FYI: Civ6 contains Red Shell Analytics Software

[Ferocitus]

As said it's a matter of trust.

If you don't trust the apps to do what it says it does, then even the source code of the Red Shell DLL wont prove anything for you, because if it does something malicious, it can be included in other parts of the software.

By extension, how can we know that the mac version is not using that tool: there are possibilities to include it in another form than an external DLL

Yes, it's a matter of trust, and it's always prudent, from a security
pov, to assume that the code is not safe until the source code has
been scrutinised.

Of course, you can't trust routers, comms hardware and the software
running them either.

I prefer Stallman's hard line over corporate assurances.

 

[TheMeInTeam]

If you don't trust the apps to do what it says it does

You can't even trust this at the micro level inside civ 6.

Anyway, earlier you said it didn't track browser history, but the threads I read seem to imply the software can pick up on when you look at stuff online in a browser after playing the game, which suggests that it's tracking something along those lines in some capacity.

As for trust, leaving something like this to be discovered by consumers after the fact is a great way to start without any.

 

[Gedemon]

You can't even trust this at the micro level inside civ 6.

Anyway, earlier you said it didn't track browser history, but the threads I read seem to imply the software can pick up on when you look at stuff online in a browser after playing the game, which suggests that it's tracking something along those lines in some capacity.

As for trust, leaving something like this to be discovered by consumers after the fact is a great way to start without any.

As I understand it (but I may be wrong, let me know), at some point you may have followed a link set by the developer in a ad. That link is going through the redshell site which logs it, using the information that your browser give to any site to generate an unique ID.

Later, when you launch the game, the software is sending an ID generated from some of the info listed in OP to Red Shell, and is compared to the IDs previously logged, looking for a match.

it doesn't need to access your browser history at any point to do that.

 

[Chefofrats]

I just received this final email from Redshell:

"Hello,
I am emailing this update to confirm that your opt-out request(s) have been completed."

Hopefully that is true - but at least I can confirm that they do indeed respond to opt-out requests, which is some evidence of their good faith.

 

[Ferocitus]

I just received this final email from Redshell:

"Hello,
I am emailing this update to confirm that your opt-out request(s) have been completed."

Hopefully that is true - but at least I can confirm that they do indeed respond to opt-out requests, which is some evidence of their good faith.

Thanks for following that through. It restores my faith a little and I now trust
them as much as I do Microsoft or Cisco.

 

[Archon_Wing]

Wait, so how do they identify you to not be tracked? What info is required?

 

[Gorbles]

@blackbutterfly

You're free to want to hear it from whoever best pleases you! I'm being genuine here; we all have our own standards around data privacy, and it's completely understandable. I only objected to the rallying call, as that kind of tactic is easy to misuse online.

I do wish you the best with your personal issues - I can see why it's important to you. I'd talk a bit about the NHS but this is not the place

Ah, so people aren't wrong. They're just making arguments that are based on emotion (and thus irrational) and also are biased. I honestly can't see the difference since there isn't much credibility to such an opinion?

See, I don't see any argument in this thread that's an "emotional" one. Might want to think about it why you may have perceived it as such.

I don't need to; I already have thought about it. We all see things differently. I just wanted to explore that, instead of assuming that because I can't see something myself, that it doesn't exist.

It's alright though; that isn't what folks want here, and that's fine.

Oh yes you are: you are claiming everything is above board.
Shows us the source code and I might agree with you.

You're asking me to prove something when you've offered no prove for the original claim, which is what I'm responding to. I'm not saying "everything is above board", I'm saying "nobody has proven how something isn't right, here". Nice try though

 

[Chefofrats]

Wait, so how do they identify you to not be tracked? What info is required?

Your SteamID64.

 

[Ferocitus]

You're asking me to prove something when you've offered no prove for the original claim, which is what I'm responding to. I'm not saying "everything is above board", I'm saying "nobody has proven how something isn't right, here". Nice try though

The accusations aren't all flippant and emotive. Proof, one way or the other
would be easier with the source code.
The company's motives are under suspicion because it chose to use the sneaky,
underhanded opt-out method. It could have used explicit opt-in, but they know
most people wouldn't choose to install more bloated security risks.

Who knows, the longer this drags on the more chance there is that Red Shell will
be known more for their sneaky business practice than for their product. In that
case: Haha! Mission accomplished, comrades!

 

[blackbutterfly]

I do wish you the best with your personal issues - I can see why it's important to you. I'd talk a bit about the NHS but this is not the place

I'm a member of the Labour party and I know very well how the Tories would love to throw the NHS under a bus.

I'm trying to find evidence of a coverup of an earlier (mis)diagnosis. So that is pretty huge. Clinical negligence. Right now there's only been a breach of the Data Protection law by the NHS which doesn't prove anything. But it's much much bigger than 2K's collection of my IP address using Red Shell

TBH I couldn't care less about 2K collecting my data.

