ZOS integrated spyware RedShell by mistake, deleted from live, still in PTS folder

Marginis · May 2018

PelinalWhitestrake wrote: »

ZOS wants to spy on me and learn about my super secret pr0nz?

Fine. Maybe they can give some suggestions.

You get an insightful for this... although I'm not sure that's a good thing.

Mureel · May 2018

TelvanniWizard wrote: »

LumbermillOverlord wrote: »

yes, but i personally dont like this behaviour

Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

Why would a business otherwise exist?

karthrag_inak · May 2018

Alinhbo_Tyaka wrote: »

karthrag_inak wrote: »

if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

https://nofile.io/f/38euVu05rMw/redshell.cpp

it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

Thanks this should help. I was thinking of compiling my own redshell.dll that is just a return(0) to work around the problem.

I liked that idea too, but blocking in hosts seems to work, at least until they build in some kind of verification of connectivity.

Marginis · May 2018

Mureel wrote: »

TelvanniWizard wrote: »

LumbermillOverlord wrote: »

yes, but i personally dont like this behaviour

Welcome to the club. Now, get cozy and comfy while nothing changes because they own the game and do whatever they feel like to earn more money, wich seems to be they sole, only, and unique objective right now.

Why would a business otherwise exist?

To benefit society by offering a good or service not otherwise provided in a responsible and ethical fashion?

Kuwhar · May 2018

karthrag_inak wrote: »

Kuwhar wrote: »

I know all about facebook and google, and yahoo, and microsoft, and apple, and verizon, att, etc etc etc.

I just love the irony of everyone getting crazy about aggregate anonymous information gathering, while using Windows OS which gather far more personal info on a much larger scale.

I assume everyone here complaining clears their cookies and cache whenever they end a browser session?

Just stop trying to attach some nefarious intentions behind this.

apparently you don't know "all about" any of those you mentioned, if you think that clearing your cache and your cookies is a meaningful remedy. You can build a unique online id/profile without any cookie data whatsoever, as I posted above, and that's with desktop browsers. It's even easier with mobile devices, which include timestamped geolocation information in every packet.

and there's nothing ironic about pointing this out. those of us doing so probably are more than aware, and have taken all necessary and appropriate steps to remedy, windows' built in telemetry gathering. don't ascribe to others ignorance that you exhibit. in fact, perhaps you out to attempt to enlighten yourself instead of dismissing something you obviously have minimal understanding of?

Jesus dude, my point wasnt that clearing cookie/cache is the end all be all, and that i know everything about data collection. I meant i know that all those companies are data mining and tracking everything they can to try and sell it.

The main point was that i doubt all the people complaining actually take it as seriously as they make it out to be and jump through all the hoops to maintain complete anonymity online.

And nice omissions of my other points, have a good day sir.

Daimmyo · May 2018

Is this under terms of use and privacy policy on ESO?

Is it visible, recognizable?

By GDPR you should be able to opt out from this and still be able to use ESO app?

Caran · May 2018

Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

Cpt_Teemo · May 2018

Caran wrote: »

Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

Love how some don't claim it doesn't affect anyone even though it might be small right now and barely feeding any data, whose to tell what they can do it in the future without us knowing and being able to obtain even more data.

VexingArcanist · May 2018

ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

See if that gets ZOS motivated.

TequilaFire · May 2018

Interesting, over on the Conan Exiles forum a community manager announced on May 8 that they were removing Redshell from the game after users discovered it and made a public outcry on the forum.
https://forums.funcom.com/t/why-are-conan-exiles-sending-data-to-redshell/5043/18

Colecovision · May 2018

Does using a separate computer or separate windows user help?

My computer is just for gaming. The user for eso only does eso. The web history only includes 4 eso related sites. They definitely already have that info from my addons. The other user is just my steam account. No friends or web usage there. That's already info in the data collection industry as well anyway.

It might not be realistic for everyone to use a different computer, but a new user is certainly easy. Is that a simple solution for people that aren't going to mess with a dll file? You can't block what they already have. They can track what you do with them. The concern is the capability for expansion beyond that. Even if they say they won't now, sites get hacked, companies change hands, ect. If it's collected, assume it's got your name on it and it's shared/stolen.

Cpt_Teemo · May 2018

VexingArcanist wrote: »

ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

See if that gets ZOS motivated.

Doesn't matter, the Spyware is in base game too, even if from steam or not

VexingArcanist · May 2018

Cpt_Teemo wrote: »

VexingArcanist wrote: »

ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

See if that gets ZOS motivated.

