Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

The curious case of ZOS integrating RedShell spyware into ESO

IselinIselin Member LegendaryPosts: 18,719
If you go by the ESO general forums in a regular basis you no doubt would have seen the 20 page thread about Summerset having included an extra bit of spyware.

Some people noticed, the forums blew up and Matt Firor responded today with an official statement saying it was added inadvertently, was never functional and will be removed on Monday.

Some posters, understandably, are having a hard time believing the inadvertent part since the game won't run if you remove that DLL and RedShell customer support when asked about opting out contacted Bethesda and replied with info they got from Bethesda about how to opt out.

This is a copy & paste of the original post which has been updated to include Matt's statement:

https://redshell.io/home

i just left this here
i have a knowledge than ZOS added this spy utility into eso with latest patches

enjoy new level of targeting ADs on main screen in a future

guys we need a guide how to disable this library
any programmers here who can do a short FAQ?

P.S. @ZOS_GinaBruno lady you know not officially informing us about collecting this data and their intent of usage along with instructions on how to delete said data is already a violation of the European laws?

HOWTO block it, workaround:
edit your host file on windows

Press the Windows key.
Type Notepad in the search field.
In the search results, right-click Notepad and select Run as administrator.
From Notepad, open the following file: c:\Windows\System32\Drivers\etc\hosts.
Make the necessary changes to the file.
Click File > Save to save your changes.

add

0.0.0.0 api.redshell.io

at the bottom

This will block traffic from your computer to that server. You can block it from reporting through your modem or your router as well.

HOWTO opt-out:
Hey guys small update. I got contacted back by a R.S. employe:

Email 1:
Hi Insertnamehere,
We were working with Bethesda to determine how you can pull the Bethesda Account ID we need from you to implement the opt-out for ESO in particular. Hopefully we will have it all sorted by EOD.

In general though, in order to opt you out from tracking we need to know your SteamID64. You can find this ID if you don't already know it using a website like https://steamidfinder.com/. That can at least get us started while we are waiting to hear back from the Bethesda team.

Let me know if you have any questions,
The employe

Email 2:
Hi Insertnamehere,
Just heard back from Bethesda. It sounds like if you can provide either the email address or the user name tied to your account and they can provide us with the internal ID we need. If you can provide that I'll get the process started on the Bethesda end and give you an update as soon as the optout is done.

So yes, you can remove the information like this no-problem. Contacting Zos via email is probaly pointless as they watch this thread. Just use this page: https://redshell.io/optout?success=1

what else we can do:
If you want a response quickly, you'd need to send this as a tip to lower-tier bloggers, MMO news sites and other gaming media.

For example, the sites that covered the Guild Wars 2 spyware debacle included: Massively OP, Motherboard (Vice), Kotaku, Bleedingcool, Pcgamesn, TechRaptor, N4G etc.

other sites discussion/news:
https://www.reddit.com/r/elderscrollsonline/comments/8nqzkt/zos_just_silently_installed_spyware_in_eso/
http://massivelyop.com/2018/06/01/players-try-to-figure-out-how-to-opt-out-of-elder-scrolls-onlines-new-spyware/
http://www.esoui.com/forums/showthread.php?p=34889#post34889
https://steamcommunity.com/app/306130/discussions/0/1694922980043392965/

P.S.
ZOS_MattFiror wrote: »
Everyone,

My apologies for the confusion over the integration of Red Shell into ESO. Here’s what happened: we have been experimenting with a better way to link which advertisements and web content new players see to the eventual account that is created in the game. The ONLY purpose this would be used for is to determine from which origin points our new players come from, so we can better plan where to place advertisements and other web content. Existing accounts will never encounter this, as they are already created.

Several factors came together in Update 18 and Red Shell was erroneously added to the live build when we were still testing and evaluating it. It has never been active in ESO, even though the base tech is in the client – i.e. it was never enabled. So, we will remove it from Update 18, which will take place in the PC/Mac incremental build scheduled for this coming Monday (it was never considered for Console, so won’t be in Tuesday’s U18 launch). We never should have done this without giving everyone a heads up it was coming, and we will learn from this mistake.

