Store Page
Eternal Card Game
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Eternal Card Game

Store Page
View Stats:
Global Achievements
This topic has been locked
Dire Wolf Digital  [developer] 22 Jun, 2018 @ 4:19pm
On Red Shell and Data Privacy
UPDATE: Thanks to everyone who has voiced their feedback and concerns. We’ve certainly been taking a stand here, but it’s been driven by principle, and not because we’re currently using the service in question.

We continue to disagree with the assertions and accusations that have been made surrounding Red Shell, largely because we are confident that nothing improper has been done with anyone’s personally identifiable information. PII is not being collected, stored or otherwise used or by Red Shell, and never was.

All that being said, we haven’t used Red Shell in any advertising efforts over the last several months. So, for the sake of everyone’s comfort, we’ve already gone ahead and removed the Red Shell DLL from Eternal as of last week, and if/when we start using it again we’ll be very clear about it.

===================================

Original post follows:

===================================

There’s been a lot of confusion and misinformation over the past couple of weeks about our usage of an analytics tool called Red Shell. We’ve consolidated existing threads and we’ll be locking and deleting any other threads on this subject in order to keep the conversation focused here and more easily address any misinformation.

Here’s what’s true:
  • From February 1, 2018 to March 23, 2018, we used Red Shell to help us measure the effectiveness of advertising campaigns promoting Eternal on Steam.
    • Despite a few loud claims to the contrary, Red Shell is NOT Spyware – they have not collected, stored, or sold any personally identifying information at any time, and they are compliant with the GDPR.
      • See the Red Shell FAQ here[redshell.io], which offers a GDPR-compliant opt-out option on this page.
      • Their FAQ explicitly rebuts many of the claims made in these threads about tracking browser history, correlating multiple games played, etc.
      • To reiterate: Red Shell collects nothing.
    • Red Shell lets us compare a list of devices that click on an ad link to a list of devices that install Eternal to create a non-personally-identifying link between ads, and installs. See the link to their FAQ above on how this works without compromising personally identifying information.
    • This usage (by both DWD and Red Shell) is compliant with both the GDPR and all applicable laws.
    • (You’re likely to find that the ads and ad-tracking software embedded on your favorite gaming news websites are far more intrusive. A couple of those sites have written about this topic and about us without bothering to dig into the facts of the issue, or to ask us for comment.)
  • Since March 23, 2018, Red Shell has not been part of any Eternal advertising efforts.
    • The decision to temporarily suspend the usage of Red Shell was in no way related to the present conversation.
    • The Red Shell integration has remained in the game since that time. We have always intended to resume using Red Shell to better-inform our advertising efforts.
  • On June 10, 2018, this Reddit thread began to stir up conversation rooted in wild speculation, unfounded accusations, and near-total misinformation about the realities of digital advertising, game publishing, and the law.
    • We responded the same day we became aware of the conversation, hoping to clear up the confusion and put an end to the misinformation being spread.
    • Since that time, a small number of users have continued to spread misinformation on this subject, and have chosen to ignore repeated explanations and any actual evidence of how this all works.
  • It’s worth noting that Red Shell is far from the only service to offer this kind of attribution solution – it’s just the one that a handful of users have turned into a bogeyman of imagined privacy violations. There are many other similar services helping a huge range of games and game developers overcome the data gap for games published on Steam and with ad performance on other platforms.

Here are some additional notes:
  • Eternal is one of the most genuinely free-to-play card games on the market, and we care very much about the type of experience we are providing for our customers. We want to be respectful of you guys, your time and your support, and we try to be as careful and ethical as we can be about our business model and how we use data.
  • We have never, would never, do anything improper to compromise player privacy.
  • We have never bought or sold any personally identifying information about players or potential players.
  • We are, and always have been, compliant with the GDPR and all applicable regulations.
  • We have never hidden or misrepresented any of this – we’ve got nothing to hide.
  • We do (and will continue to) advertise our products in ways that are ethical, transparent, and above the bar in terms of standards and practices used by just about every game publisher and website in the world. (And the list of similar software that is used in nearly every mobile game you might play is pretty long).

