Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
Discussions Rules and Guidelines
Report this post
I wish they talked about mods updated live, and modders who've pushed 86 updates (2140418403) or more. That's live code delivery to 516,920 subscribers.
Also when you first use the workshop in CSL, there's a legal disclaimer pop-up that says neither Valve nor the game developer checks submissions to the workshop, and the users are at their own risk.
And to think all of this started because I made my list of undesirables public in the most anonymized way I knew (including only steam IDs). I shudder to think what would happen if I actually uttered a rude word to these individuals. What a vicious place, the internet.
Anyway, since Colossal Order themselves are blocking me from updating my mods through Steam, which they say it's verified (it's not), I have no recourse but to distribute directly from GitHub, which is what all modders use anyway.
"Update from GitHub" is in final testing now.
In my Harmony (redesigned) 1.0 update, I have added functions to clean up some of the existing malware in the code, although I have not reported in the release note the full extent of what I removed:
I removed the adware on the main menu (the 4 advertising windows around the menu itsef), but also:
I disabled "Paradox Online Publishing Services" module, which continually sends, labelled as "telemetry", all of the players interactions while the game is running (ie, all key presses, all mouse clicks). Here's how I labelled the deactivated components (this will is from the HarmonyMod/Sources/Cleanup.cs module, which will be in the source code when I push it shortly)
While my version of Harmony blocks the "telemetry", which looks like a glorified keylogger, this data is still reported from all over the game codebase. The log file output_log.txt will contain fragments like:
These errors indicate that the game code is unable to send "telemetry" out to Paradox Online Publishing Services (pops api)
The two modules which contain the keylogger are:
I plan to create a separate mod to capture and log all the data that my Harmony is now blocking from transmission to paradox. The mod will allow anyone to see their data logged on their own hard drive, where they can inspect what would have been sent out. I'll also publish a fragment of the data that my game would send, as a sample.
I think the amount and nature of exfiltrated data will astound anyone, and Colossal's current campaign of digital stoning against me is designed to discredit me ahead of the these revelation.
There is currently an army of trolls who're yelling malware, they are repeating aubergine18's reports, which themselves provide no information on what the supposed malware is.
It looks heated now, but it's about to burst into flames.
I am "temporarily" banned by Colossal Order until Feb 13, while they've launched this coordinated campaign against me, with aubergine18, kjmci (a promoter for cities skylines), and Andy Brown, the author of the "news[www.nme.com]".
Colossal is in damage control mode, due to the discovery I've made regarding the keylogger malware they've had built into the game for the past 6 years (see post above). They've decompiled my Harmony 1.0 release in which my code disables their keylogger, and have realized that the shit is about to hit the fan.
The notification email directs me to the "cities skylines support team" https://paradox.zendesk.com/home rather than to Steam support, because it's Paradox that is responsible for the removal, not Steam.
It is merely hidden, not deleted, and the project will continue, but it appears that the author of Next2 (sniggledigit) has made an appearance. I'm curious if he will update Next2. The logical step would be for him to merge into his code base the bugfixes I've made since I took over maintenance, but we'll see how that plays out.
It's not a coincidence that this trinity of Colossal, Harmony and Network Extensions keeps popping up.
You should create and release the 'Keylogger Disabler' as a separate mod. This would allow users to exercise their freedom to choose the mods they use, while getting rid of the keylogger.
6 years of "telemetry" safely in Paradox's vault, while the "respected modders" found no malware in the vanilla code. They want the million or so users to continue to trust them.
Mr. Honest Modder Klyte5, since your mod is clearly disabling the keylogging activity reported here, why not be fully honest and use the same word, keylogging, since that is what is happening? How honest is for you to dumb it down to something so innocuous sounding as "simple telemetry"?
The Colossal EULA makes specific emphasis on "Section 5 on collection of information", meaning they want to be double sure that when this comes up in Court, they can use as defense that the end users accepted it, for sure:
This is not accidental. That data is very very precious, and the Colossal and Paradox trolls wants their precious data. You have to wonder why they want it so bad if it's not that useful.
I have so much exposure on this gang of "game developers" and "respected modders" coming out, it's not even funny.
... applies to your key presses collected by Colossal Order, regardless of EULA
Typically "telemetry" is anonymized, aggregated data. A developer can learn how they're software is working, but not who is using it.
In Colossal Order's case, the "Paradox Login" exists to accomplish the opposite, to connect the keylogged data to a personally identifying account, ie, your Paradox Account, so every key press can be properly accounted for.
Now, don't expect that if you signed up at Paradox with anonymous looking user information, this keeps you secure. Not only can your personal identity be easily unmasked by even a low-skilled internet user, but marketers like Paradox are experts at it. This manner of "understanding their customers" is their bread and butter, and they are extremely good at it.
Of course, if you do this is called "doxing", but when Paradox does it, it's "marketing".
"Independently" means, I'm not your lawyer, Colossal and the community they've created is not your friend, you need to find your own source of information. I can only suggest that when you pay a lawyer to work for you, he is ethically bound to act in your best interest. No-one else has that obligation, and you should not assume that random people on Steam or Reddit is acting in your best interest.
