Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Stats Businesses Software Games Entertainment

Gaming Companies Remove Analytics App After Massive User Outcry (bleepingcomputer.com) 232

An anonymous reader writes: "Several gaming companies have announced plans to remove support for an analytics app they have bundled with their games," reports Bleeping Computer. "The decision to remove the app came after several Reddit and Steam users noticed that many game publishers have recently embedded a controversial analytics SDK (software development kit) part of recent updates to their games. The program bundled with all these games, and at the heart of all the recent controversy, is RedShell, an analytics package provided by Innervate, Inc., to game publishers."

The app is intended to collect information about the source of new game installs, and details about the gamer. Following a massive user outcry in the past two weeks, several game makers have given in to pressure and are removing this SDK. Game makers and games who announced they were removing RedShell include Bethesda (Elder Scrolls), All Total War games, Warhammer games, Magic the Gathering Arena, and more. [This Google Docs spreadsheet and Reddit thread have a list of games containing RedShell.]

This discussion has been archived. No new comments can be posted.

Gaming Companies Remove Analytics App After Massive User Outcry

Comments Filter:
  • Not exactly new (Score:1, Interesting)

    by Anonymous Coward

    Lots of shitty devs have been sending usage data back for years.

    Even Volition, which is otherwise a pretty cool dev, have openly admitted tracking stuff that happens in SINGLE PLAYER games, boasting about kill counts and miles driven in Saints Row games.

    This is why I've never connected my xbox to the internet, and always turn my wifi off when playing games.

    Fuck any developer who sends data from my computer to their servers without my consent.

    Volition recently had to fire 100 employees because their last gam

  • Unity Analytics (Score:2, Informative)

    by Anonymous Coward

    Not RedShell, but the Unity engine also offers integrated analytics:

    https://unity.com/solutions/analytics [unity.com]

  • by pchasco ( 651819 ) on Sunday June 17, 2018 @08:36PM (#56801044)
    Try to find a mobile game that isnâ(TM)t using Game Analytics SDK or the like. It wonâ(TM)t be as easy as you think.
    • Re:Mobile (Score:5, Interesting)

      by Dutch Gun ( 899105 ) on Sunday June 17, 2018 @08:53PM (#56801100)

      As a game developer myself, gameplay-related analytics are incredibly valuable. That is, metrics that tell game designers about how the player progressed through the game in various ways. I'm currently writing my own system that measures this data in pre-release versions of the game. Done correctly, this only identifies the users as an opaque and anonymous GUID, and doesn't store any personally identifiable information. That is, it has nothing to do with marketable information, but is just used to help improve the game during development.

      But seriously, to hell with all these companies that think they have a right to slurp up all your personal information, just because. I think a lot of them seem to believe it doesn't hurt the user, so why not try to earn a few extra bucks via some hidden API. But every time something like this happens, it erodes the trust of users. It's just not worth it.

      • by AHuxley ( 892839 )
        How good can a beta game communicate about its conditions in a modern OS? Windows 10? Linux? Mac?
        CPU heat? GPU heat? CPU/GPU throttling? Networking speeds? RAM amount/use by OS/game? Age of motherboard?
        What is the most interesting part to making a new game work well for most users?
        Did the beta stats show some really interesting ways a new OS like Windows 10 got used with an old CPU, new GPU? New CPU and new GPU? Ram amounts? 16 gb? 32 gb? 8 gb?
        Does code created have to really take a
        • Re:Mobile (Score:5, Informative)

          by Dutch Gun ( 899105 ) on Sunday June 17, 2018 @11:54PM (#56801578)

          I don't really care about any of that sort of hardware profiling. If I want to look at general hardware tends, I just look up the Steam Hardware Survey.

          Rather I'm talking about recording and analyzing data-points about the gameplay itself. For instance, I log every significant event as the player goes through the game. The player's location in the world over time, enemies killed, times died, when they switched weapons out, and so on.

          The point of all that is to help me to balance the game better. For instance, if I see a huge spike of deaths at the third boss in the game, I know that maybe it's a bit too difficult, and should be toned down a bit, or perhaps I need to telegraph hints about how to beat it more clearly.

          And again, this is only really useful in beta versions, while I can still make adjustments to the game's balance before the game's final release.

          • Sounds like the kind of data that would be needed in a game save file to maintain the world state.

            • That's a great analogy. You could certainly think of the in-game telemetry as basically a save game, but recorded over time with game time and player position associated with each event as it occurs. It's not exactly the same data as a save game, of course, because there's a bunch of internal state I don't care about and don't bother to record, but the principle is the same.

