FYI: Civ6 contains Red Shell Analytics Software

[Forster]

The big problem is that the opt-out instructions are not clearly shown They are buried in the EULA which tells you you don't really own the game. And if you don't accept the EULA, then you can't play the game and must return it for a refund. Ever try to return software that has been opened? I avoided steam for years because I didn't want all that crap on my computer, but it has gotten so the only place you can buy games and get updates is from places like steam, so now I do use it.

 

[Arent11]

The big problem is that the opt-out instructions are not clearly shown They are buried in the EULA which tells you you don't really own the game. And if you don't accept the EULA, then you can't play the game and must return it for a refund. Ever try to return software that has been opened? I avoided steam for years because I didn't want all that crap on my computer, but it has gotten so the only place you can buy games and get updates is from places like steam, so now I do use it.

That is the actual problem. You can use Gog, but there are only some games like divinity original sin or banner saga. The latest civilization they have is civilization IV & skyrim you won't find there as well. They basically force you to either accept Steam or into software piracy. And both are not really nice options, Steam, because I don't want to use it & software piracy, because the game developers actually earn to get their money. In fact, I would gladly pay 20 bucks more not to use Steam

 

[Gorbles]

There is a vast difference between programs that are part of running the program and those that are designed to report back to marketing and advertising.

Go to the Red Shell website, take a look and see if that is something you think needs to be on your computer. Is that something you would voluntarily install? And if it was designed just to see which ads were seen before purchasing the game, why is it still running long, long after purchase and install? How likely is it they are telling the truth about all the data they are collecting?

You wouldn't voluntarily install it because you have no use for it. That's like asking if I'd download a leading audio solution to professionally edit sound. I don't professionally edit sound. You don't aggregate anonymous data from a userbase to inform your company's best practises and lines of support.

I mean, we're going off of literally nothing here. There is nothing beyond your Steam ID which can indicate anything about you as a person (a Steam ID that's tied to your purchase and thus already easily available to the developer or publisher). Which you can set to private to ensure no further data is scraped from your profile (though I believe given the changes in advance of GDPR, and how that's affected sites like SteamSpy, this might not even be possible anymore).

If your baseline is "I can't trust anything they say" then, well, I have nothing to say. You're free to your opinion, and anything anyone says is unlikely to change your mind. I raised the example of Steam, of these forums. If you trust these vendors, but not Firaxis or 2K, then either they've done something pretty bad in the past that I'm unaware of (quite easy, I'm not informed about their general corporate history), or your trust is based on some kind of emotional factor. Which isn't reliable, of course. It's okay to be angry about something, to be happy. Emotions (contrary to popular belief) don't magically make you incapable of informed judgements. assuming you hold the relevant facts or data. But if that's all you have here, then it's a reflexive judgement. Not an informed one.

That's the old "stick to the dictionary" argument. But people simply don't do that. Spyware is a derogatory term for any kind of abusive data collection. Software isn't called "spyware" because it collects data (civilization forums), it's called spyware when the data doesn't end up in the places where it is supposed to be or is used to gain some insights people find scary (We know where you live, what your political inclinations are, your sexual preferences etc.). All this can be done with consent & people will still feel that you are "spying" on them.

I understand that some people get worked up when language doesn't adhere to their dictionary. But dictionaries *record* language, they don't define it. And I have never, ever seen someone use the term "spyware" with regards to whether consent is given or not.

It's not a matter of being worked up, it's sticking to words that make sense and have meaning. Language evolves all the time, and all dictionaries do is keep up. But they still record the established meaning of the word in question. If you're going to throw out "spyware" every time you come across telemetry, eventually, people are going to stop listening to you.

Therefore logically, if you want people to listen to you, you need to establish some kind of ground rules. The ground rules here are English. Or at least, what spyware means in English (bearing in mind technology often advances faster than defined language can keep up). Now, we can have a discussion around your claims of "abusive" data collection here - that would perhaps be worth having. Is there any evidence the data collected is in any way used in an abusive manner?

These things can absolutely still be scary, but let's not pretend this is something like Facebook here. The data being gathered - as per the links in the OP - aren't going to define you in any reasonable manner (especially if you have a private Steam profile, for example). We need to debate this specific example, instead of going "well this whole practise when taken to an extreme can be abusive". That goes without saying, and goes for a great many things on this planet. What specifically is wrong with Red Shell's software? What difference is it from 2K, or Firaxis, doing exactly the same thing with a homebrew solution that they've likely put into previous products? Let's talk about specifics!

