ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Ohtimbar

I look forward to blocking this redshell crapware by whatever means necessary.

Cpt_Teemo

Ohtimbar wrote: »

I look forward to blocking this redshell crapware by whatever means necessary.

You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it

Ohtimbar

Cpt_Teemo wrote: »

Ohtimbar wrote: »

I look forward to blocking this redshell crapware by whatever means necessary.

You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it

I've blocked it in the host file and elsewhere. No problems to report. l haven't analyzed game traffic in depth but I'm hopeful. If all else fails I'll scream bloody murder to customer service until I get an answer or they block me and lose my business forever.

Marginis

Shad0wfire99 wrote: »

Master race, indeed.

There's nothing to say something similar or worse isn't in or coming to the console versions.

Cpt_Teemo

Ohtimbar wrote: »

Cpt_Teemo wrote: »

Ohtimbar wrote: »

I look forward to blocking this redshell crapware by whatever means necessary.

You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it

I've blocked it in the host file and elsewhere. No problems to report. l haven't analyzed game traffic in depth but I'm hopeful. If all else fails I'll scream bloody murder to customer service until I get an answer or they block me and lose my business forever.

Maybe it could work differently how they set it up then not sure, maybe extra levels of security just incase people blocked it

Cpt_Teemo

LumbermillOverlord wrote: »

https://redshell.io/home

i just left this here
i have a knowledge than ZOS added this spy utility into eso with latest patches

enjoy new level of targeting ADs on main screen in a future

I'm wondering how to tell if your computer has Redshell on it or not, cause i've been trying to look online and said you need programs to hunt it down rather than looking yourself?

ADarklore

Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

Ohtimbar

Redshell has an opt out page

"To opt out of game-based tracking please email us directly at privacy@redshell.io"
I'll continue blocking it until I hear back from them.

Cpt_Teemo

Ohtimbar wrote: »

Redshell has an opt-out page

"To opt out of game-based tracking please email us directly at privacy@redshell.io"
I'll continue blocking it until I hear back from them.

Thanks

Cpt_Teemo

ADarklore wrote: »

Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

I see nothing in the ToS about the use of Spyware

Kuwhar

Is this strictly for the steam version? Or both launcher and steam versions?

karthrag_inak

it resides in here :

*\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client

and a copy here :

*\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client\debug

very uncool.

Kuwhar

karthrag_inak wrote: »

it resides in here :

*\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client

and a copy here :

*\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client\debug

very uncool.

Ok cool, moral of the story: dont use steam

xRIVALENx

It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

A few modifications to RedShell.dll and a patch should obfuscate the information being sent while still leaving the game in a operational state. Would be wonderful if RedShell would respond at their opt out privacy address.

Cpt_Teemo

xRIVALENx wrote: »

It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

Confirmed there ^

karthrag_inak

ADarklore wrote: »

Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

I've been a data scientist for >4 years and this is nothing "paranoid". You can prove via information theory beyond a certain level of doubt the required info to uniquely identify a user just by their browser configuration (i.e. fonts installed, browser type, etc.) and, using this information, any surfing behavior can be attributed by multiple sources to a single individual. This is some of the information redshell is collecting.

There are minimal laws restricting the sharing of this "innocuous" information so it can be shared with multiple interested parties with impunity, who can aggregate this data and build profiles of hundreds of millions of people with surprising accuracy. I've done this before.

People are surprisingly "linear" in their behavior, and very simple models can be used to not only connect seemingly diverse behaviors with high accuracy, but also to predict future behaviors. Using a single hidden layer NN I was able to predict future purchases for a large commercial website (sundance) with around 95% accuracy, among their hundreds of thousands of customers.

I was also able, with minimal effort, to link their desktop and mobile devices, which always broadcast timestamped geo location information, illustrating locations and timing patterns.

The stories I could tell. This is uncool.

black_celebration

Shall we leave ESO after this? Personally i prefer to do it.

Kuwhar

xRIVALENx wrote: »

It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

A few modifications to RedShell.dll and a patch should obfuscate the information being sent while still leaving the game in a operational state. Would be wonderful if RedShell would respond at their opt out privacy address.

Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

karthrag_inak

If you remove the dll, the game won't launch.

Cpt_Teemo

karthrag_inak wrote: »

If you remove the dll, the game won't launch.

Great Job ZoS

karthrag_inak

@ZOS_GinaBruno How come this invasive spyware was not announced in patch notes on may 24 (Which is when it was installed)? I do not want this on my machine - how do I remove it?

Cpt_Teemo

karthrag_inak wrote: »

@ZOS_GinaBruno How come this invasive spyware was not announced in patch notes on may 24? I do not want this on my machine - how do I remove it?

You can opt out but I would guess they'll cancel your connection to the game as if you were to delete the dll, which is pretty lame tbh no policy update or anything about the use of Spyware I saw at all

LumbermillOverlord

guys pls we need a guide how to disable this library

any FAQ?

Zinaroth

Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

Cpt_Teemo

Zinaroth wrote: »

Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

They did I already posted a pic of Redshell.dll from either version of game, and yeah we had no notice of it at all

ADarklore

Zinaroth wrote: »

Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

Cpt_Teemo

ADarklore wrote: »

Zinaroth wrote: »

Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

They gave zero notice to the users at all, that's bad.

karthrag_inak

In the process of decompiling redshell.dll using MS reflection. Will update with results.

Cpt_Teemo

ADarklore wrote: »

Zinaroth wrote: »

Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

Surprised how those "Lawyers" consider spyware legit modifications lol.

Kuwhar

karthrag_inak wrote: »

ADarklore wrote: »

Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

I've been a data scientist for >4 years and this is nothing "paranoid". You can prove via information theory beyond a certain level of doubt the required info to uniquely identify a user just by their browser configuration (i.e. fonts installed, browser type, etc.) and, using this information, any surfing behavior can be attributed by multiple sources to a single individual. This is some of the information redshell is collecting.

There are minimal laws restricting the sharing of this "innocuous" information so it can be shared with multiple interested parties with impunity, who can aggregate this data and build profiles of hundreds of millions of people with surprising accuracy. I've done this before.

People are surprisingly "linear" in their behavior, and very simple models can be used to not only connect seemingly diverse behaviors with high accuracy, but also to predict future behaviors. Using a single hidden layer NN I was able to predict future purchases for a large commercial website (sundance) with around 95% accuracy, among their hundreds of thousands of customers.

I was also able, with minimal effort, to link their desktop and mobile devices, which always broadcast timestamped geo location information, illustrating locations and timing patterns.

The stories I could tell. This is uncool.

The paranoia comes from the fact that this isnt the only company or service doing this. Microsoft does it on their OS, ZOS has access to everyone of our IP addresses, even if you run a VPN its still possible to track you down.

The overarching point is what could or would someone do with this data?

Im not particularly happy about it but i also dont understand the outrage, cookies on browsers, OS telemetry, bank loans, car loans, insurance, credit cards, HOSPITALS etc etc etc all have insanely more damaging info but nobody blinks an eye.