Like I said before I got bigger fish to fry...like "we're gonna need a bigger boat" kind

 

[Gorbles]

The accusations aren't all flippant and emotive.

Until actual evidence is provided, or at the very least argued (aside from the emotional "sneaky, underhanded" attempt), then yes, they are.

Though you literally just admitted to wanting to drag the company's name than actually debate the product, so, shrugs

 

[BSPollux]

Who knows, the longer this drags on the more chance there is that Red Shell will
be known more for their sneaky business practice than for their product. In that
case: Haha! Mission accomplished, comrades!

So you don't care about facts? All you want to do is to harm a company for fun?

 

[Kwami]

I just received this final email from Redshell:

"Hello,
I am emailing this update to confirm that your opt-out request(s) have been completed."

Hopefully that is true - but at least I can confirm that they do indeed respond to opt-out requests, which is some evidence of their good faith.

We have no way of verifying that they're not tracking you, though. I'm not sure why anyone is willing to trust a company that exists solely to spy on users and collect data for ads and targeting.

 

[Chefofrats]

Hence "some evidence" in my post. My language was accurate.

 

[Kwami]

If any Windows users would like to block RedShell from reporting on you, then follow these instructions.

1. Open Notepad as administrator.
2. In Notepad, open C:\Windows\System32\drivers\etc\hosts
3. Add the following line to the bottom of the file:

127.0.0.1 api.redshell.io

4. Save the file.

This will redirect all requests to api.redshell.io to your localhost, which means that they never go anywhere, effectively disabling communication to RedShell.

* Some games might not work properly if they can't phone home and I haven't tested it with Civ VI, yet. You might also be interested in blocking "in.treasuredata.com". If these services change their reporting URLs, then you'll be unprotected until you add the new URLs to etc/hosts.

Ideally, enough community pressure will convince game developers that we have no desire to see spyware in our games. So, keep at it! Make sure Firaxis and 2K know how you feel. By all means, exercise every right provided by GDPR.

(Or, if you're totally OK with being spied on, then ignore all of the above.)

 

[God of Kings]

By extension, how can we know that the mac version is not using that tool: there are possibilities to include it in another form than an external DLL

As I said earlier, the Mac App Store version of Civ VI uses Apple's own analytics software, which can easily be opted out.

At least Apple is kind enough to give us a choice to opt out and easily too:

System Preferences --> Security & Privacy --> Privacy --> Analytics

 

[Ferocitus]

So you don't care about facts? All you want to do is to harm a company for fun?

No. I want to watch other people having fun harming them.
I didn't harm them, nor will I. The Reddit thread started this fight.

Moderator Action: It should not be a "fight". This is about letting players know what is going on and allowing them the chance to "opt-out" if they wish. If it is a "fight", it is time to close this thread. leif
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889

 

[Gorbles]

We have no way of verifying that they're not tracking you, though. I'm not sure why anyone is willing to trust a company that exists solely to spy on users and collect data for ads and targeting.

You mention GDPR, but then don't realise that the reason why a company like Red Shell exists is to help companies who don't do data security for a living (like 2K) navigate GDPR legally and in compliance with regulations. There is no application of an argument here, just "I don't know why people have different standards on trust to me".

Not much of an argument, sorry.

"we have no way of verifying what they've told you" is something you could apply to literally any digital service on the planet. If you don't trust them, that's fine, but that's your choice. No need to question why other people choose to place trust in a company where nobody has (still) managed to prove wrongdoing. We're all fully capable of making informed decisions of our own.

As I said earlier, the Mac App Store version of Civ VI uses Apple's own analytics software, which can easily be opted out.

At least Apple is kind enough to give us a choice to opt out and easily too:

System Preferences --> Security & Privacy --> Privacy --> Analytics

Red Shell also provides an opt-out that people have documented in this very thread. Just in case you weren't aware!

 

[Kwami]

You mention GDPR, but then don't realise that the reason why a company like Red Shell exists is to help companies who don't do data security for a living (like 2K) navigate GDPR legally and in compliance with regulations. There is no application of an argument here, just "I don't know why people have different standards on trust to me".

Not much of an argument, sorry.

"we have no way of verifying what they've told you" is something you could apply to literally any digital service on the planet. If you don't trust them, that's fine, but that's your choice. No need to question why other people choose to place trust in a company where nobody has (still) managed to prove wrongdoing. We're all fully capable of making informed decisions of our own.

I'm not here to argue. You're free to blindly trust RedShell or any other company. Frankly, I don't care. For anyone less trusting, I've provided a more sure way of "opting out" of RedShell's spyware services. That's all I wanted to do.

 

[Gedemon]

I'm not here to argue. You're free to blindly trust RedShell or any other company. Frankly, I don't care. For anyone less trusting, I've provided a more sure way of "opting out" of RedShell's spyware services. That's all I wanted to do.

there is no "blind trust" here, just some needed clarifications after some alarmist informations.