hbk314
-
Posts
18 -
Joined
-
Last visited
Content Type
Profiles
Forums
Developer Articles
KSP2 Release Notes
Bug Reports
Posts posted by hbk314
-
-
2 hours ago, Tullius said:
Ehm, yes they do: https://blog.redshell.io/gdpr-and-red-shell-57f9c03b5769 For their fingerprint, they use the IP-adress and an user ID (Steam ID, Xbox ID, etc.), even though they scramble them them using SHA-256.
They are hoping that hashing these personal information makes them not personally identifiable anymore, and that therefore the GDPR doesn't apply anymore. This is a rather interesting interpretation of GDPR.
By hashing it, they're not collecting or storing it. Logically that would be compliant, but we won't really know until the law has been tested in courts.
-
On 6/22/2018 at 5:06 AM, Tullius said:
Looking at Red Shell's homepage: https://redshell.io/home
The problem is the fingerprint, as it allows to identify the user. More specifically, it allows game developers to identify which of their players has clicked on which links (after all Steam games have access to your user name and Steam itself even to your real name, if you bought anything).
This makes this fingerprint personal data and therefore is covered by GDPR, i.e. Squad or any other developer needs explicit consent from the user to be able to use this fingerprinting technique on them. Just think of the fingerprint as an extreme version of a browser cookie, as you cannot delete it and it works across applications.
No. It allows them to identify that some machine somewhere clicked a link and later opened the game, not that your machine or my machine did that. That's all. There's no connection to personal data. It's explicitly not personal information.
On 6/22/2018 at 4:58 AM, Kobymaru said:First of all, they gathered personally identifiable data without my consent. Mind you that a blanked "we gotz all ur data" in the EULA does not constitute consent.
Consent to data collection under the GDPR requires that it's made
- explicit
- can't be bundled with other questions
- can't be used as a requirement to agree to the contract, unless the data collection is inherently part of it (which it's not).
So Take Two is clearly in violation here.
They also cannot forward your data to a third party, but they are. There is Take Two which is selling this game to me and collecting this data (without my consent) and they are sending this data to a third party, namely the RedShell servers (the servers used are here). More information on what is actually happening in this reddit post.
Again, Take two is clearly in violation here. It's "nice" that SQUAD took out RedShell, but I'm afraid that's not good enough. The law has been violated, data has been collected, user rights infringed upon. The only thing that has to happen now is a formal and extensive GDPR complaint. I don't know if this effort is going on somewhere in the community, but will try to figure out how to do this complaint thing and file a formal complaint with my countries data protection agency. I encourage all EU citizens to do the same.
GDPR applies to personal information, not all information. Red Shell collected no personal information, so GDPR does not apply.
-
8 hours ago, gpisic said:
Yes, GDPR means exactly that.
If personal information had been collected by Red Shell, it would have been subject to that, yes.
Red Shell and its stated mission were not in violation of the GDPR, unless someone would like to offer up proof that they were using data for more than they claim?
-
1 minute ago, Corona688 said:
But what, exactly, does it have to send?
It doesn't know your credit card number, name, address, phone number, job, facebook account names, mailbox, contacts, etc. It doesn't even know whether it's legit or pirated. It's got nothing.
Exactly.
All it sends is anonymous analytics and hardware information. That only serves to benefit KSP.
-
54 minutes ago, Lisias said:
The concerning is collecting more than such data, but since now there's a public and legal enforceable agreement for the published data, it's a liability to even try such stunt.
So, yeah, the problem is solved. The value they could extract from such extra data is less that the cost of a single litigation. The risk makes the stunt unprofitable.
The privacy policy is very clear about what information can be collected by the game. It's also very clear that all personal information is acquired by Take2 on a voluntary basis. Additionally, the data sent by Red Shell and Unity has been analyzed, I believe several pages back in this thread, and found to contain no personal information. The concern that the game might somehow "steal" a player's personal information is completely unfounded.
-
6 minutes ago, suicidejunkie said:
That's silly. It can't be currently phoning home when your network is unplugged, but as soon as you reconnect the plug it can start doing whatever it does again, unless you've actively locked things down.
Because that anonymous analytic data and hardware information is really a cause for concern. Oh wait, it isn't.
-
1 hour ago, wblayney said:
This is true, and I hadn't considered direct purchases from Take Two.
I'm a little confused as to why this EULA is applied to Steam products and products that are purchased through Steam's systems, who's data should never need to be covered by TT's policies. Additionally, why does TT need the right to share this data with third parties? If purchases are done through other platforms the payment information should never even need to reach TT's systems and should not be relevant - this applies only to services that deal with purchases in house. And it's not that the user is only providing TT this data if they use that aspect of the service - they HAVE to agree to the entire package when they install the software, so just because the only thing the game collects is non-personal data as far as you know, they have the right (and ability) to collect personal data.
Also, why was the EULA only just updated if these functions are, as you imply, so vital for the operation of the company?
