• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.

Developing: Epic Games Launcher appears to collect your steam friends & play history (Up2: Valve responds, See Threadmarks)

Reader mode
SirNinja

SirNinja

One Winged Slayer
Member
Nov 17, 2017
8,218
Las Cruces, New Mexico, United States
"I didn't think this would spy on MY Steam!", said people who installed a program made partially by the SteamSpy guy

Jebusman said:
I wonder if Spybot - Search and Destroy is still around.

Weren't those the good ol days? Having to worry about that shit on a regular basis?
Click to expand...
Click to shrink...
Oh god...the memories...

I had to run that thing like twice a day on my parents' computer because they kept going to obvious scam/spam/virus sites. My mom was always so excited that she was somehow the 10,000,000th visitor to every other site she visited... :-/
 
mrglcs

mrglcs

Member
Oct 25, 2017
1,303
Germany
Glad I never installed this shit. I created an Epic account years ago for Shadow Complex but never used it. Then people tried to hack the account and I couldn't even find an option to just deactivate it.

I'll sure as hell never support this scummy bullshit.
 

Deleted member 4247

User requested account closure
Banned
Oct 25, 2017
8,896
oldbob2k said:
This is correct. You are not allowed to widly collect data. You have to SPECIFY what data you collect and for what you collect that.
Click to expand...
Click to shrink...

It's not enough to specify, you have to ask for it and get explicit consent if it's anything that's not absolutely critical for your software/site/whatever to function (and even then you have to inform about it). Just relying on implicit consent ("By proceeding you agree to X and Y") is not OK anymore.

Trust me, I know, I work in a company where we have to deal with this constantly.
 
Yung Coconut

Yung Coconut

Member
Oct 31, 2017
4,267
Maintenance said:
Ask and you shall receive.



That's textbook victim blaming. I doubt you would say that to a rape victim.
Click to expand...
Click to shrink...

I can't even... Are you even serious right now? I'm surprised you'd conflate the two, but here we are. My god. I'm done with this conversation. Have fun.

And advising people not to leave their home doors, or computers, wide open and unattended isn't victim blaming. It's good advice.
 
OP
OP
Madjoki

Madjoki

Member
Oct 25, 2017
7,230
muteKi said:
This seems like something that should be easy enough to verify by going over packet information. My kingdom for some wireshark traces.
Click to expand...
Click to shrink...

Epic encrypts it. It's more complex to

Jebusman said:
But Valve isn't sharing it (to our knowledge). If you set your profile to private, Valve does not allow companies to use their API to access your profile data.
Click to expand...
Click to shrink...

It seems code might've been added when Valve made privacy by default, so probably to bypass profile privacy. (This is based on Kurt Russel having history of backups from May 2018, so single datapoint only)

BronsonLee said:
I'm going to imagine that since they're a competitor Steam would be like uh fam, no
Click to expand...
Click to shrink...

Epic even has games on Steam. They have access to both publisher API and public API. (Publisher API, bypasses profile privacy for some cases, namely owners of your games)
 

Deleted member 1481

User requested account closure
Banned
Oct 25, 2017
57
Curitiba/PR - Brazil
t0RLReb_d.jpg


Coming exclusively to the Epic Games Store
 
Evergarden

Evergarden

Member
Oct 25, 2017
1,408
I have to keep the launcher since I'm using UE occasionally but this is a direct violation of GDPR and must be punished. This is way to scummy.
 
Tart Toter 9K

Tart Toter 9K

Member
Oct 25, 2017
397
Armaros said:
Steam API literally exists to get this information from Valve with permissions in the 100% legal and upfront way.

This is why the Steam API exists, so other companies can link to Steam only when the user allows it.
Click to expand...
Click to shrink...
If they have to use the API they also have to respect the "profile privacy" setting on steam, which defaults to "private" after GDPR. I assume they'd rather not do that so they can get more data.
 

Deleted member 5864

User requested account closure
Banned
Oct 25, 2017
2,725
Jebusman said:
I wonder if Spybot - Search and Destroy is still around.

Weren't those the good ol days? Having to worry about that shit on a regular basis?
Click to expand...
Click to shrink...
I remember going to a friends house to have a Red Alert 2 LAN party once, and his PC was so slow I suggested running Spybot to maybe help clean it up.

