a mouseover, etc. Redshell makes money by associating client adds to client software. Will Redshell register a clock for a non-ESO product? It will if another company is using Redshell that way and (and this part's important) you own and use the other company's software as well.
   
   Part of the the encoded Unique ID that is created as an encrypted hash (similar in to WPA, only in this regard, so save irrelevant anecdotes) from a combination of hardware and software includes the client software.
   
   So the UID (It's unique in that it's virtually impossible to reverse to obtain the original information) and pretty doggone unlikely to get duplicated by another machine (exact same combo of everything) is different for Software A (Let's call it ESO) and Software B (anything else).
2. Watch the cat playing the piano to your heart's content. It's not what ESO is interested (unless you click an ESO ad while watching piano cat.)
3. Again, no. Relevant ads matched up to relevant software. Huge part of what doesn't make this spyware. It's tracking specific things and providing limited specific information. If it tracked everything and provided everything, one company could run it and happily send relevant information to any other companies (and Redshell would cease to make $).
4. Redshell doesn't monitor these, it uses these once to create the UID above. Further more, the UID doesn't provide any information directly and would be of zero use to another company. Redshell doesn't provide info to anyone except the original client(s) and it's not in that form. If they did, they would be legit spyware, and the FCC would be up their ass so fast, everyone's head would spin.

It's "Someone that looked at THIS ad on THIS site launched your game or possibly purchased THIS crown store DLC. We can't tell you their name, their address, or any damn thing relevant to them because we don't know ourselves - we encrypted it on day one."

Marketing doesn't care about your personal information in this regard (in that they don't need it) They simply want to know how effective the ESO ad on Piano Cat video was. That's it.

Cpt_Teemo wrote: »

Usually for any company if they push something like this through they let you know what they did and have you resign the ToS again to give your consent.

You did. Remember when they updated the Privacy Statement, and you had to agree to it before even being allowed to access the game?

It's covered there. Its spelled out, in detail, with relevant areas highlighted in a previous post, which I'd be delighted to link again.

• It's not malicious.
• They're gathering generic details about your system, encrypting them (irreversibly), and associating that code with certain activity (client marketing).
• It's not spyware in the sense that it looks only at what the client requests it to look at.
• It's the digital version of the person at the mall checking a box that said you looked a poster and as a result tried the double chocolate cherry fudge at the local sweet shop.
  
• They don't have your info. They don't need your info. Hell, they don't want your info. They just want to put posters in the places that sell more fudge.

Here's another theoretical analogy.
You buy a music CD from a company that hired me for marketing analysis.
The sticker on the front says "By opening this CD, you agree to our privacy terms*" which include use of certain marketing tools.
When first listen to that CD:

• I take your name and address, and I look it up in the 2015 phonebook for Lincoln County, Nevada.
• I write down the page, and the entry number.
• I go to the Greater Los Angeles Phone Book Museum and Depository.
• I note the GPS Lat and Long of the building above.
• I find that phone book. I note the floor, the rack, the shelf, and the position on the shelf.
• I put all of these things together to make a code (UID).

Then every time you open an ad from your original location, my redshell enabled ad (which also came up with that UID) makes not and associates it with that code. (It has to be your original location, or it would produce a different UID, not because they care one iota what your location actually is).

Once a month, I go to the producer and say UID that bought and listened to this CD, in all likelihood also looked at this ad, but apparently (due to lack of data) hasn't looked at the others you placed.

Not that I would (because prison and lawsuits, and stuff), but even if I did walk out the front door of the producer's office and give your code of "kjshdfkhsadfgiusdfiugsdlafgoiugyui" to everyone where I had lunch, it would be utterly and completely useless to them and would not disclose a single thing about your privacy in the process.

• If you're gonna stay, stay.
• If you're gonna go, go.
• If you want to register a complaint about how you feel your privacy was violated, register away - I provide, no, ZoS provided, I simply duplicated the info in another thread. By all means, give the Feds something to do so they can come back and let you know you have nothing to be concerned about.
• But PLEASE, can we stop flipping the *** out because we think something is doing something without proof or understanding of what that something even is.

Still spyware case and point, even though it might not be harmful now who knows what they can do later in the future if people don't stop it

Aebaradath

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

I ain't buying it.

Merlin13KAGL

Cpt_Teemo wrote: »

Still spyware case and point, even though it might not be harmful now who knows what they can do later in the future if people don't stop it

Not when it's monitoring what it's allowed to monitor.

Notice how it's not getting tagged by firewalls, internet security, and antivirus.