Please, read the privacy policy. It also covers the circumstances in which data may be shared, such as a court order. You've made multiple claims that show a lack of complete understanding of Take2's policies. You can't read the EULA and not the privacy policy, especially if the discussion topic is personal information and other privacy/data concerns.
They don't have the right or ability to collect personal information. It's specifically stated what can be collected by the game. Personal information is collected on a voluntary basis. That does not mean that you "volunteer" your personal information by playing the game as you seem to be suggesting. They're not going to run afoul of their own privacy policy and the law.
The changes were made this year because of the GDPR that went into effect in Europe on May 25th. They now have to list any personal data that could possibly come into their possession and how. There's nothing to suggest that anything has changed operationally. They just have to state it this way to comply with the new European privacy law.
-
1 hour ago, wblayney said:
Take Two mention changes to EULAs and handling of personal data as a potential source of significant financial risk in their business model. They acknowledge that the handling of user data could significantly effect sales and therefore revenue, an effect they experience much more significantly than many other companies due to a "disproportionately higher amount of attention", which I think is a valid observation.
The document combines observations of data handling and data theft within the same paragraph, so I'll quote what I consider to be relevant:
and later on:
the entire document can be found here, and the quotes are taken from page 18, section starting page 11.
While we can't take anything for certainty from this, we can assume that TT consider induvidual and corporate concern over their data use to be a significant risk in their business model, which is very interesting - they do not need to incur this risk, because the collection of these types of data is not necessary for the functions of their products. It is instead a factor they are willing to include despite an acknowledged risk of losses, which leads me to believe they may in some way be profiting or planning to profit off the collection of this data in some way, be it in house marketing gains or the sale of data to third parties, the latter of which is of course more concerning.
(I know these statements cover only the violation of the EULAs and law, but they are important to include only because the existence of these policies provide TT the ability to complete actions that are legally ambiguous)
It's interesting that you read and quoted those pieces, but failed to read, or maybe just failed to comprehend, the privacy policy. You stated "because the collection of these types of data is not necessary for the functions of their products," which clearly demonstrates you don't know what you're talking about. The only personal information that Take2 can acquire is done so on a voluntary basis so they can provide a service to the customer. Tell me how Take2 would be able to process a purchase from me without my name, billing address, email address and payment information. Tell me how I could sign up for a newsletter without providing my email address. How could I utilize technical support without providing them a means to respond to me, whether that be an e-mail address or a phone number? Take2 only "collects" what is necessary to serve the customer's request. None of those activities are required to play the game, so the customer isn't being forced to provide anything that they don't choose to provide voluntarily.
The only information collected by the game is anonymous analytics and hardware information.
Read the privacy policy: https://www.take2games.com/privacy/
-
1 hour ago, LoSBoL said:
Well, unfortunately, no misunderstanding. Before the GDPR there were already stingent rules about publishing photo's and video's (at least here in the Netherlands), but they were mainly effecting professional photo and video-graphers, but now if you publish on YouTube and the likes as an 'amateur', you are liable, if you keep in the confines of private use, there is no problem. Enforcement is a huge issue though, but if someone would like to take the routes, they now can more easily then previously.
I wonder how many more example of legislative overreach there are.
If I'm walking down a street on a public sidewalk and happen to be in the background of some picture, there really should be no issues there, even if I have a problem with it. It's just common sense that people are going to see you if you're out in public. IANAL, but I don't believe minors, at least where I am, get any extra protections as far as being photographed in public. I'll take that over what appears to be the GDPR way.
-
7 hours ago, LoSBoL said:
The ridiculousness doesn't just stop with business entities, I like to make drone stills and video's, and even people taking holiday pictures are in subdued to follow GDPR guidelines, because the moment you take a picture with somebody on it in the background, and you publish it on a photo website or YouTube, you have to have asked the consent of those people, which they can also revoke again as well.
That makes absolutely no sense, so I hope it's a misunderstanding on your part. I know that in the United States, there's no expectation of privacy when you're out in public, so you can't complain about any pictures you end up in. It's different if the pictures are taken inside of someone's privately owned house, for example.
-
1 minute ago, sarbian said:
So all those site that recently started to ask my explicit consent about tracker do it because they suddenly has a change of heart ? And Unity rushing an asset to make the collection optional is also because they woke up one morning and had a revelation ?
I dont say it s not understandable. I say they should ask first. And I said they have too but clearly not everyone agree on that (and the mod decided to bury an unrelated thread here).
I don't even know what you're try to say here. Anonymous gameplay data isn't personal information.
-
2 minutes ago, sarbian said:
My IP is.
And sorry but I consider the exact time where I log in and out of a game a private information that should not be collected in an offline game.
Whether your IP is or not is debatable. Generally, an IP by itself without other identifying information isn't considered personal information. I've seen it stated both ways as far as GDPR goes. Some say it is in all cases while others say it may be personal information. I guess we'll have to see how courts rule on it. But as far as Take2 goes, both Unity and Red Shell don't collect your IP any more, although that may not be totally in effect yet. I haven't checked yet.