That being said, we are still investigating how to use this technology in the future to grow and sustain ESO more effectively. When/if we do so, we will give everyone a heads up with clear instructions as to what it is doing, how it is doing it, and how to opt-out should you so desire.

Check out the patch notes on Monday for the notice that Red Shell has been removed from U18, and we will keep everyone posted – and again, my apologies.

Matt


"Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”

― Umberto Eco

“Microtransactions? In a single player role-playing game? Are you nuts?” 
― CD PROJEKT RED

YashaXlaseritGrunt350[Deleted User]someforumguy[Deleted User]

Comments

  • rojoArcueidrojoArcueid Member EpicPosts: 10,722
    looks like ESO is showing its age in terms of possibly not making enough money that they have to rely on ads... in a paid game. I hope they sort it out.

    PS: Long live offline games.
    Gorwe




  • YashaXYashaX Member EpicPosts: 3,098
    That's unbelievable, wtf.
    ....
  • laseritlaserit Member LegendaryPosts: 7,591
    So are we getting to the point where we can't even fucking trust what these companies are covertly installing on our machines.

    Regulation is sorely needed on this industry and it cant come soon enough.


    IselinRexKushman[Deleted User]bartoni33Gorwe

    "Be water my friend" - Bruce Lee

  • rojoArcueidrojoArcueid Member EpicPosts: 10,722
    We need GDPR in America.
    RexKushman




  • Grunt350Grunt350 Member UncommonPosts: 57
    edited June 2018
    WTF!!!! and them this is the kind of ppl that them say that they don t need any kind of regulation because its a danger for innovation. 
    laserit
  • laseritlaserit Member LegendaryPosts: 7,591
    Grunt350 said:
    WTF!!!! and them this is the kind of ppl that them say that they don t need any kind of regulation because its a danger for innovation. 
    Oh..... they're innovating alright ;)
    Grunt350[Deleted User]GorweDakeru

    "Be water my friend" - Bruce Lee

  • cheyanecheyane Member LegendaryPosts: 9,067
    What the .... damn didn't think they would sink this low.
    Chamber of Chains
  • BananableBananable Member UncommonPosts: 194
    PS: Long live offline games.
    Lolz  Offline games died long time ago.
    Theyve been putting microtransactions, spyware, malware(denuvo) for years.
    heres latest one 
    https://store.steampowered.com/app/220200/Kerbal_Space_Program/
  • IselinIselin Member LegendaryPosts: 18,719
    edited June 2018
    Mmhh, unless I missed something, it's "steam tracking". So if you own ESO but didn't purchase it on steam, and therefore don't need to be logged into steam to run it, this red shell thing is actually not doing anything to you, right?
    You might be right about the "only Steam" part although, as I understand it, it's the same client for all.

    But regardless of how they eventually mean to use it, they do eventually mean to use this or something else like it if I'm reading the "having said that..." paragraph correctly.

    Even if the "erroneously added" part is accurate that's a rather embarrassing admission of a major fuck-up somewhere in their production line.

    But I'm not so sure it was a mistake. I may be reading too much into this but the guy who asked RedShell how he could opt out and was told by RedShell that they would follow up with Bethesda, got back to him with a reply telling him what Bethesda said he needed to do in order for Bethesda to provide RedShell his internal user ID. Now it seems to me that if it was not meant to be live already the correct response from Bethesda should have been something along the lines of "WTF? This is not live yet." So at least one person at Bethesda RedShell spoke to thought it was a done deal and an active thing you could opt out of after jumping through some hoops. I don't think I'm being too cynical thinking that Matt's post has some "alternative facts" in it.

    Another thing that occurred to me is that I bet a lot of large companies have their own internal solutions to accomplish what ZOS is trying to accomplish through 3rd party software. This is probably a lot more common than most of us know and the only reason we're finding out about this one is due to a known footprint left by this 3rd party program. For all we know Blizzard could have been using something called azeroth000111.DLL for years performing a similar function.

