FYI: Civ6 contains Red Shell Analytics Software

[TheMeInTeam]

"furtive and contemptible", according to Google. There's no forced interpretation, other than the worldview that all interpretations are forced because we're likely to side with the specific dictionary definition (of which there are obviously more than one) that we personally agree with.

When someone uses a word in a given context, it's up to them to determine which dictionary-defined/widely accepted definition applies to their usage.

That said, even being "furtive and contemptible" does not require or even imply illegality. There's a rather large possibility space of actions that meet such a description but won't get someone in any legal trouble, even if being caught doing them is not going to win friends.

But you've also skipped over all the posts pointing out how other companies do it, and I'm afraid at this stage in the thread given your stated dislike of specific companies, selective behaviour doesn't wash. Other companies doing it doesn't make it morally right, absolutely. But people not caring about something until an incident like this indicates that, again, your perception might be being clouded by bias.

I haven't weighed in much in this thread to this point. I'm not a fan of any company doing it. The only particularly notable things in this case are that 1) someone noticed and posted it on the forum and 2) it's tethered to the game this forum is discussing.

If you asked me if I considered Google more "furtive and contemptible" than Firaxis my answer would be "obviously yes to both and by a wide margin", that's just outside the scope here. Google's stuff is of course still widely used.

I'd rather both forum and game devs alike stick to tracking information they need, as in both cases this has the least security risk and avoids trouble. I'm not going to claim the practices this thread highlights are exceptional, but they still are not something to be celebrated or liked. Maybe they don't annoy people enough to intolerable, quite likely behavior patterns are showing us that while annoying people do tolerate it/put it out of mind.

 

[Gorbles]

When someone uses a word in a given context, it's up to them to determine which dictionary-defined/widely accepted definition applies to their usage.

That said, even being "furtive and contemptible" does not require or even imply illegality. There's a rather large possibility space of actions that meet such a description but won't get someone in any legal trouble, even if being caught doing them is not going to win friends.

Which is exactly why I said it was arguable. But I have enough things going on here for another tangent, sorry!

I haven't weighed in much in this thread to this point. I'm not a fan of any company doing it. The only particularly notable things in this case are that 1) someone noticed and posted it on the forum and 2) it's tethered to the game this forum is discussing.

If you asked me if I considered Google more "furtive and contemptible" than Firaxis my answer would be "obviously yes to both and by a wide margin", that's just outside the scope here. Google's stuff is of course still widely used.

I'd rather both forum and game devs alike stick to tracking information they need, as in both cases this has the least security risk and avoids trouble. I'm not going to claim the practices this thread highlights are exceptional, but they still are not something to be celebrated or liked. Maybe they don't annoy people enough to intolerable, quite likely behavior patterns are showing us that while annoying people do tolerate it/put it out of mind.

How do you decide what is "needed"? How are you judging these examples? I've asked people - repeatedly - for clarification on these points.

This is partly why I kept the example to these forums (and only mentioned Steam once or twice); the larger the company, the more you'd expect a lack of trust from a consumer (understandably). We all trust CFC to the extent that we post on it, and I (and others) trust the folks running it. I extent that trust to companies like Red Shell. Others don't, and I'm interested in finding out why.

If people scraping data from network traffic and diving into DLLs can only uncover the data linked (and quoted) in the OP, that's not a lot of data at all. Which of the attributes raised do you think are unnecessary?

 

[TheMeInTeam]

I extent that trust to companies like Red Shell. Others don't, and I'm interested in finding out why.

My guess is that most hadn't even heard of Red Shell, and I extend Firaxis less trust than you do in the first place.

How do you decide what is "needed"? How are you judging these examples?

Actually the presumption is that they don't "need" any data whatsoever, and could literally get by just fine selling a game that doesn't track anything about users.

Now, what justifies need for some of this stuff? It seems to be looking at browser history for "ad effectiveness". What else might be picked up in that process? What could possibly go wrong?

 

[Gedemon]

It's not looking at browser history.

 

[BSPollux]

Gorbles, good job trying to keep this thread on track and provide some information on the subject.

