GameIndustry.eu / Reviews / New World

New World

Publisher: Amazon.com, Inc.
Released: 2021
Steam ID: 1063730
Genre: MMO
System:
Hosts entries: Details

Features
Personal data:
Forced online:
Third party:
Advertising:
Micro Transactions:
Launcher:
Social Networks:
Data octopus:

Review by: Pengin | 15.10.2021

Explore a thrilling, open-world MMO filled with danger and opportunity where you'll forge a new destiny on the supernatural island of Aeternum.

New World Review

Amazon's New world was a piece of hard work and i thought twice about to write an review.

To use Amazon products and write about data doesn't really go together, does it? Well, it perfectly does.

I want to give an overview for interested consumers about New World's ingame connections and an additional way to change some options of what data is uploaded during your gaming sessions.

Since the review will 100% end up in the linkfilter for 2 days again, all results can be reached via the linked website on my profiles primary group.

Involved companies

- Amazon.com, Inc. (who would have thought it?)
- Vivox, Inc. (default activated VOIP service)
- Formerly Kamu Game Security, belongs to Epic Games, Inc. now

Involved files and tips

- GameCrashUploader.exe
- NewWorld.exe
- NewWorldLauncher.exe

CrashUploader

To prevent Crashlytics uploading of your data, it's a bit tricky.

- Navigate to folder *.*\Steam\steamapps\common\New World\Bin64
- Delete the GameCrashUploader.exe and create a new textfile with the same name
- Save as GameCrashUploader.exe

As result you'll get a 0kb file and it works. If the file is simply deleted without creating the dummy, the game will no longer work properly.

Ingame connections

Now we're at the interesting part. Following data is prepared for using for host or other blocklists.

Blocked

Kinesis-Telemetry, advertising and Voicechat.

Everything else is necessary or ignored like the ingame-shop. All connections can be blocked or unblocked for own purpose. IPv4 addresses are not complete but some more can be seen under the Article about Easy Anti-Cheat

Hydra / Easy AntiCheat

# 54.194.59.252, 108.128.10.173, 54.77.126.246, 54.76.161.96, 52.49.164.135, 52.51.92.22, 54.194.183.213, 99.81.245.152, 18.203.45.109, 52.213.31.47, 3.248.168.247, 18.66.97.18, 52.208.99.8, 18.66.97.18, 18.66.248.58, 34.252.60.82, 63.34.97.191, 18.66.97.78, 18.66.97.18, 104.21.8.54, 52.30.58.116, 34.252.60.82, 52.211.70.25



#0.0.0.0 d168vncdejh91z.cloudfront.net

#0.0.0.0 download.eac-cdn.com

#0.0.0.0 gossip.easyanticheat.net

#0.0.0.0 download-alt.easyanticheat.net

#0.0.0.0 gossip.easyanticheat.net

#0.0.0.0 hydra.easyanticheat.net

#0.0.0.0 gamesec-hydra-eu-lb-prod-220534806.eu-west-1.elb.amazonaws.com

STS - AWS Identity and Access Management

# 54.239.24.200



#0.0.0.0 sts.us-east-1.amazonaws.com

#0.0.0.0 sts.amazonaws.com

Kinesis - Realtime Analytics, BigData and API for other AWS services

One Kinesis service for each Realmpool

# 52.119.211.247, 3.24.227.244, 3.123.12.204, 3.123.12.195, 3.24.227.249, 18.229.220.157, 34.223.45.95, 3.91.171.226



0.0.0.0 kinesis.ap-southeast-2.amazonaws.com

0.0.0.0 kinesis.sa-east-1.amazonaws.com

0.0.0.0 kinesis.eu-central-1.amazonaws.com

0.0.0.0 kinesis.us-west-2.amazonaws.com

0.0.0.0 kinesis.us-east-1.amazonaws.com

Metadata personaHost

# 54.146.208.115, 54.89.165.9, 35.174.93.31, 35.173.107.183



#0.0.0.0 service.maestro.us-east-1.social.games.a2z.com # personaHostV2, Sessiondaten

