Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
It'll be a long weekend and I will feel sorry for Shan on Monday if we don't get that answer. In fact, if I were Shan, I would call in sick on Monday.
Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
It's telling when the intermediary between us players and TP can take the time to post a snarky comment about the title of another thread you started, whilst simultaneously coming back with no response from TP on the privacy and legitimacy issues raised, well into day -two- of these alarming concerns, with the weekend fast approaching.
Personally I think TP is making a huge mistake if they don't address this issue before the end of the business day. If this issue gets ignored into the weekend (and possibly beyond), the damage TP has done to its own reputation amongst its playerbase will be irreparable. The number of people who continue to walk away from the game will continue to grow. I guess it only concerns the corporate types when it hits them in the wallet, and hit them in the wallet it will. I was expecting at least a half-hearted rambling response from TP full of corporate-speak rhetoric that used a lot of corporate buzz-words while not addressing the actual concerns raised by players. But we haven't even gotten that. Not even a corporate form-response along the lines of "we hear your concerns, yadda yadda, terms of service, yadda yadda, investigating diligently, yadda yadda, nothing is more important to us than our customers, yadda yadda, privacy is of paramount importance at TP, etc. etc. " But they couldn't even be bothered to do that. This is not boding well for TP. They were given the keys to the castle, and have now sprayed graffiti all over the walls in an effort to conceal the spy-peep-holes they made for their friends. And when asked about said graffiti, they just ignore you.
Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
Shan has been responding more to this and later last night than I've seen her respond. They are clearly looking into this, but this is likely going to their legal department/outside council. You can't expect an immediate turnaround when the response involves lawyers looking into contracts and being sure they didn't violate any laws. The first thing the lawyers will say is don't say anything until they review everything. A wrong comment now can further their liability.
Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
Shan has been responding more to this and later last night than I've seen her respond. They are clearly looking into this, but this is likely going to their legal department/outside council. You can't expect an immediate turnaround when the response involves lawyers looking into contracts and being sure they didn't violate any laws. The first thing the lawyers will say is don't say anything until they review everything. A wrong comment now can further their liability.
Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
Shan has been responding more to this and later last night than I've seen her respond. They are clearly looking into this, but this is likely going to their legal department/outside council. You can't expect an immediate turnaround when the response involves lawyers looking into contracts and being sure they didn't violate any laws. The first thing the lawyers will say is don't say anything until they review everything. A wrong comment now can further their liability.
So, its apparently a player’s responsibility to go to bat for a company? Apparently too much to ask for an official response that says what you took the time to type up?
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Again, thank you for your patience.
I hate to be "that guy", but does this mean that IronSource is also not allowed to collect our user data in the game? I don't know if there is a difference between TP not sharing and IronSource not being allowed to collect.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Again, thank you for your patience.
I hate to be "that guy", but does this mean that IronSource is also not allowed to collect our user data in the game? I don't know if there is a difference between TP not sharing and IronSource not being allowed to collect.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Again, thank you for your patience.
I hate to be "that guy", but does this mean that IronSource is also not allowed to collect our user data in the game? I don't know if there is a difference between TP not sharing and IronSource not being allowed to collect.
Yes, that is what it means.
Thank you for the response, I think it will help to ease people’s concerns for the time being.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Again, thank you for your patience.
I hate to be "that guy", but does this mean that IronSource is also not allowed to collect our user data in the game? I don't know if there is a difference between TP not sharing and IronSource not being allowed to collect.
Yes, that is what it means.
Thank you for the response, I think it will help to ease people’s concerns for the time being.
It's quiet. So quiet that you could hear a pitchfork drop.
Come on...provoking other players? Neither the data harvesting claims nor the refutation have been substantiated. And while we're all inclined to trust the 'official word', it's one of several issues with the Offer Wall.
In the meantime, I've had another person approach me and confirm that 'multi-tapping' the mailbox to receive duplicate rewards does indeed work. With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
Doesn't really get rid of all my concerns, esp when the answer has a specific "regarding consent for ads/Offer Wall" phrase. Sound like lawyers trying to be careful on how something is said for legal reasons. I'll be limiting my time to a PC, just 130K and out this event, and see what the final answer is next week.