It's a company called Tencent[en.wikipedia.org], one of it's major product QQ, a social software widely used in China, is reported scanning user system documents (almost anything from desktop shortcut to APPData). The company already apologised for this and claimed that they did this to 'prevent malicious login' and 'all data will not be sent to Cloud either used for other purpose' and 'resolving new approach and published new version'
*details of this event may not be exactly same as real situation, information gathered from multiple news reports.
The only difference I considered is the user group of Tencent and Paradox & CO. In Tencent's case, vast majority of users are opposition, which is caused by over-complicated historical reasons of Chinese web environment and I personally can't clearly explain this here (it's very unbelievable to see a company surviving like this but that's exactly the truth). While for Paradox and CO, vast majority is the supporter.
I already witness many similar 'wars' so I already got tired and foresee everything when you uploaded NExt3 to workshop, similar situations happened before in my country, and is still happening, and will comeback in the future. I suggest you to investigate (or at least familiar with) Chinese web environment when you have time, you will be benefitted.
And back to CSL, uiop4869 said that some modders are planning to develop a new version of 'Loading Screen Mod' and cooperate with LOM and EML, LOM would decide loading contents and order and the new mod operates loading, along with new technology of EML which could increase speed.
BTW, I strongly discourse you to debate with him, or any modder or creater form China since almost all of them standing with CO. debate with them would bring everyone here, especially you and me, troubles. I debated with uiop recently about you, your mods, the community, etc. and I discovered he is strongly believe in CO, just like how you strongly against them. I pretend to change my mind (I unsub all your mods, sorry) when you got banned to not let myself expose too much, but he already know I'm on your side (It's lucky he's only an asset creator).
The best solution for now is:
The whole thing is Trump-worthy, and it's disheartening. Capitalism in action in games.
Meanwhile, for anyone who is looking for Network Extensions 3, the project will be maintained as long as it's needed, and is available for local install from GitHub (see top post for instructions).
In short, NE3 was removed by Colossal Order (I have confirmed this with Steam Support), for supposedly "violating Steam Community & Content Guidelines"; This is the sort of non-explanation that Colossal has been harassing me with for a long time.
Remember, Steam does not have a monopoly on game mods, and they exist in various places. Steam's main benefit is that it's very convenient.
Picture of workshop item as visible to me: https://imgur.com/a/CtZEqoq
I doubt it, here is why:
1 week after Airports was released and I published Next3, there were already 16k subscribers. At this time, after 1 week of focused attacks by CO's army of trolls, I was attacked by about 600 unique steam accounts, most of them new or throw-away accounts.
Combine with this that people who just want the mod, but don't talk about it, make no comments of all. On the other hand, the trolls are very vocal.
The figures and the difference in behaviour between trolls and people interested in the game tell me that there is a small minority of extremely active trolls, compared with a vast majority who just want to play the game they bought without participating in the community.
Even after a week of trolling and Colossal removing Next 3 from the workshop, and the rumors of malware (for which there never was any evidence), the majority of Next3 users remain subscribed, and I'm guess they are happy to continue using it.
This anecdotal data tells me that the majority is not supporting CO, but because CO does have complete control of the workshop, and is able to rally trolls and throw away accounts, means that eventually CO will win control of their workshop, and re-establish censorship. Also the Next2 will eventually, and soon, be killed, regardless of sniggledigit's efforts. The issue was never about him being away, but that Next2's existence affects DLC sales.
All gamesaves that use Next2 are soon going to become unloadable, obsoleted by CO.
ROFL at the wording... the KEYLOGGER is in the vanilla game uploaded by Colossal Order themselves. See full description above:
KEYLOGGER is documented here:
https://steamhost.cn/steamcommunity_com/groups/HarmonyForGames/discussions/4/4362302357662347864/#c4362302357663690136
The EULA is the legal document through which the lawyers seek liability waivers from you, the end user. You have to assume that anything that the EULA covers is being collected, now or in the future, as long as the waiver is in place.
If I may interpret, this clause allows any information you have to be collected at any time while you are using the Game
The paragraph lists some inclusions, but no limitations, nor does it use the typical "but not limited to" language which would be too inflammatory.
Legal documents are carefully worded technical documents crafted expertly so they can stand in Court, should the need arise. The choice of wording is expressly made as to support a defense in Court.
In short, Paradox can collect anything they can get their hands on, legally, with your permission, which you've given when you accepted this EULA.
The entire purpose of the "Login with Paradox" window on the main menu screen is to secure the linking of the "telemetry" data with your identity.
A packet capture would only contain data that the server specifically requested for a given user identifier/IP address/time of day, etc. Without knowing the protocol specification, you would be guessing if a particular packet capture is representative of all data exchanges with buffpanel.com (the domain where the data goes to)
Okay. So you said it was a keylogger. I would like to specifically know how you came to this conclusion. You've made this out to be a very serious thing, nefarious even, but how can you know that if you haven't done something as basic as analyzing a pcap? Everyone knows what BuffPanel is and what it does, this has been known for years. I don't have the game installed right now, but if it's anything like the other games then pops_api.dll can be stopped simply by setting a firewall rule for api.buffpanel.com and calling it a day.
A keylogger is a very specific claim and carries with it a very, very dark implication that Paradox/CO have been doing a lot more than market analytics. I am interested in this claim because it concerns me and I would like to know more about any keylogging CS might be doing.