Developing: Epic Games Launcher appears to collect your steam friends & play history (Up2: Valve responds, See Threadmarks)

Mar 14, 2019
20
This is more about a corporate data breach. Epic is collecting this data from every Steam user to get a leg up on Steam, not to personally target you, in my belief. They are grabbing this data while it's still clear text and available before Steam realizes they've had a data breach. As customers, we should hold Epic accountable as well as demand to know what Steam is going to do to keep our data safe. By the way, the copy of localconfig.vdf that Epic makes is simply XOR'd with 0xFF, ,not encrypted. The only reason to do something like that is to hide that what you are doing. I also went through the whole procedure of linking my Steam friends to Epic and the "SocialBackup" file that Epic made was not accessed once (watched using Procmon). That Steam file contains all your friends, every game you own, when you last played, etc.

I can also say that the backup file created by Epic is created 1 minute after installing their launcher.
 

StereoVSN

Banned
Member
Nov 1, 2017
4,029
Eastern US
Not even surprised anymore
I am done with PC Gamer. It's pathetic how a publication calling itself "PC Gamer" is so much in the Epic's pocket now days.

Separately, I am certainly not astonished by this latest EGS shit show. It's to be expected. Considering that they have completely anti-consumer stance from the get-go, is this really surprising? Oh, and if Borderlands 3 does go to EGS, well, another game I don't have to worry about, plenty remains.
 
Nov 1, 2017
41
I am done with PC Gamer. It's pathetic how a publication calling itself "PC Gamer" is so much in the Epic's pocket now days.

Separately, I am certainly not astonished by this latest EGS shit show. It's to be expected. Considering that they have completely anti-consumer stance from the get-go, is this really surprising? Oh, and if Borderlands 3 does go to EGS, well, another game I don't have to worry about, plenty remains.
PCGamer, sorry, I mean EPICGamer.
 
Oct 25, 2017
926
Fuck....I want to uninstall, but I need the epic launcher for school.
How can the store side of Epic be so much shittier than the engine/Unreal side?
Oh..

...oh dear.

I'd uninstall it, but... I do developmental learning with Unreal Engine 4, so like... not really an option for me.

Still, this isn't... a good look.
Go to the folder and remove the right to create file or folder in there.
I think that should work.

First delete everything in C:\ProgramData\Epic\SocialBackup\
Go back up a level

Right-click SocialBackup
Properties
Security
Advanced
Modify Authorization
Select System
Modify
Refuse Writing Files or folder (not exact wording, my Win is French)
Ok and agree to the warning after

I'm not entirely sure if doing on System works. At worst, do it on the accounts too.
Nothing bad will happen, you're just blocking making new files or folder in that folder.
 
Last edited:
Mar 14, 2019
207
This is more about a corporate data breach. Epic is collecting this data from every Steam user to get a leg up on Steam, not to personally target you, in my belief. They are grabbing this data while it's still clear text and available before Steam realizes they've had a data breach. As customers, we should hold Epic accountable as well as demand to know what Steam is going to do to keep our data safe. By the way, the copy of localconfig.vdf that Epic makes is simply XOR'd with 0xFF, ,not encrypted. The only reason to do something like that is to hide that what you are doing. I also went through the whole procedure of linking my Steam friends to Epic and the "SocialBackup" file that Epic made was not accessed once (watched using Procmon). That Steam file contains all your friends, every game you own, when you last played, etc.

I can also say that the backup file created by Epic is created 1 minute after installing their launcher.
I fully realize that's their intent.
I consider it utterly unethical, and I am even less inclined than before to do any business with them.
 
Oct 27, 2017
189
Remember when GFW Radio used to constantly shit on GFWL because it was junk?

Now we have PC Gamer writing free Epic advertorials because it’s fashionable with a subset of indie developers.
 
