ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Mureel

dbl post

TheMythicDawn

everyone need to join me in game and on your server to spread this message in zone chat ZOS has put spyware on your computer!!!

spread the message in game!!!

xRIVALENx

For those that are interested in the opt-out, here is the response from RedShell:

Sorry for the delay in response here. We were working with Bethesda to determine how you can pull the Bethesda Account ID we need from you to implement the opt-out for ESO in particular. Hopefully we will have it all sorted by EOD.

In general though, in order to opt you out from tracking we need to know your SteamID64. You can find this ID if you don't already know it using a website like https://steamidfinder.com/. That can at least get us started while we are waiting to hear back from the Bethesda team.

karthrag_inak

You need to also make sure that they are aware, explicitly, that you do not approve of any use of your information they may have already collected.

Cpt_Teemo

xRIVALENx wrote: »

For those that are interested in the opt-out, here is the response from RedShell:

Sorry for the delay in response here. We were working with Bethesda to determine how you can pull the Bethesda Account ID we need from you to implement the opt-out for ESO in particular. Hopefully we will have it all sorted by EOD.

In general though, in order to opt you out from tracking we need to know your SteamID64. You can find this ID if you don't already know it using a website like https://steamidfinder.com/. That can at least get us started while we are waiting to hear back from the Bethesda team.

Wonder how you can opt out if your using non steam version

xRIVALENx

From what I understand, currently it is not possible...

karthrag_inak

wonder why nobody @ZOS has even acknowledged this. Sort of a big deal - ZOS's eula does not cover 3rd party behavior they facilitate.

Rickter

man i didnt read through all the pages but they did tell us that in a recent patch (like right before or right at dragonbones) that they would be collecting data for ads

xRIVALENx

Further response from RedShell:

Just heard back from Bethesda. It sounds like if you can provide either the email address or the user name tied to your account and they can provide us with the internal ID we need. If you can provide that I'll get the process started on the Bethesda end and give you an update as soon as the optout is done.


*Edit*
=====
The opt-out address is as follows: privacy@redshell.io

Radinyn

I love how people here are crying because ESO added this thing, if you are here on the internet you were really spied in every possible way xD. There's nothing to fear, noone is going to come to your house and rob you because of it. Cheers.

Cpt_Teemo

Rickter wrote: »

man i didnt read through all the pages but they did tell us that in a recent patch (like right before or right at dragonbones) that they would be collecting data for ads

I looked in the forum history and no post whatsoever came up except this one that involved Redshell

Raideen

Merlin13KAGL wrote: »

You mean, like public forums?

*Yawn*

https://en.wikipedia.org/wiki/Social_media

I do not use facebook, myspace, Instagram, twitter or any other form of free service that is referred to as "social media".
When people refer to social media, they are not referring to every day forums. You assumed that the people of a technologically advanced society would want to use the tools and services available to them, I think its safe to say that with your profound knowledge of the internet that when someone uses the term "social media", they are not referring to generic forums, which this one is.

*Yawn*

Merlin13KAGL wrote: »

My assumption is that in the technologically advanced society we have access to that people would want to use all the tools available to them. The internet being a pretty big tool, in that regard.

I don't like to assume anything. You know the saying and if you don't look it up.

Merlin13KAGL wrote: »

I doubt (and I'm assuming here) anyone here doesn't use the internet for anything useful.

I don't recall that being part of the argument.

Merlin13KAGL wrote: »

In fact, Insert some irony here: If not for the internet, neither of you would currently be aware of this horrible thing on the internet.

And this is your attempt to interject that I am an off grid conspiracy nut (again to deflect attention away from my position). I never once made the position that the internet is bad, good or anything otherwise. I simply explained that I use caution when using the internet in many cases....but again, we know (and now so does the rest of the community) that you only made your post in an attempt to label me.

Merlin13KAGL wrote: »

You can think you're flying "under the radar" however much you like. I think you'd find you're mistaken.

Another terrible assumption on your behalf (hint: my sibling is the head of network security for one of the worlds largest telecoms.)

