ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Cpt_Teemo

jircris11 wrote: »

Aluneth wrote: »

jircris11 wrote: »

Funny thing is people are acting as if zos is the only company that does this. Blizzard launcher had one as well. And most free games and websites as well. Hell in the UK this is used by the ISP for marketing. It's honestly not a big deal and people need to understand that it won't kill you. After all zos is a company and its primary goal is to make money. It's the same reason you get up to go to work.

Let's take a look at that.

- Does Blizzard have an unstable game (compared to ESO)? No
- Does Blizzard have something similar to the crown store? No
- Does Blizzard put as much focus and advertisement into their store? No
- Does Blizzard put an advertisement that covers the entire screen, every time you log in, for a product you already own? No
- Does Blizzard price their mounts up towards 30-40 euros (elk, etc), and anything even close to 120-150 (house)? No

As a person who has spent 12+ years playing WoW, I don't like what Blizzard has turned into. I would even say that I have an axe to grind with them, when it comes to a majority of their decisions. Compared to Zenimax though? Blizzard could have been the poster child for how to run an MMO.

[Edited] : Back when Blizzard introduced a shop button into the game, people were criticising it and now the button is small (next to help) and doesn't draw any attention. An advertisement that fills up the entire screen? Unimaginable. The things that you let ESO get away with...

Because of your fear of criticism, I expect this post to be deleted within the day.

Actually blizzard did worse then eso crown. They still level boosters. Sorry but your entire argument became invalid at that point.

But Blizzard doesn't have an account wide level system though

jircris11

Caran wrote: »

So just because Blizzard might do it (and lots of other companies) ... it's ok? Anything a company does as long as it's making money for the company is ok?

Never said it was ok, simply said that is nothing new. We have information secretly gathered every day.

jircris11

EasyTiger wrote: »

jircris11 wrote: »

Funny thing is people are acting as if zos is the only company that does this. Blizzard launcher had one as well. And most free games and websites as well. Hell in the UK this is used by the ISP for marketing. It's honestly not a big deal and people need to understand that it won't kill you. After all zos is a company and its primary goal is to make money. It's the same reason you get up to go to work.

Please provide proof Blizzard uses redshell or anything else you've claimed.

As for bedding proof just google it, any one with half a mind and A BASIC understanding of marketing know that they use such tactics, they simply do not tell us so no one bothers to question. Look at every marketing, look at ads on websites everything is posted due to feed back websites and programs give developers. Hell I'm sure if you dig in to apps on your phone you will find the same thing.

Cpt_Teemo

jircris11 wrote: »

EasyTiger wrote: »

jircris11 wrote: »

Funny thing is people are acting as if zos is the only company that does this. Blizzard launcher had one as well. And most free games and websites as well. Hell in the UK this is used by the ISP for marketing. It's honestly not a big deal and people need to understand that it won't kill you. After all zos is a company and its primary goal is to make money. It's the same reason you get up to go to work.

Please provide proof Blizzard uses redshell or anything else you've claimed.

As for bedding proof just google it, any one with half a mind and A BASIC understanding of marketing know that they use such tactics, they simply do not tell us so no one bothers to question. Look at every marketing, look at ads on websites everything is posted due to feed back websites and programs give developers. Hell I'm sure if you dig in to apps on your phone you will find the same thing.

Looked it up on Google, everyone says they used Warden not a spyware its a security program to prevent theft and cheating.

Elsonso

Reverb wrote: »

@ZOS_MattFiror if this was an accident, and has never been enabled, why does the ESO client become nonfunctional if the RedShell dll is removed or modified? Why does Zeni require this spyware to be present and communicating for the game to even work. Give us a reason, any reason at all, to believe in your integrity, or that of Zenimax. Please.

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

Expecting the DLL to be there, and even loading that DLL, is not the same as using the DLL to send information about the computer to Red Shell. We need to be very clear about that.

Facefister wrote: »

"Mistake"

Thing is, this "mistake" could have legal actions. Maybe some are being taken right now, or not.

Potentially, but I think it is unlikely. There is nothing illegal about Red Shell, and the only thing out there that is a risk is GDPR. Like I have said, this was deployed before GDPR, so they can include it with all of the other personal data collection that they do. There is nothing that Red Shell does that they should not already have covered, if they were smart. If that stuff is ready for GDPR, so is Red Shell.