Mar 14, 2019
20
This is about the same as saying "nothing personal, just business"

We're still the ones having our privacy violated.
I'm in full agreement. I said that because some people are sadly of the opinion in this era that they don't even care about having their privacy violated because of constant violations happening all over. I just wanted it clear that they are not just stealing from us, but they are using Steam's own users to collect data to use against them. While certain Steam data is public, you can't buy the kind of data that is in that file. They are about to come out with hugely anticipated exclusive games (Satisfactory among others) that are going to bring a lot of launcher installs.
 
Oct 27, 2017
1,372
California
This isn't the only issue with this.

It's also a potential breach for beta testers on games still officially unannounced and unlisted on Steam. the EGS client can sniff those out from your steam folder and then go and contact the dev/pub and try and get an exclusive deal out of them. It's just shady and unethical as heck.
Man that’s a low blow. I honestly thought this was BS outrage but this is too low of a blow from Epic.

I don’t have their launcher installed and I don’t think I will now. This sucks if true.
 
Dec 14, 2017
2,271
So, Epic gets your Steam friends names after you agree to send it to them. The EGS gets more info using the Steam API, but this extra info never leaves your computer. There is no real problem here, if I understood everything correctly. If you are afraid they will ever do anything with that extra data, you are just cautious and for some reason you dont trust them, but it doesnt mean they are doing something wrong right now.
 
Oct 25, 2017
926
So, Epic gets your Steam friends names after you agree to send it to them. The EGS gets more info using the Steam API, but this extra info never leaves your computer. There is no real problem here, if I understood everything correctly. If you are afraid they will ever do anything with that extra data, you are just cautious and for some reason you dont trust them, but it doesnt mean they are doing something wrong right now.
They are breaking European laws...
 
Oct 25, 2017
259
Mar del Plata
So, Epic gets your Steam friends names after you agree to send it to them. The EGS gets more info using the Steam API, but this extra info never leaves your computer. There is no real problem here, if I understood everything correctly. If you are afraid they will ever do anything with that extra data, you are just cautious and for some reason you dont trust them, but it doesnt mean they are doing something wrong right now.
If only it was as easy as they made it look like. For starters, they could get this info from Valve's API, without snooping local data. And the other thing that doesn't make a lot of sense is that they started gathering this data almost a month BEFORE they added the Steam friends functionality to the EGL. I checked my computer, I have almost 500mb of Steam data in the Epic folder, and the first file is from May 4th, when the friends stuff was added on May 30th.
 
Oct 27, 2017
1,272
Epic really need to get their shit together when it comes to offer something, anything better for the user than the competitors. Moneyhatting basically already developed games for a 1 year store exclusivity is not something positive, just an annoyance.
As it stands, Epic Store is inferior to the Steam store in every single way. And that's not even counting this breach of privacy. Didn't see Epic's reply mention anything about them getting our entire games list with playtimes. Why do they need that, again?
 
Mar 14, 2019
20
So, Epic gets your Steam friends names after you agree to send it to them. The EGS gets more info using the Steam API, but this extra info never leaves your computer. There is no real problem here, if I understood everything correctly. If you are afraid they will ever do anything with that extra data, you are just cautious and for some reason you dont trust them, but it doesnt mean they are doing something wrong right now.
How did you get this opinion? Maybe you haven't read the recent posts since there are 16 pages of them. I can't totally fault you on that, but I recently posted that this Steam file is cloned 1 minute after you install the Epic launcher. It does not ask for permission, it takes it. It contains way more than just your friends, but every game you own including pre-release purchases - think for a minute about Epic stealing developers away from Steam such as Coffee Stain with Satisfactory. As another user notes, they can use this to target other developers. That's just one example use. Like Facebook, first you collect all the data you can and THEN you figure out how to monetize it.

We don't know exactly what they are using this data for or whether it leaves your computer because there is too much encrypted traffic between the Epic Launcher and Epic. What I DO know from my analysis is that their excuse of using this file for linking to Steam friends is untrue as the file is never accessed during the whole process of linking your Steam account to your Epic account.
 
