Skip to main content

Cities: Skylines mods banned for blocking users, potentially enabling malware

A swirl of mostly untrue rumours

A handful of popular Cities: Skylines mods have been banned from the Steam Workshop by developers Colossal Order. One, "Network Extensions 3", violates the Steam Subscriber Agreement by "discriminating against specific Steam users" blocking them from using it, Colossal Order say. Another mod, "Update From Github", aimed to circumvent the Steam Workshop entirely by allowing updates to mods to be installed directly form Github while "making changes to existing Workshop subscriptions without the user's knowledge."

Complicating matters somewhat is a sea of rumours about what else the mods contained, and a series of counter-allegations about Colossal Order from the creator of the mods.

These mods were both created by a user who works under the name Chaos, or sometimes Holy Water. Allegations appeared a few days ago that some of this users mods contained "malicious code."

This code was apparently also included in "Harmony (Redesigned)", a framework mod that many other mods depend upon. Chaos reportedly forked a build of Harmony to create his own variant, called Harmony (Redesigned), which contained the new code. Rumours swirled around the allegations that this revision of Harmony, which was extremely popular, contained a keylogger and a secret automatic updater inside it that could have allowed malware to be installed on users' computers.

Colossal Order say this isn't the case, in a message posted on Steam. "No keyloggers, viruses, bitcoin mining software, or similar has been found in mods on the Steam Workshop," says the post.

Instead, the post explains that the mods banned were Network Extension 3 and Update From Github, for the reasons mentioned above.

"'Network Extensions 3', the mod alleged to contain malware, was banned due to discriminating against specific Steam users," says the post. "First, it blocked a short list of Steam users from using the mod, but this was later changed to cause what appeared to be buggy gameplay. Blocking users or creating specific restrictions for them violates the Steam Subscriber Agreement and such resulted in the mod being banned."

Update From Github, seemingly released by Chaos in response to Network Extensions 3 being banned, "was removed shortly after appearing on the Workshop," says the post. "This mod was designed to check for and install updates to mods directly from Github, making changes to existing Workshop subscriptions without the user's knowledge. This bypasses the Workshop entirely, and to avoid potential abuse (such as downloading malicious software) the mod has been removed."

Although it was removed to avoid potential abuse, there's no indication that abuse had yet happened, and the updater was a separate and clearly labelled mod rather than something buried inside "Harmony (Redesigned)". Colossal Order say that this mod "has not been updated since March 15th, 2021. Further updates to this workshop item are not possible as the account is banned and contributors are unable to update workshop items."

All of which would be complicated enough, except that the mod creator claims that it's actually Cities: Skylines which contains a keylogger. Specifically he points to features in the game's code seemingly designed to send telemetry - data related to player in-game actions - back to developers. It's common for developers to gather telemetry from players in order to help them refine and improve games, but Chaos, posting under the name "I found Colossal Order Keylogger", alleges this data is not anonymised and is being linked to users' Paradox accounts.

Chaos also refers to Colossal Order's banning of his mods as a "digital stoning" designed to discredit him. The posts are vitriolic, and telemetry is about as commonplace as forum drama in mod communities so the accusations seem absurd to me. Regardless, I have reached out to Colossal Order for further comment.

Read this next