Author Topic: Redshell Spyware [civ 6, total war, and more affected] (Read 3174 times)

Brikichu · June 18, 2018, 01:08:11 AM

tl;dr: delete redshell.dll if you find it in any of your games because it's spyware
https://www.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/
https://redshell.io/
list of currently known affected games: https://docs.google.com/spreadsheets/d/e/2PACX-1vQz1d2jf15nHZE8GaRDAWCVMWuYkhip_cwkDUD3fo9dn0EiDRG3crtNXNhPESz8ZLL2KVDULnm9D-VB/pubhtml
stay safe brothers

edit: block these in your hosts

0.0.0.0 redshell.io api.redshell.io
0.0.0.0 treasuredata.com api.treasuredata.com

Ad Bot · Advertisement

SuperMalleo64 · June 18, 2018, 01:18:07 AM

wtf is redshell and why are there so many good gamed affected

Darth C3P0� · June 18, 2018, 01:20:52 AM

0.0.0.0?

Brikichu · June 18, 2018, 01:23:14 AM

Quote from: SuperMalleo64 on June 18, 2018, 01:18:07 AM

wtf is redshell and why are there so many good gamed affected

it collects data such as ip, screen resolution/ratio, fonts, keyboard language, mouse location on the screen (all admitted to by redshell themselves), and allegedly keystrokes as well for the purpose of "marketing" and "advertising", and it collects this data whether or not you're actually playing the affected game.

Quote from: Darth C3P0� on June 18, 2018, 01:20:52 AM

0.0.0.0?

basically anything that would have been sent to redshell gets redirected to literally nowhere by using 0.0.0.0

Super Suit 12 · June 18, 2018, 01:32:10 AM

The links part is almost all that's needed... just check the IP of users when they first start the game, check to see if it matches an IP used on a link redirect, boom: you know where that user found the game if it was through one of your campaigns, and you see how many click the link but don't get seen playing it later
no DLL necessary, not "mining" as your IP is public information. there's no reason for this to exist. y

Verification · June 18, 2018, 01:47:00 AM

full list
Games still using Redshell according to community reports (as of 16.06.2018):

Civilization VI,
Kerbal Space Program,
Guardians of Ember,
The Onion Knights,
Realm Grinder,
Heroine Anthem Zero,
Warhammer 40k Eternal Crusade,
Krosmaga
Eternal Card Game
Sniper Ghost Warrior 3
Astro Boy: Edge of Time
Ballistic Overkill
Cabals: Card Blitz
CityBattle | Virtual Earth
Desolate
Doodle God
Doodle God Blitz
Dungeon Rushers
Labyrinth
My Free Farm 2
NosTale
RockShot
Shadowverse
SOS & SOS Classic
SoulWorker
Stonies
Tales from Candlekeep: Tomb of Annihilation
War Robots
Survived By
Injustice 2
The Wild Eight
New adds:

Yoku's Island Express
Raging Justice
Warriors: Rise to Glory!
Trailmakers
Clone Drone in the Danger Zone
Vaporum
Robothorium
League of Pirates
Doodle God: Genesis Secrets

Shift Kitty · June 18, 2018, 01:51:13 AM

I mean, it's a non-consensual data grab. That alone should raise some alarms as we don't know exactly how much data they're tracking.

But if we want to take what Redshell says at face value... Apparently the only data they collect is if you bought a game after clicking a certain link. Like a promotion on Facebook or something.

But hey. If the idea was to do this in secret, then who knows if they're really being honest.

maxymax13 · June 18, 2018, 03:10:47 AM

the only red shell i approve of is the one going up the ass of the bastard that made this

exit · June 18, 2018, 05:25:30 PM

wew good thing i have civ5 not civ6

Kochieboy · June 18, 2018, 07:54:47 PM

Thank god I had both the secret world and ESO uninstalled.

NotBomberguy · June 19, 2018, 04:44:15 PM

i have redshellSDK.dll
do i delete it anyways

Superfun909 · June 19, 2018, 10:07:33 PM

Quote from: NotBomberguy on June 19, 2018, 04:44:15 PM

i have redshellSDK.dll
do i delete it anyways

according to the linked reddit post, yes

Shift Kitty · June 19, 2018, 10:12:25 PM

Quote from: NotBomberguy on June 19, 2018, 04:44:15 PM

i have redshellSDK.dll
do i delete it anyways

Honestly, I'd rather do the host file way of blocking it.
If you just delete a .dll, you're just going to end up forgetting about the whole ordeal. You're going to end up downloading another game or program that has it, or the game will update and restore the file or something.
Editing the host file is pretty simple.
Open a plain text editor as an administrator, like notepad++, go to open
Go to C:\Windows\System32\drivers\etc (you may have to show hidden system files)
open the file called hosts (it doesn't have an extension)
add these lines to the bottom of the file and save (if you didn't open the program as an admin, this will give you an error)

Code: [Select]

0.0.0.0 redshell.io api.redshell.io
0.0.0.0 treasuredata.com api.treasuredata.com

Head over to redshell.io to test it. If it doesn't load, that means this worked.

Darth C3P0� · June 21, 2018, 03:12:01 PM

Kerbal space program is no longer on this list, new update removed redshell

thegoodperry · June 26, 2018, 02:13:00 AM

its funny because even if you remove redshell you're still using steam which already does exactly the same thing and basically records all your ip and screen resolution info. redshell does the exact same thing as steam's brown townytics recording except its a different company