Merlin13KAGL wrote: »

Use the tools. Don't use the tools.

Using a tool and being tracked without your consent are two completely unrelated things.

Merlin13KAGL wrote: »

Everyone will go on without skipping a beat.

Not me, not others in this forum, not my significant other.

Merlin13KAGL wrote: »

(I'm just advocating that either choice you make, you're informed enough and understand enough to know why that's your choice. And if you're not, guess what, it's conjecture not based on fact. Pretty sure that's the textbook definition of "Conspiracy," certainly the definition of "theory.")
Except in this example of Zos tracking our data, people did not know about it. Well now we do.

Merlin13KAGL wrote: »

Insert more irony: This part:

Their slanderous remarks in this regard is to make people who do not like data tracking to look like conspiracy theorists (which is defaming) so that our opinions do not hold weight to the mass readership.

is, itself, a conspiracy theory.

How awesome is that?

Well except that you DID make an attempt to slander and label me with the idea of being a conspiracy theorist.

No conspiracy here folks, just some people who think they need to assert some form of damage control before this thread reaches the mass game population.

Raideen

Mureel wrote: »

Raideen wrote: »

Mureel wrote: »

Marginis wrote: »

Mureel wrote: »

TelvanniWizard wrote: »

LumbermillOverlord wrote: »

yes, but i personally dont like this behaviour

Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

Why would a business otherwise exist?

To benefit society by offering a good or service not otherwise provided in a responsible and ethical fashion?

There is nothing unethical about a business existing for profit.

Why an organisation would exist is your thing.

The bottom line of any business who wants to stay in business IS the bottom line.

Bummer, but true.

Who are you to determine what is ethical and what is not? Honest question because if the other poster feels its unethical, that is their right as an opinion and its not your right to take that from them.

You need to reread, carefully. I never said a damn thing about what they said; I put forth my OWN opinion, and I use the word BUSINESS like the dictionary does. Not in some snowflake way that doesn't mean what it means.

Bethesda is a BUSINESS. Not an organisation. As such its entire POINT OF EXISTENCE - such as any business, is to make money.
That is a fact, not an opinion.

My opinion is that there is nothing unethical in a business existing for profit.

Incorrect.

https://www.entrepreneur.com/encyclopedia/nonprofit-corporation

yodased

Yes, they specifically reqrote their eula, tos and code of conduct for summerset.

Playing a game that i paid for, in my opinion, should not open me up to unsolicited advertising. Nor should my usage data or hardware data be shared with 3rd parties without explicit consent.

You know how google asks you plain as day if they can track you? If you say no. They dont. I mean you are still tracked. But google specific is turned off.

Its shady as hell to even do it. To slide it in a new update without clearly letting the players know there are changes to the data shared and collected, without clear ways to turn it off have shown me all i need to really know about the company behind the choice.

This isnt even really a privacy issue for me. All traffic in and out of my box is very, very protected.

The issue is the blackhat way this is implemented.

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

Really, whatever if you dont lile me and are happy, fine. Me not being here makes no differen e, and as to why i am posting here, i was spe ifically asked to look into this by a concerned player and found the thread.

Tl;dr really weigh the fun you have in game vs the business practices you are supporting.

Elsonso

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

Cpt_Teemo

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

EU Population: 2.5m 24 hours ago.
EU Population: 0 24 hours later.

Doh, thanks ZoS

Elsonso

Cpt_Teemo wrote: »

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

EU Population: 2.5m 24 hours ago.
EU Population: 0 24 hours later.

Doh, thanks ZoS

One of the scary things about GDPR is that, with complete compliance, EU citizens can happily pester them with requests and demands related to privacy, what they collect, who they share with, and then demand that all of that information be deleted, not just from ZOS but from every single party that it gets shared with. ZOS/Bethesda must answer and comply, and they have a finite amount of time to do so.

This is why it takes some real guts to roll out a player profiling system right now. It is like putting up a sign saying, "please, we want test our GDPR response system, have at it."