 

[BlackSmokeDMax]

You wouldn't voluntarily install it because you have no use for it. That's like asking if I'd download a leading audio solution to professionally edit sound. I don't professionally edit sound. You don't aggregate anonymous data from a userbase to inform your company's best practises and lines of support.

And I wouldn't expect my customers to install audio solution software to listen to my edited sound. I also don't expect to install their software which follows my actions outside of their program. That is spying on what I am doing. Does everyone seem to do these days? Yes. Does that make it ok? NO!

If your baseline is "I can't trust anything they say" then, well, I have nothing to say.

My baseline is why should I trust them? Perhaps if they had told me they were going to install something which was going to watch what I was doing outside of playing their game. Including it in the EULA is not a very trustworthy way of doing it. How about making it opt-in to begin with? Of course they won't do that because no one would agree to it and would never opt in. So they sneak it in. That breeds distrust.

Do you believe it is unreasonable to trust them after sneaking in unnecessary software on a customer's computer?

 

[Arent11]

It's not a matter of being worked up, it's sticking to words that make sense and have meaning. Language evolves all the time, and all dictionaries do is keep up. But they still record the established meaning of the word in question. If you're going to throw out "spyware" every time you come across telemetry, eventually, people are going to stop listening to you.

But that is the established meaning. And it makes sense. And people use it that way. You yourself said it: "spyware is (these days) a rather emotionally-charged word that is used to describe 'any software I don't like'." Now, you of course exaggerate it to counter it better (Strawman argument), but you are right insofar that spyware is used as derogatory term for abusive data collection. Nothing more, nothing less.

Therefore logically, if you want people to listen to you, you need to establish some kind of ground rules. The ground rules here are English. Or at least, what spyware means in English (bearing in mind technology often advances faster than defined language can keep up).

But it makes perfect sense to define "spyware" as abusive data collection. I agree that it is a broad definition & one Steam surely doesn't like, but again, it isn't invalid, it's just how people use the word.

 

[Kwami]

So, what ports can I block to disable the telemetry gathering?

 

[Arent11]

My baseline is why should I trust them? Perhaps if they had told me they were going to install something which was going to watch what I was doing outside of playing their game. Including it in the EULA is not a very trustworthy way of doing it. How about making it opt-in to begin with? Of course they won't do that because no one would agree to it and would never opt in. So they sneak it in. That breeds distrust.

My baseline is that I trust the mods of civfanatics. That's why I won't call civfanatics spyware. If there was a big news article claiming that the data on civfanatics was sold to the highest bidder I would start to mistrust them. And then I might start to accuse civfanatics of "spying" on me.

 

[Gorbles]

So, an emotional argument. The moderators of this site have nothing to do with Curse LLC. I trust the moderators of this site. I do not know a single person that works for Curse LLC.

I do however expect Curse LLC to comply with laws and regulations with regards to handling my data, because in 2018 that's a very easy way to have something bad to happen to you. Which is why I have the same expectations of Red Shell.

And I wouldn't expect my customers to install audio solution software to listen to my edited sound. I also don't expect to install their software which follows my actions outside of their program. That is spying on what I am doing. Does everyone seem to do these days? Yes. Does that make it ok? NO!

My baseline is why should I trust them? Perhaps if they had told me they were going to install something which was going to watch what I was doing outside of playing their game. Including it in the EULA is not a very trustworthy way of doing it. How about making it opt-in to begin with? Of course they won't do that because no one would agree to it and would never opt in. So they sneak it in. That breeds distrust.

Do you believe it is unreasonable to trust them after sneaking in unnecessary software on a customer's computer?

Again, it's not sneaking anything in. It's a legal piece of software. There is no sneaking. It is standard to include such things in a EULA, and as much as it'd be fun to go all-in on that tangent it gets far too close to politics for my liking.

You can dislike it as much as you want, and I urge you to follow the opt-out procedure noted earlier in the thread. But you personally not trusting them in not an argument that applies to anyone else. It's a personal argument. There is no previous breach of privacy. The sniffing around by reddit has revealed all they're actually gathering on you (which isn't a lot). There isn't any more to find. There is nothing to go on here, except these "why should I trust them" arguments.