As near as I can tell, from my meager learnings, and without an expert audit, ZOS (including the use of Red Shell) is compliant with GDPR for all personal data collection in place prior to the GDPR effective date.

Aluneth

jircris11 wrote: »

Aluneth wrote: »

jircris11 wrote: »

Funny thing is people are acting as if zos is the only company that does this. Blizzard launcher had one as well. And most free games and websites as well. Hell in the UK this is used by the ISP for marketing. It's honestly not a big deal and people need to understand that it won't kill you. After all zos is a company and its primary goal is to make money. It's the same reason you get up to go to work.

Let's take a look at that.

- Does Blizzard have an unstable game (compared to ESO)? No
- Does Blizzard have something similar to the crown store? No
- Does Blizzard put as much focus and advertisement into their store? No
- Does Blizzard put an advertisement that covers the entire screen, every time you log in, for a product you already own? No
- Does Blizzard price their mounts up towards 30-40 euros (elk, etc), and anything even close to 120-150 (house)? No

As a person who has spent 12+ years playing WoW, I don't like what Blizzard has turned into. I would even say that I have an axe to grind with them, when it comes to a majority of their decisions. Compared to Zenimax though? Blizzard could have been the poster child for how to run an MMO.

[Edited] : Back when Blizzard introduced a shop button into the game, people were criticising it and now the button is small (next to help) and doesn't draw any attention. An advertisement that fills up the entire screen? Unimaginable. The things that you let ESO get away with...

Because of your fear of criticism, I expect this post to be deleted within the day.

Actually blizzard did worse then eso crown. They still level boosters. Sorry but your entire argument became invalid at that point. As for mounts toy curly have not looked in the store in wow. They still mounts for 20-69 level boost for 60 charter slot expansions for 20 and so on. So please research before posting.

ESO doesn't sell experience scrolls? They don't sell research scrolls that let you completely research a new crafting profession in a few hours? You're comparing one person buying a level boost (that doesn't even bring you to max level), that no one suffers from, to that of a huge advertisement that everyone sees. Not to mention, according to you, that one thing (level boost) is also much worse than an unstable game, ridden to the core with bugs.

It takes much longer time to level up a character in WoW, and there is no 'account sharing' when it comes to experience (CP).

The Blizzard store is nothing like the ESO one. Most new costumes/mounts (ESO) end up in the crown store, 95-98% of the mounts/costumes are rewarded in game (WoW). A feature that cost money (changing appearence) in the Crown Store, is free in WoW. You can have many more (50?) character slots in WoW, if you want more in ESO you have to PAY for it. There aren't any races that you have to pay for to unlock (Imperial).

I haven't even touched upon crown crates, and the exclusive items that are hidden there. If you want a special mount in WoW, you pay 20€ for it, you don't spend 500€+ on gambling crates and still fail to recieve it.

Everything that WoW has for sale in the store, can be found in the Crown Store and often at higher prices or needing luck to recieve it. Even then, the Crown Store has more than 10x the items/features that the WoW store has, and takes paid for many features that you recieve for free in WoW. The most expensive item in the Blizzard Store (outside of games), sit on around 20-25€ (minus the level boost). The most expensive item in the Crown Store sit at 120-150€.

[Edited] : I've always been against the level boost, and I was standing at the front line shouting 'NO!' when they added it to the game. I wish it wasn't in the game, but even the level boost doesn't compare to what ESO are doing.

I spent 10 minutes writing something that is of-topic and will most likely get deleted. I never learn.

ZOS_JesC

Greetings, we've removed comments that were excessive in bashing or targeting other members with personal insults. This is a friendly reminder to check the forum rules to make sure your posts follow them. Thank you for your understanding.

InvitationNotFound

lordrichter wrote: »

Reverb wrote: »

@ZOS_MattFiror if this was an accident, and has never been enabled, why does the ESO client become nonfunctional if the RedShell dll is removed or modified? Why does Zeni require this spyware to be present and communicating for the game to even work. Give us a reason, any reason at all, to believe in your integrity, or that of Zenimax. Please.