#0.0.0.0 client.us-east-1.social.games.a2z.com # personaHost

#0.0.0.0 client.entitlementservice.amazongames.com

DynamoDB - PING / Callbacks

# 52.94.17.24, 52.119.226.188, 52.94.13.34, 52.94.10.24, 52.94.7.6, 52.94.17.30, 52.119.224.126, 52.94.10.82, 52.94.7.10, 52.94.13.28



0.0.0.0 dynamodb.ap-southeast-2.amazonaws.com

0.0.0.0 dynamodb.eu-central-1.amazonaws.com

0.0.0.0 dynamodb.us-east-1.amazonaws.com

0.0.0.0 dynamodb.us-west-2.amazonaws.com

0.0.0.0 dynamodb.dynamodb.sa-east-1.amazonaws.com

Marketingtiles / Advertising / Announcements

# 52.92.144.186, 52.218.176.33, 3.229.133.91



0.0.0.0 ags-nw-cms.s3.us-west-2.amazonaws.com

#0.0.0.0 client.catalogservice.amazongames.com # Ingameshop

Assets

# 65.9.71.91, 18.66.122.79



#0.0.0.0 assets.ctfassets.net

Vivox

# 52.28.150.142



0.0.0.0 anwxp0euc1.www.vivox.com # /api2/viv_get_prelogin.php

0.0.0.0 www5-anwxp0euc1-elb-741467932.eu-central-1.elb.amazonaws.com

0.0.0.0 watson.vivox.com

Gameserver

Description of the addresses now only once, these repeat of course for all servers

#0.0.0.0 ags-javelin-remote-config.s3.amazonaws.com # Configurationsets for Kinesis, RegionID, ProduktID, CognitoID, WorldID

# EU Central

#0.0.0.0 2mfrik7h83.execute-api.us-east-1.amazonaws.com # AuthStack

#0.0.0.0 u433g9r00c.execute-api.eu-central-1.amazonaws.com # LoginGateway

#0.0.0.0 8otrnl8e8d.execute-api.eu-central-1.amazonaws.com # JavelinGateway V2

#0.0.0.0 d1w0bfy6smo4d1.cloudfront.net # JavelinGateway Cloudfront & Credentials/Logininfo, Characters, Serverlists e.g.

# SA East

#0.0.0.0 kqqt5twsi7.execute-api.us-east-1.amazonaws.com

#0.0.0.0 j4n6whncmi.execute-api.sa-east-1.amazonaws.com

#0.0.0.0 ei4rb8pwvd.execute-api.sa-east-1.amazonaws.com

#0.0.0.0 d1cjlmzk0xrm0z.cloudfront.net

# US East

#0.0.0.0 0prplal5u1.execute-api.us-east-1.amazonaws.com

#0.0.0.0 eudbjx6mig.execute-api.us-east-1.amazonaws.com

#0.0.0.0 3khxmonavl.execute-api.us-east-1.amazonaws.com

#0.0.0.0 d2oeuvxi3kfsrw.cloudfront.net

# US West

#0.0.0.0 q8hqllbg6k.execute-api.us-east-1.amazonaws.com

#0.0.0.0 v7irlu1nrl.execute-api.us-west-2.amazonaws.com

#0.0.0.0 mwsyzhfoe5.execute-api.us-west-2.amazonaws.com

#0.0.0.0 d3bj4csovi1fe8.cloudfront.net

# AP Southeast

#0.0.0.0 hhf8nn71vb.execute-api.us-east-1.amazonaws.com

#0.0.0.0 ep1m9qoir8.execute-api.ap-southeast-2.amazonaws.com

#0.0.0.0 9jlv7mxmw1.execute-api.ap-southeast-2.amazonaws.com

#0.0.0.0 de4mfzk9wkelz.cloudfront.net

Summary

As it was not to be expected from the dominating Tech,- and BigData company Amazon otherwise, there is a lot in the product.

Especially with active Kinesis telemetry, users are tracked every few seconds. In Addition there are regular callbacks from dynamodb connections but users can do a lot to stop the snooping and data madness a little bit. Especially when data is captured and default activated before users have the chance to disable default services with ingame options.

Rules for posting comments can be found in the F.A.Q.