Nobody's saying you have to trust them. That's why I've explicitly highlighted how to opt-out twice so far in this thread. But trying to make things up about how it's "sneaky" to "sneak" regular telemetry permissions into an EULA is not an argument. You don't seem interested in exploring why software companies include this (incredibly plain and obvious) kind of data collection. You just seem intent on being as vocal as possible about how underhanded Firaxis or 2K are being.

It's not a matter of "everyone is doing it so it's okay". It's "you're spreading a fabrication invented by reddit". Red Shell can't access Steam's databases. Nobody can, apart from Valve and / or people using Valve's own APIs. All Red Shell have is anonyimised telemetry about the platform you're running the game from.

I was happy to give you the benefit of the doubt, and still am. But please consider moving away from spreading misinformation, and actually talk about what's happening here. The goalposts keep moving, and that doesn't fill me with confidence.

Your customers don't need the specialised audio solution to listen to sound. But if you need to bake it in to let them hear that sound, you will. Much like how the average user has no use for most of the Havok library (something I mentioned earlier). But you bake the whole thing in. Or a specific subset, according to your needs (I don't know how compartmentalised Havok is). Your customers will get a set percentage of the compiled Havok library despite having no need for anything in it that the game doesn't use.

But as I said. Ultimately pointless to explain, or even force a discussion on you, if you simply don't want to trust them. That's entirely your choice.

But that is the established meaning. And it makes sense. And people use it that way. You yourself said it: "spyware is (these days) a rather emotionally-charged word that is used to describe 'any software I don't like'." Now, you of course exaggerate it to counter it better (Strawman argument), but you are right insofar that spyware is used as derogatory term for abusive data collection. Nothing more, nothing less.

But it makes perfect sense to define "spyware" as abusive data collection. I agree that it is a broad definition & one Steam surely doesn't like, but again, it isn't invalid, it's just how people use the word.

I didn't exaggerate anything. That's exactly what it was being used as, both at the start of this thread, and in the linked reddit thread(s).

We're talking about rather basic telemetry. It's on you to prove the claim that what is bundled with Civilisation VI is abusive. I've asked you to do so.

-----------------------------

EDIT

I've been made aware Red Shell has an FAQ on its site to answer precisely these kinds of questions. If it helps anyone at all, I recommend giving it a once over:

https://redshell.io/gamers

 

[BlackSmokeDMax]

Not sure what Curse LLC is. Was that not directed at me?

Again, it's not sneaking anything in. It's a legal piece of software.

I never claimed it was illegal. The fact that it is legal does not preclude them from 'sneaking' it in.

Nobody's saying you have to trust them. That's why I've explicitly highlighted how to opt-out twice so far in this thread. But trying to make things up about how it's "sneaky" to "sneak" regular telemetry permissions into an EULA is not an argument. You don't seem interested in exploring why software companies include this (incredibly plain and obvious) kind of data collection. You just seem intent on being as vocal as possible about how underhanded Firaxis or 2K are being.

I would call it sneaking it in only because it is not a piece of the software that is required to make the game run properly. Does opting out remove the requirement of the software being present and running, does it even stop the sending of data? Or does it just send them a flag to remove your data from their calculations?

Firaxis/2K/Take2 finding out which of their advertising programs is working best for their money is certainly something they would wish to know. Fine, let me know up front (not buried in the EULA.) The fact that they are not up front about it is what makes them somewhat untrustworthy.

It's not a matter of "everyone is doing it so it's okay". It's "you're spreading a fabrication invented by reddit about something that is in no way identifying you as a person". They can't access Steam's databases. All they have is anonyimised telemetry about the platform you're running the game from. I was happy to give the benefit of the doubt, and still am. But please consider moving away from deliberately spreading misinformation, and actually talk about what's happening here. The goalposts keep moving, and that doesn't fill me with confidence.

I never claimed they were identifying me as a person. And I'm not sure which goalposts I am moving. My main concern is only the installation of software that has the sole purpose of tracking things for marketing and advertising without my knowledge. I acknowledge that I define burying things in a EULA as not disclosing things, even though they have legally done so.