From what I read here, I must say I'm ok with everything happening as it does. As a consumer, and one with the average amount of lazyness, I give the EULA a quick look and hardly ever read it in full. I am aware that it would be the responsible thing to do to read them all, but I am using way to many products that get way to many updates to read all of that. The downside is, I am not completely informed about things. I know that.

But here's the point: In modern society, I am depending on a million things to work well without me having all information or direct control over it. The water supplied to my home needs to be clean, but I dont actually know in detail how MY water is treated. I got a general idea on how it works but I never personally checked all the mashines and all the pipes that pump it to MY house. I just trust it to be save. Same with electricity, and all other public services. Or if I buy a car, food... if I visit the doctor. I accept that I dont have full control or knowledge.

I can only do that, because I have a reasonable amount of trust in the authorities that monitor these things in my name. I trust the officials that check these things and that make and enforce the rules of society. And that's exactly what I am doing in this case as well. This software is KNOW TO EXIST. It's not hidden and it wasn't smuggled it. It is a legal part of the product and it was added in the standard way. The EULA is a legal document and I agreed to it. All I can do is to hope that law enforcement will act if someone breaks the rules that I don't even try to understand in every detail.

I'm fine with that.

 

[DJ_Tanner]

And I wouldn't expect my customers to install audio solution software to listen to my edited sound. I also don't expect to install their software which follows my actions outside of their program. That is spying on what I am doing. Does everyone seem to do these days? Yes. Does that make it ok? NO!

My baseline is why should I trust them? Perhaps if they had told me they were going to install something which was going to watch what I was doing outside of playing their game. Including it in the EULA is not a very trustworthy way of doing it. How about making it opt-in to begin with? Of course they won't do that because no one would agree to it and would never opt in. So they sneak it in. That breeds distrust.

Do you believe it is unreasonable to trust them after sneaking in unnecessary software on a customer's computer?

I mean if they asked you to opt into a font manager would you? No, people aren't going to opt-in because they don't want to read what they are really looking at and assume they don't want it, so that really isn't the best argument. Its marketing data that is needed for the company to run more successfully. They aren't running some super resource intensive thing on your end.

And marketing analytics tracking really is just as benign as a font manager is. It is something that has no impact on you, unless you fear the ability to track any purchase back to your userID. And if that is the case, then I really hope you have never used a point of sale (POS) system in any store before. Basically you have better never used a debit/credit card before.

 

[Ferocitus]

We're talking about rather basic telemetry. It's on you to prove the claim that what is bundled with Civilisation VI is abusive. I've asked you to do so.

Sure, show us the source code.

And, yes, it's very easy to over-state a case.
Sneaky doesn't necessarily mean that an action is illicit or illegal, as some
have said.
It is underhanded and not transparent when there's a clear acceptable
alternative - explicit opt-in - instead of forcing it on users and covering up
via beige middle-management quasi-legalese in EULA fine print.

Protip: Don't trust anyone arguing for opt-out. They are doing it to help
themselves and their products: your feelings about it are immaterial.

 

[Gorbles]

Actually the presumption is that they don't "need" any data whatsoever, and could literally get by just fine selling a game that doesn't track anything about users.

Now, what justifies need for some of this stuff? It seems to be looking at browser history for "ad effectiveness". What else might be picked up in that process? What could possibly go wrong?

So your position is that none of it is necessary. Fair enough. I completely disagree on the grounds of technical support alone, but at least I understand where you're coming from now.

I also don't believe you're being fair on Firaxis. You accept and deal with other companies doing similar things for, I'm sure, understandable reasons. You may not like it, but you still accept it. There is a difference between how you rationalise them, and how you rationalise this. And I think it stems from that perception you have of Firaxis and / or 2K.

Sure, show us the source code.

And, yes, it's very easy to over-state a case.
Sneaky doesn't necessarily mean that an action is illicit or illegal, as some
have said.
It is underhanded and not transparent when there's a clear acceptable
alternative - explicit opt-in - instead of forcing it on users and covering up
via beige middle-management quasi-legalese in EULA fine print.

Protip: Don't trust anyone arguing for opt-out. They are doing it to help
themselves and their products: your feelings about it are immaterial.

