Video games typically fall outside the business and tech topics we cover on our blog. But a recent revolt by gamers and game developers against the attribution tracking program Red Shell puts them at the forefront of the battle for consumer rights and privacy. We think that’s pretty cool.
The controversy was ignited with a post on the Steam subReddit publicly warning users that Red Shell was running inside of dozens of best-selling titles. These included “Civilization VI,” “Warhammer: Vermintide II,” “Injustice 2,” and “Kerbal Space Program.” Earlier titles that removed Red Shell after player complaints include the giant MMOs “Conan: Exiles” and “Elder Scrolls Online.”
Red Shell works by viewing data from a new player’s browsing cache to determine if they had previously seen ads or other content related to the specific title they were playing. With this information, the game’s publishers could learn how effective their advertising efforts were and which channels provided the best source of new players. The company boasts that its technology is 98 percent accurate at tracing players’ browsing histories and attributing certain exposures to a final game sale.
Unfortunately, this information was not disclosed up-front to players. In an age of the GDPR, where consumer data privacy is considered a presumptive right that must be intentionally waived, such practices are unacceptable. Protests from gamers and the supportive responses from developers illustrates how these attitudes are spreading beyond the EU.
The company insists that they use no personal player data, and that they anonymize all information. While that may appear to be compliant with GDPR, the technical absence of personal identifying data does not make players feel any better about the fact that an undisclosed piece of software was lurking inside of their game install. Plus, device fingerprinting is still tracking specific users’ actions. There’s no mincing words about it.
The Reddit user who helped blow the whistle on Red Shell asserts that he wanted “to raise awareness of these user-unfriendly marketing practices and data mining software that are common on the mobile market, and which are flooding over to our PC Games market.” His sentiment, shared by many in the community, is that he was tricked into installing Red Shell and would have never authorized its activities. “As a person and a gamer I refuse to be data mined,” writes user Alexspeed75. “My data is my own and you have no business making money off it.”
Making matters worse, users have to go through a lengthy process if they want to opt out of Red Shell’s tracking mechanism for a game install that’s integrated with it. Users have to manually report their in-game IDs to Red Shell, who will then manually block data transactions for that specific user. Ideally, the user should have the option to not install Red Shell at all with their game, or at least have the ability to opt out of data collection within an in-game menu.
The vocal response from the gaming community illustrates a growing wariness on the part of the average consumer regarding the use of their personal data. Simply labeling your product as “advertising analytics software” is no longer enough to avoid scrutiny.
Data Security – Implementing a BI Tool
It’s a good lesson for ISVs and software developers on the need to be transparent about data collection and to make it easy for users to opt out. The U.S. may not yet have GDPR-type protections, but rising consumer concerns now make data protection and privacy critical for applications. Gamers and game developers are starting to understand this – the developers and users of business software need to as well.