I am also not sure which misinformation I am spreading, much less deliberately. I looked at Red Shells web page to see what Red Shell is all about, not reddit. I found out about this either on Steam or here on the civfanatics forums when I came to check in on a couple followed CivVI mod threads. Not sure which I of the two I went to first.

 

[leif erikson]

Firaxis/2K/Take2 finding out which of their advertising programs is working best for their money is certainly something they would wish to know. Fine, let me know up front (not buried in the EULA.) The fact that they are not up front about it is what makes them somewhat untrustworthy.

I'm curious how you would propose they "let you know up front"?

The EULA is the official document that tells you about the software you are about to use. I had never read it before I checked it when this came up. I found it within three minutes of reading. It is full disclosure and gives you a link to where you can read more if you wish.

 

[BlackSmokeDMax]

I'm curious how you would propose they "let you know up front"?

The EULA is the official document that tells you about the software you are about to use. I had never read it before I checked it when this came up. I found it within three minutes of reading. It is full disclosure and gives you a link to where you can read more if you wish.

Ideally in the area Steam makes available to identify either 3rd party DRM, or 3rd party EULA's. I think that would be a perfect spot for such an item. Would allow you to make a decision very early in the process.

 

[Gorbles]

Not sure what Curse LLC is. Was that not directed at me?

I never claimed it was illegal. The fact that it is legal does not preclude them from 'sneaking' it in.

I would call it sneaking it in only because it is not a piece of the software that is required to make the game run properly. Does opting out remove the requirement of the software being present and running, does it even stop the sending of data? Or does it just send them a flag to remove your data from their calculations?

Firaxis/2K/Take2 finding out which of their advertising programs is working best for their money is certainly something they would wish to know. Fine, let me know up front (not buried in the EULA.) The fact that they are not up front about it is what makes them somewhat untrustworthy.

I never claimed they were identifying me as a person. And I'm not sure which goalposts I am moving. My main concern is only the installation of software that has the sole purpose of tracking things for marketing and advertising without my knowledge. I acknowledge that I define burying things in a EULA as not disclosing things, even though they have legally done so.

I am also not sure which misinformation I am spreading, much less deliberately. I looked at Red Shells web page to see what Red Shell is all about, not reddit. I found out about this either on Steam or here on the civfanatics forums when I came to check in on a couple followed CivVI mod threads. Not sure which I of the two I went to first.

That first bit was directed at Arent11, sorry. Curse LLC is the legal person or company that you agree to the terms of when accepting tracking cookies (and / or anything else) when using this site.

And I've been over this over with someone else, but you can't use language like "sneaking" without the inference that they're somehow doing this in a way that is illegal. It's an attempt to make the inclusion of the software seem worse than it is. It's not a neutral term.

Again, we are changing the scope of the argument. Your original question was "do you think this is something that needs to be on your computer". It is now "I should have been told about this upfront". These are different arguments, that I would respond to differently. I can't respond to them in the same way, nor would I want to.

To break this down, you are not installing software that has the sole purpose of tracking things. You are installing a game that comes bundled with a module that tracks things. Like the game also comes bundled with all the other pieces of middleware I talked about earlier in the thread. The difference is you personally do not consider the data being aggregated to be of use. Why do you feel it isn't of any use? Why do you think this hasn't happened before? If you accept that this has happened before, why wasn't it a concern then? Do you consider the information stated in the OP as being collected is dangerous?

I'm trying to work out your exact problem beyond "the people who made the game i play get some data about the machine i play it on", which is a necessity not just for marketing but also product and technical support. And again, it is something you can opt out of. You can wish for this opt-out to be presented in a different way, that's an absolutely fair suggestion. But that's a far cry from "this shouldn't exist on my computer", which was the initial argument made.

 

[BlackSmokeDMax]

And I've been over this over with someone else, but you can't use language like "sneaking" without the inference that they're somehow doing this in a way that is illegal. It's an attempt to make the inclusion of the software seem worse than it is. It's not a neutral term.

Fine, I can accept that. Not sure what the proper word to use would be. Deceptive is also close but not really accurate. Under-the-radar ??

