SayNoToRedShell
Members-
Posts
6 -
Joined
-
Last visited
Content Type
Profiles
Forums
Developer Articles
KSP2 Release Notes
Everything posted by SayNoToRedShell
-
Kerbal Space Program 1.4.4 and Making History 1.3 launching today!
SayNoToRedShell replied to UomoCapra's topic in 2018
Much respect to Squad/TTI for listening to the feedback of it's players, and removing RedShell. Thank-you to everyone who used their voices to create change. It's a powerful message. This means goodbye for me. Cheers, everyone. -SNTRS -
If this person is from the EU, you are required by law to delete the account, not just "restrict it from posting". Reading the above makes me believe that you offer zero functionality for deleting accounts. If that is true, this is another violation KSP/Squad/TTI is committing against the GDPR, regardless of this specific case. You must provide erasure for EU citizens, and should probably in good faith offer it to all users. I really suggest you guys get your act together, and allow users to delete their accounts among fixing other GDPR violation issues you seem to blatantly ignore. Article 17 A forum account is considered personal data because of two factors: Anything with a unique identifier ("handle") is considered PII The account is linked to an e-mail address, which is PII In this specific case, the user has also identified that he has attached his name and city of residence to the email/account, thusly becoming PII even if the above two reasons were not enough. It is applicable under the following grounds: None of the exemptions apply in this case. The data subject has removed their consent, revoking 1(a) as a defense to continue processing Users do not require a forum account to play KSP, and is not a contractual obligation thereby revoking 1(b) exemption 1(c) is revoked, due to the same reasons as 1(b) 1(d) is revoked as there is no vital interests being protected by maintaining the account 1(e) is revoked as Squad/TTI are not providing services for public interest or official authority 1(f) is revoked as the interests, rights and freedoms of the data subject outweigh the interests pursued by you, as has been explained Further readings: I recommend you guys and gals take a quick browse through the GDPR, get aquainted with it, maybe pass it along to your legal team? Hammers are going to begin dropping, best get in front of this before its a PR mess combined with a hefty fine. Cheers, Your friend - SayNoToRedShell
-
I only brought the point up as another user said that everyone should just castrate Red Shell and not bother with public forums and such. I was illustrating that not everyone is as technologically savvy, and without the forums many users would not be aware of Red Shell, let alone know how to disable and/or remove it. Your post is another reason why forums are important. Thanks for sharing another method for removing Red Shell.
-
1) It doesn't need to go through a legal system. Squad just needs to pony up to the task. But, I would concede that yes - this is best fought from both fronts. Plug it at the source indeed. Also, raise hell about the source. Two fronts are better than one, can we agree? 2) I suggested a compromise because that's how progress is generally made. Through concessions. I can understand from a companies point of view why they want to know crash analytics, source of installations, etc. It doesn't need to be all or nothing. Some people may be comfortable sharing more than others are. All I want is transparency and a reasonable amount of control over my data. Things like crash anayltics I have no problem sharing with a game developer, given I can purge it of PII and only provide what is necessary. This is a two-way street. Also, please keep in mind what is "easy to do" to you, is not easy to everyone. 3) Perhaps I took your words too literally. It sure sounded like you said exactly: Which really reads like "why bother making noise now, let it happen". But if I'm wrong - awesome. Other than quietly blocking access, what do you suggest? Everyone is provided with a free CS course and instructed on how to search for and block these SDK's? I'm quite handy with computers, but I don't think I have the technological means to spot Red Shell - the only reason I found out about it was from forums, the very thing you say is ineffective. It's only because of the forums that I was able to find out something was wrong, which let me do research and figure out what to do to stop it. In fact, it was a forum that shared with me how to block Red Shell. Without all this noise, good chance people wouldn't have found out. This thread is proof that going to the forums makes a difference. Already people have said that they've decided to block it - thanks to instructions laid out on in this thread. Not everyone has the technical know-how or awareness to know that it's been happening for years, let alone the savvyness to stop it in its tracks. The companies get away with it because only those with either an education or intense passion in computing have found out about it and until recently, no one believed us. Thanks to forums, and a loud voice, those who never knew are now able to fight back. Thanks to the foums, people are now able to just "stop giving them your data". ------------------------------------------------------------------------------------------------------------------------------------------------------------- It seems like we're getting caught up in a debate of "what is the best method to combat this". I don't know why it has to be a zero-sum game.... Do it all. Stop giving them data by whatever means are available AND make noise about it so that others - who may not be is smart with computers as you - can learn what they can do. All the while putting public pressure on the company, which has time and time again worked. We're all on the same side here. Except Squad. Squad is on the other side, and remaining quiet about it.