Our apologies if it feels like we’re taking a stand on this – we hope you’ll appreciate our position after further consideration. Those of you who’ve been with us for the past couple of years know that we do always try to admit when we’re wrong and correct mistakes as we make them. (And we do make mistakes; we just also know what’s actually going on, and we don’t believe we've made one here.)

We also have a bad habit (as with many of you, we’re sure) of not wanting to be cowed or bullied by mob mentality. So we’d rather take on an issue in a forthright manner, even if it’s not comfortable, than provide a false apology for something we haven’t done (and as others might do in this case, quietly continue along in an only slightly different way).

We take this stuff seriously. If you have specific questions or concerns, or contrary information to what we’ve presented, please let us know, either here, or drop us a line at support@DireWolfDigital.com.
Last edited by Dire Wolf Digital; 25 Jun, 2018 @ 1:11pm
A developer of this app has marked a post as the answer to the topic above.
Click here to jump to that post.
Originally posted by Scarlatch:
Thanks for the considered feedback. We’ve certainly been taking a stand here, but it’s been driven by principle, and not because we’re currently using the service in question.

I appreciate your metaphor, GrimSentinel, but you have to acknowledge that there is a difference between someone (or many people) walking into a restaurant and saying that don’t like your sandwiches, one the one hand; and being repeatedly accused of unethical, improper or unlawful behavior (like putting dead flies or worse in everyone’s sandwiches), on the other.

We get the former all the time – there are lots of gaming options out there, and Eternal is not for everyone. Sometimes people are vehement or angry about the fact that they don’t like the game. While we encourage folks to be constructive, that kind of feedback is part of the daily cycle of game community communication, and is generally taken in stride.

The latter is new for us – being spammed by folks (some of whom have little time actually spent with Eternal) with unfounded accusations of “spyware” and illegal behavior is damaging.

Especially when we have a team of people who are focused on creating a great product for players that’s generous, ethical and transparent in how we handle our business model. There are plenty of folks commenting on this issue, some of whom may not like the fact that we’ve used Red Shell to better direct our marketing efforts, but who also understand that it’s not “spyware.”

Our communication here could have been better (and have come sooner), and perhaps a little more even-handed, despite the nature of these accusations. We’ll continue to work on improving in that department.

We continue to disagree with the assertions and accusations that have been made surrounding Red Shell, largely because we are confident that nothing improper has been done with anyone’s personally identifiable information. PII is not being collected, stored or otherwise used by Red Shell, and never was.

All that being said, as stated before, we haven’t used Red Shell in any advertising efforts over the last several months. However, for the sake of everyone’s comfort, we’ve already gone ahead and removed the Red Shell DLL from Eternal as of last week, and if/when we start using it again we’ll be very clear about it.

We’ll make an update to the top post of the thread accordingly.
< >
Showing 1-15 of 92 comments
Blossom Eater 11 Jun, 2018 @ 10:44am 
Spyware in Eternal's files (my previous discussion was deleted)
I see that my previous discussion was deleted, so I will post again.

Eternal has a spyware in its files called Redshell (datamines your PC data and uploads it to its server) - I have posted this maybe 2 hours ago but moderators decided to delete my discussion. You can find more about Redshell here: https://www.reddit.com/r/Steam/comments/8pud8b/psa_red_shell_spyware_holy_potatoes_were_in_space/

Redshell is a spyware that was discovered in a number of games and Eternal is one of them.
As a proof, you can search for Redshell.dll in Steam folder on your disc. Company that not only penetrates the privacy of its users by including spyware into its files, but also censors attempts of people who want to point that out to the rest of the playerbase deserves no second chances and will get none from me. Shame on you, Direwolf Digital. I will also contact the person that opened RedShell topic on reddit to include Eternal to their list.

Edit: My post was a little too harsh so I softened it down a little.
Last edited by Blossom Eater; 11 Jun, 2018 @ 11:41am
#1
Bastarnt 11 Jun, 2018 @ 11:34am 
This is something serius, i wait for eternal answer.
#2
Dire Wolf Digital  [developer] 11 Jun, 2018 @ 12:37pm 
Red Shell is not "spyware". It is a tool that tells us which link in an ad campaign somebody clicked on. That's it. The is no personally identifying information involved.

