Maintenance for the week of December 23:
• NA megaservers for maintenance – December 23, 4:00AM EST (9:00 UTC) - 9:00AM EST (14:00 UTC)
• EU megaservers for maintenance – December 23, 9:00 UTC (4:00AM EST) - 14:00 UTC (9:00AM EST)

ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

  • Marginis
    Marginis
    ✭✭✭✭✭
    ZOS wants to spy on me and learn about my super secret pr0nz?

    Fine. Maybe they can give some suggestions.

    You get an insightful for this... although I'm not sure that's a good thing.
    @Marginis on PC, Senpai Fluffy on Xbox, Founder of Magicka. Also known as Kha'jiri, The Night Mother, Ma'iq, Jane Shepard, Damia, Kintyra, Zoor Do Kest, You, and a few others.
  • Mureel
    Mureel
    ✭✭✭✭✭
    ✭✭✭
    yes, but i personally dont like this behaviour

    Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

    Why would a business otherwise exist?
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

    Thanks this should help. I was thinking of compiling my own redshell.dll that is just a return(0) to work around the problem.

    I liked that idea too, but blocking in hosts seems to work, at least until they build in some kind of verification of connectivity.
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions. cp3600
    GM of Imperial Gold Reserve trading guild (started in 2017) since 2/2022
    Come visit Karth's Glitter Box, Khajiit's home. Fully stocked guild hall done in sleek Khajiit stylings, with Grand Master Stations, Transmute, Scribing, Trial Dummies, etc. Also has 2 full bowling alleys, nightclub, and floating maze over Wrothgar.
  • Marginis
    Marginis
    ✭✭✭✭✭
    Mureel wrote: »
    yes, but i personally dont like this behaviour

    Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

    Why would a business otherwise exist?

    To benefit society by offering a good or service not otherwise provided in a responsible and ethical fashion?
    @Marginis on PC, Senpai Fluffy on Xbox, Founder of Magicka. Also known as Kha'jiri, The Night Mother, Ma'iq, Jane Shepard, Damia, Kintyra, Zoor Do Kest, You, and a few others.
  • Kuwhar
    Kuwhar
    ✭✭✭✭
    Kuwhar wrote: »

    I know all about facebook and google, and yahoo, and microsoft, and apple, and verizon, att, etc etc etc.

    I just love the irony of everyone getting crazy about aggregate anonymous information gathering, while using Windows OS which gather far more personal info on a much larger scale.

    I assume everyone here complaining clears their cookies and cache whenever they end a browser session?

    Just stop trying to attach some nefarious intentions behind this.

    apparently you don't know "all about" any of those you mentioned, if you think that clearing your cache and your cookies is a meaningful remedy. You can build a unique online id/profile without any cookie data whatsoever, as I posted above, and that's with desktop browsers. It's even easier with mobile devices, which include timestamped geolocation information in every packet.

    and there's nothing ironic about pointing this out. those of us doing so probably are more than aware, and have taken all necessary and appropriate steps to remedy, windows' built in telemetry gathering. don't ascribe to others ignorance that you exhibit. in fact, perhaps you out to attempt to enlighten yourself instead of dismissing something you obviously have minimal understanding of?

    Jesus dude, my point wasnt that clearing cookie/cache is the end all be all, and that i know everything about data collection. I meant i know that all those companies are data mining and tracking everything they can to try and sell it.

    The main point was that i doubt all the people complaining actually take it as seriously as they make it out to be and jump through all the hoops to maintain complete anonymity online.

    And nice omissions of my other points, have a good day sir.
  • Daimmyo
    Daimmyo
    ✭✭✭
    Is this under terms of use and privacy policy on ESO?

    Is it visible, recognizable?

