Red Shell (spyware) is STILL in Civilization 6

Hella · Jun 29, 2018

Edit2: Firaxis and 2K have at last removed Red Shell from Civlization 6:

Civilization VI update [7/19/18]
A new update (ver. 1.0.0.262) is available for Sid Meier's Civilization VI today. This update will automatically install when starting the Steam client; if it doesn't install automatically, please restart Steam.

Firaxis Games and 2K are committed to making Civilization VI the best experience possible and will continue to support the title. If you have any feedback on this update or just the game in general, please let us know in the Steam forums or comment below. Stay Civilized!

[MULTIPLAYER]

Added cross-platform multiplayer functionality for PC and Mac

PC users will require ver. 1.0.0.262 (362541)

Mac users will require ver. 1.0.0.262 (164403)

[MISC]

Removed Red Shell

--

Early this month, a host of games, including Civilization 6, were found to have Red Shell. Red Shell collects personal data about players to determine the effectiveness of the game's advertisements; there is no opt-in, only a web-based opt-out where you request that they remove you from their tracking. Depending on the game, it can be found in a .dll in the game directory, or integrated directly into the .exe. It's possible for players to block it via editing the hosts file on their end. In short, Red Shell exists to covertly monitor and report a player's actions to a third party without their permission or knowledge--it is spyware.

After this news came out, most folks dropped it from their games or vowed to do so in the future, with a few exceptions including Civ 6. Developed by Firaxis and published by 2K, Civ6 is the biggest game discovered using it, and no one there has made an official comment on it at all. There's a large Steam thread talking about it, a review bomb in progress, and still 2K/Firaxis have remained silent.

Now personally, I find Red Shell unacceptable, no matter what game it is in. I have uninstalled all games still using it, and will not buy games with it active in the future. And really, I should side-eye and publisher that has ever utilised it.

If Red Shell is here to stay everyone should be aware of it. And hopefully, avoid it like the plague it is.

Edit: Here is a good video about the Red Shell situation. I highly recommend folks watch this.

WillyFive · Jun 29, 2018

I wonder why Steam hasn't delisted these games yet, a lot of these games still have the spyware in the download.

Roytheone · Jun 29, 2018

This sounds like it is literally illegal in the EU.

element · Jun 29, 2018

Software like Red Shell is extremely important for developers. It provides critical data that on player behavior and on-boarding. It helps developers figure out if the money they are spending and targeting is working and allows them to retarget if needed.

Personal data is a strech, as everything is annonymous and hashed.

This same techniques are used on every item in the iTunes and Google Play Store. Microsoft, Sony and Valve have similar techniques for ad placement on their platforms. Not to mention Google Ads, Facebook Ads, Amazon, Google Analytics and countless other.

Now there should be a clear way to opt-out and with GDPR, Red Shell might be forced to require one.

ymgve · Jun 29, 2018

element said:
Software like Red Shell is extremely important for developers. It provides critical data that on player behavior and on-boarding. It helps developers figure out if the money they are spending and targeting is working and allows them to retarget if needed.

Doesn't matter if it's important to developers. If they can't do it without scraping personal information and fingerprinting users, they should not do it at all.

element · Jun 29, 2018

ymgve said:
Doesn't matter if it's important to developers. If they can't do it without scraping personal information and fingerprinting users, they should not do it at all.

Do you know what "personal information" they are capturing?

What are your feelings on Google Analytics?

asmith906 · Jun 29, 2018

element said:
Software like Red Shell is extremely important for developers. It provides critical data that on player behavior and on-boarding. It helps developers figure out if the money they are spending and targeting is working and allows them to retarget if needed.

Personal data is a strech, as everything is annonymous and hashed.

This same techniques are used on every item in the iTunes and Google Play Store. Microsoft, Sony and Valve have similar techniques for ad placement on their platforms. Not to mention Google Ads, Facebook Ads, Amazon, Google Analytics and countless other.

Now there should be a clear way to opt-out and with GDPR, Red Shell might be forced to require one.