Directly – from your device through our SDK integrated by app developers in their apps. SDK, or a Software Development Kit, is a software component that allows us to serve ads in a mobile app, and to collect information directly from the end users of such app.
Indirectly – through other ad networks with which we engage in order to serve you with ads, or by receiving information from our advertisers.
We collect information as described in this privacy policy for ironSource Mobile’s own purposes, as a data controller under data protection law where relevant, except as otherwise indicated herein.
and:
Information We Collect
Information collected directly from you through our SDK, and information provided to us by a third party ad network (“Ad Network Information”) –
Identifiers: Your Advertising ID, an additional unique identifier of available solely from within the app of the app developer which cannot be used to identify you on other apps, IP address, information about your browser settings. The term Advertising ID refers to the Google Advertising ID on Android devices, and ID For Advertising (“IDFA”) or ID For Vendor (“IDFV”) on iOS devices. The Advertising ID is a resettable persistent identifier generated by Android or iOS that allows online advertising companies to recognize your device across non-affiliated apps, for purposes such as frequency capping, attribution, fraud detection, personalized advertising, and whitelisting. You can find additional information about how to limit our use of your Advertising ID under “How to Control Your Information”.
General technical information about your device: The ironSource Mobile SDK version, your time zone, the amount of free memory on your device, the name and version of the app to which the ad is served, battery status (on Android devices only), limit ad tracking status, operating system name and version, timestamp, the name of the manufacturer of the device, the language of the operating system, the name of the mobile carrier, internet connection type (e.g. WiFi).
Interaction with our ads: An indication if you viewed or clicked on an ad.
Information received (through our SDK) from app developers that are integrated with our mediation platform (“Mediation Information”) – your age, gender, in-app purchases, advance in the game, and such other information provided by the app developer.
Information received from advertisers (through the advertiser itself or through a third party in behalf of such advertiser) (“Advertiser Information”) –
Identifiers: Your advertising ID, IP address, a unique identifier of your device available solely with respect to the advertiser, information about your browser settings.
Campaign information: an indication that you installed the advertiser’s app following a click on or a view of an ad served by us or otherwise; information about actions you performed within an advertiser’s app following such an install, such as in-app purchases, level in the game, and the number of times you opened the app; and other information that the advertiser decides to share with us.
The only edit I have made is to put in bold the information collected so it is easily visible. If I understand this right, I'm not and IT expert or coder, Ironsource's SDK is running when STT is running and is collecting information regardless of interaction with the offerwall or not.
With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
It's quiet. So quiet that you could hear a pitchfork drop.
Come on...provoking other players? Neither the data harvesting claims nor the refutation have been substantiated. And while we're all inclined to trust the 'official word', it's one of several issues with the Offer Wall.
In the meantime, I've had another person approach me and confirm that 'multi-tapping' the mailbox to receive duplicate rewards does indeed work. With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
You're right, of course. But it was just super odd that the first hour passed with no comments. I'm waiting on the rest to be addressed, but it was pretty funny for such a controversial thread to go an hour without a post after a statement was finally issued. But the big issue was answered for me. I can wait on the rest.
Thanks, @Yamian . That list seems pretty much in-line with what I'm seeing; a few slight differences, possibly due to Android vs. iOS SDK versions.
It'll also be nice if someone can downgrade their apk version on Android to see if some of these were added with the new version, or if these servers were always pinged but we just didn't notice until now.
It looks like I cannot downgrade, I suppose I could delete the app and download the older version from a more-or-less suspicious source...
I went through the log and checked June 1st 2020, which should be queries done by the old version of the game. I have a time in the morning around which I usually check the game so I used that as a reference. During about 5 minutes of playing the game, I could find only adcolony.com (which you already mentioned in your findings) as a difference from current state.
I did another test - started the game, waited for a time reference and clicked the "Free Dilithium" button and scrolled through the offers (didn't click any of them). Again, I spent 1 minute browsing the offers and then closing the game.
It seems that only crashlytics.com (which you mentioned earlier) is the new one on the list for me.
I have not clicked on any of the offers during this test. I expect that doing so would result in the device contacting various other locations.
Conclusion:
There seem to be no change regarding the game queries between the version from June 1st 2020 and yesterday (June 25 2020). Also clicking the "Free Dilithium" button does not seem have an effect on the queries.
