Here are some of the domains that the game tries to connect to when starting up. Again, I don't know for a fact if this is a recent change or not; I can't downgrade the game version on iOS to do a side-by-side, but if someone is using Android and an ad blocker we'd all appreciate a comparison to see what was there before and if something was added recently. I don't know what information would be sent to these addresses, I'm only looking at DNS queries / connection attempts (you'd need a MITM proxy to look at the actual data being sent if someone has the time to dig into that).
So again, the scenario is just starting the application, not interacting with the "free dilithium" button at all: supersonicads.com , adcolony.com , applovin.com , swrve.com , hyprmx.com , app-measurement.com , appsflyer.com , unityads.unity3d.com, applvn.com , adtilt.com , doubleclick.net , ssacdn.com , crashlytics.com.
Some of these are not entirely shady (for example crashlytics.com can also be used for ethical / anonymized telemetry which can help the developers improve the game), most are.
It's optional free dilithium from a button that wasn't there before. If whatever revenue stream helps TP offer continued improvements to existing features and development of new ones for Timelines I'm happy.
Even if it is illegally collecting data behind your back, even if you do not click the button?!?!?
"The truth is like a lion; you don't have to defend it. Let it loose; it will defend itself."
What’s almost as disconcerting about this as the privacy issues, is the fact that TP/WRG seems to have no idea who their audience is.
I am much more active on the STT Discord than here. I can tell you we have several software engineers, IT guys, customer service reps, more lawyers than you would be comfortable with in a normal room, teachers, scientists, & that’s just off the top of my head. All of this tells you the STT community is older and more educated. Most (not all) have careers and families. We aren’t teenagers (for the most part) who are going to see an offer wall and say, “Yay! Free stuff!” Even the F2P community. I have an alt in VIP0 and we all have put on our tinfoil hats & enabled as many privacy settings as we can with this offer wall.
All of this tells me that TP/WRG has no idea who plays their game, or doesn’t care.
Right now at feel like I am running a piece of malware when I play the game.
Shan, here are main questions that need to be addressed:
1. Does Ironsource collect data even if this "feature" is not used, yes or no?
2. Is this consistant with the ToS and/or all relevent laws in each affected country?
3. What measures are used to prevent bad actors amoung the third parties?
4. How do we know that Ironsource is not a bad actor?
...something is seriously wrong here.
Keep in mind, Shan passes on information to us, and to the company. Her not being privy to the answers to those questions does not automatically mean the company does not know.
"The truth is like a lion; you don't have to defend it. Let it loose; it will defend itself."
Shan, here are main questions that need to be addressed:
1. Does Ironsource collect data even if this "feature" is not used, yes or no?
2. Is this consistant with the ToS and/or all relevent laws in each affected country?
3. What measures are used to prevent bad actors amoung the third parties?
4. How do we know that Ironsource is not a bad actor?
...something is seriously wrong here.
Keep in mind, Shan passes on information to us, and to the company. Her not being privy to the answers to those questions does not automatically mean the company does not know.
I don’t expect Shan to know the answer to every question off the top of her head. But if she can’t get a straight “no” to question #1 and a straight “yes” to question #2 from somebody at TP by the end of business today, then yes, I think something is seriously wrong with this scenario.
Shan, here are main questions that need to be addressed:
1. Does Ironsource collect data even if this "feature" is not used, yes or no?
2. Is this consistant with the ToS and/or all relevent laws in each affected country?
3. What measures are used to prevent bad actors amoung the third parties?
4. How do we know that Ironsource is not a bad actor?
...something is seriously wrong here.
Keep in mind, Shan passes on information to us, and to the company. Her not being privy to the answers to those questions does not automatically mean the company does not know.
I don’t expect Shan to know the answer to every question off the top of her head. But if she can’t get a straight “no” to question #1 and a straight “yes” to question #2 from somebody at TP by the end of business today, then yes, I think something is seriously wrong with this scenario.
Knowing most players don't frequent the forums, I expect and would appreciate a formal statement to be delivered by TP to all players - likely via in-game mail - to answer questions and provide assurances about player privacy.
I am not an expert on such matters but I would assume that the TOS allows STT to share data with whatever third parties it chooses to do business with. Maybe I am wrong but I don't think they need to give us the option of which ones we want to choose.
And may be wrong yet again, but TA7's list, to me, looks like the parties that are responsible for serving ad-warp ads.
