I think I got too close to a painful point for CO:

In my Harmony (redesigned) 1.0 update, I have added functions to clean up some of the existing malware in the code, although I have not reported in the release note the full extent of what I removed:

I removed the adware on the main menu (the 4 advertising windows around the menu itsef), but also:

I disabled "Paradox Online Publishing Services" module, which continually sends, labelled as "telemetry", all of the players interactions while the game is running (ie, all key presses, all mouse clicks). Here's how I labelled the deactivated components (this will is from the HarmonyMod/Sources/Cleanup.cs module, which will be in the source code when I push it shortly)


While my version of Harmony blocks the "telemetry", which looks like a glorified keylogger, this data is still reported from all over the game codebase. The log file output_log.txt will contain fragments like:


These errors indicate that the game code is unable to send "telemetry" out to Paradox Online Publishing Services (pops api)

The two modules which contain the keylogger are:

• steamapps\common\Cities_Skylines\Cities_Data\Plugins\pops_api.dll
  
• steamapps\common\Cities_Skylines\Cities_Data\Managed\PopsApiWrapper.dll

I plan to create a separate mod to capture and log all the data that my Harmony is now blocking from transmission to paradox. The mod will allow anyone to see their data logged on their own hard drive, where they can inspect what would have been sent out. I'll also publish a fragment of the data that my game would send, as a sample.

I think the amount and nature of exfiltrated data will astound anyone, and Colossal's current campaign of digital stoning against me is designed to discredit me ahead of the these revelation.

There is currently an army of trolls who're yelling malware, they are repeating aubergine18's reports, which themselves provide no information on what the supposed malware is.

It looks heated now, but it's about to burst into flames.

I love it. "Colossal Order"'s game is overrun by malware, stay away, potential customers!

I wish they talked about mods updated live, and modders who've pushed 86 updates (2140418403) or more. That's live code delivery to 516,920 subscribers.

Also when you first use the workshop in CSL, there's a legal disclaimer pop-up that says neither Valve nor the game developer checks submissions to the workshop, and the users are at their own risk.


And to think all of this started because I made my list of undesirables public in the most anonymized way I knew (including only steam IDs). I shudder to think what would happen if I actually uttered a rude word to these individuals. What a vicious place, the internet.

Anyway, since Colossal Order themselves are blocking me from updating my mods through Steam, which they say it's verified (it's not), I have no recourse but to distribute directly from GitHub, which is what all modders use anyway.

"Update from GitHub" is in final testing now.

I just received notification from Steam that Paradox has removed my mod Network Extensions 3 from the Workshop, and I was temporarily banned supposedly for doxing in this archived thread: https://archive.ph/Ruuy2 Therefore, support for the mod will continue here, and the mod will continue to be maintained, along with the TMPE fork, and the "Holy Water Collection"

I also plan to fork and fix New Roads for Network Extensions 2, which includes some nice looking roads. This mod works for me, so it's a mystery why Colossal marked it "obsolete" on the workshop.

Updates to the mod will be delivered directly from GitHub by the "Update from GitHub" mod which I am about to release.

This direct from GitHub approach has a few neat advantages:

• Bypasses Colossal's censorship
  
• It'll be much harder to troll, so should be free-er of politics
  
• It makes (many, not all) mods available to GoG and Epic games players

Meanwhile, the mod can be installed locally from the archive published at GitHub (release notes include instructions for local installation):

https://github.com/drok/NetworkExtensions3/releases

Thank you for your continued support, and I will continue to keep this mod updated and in good working order as long as you, the subscribers, want it.

Also on this forum I have much better moderating tools, and I intend to ban trolls at first offense, without warning. Banning was not available to me at the Workshop, so I was limited to watching and deleting trolls as quickly as possible.

LOL, I'm very sorry for the delay, but this community has been keeping me in fire-fighting mode.

I'm starting a new project to clean up some of the bugs in mods on the Cities Skylines.

I'll be forking some currently broken mods, fixing the most serious bugs (crashes, loading problems), and uploading them to the CSL workshop. Note I can only do this with open-source projects that have a permissive copy license.

If you're using a mod that needs some love, please nominate it for the Holy Water collection below, and briefly state what is broken about it.

Tell your friends.

I love it that the Finwinkle, the author of the malware if fully aware of the claims against him, and has not disputed them, 3 weeks later.

The trolling on my item pages has intensified somewhat, but I now have an automated way to handle it.

Originally posted by KZW Shibikami con un plan:

Wow.
Way to convince me to pirate next Cities Skylines if CO ever decides to release it's golden eggs chicken.

Two wrongs don't make a right, but I would suggest there are other games much more reputably developed and run. Transport Fever 2 is nearly the same genre, it's been keeping me entertained, it it performs far, far better than CSL. It has a huge workshop, and no DLC piecemeal sales tactics.