-
Thank-you for allowing the discussion to be had at least, I will take it as a sign of good faith that my post was not silenced off the hop. This moniker will only exist until the issue is sorted out, so no confusion will be had. I'm a bit dissatisfied that my post will now be harder to find, due to Red Shell being removed from the title and my post being buried halfway down a thread - where people are less likely to read - rather than being the first post. However, progress is progress. Let's get an official word on Red Shell, let alone the implications it has concerning GDPR compliance. Effort is better spent discussing the issue like adults, and landing on a solution that benefits both the end user and the company. Such as full disclosure of what is tracked, giving users the ability to opt-out, anonymizing data, secure transport of data, not collecting beyond what is necessary, etc. Company keeps the analytics they require to make the game work, user gets to be involved in the choices that affect them, company gets good press. What logical gymnastics is this? "They've been violating our privacy for 10 years, so why are you mad, just let it keep happening." Hello?! 10 years ago, people weren't aware of the extent of the data collection, if they were aware at all. The big problem isn't that a single company is doing it. The problem is that the net is so wide now that everything is swept up and amalgamated with other information from other data brokers. 10 years ago, the technology wasn't there to geolocate your photo via AI, match it with some facial recognition, combine that with your contacts list, gaming habits, IP addresses to create a dossier beyond what George Orwell ever imagined in his book. Companies you've never heard of are able to predict your movements, know your sleeping habits, predict health risks. Oh, and now "pre-crime" AI is being rolled out...JOY. And guess what? The data that Red Shell collects is another piece of the puzzle. Another data point to parse. The laws were unclear, misinformed or non-existent 10 years ago, now we have a solid backbone in the form of the GDPR as well as other North American data privacy initiatives. This is what happens when people wake up to whats happening around them. I'm making noise now because I was in no position to make noise 10 years ago. Now I am. And I'm going to make noise, company by company, product by product, app by app. It's not just KSP - its a global issue. But we have to start somewhere. Every developer who turns the page and realizes the damages caused by the analytics-net they've cast and in turn becomes more transparent (even if they continue to collect data, giving the user the knowledge that they are) is a global win. Eventually these small developers, sands of grain in comparison to the giants like FB - if enough of them start respecting privacy, the castle will crumble. One grain of sand at a time. That's why I'm here. I have faith in Squad. I have faith in KSP. I have faith in the community. This is a stepping stone in a much wider issue - but that doesn't make it any less important. This is all connected. So, Squad, please stop vacuuming up all the data you can and instead only focus on the data you need - while telling your paying customers what your collecting and why - and give them an option to opt-out of any unnecessary data collection. Better yet - let the users who don't care about privacy opt-in to the collection of personal data.
-
Moderators in charge of approving this post or not... I ask that you allow this discussion to flourish. Although it is critical of KSP, it's in the best interest of everyone involved to at least let this discussion be had. If you don't want this discussion to be had on the KSP forums, it can be brought elsewhere. I urge you to think about how it will be perceived if you block this post - it will only serve to add fuel to the flame. It'd be best if we can have a grown-up discussion about Red Shell. I've got 300+ hours in KSP. Unknown to me, my "gaming persona" has been fingerprinted and other data siphoned off by the Red Shell spyware which is present in KSP (and a number of other games, not just KSP). Bleeping Computer has recently posted about Red Shell, with a full list of games which the spyware is included. 16 games and their developers have realized the mistake that Red Shell is, and have either removed it or pledged to remove it in upcoming releases. Will the developers of KSP stand up and remove Red Shell? Will they sit in silence, and pretend this issue doesn't affect them? Let's find out how KSP cares for its community. ------------------------------------------------------------------------------------------------------------------------------ I'm here to ask that the developers remove Red Shell. TLDR: Red Shell is spyware. It tracks a variety of personally identifiable information (in violation of the GDPR) including IP addresses, browser versions, operating system, screen resoultion, etc. The combination of information it collects is enough to "fingerprint" a single user, and begin tracking them web-wide. This is especially true when this is combined with other data streams such as Facebook, Google, or the hundreds of independent data brokers who make a living selling your personal information. Giving KSP the benefit of the doubt, we can hope that KSP is using Red Shell only for tracking the source of installation. If this is true - give us the option to opt-out after KSP is installed. ------------------------------------------------------------------------------------------------------------------------------ I'm here to ask that the passionate gamers, who want to play a game rather than be a product for a data hungry unknown party, stand up for their privacy. It's a weird world we're in already, we don't need the games which we pay for compiling "device-based information" for whatever use they see fit. Red Shell's website dresses it up in nice playful terms and expertly downplays the stranglehold which SDK's like this can maintain on a device. Although Red Shell claims not to track any personal information, this information above is way more than enough to individually identify users. This information is enough to track you around the web, if you aren't taking opsec precautions (who would bother, when playing KSP?). Other companies have claimed that they only use Red Shell to track the source of an installation. If that was true, how come so many developers are now removing Red Shell due to public outcry? How come Red Shell needs to continuously track all of the above after installation? In another brilliant move by Red Shell, they side-step this exact issue on their FAQ (says something about a company, when they need to claim they aren't spyware in their FAQ): Emphasis is mine. They are technically correct, Red Shell doesn't and can't arbitrarily execute code. This is a fantastic way of side-stepping the main issue: spying. No one is saying Red Shell executes code. Everyone is saying Red Shell is a rampant spyware, used to fingerprint and track gamers and their devices. Notice how they don't deny that? Instead the focus on code execution. This is called a red herring. ------------------------------------------------------------------------------------------------------------------------------ Even if you want to argue that Red Shell is helpful to the developers (which it likely is, given the amount of information is gathers), the choice to make it opt-out rather than opt-in is very telling. Any developer who includes spyware on a forced opt-out basis (which, I haven't even seen KSP offer an opt-out of Red Shell), rather than asking the users to opt-in, immediately loses all respect from me. I'm not going to be quiet about it. I ask that you don't be quiet about it either. Enough is enough. Remove Red Shell from KSP. Reddit discussion on the discovery: https://www.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/