...So again, the scenario is just starting the application, not interacting with the "free dilithium" button at all: supersonicads.com , adcolony.com , applovin.com , swrve.com , hyprmx.com , app-measurement.com , appsflyer.com , unityads.unity3d.com, applvn.com , adtilt.com , doubleclick.net , ssacdn.com , crashlytics.com.
Some of these are not entirely shady (for example crashlytics.com can also be used for ethical / anonymized telemetry which can help the developers improve the game), most are.
My own experience:
I run Disconnect Pro on my Android and did a test adwarp and then took a look at what Disconnect blocked, and I only saw adcolony.com and crashlytics.com as the domains that had trackers blocked (several times each) during the adwarp.
None of the other domains you list showed up for my adwarp, but I'm not sure if Disconnect is catching everything either.
When I went to the adwall, the offers wouldn't load (thank you, Disconnect), and I had several more domains show up in Disconnect's blocked list: applovin.com, supersonicads.com, appsflyer.com, admarvel.com, and doubleclick.net, so a lot more trackers come into play when you even try to view the offer wall; however, still many domains you listed aren't showing up for me.
I did notice that a lot of apps on my phone that aren't even running in the background are constantly hitting trackers. Looks like I'm going to have to rethink keeping those installed.
"I was thinking of the immortal words of Socrates, who said, 'I drank what?!'" - Chris Knight
Moderator of r/startrektimelines Fleet - Inner Planets Alliance Fleet of Pubs Captain Level - 99 Player since - May 2016
Here are some of the domains that the game tries to connect to when starting up. Again, I don't know for a fact if this is a recent change or not; I can't downgrade the game version on iOS to do a side-by-side, but if someone is using Android and an ad blocker we'd all appreciate a comparison to see what was there before and if something was added recently. I don't know what information would be sent to these addresses, I'm only looking at DNS queries / connection attempts (you'd need a MITM proxy to look at the actual data being sent if someone has the time to dig into that).
So again, the scenario is just starting the application, not interacting with the "free dilithium" button at all: supersonicads.com , adcolony.com , applovin.com , swrve.com , hyprmx.com , app-measurement.com , appsflyer.com , unityads.unity3d.com, applvn.com , adtilt.com , doubleclick.net , ssacdn.com , crashlytics.com.
Some of these are not entirely shady (for example crashlytics.com can also be used for ethical / anonymized telemetry which can help the developers improve the game), most are.
Android, game version 7.5.3:
Closed all apps (no force stop, just closed), locked phone, waited about a minute (for the seconds to hit 00 so I could get a time reference), unlocked the phone, started the game, went through the loading process and waited couple of seconds in game (no interaction) to get the total time to 1 minute since unlocking my phone (for reference).
The queried domains from PiHole (all during the one minute described above), in reverse order (= game started at the bottom):
Thanks, @Yamian . That list seems pretty much in-line with what I'm seeing; a few slight differences, possibly due to Android vs. iOS SDK versions.
It'll also be nice if someone can downgrade their apk version on Android to see if some of these were added with the new version, or if these servers were always pinged but we just didn't notice until now.
I enter again in Yuno Survey (the site I was redirected from the Offer Wall), when I've to do the pre-survey to complete my "profile", and I see that I can access to my data, and they had this.
I gave a (fake) response in the questions about the gender, birth year and education level, but I don't give to them my IP. They have an option to ask them to delete the data that they have about me. I've to send them an email with a code asking them to delete the data. They have another option to revoke my consent to use my data, and I clicked on that. I send the mail too (from an old email that I barely use), and they delete my data.
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
For a demonstration of the spam generated by just one survey attempt, I provide this picture of my dump email inbox:
Every second the Offer Wall exists irrevocably loses the trust of, and revenue from, the player community. Don’t take too long to formulate a response.
Did you provide that email at any point during the survey? Or did they get it another way?
This was the decoy email address I used for the surveys and other places where I am unsure of the safety of my data. If I start seeing spam in my main account I am going to flip [self-censored naughty word again], and it will be biblical.
So wait, ironSource can collect data from us through STT, whether we actually participate in the Offerwall or not? Did I actually understand that correctly?
That certainly seems to be the case. They're harvesting our data without our consent, which is illegal for a lot of users (anyone in the EU or the UK for starters) and highly unethical for everyone else.
I’ll wait a little bit for an official response before I delete the app and consider my experience with TP done. But I won’t wait long. I’ve passed this info onto the other (~200) members of the {DD} fleet family as well so they can make their own decisions about whether they want to continue their participation with TP beyond this too. I don’t know what else to say. Unbelievable.