I'm not the one making the claims, here. I don't need to show you anything.

As for your arguments about defending the use of the word "sneaky", please do read most of the other posts I've made so far. I've covered that in extensive depth.

Also, to confirm my earlier suspicions, it's sad to see people telling folks who to "trust". You don't want a talk here, you just want to appeal to the crowd. You keep throwing these labels at Red Shell without ever explaining why. They're bad because you say they're bad. They're different from any other company that takes your data because you have personally decided that they are different. It's a circular argument, and the best I can do is illustrate it plainly, here.

The OP has all the attributes that have been discovered being sent to Red Shell. You have them, right there, in a quote block.

Like I said to other posters, asking for the entire industry to change the way it approaches modular components and user permissions is a fair idea. It's not going to happen anytime soon, but there's nothing wrong with you asking for it. But that's a very different argument from "this is spyware". Like I said, you have to prove the abusive nature of the data collection. We have nothing here but speculation, and what little data we do have shows a complete lack of personalised data being forwarded anywhere, to anyone.

 

[Archon_Wing]

I also don't believe you're being fair on Firaxis. You accept and deal with other companies doing similar things for, I'm sure, understandable reasons. You may not like it, but you still accept it. There is a difference between how you rationalise them, and how you rationalise this. And I think it stems from that perception you have of Firaxis and / or 2K.

https://en.wikipedia.org/wiki/Whataboutism

 

[blackbutterfly]

For UK citizens/consumers if you're upset about Red Shell in Civ VI then you can complain to ICO -> https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ EU citizens can also complain to the authority in your home country.

(Don't worry if you don't know the details of what Red Shell tracks or if it is legal or not, the respective authority will determine if 2K is in breach of GDPR or not)

Exercise your GDPR rights!

 

[Kwami]

Does anyone know which ports Red Shell uses?

 

[DJ_Tanner]

(Don't worry if you don't know the details of what Red Shell tracks or if it is legal or not, the respective authority will determine if 2K is in breach of GDPR or not)

Exercise your GDPR rights!

Absolutely no one should do that. I don't know why anyone would suggest that people be willingly ignorant to the situation, but all you are suggesting is creating a public nuisance taking time and resources away from actual concerns. People should be aware of what they are doing. You want others to be responsible with your data then you should be responsible about it too.

If you have a concern about any data collection from any company, first find out what data they collect and what their storage/safeguards are for the data. Complaints should only be made if there are concerns about security, inaccurate data, unauthorized disclosures, keeping data longer than required, and/or using data for a purpose other than stated. If you can't find or can't understand that information, make a request to the company to have them provide it to you. If they don't get back to you in a timely manner or if you still have concerns after receiving their response, then you should file a complaint.

 

[blackbutterfly]

Absolutely no one should do that. I don't know why anyone would suggest that people be willingly ignorant to the situation, but all you are suggesting is creating a public nuisance taking time and resources away from actual concerns. People should be aware of what they are doing. You want others to be responsible with your data then you should be responsible about it too.

If you have a concern about any data collection from any company, first find out what data they collect and what their storage/safeguards are for the data. Complaints should only be made if there are concerns about security, inaccurate data, unauthorized disclosures, keeping data longer than required, and/or using data for a purpose other than stated. If you can't find or can't understand that information, make a request to the company to have them provide it to you. If they don't get back to you in a timely manner or if you still have concerns after receiving their response, then you should file a complaint.

Ok. Now I know which side of the fence you sit. I kinda got that impression from the Poundmaker discussion

---

People, don't let these armchair lawyers intimidate you. Instead of wasting 5-10 mins posting on forums lodge a complaint with ICO or the relevant authorities. They will guide you through the appropriate process.

No, it's not a waste of public resources. There is sufficient consumer uproar over the use of Red Shell (and EULA) in Civ VI from forums and the reviews on Steam -> https://steamcommunity.com/app/289070/reviews/

It is your duty as a citizen of the EU/UK to ensure consumers are not exploited by companies breaking GDPR law. So you'd be acting responsibly, not a "nuisance" as @DJ_Tanner suggests.