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

Expecting the DLL to be there, and even loading that DLL, is not the same as using the DLL to send information about the computer to Red Shell. We need to be very clear about that.

Facefister wrote: »

"Mistake"

Thing is, this "mistake" could have legal actions. Maybe some are being taken right now, or not.

Potentially, but I think it is unlikely. There is nothing illegal about Red Shell, and the only thing out there that is a risk is GDPR. Like I have said, this was deployed before GDPR, so they can include it with all of the other personal data collection that they do. There is nothing that Red Shell does that they should not already have covered, if they were smart. If that stuff is ready for GDPR, so is Red Shell.

As near as I can tell, from my meager learnings, and without an expert audit, ZOS (including the use of Red Shell) is compliant with GDPR for all personal data collection in place prior to the GDPR effective date.

I doubt ZOS complies with the GDPR. Not a lawyer and the feedback of a lawyer (who actually has some knowledge of the GPDR) would be great. Besides, it doesn't really matter if it was deployed before or after GDPR as they would have to get the users' consent again after GDPR, which wasn't the case.

And in case you've missed one of my previous posts:

Here an excerpt from noyb.eu

GDPR prohibits “bundling” The GDPR prohibits such forced consent and any form of bundling a service with the requirement to consent (see Article 7(4) GDPR). Consequently access to services can no longer depend on whether a user gives consent to the use of data. On this issue a very clear guideline of the European data protection authorities has already been published in November 2017 (link).

Separation of necessary & unnecessary data usage. An end of “forced consent” does not mean that companies can no longer use customer data. The GDPR explicitly allows any data processing that is strictly necessary for the service – but using the data additionally for advertisement or to sell it on needs the users’ free opt-in consent. With this complaint we want to ensure that GDPR is implemented in a sane way: Without just moving towards “fishing for consent”.

As far as i understand this, there has to be an opt-in, otherwise you screw with the GDPR, which you likely don't want to do as you might easily loose a lot of money that way. And i don't see any kind of opt-in for any of their data collection for advertising / marketing. But feel free on correcting me here.

anitajoneb17_ESO

lordrichter wrote: »

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

So... if I understand well... we can delete the redshell.dll file, create an empty file.txt in the same directory, rename it redshell.dll and the game would load normally ?
Wouldn't that be the best protection for us ?

Elsonso

anitajoneb17_ESO wrote: »

lordrichter wrote: »

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

So... if I understand well... we can delete the redshell.dll file, create an empty file.txt in the same directory, rename it redshell.dll and the game would load normally ?
Wouldn't that be the best protection for us ?

No. Once Windows determines that the file is there, it will attempt to load it into memory. A TXT file won't pass muster and Windows will fail to load the DLL that it expects to load.

DoctorESO

If we didn''t speak up now, who knows what ZOS would've done in the future. Good job finding this and calling them out, OP!

anitajoneb17_ESO

lordrichter wrote: »

anitajoneb17_ESO wrote: »

lordrichter wrote: »

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

So... if I understand well... we can delete the redshell.dll file, create an empty file.txt in the same directory, rename it redshell.dll and the game would load normally ?
Wouldn't that be the best protection for us ?

No. Once Windows determines that the file is there, it will attempt to load it into memory. A TXT file won't pass muster and Windows will fail to load the DLL that it expects to load.

Ok, then take any other dll file used by the game, duplicate it, rename it redshell.dll ? (sorry if that sounds silly but sometimes the dumbest ideas do work...)

Elsonso

.

anitajoneb17_ESO wrote: »

lordrichter wrote: »

anitajoneb17_ESO wrote: »

lordrichter wrote: »

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

So... if I understand well... we can delete the redshell.dll file, create an empty file.txt in the same directory, rename it redshell.dll and the game would load normally ?
Wouldn't that be the best protection for us ?

No. Once Windows determines that the file is there, it will attempt to load it into memory. A TXT file won't pass muster and Windows will fail to load the DLL that it expects to load.

Ok, then take any other dll file used by the game, duplicate it, rename it redshell.dll ? (sorry if that sounds silly but sometimes the dumbest ideas do work...)

