-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
Developing: Epic Games Launcher appears to collect your steam friends & play history (Up2: Valve responds, See Threadmarks)
- Thread starter Madjoki
- Start date
You should report them. They do business in the EU so they have to abide by it's laws. Every report of their violation will help put this on the map of the European privacy protection authorities. They have the means to actually do something about all this. I know it is a bit of work but please make use of the rights available to you.
Of course, you're right, to be honest I wasn't even aware of this before you highlighted it, so thank you, I appreciate that.
He won't, he's been very clear he's in support of the EGS against the evil Steam and its lack of curation.
I totally agree. However, I trust Valve with my personal information. I have expectations that if Epic shouldn't be taking it then the data also shouldn't be so easy to take. But I guess that's where we differ.
This is false. The client creates a hashed (protected) file from existing cached Steam data on your system. That file and information is *only* provided to Epic if you choose to do so. Otherwise it stays on your local machine. This is in the OP
Well there was a time where they did genuinely got some bad press over it, although the negative coverage on them has gotten a whole lot more positive in the last few months, fortunately there is no reason to think that there might be any financial interest involved, because I certainly haven't seen devs suddently stanning really hard for the epic store to only later announce some sort of partnership with epic, and I certainly haven't seen any PC Gamer journalist website
There is, you have to opt in to this sort of marketing not opt out, they did this because one of the common ways websites changed due to GDPR is that marketing boxes are no longer pre-ticked, so they inverted the question and unticked the box to fool people thinking they were being super clever, they aren't:
"Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data. Silence, pre-ticked boxes or inactivity should not therefore constitute consent. Consent should cover all processing activities carried out for the same purpose or purposes. When the processing has multiple purposes, consent should be given for all of them. If the data subject's consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided."
It is still a violation of GDPR.
GDPR both states that the clauses should be easy to understand (which in this case it is not, negative text in clauses has to be in really specific cases and making sure the not particle is highlightned) and that the default option is not sharing data.
The fact they tried to say that they would be happy to not share data but GDPR didnt allow for pre-ticked boxes was major BS and pretty telling they didnt care about GDPR.
I know he tiptoed around Epic issues in his last videos, but you could be argue that Epic way of doing this was just "console world" tactics, but this is the type of scummy corporate bullshit he always called out for any company. He needs to adress it otherwise yeah, I'll believe his hatred over Steam is blinding him.
I mean, the free game every two weeks is pretty cool.
The turning-your-client-into-spyware thing kinda completely undoes that, though.
User Warned - Platform Warring
That's likely true, and interestingly enough, the exact opposite happens here.
There seem to be a ton of lawyers here - why aren't there lawsuits against these tyrants since they are so brazenly breaking the law? Let's show Epic Games what true Steam Fans are capable of. /s
Last edited:
I'm never inviting you to my home. You'd rob me if I took my eyes off of you for one moment.
"We took your data, but we put it somewhere safe, like in a lock box, and we won't look unless you say it's OK. We're good, right?"
They say that, yet this information is available to them https://www.pcgamesn.com/steam-users-fortnite
20% are regularly using Valves launcher...hmm..seems awfully specific.
Slight tangent. I wonder how many thieves are open about their motivations in real life? Just like, "yeah, I take stuff from people's houses. So what? They make it so damn simple. Not my fault. Hey, don't look at me like that. I wouldn't rob you, of course! Your security's pretty good... right?"
Not sure how you reached that conclusion? Because I expect the worst from people and would rather have safeguards in place to help prevent another "Oh shit, I trust people all of the time and never saw this coming!" scenario? Yes, I'd rather Valve just make this information harder to access so it wasn't so easy for Epic to snoop through it in the first place.
I want to make it clear (for me personally) I am not defending Steam, I have issues with Valve for numerous reasons so I am not coming from a dishonest place when I speak badly of Epic.
I just really dislike what they are doing, I think it's anti-consumer and the evidence clearly points to them breaking laws, I for one am going to report them just for how long it took for them to close my account, that in itself was a violation of EU law, I imagine many others are in the same boat as well.
