FYI: Civ6 contains Red Shell Analytics Software

Complaining about third-party spyware that collects personal information to sell to advertisers in a video game on a website that primarily profits from the sale of personal information to advertisers (and is too heavily criticized for it)?

How golden.

Legal Steam-free alternatives exist for Civ VI, which cannot be said for the majority of recent computer games.

 

I'll never understand how a company choose to remain completely silent right in the middle of a PR nightmare, when saying something would clearly be beneficial. I get that sometimes silence is the best approach, other times they really can't say anything for reasons but holy crab, it's pretty obvious that keeping Red Shell is a bad move by now, people will never accept it regardless if it's a spyware or not, just announce that it will be removed in a late patch and be done with it. The last thing Civ VI need is bad publicity right in the middle of a sale and Firaxis/2K is twiddling their thumbs like everything is just fine

Firaxis right now:

Spoiler :

Moderator Action: Spoilered large image as not everyone has broadband. leif

 

Something that a lot of posters are missing is that not everyone is necessarily opposed to all data collection. There's a distinction between data collection that we knowingly allow and data collection that's done in a sneaky way. I know what visiting this website without proper script and ad blocking software would provide advertisers with data bout me. That's why I have those blockers in place. On the other hand, I did not know what Civ VI was collecting information about me because Firaxis snuck it in with a patch and didn't really say anything about it. That's not OK.

Basically,

1. Ask before collecting data.
2. Be honest about what data you're collecting.
3. Provide me with a means to verify your claims.
4. Don't prevent me from playing the game if I say no.

It's not hard. Really.

 

1. I would have to go back and read my Terms and Conditions agreement with Steam that I had to agree/disagree with before I could download Civilization, but I believe that is the "ask and consent" contract right there.
2. Honesty is always important, but the very fact that they are collecting any data at all should indicate that they are then collecting ALL data available to them. If you know they are collecting data, then you should assume that data is not secure.
3. Not sure what verification would suffice here. A certificate of compliance from another party?
4. Any company has the right to hold back a service or product if the customer is unwilling to comply with the terms the company is asking for. We may not like it, but it sort of becomes part of the "price" of gaining access to the product or service. If (big IF) enough people refuse to comply, then the company might alter its practice in order to do business. The problem is, most people don't read the terms and conditions before hitting that agree/disagree button because they simply don't care. I will admit I did not fully read the Steam version because I assumed (bad on my part) it was typical to many others that I *did* read.

The public (consumer) is often surprised and concerned and put off by what companies do as though they were trying to be sneaky, when too often we, the public, do not take the time to find all the information available before making our decisions. Most of this stuff is not hidden. Even when it is not explicitly explained in four-letter words we can all understand, the information provided is enough to indicate whether it is something you want to be a part of, or not.

In the end, the only real way to keep anyone from gathering data on you is to get off the grid. Completely. Its a new world out there folks, and you are as exposed on the information highway as you are walking down your local street. Its just more efficient on the internet.

 

Yup, this. And even #3, not sure if even that's directly needed - would be hard to produce, for one. I guess they could do that by doing like I think facebook and google have, with a "show me everything you know about me" sort of functionality.

Be open that you're collecting stuff. Seriously, most people don't care, but some do. I work for a game company, and when you play, we have a popup that says that we sometimes collect usage data to help out analytics in game modes with a simple opt in/opt out button. You don't want to send it? Fine, no worries. You're willing? Great, thanks, the more data we have the better it is for us. Yeah, this red shell stuff goes a step further, collecting non-game data, but even with that, I bet that the average person wouldn't give a damn about any of that. I mean, seriously, how many times have I clicked on a site and clicked through the warning that they store cookies? If they were open about it and what it's used for, it'd be a non-story and this thread would have fallen well off the front page by now.

 

Firaxis (or their parent companies) updated the EULA with a patch and didn't really make it clear that they did so. That's not really asking. Further, EULAs tend to be written in language that's hard to comprehend for many users. Case law isn't entirely settled on whether they're even legal since they're so one-sided. So, if an EULA is "asking", then it's asking in the sneakiest way possible.

