Maintenance for the week of March 25:
• [COMPLETE] ESO Store and Account System for maintenance – March 28, 9:00AM EDT (13:00 UTC) - 12:00PM EDT (16:00 UTC)

ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

  • Ohtimbar
    Ohtimbar
    ✭✭✭✭✭
    I look forward to blocking this redshell crapware by whatever means necessary.
    forever stuck in combat
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Ohtimbar wrote: »
    I look forward to blocking this redshell crapware by whatever means necessary.

    You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it
  • Ohtimbar
    Ohtimbar
    ✭✭✭✭✭
    Cpt_Teemo wrote: »
    Ohtimbar wrote: »
    I look forward to blocking this redshell crapware by whatever means necessary.

    You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it

    I've blocked it in the host file and elsewhere. No problems to report. l haven't analyzed game traffic in depth but I'm hopeful. If all else fails I'll scream bloody murder to customer service until I get an answer or they block me and lose my business forever.
    Edited by Ohtimbar on May 31, 2018 1:57PM
    forever stuck in combat
  • Marginis
    Marginis
    ✭✭✭✭✭
    Master race, indeed.

    There's nothing to say something similar or worse isn't in or coming to the console versions.
    @Marginis on PC, Senpai Fluffy on Xbox, Founder of Magicka. Also known as Kha'jiri, The Night Mother, Ma'iq, Jane Shepard, Damia, Kintyra, Zoor Do Kest, You, and a few others.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Ohtimbar wrote: »
    Cpt_Teemo wrote: »
    Ohtimbar wrote: »
    I look forward to blocking this redshell crapware by whatever means necessary.

    You can't do anything or else the game won't work they tried it in CE and if you try and block communications with Red Shell at all it disables that game and you won't be able to play it

    I've blocked it in the host file and elsewhere. No problems to report. l haven't analyzed game traffic in depth but I'm hopeful. If all else fails I'll scream bloody murder to customer service until I get an answer or they block me and lose my business forever.

    Maybe it could work differently how they set it up then not sure, maybe extra levels of security just incase people blocked it
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    https://redshell.io/home

    i just left this here
    i have a knowledge than ZOS added this spy utility into eso with latest patches

    enjoy new level of targeting ADs on main screen in a future

    I'm wondering how to tell if your computer has Redshell on it or not, cause i've been trying to look online and said you need programs to hunt it down rather than looking yourself?
  • ADarklore
    ADarklore
    ✭✭✭✭✭
    ✭✭✭✭✭
    Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

    I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!
    CP: 1930 ** ESO+ Gold Road ** ~~ Stamina Arcanist ~~ Magicka Warden ~~ Magicka Templar ~~ ***** Strictly a solo PvE quester *****
  • Ohtimbar
    Ohtimbar
    ✭✭✭✭✭
    Redshell has an opt out page

    "To opt out of game-based tracking please email us directly at privacy@redshell.io"
    I'll continue blocking it until I hear back from them.
    Edited by Ohtimbar on May 31, 2018 2:17PM
    forever stuck in combat
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Ohtimbar wrote: »
    Redshell has an opt-out page

    "To opt out of game-based tracking please email us directly at privacy@redshell.io"
    I'll continue blocking it until I hear back from them.

    Thanks
    Edited by Cpt_Teemo on May 31, 2018 2:16PM
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    ADarklore wrote: »
    Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

    I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

    I see nothing in the ToS about the use of Spyware
  • Kuwhar
    Kuwhar
    ✭✭✭✭
    Is this strictly for the steam version? Or both launcher and steam versions?
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    it resides in here :

    *\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client

    and a copy here :

    *\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client\debug

    very uncool.
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions
  • Kuwhar
    Kuwhar
    ✭✭✭✭
    it resides in here :

    *\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client

    and a copy here :

    *\steam\steamapps\common\Zenimax Online\The Elder Scrolls Online\game\client\debug

    very uncool.

    Ok cool, moral of the story: dont use steam
  • xRIVALENx
    xRIVALENx
    ✭✭✭
    It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

    A few modifications to RedShell.dll and a patch should obfuscate the information being sent while still leaving the game in a operational state. Would be wonderful if RedShell would respond at their opt out privacy address.
    Edited by xRIVALENx on May 31, 2018 2:47PM
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    xRIVALENx wrote: »
    It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

    Confirmed there ^

    I0t1YK7.jpg
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    ADarklore wrote: »
    Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

    I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

    I've been a data scientist for >4 years and this is nothing "paranoid". You can prove via information theory beyond a certain level of doubt the required info to uniquely identify a user just by their browser configuration (i.e. fonts installed, browser type, etc.) and, using this information, any surfing behavior can be attributed by multiple sources to a single individual. This is some of the information redshell is collecting.

    There are minimal laws restricting the sharing of this "innocuous" information so it can be shared with multiple interested parties with impunity, who can aggregate this data and build profiles of hundreds of millions of people with surprising accuracy. I've done this before.

    People are surprisingly "linear" in their behavior, and very simple models can be used to not only connect seemingly diverse behaviors with high accuracy, but also to predict future behaviors. Using a single hidden layer NN I was able to predict future purchases for a large commercial website (sundance) with around 95% accuracy, among their hundreds of thousands of customers.

    I was also able, with minimal effort, to link their desktop and mobile devices, which always broadcast timestamped geo location information, illustrating locations and timing patterns.