Minno

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

How do you block this on other games?

yodased

Minno wrote: »

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

How do you block this on other games?

If you use the hosts file fix i posted and they put on the first page of this thread, it redirects all traffic originating from or sending to that host to 0.0.0.0 which is a blackhole.

The packets are received, but are routed into the void. No port will speak to that server, so any game using would be blocked as well.

Minno

yodased wrote: »

Minno wrote: »

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

How do you block this on other games?

If you use the hosts file fix i posted and they put on the first page of this thread, it redirects all traffic originating from or sending to that host to 0.0.0.0 which is a blackhole.

The packets are received, but are routed into the void. No port will speak to that server, so any game using would be blocked as well.

Thanks! Going to do this tonigh. I abhor having my internet used for things that make companies profit (unless of course they want to help pay my internet bill every month, then I'll gladly let them lol).

stargazer69

yodased wrote: »

Minno wrote: »

lordrichter wrote: »

yodased wrote: »

I knew they were shady, but liked the game so overlooked it, but if they gonna slide into this f2p data selling mindset i gotta bounce before it gets worse.

I aggressively block redshell, and have for a while now. This is not the first game that it has popped up on.

In the era of GDPR, I will say that it takes some cojones to roll this out. Compliant or not, I would imagine that there are people in the EU that will make a stink over this just because they can.

How do you block this on other games?

If you use the hosts file fix i posted and they put on the first page of this thread, it redirects all traffic originating from or sending to that host to 0.0.0.0 which is a blackhole.

The packets are received, but are routed into the void. No port will speak to that server, so any game using would be blocked as well.

The addition of something like Pihole can block this from all your devices

Syncronaut

Hey guys small update. I got contacted back by a R.S. employe:

Email 1:
Hi Insertnamehere,
We were working with Bethesda to determine how you can pull the Bethesda Account ID we need from you to implement the opt-out for ESO in particular. Hopefully we will have it all sorted by EOD.

In general though, in order to opt you out from tracking we need to know your SteamID64. You can find this ID if you don't already know it using a website like https://steamidfinder.com/. That can at least get us started while we are waiting to hear back from the Bethesda team.

Let me know if you have any questions,
The employe

Email 2:
Hi Insertnamehere,
Just heard back from Bethesda. It sounds like if you can provide either the email address or the user name tied to your account and they can provide us with the internal ID we need. If you can provide that I'll get the process started on the Bethesda end and give you an update as soon as the optout is done.

So yes, you can remove the information like this no-problem. Contacting Zos via email is probaly pointless as they watch this thread. Just use this page: https://redshell.io/optout?success=1

Also Tos (EULA) doesnt work very well against the law, if its found out that is illegall.
https://account.elderscrollsonline.com/eula

(i dont see any mention of a add program installed on pc, just anti-cheat software)
Consent to Monitor.

THE GAME MAY MONITOR YOUR COMPUTER OR CONSOLE, INCLUDING ITS MEMORY FOR UNAUTHORIZED PROGRAMS RUNNING CONCURRENTLY WITH THE GAME. AN "UNAUTHORIZED PROGRAM" IS ANY SOFTWARE PROHIBITED BY THE LICENSE LIMITATIONS SET FORTH ABOVE. IN THE EVENT THAT THE GAME DETECTS AN UNAUTHORIZED PROGRAM, THE GAME MAY (a) COMMUNICATE INFORMATION BACK TO ZENIMAX, INCLUDING WITHOUT LIMITATION YOUR ACCOUNT NAME, DETAILS ABOUT THE UNAUTHORIZED PROGRAM DETECTED, AND THE TIME AND DATE; AND/OR (b) EXERCISE ANY OR ALL OF ITS RIGHTS UNDER THIS AGREEMENT, WITH OR WITHOUT PRIOR NOTICE TO THE USER.