The problem seems to be that this is being done without the knowledge of the user. That seems like a huge no no

element · Jun 29, 2018

asmith906 said:
The problem seems to be that this is being done without the knowledge of the user. That seems like a huge no no

I'd agree with that. And there should be a clear client opt-out.

Mesoian · Jun 29, 2018

element said:
Do you know what "personal information" they are capturing?

What are your feelings on Google Analytics?

I can opt out of Google Analytics.

TemplaerDude · Jun 29, 2018

I uninstalled it and left a negative review. Shady practices do not get my time.

element · Jun 29, 2018

Mesoian said:
I can opt out of Google Analytics.

You can opt-out of Red Shell, in the same method as Google Analytics. You have to go to a site and opt-out. Not open a website or game and be presented with a warning and providing a method to opt out.

TemplaerDude said:
I uninstalled it and left a negative review. Shady practices do not get my time.

What exactly is the part that is shady? A transparncy issue? That the software even exist?

Echo · Jun 29, 2018

The thing I hate most about Red Shell is that it doesn't even ask your permission and there is no forewarning when you install the game that you are also installing this software.

That should be illegal. I owned one RedShell game but thankfully haven't installed it. Personally I'm blacklisting all developers who use it, it's just not acceptable the way it's implemented and deployed.

element · Jun 29, 2018

Echo said:
The thing I hate most about Red Shell is that it doesn't even ask your permission and there is no forewarning when you install the game that you are also installing this software.

Not really true. It is in the software EULA.

Any product using similar software should be upfront that it has some form of tracking, explain what data is being captured, how data is being used, and who has access to that data. As well as providing a clear method to opt-out within the client, not just point you to an outside service and a clear method to delete your data that may have been captured.

Jerykk · Jun 29, 2018

Is it wrong that I don't really care at all? The obsession over privacy has always been an odd one, especially in modern times. If a corporate or government entity really wants to find out everything about you, they already can. Telecom companies know who you call and text, what you download and what websites you browse. Google knows what you search for, who you e-mail and who e-mails you. Countless companies know your name, phone number, address and credit card information. Banks and credit card companies know where you spend your money and what you spend it on. And these are just examples of legal monitoring. Throw in the NSA, FBI, CIA and DoD and, well... good luck keeping your secrets.

The notion that you have any real privacy seems rather naive. The truth is, nobody cares about your private life unless you're a criminal or someone important.

Hella · Jun 29, 2018

element said:
Not really true. It is in the software EULA.

Any product using similar software should be upfront that it has some form of tracking, explain what data is being captured, how data is being used, and who has access to that data. As well as providing a clear method to opt-out within the client, not just point you to an outside service and a clear method to delete your data that may have been captured.

They don't want to be upfront about data collection because they know consumers won't like it.

The only reason Red Shell is a thing is because Elder Scrolls Online inserted it during a patch ~erroneously~, which set off all kinds of alarm bells for players watching what was added. Games that have had it, presumably since release like Civ6, do as much as possible to bury that information. The big list of Red Shell games only came out after players began explicitly searching for it within their files.

Like, when the ESO news hit, I didn't even think to check my computer for Red Shell because I assumed it was only in ESO. I had Civ6, ESO, and Total War: Warhammer II installed, all three of which had Red Shell at the time. Had I filesearched for "redshell.dll" it would've popped up plain as day.

Inserting this kind of spyware into games may not be illegal (outside of the EU I guess), but it should be.

Jerykk said:
Is it wrong that I don't really care at all? The obsession over privacy has always been an odd one, especially in modern times. If a corporate or government entity really wants to find out everything about you, they already can. Telecom companies know who you call and text, what you download and what websites you browse. Google knows what you search for, who you e-mail and who e-mails you. Countless companies know your name, phone number, address and credit card information. Banks and credit card companies know where you spend your money and what you spend it on. And these are just examples of legal monitoring. Throw in the NSA, FBI, CIA and DoD and, well... good luck keeping your secrets.

The notion that you have any real privacy seems rather naive. The truth is, nobody cares about your private life unless you're a criminal or someone important.