    The stories I could tell. This is uncool.
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions
  • black_celebration
    black_celebration
    ✭✭✭
    Shall we leave ESO after this? Personally i prefer to do it.
    let's have a black celebration
    tonight
    to celebrate the fact
    that we've seen the back
    of another black
    day
  • Kuwhar
    Kuwhar
    ✭✭✭✭
    xRIVALENx wrote: »
    It is installed with the non-steam version as well @Kuwhar, checking Process Explorer for loaded Dynamic Link Libraries will verify that it does indeed load when launching the game.

    A few modifications to RedShell.dll and a patch should obfuscate the information being sent while still leaving the game in a operational state. Would be wonderful if RedShell would respond at their opt out privacy address.

    Nooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    If you remove the dll, the game won't launch.
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    If you remove the dll, the game won't launch.

    Great Job ZoS
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    @ZOS_GinaBruno How come this invasive spyware was not announced in patch notes on may 24 (Which is when it was installed)? I do not want this on my machine - how do I remove it?
    Edited by karthrag_inak on May 31, 2018 3:02PM
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    @ZOS_GinaBruno How come this invasive spyware was not announced in patch notes on may 24? I do not want this on my machine - how do I remove it?

    You can opt out but I would guess they'll cancel your connection to the game as if you were to delete the dll, which is pretty lame tbh no policy update or anything about the use of Spyware I saw at all
  • LumbermillOverlord
    LumbermillOverlord
    ✭✭✭
    guys pls we need a guide how to disable this library

    any FAQ?
  • Zinaroth
    Zinaroth
    ✭✭✭✭✭
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    Zinaroth wrote: »
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

    They did I already posted a pic of Redshell.dll from either version of game, and yeah we had no notice of it at all
  • ADarklore
    ADarklore
    ✭✭✭✭✭
    ✭✭✭✭✭
    Zinaroth wrote: »
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

    Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.
    CP: 1930 ** ESO+ Gold Road ** ~~ Stamina Arcanist ~~ Magicka Warden ~~ Magicka Templar ~~ ***** Strictly a solo PvE quester *****
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    ADarklore wrote: »
    Zinaroth wrote: »
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

    Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

    They gave zero notice to the users at all, that's bad.
  • karthrag_inak
    karthrag_inak
    ✭✭✭✭✭
    ✭✭
    In the process of decompiling redshell.dll using MS reflection. Will update with results.
    PC-NA : 19 Khajiit and 1 Fishy-cat with fluffy delusions
  • Cpt_Teemo
    Cpt_Teemo
    ✭✭✭✭✭
    ✭✭✭
    ADarklore wrote: »
    Zinaroth wrote: »
    Yeah well if this is true then according to the GDPR demands ZOS will have to give us EU players full transparency on what data they are collecting and what they are using it for - which we will need to accept before they are allowed to collect this data. They will also have to give us a way to 100 % guaranteed delete any information they gathered from us without prior notice at any point we want - as many times as we want.

    If it is indeed true that they did this without telling us they are already breaking the GDPR demands - which is in violation with European law and punishable by huge fines leading up to a ban of their services in the entire region if they do not adhere.

    Yes I know, because ZOS, or rather, ZENIMAX, doesn't have enough money to have expensive lawyers who comb through all the laws before implementing anything.

    Surprised how those "Lawyers" consider spyware legit modifications lol.
  • Kuwhar
    Kuwhar
    ✭✭✭✭
    ADarklore wrote: »
    Wow... I swear, all the paranoid people out there... now I know why so many people actually believe conspiracy theories.

    I'm sure ZOS' TOS that we agree to, and they recently updated, includes a provision for them to utilize this. If you accepted the TOS, then you agreed to it, if you block it, then by all means they have the right to block access to THEIR game. If you wish to quit because of it, SEE YA!

    I've been a data scientist for >4 years and this is nothing "paranoid". You can prove via information theory beyond a certain level of doubt the required info to uniquely identify a user just by their browser configuration (i.e. fonts installed, browser type, etc.) and, using this information, any surfing behavior can be attributed by multiple sources to a single individual. This is some of the information redshell is collecting.

    There are minimal laws restricting the sharing of this "innocuous" information so it can be shared with multiple interested parties with impunity, who can aggregate this data and build profiles of hundreds of millions of people with surprising accuracy. I've done this before.

    People are surprisingly "linear" in their behavior, and very simple models can be used to not only connect seemingly diverse behaviors with high accuracy, but also to predict future behaviors. Using a single hidden layer NN I was able to predict future purchases for a large commercial website (sundance) with around 95% accuracy, among their hundreds of thousands of customers.

    I was also able, with minimal effort, to link their desktop and mobile devices, which always broadcast timestamped geo location information, illustrating locations and timing patterns.

    The stories I could tell. This is uncool.

    The paranoia comes from the fact that this isnt the only company or service doing this. Microsoft does it on their OS, ZOS has access to everyone of our IP addresses, even if you run a VPN its still possible to track you down.

    The overarching point is what could or would someone do with this data?

    Im not particularly happy about it but i also dont understand the outrage, cookies on browsers, OS telemetry, bank loans, car loans, insurance, credit cards, HOSPITALS etc etc etc all have insanely more damaging info but nobody blinks an eye.
Sign In or Register to comment.