RedShell! Spyware?!

Recently, people have discovered that Vermintide 2 uses a spyware tool, called RedShell.

What is it?

From their main website: “Red Shell is a software package used by game developers and publishers to help them measure the effectiveness of their marketing campaigns. It works by tying information from marketing campaigns to in-game play.”

Does it collect personal information?

Main website again: “No. Red Shell tracks “device” based information about your computer. We do not collect any personal information about gamers. We don’t collect names, emails, or addresses. Our service basically says “this computer clicked on a link from this YouTube video and the same computer played your game.” We have no interest in tracking people, just computers for the purposes of attribution. All of the data we do collect is hashed for an additional layer of protection.”

Problem, no one consented to having their information tracked by the tool. Also I am sure this violates the GDPR.

Source:
https://redshell.io/gamers

What does everyone think about this, should they remove it?

2 Likes

Also it seems the only you can opt out is by going here https://redshell.io/optout

[Fatshark] Hedge:

In short, it allows us to track if an ad has been clicked in an environment (in this case: your PC) and track if that ‘environment’ has proceeded to launch the game at a later time. We can glean from that if an existing ad is effective (or not). We (nor Red Shell) do not get any personally identifiable data on any users through the use of Red Shell. It does not allow or enable us to reach you individually to serve you ads. It genuinely does not want to know who you are and what you like, do not like, what other games you play. It is simply a tool that allows us to see if a marketing campaign sold any games.

You can find more here:
https://redshell.io/gamers

You can opt out of Red Shell here:
https://redshell.io/optout

You can find out more about Red Shell (including how it handles your IP) and GDPR here:
https://blog.redshell.io/gdpr-and-red-shell-57f9c03b5769

One can request the data Red Shell holds on them as per GDPR here:
https://redshell.io/privacy-policy

Also from [Fatshark] Hedge:

“IP addresses are obfuscated and hashed, and neither Red Shell nor ourselves see those or have them on record. Red Shell holds no Personal Identification Information on our users.”

Me thinks this is no bueno.

2 Likes

Why would FS even need RedShell? I don’t recall them doing that much marketing.

And yes, I am also pretty certain it violates the law, but the only way to prove that is court. And no one is going to go to court because of just “yet another tracking service” - that’s the problem with GDPR and other such laws.

Maybe if we ask real nicely, they will reconsider.

“Real nicely” you mean? :face_with_raised_eyebrow:

But for now I found the solution, though that’s likely only temporary.

1 Like

Well, that is really disappointing. I cant recall agreeing to this when purchasing a game they produced at all.

2 Likes

I can understand the outrage when reading the posts circulating on Reddit, but Red Shell isn’t “spyware.” It’s a tracking cookie and an associated library that companies add to their game in order to check if that cookie exists.

The exact same thing can be, and is, done via Google Analytics. Google actually has an official library for that for Unity (and other engines I’m sure).

I’m extremely privacy-conscious (read: paranoid), but I see little reason for concern here. If you’re using uBlock Origin or another ad blocker (and you should), it’s possible that you’re already blocking their cookie. If not, I’ll post the opt-out link again for visibility:

https://redshell.io/optout

Just curiosity but doesn’t that only opt you out of non-game-based-tracking?

‘‘To opt out of game-based tracking please email us directly at privacy@redshell.io’’

Spyware: Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.

Cookies: A cookie is a small text file saved on your computer that is used to store information about your computer and the site you’re visiting. A cookie does not keep track of every website you visit or log information you enter into a website.

Unlike spyware, a cookie cannot track everything you do. It will not make your computer slow, will not generate more advertising, and will not affect your computer’s performance.

Source: https://www.computerhope.com/issues/ch001067.htm

Redshell: No. Red Shell tracks “device” based information about your computer. We do not collect any personal information about gamers. We don’t collect names, emails, or addresses. Our service basically says “this computer clicked on a link from this YouTube video and the same computer played your game.” We have no interest in tracking people, just computers for the purposes of attribution. All of the data we do collect is hashed for an additional layer of protection.

How do you think Red Shell is able to track “device”, whatever that is alluding to, based information.