Notice how this company with a pretty blatant internet presences isn't getting shut down by the FCC, the FBI, or any other agency.

Notice the ESRB rating still in full effect.

Any program can be hacked. You are vulnerable the first time you plug in your ethernet cord.

Case in point:
ESO records your keystrokes - it's how you're able to move and fire off skills.
ESO captures your screen, at least its own window, every time you submit a screenshot.
ESO monitors your running applications and installed drivers and programs any time you run the little "My game isn't workin' right" helper application.

Lots of software does many of these things. Doesn't make them malicious. Doesn't make them spyware. Doesn't make them bad.

When things go out of their defined permissions, that's when it becomes a problem.

For those instances, that's why you have firewalls, antivirus, secure routers, and you remain genuinely informed.

Regarding transparency and disclosure, the the company step on it's own junk? Absolutely

Was it of malicious intent, I seriously doubt it.

WTFL;DR;

Did they screw up? Yes.
Did they own it? Yes.
Are they fixing it? Yes.
Will they do things differently next time? Probably a Hell yes.
Was this whole thing blown way more out of proportion than necessary? Hell **** Yes.

kyle.wilson

If zos spent as much time fixing bugs and glitches as they do trying to monetize everything in the game, it would run a whole lot smoother.

But, at least this broke @ZOS_MattFiror's hiatus from the forum.

InvitationNotFound

Merlin13KAGL wrote: »

Cpt_Teemo wrote: »

Still spyware case and point, even though it might not be harmful now who knows what they can do later in the future if people don't stop it

Not when it's monitoring what it's allowed to monitor.

Notice how it's not getting tagged by firewalls, internet security, and antivirus.

Notice how this company with a pretty blatant internet presences isn't getting shut down by the FCC, the FBI, or any other agency.

Notice the ESRB rating still in full effect.

Any program can be hacked. You are vulnerable the first time you plug in your ethernet cord.

Case in point:
ESO records your keystrokes - it's how you're able to move and fire off skills.
ESO captures your screen, at least its own window, every time you submit a screenshot.
ESO monitors your running applications and installed drivers and programs any time you run the little "My game isn't workin' right" helper application.

Lots of software does many of these things. Doesn't make them malicious. Doesn't make them spyware. Doesn't make them bad.

When things go out of their defined permissions, that's when it becomes a problem.

For those instances, that's why you have firewalls, antivirus, secure routers, and you remain genuinely informed.

Regarding transparency and disclosure, the the company step on it's own junk? Absolutely

Was it of malicious intent, I seriously doubt it.

WTFL;DR;

Did they screw up? Yes.
Did they own it? Yes.
Are they fixing it? Yes.
Will they do things differently next time? Probably a Hell yes.
Was this whole thing blown way more out of proportion than necessary? Hell **** Yes.

just from a technical point of view, your comparisons are not adequate.

For those instances, that's why you have firewalls, antivirus, secure routers, and you remain genuinely informed.

firewall(s): wont help mostly as normally for end users they don't do anything regarding outgoing traffic. you wont be able to block all ip addresses except google (just as an example)
antivirus: won't detect new viruses and can be regarded as a thread themselves if you look at the vulnerabilities they had lately
secure routers: whatever the difference between a secure router and a router is. anyway routers do not really prevent anything (except maybe access to your machine in case of private / public ip address transition, but that's a border case).

Case in point:
ESO records your keystrokes - it's how you're able to move and fire off skills.
ESO captures your screen, at least its own window, every time you submit a screenshot.
ESO monitors your running applications and installed drivers and programs any time you run the little "My game isn't workin' right" helper application.

to a certain degree. every binary is capable to do more, even so ESO. they point is that you only run binaries you've trust in. adding things like redshell (which can do whatever they want) isn't really going to help in trusting zos and i certainly do not trust redshell.

and still, i don't get what exactly for they are using redshell, if it is only related to ingame things they can implement it themselves. If it in any way has access to anything related to any of my browser's data / cookies or whatsoever, this would be a huge issue. Even uniquely identifying my machine is something that is an absolute no-go.

Regarding the GDPR i think they made a huge mistake, as something like that would certainly require an opt-in, which isn't present.

Matt said what they did and it was a mistake. Yet, there isn't much trust left for this company so i simply doubt this. I guess a proper (technical) analysis of the current situation would be great.


regarding your other rather long post. according to the guy who tried to opt out it should be possible to associate a redshell entry with your eso data. if the redshell data leaks (e.g. they get hacked) it could be associated with me. imho this is an issue. and i don't see a reason to use such a third party to store and analyze this. in general your answer seems to be a little bit naive. could you provide the technical details (docs) on how it is actually implemented and what the capabilities are? because currently it only looks like assumptions to me (yes, i know... every opinion in here is based on pure assumptions - but i prefer to stay on the pessimistic side and not on the "oh hell yeah, those companies only want the best for us all").