That being said, this sample size is very small, less than 10 minutes of the game running.
I also have no idea what data are being exchanged among the game/phone and the other involved parties. It's also possible that the data is stored on the phone and then shared in bulk later. It could also be possible that any of the parties mentioned above shares the data with the new party(ies) that provide the offers.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Considering the overwhelming response from players on this forum about what exactly the “offer wall” means for data privacy concerns, with the apparent lack of an official response from TP/WR after two days of heated discussion, I am growing closer to concluding that our questions and concerns are not going to be answered anytime soon.
To me, at least so far, it looks like the approach from WR/TP is to simply ignore the problem and hope it just goes away.
If there is no official response before COB today, I will feel more confident in my assumption that the devs are not paying attention to the things that matter to the players.
It's telling when the intermediary between us players and TP can take the time to post a snarky comment about the title of another thread you started, whilst simultaneously coming back with no response from TP on the privacy and legitimacy issues raised, well into day -two- of these alarming concerns, with the weekend fast approaching.
Personally I think TP is making a huge mistake if they don't address this issue before the end of the business day. If this issue gets ignored into the weekend (and possibly beyond), the damage TP has done to its own reputation amongst its playerbase will be irreparable. The number of people who continue to walk away from the game will continue to grow. I guess it only concerns the corporate types when it hits them in the wallet, and hit them in the wallet it will. I was expecting at least a half-hearted rambling response from TP full of corporate-speak rhetoric that used a lot of corporate buzz-words while not addressing the actual concerns raised by players. But we haven't even gotten that. Not even a corporate form-response along the lines of "we hear your concerns, yadda yadda, terms of service, yadda yadda, investigating diligently, yadda yadda, nothing is more important to us than our customers, yadda yadda, privacy is of paramount importance at TP, etc. etc. " But they couldn't even be bothered to do that. This is not boding well for TP. They were given the keys to the castle, and have now sprayed graffiti all over the walls in an effort to conceal the spy-peep-holes they made for their friends. And when asked about said graffiti, they just ignore you.
Why was Vicki not expelled from Greendale after she literally stabbed Pierce in the face with a pencil?!?!?
The only edit I have made is to put in bold the information collected so it is easily visible. If I understand this right, I'm not and IT expert or coder, Ironsource's SDK is running when STT is running and is collecting information regardless of interaction with the offerwall or not.
I am most likely entirely wrong with this, but it looks like most of the info is stuff that's:
1. To determine what ads to show you
2. To associate ads with you - i.e. you go for an offer, they keep track of that and maybe use that later. Go for lots of surveys, they give you lots of surveys, that kind of thing.
3. To determine what kind of ads (or games/downloads) your device can handle, so they don't advertise something your phone could never hope to handle.
4. To verify that you clicked offer from STT - and what STT account you're on - so they can give you rewards if you earned any.
5. Anything TP directly shares with them, which if that's a concern, well, that horse is out of the barn already, offer wall or no.
Everything else is relatively easy to get from either an associated ad profile (what I'm assuming the "Advertising ID" they get is for) or just from your phone.
But, there's nothing in that list that indicates they're running when STT isn't, and it's all relatively basic information that doesn't change very often, so there wouldn't be much point to running in the background on it's own. I think I've seen people talk about excess data usage or something - that could be malicious, or it could be this thing downloading stuff to cache for faster access later, or updating some kind of ad list or something.
Based entirely on this information, it doesn't look like there's anything overtly malicious to me. I'm still not fond of the idea, but that's in general and has nothing to do with whether the company behind it is legit or not.
Directly – from your device through our SDK integrated by app developers in their apps. SDK, or a Software Development Kit, is a software component that allows us to serve ads in a mobile app, and to collect information directly from the end users of such app.
Indirectly – through other ad networks with which we engage in order to serve you with ads, or by receiving information from our advertisers.