I have passed a similar warning to my fleet. I’d implore everyone here to do the same, even if they are personally comfortable with the enhanced level of danger with regards to identity theft and predatory advertising, because the message needs to reach as many people as possible.
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
GPDR violations carry serious penalties. If DB/TP screwed up with their transaction or if they did not properly vet the company making these offers, they're in trouble.
That being said, this company is used by multiple other apps that are available in Europe. And they have localized offers for European players, so I would guess they're compliant despite being as sketchy as they look. What the individual offers do is a different story, but the players accept a privacy policy when they do those surveys or download the games.
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
SAVE BANDIT!
Also @DScottHewitt, I don't want to tell you how to do your job, but today is the 11th anniversary of Michael Jackson's death and he had an album called 'Off the Wall'.
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
SAVE SPRINKLES!
Also @DScottHewitt, I don't want to tell you how to do your job, but today is the 11th anniversary of Michael Jackson's death and he had an album called 'Off the Wall'.
On it!!!!!
"The truth is like a lion; you don't have to defend it. Let it loose; it will defend itself."
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
RYAN STARTED THE FIRE! IT’S ALWAYS BEEN BURNING SINCE THE WORLD’S BEEN TURNING! RYAN STARTED THE FIRE!!!
Update: I do not have more information at this time but I can confirm that we are working with our privacy team to address the concerns you have brought up.
Thank you for your patience.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
SAVE BANDIT!
Also @DScottHewitt, I don't want to tell you how to do your job, but today is the 11th anniversary of Michael Jackson's death and he had an album called 'Off the Wall'.
... but back on point, I have had several hours now to consider this topic and read my fellow players’ opinions. This app upgrade is very, very concerning to me. I am deleting STT from my iPhone. Goodbye, ad-warps, but you aren’t worth the cost. ☮️
P.S.: Get your ... stuff together, TP, or you lose this 3+ years, VIP 14+ player. Want to maximize LTV? Listen to the people here. We do give a damn. More than you seem to think.
"In the short run, the game defines the players. But in the long run, it's us players who define the game." — Nicky Case, The Evolution of Trust
Comments
If you guys don’t already know the answer to these first two questions...
...something is seriously wrong here.
So again, the scenario is just starting the application, not interacting with the "free dilithium" button at all: supersonicads.com , adcolony.com , applovin.com , swrve.com , hyprmx.com , app-measurement.com , appsflyer.com , unityads.unity3d.com, applvn.com , adtilt.com , doubleclick.net , ssacdn.com , crashlytics.com.
Some of these are not entirely shady (for example crashlytics.com can also be used for ethical / anonymized telemetry which can help the developers improve the game), most are.
Even if it is illegally collecting data behind your back, even if you do not click the button?!?!?
Thank you!
You have an event running and a growing crowd of players who don't trust the ap to run on their phone. I would think that would motivate the brass.
Almost all the “surveys” are misleading and end up asking for way to much personal information.
I am much more active on the STT Discord than here. I can tell you we have several software engineers, IT guys, customer service reps, more lawyers than you would be comfortable with in a normal room, teachers, scientists, & that’s just off the top of my head. All of this tells you the STT community is older and more educated. Most (not all) have careers and families. We aren’t teenagers (for the most part) who are going to see an offer wall and say, “Yay! Free stuff!” Even the F2P community. I have an alt in VIP0 and we all have put on our tinfoil hats & enabled as many privacy settings as we can with this offer wall.
All of this tells me that TP/WRG has no idea who plays their game, or doesn’t care.
Right now at feel like I am running a piece of malware when I play the game.
Keep in mind, Shan passes on information to us, and to the company. Her not being privy to the answers to those questions does not automatically mean the company does not know.
I don’t expect Shan to know the answer to every question off the top of her head. But if she can’t get a straight “no” to question #1 and a straight “yes” to question #2 from somebody at TP by the end of business today, then yes, I think something is seriously wrong with this scenario.
Knowing most players don't frequent the forums, I expect and would appreciate a formal statement to be delivered by TP to all players - likely via in-game mail - to answer questions and provide assurances about player privacy.
But I agree it shouldn’t be up to us to do this.
And may be wrong yet again, but TA7's list, to me, looks like the parties that are responsible for serving ad-warp ads.
My own experience:
I run Disconnect Pro on my Android and did a test adwarp and then took a look at what Disconnect blocked, and I only saw adcolony.com and crashlytics.com as the domains that had trackers blocked (several times each) during the adwarp.