If you'd like to learn more, there's a good discussion of how and why we use Red Shell here.
Last edited by Dire Wolf Digital; 11 Jun, 2018 @ 12:37pm
#3
Dexious Emera 11 Jun, 2018 @ 1:22pm 
Odd, never seen an ad for Eternal anywhere....
#4
Blossom Eater 11 Jun, 2018 @ 2:02pm 
I've read what you have written in that reddit post (sadly I don't have reddit account and I'm not able to make one until they fix ReCapcha issue). Even if it's true that only bits of information come to you, it doesn't mean that more data doesn't go to RedShell. From what I've read, they collect browser and font data, screen resolution and link connections from multiple devices. Even if they don't know our personal data (which they probably do, because most of us buy games here on steam via credit cards or paypal and use our official e-mail addresses for registering an account here), they can create a profile of our internet activity that is linked to our steam account (from both, our phones and our PC-s).

Here is a definition of personal data according to the new EU regulation. (here is a link to the Regulation - https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG )

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

of 27 April 2016

on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

Article 4.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

As you can see, person doesn't have to be identified, it is enough to be identifiable - and we definitely could be identified indirectly (by RedShell, not DWD) (as you can see, Regulation mentions online identifier, here it being our steam usernames).

One part of article 6. (on Lawfulness of processing) of the Regulation states:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

Further, Article 7. of the Regulative (on Conditions for consent) states

1. Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.

I don't remember giving consent to be tracked and datamined by RedShell.

3. The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof. It shall be as easy to withdraw as to give consent.

If you were going to introduce it, you should have been transparent about it.

Also, Article 9. of the Regulation, concerning special categories of personal data, defines those as follows:
Article 9

Processing of special categories of personal data
1. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited.

Most of us have those that I've bolded, and we read about them on the internet, using that same browser from which RedShell collects its data.
#5
Captain_Narol 11 Jun, 2018 @ 2:08pm 
DWD, that's a serious nuisance that is getting lots of attention.

Many game developpers already removed Redshell from their games or pledged to do so, please pay attention or you're gonna lose many players as the information about this spyware spreads around.
#6
Bastarnt 11 Jun, 2018 @ 2:12pm 
DWD give an answer, because for me the moral side of a thing is more important than the law side, can anoyne prove that DWD ''betrayed'' our trust for the game ? Ι hope and think not ,and special if we compare Eternal with any other program, game etc.
#7
Blossom Eater 11 Jun, 2018 @ 3:09pm 
The problem is that you weren't transparent enough about using third party tools to collect our data and that you tried to trivialize it by saying that you use just a fraction of it for yourselves. (completely ignoring that RedShell collects much more of our data) In my opinion, if you decided that you really MUST use it, you should have mentioned it in a window similar to privacy policy, but a separate one, with a big logo and name of the company whose tool you would use, so that players can check what that tool is about AND you should have made it possible to opt in or opt out of that. We did give you consent to collect some of our data when we agreed to your terms of use, but we didn't give consent for our data to be collected by a third party tool. To touch on another thing that you've written on reddit, you said that you collected the data just the first time - why does RedShell than work while the game is running?

One other thing, I apologize for wishing you bankruptcy, I am a hothead so I act on impulse before I decide to act with reason. I really like your game and I think that Eternal has one of the most fair free to play systems ever in a video game, and that is why I decided to act. If I didn't care, I'd just have deleted the game from both of my devices and replaced it with something else - but violations of privacy really touch my nerve. Yes, the game is free, but that is no excuse and I sure as hell will not pay for it with my data (I guess that I already did). I really felt and still feel betrayed by DWD, as I am sure a lot of other players will too when they find out about this.
#8
Nannok 11 Jun, 2018 @ 4:22pm 
This is the internet. Eveything you do, say, use or interact with is public. I would not worry about your privacy. Its alreay in the wind. Its a game. Not much personal data to be had. If someone is so intersted in my gameing habits so be it. Its their waste of time and space.

Samsung said that thay collect audo data from there divices even when there off. No one said a thing. Peoples TVs are collecting data on them and no one cares.

I am not going to worry about "Redshell" when there is so much being collected about you in so many different ways.