ALL PERSONAL INFORMATION COLLECTED AND PROCESSED BY ZENIMAX AS PART OF THE ACTIVITIES SET OUT IN THIS CLAUSE 6 WILL BE COLLECTED AND PROCESSED IN ACCORDANCE WITH THE ZENIMAX PRIVACY POLICY.

The ZeniMax Terms of Service and the ZeniMax Privacy Policy include further terms and conditions applicable to the accessing, monitoring and recording of activities and communications on the Service including when ZeniMax may report incidents to law enforcement and other authorities.

You consent to ZeniMax uploading CPU, operating system, video card, sound card and memory information from your computer and console to analyze and optimize your Game experience, improve and maintain the Game and/or provide you with customer service. Furthermore, if you request any technical support, you consent to ZeniMax remotely accessing and reviewing the computer and console onto which you have loaded the Game Client for purposes of providing technical support and debugging.

Solely for the purpose of patching and updating the Game and/or Game Client and ensuring the integrity of the Game, you hereby grant ZeniMax permission to (i) upload Game-related file information and data from the Game directory and (ii) download Game files to you.

You agree that any and all Game related character data is stored and is resident on ZeniMax computers and servers, and any and all communications that you make within the Game (including, but not limited to, messages solely directed at another player or group of players) traverse through ZeniMax computers and servers, may or may not be monitored by us or our agents, you have no expectation of privacy in any such communications and expressly consent to such monitoring of communications you send and receive.

karthrag_inak

Re: host blocking : this is fine if they are routing the telemetry info through redshell. If, however, they are just using redshell's api to scrape computer info, they may be routing it back to -their- server (ZOS) along with game info. which, ironically, would contribute to lag (obviously).

Minno

karthrag_inak wrote: »

Re: host blocking : this is fine if they are routing the telemetry info through redshell. If, however, they are just using redshell's api to scrape computer info, they may be routing it back to -their- server (ZOS) along with game info. which, ironically, would contribute to lag (obviously).

Which makes this entire thing funny lol.

"Remove lag" - players
"Ok!" - zos
::Adds data mining service that piggy backs on both mega server and players ISP::

billp_ESO

It's definitely not as fun to play when you know they have installed 3rd party spyware on your computer without your consent.

And they won't even comment on how they use the data they gather.

edit: Canceled my 6 month sub until I get some reassurance.

yodased

karthrag_inak wrote: »

Re: host blocking : this is fine if they are routing the telemetry info through redshell. If, however, they are just using redshell's api to scrape computer info, they may be routing it back to -their- server (ZOS) along with game info. which, ironically, would contribute to lag (obviously).

They cant figure out udp/tcpip and you think they are pinging endpoints correctly?

My opinion this company is plug n play and are not using resources to create functions that a 3rd party provides them. Just my opinion

Kelces

I don't like possible impicatiins of this either, but that's anything but new - Blizzard entertainment for example has their version of this: https://www.schneier.com/blog/archives/2005/10/blizzard_entert.html

You want for ZoS to take efficient actions against cheaters of any sort? Well, imagine how you would try to accomplish that, if YOU were in charge of this game and regularely get pestered about not doing anything...

Sure, some things are far from optimal, but often if not always the smartest programmers don't make the major decisions.

Caran

Um ... first time I hear RedShell in the context of "anti-cheat tool" ... please elaborate.

Alinhbo_Tyaka

karthrag_inak wrote: »

Re: host blocking : this is fine if they are routing the telemetry info through redshell. If, however, they are just using redshell's api to scrape computer info, they may be routing it back to -their- server (ZOS) along with game info. which, ironically, would contribute to lag (obviously).

Or we have to start chasing redshell hostname changes after every update.

billp_ESO

What I want to hear from ZoS is :

1) we are using your preference for red shirts and blue pants to tailor our Crown store offerings.

2) we are not selling your preference for red shirts and blue pants to other 3rd parties who may tailor their advertising based on that.

3) the software loaded does not inspect other software, such as browsing history, cookies, etc

4) we take legal responsibility for any abuse of your personal information by the 3rd party software we bundle with our game.