But that's the thing: advertisers care about your private life. They want to know every detail they can, to better barrage you with ads. They skim as much information as possible from every avenue possible, up to and beyond the legal barriers in place, because they know this information has value. Then, no matter how secure it is in their hands, they sell it to someone or get hacked and it's out there forever.

Even if the battle for privacy will ultimately be lost, there's no reason to just roll over and take it.

ThanksgivingDinner · Jun 30, 2018

Little off topic but is red shell still in Shadow of War?

Encephalon · Jun 30, 2018

One more reason to just play 5.

Or Nobunaga's Ambition.

Hella · Jun 30, 2018

ThanksgivingDinner said:
Little off topic but is red shell still in Shadow of War?

Middle-Earth: Shadow of War? It's not on the Reddit list, so it never had Red Shell. Or at least, no one has discovered it in the game yet.

element · Jun 30, 2018

Hella said:
But that's the thing: advertisers care about your private life. They want to know every detail they can, to better barrage you with ads.

But that isn't what Red Shell does. That is what Google Ads and Facebook Ads do. Red Shell provides funnel information on ads to conversion.

So if I put an promotion for a game on IGN, ResetEra, Reddit and a Twitch Streamer. Each have a specific token. If you click on the ResetEra ad, that token is generated and you go to the games page on Steam and you buy the game. Once the game is launched Red Shell will see if there is a token. Thus telling the developer that the ad on ResetEra led to a sale. Without the handshake between the token and game, it is a total guessing game what ads worked and what didn't.

The data isn't sold to 3rd parties for "marketing purposes". It is owned by the developer/publisher and just stored on Red Shell servers. The only people who have access to it are the developers and Red Shell (like any SaaS company).

They don't want to be upfront about data collection because they know consumers won't like it.

Do they really? Facebook, Google, Apple, Twitter, Microsoft, and countless other companies have even deeper data anaysis into consumer behaviors, but people continue to use their products.

The issue is transparency. If a company wants this type of data, they need to be more upfront about it, provide a clear opt-out.

If Red Shell is "spyware" then every web data analytics tool is "spyware".

Deleted member 11018 · Jun 30, 2018

element said:
If Red Shell is "spyware" then every web data analytics tool is "spyware".

Those allowing to chain your whole navigation life indeed are. We even track where you are at anytime through your phone usage to give leads to the stores.
When you've got a few courses and seminars on modern advertizing, you turn off positioning,use offline maps for GPS, use VPN, install noscript everywhere, automatically destroy any data generated by the browser through the session and tag providers are banned.

Kids don't care, they just want to play what their friends play and buy what will look cool. Easy targets, easily trackable and manipulated, but that's the reality of our world.

John Caboose · Jun 30, 2018

Yeah that's clearly not legal in the EU (anymore). Anyone Swedish affected use this: https://www.datainspektionen.se/vagledningar/for-dig-som-privatperson/klagomal-och-tips/

Anyone else from the EU reading, you have your own governmental agency to contact, please do so!

element · Jun 30, 2018

MikeNeko said:
Those allowing to chain your whole navigation life indeed are.

I guess I see spyware or malware as software used to do malicous things, such as keyloggers. When the person on the other side plans on using that data to actually breach your personal information (bank accounts, SSN, etc) or sell that detailed personal information to use however they want.

I understand the privacy aspects of the modern web can be scary. Check Facebook casually at REI and now Facebook is teling me to by a new tent from REI. But that is honestly the world we live in today. Again transparency is key and now the law in some countries. For something like a game, allow people to opt-out. If it is a service that depends on that data, it is consumer choice not to use that service.

But funnel conversion programs like Red Shell can be an important tool to help companies with little money to use for advertising to advertise in the right locations that actually leds to conversions.

Jerykk · Jun 30, 2018

Hella said:
But that's the thing: advertisers care about your private life. They want to know every detail they can, to better barrage you with ads. They skim as much information as possible from every avenue possible, up to and beyond the legal barriers in place, because they know this information has value. Then, no matter how secure it is in their hands, they sell it to someone or get hacked and it's out there forever.