Merlin13KAGL

InvitationNotFound wrote: »

just from a technical point of view, your comparisons are not adequate.

They are referring to the instances where people are picking and choosing definitions without any context present. Labeling something is not as simple as it's being made out to be. That's all I'm going for.

For those instances, that's why you have firewalls, antivirus, secure routers, and you remain genuinely informed.

firewall(s): wont help mostly as normally for end users they don't do anything regarding outgoing traffic. you wont be able to block all ip addresses except google (just as an example)
antivirus: won't detect new viruses and can be regarded as a thread themselves if you look at the vulnerabilities they had lately
secure routers: whatever the difference between a secure router and a router is. anyway routers do not really prevent anything (except maybe access to your machine in case of private / public ip address transition, but that's a border case).

• A good firewall takes time to determine what is allowed and what is not, and until it's deemed allowed, no traffic goes through. Granted, this is beyond what the average person is going to take the time to do. If you really want a secure connection, block all should be the default behavior until you grant something permission.
• Good antivirus looks for more than just a signature. Good antivirus will look for code patterns (beyond virus signatures) and will look for patterns of access, etc, flagging them as unusual, and again, waiting for your decision regarding whether to allow or not. Most good antivirus also allows for seclusion, or sandboxing of new programs to ensure they play nice, and only with the toys they're allowed to.
• Secure in the sense that you have a non-default IP, you've set passwords. In other words, you've taken the time to secure it, and you didn't just plug it it straight out of the box. Any router worth its salt can also restrict, block, situationally allow, log, and even redirect traffic.

Again, most of this is going to be beyond what the typical user is going to do. My point being, it is an option.

to a certain degree. every binary is capable to do more, even so ESO. they point is that you only run binaries you've trust in. adding things like redshell (which can do whatever they want) isn't really going to help in trusting zos and i certainly do not trust redshell.

and still, i don't get what exactly for they are using redshell, if it is only related to ingame things they can implement it themselves. If it in any way has access to anything related to any of my browser's data / cookies or whatsoever, this would be a huge issue. Even uniquely identifying my machine is something that is an absolute no-go.

Redshell doesn't get to 'do whatever they want' because it becomes malware at that point. It does specific things for specific purposes. It's not 'logging' half of what people on here seem to think it is.

They didn't implement it themselves for the same reasons they didn't remake TeamSpeak and Discord. Redshell already does what they needed done.

Again, there's no identifying your machine by reversal. See below.

Regarding the GDPR i think they made a huge mistake, as something like that would certainly require an opt-in, which isn't present.

Technically, there was nothing to opt into, since it was not enabled.

Even if it had been, it was covered under marketing/analytical tools in the last agreed to Privacy Policy.

Matt said what they did and it was a mistake. Yet, there isn't much trust left for this company so i simply doubt this. I guess a proper (technical) analysis of the current situation would be great.

Yes, but mostly because of how people are reacting to it, not because any data was getting stolen.

regarding your other rather long post. according to the guy who tried to opt out it should be possible to associate a redshell entry with your eso data. if the redshell data leaks (e.g. they get hacked) it could be associated with me. imho this is an issue. and i don't see a reason to use such a third party to store and analyze this. in general your answer seems to be a little bit naive. could you provide the technical details (docs) on how it is actually implemented and what the capabilities are? because currently it only looks like assumptions to me (yes, i know... every opinion in here is based on pure assumptions - but i prefer to stay on the pessimistic side and not on the "oh hell yeah, those companies only want the best for us all").

The keys don't get reveresed, that's the thing.

The reason RedShell needs your internal ID (provided only by ZoS), is so they can check a portion of the UID after encryption and delete matching entries.

At no point does your UID turn back into your browser list, your screen resolution, your IP address, or any other aspect they use to create the UID in the first place.

A dataleak would provide only arbitrary UID's with associated client-specific activity. For it to provide anything even remotely useful, there would have to be a breach at both locations.

Zero Personal Information.

If you want more detail than that, I've posted probably a dozen or so responses in that regard, and frankly, this thread has worn me out.

BuddyAces

xaraan wrote: »

Their moderation is just as much about controlling the message...

That's what it had to have been =(

InvitationNotFound

Merlin13KAGL wrote: »

InvitationNotFound wrote: »

just from a technical point of view, your comparisons are not adequate.