We collect information as described in this privacy policy for ironSource Mobile’s own purposes, as a data controller under data protection law where relevant, except as otherwise indicated herein.
and:
Information We Collect
Information collected directly from you through our SDK, and information provided to us by a third party ad network (“Ad Network Information”) –
Identifiers: Your Advertising ID, an additional unique identifier of available solely from within the app of the app developer which cannot be used to identify you on other apps, IP address, information about your browser settings. The term Advertising ID refers to the Google Advertising ID on Android devices, and ID For Advertising (“IDFA”) or ID For Vendor (“IDFV”) on iOS devices. The Advertising ID is a resettable persistent identifier generated by Android or iOS that allows online advertising companies to recognize your device across non-affiliated apps, for purposes such as frequency capping, attribution, fraud detection, personalized advertising, and whitelisting. You can find additional information about how to limit our use of your Advertising ID under “How to Control Your Information”.
General technical information about your device: The ironSource Mobile SDK version, your time zone, the amount of free memory on your device, the name and version of the app to which the ad is served, battery status (on Android devices only), limit ad tracking status, operating system name and version, timestamp, the name of the manufacturer of the device, the language of the operating system, the name of the mobile carrier, internet connection type (e.g. WiFi).
Interaction with our ads: An indication if you viewed or clicked on an ad.
Information received (through our SDK) from app developers that are integrated with our mediation platform (“Mediation Information”) – your age, gender, in-app purchases, advance in the game, and such other information provided by the app developer.
Information received from advertisers (through the advertiser itself or through a third party in behalf of such advertiser) (“Advertiser Information”) –
Identifiers: Your advertising ID, IP address, a unique identifier of your device available solely with respect to the advertiser, information about your browser settings.
Campaign information: an indication that you installed the advertiser’s app following a click on or a view of an ad served by us or otherwise; information about actions you performed within an advertiser’s app following such an install, such as in-app purchases, level in the game, and the number of times you opened the app; and other information that the advertiser decides to share with us.
The only edit I have made is to put in bold the information collected so it is easily visible. If I understand this right, I'm not and IT expert or coder, Ironsource's SDK is running when STT is running and is collecting information regardless of interaction with the offerwall or not.
A sufficient volume of “anonymized” data can be made no longer anonymous. Collection of our data is unacceptable as a result.
Ok that was strange. For few hours it was not available anymore on my phone but now seems to be back. My big issue after all the privacy concerns is that i get offers only to spend money in other games to get some "free dilithium".
I won't post the response as I think it might be against the rules but support have informed me that they still follow GDPR.
However the understanding of GDPR that is then laid out in the email is totally incorrect (it claims not to hold some data... while displaying that same data within the ticket) and they did not actually complete my request.
I am following up.
Morning.
I have now been passed up to a "Player Support Lead"
Who nice and politely has placed me in a holding pattern and will get back to me. I'll update as and when. It does appear that there is not an existing method for support to respond to GDPR tickets (or maybe the two agents I've spoken to are unaware) which is a bit of a red flag in itself.
With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
But if everyone knows how to exploit it then it's not an exploit anymore and since TP will lose their money they will fix that as soon as possible.
With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
But if everyone knows how to exploit it then it's not an exploit anymore and since TP will lose their money they will fix that as soon as possible.
Well, it is still an "exploit". Not every player has the glitch. It's kind of like TP adding a new feature during an Event that directly advantages only players on certain platforms......
Why was Vicki not expelled from Greendale after she literally stabbed Pierce in the face with a pencil?!?!?
With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
But if everyone knows how to exploit it then it's not an exploit anymore and since TP will lose their money they will fix that as soon as possible.
Well, it is still an "exploit". Not every player has the glitch. It's kind of like TP adding a new feature during an Event that directly advantages only players on certain platforms......
I’ve asked for some concrete proof from anyone of this alleged cheating and received no reply. It’s bs and middle school to make accusations and not support them with proof.
With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
But if everyone knows how to exploit it then it's not an exploit anymore and since TP will lose their money they will fix that as soon as possible.
Well, it is still an "exploit". Not every player has the glitch. It's kind of like TP adding a new feature during an Event that directly advantages only players on certain platforms......
I’ve asked for some concrete proof from anyone of this alleged cheating and received no reply. It’s bs and middle school to make accusations and not support them with proof.
Okay. Either in this thread of one of the others, multiple people have confirmed it. Even reporting there we YouTube videos showing it.
Have a nice day.
Why was Vicki not expelled from Greendale after she literally stabbed Pierce in the face with a pencil?!?!?