Even if the battle for privacy will ultimately be lost, there's no reason to just roll over and take it.

But you're going to get barraged with ads regardless. This just means that the ads are more likely to be relevant to you.

Hella · Jun 30, 2018

element said:
But that isn't what Red Shell does. That is what Google Ads and Facebook Ads do. Red Shell provides funnel information on ads to conversion.

So if I put an promotion for a game on IGN, ResetEra, Reddit and a Twitch Streamer. Each have a specific token. If you click on the ResetEra ad, that token is generated and you go to the games page on Steam and you buy the game. Once the game is launched Red Shell will see if there is a token. Thus telling the developer that the ad on ResetEra led to a sale. Without the handshake between the token and game, it is a total guessing game what ads worked and what didn't.

The data isn't sold to 3rd parties for "marketing purposes". It is owned by the developer/publisher and just stored on Red Shell servers. The only people who have access to it are the developers and Red Shell (like any SaaS company).

Do they really? Facebook, Google, Apple, Twitter, Microsoft, and countless other companies have even deeper data anaysis into consumer behaviors, but people continue to use their products.

The issue is transparency. If a company wants this type of data, they need to be more upfront about it, provide a clear opt-out.

If Red Shell is "spyware" then every web data analytics tool is "spyware".

Red Shell exists to subvert browser privacy settings for the benefit of web advertisers. That is absolutely spyware.

And re: analytics, same thing. It is all unwanted tracking.

I wish we had a world where opt-in was the norm, but I imagine companies are aware of how few prefer being tracked.

Jerykk said:
But you're going to get barraged with ads regardless. This just means that the ads are more likely to be relevant to you.

Potential convenience isn't worth the cost.

Prototype Viktor · Jun 30, 2018

WillyFive said:
I wonder why Steam hasn't delisted these games yet, a lot of these games still have the spyware in the download.

Why would Valve care, they aren't trying to make money Valve would get or interfere with their spyware

element · Jun 30, 2018

Prototype Viktor said:
Why would Valve care, they aren't trying to make money Valve would get or interfere with their spyware

Steam IS spyware based on how people talk about it here.

It tracks every game you play, how long, your friends, your relationship with those friends, your purchasing habits, what games you are likely to be interested in, path/funnel on how you purchased those items, your resolution, your OS, your IP address, and the list goes on and on. Valve IS a gaming version of Facebook.

Isee · Jun 30, 2018

Prototype Viktor said:
Why would Valve care, they aren't trying to make money Valve would get or interfere with their spyware

Because it interferes with EU law.
Companies have to disclose what kind of data they are collecting, what they are doing with said data, whom they are giving access to that data and last but not least: data about EU citizens has to be stored within EU borders and is not to be saved/stored anywhere else.
Further, a company has to erase any kind of collected data about a certain EU citizen if that EU citizen asks for it. A citizen can even forbid that data about him is saved in the first place.

Civilization 6, red shell and valve do not follow any of this. They are, simply, breaking the law and Valve is distributing illegal spy ware. It's a problem for them and for firaxis.

Rizific · Jun 30, 2018

There are ads in those games? Like literal ads? What the fuck?

Hella · Jun 30, 2018

Rizific said:
There are ads in those games? Like literal ads? What the fuck?

No, no. Not in-game ads, it's worse than that. Red Shell tracks the ads you follow outside of a given game.

element describes it really well a few posts above:

element said:
So if I put an promotion for a game on IGN, ResetEra, Reddit and a Twitch Streamer. Each have a specific token. If you click on the ResetEra ad, that token is generated and you go to the games page on Steam and you buy the game. Once the game is launched Red Shell will see if there is a token. Thus telling the developer that the ad on ResetEra led to a sale. Without the handshake between the token and game, it is a total guessing game what ads worked and what didn't.

element · Jun 30, 2018

Rizific said:
There are ads in those games? Like literal ads? What the fuck?

No. There are not ads in the games.

