FYI: Civ6 contains Red Shell Analytics Software

Status
Not open for further replies.

anandus

Errorist
Joined
Oct 27, 2005
Messages
3,860
Location
Amsterdam, Netherlands
I read in this Reddit thread about the Red Shell-spyware which comes shipped with several games, amongst which Civilization 6.

It sends at least:
* API key (Publishers and/or game identifier?)
* User Identifier (SteamID as recommended)
* Operating System
* Screen resolution
* Installed Fonts
* Browsers

See also this Reddit thread

You can see what other games on your system have this by doing a search for "Redshell.dll" / "RedshellSDK.dll" (on my system Kerbal Space Program had it too).

Just wanted to let you know.
 
Ah, it's been a while since we had a "spyware" thread.

For the record, "spyware" is (these days) a rather emotionally-charged word that is used to describe "any software I don't like". Steam, by the definition applied to Red Shell, is spyware. So are these forums. By the definition applied to Red Shell. By the actual definition, none of these things are spyware.

The key distinction that sets apart spyware from something like analytics is the lack of consent. Consent in this, rather vague way, is often applied by use of product EULA or similar. Now, you can disagree with this as much as you want, and here's the other key point. You're offered an opt-out. Or you should be (which is one of my problems with Steam; it buries the Hardware Survey bit quite deep). I'm currently looking at a large forum banner at the bottom of my browser window informing me of an ad delivery service provided by Curse LLC (that amusing only started popping up after GDPR became an enforced thing). I have a "Got it, thanks! or "Learn more".

Does Red Shell offer an opt-out? As per one of the links handily provided in the reddit thread, yes, it does: https://forums.funcom.com/t/why-are-conan-exiles-sending-data-to-redshell/5043

So really, it seems to me that this is a(nother) case of reddit drumming up drama under the vague pretense of "spyware". The Conan Exiles thread even explicitly state they may still end up using analytics in the future. Is it the consumer's right to be aware of these things, and ask to opt out of such programs? Absolutely. But as you can tell, it does. Which means if people had spent the time politely enquiring about it, instead of starting some kind of reddit witch hunt for the perpetrators of such a terrible crime, this wouldn't have even been a problem in the first place.
 
Ah, it's been a while since we had a "spyware" thread.

For the record, "spyware" is (these days) a rather emotionally-charged word that is used to describe "any software I don't like". Steam, by the definition applied to Red Shell, is spyware. So are these forums. By the definition applied to Red Shell. By the actual definition, none of these things are spyware.

The key distinction that sets apart spyware from something like analytics is the lack of consent. Consent in this, rather vague way, is often applied by use of product EULA or similar. Now, you can disagree with this as much as you want, and here's the other key point. You're offered an opt-out. Or you should be (which is one of my problems with Steam; it buries the Hardware Survey bit quite deep). I'm currently looking at a large forum banner at the bottom of my browser window informing me of an ad delivery service provided by Curse LLC (that amusing only started popping up after GDPR became an enforced thing). I have a "Got it, thanks! or "Learn more".

Does Red Shell offer an opt-out? As per one of the links handily provided in the reddit thread, yes, it does: https://forums.funcom.com/t/why-are-conan-exiles-sending-data-to-redshell/5043

So really, it seems to me that this is a(nother) case of reddit drumming up drama under the vague pretense of "spyware". The Conan Exiles thread even explicitly state they may still end up using analytics in the future. Is it the consumer's right to be aware of these things, and ask to opt out of such programs? Absolutely. But as you can tell, it does. Which means if people had spent the time politely enquiring about it, instead of starting some kind of reddit witch hunt for the perpetrators of such a terrible crime, this wouldn't have even been a problem in the first place.

To be fair it gets suspicious the moment they're trying to smuggle it past you and get it on your pc.
 
Which means if people had spent the time politely enquiring about it, instead of starting some kind of reddit witch hunt for the perpetrators of such a terrible crime, this wouldn't have even been a problem in the first place.

And it wouldn't be a problem if they didn't insert that kind of
crap into games.
 
To be fair it gets suspicious the moment they're trying to smuggle it past you and get it on your pc.
And it wouldn't be a problem if they didn't insert that kind of
crap into games.
They're not smuggling anything anywhere. It's integrated into the product, is completely legal, and doesn't do anything beyond provide analytics that help Firaxis debug game reports (and marketing analyse their consumer base). It's incredibly normal.

Like I said, using popular examples such as Steam or this forum. Which I don't see people complaining about. Use the link I explicitly highlighted to opt-out of the service, if you don't want to participate. If your concern is your personal involvement in a service you did not ask for, that's all you need to do. That is the constructive thing to do.