 

[Gorbles]

https://en.wikipedia.org/wiki/Whataboutism

Selectively quoting my post with a link to Wikipedia is not an argument.

I'm saying "I don't think they're being fair". I'm not saying "they're being hypocritical and therefore wrong". This is a topic which is obviously influenced by emotional arguments, and I seek to explore them. I'm not aiming for "wrong". I'm aiming for "why". Please do explain what your argument more, in case I misinterpret it.

For UK citizens/consumers if you're upset about Red Shell in Civ VI then you can complain to ICO -> https://ico.org.uk/make-a-complaint/your-personal-information-concerns/ EU citizens can also complain to the authority in your home country.

(Don't worry if you don't know the details of what Red Shell tracks or if it is legal or not, the respective authority will determine if 2K is in breach of GDPR or not)

Exercise your GDPR rights!

Nothing about this violates GDPR.

GDPR requirements involve a) the data being anonymised (or at least partially to the extent it satisfies the law) and b) the right for a person or persons to opt-out. By all accounts, this is already being fulfilled. I've even linked an FAQ which details the extent to which they store the data.

Unfortunately, the term has been co-opted by people online (as evidenced by the reddit thread linked, which is why I was urging people to not indulge in that reddit thread) as some kind of magical catch-all that lets them target the companies they personally want to target.

This is dangerous, and I don't support it. This is not pro-consumer. This is using valid consumer concerns to cause hassle over things that (arguably) aren't actually a problem.

 

[blackbutterfly]

Nothing about this violates GDPR.

I'd rather hear that from the ICO

---

FYI in case you're wondering why I haven't filed a complaint myself with the ICO it's cos I already have a more serious ongoing complaint about my medical records that I initiated Nov last year.

As many of you know I've been diagnosed with a very serious illness 5 yrs ago and have been on sick leave for at least the last year. (I got to play a ton of Civ though. Silver linings!)

NHS SAR just released previously "missing" medical records surmounting to more than half my entire file! So the NHS (UK health service) broke the law by not giving me my medical file in its entirety in 2014. Still missing are key records, so perhaps they're in breech again.

I already have a pending complaint with ICO. Perhaps something even more litigious. Fabrication of medical records - which is a crime - and coverup of an earlier misdiagnosis, very serious in fact. Like Orwellian 1984 serious

 

[Archon_Wing]

Selectively quoting my post with a link to Wikipedia is not an argument.
.

I mean that's like 70% of that particular chunk, but....

Well, just pointing something out. Finding inconsistencies on the relative positions is not actually any indicator of bias.

I'm saying "I don't think they're being fair". I'm not saying "they're being hypocritical and therefore wrong". This is a topic which is obviously influenced by emotional arguments, and I seek to explore them. I'm not aiming for "wrong". I'm aiming for "why". Please do explain what your argument more, in case I misinterpret it.

Ah, so people aren't wrong. They're just making arguments that are based on emotion (and thus irrational) and also are biased. I honestly can't see the difference since there isn't much credibility to such an opinion?

See, I don't see any argument in this thread that's an "emotional" one. Might want to think about it why you may have perceived it as such.

 

[leif erikson]

Moderator Action: Please discuss the topic, not other posters and not speculating on their motives. We now all know Red Shell is there and if that is a problem for you there is a way to opt-out or report it to the proper authorities. There is no need to attack one another.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889

 

[God of Kings]

As I said earlier, there is a way to play Civ VI without Red Shell: it is by playing on the Mac App Store version or the iOS version, neither of which have Red Shell and it's very easy to opt out of Apple Analytics.

 

[Ferocitus]

I'm not the one making the claims, here. I don't need to show you anything.

Oh yes you are: you are claiming everything is above board.
Shows us the source code and I might agree with you.

 

[Gedemon]

Oh yes you are: you are claiming everything is above board.
Shows us the source code and I might agree with you.

As said it's a matter of trust.

If you don't trust the apps to do what it says it does, then even the source code of the Red Shell DLL wont prove anything for you, because if it does something malicious, it can be included in other parts of the software.

By extension, how can we know that the mac version is not using that tool: there are possibilities to include it in another form than an external DLL