They are referring to the instances where people are picking and choosing definitions without any context present. Labeling something is not as simple as it's being made out to be. That's all I'm going for.

Well the things you are writing so far seem to be assumptions to me. I have no idea where you got the information from (of course you might find certain things on their page - i'm just too lazy too look it up as i'm tired of all this marketing crap which is different in reality anyway). So please provide technical details or references. If you want to explain something please use the technical terms like they are hashing whatever. the more details the better (e.g. they hash the serial number of this component with your computer name using SHA2 256). What you have provided so far aren't technical details imho (or not technical enough).

Merlin13KAGL wrote: »

For those instances, that's why you have firewalls, antivirus, secure routers, and you remain genuinely informed.

firewall(s): wont help mostly as normally for end users they don't do anything regarding outgoing traffic. you wont be able to block all ip addresses except google (just as an example)
antivirus: won't detect new viruses and can be regarded as a thread themselves if you look at the vulnerabilities they had lately
secure routers: whatever the difference between a secure router and a router is. anyway routers do not really prevent anything (except maybe access to your machine in case of private / public ip address transition, but that's a border case).

• A good firewall takes time to determine what is allowed and what is not, and until it's deemed allowed, no traffic goes through. Granted, this is beyond what the average person is going to take the time to do. If you really want a secure connection, block all should be the default behavior until you grant something permission.
• Good antivirus looks for more than just a signature. Good antivirus will look for code patterns (beyond virus signatures) and will look for patterns of access, etc, flagging them as unusual, and again, waiting for your decision regarding whether to allow or not. Most good antivirus also allows for seclusion, or sandboxing of new programs to ensure they play nice, and only with the toys they're allowed to.

AV are, if you want to, not so difficult to bypass. It might be good for an (below) average user who double clicks everything he sees and tends to install software from everywhere. It adds additional attack surface and it is therefore a decision for each individual which risk is bigger.

Merlin13KAGL wrote: »

[*] Secure in the sense that you have a non-default IP, you've set passwords. In other words, you've taken the time to secure it, and you didn't just plug it it straight out of the box. Any router worth its salt can also restrict, block, situationally allow, log, and even redirect traffic.


Again, most of this is going to be beyond what the typical user is going to do. My point being, it is an option.

to a certain degree. every binary is capable to do more, even so ESO. they point is that you only run binaries you've trust in. adding things like redshell (which can do whatever they want) isn't really going to help in trusting zos and i certainly do not trust redshell.

and still, i don't get what exactly for they are using redshell, if it is only related to ingame things they can implement it themselves. If it in any way has access to anything related to any of my browser's data / cookies or whatsoever, this would be a huge issue. Even uniquely identifying my machine is something that is an absolute no-go.

Redshell doesn't get to 'do whatever they want' because it becomes malware at that point. It does specific things for specific purposes. It's not 'logging' half of what people on here seem to think it is.

Reference? Is this somewhere on the site or is this from a third party assessment?
You might find it hard to believe, but what companies say and what they do are sometimes different things. And I've already seen such cases, so I do not blindly trust them. Please provide sources here where you get your information from.

Merlin13KAGL wrote: »

They didn't implement it themselves for the same reasons they didn't remake TeamSpeak and Discord. Redshell already does what they needed done.

I might not have understood what exactly it is doing or what it is collecting. But sending data to a third party and running their code on a customer's machine isn't a good idea from a privacy / security perspective. many companies are going that direction unfortunately. nonetheless it is a stupid idea (for both, the company and its customers).

Merlin13KAGL wrote: »

Again, there's no identifying your machine by reversal. See below.

Again, you didn't provide any details. Furthermore explain me how the opt-out works if identification isn't possible and why ZOS can (according to the mail) provide the information that they need to put someone on the opt-out list. if you get the data from redshell and zos you should be able to identify exactly which data sets belong to which users. I wouldn't consider this anonymous.

Merlin13KAGL wrote: »

Regarding the GDPR i think they made a huge mistake, as something like that would certainly require an opt-in, which isn't present.

Technically, there was nothing to opt into, since it was not enabled.

Did you verify this? I don't think anyone has so far. And if it comes to trust... i don't trust them.

Merlin13KAGL wrote: »

Even if it had been, it was covered under marketing/analytical tools in the last agreed to Privacy Policy.

Here an excerpt from noyb.eu

GDPR prohibits “bundling” The GDPR prohibits such forced consent and any form of bundling a service with the requirement to consent (see Article 7(4) GDPR). Consequently access to services can no longer depend on whether a user gives consent to the use of data. On this issue a very clear guideline of the European data protection authorities has already been published in November 2017 (link).