Fear and lothing on the internet. LoL. :steamfacepalm: :steammocking:
Last edited by Nannok; 11 Jun, 2018 @ 4:23pm
#9
Blossom Eater 11 Jun, 2018 @ 9:58pm 
@Nannok
From your post it is obvious that you didn't read what was written here nor that you are informed about the tool in question. Gaming data is collected by DWD, but much more is collected by RedShell (including your browser history and similar stuff). Thanks to EU, the kind of behaviour (Samsung, TV...) that you mentioned isn't allowed anymore, at least not towards citizens of its member states. If you don't mind sharing your data with companies like those, that is fine, but most of the people using the internet care about of what is left of their privacy and now they have the tools to excercise their rights with much more efficiently. I have put some articles from the Regulative in question and I suggest that you read them (which will make you understand that implementation of stuff like Redshell isn't legal if you don't notify the users of your products and allow them to opt-out). I'd also recommend reading through the whole text of the Regulative for every EU citizen, as there is no better way to get understand your rights concerning privacy on the internet (believe it or not, you can ask any company to give you the data that it has collected on you and than ask them to delete everything and stop tracking you). If you don't have time to read through the whole Regulative, here is a link (official) to FAQ about your rights. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en
Last edited by Blossom Eater; 11 Jun, 2018 @ 9:59pm
#10
Nannok 11 Jun, 2018 @ 11:20pm 
Originally posted by Blossom Eater:
@Nannok
From your post it is obvious that you didn't read what was written here nor that you are informed about the tool in question. Gaming data is collected by DWD, but much more is collected by RedShell (including your browser history and similar stuff). Thanks to EU, the kind of behaviour (Samsung, TV...) that you mentioned isn't allowed anymore, at least not towards citizens of its member states. If you don't mind sharing your data with companies like those, that is fine, but most of the people using the internet care about of what is left of their privacy and now they have the tools to excercise their rights with much more efficiently. I have put some articles from the Regulative in question and I suggest that you read them (which will make you understand that implementation of stuff like Redshell isn't legal if you don't notify the users of your products and allow them to opt-out). I'd also recommend reading through the whole text of the Regulative for every EU citizen, as there is no better way to get understand your rights concerning privacy on the internet (believe it or not, you can ask any company to give you the data that it has collected on you and than ask them to delete everything and stop tracking you). If you don't have time to read through the whole Regulative, here is a link (official) to FAQ about your rights. https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en

LoL! A little long winded. I love how people say you "didn't read what was written here" because you disagree. Frankly I dont give a dam. I have never labored under the impression that the internet was privet. I am just not as excited as you and dont belive the sky is falling. :steammocking:
#11
Blossom Eater 11 Jun, 2018 @ 11:30pm 
It is okay to disagree, everyone is entitled to his or her own opinion, and I wont try to force my views onto you.
#12
Captain_Narol 11 Jun, 2018 @ 11:46pm 
If you don't aknowledge the problem, you are part of the problem...

Bethesda aknowledged the problem and removed Redshell from ESO, a good point for them.

Same for the Devs of "Battlerite", "Hunt : Showdown", "Dead by Daylight" and "My time at Portia" who pledged to remove it...

DWD, you don't to be the last to open your eyes and rush to the door, do you ?

Maybe YOU don't use it as a Spyware, but it's still a tool collecting our private data without our explicit agreement and lots of gamers are strongly opposed to this.

This is just gonna snowball as more and more people get aware, move fast to protect your reputation if you care about it !
Last edited by Captain_Narol; 11 Jun, 2018 @ 11:52pm
#13
Nannok 12 Jun, 2018 @ 12:45am 
No such thing as "private data" on a machine that has been conected to the internet.
Its illegal to make robo calls yet most calls are robo calls. It may be illegal to mine data but its a gold mine with no down side. Best to just be aware that its not safe out there on the net. :vigilance:
#14
Blossom Eater 12 Jun, 2018 @ 3:57am 
No mention of browser data that they are collecting and that encryption of steam and other ID's isn't clearly enough explained. EU Regulatives are clear enough, as Court of EU has shown in its decisions - every article should be interpreted as it is written. If it says "online identifier", that means every online identifier.
#15
< >
Showing 1-15 of 92 comments
Per page: 1530 50

Eternal Card Game > General Discussions > Topic Details
Date Posted: 22 Jun, 2018 @ 4:19pm
Posts: 92

Discussions Rules and Guidelines