Customers are lied to when it comes to data? Can't be, right? Companys take care about our privacy and take this very serious. Well, Avalanche Studios does just that. They're seriously lying. A little story about a placebo. Let's start with what we get as ingame-settings. There is an option for privacy and we as users can choose whether we allow Avalanche Studios to collect data or not. So far, so good. Allow anonymous tracking: yes/no Send crash reports: yes/no Now comes the funny part. It's useless ^^ Send crash reports Crashsender are a comfortable way to get user data. Self-evident, often hiddeni and without resistance... Other names would be "crashanalytics", "crashlytics", "telemetry", "metrics" and many companys using it on desktop and mobile devices to get data for free. Whatever, to make consumers think it's not bad. Crashdump creation execute an application: C:\Windows\System32\dxdiag.exe Parameters: /dontskip /whql:off /64bit /xC:\Users\xxxxxx\AppData\Local\CrashRpt\UnsentCrashReports\GenerationZero_F_1.0.0\a1c0dc2a-xxxx-4438-bc36-xxxxbddde41b\dxdiag.xml Inclusive "crashdump.dmp" and logfiles [img]crashlytics.jpg[/img] [h1]Affected files[/h1] The installation folder of "Generation Zero" contains 4 files that steal data from us consumers. [code]CrashSender1403.exe, CrashRptProbe1403.dll, CrashRpt1403.dll, crashrpt_lang .ini[/code] [b]All files should be deleted before the first game-session[/b] It's a typical "Avalanche Studios thing", and the same "service" is active in "theHunter: Call of the Wild™" Crashsender is active by default, takes software and hardware data, before the user has the chance to disable the metrics. Same counts for games for the Unity-Engine, Microsoft Corporation or Google products on desktop or mobile software. [h1]Second one and the lie[/h1] With disabled anonymous user tracking via option menu, there is one background service active. Product Generation Zero has outgoing traffic to Gamesight IO. Interesting, right? It's an monetization, tracking and analytics service and belongs to Innervate, Inc. Why there was a big fat NO as option? But it was surely a mistake. As ever ;] There was a story about "legal risk"... [h1]Data which is taken from us during the game initialization[/h1] [olist] [*]Unique userID [*]Language Settings [*]Operating System [*]Resolution [*]Timezone [*]Eventtracking eg. gamesession started [*]IPv4 Adress [*]Currency [*]Game version [*]another UUID (Unique Identifier) [*]Revenue values for their campaign [/olist] [img]screen.jpg[/img] This all happens during the main menu. Anonymous? Not really. [h1]Information for customers[/h1] Of course they do not exist on the product page. Consumers should buy without criticism and accept everything that is sold to them. \^^/ [h1]Conclusion[/h1] The whole thing is neither accidentally nor to the extent permitted. For all who takes their own privacy serious... Connections from the screen can be blocked via PI-Hole or hosts and/or Firewall. Unfortunately it proves to be true once again not to trust any developer. [h1]Gamesight Connections for Generation Zero and other products[/h1] [code]# 35.161.12.27, 54.203.171.101, 40.118.187.121 (ips are not complete) console.gamesight.io api.ingest.marketing.gamesight.io track-api.gamesight.io[/code] [h1]Another funny coincident[/h1] Used ips by Gamesight are also used by RedShell Analytics