Calling something you don't understand "crap" is, well, not constructive. It doesn't reassure me that you're approaching this with an open mind and in good faith. If you want to understand why so many companies do this kind of thing, and subsequently why somebody offers a product to integrate into other pieces of software, then of course, I'd be happy to.
 
They're not smuggling anything anywhere. It's integrated into the product, is completely legal, and doesn't do anything beyond provide analytics that help Firaxis debug game reports (and marketing analyse their consumer base). It's incredibly normal.

I'm not claiming it's not legal, I'm not claiming it's not integrated into the product.

I'm claiming that if you try to get software on people's computers without them knowing while they'd like to know, then you're doing suspicious stuff. Again, legal or not.
 
I'm not claiming it's not legal, I'm not claiming it's not integrated into the product.

I'm claiming that if you try to get software on people's computers without them knowing while they'd like to know, then you're doing suspicious stuff. Again, legal or not.
Well, technically it's a DLL like the one for Bink (video playing I guess), Havokscript (for civ6 Lua scripts, much faster than civ5 Lua) and Steam DRM (you know that one)

Like the others it's installed in the same folder as the game's exe, it can run only when the game is running, uninstall the game and it's gone with it.

Edit : if I understand what it does correctly, it's used to tell 2kgames/firaxis when you launch the game if you had previously clicked on an ad about the game (or it's DLC) using an UID of your computer (set by the info in OP)

And it seems that you can opt out, it's only if that's not working that I'd agree on the "suspicious stuff" part. But my first impression is indeed to see it as an overreaction from steam/reddit.

Still I won't say that's a useless reaction, opting out should be an option during the installation process, and overreacting is sadly one of the only way to get heard those times.

(so if people would start to overreact to the lack of information about the source code, I'd be very happy)
 
Last edited:
I'm claiming that if you try to get software on people's computers without them knowing while they'd like to know, then you're doing suspicious stuff. Again, legal or not.
But, really, you agreed to it when you loaded the software because this is in the End User Licensing Agreement:
INFORMATION COLLECTION & USAGE

By installing and using the Software, you consent to the information collection and usage terms set forth in this section and Licensor's Privacy Policy, including (where applicable) (i) the transfer of any personal information and other information to Licensor, its affiliates, vendors, and business partners, and to certain other third parties, such as governmental authorities, in the U.S. and other countries located outside Europe or your home country, including countries that may have lower standards of privacy protection; (ii) the public display of your data, such as identification of your user-created content or displaying your scores, ranking, achievements, and other gameplay data on websites and other platforms; (iii) the sharing of your gameplay data with hardware manufacturers, platform hosts, and Licensor's marketing partners; and (iv) other uses and disclosures of your personal information or other information as specified in the above-referenced Privacy Policy, as amended from time to time. If you do not want your information used or shared in this manner, then you should not use the Software.

For the purposes all data privacy issues, including the collection, use, disclosure, and transfer of your personal information and other information, the Privacy Policy located at www.take2games.com/privacy, as amended from time to time, takes precedence over any other statement in this Agreement.
I understand very few of us actually read it, but maybe we should before we "buy" the game. I agree with Gorbles above, it is a tool used to evaluate player's interaction with the software.
 
Well, technically it's a DLL like the one for Bink (video playing I guess), Havokscript (for civ6 Lua scripts, much faster than civ5 Lua) and Steam DRM (you know that one)

Like the others it's installed in the same folder as the game's exe, it can run only when the game is running, uninstall the game and it's gone with it.

If I understand what it does correctly, it's used to send back info to 2kgames/firaxis when you use one of the ingame links (for example a link to a DLC store page), AFAIK none are shown in the current version of the game.

And it seems that you can opt out, it's only if that's not working that I'd agree on the "suspicious stuff" part. But my first impression is indeed to see it as an overreaction from steam/reddit.

Still I won't say that's a useless reaction, opting out should be an option during the installation process, and overreacting is sadly one of the only way to get heard those times.

(so if people would start to overreact to the lack of information about the source code, I'd be very happy)

Yeah, I mean, whether they built something into code themselves to grab info and send it back to their server for analysis, or use a 3rd party tool, it's the same thing. Yes, people should be upset that it's not clear when you install/run the game the first time that this info is collected. But calling it "spyware" yes is an overreaction. When I hear spyware, I'm thinking stuff that's collecting info when I'm not running the game, or when you install something and it also tries to install like a "Norton Toolbar" or something stupid like that. And this doesn't seem to be anything like that (although, obviously, you have to be careful that it doesn't turn into something like that).
 
I'm not claiming it's not legal, I'm not claiming it's not integrated into the product.