    By GDPR you should be able to opt out from this and still be able to use ESO app?
  • Caran
    Caran
    ✭✭✭
    Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Caran wrote: »
    Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

    Love how some don't claim it doesn't affect anyone even though it might be small right now and barely feeding any data, whose to tell what they can do it in the future without us knowing and being able to obtain even more data.
  • VexingArcanist
    VexingArcanist
    ✭✭✭✭
    ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

    You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

    See if that gets ZOS motivated.
  • TequilaFire
    TequilaFire
    ✭✭✭✭✭
    ✭✭✭✭✭
    Interesting, over on the Conan Exiles forum a community manager announced on May 8 that they were removing Redshell from the game after users discovered it and made a public outcry on the forum.
    https://forums.funcom.com/t/why-are-conan-exiles-sending-data-to-redshell/5043/18
    Edited by TequilaFire on May 31, 2018 7:24PM
  • Colecovision
    Colecovision
    ✭✭✭✭✭
    Does using a separate computer or separate windows user help?

    My computer is just for gaming. The user for eso only does eso. The web history only includes 4 eso related sites. They definitely already have that info from my addons. The other user is just my steam account. No friends or web usage there. That's already info in the data collection industry as well anyway.

    It might not be realistic for everyone to use a different computer, but a new user is certainly easy. Is that a simple solution for people that aren't going to mess with a dll file? You can't block what they already have. They can track what you do with them. The concern is the capability for expansion beyond that. Even if they say they won't now, sites get hacked, companies change hands, ect. If it's collected, assume it's got your name on it and it's shared/stolen.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

    You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

    See if that gets ZOS motivated.

    Doesn't matter, the Spyware is in base game too, even if from steam or not
    Edited by Cpt_Teemo on May 31, 2018 7:26PM
  • VexingArcanist
    VexingArcanist
    ✭✭✭✭
    Cpt_Teemo wrote: »
    ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

    You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

    See if that gets ZOS motivated.

    Doesn't matter, the Spyware is in base game too, even if from steam or not

    You want to bet it doesn't matter? People who go to read reviews to decide if they should buy a game is informed it comes with spyware used by a company that ISN'T the game company? Let me say if I read such a review I would leave that steam game page immediately.
    Edited by VexingArcanist on May 31, 2018 7:35PM
  • Katahdin
    Katahdin
    ✭✭✭✭✭
    ✭✭✭✭✭
    They seriously need it to know whether their marketing was successful?

    That's laughable

    If they cant already figure that out from, you know, sales and feedback from customers, then nothing will help them, least of all this.
    Beta tester November 2013
  • daryl.rasmusenb14_ESO
    Just rename the file to .old. It worked.
  • Wreuntzylla
    Wreuntzylla
    ✭✭✭✭✭
    ✭✭
    I sympathize with security concerns. That's why I have a dedicated gaming computer that I also use to visit online shopping plazas, where I look at the lowest rated items and buy the worst of the worst.

    Having said that and now playing the Devil's advocate, companies like Amazon know what you are looking at and buying. Some even sell the data. If I understand correctly, ZoS is trying to level the playing field. The only reason I worry about nefarious plots is because we only know about this through data mining.

    It's just like with the 'DLC' v. 'chapter' controversy. It's not so much what ZoS is doing as it is how ZoS goes about it. Shady actions breed suspicion. If they would just come out and tell us, people would still riot in the streets, but at least ZoS would have our trust. As it stands now, I wouldn't trust ZoS to protect two pennies let alone my data...
    Edited by Wreuntzylla on May 31, 2018 7:51PM
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Cpt_Teemo wrote: »
    ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

    You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

    See if that gets ZOS motivated.

    Doesn't matter, the Spyware is in base game too, even if from steam or not

    You want to bet it doesn't matter? People who go to read reviews to decide if they should buy a game is informed it comes with spyware used by a company that ISN'T the game company? Let me say if I read such a review I would leave that steam game page immediately.

    No I meant it installs to both non steam version and steam what I was trying to say
  • Alinhbo_Tyaka
    Alinhbo_Tyaka
    ✭✭✭✭✭
    ✭✭
    I decided to do a netstat to see what the redshell connections looked like. They sure open a lot of listeners. 16 by my count. There seems to be a lot more going on than just sending a bit of data back to the redshell servers.
  • Caran
    Caran
    ✭✭✭
    Just rename the file to .old. It worked.

