Gaming Companies Remove Analytics App After Massive User Outcry

An anonymous reader writes: "Several gaming companies have announced plans to remove support for an analytics app they have bundled with their games," reports Bleeping Computer. "The decision to remove the app came after several Reddit and Steam users noticed that many game publishers have recently embedded a controversial analytics SDK (software development kit) part of recent updates to their games. The program bundled with all these games, and at the heart of all the recent controversy, is RedShell, an analytics package provided by Innervate, Inc., to game publishers."

The app is intended to collect information about the source of new game installs, and details about the gamer. Following a massive user outcry in the past two weeks, several game makers have given in to pressure and are removing this SDK. Game makers and games who announced they were removing RedShell include Bethesda (Elder Scrolls), All Total War games, Warhammer games, Magic the Gathering Arena, and more. [This Google Docs spreadsheet and Reddit thread have a list of games containing RedShell.]

Not exactly new

Lots of shitty devs have been sending usage data back for years.

Even Volition, which is otherwise a pretty cool dev, have openly admitted tracking stuff that happens in SINGLE PLAYER games, boasting about kill counts and miles driven in Saints Row games.

This is why I've never connected my xbox to the internet, and always turn my wifi off when playing games.

Fuck any developer who sends data from my computer to their servers without my consent.

Volition recently had to fire 100 employees because their last game tanked: good. I hope they go out of business.

Re:Mobile

[Dutch+Gun]

As a game developer myself, gameplay-related analytics are incredibly valuable. That is, metrics that tell game designers about how the player progressed through the game in various ways. I'm currently writing my own system that measures this data in pre-release versions of the game. Done correctly, this only identifies the users as an opaque and anonymous GUID, and doesn't store any personally identifiable information. That is, it has nothing to do with marketable information, but is just used to help improve the game during development.

But seriously, to hell with all these companies that think they have a right to slurp up all your personal information, just because. I think a lot of them seem to believe it doesn't hurt the user, so why not try to earn a few extra bucks via some hidden API. But every time something like this happens, it erodes the trust of users. It's just not worth it.

Re:Mobile

[Xest]

It's not that I don't hear what you're saying, it's that I'm not sure how we make it a practical reality.

This is a classic scenario of if you leave the door unlocked does that make it okay to rob someone? Sure it means the home owner is asking for it, but it doesn't make the act of theft in itself legal or something that's acceptable. We should still act against people committing theft regardless.

So what you're effectively arguing is that rather than dealing with people acting illegaly, or at least in an anti-consumer manner, that it's upto every single internet user to become a technical expert in configuring and managing their firewall such that they explicitly whitelist every bit of outbound comms no? Even if we make that easy with a simple Allow/Deny dialog, then surely you realise companies will just exploit it with confusing names like "Important Windows System Analytics needs to access the internet." right?

That's really my point here - that yes, we need to get users back in control of their systems, but how do we do that in a practical way? and whilst we're trying to do that, I don't think that means that we shouldn't try and make vendors themselves more responsible.

At the end of the day a router blocking unsolicited inbound comms is still a firewall and people moving to this kind of firewall as standard was one of the single most important improvements in internet security in the history of the internet. The days of people being directly exploitable as is the case now were far worse, and even here we at least have anti-malware software to try and block the circumstances you describe. The biggest problem with it is the combined refusal of anti-malware vendors to treat analytics and/or spyware from "respectable" companies as malware which is really the problem here - if Redshell was reasonably flagged up as malware by anti-malware vendors because it's at least as intrusive as some of the things that real actual flagged malware like various tracking cookies that do get flagged track, we wouldn't even need to have this discussion as games developers wouldn't use it due to their software being permanently flagged as malware when a user attempts to install it.

If you do have a practical proposal that involves your average joe being both able and willing to whitelist or block all outbound comms I'd genuinely be interested to hear it, but otherwise the best we've got is to call out companies doing bad things with software and to pressure them to change.