It got something like 15,000 hits and after the process finished, basic shit wouldn't work anymore we had to undo the process and he had to play his slow ass, buggy PC. Only reason he wouldn't let us do a fresh install was because we didn't have enough additional storage to back up his porn collection. >.<

Those were the days.
 
Alvis

Alvis

Saw the truth behind the copied door
Member
Oct 25, 2017
11,226
Spain
Fuck Epic Games. Glad this shit hasn't touched my computer since I reinstalled Windows.
 
Micael

Micael

Member
Oct 28, 2017
1,363
Some time ago either Sweeney or Galyonkin mentioned some numbers regarding the amount of fortnite users that had steam installed in their computers, I remember wondering how exactly did they knew that, well I guess we now know how.

EDITED:

https://www.pcgamesn.com/steam-users-fortnite

Durante said:
That's not how the GDPR (which I assume you meant) works.

It specifically requires you to hold and process only the data absolutely necessary for the completion of whatever you are doing, and get consent for literally any other personal data you gather. You (as in the company processing the data) do by no means get to decide what's "sensitive" and just collect other data as you please. At least that's how I've had it explained to me by people who know more about law than I do.


If that happens I'll officially and entirely give up on the games media.
Click to expand...
Click to shrink...

From what I know you don't have to specifically get consent, consent is 1 of the 6 ways of doing so, it is just the other 5 are also not really covered by this:

"
The GDPR provides six bases for data collection and data processing in Europe:
  1. The vital interest of the individual
  2. The public interest
  3. Contractual necessity
  4. Compliance with legal obligations
  5. Unambiguous consent of the individual
  6. Legitimate interest of the data controller"
The best argument epic can make is that it is in the legitimate interest of the data controller, but that is an extremely disingenuous argument considering they are doing it before there is any legitimate interest to the user, and that they ask for user consent to do so, which is ofc the point where data gathering should occur, also the user should be aware that such data is being collected, and well they do mention it in the ToS, but bullshit ToS moves like this are one of the things GDPR is here to stop.

Also should be noted not the first time epic has shown 0 fucks about GDPR, I still remember when they inverted the question of consent in an attempt to bypass people accepting marketing material or what ever it was, it was a scum ass move back then, this only shows it as being part of a larger general pattern of behavior from them.

EDITED:

fJ9dyaMR9XJjlChDlY4_Go07iHXse7Pi-acBL6oz61g.png
 
Last edited:

Deleted member 27751

User-requested account closure
Banned
Oct 30, 2017
3,997
Yung Coconut said:
I completely agree. If this is important data to people it also shouldn't be so easily accessed either.
Click to expand...
Click to shrink...
Valve aren't making this accessible to others. They are not going out of their way to do so like Epic is doing so to scrape the data. I got where you were coming from earlier but it doesn't equate. Valve isn't responsible as well because it is a LOCAL file that is being scanned, one contained in the Steam directory that is made for use by Steam alone. Expectation is no legitimate program wanders out of its directory into another's.

So no, Valve isn't in the wrong here as well because they provide official API means, it's Epic being shady fucks that's the problem.
 

Kathartic

Alt-account
Banned
Mar 4, 2019
74
Burn this store to the ground if true.

Epic officially has lost all the good faith from me.
 
ReliableMerman

ReliableMerman

Member
Oct 29, 2017
415
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
 
Greigor the FellHand

Greigor the FellHand

Member
Oct 26, 2017
12,125
Armaros said:
They made a preemptive copy of our information. When that information can be legally obtained with upfront and proper permissions with the Steam API.
Click to expand...
Click to shrink...
i like how they are trying to spin this.

"preemptive copy"

we scrapped your system without you knowing.

ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...

it sounds like they are scrapping the data regardless.
 
spam musubi

spam musubi

Member
Oct 25, 2017
9,380
ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...

No. It's because they do it even when you don't choose the import. They say that they don't upload that to their servers until you consent... but why not make that copy at the time of your consent instead of before?
 
Tovarisc

Tovarisc

Member
Oct 25, 2017
24,404
FIN
ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...

What is bad about installing some malware to your PC and let it harvest your data without your permission?

They harvest your Steam data without permission "because just in case and reasons". Like people have pointed out all Epic would need to do is hook EGS with Steam API for this stuff, but nah... They decided to go mining around.

They don't ask or wait for your permission before they start gathering your Steam Data.
 