That is certainly what they say, but they are also known for being scummy, especially since they have talked about how many fortnite users have steam installed, which you know a cynical person might think they knew that through illegal (under EU law) means, they also preemptively collect data, which doesn't make sense, even from a programming standpoint, not to mention a few of the data they collect is not pertinent to the purpose that the user might consent to, like you don't need to know how many hours and what games someone played to add your steam friends to the epic games launcher.
So yeah either epic games programmers decided to collect more data for the sake of it, and then do absolutely nothing with it, or they did it for a reason, one seems more likely than the other.
I see your edit, I have retracted my statement. Been an interesting, nay, EPIC, week.
Note there is a large /S at the end of the post I quoted.
Last edited:
Insufficient explanation.
According to the OP's observations, Epic creates a discrete file each time the launcher is active.
In addition they are soliciting information about your Steam library and amount of time played in each game (via scanning gamesave files) that is completely irrelevant to the stated purpose of being ready to synch up your friends" list.
If it does it Everytime, my guess part of what would is doing is looking for changes and reporting what changed
This is the first I'm hearing of it, give me some time, :p
For serious, though, I suspect the legality of what epic are doing will depend largely on how broad the terms "other software" from the ToS can be interpreted in a particular jurisdiction.
Everone else just goes through Steam API to link accounts and only the allowed information is used.
Storing local copies of data isn't data collection in the sense privacy laws tend to talk about. Just because some people are super suspicious of the 'scummy' Epic Games doesn't mean that they have an actual case here. if Epic are transmitting data to their systems without disclosing that they are doing it, then that's a problem. Moving files around your computer is not a problem. For example, if Epic want to catalogue your porn collection and store the hashes in an encrypted file on your machine, AFAIK there's nothing legally wrong with that unless they transmit this data back to Epic. With software like anti-virus, it's never been a problem that the anti-virus might be cataloging all your files. The concern has always been sending file lists back to the vendor without asking your permission. Data protection laws are not typically designed to prevent software performing tasks locally.
To use another analogy, literally nobody cares that VLC or any other media program stores a list of all the videos you watch. It's called a "history". They do care if the media program transmits this data back to the software's creators without consent.
To use another analogy, literally nobody cares that VLC or any other media program stores a list of all the videos you watch. It's called a "history". They do care if the media program transmits this data back to the software's creators without consent.
But why maintain a history on your local machine, instead of just updating a single file?
And that still doesn't address the question of what do my savegames have to do with my friends list and why that information is relevant.
Epic has no need to collect my data about how many hours I have in Barbie Dreamhouse today and then on Saturday after I put 13.2 hours more in.
That is 100% irrelevant for friend list syncing and only necessary if you are looking to create some extremely accurate statistics about peoples Steam use and game preference behavior.
the episode will be a 1 year exclusive on the epic store
And it also doesn't explain why the file is so big for 'just' a friends list.
I'm a layman when it comes to programming.
They say they collect info to keep friends list up to date and to check what games are currently running so as not to launch an update for them while they are running.
The OP found that they also scan and collect savefile data, giving them an idea of what games you own and how much you play them.
To me, the second part still feels like unauthorized collection of marketing data.
User Warned - Thread Whining
Shhhhh, can't you see this is the outrage feature of the week?
If they collect which games I play and my savefiles, which they never state they are collecting: they are breaching GDPR
It is creating files with data irrelevant to the stated purpose of the collection, so if you "give permission" to sync that data with Epic for your friends list, they are collecting more than they state they are, or at least more than you would have reason to assume they are without manually checking the files being sent.
If as in your examples, Epic games collects information on porn habits from users "just on local machines", but then that data gets sent to their service when you tell it to sync your friend lists, that would indeed be a breach of privacy, both on a legal and common-language sense.
If they collect data on what games I've been playing and store it on my own machine and then take that data from me when I click a button that I believe will ONLY allow them to link up my friends list between the two launchers, are they then violating EU law?
