Developing: Epic Games Launcher appears to collect your steam friends & play history (Up2: Valve responds, See Threadmarks)

Oct 25, 2017
2,672
#1
So this comes originaly from Reddit, I found out via lashman Metacounil post.
(This is not endorsement of those findings)

But I tried to replicate those and found out that Epic Games Launcher on start up searches for Steam install
and proceeds to get list of files in your Steam Cloud (this includes mostly game saves for every user that has logged in on your PC)

Steam Cloud is stored under userdata\[account id]\ if you wanna check

It will also create encrypted copy of config\localconfig.vdf.
This file contains your steam friends, their name history (groups you're part of, are considered "friends").

It seems friends might be used for friends suggestions, but I don't even use that feature and it collects more than that.

While it's called "localhistory" it is synced from cloud

It will read, encrypt and then write copy to: C:\ProgramData\Epic\SocialBackup\RANDOM HEX CODE_STEAM ACCOUNT ID.bak
It will also keep historical entries there.

As for contents of file:

Example of friends entry:



Play history, will contain last playtime



300 = Day of Defeat

Code:
"300"
                    {
                        "LastPlayed"        "1384125348"
                    }
(1384125348 is unix timestamp near end of 2013). Apparently I have played this then.

To replicate these findings you can use Microsofts Process Explorer:

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

To replicate these findings you can use Microsofts Process Monitor:

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

It's recommended to add filter: "ProcessName is EpicGamesLauncher.exe" otherwise there will be tons of crap. Also you can set Drop Filtered events to save on memory.

First step is finding out where Steam is:



Then it will enumerate everything in Steam Cloud.

It doesn't seem to read anything, but just names of all your saves of games



Then it will read localconfig.vdf



after it's done:



42834588 = steam account id

76561197960265728 + account id = steam id = 76561198003100316 (this is my account)


Update: Epic Games Response

We use a tracking pixel (tracking.js) for our Support-A-Creator program so we can pay creators. We also track page statistics.

The launcher sends a hardware survey (CPU, GPU, and the like) at a regular interval as outlined in our privacy policy(see the “Information We Collect or Receive” section). You can find the code here.

The UDP traffic highlighted in this post is a launcher feature for communication with the Unreal Editor. The source of the underlying system is available on github.

The majority of the launcher UI is implemented using web technology that is being rendered by Chromium (which is open source). The root certificate and cookie access mentioned above is a result of normal web browser start up.

The launcher scans your active processes to prevent updating games that are currently running. This information is not sent to Epic.

We only import your Steam friends with your explicit permission. The launcher makes an encrypted local copy of your localconfig.vdf Steam file. However information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed ids of your friends are sent and no other information from the file.

Epic is controlled by Tim Sweeney. We have lots of external shareholders, none of whom have access to customer data.

Daniel Vogel
VP of Engineering
Epic Games Inc.

https://www.reddit.com/r/PhoenixPoi..._game_store_spyware_tracking_and_you/eijlbge/
 
Last edited by a moderator:

Jawmuncher

Crisis Dino - Snake is in Smash
Moderator
Oct 25, 2017
8,662
Ibis Island
#8
The free games they give out to make you install the launcher feel rather dirty now. I'm all for "competition" but this doesn't seem like the right move to have consumers trusting in your launcher.
 
Oct 25, 2017
677
#24
This doesn't really sound terrible, most systems that link to your steam already track this information. Now if it had a key logger then you'd really catch my eye, but the data they're collecting is stuff I either give away willingly via public profile or stuff they already know.
 
Oct 28, 2017
4,804
Belgium
#33
Now I understand why Epic's "free" games require Epic's launcher to be running.

This data gathering is unacceptable for me. Even if it's only used for friends import, the store shouldn't be collecting anything until I actually use this import function. It doesn't seem unlikely that Epic is using this data for their own benefits.

I'm so done with Epic's shitty strategies. I don't even want their free games anymore. Uninstalling their launcher as we speak.
 
Oct 27, 2017
995
#34
This doesn't really sound terrible, most systems that link to your steam already track this information. Now if it had a key logger then you'd really catch my eye, but the data they're collecting is stuff I either give away willingly via public profile or stuff they already know.
Forgive me if I'm wrong but this is done without even linking your Steam friends list, correct?

Opting in to this is one thing, Having it done behind the scenes is another thing entirely.