I will update this thread once the feature goes live.
Hi Shan,
This is going to be a LONG post but I hope that you or someone in your team reads it through.
There are plenty others from other countries that can tell you what they see, I can only tell you what I see here in Sweden regarding the Offer Wall and warn you, because I do not legitimately believe that either DB or Tilting Point wants to scam us players but that is what you're doing through the third parties.
The offers that are available from whoever it is that Tilting Point is collaborating with here in Sweden are legit scammers and have been reported before to the police. There is even one "offer" from a company that have gone out with a warning to say that they do not have this competition nor will they ever have one like it and if we see it they are in no way affiliated with it. This is not ok, and I have alerted the company of this use of their name.
What's on display here on the Offer Wall can be divided into two categories:
- Surveys: Both of them forces you to give up your email, phone number, personal security number, date of birth, full name and the full adress that is registered to that name through our version of IRS. You cannot complete a survey and gain the dilithium without providing this information. Nor can you receive the reward without agreeing to have your data and cookies monitored so that they may contact you at any time with follow up surveys and PR campaigns, through both email, texts and post. And you also agree that your information can be used by third parties for whatever purpose. Saying no to all of this automatically cancels your ability to receive the reward.
- Providing phone numbers: It is under this category that the previously mentioned known scam is from. But generally speaking on the surface it looks like you can simply enter your number and get dilithium for your trouble. However reading the often hidden fine print lets you know that by entering your number you are agreeing to a cost of 50kr + 50kr a week for 50 weeks without being able to cancel the payments. That's 2550kr, or $273. I am not gonna take that risk, but similar scams also store your number so that you may be contacted by sellers, regardless of whether you have "nixed" your number or not. It has also been known that this is a way for scammers to access your bank account by waiting until you use your number to send money to a friend/company.
In Europe we are big on the GDPR, and I have not seen an offer on the Offer Wall that respects a user's privacy or data. They all force you to give out vulnerable information, sometimes without you knowing. It would be a pity to have Star Trek Timelines banned from the App Store after so many years of playing for something that you can control and proactively prevent.
I confess I'm at a total loss to understand why TP has not at least suspended the functioning of the Offer Wall feature while it assesses user concerns and possible issues of data security.
Comments
It'll be a long weekend and I will feel sorry for Shan on Monday if we don't get that answer. In fact, if I were Shan, I would call in sick on Monday.
It's telling when the intermediary between us players and TP can take the time to post a snarky comment about the title of another thread you started, whilst simultaneously coming back with no response from TP on the privacy and legitimacy issues raised, well into day -two- of these alarming concerns, with the weekend fast approaching.
Personally I think TP is making a huge mistake if they don't address this issue before the end of the business day. If this issue gets ignored into the weekend (and possibly beyond), the damage TP has done to its own reputation amongst its playerbase will be irreparable. The number of people who continue to walk away from the game will continue to grow. I guess it only concerns the corporate types when it hits them in the wallet, and hit them in the wallet it will. I was expecting at least a half-hearted rambling response from TP full of corporate-speak rhetoric that used a lot of corporate buzz-words while not addressing the actual concerns raised by players. But we haven't even gotten that. Not even a corporate form-response along the lines of "we hear your concerns, yadda yadda, terms of service, yadda yadda, investigating diligently, yadda yadda, nothing is more important to us than our customers, yadda yadda, privacy is of paramount importance at TP, etc. etc. " But they couldn't even be bothered to do that. This is not boding well for TP. They were given the keys to the castle, and have now sprayed graffiti all over the walls in an effort to conceal the spy-peep-holes they made for their friends. And when asked about said graffiti, they just ignore you.
Shan has been responding more to this and later last night than I've seen her respond. They are clearly looking into this, but this is likely going to their legal department/outside council. You can't expect an immediate turnaround when the response involves lawyers looking into contracts and being sure they didn't violate any laws. The first thing the lawyers will say is don't say anything until they review everything. A wrong comment now can further their liability.
So, its apparently a player’s responsibility to go to bat for a company? Apparently too much to ask for an official response that says what you took the time to type up?
Here is the update I can make at this time.
We understand your concerns and we are continuing to work closely with our Privacy Team to provide you with an overview that will address those concerns.
