About 20 PC games — including The Elder Scrolls Online and Conan Exiles — have removed a piece of third-party spyware tracking users’ activity outside of the game, and dozens more are said to still have it more than a week after it came to light on Reddit and Steam forums.
Called Red Shell (yes, it’s named for the Mario Kart item), the spyware sells itself as a means for video game makers to “uncover where their players come from through reliable attribution.” It “matches” whether players with Red Shell installed on their games visited a market’s campaign, whether Facebook and Twitter, YouTube, a web page or others.
To do this, Red Shell has to follow what users are doing outside of the game. But the company said it does not collect any player’s personal information, and only collects information about their browsers and devices “for purposes of attribution.” No data is sold to a third party, Red Shell said.
On June 9, Red Shell’s presence was discovered in this thread on the Steam subreddit, and over the past 11 days, players have ferreted out about 50 games that use it. Since then, several have either pulled Red Shell’s .dll files or have posted in forum threads saying that they would do so. These include Battlerite, The Elder Scrolls Online and Conan Exiles at the outset of the controversy. Red Shell had also been in Total War games, but Creative Assembly said it would remove it. Fatshark said it would be taken out of Warhammer: Vermintide 2.
According to this list there are many more games using the tracker, some familiar, others obscure. Red Shell defended both its service and its methods in a statement to Kotaku yesterday. And to PC Gamer, Dire Wolf Digital, the former makers of The Elder Scrolls: Legends, said Red Shell was not spyware, it’s “just some under-the-hood analytics that help us understand how our advertisements perform.” Redditors generally rejected those kinds of justifications, saying such things should run with an opt-in or their knowledge.