    EDIT:

    @Jean-Luc_Picard

    I have never used steam for ESO and I just had a quick browse at the client install directory and RedShell.DLL is there.
    Post edited by Iselin on
    laxie
    "Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”

    ― Umberto Eco

    “Microtransactions? In a single player role-playing game? Are you nuts?” 
    ― CD PROJEKT RED

  • laxielaxie Member RarePosts: 1,118
    edited June 2018
    RedShell basically links your in-game identity to your website identity. As far as I can tell, it doesn't spy on you in any additional way besides making that link. This can have endless applications, from ones most people would agree with, to dodgy ones most would object to.

    After linking your website id to an in-game id, Zenimax might see if players buying the game on Steam visit their website first. This to me seems completely fair game. It will inform the company where and why the purchases are being made.

    A more contentious implementation may be checking the size of your friend-list in game and then serving you website adverts based on that information.

    A dodgy implementation would be measuring your risk behaviour based on how you play and then serving you gambling adverts if you pass a threshold.

    The thing is, all of this is extremely common these days. RedShell simply links two identifications together, which is charity work compared to what happens elsewhere, across all sectors. Even indie companies have dedicated people to measure behaviours in game. I recently met with an artist from a studio of 8, one of whom is responsible for nothing but optimising retention.

    I've also had numerous talks on similar practises at university. These talks were quite revolutionary 5 years ago, but are very common today. Two months ago I heard a talk from a person employed by the "nudge unit", a governmental institution set up by the UK government. They do things like send customised bills based on your predicted personality - if you are from a pro-social area, your tax bill will say "91% of your neighbours paid the bill on time.", if you are from a different background, it will say something else. They also do things like optimising marketing campaigns to change the number of people doing a behaviour in an area. For example, they often work in schools to change the behaviour of young kids, which is possibly a morally slippery slope too.

    Last year, I met with a consultant who was tasked with optimising a restaurant. It's a chain that does running sushi - one of the places where you can pick plates from a belt and then pay for what you grabbed at the end. They wanted to optimise this, so they hired this person to develop an image recognition system. It will track what people are picking up and when. You will then get patterns of food on the belt to maximise your spending.
    Iselin[Deleted User]laseritGorwe
  • NewbieOSNewbieOS Member CommonPosts: 1
    For reference purposes:

    Link on a IT user forum inspection on the RedShell.dll capabilities
    https://forums.elderscrollsonline.com/en/discussion/comment/5184809/#Comment_5184809

    Vulnerability Test on Redshell.dll and ESO using Kaspersky Total Security software
    https://imgur.com/a/ypq4awU 

    (Legend: Print Screen no 5 & 6 on the vulnerability test results)

    Link on the Kaspersky Total Security capability
    https://kaspersky.com/total-security

    Link on Kaspersky Lab Research and Report - it includes not only virus but also other threats (malware, spyware, etc) - for reference purposes
    https://securelist.com

    From the sources above, as per my understanding as a ordinary PC user , I can say that RedShell is not a spyware program as the title of this thread but the real topic should be “ is the integration of the Redshell.dll file to ESO game client without transparency and acknowledge of its players/users?” since RedShell is a third party analytics tool developed by Innervate, Inc (https://innervate.us)

    Link for Redshell as a third party analytic tool:
    https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

    https://blog.redshell.io/gamesight-track-levels-up-and-becomes-red-shell-187c28f00b7c

    However in the ZOS Privacy Policy that I had agreed when I install the game at the first time, there was one paragraph saying like this https://account.elderscrollsonline.com/privacy-policy

    Analytics Tools. We may use internal and third-party analytics tools (see our Cookie Policy at http://www.zenimax.com/cookie_us for a list of third parties) to collect and aggregate activity data and other data across multiple channels
    laxieKyleran
  • IselinIselin Member LegendaryPosts: 18,719
    NewbieOS said:
    For reference purposes:

    Link on a IT user forum inspection on the RedShell.dll capabilities
    https://forums.elderscrollsonline.com/en/discussion/comment/5184809/#Comment_5184809

    Vulnerability Test on Redshell.dll and ESO using Kaspersky Total Security software
    https://imgur.com/a/ypq4awU 

    (Legend: Print Screen no 5 & 6 on the vulnerability test results)

    Link on the Kaspersky Total Security capability
    https://kaspersky.com/total-security

    Link on Kaspersky Lab Research and Report - it includes not only virus but also other threats (malware, spyware, etc) - for reference purposes
    https://securelist.com