That is an interesting idea, and I considered it in my response but decided not to mention it. It has been too long since I cared about Windows DLL files, but my recollection is that Windows only cares that the DLL is loadable. I am not certain that it does anything to check that the DLL is the right DLL. Obviously, if Windows or ESO64.EXE made any calls into the DLL to access points specific to Red Shell, the call would fail, and so could ESO64.EXE.

xRIVALENx

Calls are made to the RedShell dll and it is linked to the Windows kernel, the application will fail to launch if you rename another dll or create an empty placeholder. One can modify certain calls inside RedShell and patch it out if it is necessary.

Syncronaut

Iselin wrote: »

You really see being able to buy something exclusive as a reward?

Sounds like ZOS marketing is working as intended on you

Nah not realy, i am cheapskate when it comes to virtual goods (i prefer to buy a full game than some mount).
Never purchased anything from blizzard store either

The money when i heared abauth the redshell news went into switch games (one that was planed for jun/jul/august).
I have my spending limits

This is where the money went:
https://nintendoeverything.com/wp-content/uploads/octopath-limited-656x368.jpg

As for topic, we will see tommorow if the DDL is gona get removed out of the game and if they can hold up their bargin.
If they dont............well i am sure that European Commission would love to hear what is going on here.

karthrag_inak

lordrichter wrote: »

.

anitajoneb17_ESO wrote: »

lordrichter wrote: »

anitajoneb17_ESO wrote: »

lordrichter wrote: »

When they built the game client for Summerset, it was still being linked with the Red Shell dynamic link library. This is the mistake that Firor is referring to. An application that is linked with a DLL will fail to start if the DLL cannot be found. Windows simply won't run the game unless it can find all of the DLLs. When you delete the DLL file, all that is happening is that Windows is saying that an expected DLL file is not there. If it is there, Windows loads it. This is the "normal path" and I expect that it is what ZOS was using with Red Shell.

So... if I understand well... we can delete the redshell.dll file, create an empty file.txt in the same directory, rename it redshell.dll and the game would load normally ?
Wouldn't that be the best protection for us ?

No. Once Windows determines that the file is there, it will attempt to load it into memory. A TXT file won't pass muster and Windows will fail to load the DLL that it expects to load.

Ok, then take any other dll file used by the game, duplicate it, rename it redshell.dll ? (sorry if that sounds silly but sometimes the dumbest ideas do work...)

That is an interesting idea, and I considered it in my response but decided not to mention it. It has been too long since I cared about Windows DLL files, but my recollection is that Windows only cares that the DLL is loadable. I am not certain that it does anything to check that the DLL is the right DLL. Obviously, if Windows or ESO64.EXE made any calls into the DLL to access points specific to Red Shell, the call would fail, and so could ESO64.EXE.

good way to get a kernel panic/bsod. give it a whilrl.

if you want to prevent redshell from communicating, use the host file modification suggestion given earlier in the thread.

Hokiewa

This thread delivers on hilarity, faux outrage, and extreme ignorance. 10/10! I want a newsletter please

D0PAMINE

maboleth wrote: »

PelinalWhitestrake wrote: »

ZOS_MattFiror wrote: »

Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt

I ain't buying it.

So, whatever ZOS says, people are going to moan? I'm actually shocked how many people have so much free time/no life/no family/no hobbies, rather than if ZOS uses whatever software to position their ads. To write an essays about this on 20+ pages is an anomaly.

Because if you dont take safety precautions, you can literally loose real money and personal data.

D0PAMINE

jircris11 wrote: »

Funny thing is people are acting as if zos is the only company that does this. Blizzard launcher had one as well. And most free games and websites as well. Hell in the UK this is used by the ISP for marketing. It's honestly not a big deal and people need to understand that it won't kill you. After all zos is a company and its primary goal is to make money. It's the same reason you get up to go to work.

Thats not the same thing at all, not even close.

DanteYoda

Octopuss wrote: »

ZOS_MattFiror wrote: »

The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content.

Someone translate this into human speech for me please.
What advertisements, what web content WHERE? There are no ads on the ESO website.

We want to see which countries the new players are coming from so we can pepper them with accurate ads and spam mail..

ManwithBeard9

I wonder how useful this would be for tracking bot and gold seller accounts.

DanteYoda

anitajoneb17_ESO wrote: »

Merlin13KAGL wrote: »

Is Redshell malicious? No.