You considering log in/out times to be private information doesn't make it legally protected. I think it's perfectly understandable that a gaming company would want to know how much playtime their game is getting.
-
6 hours ago, sarbian said:
How is this voluntarily when some info are sent automatically when the game starts ? I agree that some info are needed to handle a store or forum but the information about when your launch the game, how long your played, your PC config and more are not sent voluntarily at all. The game used to ask you before collecting anything and they removed that switch without mentioning it and even added more information collection.
That information isn't personal information.
-
5 minutes ago, Jimbodiah said:
Yeah, keep dreaming.
Well what was your goal in posting that video?
If you didn't know it was false, you do now.
-
18 hours ago, Jimbodiah said:
This video is a blatant lie based around a quote taken completely out of context. FinalFan also did a good job of summing up the problems with it.
Read the privacy policy: https://www.take2games.com/privacy/
Here's the context of that quote(emphasis mine):
QuoteWHAT PERSONAL AND OTHER INFORMATION DOES THE COMPANY COLLECT?
Personal information is information that identifies you and that may be used to contact you online or offline. The Company collects personal information from you on a voluntary basis. When you submit personal information to the Company, it will usually take the form of:
Registration for Online Services, websites, jobs, products, contests, and special events;
Subscribing to newsletters or alerts;
Posting in or commenting on our message boards, forums, news blogs, chat rooms, or other Online Services;
Purchasing a product or services through our online stores;
Purchasing downloadable content, virtual items, or virtual currency for use with our software and/or Online Services;
Using "tell a friend," "email this page," or other E-Card features;
Requesting technical support;
Downloading demos, programs, or other software;
Participating in polls, surveys, and questionnaires; or
Otherwise through use of our software, including console products, mobile products, and personal computer products, and through the use of our online products or Online Services where personal information is required for use and/or participation.
The types of information collected in connection with the activities listed above will vary depending on the activity. The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use. Prize winners may be required to provide additional information for prize fulfillment....
As you can see, that list applies specifically to information you provide to Take2 voluntarily so Take2 can complete your purchase or place you on a mailing list. As it says, "The Company collects personal information from you on a voluntary basis."
The privacy policy also lists exactly what is collected by the game as well is how data is handled and the limited circumstances it may be shared, such as a court order. I'd suggest that everyone take a look at it instead of allowing themselves to be misled by videos or posts making such baseless claims.
-
On 5/6/2018 at 5:06 PM, Darth C3P0 said:
eh, i guess i was wrong. meant privacy policy anyways
but still i dont really like the fact that they are able to get my information just because I bought their content
You wouldn't be having this misunderstanding if you actually read that whole section instead of picking out a "scary" paragraph out of context. It references "activities listed above," yet you cut that part out of your quote. Let me help you.
QuotePersonal information is information that identifies you and that may be used to contact you online or offline. The Company collects personal information from you on a voluntary basis. When you submit personal information to the Company, it will usually take the form of:
Registration for Online Services, websites, jobs, products, contests, and special events;
Subscribing to newsletters or alerts;
Posting in or commenting on our message boards, forums, news blogs, chat rooms, or other Online Services;
Purchasing a product or services through our online stores;
Purchasing downloadable content, virtual items, or virtual currency for use with our software and/or Online Services;
Using "tell a friend," "email this page," or other E-Card features;
Requesting technical support;
Downloading demos, programs, or other software;
Participating in polls, surveys, and questionnaires; or
Otherwise through use of our software, including console products, mobile products, and personal computer products, and through the use of our online products or Online Services where personal information is required for use and/or participation.
The types of information collected in connection with the activities listed above will vary depending on the activity. The information we collect may include personal information such as your first and/or last name, e-mail address, phone number, photo, mailing address, geolocation, or payment information. In addition, we may collect your age, gender, date of birth, zip code, hardware configuration, console ID, software products played, survey data, purchases, IP address and the systems you have played on. We may combine the information with your personal information and across other computers or devices that you may use. Prize winners may be required to provide additional information for prize fulfillment.There's the full context. As you can see, "all personal information is collected on a voluntary basis." That means you have to provide it to them by filling out a form, likely associated with one of the activities on that list. If you keep reading the privacy policy, you'll see that it lists what data may be collected by the game. It also states what data is used for and the limited circumstance where personal information may be shared, such as a court order.
Long story short, this is much ado about nothing. This is caused by ignorance and misunderstanding. It then snowballs when people get mislead by out of context quotes and just buy into it without doing their own research. It's unfortunate, but the facts are clear. The game isn't spyware. It doesn't collect personal information. The company isn't selling its customers' private data. I suggest everyone take a look at the privacy policy: https://www.take2games.com/privacy/#3
Unity Analytics and the GDPR
in KSP1 Discussion
Posted
From my limited understanding, it seems like they're doing what they can to make it as hard to reverse as they can.
Perhaps they have an ad link on a review site or Youtube video review and get clicks that way? I get where you're coming from, though.