    Hm ... didn't for me.
  • Merlin13KAGL
    Merlin13KAGL
    ✭✭✭✭✭
    ✭✭✭✭
    I completely understand myself

    I know exactly how Windows Activation works. They take hashes of your CPU, Motherboard, Hard Drive and other parts and use those parts to create a secret key that is used to activate Windows on that set of hardware. Most times you can change almost any part but the motherboard before it requires you to call MS or re-activate Windows as there is "leeway" in the hardware id algorithm they use so you don't have to re-activate for swapping a hard drive for example.

    Your comparing Apple's to Oranges here...Activating a Copy of Windows has nothing in common in with playing an online game or data mining the way this Redshell dll is.

    I am not deluded in the slightest, of course Google analyzes data, but they also make it easy to opt out, and they also didn't bundle a new .DLL program in their latest version of Chrome to harvest all my hardware, harvest all my hardware serial numbers
    Except you clearly don't. They're not harvesting, they're hashing, creating a UID based on that information, in much the same way Windows does. Client side, when certain things happen, say you look at the details of a crown store item, the 'transaction' is logged to a redshell server under that UID.

    Web side, cookies collect the same information and create the same UID, and they log any 'clicks/views' of interest relevant to the original company product/marketing and those get sent to a redshell server under that UID.

    Redshell then puts the info together (because they're clearly related) and provides that information to the client (ZoS), say UID (Not this user, with this information we stole) made these associations based on marketing you tried.

    Marketing can then see that user with UID was potentially interested in pretty pink dresses in the crown store, but not so interested in the daedric furniture collection.

    It's not taking half of what you seem to think it's taking, and the information only goes to the original client (ZoS).

    If you insist on being that worried about what's not happening here, feel free to exit via the door. If the door makes you too paranoid, perhaps the window?

    Give me a break.
    if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

    https://nofile.io/f/38euVu05rMw/redshell.cpp

    it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.
    If you're feeling frisky, I believe there is a reference to the redshell API available right on the redshell.io website.

    No need to necessarily reverse engineer, they freely give the important parts, as they want Devs and marketing teams to use their product.

    Just because you don't like the way something is doesn't necessarily make it wrong...

    Earn it.

    IRL'ing for a while for assorted reasons, in forum, and in game.
    I am neither warm, nor fuzzy...
    Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS
  • Merlin13KAGL
    Merlin13KAGL
    ✭✭✭✭✭
    ✭✭✭✭
    Ever notice how you're browsing one web page, and later if you go to a completely unrelated webpage that side ads for the first one might suddenly pop up?

    This is kind of what redshell is doing, helping make connections between item A and item B. The only one that gets this information is ZoS.

    It's not getting sold to the highest bidder on the big, bad interwebs.

    People are making it out to be way more than it is.
    Just because you don't like the way something is doesn't necessarily make it wrong...

    Earn it.

    IRL'ing for a while for assorted reasons, in forum, and in game.
    I am neither warm, nor fuzzy...
    Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS
  • Lord_Ninka
    Lord_Ninka
    ✭✭✭
    https://account.elderscrollsonline.com/privacy-policy

    We all agreed to their terms of services, including their privacy policy, and that clearly says they collect just about all the information they legally can and may use it for anything they legally can without our consent. Personally I would prefer to pay the price for the game with money instead of data, but as far as I can tell there's nothing unusual about this and ZOS does not hide it, on the contrary they make you agree to all this bs. And all this crappy but legal spying is pretty normal, unfortunately.
  • Ley
    Ley
    ✭✭✭✭✭
    So ESO collects marketing data like 90% of the apps people have on their phones, social media, pretty much every major website... It would be nice to be prompted about this change and be given the option to opt out but I'm not losing any sleep over this.

    People complain that ZOS's marketing strategies are lack luster. People accuse them of basing their marketing strategies on random "this seems like a good idea" moments and yet complain about them collecting data to improve marketing strategies.
    Leylith - MagSorc | Leyloth - StamPlar | Leynerd - MagPlar | Leylit - StamBlade | Ley Eviticus - StamDK | Leydor - MagDen | Leylum - StamSorc | Leylux - MagBlade
  • Wreuntzylla
    Wreuntzylla
    ✭✭✭✭✭
    ✭✭

    The only way to fight it now is legislatively, or in similar manner.