    From the sources above, as per my understanding as a ordinary PC user , I can say that RedShell is not a spyware program as the title of this thread but the real topic should be “ is the integration of the Redshell.dll file to ESO game client without transparency and acknowledge of its players/users?” since RedShell is a third party analytics tool developed by Innervate, Inc (https://innervate.us)

    Link for Redshell as a third party analytic tool:
    https://venturebeat.com/2017/06/01/red-shell-is-a-new-tool-to-help-steam-devs-track-who-is-buying-their-games/

    https://blog.redshell.io/gamesight-track-levels-up-and-becomes-red-shell-187c28f00b7c

    However in the ZOS Privacy Policy that I had agreed when I install the game at the first time, there was one paragraph saying like this https://account.elderscrollsonline.com/privacy-policy

    Analytics Tools. We may use internal and third-party analytics tools (see our Cookie Policy at http://www.zenimax.com/cookie_us for a list of third parties) to collect and aggregate activity data and other data across multiple channels
    Spyware:

    software that is installed in a computer without the user's knowledge and transmits information about the user's computer activities over the Internet

    Without our knowledge pretty well elevates this into the realm of spyware from the more warm and fuzzy sounding analytics tools.

    "Spyware" doesn't need to be something evil dreamt up by Putin. There's a range from fairly benign tools to the ones that try to grab the PW to your online banking. All it needs to fit the definition is right up there in plain English.
    "Social media gives legions of idiots the right to speak when they once only spoke at a bar after a glass of wine, without harming the community ... but now they have the same right to speak as a Nobel Prize winner. It's the invasion of the idiots”

    ― Umberto Eco

    “Microtransactions? In a single player role-playing game? Are you nuts?” 
    ― CD PROJEKT RED

  • MMOExposedMMOExposed Member RarePosts: 7,387
    ELI5, what does this Spyware do, Or potentially can do?

    Philosophy of MMO Game Design

  • Arkade99Arkade99 Member RarePosts: 538
    Secret World Legends includes the RedShell.dll. I didn't see it in any other games, but if it's in more than one, it's probably fairly common.
    [Deleted User]
  • laseritlaserit Member LegendaryPosts: 7,591
    Torval said:
    Spyware is a bit of a scare word but it is true in the sense that Google Analytics and other web trackers are. They track your web browsing behavior.

    I did a bit of digging and apparently this is something ZoS wants to use to help determine where people who buy the game learned about it. So if you saw an ESO advert here, and on MassivelyOP and a few other websites and then bought the game, RedShell will help them create some useful reporting on that. That way they can spend expensive advertising smartly wIth website traffic that delivers hits.

    RedShell is also the name associated with a former piece of malware (not associated with this company) some time ago so it also has shade attached to the name if you dig far enough. That is a separate thing though. It was coincidence.

    The game file is apparently compiled with the client as a dependency so it can't be simply deleted. According to ZoS and Firor it's not enabled which correlates with what users have found - it's there but inactive. Also according to him it will be removed in a U18 patch next week.

    It's unsurprising really. Ads are expensive. ZoS is very much revenue stream focused. Most gamers are oblivious and live in some alternate reality.
    So Zenimax wants to maximize their profit by covertly installing software that has zero to do with the code for the actual game.

    Its not OK

    Its no longer Zenimax providing a service. It's Zenimax using your services, and using them for free.

    They have zero right to install third party software that is unrelated to the workings of the actual game.

    Instead of a big fancy loot box ad every time you log in, maybe they should be asking your permission to run dll's that spy on what websites you visit as well as permission use up your drive space with this shit.

    I don't give a shit how deep in a EULA this crap is buried its an invasion of your privacy and requires your expressed permission.

    Regulation cant come soon enough. This is well beyond any kind of game play. 





    ScorchienIselin[Deleted User]

    "Be water my friend" - Bruce Lee

  • Octagon7711Octagon7711 Member LegendaryPosts: 9,000
    I'd be really surprised if they didn't sell the information to third parties for extra profits.

    "We all do the best we can based on life experience, point of view, and our ability to believe in ourselves." - Naropa      "We don't see things as they are, we see them as we are."  SR Covey

Sign In or Register to comment.