If you opt out of the web-based cookie, which is what marks your computer as having seen a marketing campaign, the game-side of it (which checks to see if you have the cookie) kinda becomes meaningless. FS could still opt to track in-game events (e.g. reached level 20, played for 100 hours, etc.) or DLC purchases, which again would only be tied to an anonymized userid variable (e.g. userid#178SA7DA721) that has little connection to you. But I suspect they don’t do this since they have unfettered access to anything done in the game already.

Reading Red Shell’s Privacy Policy reveals that disabling the game-based tracking involves contacting them because they need to disable each specific device you opt out on. When you email them, they’ll likely need the same information they use to “fingerprint” devices – 2 or more of the following: IP, OS, browsers installed, fonts installed, screen resolution, user string (i.e. the generic browser type sent to servers for every HTML request on every page you’ve ever visited) – so that they can locate the userid associated with your computer and disable it. Opting out works across all games for that device.

As mentioned in their privacy policy and in the documentation, game developers can use 1 or more of the following data points to create an anonymized user id via the in-game API: IP address, SDK version, anonymized User ID, timestamp, Developer API Key, OS version, screen resolution, timezone, system language, installed fonts, installed web browsers, and in-game events.

The more players you have, the more data points you’d likely want to use so you’re sure that each user is being given a unique id. Ultimately though, this stuff is anonymized away. As far as I can gather, this is, at worst, equivalent to Google Analytics (except neither FS nor Red Shell have any idea of what sites you browse except for the ones serving their ads).

Interesting.

Please FS remove Red Shell, that is all.

5 Likes

Well can’t blame them for the low effort alpha they released, gotta make sure spying on your customers is secured first.
Gotta make sure no ones “cheating” to get a maximum of control over the customer. EA style.

3 Likes

What ads is FS even running? I haven’t seen any V2 trailers pop up on youtube or twtich and those are the two sites I’d think would be most likely to host an ad. Sounds more to me like FS is collecting and selling marketing info on their customers for some extra cash.

1 Like

What marketing info exactly? That someone got level 30 on Bardin? Again, everything is anonymized for FS (you, Morbidmind, are something like user#182HZGA6123 and that’s all you’ll ever be!) so there’s nothing for them to sell.

My only wish is that they’d have side-stepped Red Shell and just implemented Google Analytics (truthfully a much more scary system, since Google can, and does, track users across the entire internet and literally sell marketing information and ads) so that they could have avoided this whole hubbub.

It is simply a tool that allows us to see if a marketing campaign sold any games.

Really? How many copies were sold? approx. 1 million?
How many people are
playing? 6-10k?

I guess your marketing campaign was succesful.

Why the hell should I contact a advertising company through email and provide additional information to opt-out of tracking, especially after never having been told about it in the first place ? - my data is my data. PERIOD.

Love your game. Really. But I also hope this action backfires hard. (Steam Reviews again?)

4 Likes

FFS Redshell is not Spyware and the only “data” they have on you is an anonymized user ID that’s generated from system details, the closest it gets to personal is a public IP which isn’t much but they don’t see even that. Just all gets used to generate the ID, which can’t be reversed into information.

You shouldn’t bother contacting them to remove stuff, because you’d be voluntarily handing over actual personal information that hasn’t been anonymized, so if you’re concerned about them having your data…

I’m glad they used Redshell because it’s probably the least invasive way to track marketing campaign effectiveness.

Spyware: Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.

I think that once they have your data, they have it.
And you’ll never know what exactly they keep and how.
And you’ll never be able to check if they really “anonymize” it.
And if they say they “anonymizing”, it means the data at the source is “clear”.
And I never saw a popup telling me something like this was going on. (but I never read the contract papers, so if written it’s my fault)
And I could not choose that my data was going to be used by 3rd parties.
Does redsheeps always work or only while the game is running?
Exactly what is it collecting (I don’t care about what they say)? How does it work? Someone wrote, it’s a cookie, but if so, why a service is needed?
Probably nowadays it’s a trend but I didn’t expect it from an indy software house, maybe it’s the fee to become mainstream.

3 Likes
Why not join the Fatshark Discord https://discord.gg/K6gyMpu