Spyware in HoMM5???

[Trubador]

What is known in the short time this has been discovered:

H5_Game.exe attempts to contact lb-iisdt.ubisoft.com [216.98.48.19:443] shortly after the game starts. Upon TCP connection it performs a key exchange and then begins to send encrypted packets.

It is totally unknown what or how much info the program sends, as it connects without your knowledge (or consent), and encrypts the data so you can't tell what it's transfering. It "seems" to be blockable with the right program, but also seems to be coded into the game itself, and so is unremoveable.

Threads on this subject have been shut down on two other fourms, so I suggest you say your piece fast, in case the same happens here. . .

[ThunderTitan]

Thank you Mr. Firewall.

Oh, and I belive the game does ask you if you want to send info about ur system to Ubi when you first start it.

[Alamar]

Zone Alarm, or similar, is certainly your friend

I don't recall from the EULA if there is a section dealing with sending information to UBI. I would think that it has to be somewhere though???

[Karja]

I just verified that this is true; it sets up an SSL connection, and then sends chunks of application data directly upon startup, after an additional two seconds, and after about 18 seconds. On my comp, I guess it's reasonable to assume that the first ones are directly on starting H5_Game.exe, and the last is when all intros are over and done with. All in all, I noted four exchanges of around 300 bytes encrypted data (and lots of overhead in setting up SSL and such).

It seems like a bit much, but it's probably nothing to worry about. Statistics about users' systems is invaluable for developers; and in addition to that, isn't it a rather common practice to check if the running version is the latest one? I guess it's a bit strange to do it with an encrypted connection, but I wouldn't be too nervous about all of this.

// Karja, who doesn't think that this is alarming enough to start up a firewall. But that EULA should be examined...

[Paradox]

i dont think the European version has this spyware, only seems to be the US version.

[1979]

I denied it access on Zone Alarm. Every little program I own wanting to connect to the internet bugs me, so I always stop them.

[Ari]

There's a similar thing that happens during installation. I figured it was relatively harmless and let it through. Nice of them to mention it to me though.

[Trubador]

What gets me more nervous, is that most are not getting nervous

First, a program is installed on your comuter without your knowledge. Then, it connects to the net and Ubi without your knowledge, then, it sends them "encrypted" data without your knowledge or consent. Since it's encrypted, who's to say what in the heck it's uploading to them.

If I find some guy hiding in the girls locker room, it's kind'a hard to beleive him when he says "oh, I'm just checking the locker rooms stats to make sure it works better, and is more enjoyable to the girls"

It would be TOTALLY different if they told you up front, and then there was some sort of option to participate in information gathering or opt out.

I'm also surprised at some of the negative or even rude reaction I've gotten from others just by alerting them about about this "fact".

[Psychobabble]

What gets me more nervous, is that most are not getting nervous

I also seem to remember something in the click boxes during install whether or not you wanted usage statistics to be sent to Ubi, it was along with the registration questions things. It's possibly defulated to yes, but it hardly seems insidious to me. These sorts of usage statistics are very useful for a developer to know how the program is working on diff systesm and even what game play features are/aren't used and, iirc, you're asked if you want them to be sent or not. No big deal methinks, keep looking out for those black helicopters though.

[addicted]

Funny when I installed the game, I wasn't ask a question to send anything to ubi or anyone else.. I registered but I sure don't remember being ask about sending my computer info or anything else.. I never allow my info to be sent to microsoft or any other company if I am aware of it.. but I am sure even microsoft has it's hidden stuff too.. I run my antispyware and virus stuff every day.. I know ms windows-xp has an option to turn on or off the error reporting service so I assume they could also have other stuff.. I don't know, I am not a programmer, etc.. but I have about everything I can find relating to send info to the net like the error reporting type of thing turned off in my windows-xp options. I just don't trust any company wanting my info off my computer especially when I can't see what it is they are taking off my computer...

[Karja]

What gets me more nervous, is that most are not getting nervous

Well, if this information gathering isn't mentioned in the EULA, then it's definitely suspicious and spyware-ish. But at the same time, I'm a software developer myself and I would love to have statistics about how people use my programs; I can't really see a reason for Ubi or Nival to collect any sensitive data.

They could be interested in the Windows version, the screen resolution, DirectX capabilities, a message whether or not everything started up correctly, what the latest version is, and so on - and while all of those are specific data about my computer, it's just for statistical reasons. So I don't see a reason to be nervous.

At least not until someone mentions that they're storing IPs or something like that!

[Trubador]

If Ubi ask me via email, or a forum poll to give my computer specs, I would be MORE than glad to contribute and help the game and the gaming community. BUT, I don't want them sticking their poll up my computer when I'm not looking

Stealing person info is a multi million dollar "business". People actually dig through dumpsters to get less personal info than they could get off of your computer; just ask the millions of Vets that just got all of their person info stolen by someone "just looking at stats".

I don't know if "black helecoptors" exist, I DO know this program does, and no one can tell what info it's uploading. Maybe I'm paranoid, or maybe the more no one does anything about this kind of thing, the more prevelent it will become. . .

[Ari]

I'm sure the game didn't ask me about this either. Maybe it's version specific? I have the regular version.

Don't get me wrong - I'm not at all thrilled that I need a firewall program to tell me what a program *I* installed is doing without my knowledge. On the other hand, this is HOMM5 we're talking about, not Comet-curser or 100-new-emoticons-free!!!! or some such crap. To go with the guy in the locker room analogy, it's more like seeing a plumber in the locker room with some tools. Occam's razor says he's there (and it's there) for an innocuous reason.