I'm moving here various discussion bits on the topic of malware in the Cities Skylines workshop.

I have posted in several affected places variations on:

Originally posted by "Holy Water":

Beware, the purported "replacement" mod, "Compatibility Report" is MALWARE intended to spread misinformation. It declares that my own mods are abandoned and not supported, which is false, gives alternate URL's for my source, or no URL, and claims Chaos is retired, when in fact I maintain all his mods now. It also claims that several mods require Colossal Order's Harmony, when in fact they require Harmony (redesigned).

The author of "Compatibility Report", Finwickle is openly hostile to me and deletes my comments on that mods' page.

Response seen at "Mod Compatibility Checker" comments page:

Originally posted by "alborzka":

"Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive users access to information or which unknowingly interferes with the user's computer security and privacy."

By definition, neither this mod nor Finwickle's mod are malware. That's not a matter of opinion, that's fact.

Response seen at "Harmony (redesigned)":

Originally posted by "Sir SheikhsPears":

@Holly Water OMG, do you even understand words you operate with?

"Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems or which unknowingly interferes with the user's computer security and privacy."

In a moment I'll learn from you that the earth is flat, and that the CO is actually working with reptilians.

The two responses are identical, and my reply applies equally:

Originally posted by "Holy Water":

Finwinkle's mod misinforms about the state of mods, and claims that Colossal Order's Harmony is a "successor" of Harmony (redesigned), and that several mods require Colossal's Harmony, whereas their respective authors made no such statement. (1) This misinformation seeks to get users to use a different library than authors have specified.

(2) Further, his mod makes the false claims that authors have abondoned their mods and there is no support.

(1) = interferes with the user's security and privacy, by trying to get them to substitute software with untested alternatives.

(2) is intentionally designed to deprive users of access to legitimate support, by persuading them no support is available.

I believe these facts would stand in a court of law, if you want to get technical.

Finwinkle's mod fits the commonly accepted definition of "MALWARE" perfectly.

I would add for completeness:

If you look at the "catalog" XML file in the "Compatibility Report" MALWARE source code, you'll find XML such as:

• <Stability>
  
• <Alternatives>
  
• <Recommendations>
  
• <Stability>

These tags are not accidental. They are intended to persuade the user to use other software as recommended by Finwickle, under the pretext of "MajorIssues", "Abandoned", "Unsupported" etc. Also, these are not attributes communicated by the respective mod authors, but are created by Finwickle. The language is intended to scare the user into believing they are using vagrant, broken, insecure software, and to lure them to use Finwickle's recommendations.

Most mod authors provide a direct support contact where mod users can engage with the author directly, usually through a forum post, a github "Issue" post, and often request specific information be provided about the problem to help them diagnose and assist the user, such as log files, game save, operating system, version of various other involved softwares, description of the issue, etc. This contact information is withheld from the user, as no related fields exist in the "catalog" the software uses as a source of "information". Instead, Finwickle leads users to believe the mod they are using is "unsupported", and implies it's futile to engage directly with the author of the mod. Instead, he proposes to use his recommended mods as solutions to any problems.

In computer software, security and privacy comes from end-users knowing and trusting that the software they use comes from the vendor they intend to engage with. It is essential for our (as users) security and privacy to engage directly with the developer, without middlemen, third parties. It is no accident that "Man in the Middle Attack" is a common phrase to describe the situation where a third party seeks to insert themselves between two parties:

"In cryptography and computer security, a man-in-the-middle, monster-in-the-middle,[1][2] machine-in-the-middle, monkey-in-the-middle,[3] meddler-in-the-middle[4] (MITM) or person-in-the-middle[5] (PITM) attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other, as the attacker has inserted themselves between the two parties" (Wikipedia - "Man-in-the-middle attack"[en.wikipedia.org])

Of course, when two parties such as user and developer deal directly, there is a relationship with implied accountability for privacy and security. A Man In the Middle seeks to compromise this relationship, while not being accountable (hence "attack").

To summarize:

The tags chosen by the Finwickle, the author of "Compatibility Report" indicate that this software is intentionally designed to deprive users access to information or which unknowingly interferes with the user's computer security and privacy

I believe "unknowingly" in this definition means "unknowingly to the user", not "unknowingly to the software/designer".

My conclusion, based my most rigorous interpretation of the facts, is that the mod "Compatibility Report" is in the legally technical sense, "MALWARE". I believe the sub-categories is best fits into is "adware" because it works by persuasion, and "trojan", because its name is designed to mislead the user into believe it provides a useful "compatibility review" service. In this last sense, it's akin to the myriad of "computer optimizer", "error cleaner" which are also malware in disguise.