Mentalist

Mentalist

Member
Mar 14, 2019
17,972
ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...
Every single time you run the EGS launcher, it scans your Steam directory and collects data not just about your Steam I'd and friends list, but also all the games you own and have played on Steam.

This information is collected without your permission and is presumably accessed by Epic, since a copy of each scan remains stored on your PC.

Given there are perfectly legal ways of asking valve for the portion of information that is publicly available (not about your playing habits, though), the motives behind this seem suspect to say the least.
 

Deleted member 4367

User requested account closure
Banned
Oct 25, 2017
12,226
They have a PR problem hah.

Reading the AMA of Phoenix Point shows developers signing deals with them also have a PR problem.
 
Armaros

Armaros

Member
Oct 25, 2017
4,901
ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...

I've made a copy of your information while you aren't looking.

But I promise that the information won't be taken and used unless you give me your permission.

Btw there is an official release form to get your information legally at your front office, but I decided to do it covertly this way.
 
Yung Coconut

Yung Coconut

Member
Oct 31, 2017
4,267
Eorl said:
Valve aren't making this accessible to others. They are not going out of their way to do so like Epic is doing so to scrape the data. I got where you were coming from earlier but it doesn't equate. Valve isn't responsible as well because it is a LOCAL file that is being scanned, one contained in the Steam directory that is made for use by Steam alone. Expectation is no legitimate program wanders out of its directory into another's.

So no, Valve isn't in the wrong here as well because they provide official API means, it's Epic being shady fucks that's the problem.
Click to expand...
Click to shrink...

I would never suggest you build your security for anything around expectations. Epic shouldn't be doing this and is obviously in the bad guy role here. But I'd also hope Valve wouldn't make it so easy for this to happen. But to each their own.
 

Deleted member 27751

User-requested account closure
Banned
Oct 30, 2017
3,997
ReliableMerman said:
I'm having difficulty understanding exactly why this is so bad. Being genuine here. Is there uproar because Epic pulls in an encrypted copy of your Steam friends when you choose to use Epic's 'import' feature?
Click to expand...
Click to shrink...
So the issue lies in Epic scraping your Steam's local file for information on anything that is stored in that file. So far we've found friends list, games owned, playtimes and one other thing I can't think of. The biggest problem is that they are doing this pre-emptively which is a big no no for privacy standards. Valve has an official steam api but it has to respect making your account private, this bypasses that.
 
OP
OP
Madjoki

Madjoki

Member
Oct 25, 2017
7,230
Tart Toter 9K said:
I'm logged in and can't find anything. These are the only public repos by Epic.
vKnmEJc.png
Click to expand...
Click to shrink...


It's private repo, you need to be given access.

It's only Hardware Survey part anyway, Steam part isn't there. (I left Hardware Survey part out, because I didn't have time to gather full info, but I guess that's there anyway)

Armaros said:
I've made a copy of your information while you aren't looking.

But I promise that the information won't be take and used unless you give me your permission.

Btw there is an official release form to get your information legally at your front office, but I decided to do it this way.
Click to expand...
Click to shrink...

And if it's for friends, why not leave game information etc. out? Why gather save file information?
 
dude

dude

Member
Oct 25, 2017
4,634
Tel Aviv
Yung Coconut said:
I would never suggest you build your security for anything around expectations. Epic shouldn't be doing this. I'd also hope Valve wouldn't make it so easy for it to happen. But to each their own.
Click to expand...
Click to shrink...
Valve is doing what every other program is doing, so your expectations are weird.

Regarding Epic's response: Can it be checked if this file is being sent over to Epic or not? If it's not, it's still shady as hell, but less scary.
 
KDR_11k

KDR_11k

Banned
Nov 10, 2017
5,235
Well, that's a reason to hold off on Satisfactory for now... Let's see what FactoryTown is like.
 
Tovarisc

Tovarisc

Member
Oct 25, 2017
24,404
FIN
Armaros

Armaros

Member
Oct 25, 2017
4,901
Tovarisc said:
That reply from Epic isn't making any of this better. If possible that reply is making this whole thing worse.

You just data mine users Steam data in background, without permission or notification, just in case and reasons and totally don't dip into that mined data remotely? Suuure...
Click to expand...
Click to shrink...

And the Steam API does what they are doing without snooping and it properly asks for permission.
 
Reader mode
You must log in or register to reply here.