No, no. It's worse than that. Red Shell tracks the ads you follow outside of a given game.

Not sure why you say it is worse. It doesn't create token for every ad you see, only the ads you interact with and only ads that also have a Red Shell tracking token. Which not every ad has.

Sign My Guestbook! · Jun 30, 2018

This shit was in Quake Champions, too. Just slid it into their game and I had no idea until they released an update saying it was in there since inception.

The hell is with these devs?

Rizific · Jun 30, 2018

Hella said:
No, no. Not in-game ads, it's worse than that. Red Shell tracks the ads you follow outside of a given game.

element describes it really well a few posts above:

HOOOOLLLYYYYYL........yeah thats VERY scummy.

element · Jun 30, 2018

Sign My Guestbook! said:
The hell is with these devs?

Are you suggesting developers spend $1,000,000 on pointless ads that led to no sales and a developer closing. Or them spending $150,000 on ads on sites that led to actual sales.

Deleted member 1726 · Jun 30, 2018

element said:
No. There are not ads in the games.

Not sure why you say it is worse. It doesn't create token for every ad you see, only the ads you interact with and only ads that also have a Red Shell tracking token. Which not every ad has.

Why are you so invested in talking this down?

Hoxworth · Jun 30, 2018

Kind of off topic but it really highlights the issue. This is why the "they can just patch it out" argument in DRM is such bullshit. If they won't remove software that is literally breaking the law according to GDPR, why should I believe they'll remove Denuvo when it inevitably becomes a problem?

ShortNasty · Jun 30, 2018

element said:
Are you suggesting developers spend $1,000,000 on pointless ads that led to no sales and a developer closing. Or them spending $150,000 on ads on sites that led to actual sales.

Option A is okay with me if B means shit like this.

RiOrius · Jun 30, 2018

Hella said:
Red Shell exists to subvert browser privacy settings for the benefit of web advertisers. That is absolutely spyware.

And re: analytics, same thing. It is all unwanted tracking.

I wish we had a world where opt-in was the norm, but I imagine companies are aware of how few prefer being tracked.

Potential convenience isn't worth the cost.

How does it "subvert browser privacy settings"?

My understanding is that Red Shell's browser-based, ad-side code doesn't subvert anything. It just uses data exposed by the browser to literally every website you ever go to to try to fingerprint you, and then generates the same fingerprint in the game-side code. Nothing about getting data in either context that isn't freely available through the browser.

TSM · Jun 30, 2018

element said:
Are you suggesting developers spend $1,000,000 on pointless ads that led to no sales and a developer closing. Or them spending $150,000 on ads on sites that led to actual sales.

But that's not the end user's problem. If a company can't collect data ethically then they should not be collecting the data. Ethically in this case would be explicitly opting in. I see the corporate ball washing culture from the old place has successfully made the transition.

element · Jun 30, 2018

Daffy Duck said:
Why are you so invested in talking this down?

Because I am work at an indie studio with limited advertising budget. A tool like Red Shell can allow smaller developers with limited ad spends to spend our ad dollars on partners or sites that will led to more sales. Since we don't have to blanket ads across the entire web, it could allow developers to reallocate that money into other areas of development including more consumer friendly content or even to be able to stay open due to sales generated.

Because of this I have to increase my ad budgets across more promotions hoping I hit the right audience with no real data which one actally helped sales. Just a throw ads to the wind.

Asator · Jun 30, 2018

element said:
Are you suggesting developers spend $1,000,000 on pointless ads that led to no sales and a developer closing. Or them spending $150,000 on ads on sites that led to actual sales.

This does not gives devs the right to break privacy laws by using a software that can only be described as spyware. If a dev cannot survive without using such software (which might even be illegal in the EU), then...

element · Jun 30, 2018

Asator said:
This does not gives devs the right to break privacy laws by using a software that can only be described as spyware. If a dev cannot survive without using such software (which might even be illegal in the EU), then...