I'm claiming that if you try to get software on people's computers without them knowing while they'd like to know, then you're doing suspicious stuff. Again, legal or not.
The inference was on me, sorry. Though, to be fair, when people cite "smuggling", they don't cite it because smuggling is a fair and above-board kind of action. Do they? :p

I think you underestimate the sheer amount of middleware shipped with your average AAA title. Font engines (TrueType), sound engines (FMOD, WWise), physics engines (Havok) . . . none of which are owned by Firaxis or 2K and all of which do their own things. Analytics is just another piece of the product. It's fine that you want to know, but I'm urging you to think on the kind of source you're endorsing to do so, here. We can have a good discussion on consumer advocacy without buying into a reddit thread that has all the hallmarks of jumping on the developers themselves (which is often a source of trouble) for choosing a particular piece of middleware.

And most definitely, it's not spyware.
 
You can see what other games on your system have this by doing a search for "Redshell.dll" / "RedshellSDK.dll" (on my system Kerbal Space Program had it too).

Interesting. I'm not using Steam for this exact reason. But I'll have to keep an eye out for these additional dll's.
 
telemetry is the future we chose by not submitting detailed bug reports
 
I have checked every Civ VI file in my MacBook Pro and Red Shell is not there. I use the Mac App Store version.

It means that the Mac App Store and the iOS App Store version of Civ VI don't have the analytics software.

It's Red Shell or Apple's own analytics (which can be declined by the user). Mac App Store is required for all Macs beginning with Lion. iOS App Store is required for all iOS products.
 
Last edited:
They're not smuggling anything anywhere. It's integrated into the product, is completely legal, and doesn't do anything beyond provide analytics that help Firaxis debug game reports (and marketing analyse their consumer base). It's incredibly normal.

Like I said, using popular examples such as Steam or this forum. Which I don't see people complaining about. Use the link I explicitly highlighted to opt-out of the service, if you don't want to participate. If your concern is your personal involvement in a service you did not ask for, that's all you need to do. That is the constructive thing to do.

Calling something you don't understand "crap" is, well, not constructive. It doesn't reassure me that you're approaching this with an open mind and in good faith. If you want to understand why so many companies do this kind of thing, and subsequently why somebody offers a product to integrate into other pieces of software, then of course, I'd be happy to.

It's because they are providing another security hole.
Including a few mealy-mouthed disclaimers in fine print is "crap",
so yes, you're right, I'm not approaching it with an open mind.
 
I think you underestimate the sheer amount of middleware shipped with your average AAA title. Font engines (TrueType), sound engines (FMOD, WWise), physics engines (Havok) . . . none of which are owned by Firaxis or 2K and all of which do their own things. Analytics is just another piece of the product. It's fine that you want to know, but I'm urging you to think on the kind of source you're endorsing to do so, here. We can have a good discussion on consumer advocacy without buying into a reddit thread that has all the hallmarks of jumping on the developers themselves (which is often a source of trouble) for choosing a particular piece of middleware.

There is a vast difference between programs that are part of running the program and those that are designed to report back to marketing and advertising.

Go to the Red Shell website, take a look and see if that is something you think needs to be on your computer. Is that something you would voluntarily install? And if it was designed just to see which ads were seen before purchasing the game, why is it still running long, long after purchase and install? How likely is it they are telling the truth about all the data they are collecting?
 
telemetry is the future we chose by not submitting detailed bug reports

That's overtly unfair to the player base. Bug reports even on objective bugs are openly ignored in many cases. Despite that there are still plenty, presumably it's dev/programmer time that hits the bottleneck.

You don't solve such project management failures with telemetry.

Collecting/storing data has risks. It can be compromised, so if you're going to grab + keep information there should ideally be a good use-case reason. This kind of software isn't anything along the lines of Civ 5's initial false advertising about MP but it's still not a pleasant thing.
 
For the record, "spyware" is (these days) a rather emotionally-charged word that is used to describe "any software I don't like". Steam, by the definition applied to Red Shell, is spyware. So are these forums. By the definition applied to Red Shell. By the actual definition, none of these things are spyware.

It's because they are providing another security hole.
Including a few mealy-mouthed disclaimers in fine print is "crap",
so yes, you're right, I'm not approaching it with an open mind.

That's the old "stick to the dictionary" argument. But people simply don't do that. Spyware is a derogatory term for any kind of abusive data collection. Software isn't called "spyware" because it collects data (civilization forums), it's called spyware when the data doesn't end up in the places where it is supposed to be or is used to gain some insights people find scary (We know where you live, what your political inclinations are, your sexual preferences etc.). All this can be done with consent & people will still feel that you are "spying" on them.

I understand that some people get worked up when language doesn't adhere to their dictionary. But dictionaries *record* language, they don't define it. And I have never, ever seen someone use the term "spyware" with regards to whether consent is given or not.
 
Status
Not open for further replies.
Top Bottom