What I can tell you so far is that, regarding consent for ads/Offer Wall, we’ve always erred on the side of caution. This means that our game considers that consent is not given, and that no personal information is being shared.
There will be more details added in the overview that we will provide next week.
Again, thank you for your patience.
I hate to be "that guy", but does this mean that IronSource is also not allowed to collect our user data in the game? I don't know if there is a difference between TP not sharing and IronSource not being allowed to collect.
Yes, that is what it means.
Thank you for the response, I think it will help to ease people’s concerns for the time being.
Indeed, it certainly does mine.
Come on...provoking other players? Neither the data harvesting claims nor the refutation have been substantiated. And while we're all inclined to trust the 'official word', it's one of several issues with the Offer Wall.
In the meantime, I've had another person approach me and confirm that 'multi-tapping' the mailbox to receive duplicate rewards does indeed work. With many thousands of dilithium on the line with these offers, that has insane potential to be abused. That is my primary concern at the moment and I hope that next week's overview will address that, or soon thereafter.
We collect information in either of 2 ways:
Directly – from your device through our SDK integrated by app developers in their apps. SDK, or a Software Development Kit, is a software component that allows us to serve ads in a mobile app, and to collect information directly from the end users of such app.
Indirectly – through other ad networks with which we engage in order to serve you with ads, or by receiving information from our advertisers.
We collect information as described in this privacy policy for ironSource Mobile’s own purposes, as a data controller under data protection law where relevant, except as otherwise indicated herein.
and:
Information We Collect
Information collected directly from you through our SDK, and information provided to us by a third party ad network (“Ad Network Information”) –
Identifiers: Your Advertising ID, an additional unique identifier of available solely from within the app of the app developer which cannot be used to identify you on other apps, IP address, information about your browser settings. The term Advertising ID refers to the Google Advertising ID on Android devices, and ID For Advertising (“IDFA”) or ID For Vendor (“IDFV”) on iOS devices. The Advertising ID is a resettable persistent identifier generated by Android or iOS that allows online advertising companies to recognize your device across non-affiliated apps, for purposes such as frequency capping, attribution, fraud detection, personalized advertising, and whitelisting. You can find additional information about how to limit our use of your Advertising ID under “How to Control Your Information”.
General technical information about your device: The ironSource Mobile SDK version, your time zone, the amount of free memory on your device, the name and version of the app to which the ad is served, battery status (on Android devices only), limit ad tracking status, operating system name and version, timestamp, the name of the manufacturer of the device, the language of the operating system, the name of the mobile carrier, internet connection type (e.g. WiFi).
Interaction with our ads: An indication if you viewed or clicked on an ad.
Information received (through our SDK) from app developers that are integrated with our mediation platform (“Mediation Information”) – your age, gender, in-app purchases, advance in the game, and such other information provided by the app developer.
Information received from advertisers (through the advertiser itself or through a third party in behalf of such advertiser) (“Advertiser Information”) –
Identifiers: Your advertising ID, IP address, a unique identifier of your device available solely with respect to the advertiser, information about your browser settings.
Campaign information: an indication that you installed the advertiser’s app following a click on or a view of an ad served by us or otherwise; information about actions you performed within an advertiser’s app following such an install, such as in-app purchases, level in the game, and the number of times you opened the app; and other information that the advertiser decides to share with us.
The only edit I have made is to put in bold the information collected so it is easily visible. If I understand this right, I'm not and IT expert or coder, Ironsource's SDK is running when STT is running and is collecting information regardless of interaction with the offerwall or not.
That's the only reason I went public with it on this forum. Sad that one must resort to such measures in order to get the attention the issue needs.
That's also an invitation for people to stop contacting me asking how to do it. If you've interacted with me for 5 minutes in the past, you should know that I'm not going to tell you. The point is to *end* the exploit, not more widely share it.
Proud Former Officer of The Gluten Empire
Retired 12-14-20. So long, and thanks for all the cat pics!
You're right, of course. But it was just super odd that the first hour passed with no comments. I'm waiting on the rest to be addressed, but it was pretty funny for such a controversial thread to go an hour without a post after a statement was finally issued. But the big issue was answered for me. I can wait on the rest.