None of the other domains you list showed up for my adwarp, but I'm not sure if Disconnect is catching everything either.
When I went to the adwall, the offers wouldn't load (thank you, Disconnect), and I had several more domains show up in Disconnect's blocked list: applovin.com, supersonicads.com, appsflyer.com, admarvel.com, and doubleclick.net, so a lot more trackers come into play when you even try to view the offer wall; however, still many domains you listed aren't showing up for me.
I did notice that a lot of apps on my phone that aren't even running in the background are constantly hitting trackers. Looks like I'm going to have to rethink keeping those installed.
Moderator of r/startrektimelines
Fleet - Inner Planets Alliance Fleet of Pubs
Captain Level - 99
Player since - May 2016
Normal ticket, yes.
Android, game version 7.5.3:
Closed all apps (no force stop, just closed), locked phone, waited about a minute (for the seconds to hit 00 so I could get a time reference), unlocked the phone, started the game, went through the loading process and waited couple of seconds in game (no interaction) to get the total time to 1 minute since unlocking my phone (for reference).
The queried domains from PiHole (all during the one minute described above), in reverse order (= game started at the bottom):
[phone lock]
hyprmx.com
doubleclick.net
supersonicads.com
applvn.com
applovin.com
unityads.unity3d.com
appsflyer.com
content.swrve.com
facebook.com
pndsn.com
ssacdn.com
disruptorbeam.com
cloud.unity3d.com
api.swrve.com
cloudfront.net
google.com
s3.amazonaws.com
amazonaws.com
uca.cloud.unity3d.com
googleapis.com
[phone unlock, game started]
Some of them might be related to other traffic generated by Google/Android/background apps.
It's too late for me to do more digging.
Trying is the first step towards failure.
It'll also be nice if someone can downgrade their apk version on Android to see if some of these were added with the new version, or if these servers were always pinged but we just didn't notice until now.
I gave a (fake) response in the questions about the gender, birth year and education level, but I don't give to them my IP. They have an option to ask them to delete the data that they have about me. I've to send them an email with a code asking them to delete the data. They have another option to revoke my consent to use my data, and I clicked on that. I send the mail too (from an old email that I barely use), and they delete my data.
Thank you!
I don't know if you can speak to this but if you can, that would be great
So Disruptor Beam is listed as being a participant in Privacy Shield
https://www.privacyshield.gov/participant?id=a2zt0000000TOPeAAO&status=Active
Tilting Point is not (that I can find) https://www.privacyshield.gov/privacyshield_search#/search?q=Tilting Point&_k=t8m2ag
So has my data which was covered under GDPR been transferred to a company that does not appear to have adequacy compliance?
I have asked this of support so happy to wait for a detailed reply from there if this is something you can't answer - no worries at all!
Thank you for your patience.
Proud member of Patterns of Force
Captain Level 99
Played since January 2017
TP: Do better!!!
This was the decoy email address I used for the surveys and other places where I am unsure of the safety of my data. If I start seeing spam in my main account I am going to flip [self-censored naughty word again], and it will be biblical.
I have passed a similar warning to my fleet. I’d implore everyone here to do the same, even if they are personally comfortable with the enhanced level of danger with regards to identity theft and predatory advertising, because the message needs to reach as many people as possible.
In 3 1/2 years, I never once remember Shan posting a comment this late in the day. Does anyone else suspect WRG Studio looks like the Fire Drill episode of The Office today?
https://gdpr.eu/fines/
GPDR violations carry serious penalties. If DB/TP screwed up with their transaction or if they did not properly vet the company making these offers, they're in trouble.
That being said, this company is used by multiple other apps that are available in Europe. And they have localized offers for European players, so I would guess they're compliant despite being as sketchy as they look. What the individual offers do is a different story, but the players accept a privacy policy when they do those surveys or download the games.
SAVE BANDIT!
Also @DScottHewitt, I don't want to tell you how to do your job, but today is the 11th anniversary of Michael Jackson's death and he had an album called 'Off the Wall'.
On it!!!!!
RYAN STARTED THE FIRE! IT’S ALWAYS BEEN BURNING SINCE THE WORLD’S BEEN TURNING! RYAN STARTED THE FIRE!!!
(nods to @(HGH)Apollo )
P.S.: Get your ... stuff together, TP, or you lose this 3+ years, VIP 14+ player. Want to maximize LTV? Listen to the people here. We do give a damn. More than you seem to think.