[Karja]

If Ubi ask me via email, or a forum poll to give my computer specs, I would be MORE than glad to contribute and help the game and the gaming community. BUT, I don't want them sticking their poll up my computer when I'm not looking

The problem is that the number of people who do answer forum polls or answer e-mails are extremely few. I agree that this would be a better way, but when you're trying to build a database of - for example - Windows XP user statistics, it's just not enough with the few who offer such info freely. (This might be a relevant question. They might be considering going XP only for the next game project, for instance; how would they know if the customer base is large enough without checking the existing customers first?)

Stealing person info is a multi million dollar "business". People actually dig through dumpsters to get less personal info than they could get off of your computer; just ask the millions of Vets that just got all of their person info stolen by someone "just looking at stats".

There's a difference between personal information and computer specs. If they actually are collecting something related to the person (IP, e-mail, info about the user's files, etc), then it's absolutely horrible behaviour. This can be misused, like in your example. But things like Windows version, DirectX version, graphic card capabilities and so on is impossible to use in a way to harm the user - it can only be used for improving their products.

In all of this: note that I'm not defending their behaviour to send info without asking! If that's the case, then they're misbehaving regardless of what they send.

[innokenti]

There's a difference between personal information and computer specs. If they actually are collecting something related to the person (IP, e-mail, info about the user's files, etc), then it's absolutely horrible behaviour. This can be misused, like in your example. But things like Windows version, DirectX version, graphic card capabilities and so on is impossible to use in a way to harm the user - it can only be used for improving their products.

In all of this: note that I'm not defending their behaviour to send info without asking! If that's the case, then they're misbehaving regardless of what they send.

Fair enough. But it's nice to ask. It IS your information and your computer. Principle of the thing and all that.

[DaemianLucifer]

What gets me more nervous, is that most are not getting nervous

We that control what programs get the access internet have nothing to worry about.I let only my browser to act as a server,and thats it.All of the other programs may get limited access only when updating.

[Gus]

There's a difference between personal information and computer specs. If they actually are collecting something related to the person (IP, e-mail, info about the user's files, etc), then it's absolutely horrible behaviour. This can be misused, like in your example.

The thing is: this is encrypted. By definition, this should make this look more suspicious, and we can't even check to make sure it's harmless.

But things like Windows version, DirectX version, graphic card capabilities and so on is impossible to use in a way to harm the user - it can only be used for improving their products.

I'm not sure it can only be used to improve their products... It could be used in a number of business ways, like making deals with video card producers, with Microsoft, etc...

Anyway, any program that has NOTHING to do with the Internet which asks me to connect, i block it. A basic principle of security.

[Bob Morane]

What gets me more nervous, is that most are not getting nervous

What makes me nervous is people who gets nervous for nothing, no offense.

First, a program is installed on your comuter without your knowledge. Then, it connects to the net and Ubi without your knowledge, then, it sends them "encrypted" data without your knowledge or consent. Since it's encrypted, who's to say what in the heck it's uploading to them.

First, you know you installed this program, as it's heroes V itself and not some strange 3rd party software that sends info. The reason thoses datas are encrypted could simply be to ensure noone will be able to steal them. Also maybe H5 is set to check for a newer version (who knows as the first patch have not been released). Such data tranfer should be crypted to prevent low grade hackers from using it to install malevolent software on your machine.

It would be TOTALLY different if they told you up front, and then there was some sort of option to participate in information gathering or opt out.

And of course, you read VERY CARFULLY the EULA when you installed the game. As for myself i was too eager to start playing to read all those lines. I jsut read the first two, then thought blah blah and clicked accept. Bad attitude i know, but who really reads all those lines.

I'm also surprised at some of the negative or even rude reaction I've gotten from others just by alerting them about about this "fact".

I didn't notice any rude reaction. Just reactions from people who think you are a bit parnaoïd maybe

Personally, as i said i didn't read the EULA, but i think i was asked something about sending data, this sort of thing strikes me, and i decided to send nothing. My internet connection is nearly never active under windows anyway (i have Linux on my system for everything except games) so i have nothing to fear from spyware or the likes of them.

IF you can assure us you never had an option to unable/disable information being sent to Ubi and the EULA does not state H5 will send data. Then maybe we should start to worry about those findings of yours. Currently i don't think this is really alarming.

Notice this thread has not been closed down as you seemed to believe. No conspiracy here

[innokenti]

Notice this thread has not been closed down as you seemed to believe. No conspiracy here

Shhh, the conspirators aren't up yet.

[Gus]

i really don't udnerstand this ironic stance... It is a known fact that some companies are trying to get as much info from you as they can. I mean, you act as if it was completely paranoid to think that, but...
Starforce? Yahoo in China? Spywares? Phishing?
of course that doesn't mean every single company out there is out to get you, but being blindly confident is not a good idea.
I have not found the EULA except of course on installation, but i did not read it then. Why? Because:
- i wanted to play
- it's very long and technical, especially for non-native english speakers
- i know very little about law, so i can't even tell if some parts of the EULA are legal or not
And i can't seem to find it anywhere on my disk.

All that to say: i can understand you guys don't run around in panic, but making fun of him while there IS an unnecessary encrypted connection going out, is a bit unfair.