I'm not sure why we can't have something simple. Why not pop up a little dialogue box that says, "Hey, we're collecting X information in order to improve the game play experience. Is that OK?" Write it in clear language, make it short, and allow me to say no if it's not OK. Don't obfuscate what's being collected, who's collecting it, or why it's being collected.

Honestly, this is the simplest of my four points.

I'm not sure that I follow. Are you suggesting that the only options are collect no data or collect all the data? That's absolutely absurd.

There are a number of options, here. Open source software is verifiable. Allowing me to see the data before it's transmitted would help. Telling me where the data is going so that I can verify it on my network would help. Of course, the actual transmission should be properly encrypted.

I think that you're missing the point, here. I don't much care what a company is allowed to do. I'm not a lawyer, a lawmaker, or even a stock holder (as far as I know!). Rather, I'm spelling out what a company should do. They should allow me to say no. This isn't a radical idea. For example, Minecraft allows me to turn off data collection.

Nonsense. There are numerous steps that you can take to limit the data collected about you and from your machines. Surrendering everything without a second thought is the worst possible idea.

 

How is possible that spyware has not been removed yet. And where are the apologies from Firaxis Take-Two?
I don't understand what's wrong with this company.

 

They are answered now, but they weren't before the worldwide news about Redshell came out. Redshell is not mentioned anywhere, that's why is was nearly impossible get any information about what data is collected or where to opt-out. The EULA just mentions that maybe data will be stored anywhere in the world. It wasn't like "We are using Redshell to [...] If you want to opt-out, visit [...]". Even that wouldn't be enough regarding the GDPR, but it would be better than nothing.

 

Redshell was also added to Total War games about the same time as the Civ games. A similar backlash has seen it removed.

https://www.polygon.com/2018/6/20/17485762/red-shell-spyware-pc-games-controversy-steam

 

If you can get a team of lawyers to agree to NOT use legalese then you will be the most powerful person on the planet. Legal disclaimers are written in such a way as to cover and protect the company in all ways conceivable at that moment, while leaving them enough wiggle room so they can't be sued if their practice 'seems' to go beyond what was intended. Its not a practice I like or condone, but it is reality. You want to change that? Stop giving them money.

I am not suggesting that at all! I am only pointing out that everything we do on the net is recorded somehow, someplace. No matter what a company promises it can and will do with that information, or parts of it, it is important we are ALL aware the info is out there if someone wants it.

I have no problem with that. I have no problem with whatever terms two parties can agree upon and stick to when entering into a contract. And if they don't agree to this, are you willing to give up your right to use their product?

Don't get stuck on what they should do, but be aware of what they will do when they see its in their best interest. If Minecraft allows you to turn off data collecting, and thats important to you, then stick to Minecraft. Certainly Minecraft has every right to give you that option if they wish and it would be nice if Firaxis offered the same option. But since Firaxis does not currently offer that option, what will you do?

Oh yes, there are some things we can do. I, personally, won't transmit any personal messages to loved ones via email or text. I *hope* that the sites I use to pay bills or buy product are as secure as they claim (though it seems they all get hacked sooner or later). I always click "NO" if I am actually asked permission to collect any data on me unless it otherwise inhibits my access to the service I am looking for, but I am not really sure it matters.

In 1980 I got my first credit card...a Sears credit card. Part of the agreement was a disclaimer that they *may* use or sell my name to "market researchers". I paid no mind at the time, but I noticed my credit card somehow came out with a middle initial that is NOT part of my name. For some strange reason, Sears was never able to remove that initial. The interesting part? To this very day I receive snail mail and email from all sorts of places trying to sell me stuff that are addressed to that same erroneous name. Obviously, the practice has been in place for a generation now and is not going anywhere. The only real difference now is the exponentially increased volume of information as well as the efficiency of collecting and processing.