Well it has been reviews and complies to GDPR, so it isn't illegal. The legality is perception of it being hidden, which I agree, if developers use software like this (Google Analytics, Unity Analytics, Playfab, gameanalytics, AWS, deltaDNA and others) should be up front about it and allow users to opt-out prior to any data capture or submission.

Falk · Jun 30, 2018

element said:
But that isn't what Red Shell does. That is what Google Ads and Facebook Ads do. Red Shell provides funnel information on ads to conversion.

So if I put an promotion for a game on IGN, ResetEra, Reddit and a Twitch Streamer. Each have a specific token. If you click on the ResetEra ad, that token is generated and you go to the games page on Steam and you buy the game. Once the game is launched Red Shell will see if there is a token. Thus telling the developer that the ad on ResetEra led to a sale. Without the handshake between the token and game, it is a total guessing game what ads worked and what didn't.

Sorry to be asking here; I'm pretty sure the information could be found somewhere on the web but you seem to be pretty knowledgeable about this

Is Red Shell:

1) Actively running in the background on your system tracking what you click on, (when a game with Red Shell is running or otherwise)?

or

2) Figuring out (or attempting to) who clicked on an ad serviced by Red Shell via the advertising service, and then figuring out (or attempting to) match that with the same hardware/IP/etc. footprints when a game with the service is run?

Because I feel like there's a lot of assumption that 1) is happening when the term 'spyware' is used.

edit: To be clear, to me personally there's still an obvious an argument to be made that 2) is very much data harvesting at its core, and as mentioned in the thread very similar to what Google Analytics, etc. does. I just wish we'd collectively as a species have more of a solid idea about why we should be upset about something.

Starviper · Jun 30, 2018

Falk said:
Sorry to be asking here; I'm pretty sure the information could be found somewhere on the web but you seem to be pretty knowledgeable about this

Is Red Shell:

1) Actively running in the background on your system tracking what you click on, (when a game with Red Shell is running or otherwise)?

or

2) Figuring out (or attempting to) who clicked on an ad serviced by Red Shell via the advertising service, and then figuring out (or attempting to) match that with the same hardware/IP/etc. footprints when a game with the service is run?

Because I feel like there's a lot of assumption that 1) is happening when the term 'spyware' is used.

edit: To be clear, to me personally there's still an obvious an argument to be made that 2) is very much data harvesting at its core, and as mentioned in the thread very similar to what Google Analytics, etc. does. I just wish we'd collectively as a species have more of a solid idea about why we should be upset about something.

Same. If the process only runs when you click on the ad in the game, i'm not that angry. Any company out there will use analytics like that to figure out what works.

Falk · Jun 30, 2018

I don't think we're talking about in-game advertising here though.

element · Jun 30, 2018

Falk said:
1) Actively running in the background on your system tracking what you click on, (when a game with Red Shell is running or otherwise)

No. From the documentation I have read Red Shell only runs when you launch a game that has the software integrated in it. When activated it will look for an encrypted cookie in your open browser history like other apps such as Spotify and others to see if there is a cookie ONLY for that product. If it finds that cookie it reports back to the servers. If no cookie is found is run dormant in the background like countless other applications. Once you exit the game, it shuts off.

The other is Red Shell actually doesn't provide "ads", but just allows you to add additional tokens/hooks to add platforms such as Google Ads, AdRoll, Facebook Ads.

This is seriously how the entire mobile industry works. Every app on both Google Play and iTunes has this stuff built into the platform to allow consumer targeting and retargeting. Innervate just took the concept and moved it into PC and console games (yes, this tech is being used on consoles).

Same. If the process only runs when you click on the ad in the game, i'm not that angry. Any company out there will use analytics like that to figure out what works.

Ads aren't in game. Red Shell looks for web tokens/cookies to see if you clicked/interacted with an ad from that specific game on the web. It allows developers to see if their ads are successful in generating sales.

Saoshyant · Jun 30, 2018

If you know how to edit your computer/router's host file, you can add those entries in to block it.