This is awesome. Thanks
I am most likely entirely wrong with this, but it looks like most of the info is stuff that's:
1. To determine what ads to show you
2. To associate ads with you - i.e. you go for an offer, they keep track of that and maybe use that later. Go for lots of surveys, they give you lots of surveys, that kind of thing.
3. To determine what kind of ads (or games/downloads) your device can handle, so they don't advertise something your phone could never hope to handle.
4. To verify that you clicked offer from STT - and what STT account you're on - so they can give you rewards if you earned any.
5. Anything TP directly shares with them, which if that's a concern, well, that horse is out of the barn already, offer wall or no.
Everything else is relatively easy to get from either an associated ad profile (what I'm assuming the "Advertising ID" they get is for) or just from your phone.
But, there's nothing in that list that indicates they're running when STT isn't, and it's all relatively basic information that doesn't change very often, so there wouldn't be much point to running in the background on it's own. I think I've seen people talk about excess data usage or something - that could be malicious, or it could be this thing downloading stuff to cache for faster access later, or updating some kind of ad list or something.
Based entirely on this information, it doesn't look like there's anything overtly malicious to me. I'm still not fond of the idea, but that's in general and has nothing to do with whether the company behind it is legit or not.
A sufficient volume of “anonymized” data can be made no longer anonymous. Collection of our data is unacceptable as a result.
http://news.mit.edu/2018/privacy-risks-mobility-data-1207
Morning.
I have now been passed up to a "Player Support Lead"
Who nice and politely has placed me in a holding pattern and will get back to me. I'll update as and when. It does appear that there is not an existing method for support to respond to GDPR tickets (or maybe the two agents I've spoken to are unaware) which is a bit of a red flag in itself.
But if everyone knows how to exploit it then it's not an exploit anymore and since TP will lose their money they will fix that as soon as possible.
Well, it is still an "exploit". Not every player has the glitch. It's kind of like TP adding a new feature during an Event that directly advantages only players on certain platforms......
I’ve asked for some concrete proof from anyone of this alleged cheating and received no reply. It’s bs and middle school to make accusations and not support them with proof.
Okay. Either in this thread of one of the others, multiple people have confirmed it. Even reporting there we YouTube videos showing it.
Have a nice day.
Hi Shan,
This is going to be a LONG post but I hope that you or someone in your team reads it through.
There are plenty others from other countries that can tell you what they see, I can only tell you what I see here in Sweden regarding the Offer Wall and warn you, because I do not legitimately believe that either DB or Tilting Point wants to scam us players but that is what you're doing through the third parties.
The offers that are available from whoever it is that Tilting Point is collaborating with here in Sweden are legit scammers and have been reported before to the police. There is even one "offer" from a company that have gone out with a warning to say that they do not have this competition nor will they ever have one like it and if we see it they are in no way affiliated with it. This is not ok, and I have alerted the company of this use of their name.
What's on display here on the Offer Wall can be divided into two categories:
- Surveys: Both of them forces you to give up your email, phone number, personal security number, date of birth, full name and the full adress that is registered to that name through our version of IRS. You cannot complete a survey and gain the dilithium without providing this information. Nor can you receive the reward without agreeing to have your data and cookies monitored so that they may contact you at any time with follow up surveys and PR campaigns, through both email, texts and post. And you also agree that your information can be used by third parties for whatever purpose. Saying no to all of this automatically cancels your ability to receive the reward.
- Providing phone numbers: It is under this category that the previously mentioned known scam is from. But generally speaking on the surface it looks like you can simply enter your number and get dilithium for your trouble. However reading the often hidden fine print lets you know that by entering your number you are agreeing to a cost of 50kr + 50kr a week for 50 weeks without being able to cancel the payments. That's 2550kr, or $273. I am not gonna take that risk, but similar scams also store your number so that you may be contacted by sellers, regardless of whether you have "nixed" your number or not. It has also been known that this is a way for scammers to access your bank account by waiting until you use your number to send money to a friend/company.
In Europe we are big on the GDPR, and I have not seen an offer on the Offer Wall that respects a user's privacy or data. They all force you to give out vulnerable information, sometimes without you knowing. It would be a pity to have Star Trek Timelines banned from the App Store after so many years of playing for something that you can control and proactively prevent.