      • by Da w00t ( 1789 )

        I'm pretty sure Valve has gameplay-related analytics for their games, e.g. "What part of the map did the player die in the most often" to show poor level design in play-testing, not sure if it made it into the release game or not. That's one kind of analytics that I'm fully in support of. None of this "you have IDA pro running, you can't play video games" crap.

        Here's an article: https://www.pentadact.com/2007... [pentadact.com]

      • I feel for you. Unfortunately, I think most people who read your post are going to see "analytics are incredibly valuable. Metrics tell about the player. This identifies the users and stores personally identifiable information"

        You might find the following article interesting: Fractured Space - Analysing our Free Weekend [gamasutra.com]

    • Mobile games tend to be free and rely on ads. So it's expected there. But for a $60 game the developer really shouldn't be trying to squeeze a few more pennies out of you.

  • by Anonymous Coward

    In case you didn't want to RTFA.

    Be aware that Unity, a popular game engine, bakes analytics into the game at compile time.

    • Unity's analytics are about what you do in the game. Such as where you walk, where you die, where you kill stuff, what weapons you're using and so on.

      Redshell's analytics record what else is installed on your system as well other information about you, personally.

      They're really not equivalent.

    • by pots ( 5047349 )
      Thank you, I try to call attention to this whenever I can. You can not make a Unity game which does not spy on your players.

      Frankly, this outcry over RedShell is probably not going to do anything. It's too specific, limiting itself to this one implementation of spying instead of calling out spying in general.
  • They'll just do this again when people aren't paying attention. Maybe next time they'll hide it well enough that it won't be discovered.

  • by Anonymous Coward

    HDHomeRun calls home every 10 minutes uploading a complete list of available channels and device information including internal IP address of HDHomeRun devices.

    All data is unencrypted and transmitted entirely in the clear.

    HDHomeRun operates an API ipv4-api.hdhomerun.com that is not in any way encrypted, secured or CSRF protected. It can be called by any website to fingerprint owners of HDHomeRun devices on their network.

    Attempting to block HDHomeRun from calling home by blackholing DNS entries results in H

    • by jtara ( 133429 )

      CSRF is irrelevant for IOT devices and native apps, and cUrl, etc. They are not browsers, and it's the popular consumer browsers that enforce CSRF. CSRF is a crock.

      We can't guess whether you are referring to: the HDHomeRun devices, their mobile native apps, or their browser interface, because you didn't say.

      But, yea, nobody should be using http: any more and end-running DNS black holes is uncool.

      If you have proof, and it's like this on iOS, let Apple know. Google don't care.

    • HDHomeRun calls home every 10 minutes uploading a complete list of available channels and device information including internal IP address of HDHomeRun devices.

      In a well-engineered system, this would be excusable. In order to obtain an HTTPS certificate for a device on a LAN that the web browser on each of the end user's devices will trust, an internal device needs its own fully qualified domain name (FQDN). To obtain a FQDN, a device would need to upload its internal IP address to some DNS service, be it a dynamic DNS service operated by the device's manufacturer or the zone host of a domain that the end user owns. The latter may cost $15 per year, or $75 over th

  • There is a difference in analytics when it is about personally identifiable information, about other apps/games, and when it is about how a user/player is using this particular app/game. The later is legit, what available features / weapons are being used, what player mechanics are being used, etc. That helps better design future features and apps/games. Also legit would be non-identifiable information about the hardware, what generation CPU, what generation GPU, how much RAM, what operating system ... basically the system requirement type information. This helps designers anticipate when they can update content, graphics, etc to take advantage of more advanced hardware. Again, all this collected in a non-personally identifiable way.
  • by Anonymous Coward on Sunday June 17, 2018 @09:28PM (#56801200)

    I remember back in the day DOOM from ID software (the one with the flashlight problem), came with starforce (the usual DRM back in the day) along with checking to see if cloneCD or other cd cloning software was installed. Long story short, damn game had lighting problems, DRM backdoors, and was harassing me about legitimate software on MY OWN MACHINE. The gall, the absolute gall for some goddamn game to tell ME what I can install or not install on my own machine....That did not go over well, that put me on the path of becoming a nemesis fighting them for the wrong they had visited upon me and my precious machine.

    20 years later and I am only now just starting to purchase games again. For those 20 years though, I was only using the piratebay to get my games as copies, ironically because a legitimately purchased game had put odious restrictions on (like needing the physical cd, cd key, drm installed, etc etc) whereas the pirates had produced a superior version that loaded faster, had the lighting problem fixed, did not require a cd or cd key and did not install DRM modules or check what software I had installed.

    If these companies really want to create a legion of people like me who righteously tell game companies to go fuck themselves, then they are on the correct path to a gamer revolution where the outcry and loss of sales will hurt them pretty badly.