To break this down, you are not installing software that has the sole purpose of tracking things. You are installing a game that comes bundled with a module that tracks things. Like the game also comes bundled with all the other pieces of middleware I talked about earlier in the thread. The difference is you personally do not consider the data being aggregated to be of use. Why do you feel it isn't of any use? Why do you think this hasn't happened before? If you accept that this has happened before, why wasn't it a concern then? Do you consider the information stated in the OP as being collected is dangerous?

My argument about the other middleware is it is necessary to play the game. I would say you are being somewhat disingenuous in relating the two together. The piece of software in question has no use other than in tracking how well their advertising is working. I do not deny it is important to them. However, there is no way it is necessary for that software to be a requirement without them making it that way on purpose. If they were tracking debugging information with it, it would be somewhat plausible. In my opinion, of course as all of this is, there would still be no reason to link performance/debugging with advertising/marketing by a 3rd party.

I'm trying to work out your exact problem beyond "the people who made the game i play get some data about the machine i play it on", which is a necessity not just for marketing but also product and technical support. And again, it is something you can opt out of. You can wish for this opt-out to be presented in a different way, that's an absolutely fair suggestion. But that's a far cry from "this shouldn't exist on my computer", which was the initial argument made.

Fair enough, my initial argument should have been stated as:

"this shouldn't exist on my computer" without my implicit permission.

 

[Chefofrats]

Anyway, I sent them an e-mail request to stop game-based tracking. They replied quite quickly. My request is being processed by the service's administrators. They are promising to e-mail me when the process is finished.

 

[Ferocitus]

How likely is it they are telling the truth about all the data they are collecting?

About as likely that they will admit that their dll (like most others)
is a security hole, or that they don't on-sell your data without your
permission.
They might not be outright liars, but they prevaricate like Microsoft
and many other creepy companies.

 

[TheMadTitan]

They're not smuggling anything anywhere. It's integrated into the product, is completely legal, and doesn't do anything beyond provide analytics that help Firaxis debug game reports (and marketing analyse their consumer base). It's incredibly normal.

Like I said, using popular examples such as Steam or this forum. Which I don't see people complaining about. Use the link I explicitly highlighted to opt-out of the service, if you don't want to participate. If your concern is your personal involvement in a service you did not ask for, that's all you need to do. That is the constructive thing to do.

Calling something you don't understand "crap" is, well, not constructive. It doesn't reassure me that you're approaching this with an open mind and in good faith. If you want to understand why so many companies do this kind of thing, and subsequently why somebody offers a product to integrate into other pieces of software, then of course, I'd be happy to.

People hate to be told their wrong, and you are right, it was written in the terms and conditions, companies often use analytics software to collect information from devices that install their games, its not really spyware if you think about it

 

[Ferocitus]

People hate to be told their wrong, and you are right, it was written in the terms and conditions, companies often use analytics software to collect information from devices that install their games, its not really spyware if you think about it

Yeah, and Windows 10 is not spyware, it's just an OS.

 

[Forster]

I admit I had to laugh at the statement made that no one can access the data but valve and people using valve's api. I wonder what was said to the banks, defense and corporations that have had their data hacked. I am sure they were all told nobody could access their data. The point for me is that the use should be listed right up front, not buried in legalese (or perhaps both places to satisfy the legal beagles) with the option to opt out. It should never be a requirement to play a game you just paid for.

 

[TheMeInTeam]

And I've been over this over with someone else, but you can't use language like "sneaking" without the inference that they're somehow doing this in a way that is illegal. It's an attempt to make the inclusion of the software seem worse than it is. It's not a neutral term.

That's a forced interpretation, not reality. "Sneaking" carries a negative implication, but does not imply illegal activity any more than a sneak attack during Civ 6 implies cheating.

It's usage in this context is reasonable. Nobody's doing anything illegal, but at the same time this was implemented in a way people are less likely to notice and requires active effort to avoid if playing Civ 6.

Yeah, and Windows 10 is not spyware, it's just an OS.

An annoying and forceful one at that. The sooner games stop working off microsoft exclusive stuff, the sooner I drop windows completely. Though devs would have to stop lying/false advertising (depending on company - Paradox is literally false advertising this) about cross platform support too.

 

[Gorbles]

Fine, I can accept that. Not sure what the proper word to use would be. Deceptive is also close but not really accurate. Under-the-radar ??