Doesn't matter, the Spyware is in base game too, even if from steam or not

You want to bet it doesn't matter? People who go to read reviews to decide if they should buy a game is informed it comes with spyware used by a company that ISN'T the game company? Let me say if I read such a review I would leave that steam game page immediately.

Katahdin · May 2018

They seriously need it to know whether their marketing was successful?

That's laughable

If they cant already figure that out from, you know, sales and feedback from customers, then nothing will help them, least of all this.

daryl.rasmusenb14_ESO · May 2018

Just rename the file to .old. It worked.

Wreuntzylla · May 2018

I sympathize with security concerns. That's why I have a dedicated gaming computer that I also use to visit online shopping plazas, where I look at the lowest rated items and buy the worst of the worst.

Having said that and now playing the Devil's advocate, companies like Amazon know what you are looking at and buying. Some even sell the data. If I understand correctly, ZoS is trying to level the playing field. The only reason I worry about nefarious plots is because we only know about this through data mining.

It's just like with the 'DLC' v. 'chapter' controversy. It's not so much what ZoS is doing as it is how ZoS goes about it. Shady actions breed suspicion. If they would just come out and tell us, people would still riot in the streets, but at least ZoS would have our trust. As it stands now, I wouldn't trust ZoS to protect two pennies let alone my data...

Cpt_Teemo · May 2018

VexingArcanist wrote: »

Cpt_Teemo wrote: »

VexingArcanist wrote: »

ZOS is gonna do the one thing they can do in response to the discovery: bury head in sand.

You want recourse? If you purchased the game on Steam go there and write a review with the headline of your review stating this game includes spyware provided by Redshell and packaged into the game by ZOS.

See if that gets ZOS motivated.

Doesn't matter, the Spyware is in base game too, even if from steam or not

You want to bet it doesn't matter? People who go to read reviews to decide if they should buy a game is informed it comes with spyware used by a company that ISN'T the game company? Let me say if I read such a review I would leave that steam game page immediately.

No I meant it installs to both non steam version and steam what I was trying to say

Alinhbo_Tyaka · May 2018

I decided to do a netstat to see what the redshell connections looked like. They sure open a lot of listeners. 16 by my count. There seems to be a lot more going on than just sending a bit of data back to the redshell servers.

Caran · May 2018

daryl.rasmusenb14_ESO wrote: »

Just rename the file to .old. It worked.

Hm ... didn't for me.

Merlin13KAGL · May 2018

RinaldoGandolphi wrote: »

I completely understand myself

I know exactly how Windows Activation works. They take hashes of your CPU, Motherboard, Hard Drive and other parts and use those parts to create a secret key that is used to activate Windows on that set of hardware. Most times you can change almost any part but the motherboard before it requires you to call MS or re-activate Windows as there is "leeway" in the hardware id algorithm they use so you don't have to re-activate for swapping a hard drive for example.

Your comparing Apple's to Oranges here...Activating a Copy of Windows has nothing in common in with playing an online game or data mining the way this Redshell dll is.

I am not deluded in the slightest, of course Google analyzes data, but they also make it easy to opt out, and they also didn't bundle a new .DLL program in their latest version of Chrome to harvest all my hardware, harvest all my hardware serial numbers

Except you clearly don't. They're not harvesting, they're hashing, creating a UID based on that information, in much the same way Windows does. Client side, when certain things happen, say you look at the details of a crown store item, the 'transaction' is logged to a redshell server under that UID.

Web side, cookies collect the same information and create the same UID, and they log any 'clicks/views' of interest relevant to the original company product/marketing and those get sent to a redshell server under that UID.

Redshell then puts the info together (because they're clearly related) and provides that information to the client (ZoS), say UID (Not this user, with this information we stole) made these associations based on marketing you tried.

Marketing can then see that user with UID was potentially interested in pretty pink dresses in the crown store, but not so interested in the daedric furniture collection.

It's not taking half of what you seem to think it's taking, and the information only goes to the original client (ZoS).

If you insist on being that worried about what's not happening here, feel free to exit via the door. If the door makes you too paranoid, perhaps the window?

Give me a break.

karthrag_inak wrote: »

if anyone is interested, the decompiled cpp file for redshell.dll (not the one in /debug/) is available here :

https://nofile.io/f/38euVu05rMw/redshell.cpp

it's not for the faint of heart, particularly since it has embedded library functionality and arcane structuring, but maybe some folks might enjoy attempting to rebuild/reinterpret it.

If you're feeling frisky, I believe there is a reference to the redshell API available right on the redshell.io website.

No need to necessarily reverse engineer, they freely give the important parts, as they want Devs and marketing teams to use their product.

Merlin13KAGL · May 2018

Ever notice how you're browsing one web page, and later if you go to a completely unrelated webpage that side ads for the first one might suddenly pop up?