I do believe it would have been more proper if Firaxis had actually made clear notification that Red Shell was there suddenly, but the truth is, I always assumed such an exercise was already in place. I do sometimes find it unsettling just how deep all of this internet stuff goes. Its certainly not my ideal world. Yet, I continue to make use of it. It serves me more than it hurts me (so far). But I always remain aware that everything I do - every stroke of the keyboard - is a bit of recorded code somewhere that someone can look into.

Heck, just look at what happens with Steam and Civilization! Steam knows every minute of every hour that I play the game. More than that, they know everything about each and every game I play. Which leader I chose, what difficulty, how long the game lasted, etc. Amazon tracks ever purchase I make so it can better target advertising to me. AT&T knows each site I access via phone and AOL knows every time I use my phone to check email. (Yes, I am old and still use AOL). Netflix and Comcast know everything about my viewing tastes and schedule and send me messages accordingly.

Welcome to the Information Age!

 

Your post is too long to quote, so I'll just write a short reply.

Basically, my four points are what I want every company to do. That includes Firaxis. Since I bought this game before the EULA change, I can't really do much about it. "Don't buy Civ VI" isn't an option anymore. So, I post here.

As for the rest, I know how bad it is. I'm just saying that there are things that we all can and should do to protect our information. I've actually been fairly successful at keeping my photos off the Internet, for instance. In the case of Red Shell, I've blocked all traffic to and from their known URLs on my network. We shouldn't just surrender.

And, again, there's a big difference between willingly sharing information with a company (e.g. letting Netflix know which movies I like) and being tricked into unknowingly sharing information to a company (e.g. Red Shell).

 

My point is that I never felt "tricked" because I always operate under the assumption my data is being collected, processed and used in a hundred different ways.

 

This just doesn't seem like a real issue. Of course, pretty much everything on a computer has your data, and probably attempts to make use of it. What's the big deal? It doesn't make any real difference in a life.

 

And you are saying everyone else should stop complaining and do the same, and let your/their data get collected by anyone who wants to without having a say in the process? Am I reading this right?

 

Well, the main point is to always assume that if an app or OS requires some or constant internet access, it will collect data on you and your activities. For example, I keep most of my personal information on an external drive.

In this day and age it is not a wise choice to trust any and all software, even when you click on Decline.

 

Why so many complains about RedShell ? After paying so much money Firaxis has the graciousness to install full spyware for free. I mean, is not like they are making anything bad, OK? And it's FREE!!!!!

Moderator Action: Please do not troll. leif

 

Of course you have a say in the process! You have a choice to not use their products. You have a choice to not be on the grid.

Don't get me wrong, I believe in full disclosure, and I believe Firaxis should have sent clear notification that they now included Red Shell as one of the parties participating in data mining.

My main point, however, is that we - the public - have been agreeing to have our data collected for a long time now. Every Windows user, Netflix subscriber and cell phone owner is transmitting data every minute of every day. Every swipe of a credit card or electronic payment is data being collected somewhere. Some "terms and conditions" agreements are more clear than others, but they all say essentially the same thing. They are collecting data and sharing/selling it elsewhere. Even when they don't share it, your data is out there to be hacked.

Do you honestly believe Red Shell is collecting any more data than Windows, or the browser you use, or Steam, or any other service you've used? Its scary enough what they do notify you of let alone the real potential of what we are giving them. But we continue to give it even when notified because...its easier.

Yes, Firaxis should have notified us about Red Shell. They should have notified us they invited someone else to the party. But the party has been going on for a very long time.

 

Again, there's a big difference between willing data sharing and sneaky data sharing. I know that Netflix is collecting data about my viewing habits, because how else would they operate? I know that my credit card tracks my purchases, because again, how else would it work? I knowingly choose to share that information. I do it on purpose. It's (mostly) OK.

Red Shell was added more than a year after Civ VI was launched and more than a year after I paid Firaxis for their product. It was added with no obvious disclosure or explanation. Also, Red Shell isn't at all necessary for the game to work properly. That's not at all OK.

In any case, "That guy does it, too, so let's not care about this guy!" isn't a good argument for pretty much anything, ever.