Beware of this because it could end up in the courts and on the covers of various media in the coming weeks: Reddit users and Steam forums have detected a spyware called Red Shell (the name, very appropriate, comes from the red shells of Mario Kart that chase the target where it goes) that is installed with some well-known games on PC and is dedicated to observe the activity of the player outside the game and send data visits to the web and social networking profiles related to the game or the company. Or in other words: cross data to know what ads end with the player buying and installing the game.
The software has already been found in dozens of games, including Elder Scrolls Online, Conan Exiles, Yoku’s Island Express, Civilization VI, Injustice 2, Kerbal Space Program, Quake Champions, Hunt: Showdown or Magic the Gathering Arena. And most developers are saying that it is not really spyware because it does not collect personal data from users, but activity in their browsers and other devices, and that information is not sold to third parties. Dire Wolf Digital, the authors of The Elder Scrolls: Legends, have said in PC Gamer that Red Shell is not spyware, “just some analysis under hand to help us understand how the performance of our ads is.”
However, despite the fact that the developers consulted have played down the importance, half of those detected have already eliminated Red Shell from their games and have notified the community, and many others have announced that they will eliminate it in future updates. .
Red Shell is, for the moment, completely legal and is sold in a very funny informative website as a tool aimed at developers «to know what part of your marketing strategy is really working». They even have a free version for beginners that collects the data of up to 1,000 players, and then several sections for indies, studios or large companies, with a monthly limit of “fingerprints” collected and served for marketing analysis.
For the purposes of legality in the US it does not seem that they are going to have problems because there are no effective data protection measures, but the new European regulation, the General Regulation of European Data Protection or GDPR, presents certain incompatibilities with Red Shell as, for example and without going too deep , the fact of considering the IP of a user as personal identification information, a type of protected data.