This is kind of what redshell is doing, helping make connections between item A and item B. The only one that gets this information is ZoS.

It's not getting sold to the highest bidder on the big, bad interwebs.

People are making it out to be way more than it is.

Lord_Ninka · May 2018

https://account.elderscrollsonline.com/privacy-policy

We all agreed to their terms of services, including their privacy policy, and that clearly says they collect just about all the information they legally can and may use it for anything they legally can without our consent. Personally I would prefer to pay the price for the game with money instead of data, but as far as I can tell there's nothing unusual about this and ZOS does not hide it, on the contrary they make you agree to all this bs. And all this crappy but legal spying is pretty normal, unfortunately.

Ley · May 2018

So ESO collects marketing data like 90% of the apps people have on their phones, social media, pretty much every major website... It would be nice to be prompted about this change and be given the option to opt out but I'm not losing any sleep over this.

People complain that ZOS's marketing strategies are lack luster. People accuse them of basing their marketing strategies on random "this seems like a good idea" moments and yet complain about them collecting data to improve marketing strategies.

Wreuntzylla · May 2018

Doctordarkspawn wrote: »

The only way to fight it now is legislatively, or in similar manner.

Or make the data useless. There are many ways to fight invasive behavior...

InvitationNotFound · May 2018

@ZOS_GinaBruno
Are you guys seriously *** up in the head now?
This *** is considered spyware / malware without a direct option to opt-out (opt-in would be the correct way).

This *** has access to my pc with the same rights as eso is running and can collect whatever it wants.

Their opt out is a joke. How fishy is it, when they have a page saying send a mail to opt-out? How the *** did they get my mail address in the first place? or how do they know how to associate it with my pc? my email address isn't any of their business in the first place.

Any lawyers here? Since 25.5.2018 the DSGVO is in place for EU, which imho prohibits quite a lot of *** and companies have to state exactly what they are doing with the data and how they collect it, which i doubt is the case here and could be fined by up to 4% of the annual revenue up to 40m. Could anyone with some law background verify this please?

Raideen · May 2018

Caran wrote: »

Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.

Cpt_Teemo · May 2018

Raideen wrote: »

Caran wrote: »

Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.

Same, even though it might not be bad now who knows if the company will switch hands or someone cracks into there servers

Merlin13KAGL · May 2018

Raideen wrote: »

Caran wrote: »

Ok, for me it was the last straw. I bought the Imperial Edition when the game came out, bought Morrowind digital collectors and Summerset upgrade. But I very much resent the huge shop advertisement every time I log in one of my characters and I'm not really happy about the underhand way redshell has been put on my hard drive. Result: cancelled my sub. They are not even asking why you are cancelling it, so I'm putting my reasons here.

I cancelled my sub as well. I am sick of companies tracking and storing my data to sell it to someone else.

You're going to be very lonely without the internet.

Or your cell phone.

Or the US (insert country here) Mail...

WarMasterCyp · May 2018

LumbermillOverlord wrote: »

https://redshell.io/home

i just left this here
i have a knowledge than ZOS added this spy utility into eso with latest patches

enjoy new level of targeting ADs on main screen in a future

guys we need a guide how to disable this library
any programmers here who can do a short FAQ?

P.S. @ZOS_GinaBruno lady you know not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of the European laws?

HOWTO disable it, workaround:

edit your host file on windows

Press the Windows key.
Type Notepad in the search field.
In the search results, right-click Notepad and select Run as administrator.
From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
Make the necessary changes to the file.
Click File > Save to save your changes.

add

0.0.0.0 api.redshell.io

at the bottom

This will block traffic from your computer to that server. You can block it from reporting through your modem or your router as well.

You are correct the practice implemented is illegal in Europe.

Cpt_Teemo · May 2018

WarMasterCyp wrote: »

LumbermillOverlord wrote: »

https://redshell.io/home

i just left this here
i have a knowledge than ZOS added this spy utility into eso with latest patches

enjoy new level of targeting ADs on main screen in a future

guys we need a guide how to disable this library
any programmers here who can do a short FAQ?

P.S. @ZOS_GinaBruno lady you know not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of the European laws?

HOWTO disable it, workaround:

edit your host file on windows

Press the Windows key.
Type Notepad in the search field.
In the search results, right-click Notepad and select Run as administrator.
From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
Make the necessary changes to the file.
Click File > Save to save your changes.

add

0.0.0.0 api.redshell.io

at the bottom

This will block traffic from your computer to that server. You can block it from reporting through your modem or your router as well.

You are correct the practice implemented is illegal in Europe.

Problem is ZoS isn't in Europe.