    I see cable companies as doing relatively the same thing, they had a monopoly more or less for so long and it was so profitable that they became total assholes, putting in advertisements after we already paid for the cable, bundling shit, etc etc etc. The end result? We now have a 27% decline in tv viewership and the term 'cord cutter' has entered the popular vernacular. Game companies seem dead set on copying those results.

  • Both are absolutely essential for spotting 1) problems in the software and 2) identifying features not used. I've consulted across Australia and not one company allowed PID to leak into the logs. I was an expert implementer but not beyond that. It may have been PCI compliance which was under the whole thing. It's not as nefarious as the tin foil hats would would lead you to believe.

    • by sinij ( 911942 )
      As a consumer, I don't care for your "absolutely essential". I am not your beta tester. I am not your focus group.

      When you install invasive tracker on my PC and your explanation is "trust me, we are not using all of its features"... fuck you, and fuck the horse you rode in on.
  • The OP claims,

    "The app is intended to collect information about the source of new game installs, and details about the gamer."

    But hang on a moment... if the game is being installed via Steam [and, it has to be packaged up by Steam for delivery from their infrastructure], all of that information - and more - is available directly back to the game developer via Steam themselves. Those of us who play games via Steam know this "going in".

    And as this page [redshell.io] shows, one of the ways that RedShell works is t
    • by Torvac ( 691504 )
      while googles tracking is widely accepted, any 3rd party tracking mechanism that suddenly pops up and tries to establish outbound connections is not. especially without any notification. yes, a simple "this game will send telemetry ..." and a simple op-out box would probably do. but if you know product owners they just dont care about stuff like this until it falls flat.

      the link between browser and game ID is the main problem here. its too intrusive. but it is needed for publishers to track affiliate adv

  • Telemetry: I think as developer I need to gather this metric to make sure I didn't make this level to difficult and deter users in the future.

    3rd party Analytics SDK: You want to know about your users? We can tell you about your users. We collect all the things and serve it up to you. Want to know what they named their first born? We got that! Want to know if users passed that difficult level? We got that too!

    I remember installing Google analytics a few years ago to find out some information about a new pag

    • Telemetry: I think as developer I need to gather this metric to make sure I didn't make this level to difficult and deter users in the future.

      This is what focus groups and play testing are for.

      I remember installing Google analytics a few years ago to find out some information about a new page we added to a customer's website. We had our suspicions that the customers weren't seeing it. I was not at all interested in the intricate details of every browser, screen resolution, operating system, how long they stayed, and what they clicked it. It was all given to me anyway.

      Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs. People can't be bothered to take the time to understand their users so they hide "telemetry" without regard for customers wishes and consequences.

      • This is what focus groups and play testing are for.

        Indeed. It's a great way of finding out what focus groups are good at. Interestingly have you ever seen a focus group, or a beta tester? The kind of people who participate in these events hugely skews the results which is one of the reason why the industry is trying towards telemetry.

        Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs.

        Not quite. One man's lazy is another man's more cost effective service. It just goes with the whole general global theme of outsourcing or building on the work of others. The problem is those "others" who provide you a service

        • Indeed. It's a great way of finding out what focus groups are good at. Interestingly have you ever seen a focus group, or a beta tester? The kind of people who participate in these events hugely skews the results which is one of the reason why the industry is trying towards telemetry.

          Creating a focus group that isn't representative of your customer base is a rather counterproductive endeavor. Play testers are there to find issues not take the place of a focus group.

          Laziness is really the point here isn't it? You're too lazy to install a stats package and parse your own access logs.

          Not quite. One man's lazy is another man's more cost effective service. It just goes with the whole general global theme of outsourcing or building on the work of others.

          A lot of it also has to do with economics. I was at the time doing quick work paid by the hour. Copying and pasting a paragraph of Javascript ultimately was far more effective for the client than paying to screw around with stats packages and setting up specific targeted telemetry. The client's users be damned.

          All I'm hearing in these remarks are justifications for laziness. An attempt to externalize your costs without regard for consequences simply because it is easier for YOU.

          Well guess what the free ride is nearing an end. Privacy legislation and consumer awareness is increasingly piling up against you. With each day that pa

      • by tepples ( 727027 )

        Apart from the fact that the skill sets of people who regularly participate in "focus groups and play testing" are unrepresentative: Is there a good way for a smaller studio to pay for thorough "focus groups and play testing", particularly before it has two games' worth of sales revenue?

      • This is what focus groups and play testing are for.

        The people who will participate in focus groups and play tests are not representative of the public at large. They are supposed to be, but that never really happens.

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...