Define "malicious".

Does it harm my computer ? No.
Is that enough to not be malicious ? In my opinion, no.
ZOS knowing anything and everything I do in ESO ? Okay, why not. But ZOS knowing anything and everything I do, write, research and view, professionally or for fun, outside of ESO is definitely malicious in my view.

Characterized by malice; intending or intended to do harm

It may very well do harm in the future so yes the definition fits..

Also i have no social media.. I actually deleted my facebook a month ago. After the insanity took place you can now delete your facebook accounts finally.

Luthid

As soon as I saw zos had posted a position for Monetization Designer, I knew things like this would start happening. This was sooner than I expected, but they probably needed to slip it in ahead of the new EU laws, which they did by days.

They’ll back it out based on the outcry, but they already have the data they were looking for, so it doesn’t hurt them to unbundle it now.

Soon they’ll update the EULA again to include their right to exchange (read:sell) your data with 3rd parties at will. That’s only the start of how far down the rabbit hole they’ll go to make money off of existing customers.

Elsonso

DanteYoda wrote: »

anitajoneb17_ESO wrote: »

Merlin13KAGL wrote: »

Is Redshell malicious? No.

Define "malicious".

Does it harm my computer ? No.
Is that enough to not be malicious ? In my opinion, no.
ZOS knowing anything and everything I do in ESO ? Okay, why not. But ZOS knowing anything and everything I do, write, research and view, professionally or for fun, outside of ESO is definitely malicious in my view.

Characterized by malice; intending or intended to do harm

It may very well do harm in the future so yes the definition fits..

I don't think Red Shell rises to the level of being "malicious" It is not malware. It's part of a creepy stalker system, of that there is no doubt. If we are going to talk about future harm, then we are opening up the flood gates and we need to do a lot more than delete social media accounts.

Soul_Demon

I have a suspicion that the revenue hit you will take from this will be tough to ignore. Anytime ZOS introduces something like this it will need to be scrutinized in the future- this was clearly a 'trial run' and I would guess there was much more planned if this went unnoticed.

DeltaForce64x

Thanks for the heads up, OP, I already blocked both incoming and outgoing access to that website in my firewall.

besides I already completed the main storyline Summerset DLC recently, so there is no point playing ESO anymore.

plus, ESO will be dead for long time since Fallout 76 announced and teased on youtube. (Aww naooo different dev studio you fool! good lord who cares!??!

Jokes aside, its the people who actually allowing their privacy and security invaded by greedy companies, we can't stop the technology now, sure, but we can lower the risks.

NOW SHUT UP AND "ENJOY" WITH YOUR $5000 IPHONE X YOU MORON!! ...without headphone jack. See people? Technology advances and its great!!!!!

Cpt_Teemo

Luthid wrote: »

As soon as I saw zos had posted a position for Monetization Designer, I knew things like this would start happening. This was sooner than I expected, but they probably needed to slip it in ahead of the new EU laws, which they did by days.

They’ll back it out based on the outcry, but they already have the data they were looking for, so it doesn’t hurt them to unbundle it now.

Soon they’ll update the EULA again to include their right to exchange (read:sell) your data with 3rd parties at will. That’s only the start of how far down the rabbit hole they’ll go to make money off of existing customers.

I heard it came in 1 day earlier than GDPR

Slick_007

Aluneth wrote: »

- Does Blizzard have an unstable game (compared to ESO)? No
- Does Blizzard have something similar to the crown store? No
- Does Blizzard put as much focus and advertisement into their store? No
- Does Blizzard put an advertisement that covers the entire screen, every time you log in, for a product you already own? No
- Does Blizzard price their mounts up towards 30-40 euros (elk, etc), and anything even close to 120-150 (house)? No

if thats your criteria, i think you have some issues with how you decide who to trust.

Because of your fear of criticism, I expect this post to be deleted within the day.

and yes, theres the paranoia kicking in making the rest of your post seem like its from a mental ward.

LumbermillOverlord

countdown started
will see guys i hope spyware will be delete

Beardimus

It's in the patch notes :

General
Removed the integration of the external analytics tool Red Shell and all associated files.

Right thing to do Zos