    Or make the data useless. There are many ways to fight invasive behavior...
  • InvitationNotFound
    InvitationNotFound
    ✭✭✭✭✭
    @ZOS_GinaBruno
    Are you guys seriously *** up in the head now?
    This *** is considered spyware / malware without a direct option to opt-out (opt-in would be the correct way).

    This *** has access to my pc with the same rights as eso is running and can collect whatever it wants.

    Their opt out is a joke. How fishy is it, when they have a page saying send a mail to opt-out? How the *** did they get my mail address in the first place? or how do they know how to associate it with my pc? my email address isn't any of their business in the first place.

    Any lawyers here? Since 25.5.2018 the DSGVO is in place for EU, which imho prohibits quite a lot of *** and companies have to state exactly what they are doing with the data and how they collect it, which i doubt is the case here and could be fined by up to 4% of the annual revenue up to 40m. Could anyone with some law background verify this please? ;)
    We want firing off Dark Exchange in the middle of combat to feel awesome... - The Wrobler
    You know you don't have to be here right? - Rich Lambert
    Verrätst du mir deinen Beruf? Ich würde auch gerne mal Annahmen dazu schreiben, wie simple die Aufgaben anderer sind. - Kai Schober

    Addons:
    RdK Group Tool: esoui DE EN FR
    Port to Friend's House: esoui DE EN FR - Library: DE EN
    Yet another Compass: esoui DE EN FR
    Group Buffs: esoui DE EN FR
  • Raideen
    Raideen
    ✭✭✭✭✭
    ✭✭✭
    Caran wrote: »
    Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

    I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.


  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Raideen wrote: »
    Caran wrote: »
    Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

    I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.


    Same, even though it might not be bad now who knows if the company will switch hands or someone cracks into there servers
  • Merlin13KAGL
    Merlin13KAGL
    ✭✭✭✭✭
    ✭✭✭✭
    Raideen wrote: »
    Caran wrote: »
    Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

    I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.

    You're going to be very lonely without the internet.

    Or your cell phone.

    Or the US (insert country here) Mail...

    Just because you don't like the way something is doesn't necessarily make it wrong...

    Earn it.

    IRL'ing for a while for assorted reasons, in forum, and in game.
    I am neither warm, nor fuzzy...
    Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS
  • WarMasterCyp
    WarMasterCyp
    ✭✭✭
    https://redshell.io/home

    i just left this here
    i have a knowledge than ZOS added this spy utility into eso with latest patches

    enjoy new level of targeting ADs on main screen in a future

    guys we need a guide how to disable this library
    any programmers here who can do a short FAQ?

    P.S. @ZOS_GinaBruno lady you know not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of the European laws?

    HOWTO disable it, workaround:
    edit your host file on windows

    Press the Windows key.
    Type Notepad in the search field.
    In the search results, right-click Notepad and select Run as administrator.
    From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
    Make the necessary changes to the file.
    Click File > Save to save your changes.

    add

    0.0.0.0 api.redshell.io

    at the bottom

    This will block traffic from your computer to that server. You can block it from reporting through your modem or your router as well.

    You are correct the practice implemented is illegal in Europe.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    https://redshell.io/home

    i just left this here
    i have a knowledge than ZOS added this spy utility into eso with latest patches

    enjoy new level of targeting ADs on main screen in a future

    guys we need a guide how to disable this library
    any programmers here who can do a short FAQ?

    P.S. @ZOS_GinaBruno lady you know not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of the European laws?

    HOWTO disable it, workaround:
    edit your host file on windows

    Press the Windows key.
    Type Notepad in the search field.
    In the search results, right-click Notepad and select Run as administrator.
    From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
    Make the necessary changes to the file.
    Click File > Save to save your changes.

    add

    0.0.0.0 api.redshell.io

    at the bottom

    This will block traffic from your computer to that server. You can block it from reporting through your modem or your router as well.

    You are correct the practice implemented is illegal in Europe.

    Problem is ZoS isn't in Europe.
Sign In or Register to comment.