Separation of necessary & unnecessary data usage. An end of “forced consent” does not mean that companies can no longer use customer data. The GDPR explicitly allows any data processing that is strictly necessary for the service – but using the data additionally for advertisement or to sell it on needs the users’ free opt-in consent. With this complaint we want to ensure that GDPR is implemented in a sane way: Without just moving towards “fishing for consent”.

As far as i understand this, there has to be an opt-in, otherwise you screw with the GDPR, which you likely don't want to do as you might easily loose a lot of money that way.

Merlin13KAGL wrote: »

Matt said what they did and it was a mistake. Yet, there isn't much trust left for this company so i simply doubt this. I guess a proper (technical) analysis of the current situation would be great.

Yes, but mostly because of how people are reacting to it, not because any data was getting stolen.

See above.

Merlin13KAGL wrote: »

regarding your other rather long post. according to the guy who tried to opt out it should be possible to associate a redshell entry with your eso data. if the redshell data leaks (e.g. they get hacked) it could be associated with me. imho this is an issue. and i don't see a reason to use such a third party to store and analyze this. in general your answer seems to be a little bit naive. could you provide the technical details (docs) on how it is actually implemented and what the capabilities are? because currently it only looks like assumptions to me (yes, i know... every opinion in here is based on pure assumptions - but i prefer to stay on the pessimistic side and not on the "oh hell yeah, those companies only want the best for us all").

The keys don't get reveresed, that's the thing.

The reason RedShell needs your internal ID (provided only by ZoS), is so they can check a portion of the UID after encryption and delete matching entries.

At no point does your UID turn back into your browser list, your screen resolution, your IP address, or any other aspect they use to create the UID in the first place.

A dataleak would provide only arbitrary UID's with associated client-specific activity. For it to provide anything even remotely useful, there would have to be a breach at both locations.

Zero Personal Information.

If you want more detail than that, I've posted probably a dozen or so responses in that regard, and frankly, this thread has worn me out.

Again, provide some documentation or references. Otherwise what you are writing are just assumptions. Maybe in an ideal world it might be implemented like that, yet the world isn't ideal.

Edit: sorry for the edit. i've messed up the quoting.

Alinhbo_Tyaka

lordrichter wrote: »

Alinhbo_Tyaka wrote: »

It was enabled in some form as the dll opened and was listening on 16 TCP connections to Red Shell servers on my machine.

How much data did it transfer?

To be honest I didn't look. I assumed if it was opening connections it would also send some data. I'm out of town with the wife and won't be home for a few days so can't get back on to see if anything is transferred of course by then the patch will be out so might be too late.

NewbieOKS

Alinhbo_Tyaka wrote: »

lordrichter wrote: »

Alinhbo_Tyaka wrote: »

It was enabled in some form as the dll opened and was listening on 16 TCP connections to Red Shell servers on my machine.

How much data did it transfer?

To be honest I didn't look. I assumed if it was opening connections it would also send some data. I'm out of town with the wife and won't be home for a few days so can't get back on to see if anything is transferred of course by then the patch will be out so might be too late.

@Alinhbo_Tyaka

For comparison and reference purposes

https://imgur.com/a/ypq4awU

Repost from #595
https://forums.elderscrollsonline.com/en/discussion/comment/5190176#Comment_5190176

Edited to insert link comment no#595

StackonClown

Why put redshell in a folder called 'debug'?
What are you debugging? Why not name it 'new customer launch attribution' like all the fancy marketing calls it??

I read through redshell's website which has very much dumbed down limited information. But here's how it seems to work in theory. Note they claim this is only for steam, but can see no reason why it wont work for non-steam.

1/
They claim, they get a user's 'fingerprint' when the user click's an ad on youtube or etc. 'seemingly IP address' but trying to be cool by using a non-techy term.
This is done without redshell on the user's PC obviously.
This seems to be done by 'campaigns' which redshell customers configure using a redshell url which then redirects the user to the gaming company, but capturing the fingerprint on the way.

i.e. youtube url for some new game, let's say 'cloudrym' is actually a link to redshell !!

2/
Then, if the user soon after install's the game, the game itself now calls redshell first to log the fingerprint again.. and hey presto, "you just clicked on that youtube link earlier - 'same IP address'".

3/
Err, "hello Zenny - here's another one from that youtube advert"

Sorry, I'm not a carcass to be harvested for someone else's profit chart without my knowledge, nor do I want to be a slayve to redsell.

Also, not impressed that this is hiding in a folder called 'debug'.