My argument about the other middleware is it is necessary to play the game. I would say you are being somewhat disingenuous in relating the two together. The piece of software in question has no use other than in tracking how well their advertising is working. I do not deny it is important to them. However, there is no way it is necessary for that software to be a requirement without them making it that way on purpose. If they were tracking debugging information with it, it would be somewhat plausible. In my opinion, of course as all of this is, there would still be no reason to link performance/debugging with advertising/marketing by a 3rd party.

Fair enough, my initial argument should have been stated as:

"this shouldn't exist on my computer" without my implicit permission.

Under the radar, sure. Which is why I was talking about the other middleware.

I'm not being disingenuous at all, I simply fear you can't look past the implicit bias in anonymous data being a part of your gaming experience vs. something as integral like the physics engine. If this data was somewhat recognisable, I would share your concerns. The fact that I've mentioned technical and first-line support twice now, and you still maintain the only use of this data is for advertising purposes.

You're free to dislike it. You're free to request the opt-out. I don't disagree that there are ways these things could be made more visible. But unfortunately, as I mentioned at the very start of the thread, the law often trails behind on these things. GDPR has been coming for two years and tons of companies still scrambled to do something about it. But when people call it spyware, it's a fundamental misunderstanding - at best. At worst, it's to spread a malicious rumour, as I alluded to in the past. I don't believe this here with you, at all. However, I do think it's more than a misunderstanding. I think it's easier for you to believe that this is bad, or underhanded in some way. And that's fine - we often have personal experiences and stories that back up these misgivings.

But that's why I came into this thread in the first place - to try and inject some discussion around it. Screen resolution, Steam ID, browser version - these are all things that are relevant to both customer and technical support. Why do you think that they're not?

I admit I had to laugh at the statement made that no one can access the data but valve and people using valve's api. I wonder what was said to the banks, defense and corporations that have had their data hacked. I am sure they were all told nobody could access their data. The point for me is that the use should be listed right up front, not buried in legalese (or perhaps both places to satisfy the legal beagles) with the option to opt out. It should never be a requirement to play a game you just paid for.

I'm confused. Is or is not Red Shell's access legitimate?

If you're concerned about a third party hacking, then of course, that's a serious matter. But absolutely nothing to do with Red Shell, and something that can happen to anyone nomatter how good their security is. Again, I raise the example of this forum, if that's something you're worried about. It's your right to be concerned, but I don't think you're applying that concern fairly, here.

You can demand things be listed upfront. You can ask for change. You can attempt to argue what a game does and doesn't need to run. But none of that is was debating (though I seem to have morphed into that last bit over time).

That's a forced interpretation, not reality. "Sneaking" carries a negative implication, but does not imply illegal activity any more than a sneak attack during Civ 6 implies cheating.

It's usage in this context is reasonable. Nobody's doing anything illegal, but at the same time this was implemented in a way people are less likely to notice and requires active effort to avoid if playing Civ 6.

"furtive and contemptible", according to Google. There's no forced interpretation, other than the worldview that all interpretations are forced because we're likely to side with the specific dictionary definition (of which there are obviously more than one) that we personally agree with. Sneaking is, by your agreement, a negative term. If we load the discussion with these, it doesn't help anyone. The illegal implication is arguable, which is why I called it an inference. Though the person I was talking with has moved on from that, so I'm kinda puzzled at your goal here. Other than to state your agreement with the description of this software we're all talking about, which you could do by simply saying that.

But you've also skipped over all the posts pointing out how other companies do it, and I'm afraid at this stage in the thread given your stated dislike of specific companies, selective behaviour doesn't wash. Other companies doing it doesn't make it morally right, absolutely. But people not caring about something until an incident like this indicates that, again, your perception might be being clouded by bias.

We've had people claim Red Shell could do something unsavoury with the data. We've had people talk about successful hacks on high-profile targets. Rather far-fetched scenarios, honestly. And yet, the best I've gotten in response to "how about these forums" is one person saying "I trust these forums". Data security is an important topic, we should always challenge ourselves on why we criticise some apparent (unproven) violations more than others.

EDIT

I use these forums as an absolute hypothetical, mainly because I was staring at the GDPR-inspired banner for a week or so before I did something with it. There are a billion other examples of services people take for granted that they assume a modicum of trust with. If you're going to argue from the position that you can't, won't, or shouldn't trust this company with your data, you should explain why, using comparative examples.