0.0.0.0 redshell.io
0.0.0.0 api.redshell.io
0.0.0.0 treasuredata.com
0.0.0.0 api.treasuredata.com

Protome · Jun 30, 2018

Starviper said:
Same. If the process only runs when you click on the ad in the game, i'm not that angry. Any company out there will use analytics like that to figure out what works.

There aren't in game ads. Redshell tracks when you press an ad for the game in your web browser and checks the token generated by that interaction when you launch the game to see if you bought the game via that ad or not.

I'm not super opposed to in concept but it's implementation makes it look shady as fuck. They need to
1) Be more open with exactly how it works so consumers can feel more confident that it isn't taking any of their personal info beyond that token.
2) Ask you to opt in when you launch the game. This one they need to do legally now in the EU, Red Shell is a blatant and flagrant violation of GDPR at the moment.

Falk · Jun 30, 2018

element said:
No. From the documentation I have read Red Shell only runs when you launch a game that has the software integrated in it. When activated it will look for an encrypted cookie in your open browser history like other apps such as Spotify and others to see if there is a cookie ONLY for that product. If it finds that cookie it reports back to the servers. If no cookie is found is run dormate in the background like countless other applications. Once you exit the game, it shuts off.

The other is Red Shell actually doesn't provide "ads", but just allows you to add additional tokens/hooks to add platforms such as Google Ads, AdRoll, Facebook Ads.

This is seriously how the entire mobile industry works. Every app on both Google Play and iTunes has this stuff built into the platform to allow consumer targeting and retargeting. Innervate just took the concept and moved it into PC and console games (yes, this tech is being used on consoles).

Ads aren't in game. Red Shell looks for web tokens/cookies to see if you clicked/interacted with an ad from that specific game on the web. It allows developers to see if their ads are successful in generating sales.

Ah got it, so my 2) understanding of it wasn't correct either. Cookie-based, much easier to argue as spyware by general public. Gotcha.

Thanks for the explanation.

Bhonar · Jun 30, 2018

TSM said:
But that's not the end user's problem. If a company can't collect data ethically then they should not be collecting the data. Ethically in this case would be explicitly opting in. I see the corporate ball washing culture from the old place has successfully made the transition.

Ethically is irrelevant.

My question that is more important -- is Red Shell actually technically ILLEGAL with the new EU law?

I don't want to hear anyone's reply if they're just guessing or what they think it should be. I only want to know if it's truly illegal or not, from a poster who's a legal expert.

Falk · Jun 30, 2018

Bhonar said:
My question that is more important -- is Red Shell actually technically ILLEGAL with the new EU law?

I don't want to hear anyone's reply if they're just guessing or what they think it should be. I only want to know if it's truly illegal or not, from a poster who's a legal expert.

element said:
Well it has been reviews and complies to GDPR, so it isn't illegal. The legality is perception of it being hidden, which I agree, if developers use software like this (Google Analytics, Unity Analytics, Playfab, gameanalytics, AWS, deltaDNA and others) should be up front about it and allow users to opt-out prior to any data capture or submission.

Assuming you're referring to GDPR

edit: FWIW Red Shell says they're GDPR compliant

edit2: fair warning if you're terrified of red shell and cookies the last thing you want to do is visit the red shell website because who knows what might happen lol

edit3: quoting here instead

GDPR
GDPR is effective on May 25, 2018. While our service has been GDPR compliant since December (when we wrote this blog post), we're now offering a few additional tools above and beyond the minimum required by GDPR to help your company comply. You can find these settings on the new Data and Security section on the Management page in Red Shell.

The Data & Security section under the Game management page
You'll notice a few features such as IP obfuscation (we always hash IPs, but we can now drop the last octet if you'd prefer), data retention policy control, and specific opt-out by User ID.

Additionally, we've updated our Privacy Policy, added a page "For Gamers" which talks a bit about our service, and we of course provide specific opt-outs for gamers.

Last, but not least, on May 25th you may notice you're asked to opt-in yourself to the cookies and analytics we use to run the Red Shell dashboard.

Red Shell (spyware) is STILL in Civilization 6

▲ Legend ▲

User requested account closure

User requested account closure