I'm genuinely curious, since I live in a non-GDPR country
--
I see. It would be nice to have an example of a major service's privacy policy in America and in GDPR affected territories. It would help differentiate things. Here in America, Epic's ToS and PP are pretty template. They use the data for user experience personalization, marketing and other commonly cited stuff. I have no idea how much more a company would be required to detail, without it being considered divulging company operations, which can be seen as a liability.
It is an alien concept to me that I could read a ToS form and a company would be required to elaborate in specific terms how my data is being collected (like, down to the programs being used to scan and what is being scanned) and how my information is being used (an explanation of how my inputs are used in their business model to achieve productivity). Like, isn't all that infrastructure proprietary to these companies? It just seems like a fine line between transparency and dangerous risk to company finance.
As for how Epic acquires it, that does need to be further detailed. I would assume Valve's open API makes acquiring that data easier than it should be. It also doesn't instill confidence that Valve had demonstrably weak security defaults for a large chunk of the Steam client's lifetime.
I expect if people complain to any related regulatory agencies, they'll swiftly alter their ToS.
Really, this is the hill you are going to pitch your troll bait post against? The one where there is clear evidence of something happening, be it sending personal data back or simply just scraping what they shouldn't be scraping. This isn't some faux outrage like your bait post thinks it is, this is legitimate personal information being scraped in a way not complying with Valve's Steam API that is specifically there TO DO JUST THAT and be respectful of those who lock down their data.
Yeah, it definitely seems less like a generous offer to encourage adoption of the platform and more a means to backdoor into Steam's user info.
Yeah, this is why I was hoping someone would have tried to wireshark all of this by now, if only to build up a case against Epic's practices here since it still, based on their claims, would fall into a gray area in terms of privacy law. There's still no reason for Epic to bother doing this without permission, though, and the other issues with data sharing noted previously are pretty scummy!
Whatever or not is technically against GDPR to just collect the data, they have no reason (or at least haven't provided one) for doing so *before* the user gave them permission. It also means that if/when I have them that permission, they have access not only to the current data, but a history of it from the first time I installed their launcher.
And as several people have noted, Steam has an API for collecting this data. Why they aren't using *that* instead of directly accessing local files and thus bypassing any privacy controls that are present?
It isn't because this is Epic... I wouldn't any software scanning through my files just in case in the future I say "it's ok".
And as several people have noted, Steam has an API for collecting this data. Why they aren't using *that* instead of directly accessing local files and thus bypassing any privacy controls that are present?
It isn't because this is Epic... I wouldn't any software scanning through my files just in case in the future I say "it's ok".
Antivirus IS EXPECTED to do file jobs, that's a part of what it does.
People installed EGS to get games to play and not cataloging steam or other store's files with GDPR relative content, especially without the user's consent.
im not defending them. I actually view this method as more insidious, as they would also corelate which games/publishers to perma lock down and then use that stolen scrapped data to further this to hurt their competition.
addtionally, im more curious as to what else its scrapping your system for. and if its doing the same to all that
So glad I never installed their crappy launcher, especially when I was enticed by a free copy of Thimbleweed Park. Man, fuck Epic Games and what they have been doing to PC gaming.
I don't think this is very productive and isn't really adding much to the discussion, not trying to start an argument here either, just stating my opinion.
Also the assumption that genuine concerns over topics like this regarding personal data is the "outrage feature of the week" seems disingenuous.
I think the evidence really speaks for itself in regards to this matter, again, I don't mean to cause offence when I say this, just seems like you could have made a counterargument to the claims rather than just saying what you have.
Oh there is also the notion that the client has been collecting information since I believe May 2018 according to someone's post on that OP forum. This was due to the client being the same one that was before used for Unreal development, however this means that they've been collecting data (without your permission) for nearly a year and that is worth a lot in the right hands, namely Epic for understanding a market they are now pushing their way into.
Also note that the client collects this data no matter you opting in to linking your Steam friends list or not. Hence the 20% Fortnite Steam figure, because they just scrape it no matter what.
Also note that the client collects this data no matter you opting in to linking your Steam friends list or not. Hence the 20% Fortnite Steam figure, because they just scrape it no matter what.
Please report it. The more this get flagged the more likely Epic will be taken to task for their shady practices.