Oct 25, 2017
926
It has been explained at least 3 times in detail in this thread.
European GDPR

Personally, I think this could even go against Canadian privacy laws.
https://www.priv.gc.ca/en/privacy-t...-electronic-documents-act-pipeda/p_principle/

PIPEDA Fair Information Principle 3 – Consent
  • Clearly specify to your customers what personal information you are collecting and why you are collecting it.
  • Inform the individual in a meaningful way of the purposes for the collection, use or disclosure of personal data.
  • Obtain the individual's consent before or at the time of collection, as well as when a new use of their personal information is identified.
The information being gathered is not covered in their agreement and the collection itself is against the law here.
 
Dec 14, 2017
2,271
How did you get this opinion? Maybe you haven't read the recent posts since there are 16 pages of them. I can't totally fault you on that, but I recently posted that this Steam file is cloned 1 minute after you install the Epic launcher. It does not ask for permission, it takes it. It contains way more than just your friends, but every game you own including pre-release purchases - think for a minute about Epic stealing developers away from Steam such as Coffee Stain with Satisfactory. As another user notes, they can use this to target other developers. That's just one example use. Like Facebook, first you collect all the data you can and THEN you figure out how to monetize it.

We don't know exactly what they are using this data for or whether it leaves your computer because there is too much encrypted traffic between the Epic Launcher and Epic. What I DO know from my analysis is that their excuse of using this file for linking to Steam friends is untrue as the file is never accessed during the whole process of linking your Steam account to your Epic account.
I only read the first post and a few of the last ones. So it seems that what I said is still correct, because you are not sending them this data, it is just copied (cloned) in your PC. I get that from this they can do something, I just said that they aren't at the moment. And with everyone knowing about this, if they ever start sending data without permission we will know by the next minute because people will be monitoring. Also, if this is an "exploit", Valve could probably do something to stop it, right?

edit. oh, I read the encrypted part now. Well, we can't know what is encrypted so we can't say it is or isn't related to the data. It does sound like I am defending them but I am just trying to understand what is happening.

It has been explained at least 3 times in detail in this thread.
European GDPR

Personally, I think this could even go against Canadian privacy laws.
https://www.priv.gc.ca/en/privacy-t...-electronic-documents-act-pipeda/p_principle/

PIPEDA Fair Information Principle 3 – Consent

The information being gathered is not covered in their agreement and the collection itself is against the law here.
I understood that the only data that goes to their servers is the names, after you give permission. They do gather more stuff but it is all stored locally so I doubt it can be considered as 'data collected by Epic'.
 
Oct 25, 2017
926
I only read the first post and a few of the last ones. So it seems that what I said is still correct, because you are not sending them this data, it is just copied (cloned) in your PC. I get that from this they can do something, I just said that they aren't at the moment. And with everyone knowing about this, if they ever start sending data without permission we will know by the next minute because people will be monitoring. Also, if this is an "exploit", Valve could probably do something to stop it, right?



I understood that the only data that goes to their servers is the names, after you give permission. They do gather more stuff but it is all stored locally so I doubt it can be considered as 'data collected by Epic'.
They made code that seeks that data. That is collection.
 
Mar 14, 2019
20
They made code that seeks that data. That is collection.
Not only is it collected, they also stored a copy on your computer (obfuscated). Tim Sweeney of Epic has responded to me on Reddit and I have sent him a few more questions. I'm still mad that he thinks he can rummage through the localconfig.vdf file but at least he now believes the user should be asked first!

Here is a reply from him : https://www.reddit.com/r/PhoenixPoi...game_store_spyware_tracking_and_you/eikbeya/?

TimSweeneyEpic 1 point 16 minutes ago
You guys are right that we ought to only access the localconfig.vdf file after the user chooses to import Steam friends. The current implementation is a remnant left over from our rush to implement social features in the early days of Fortnite. It's actually my fault for pushing the launcher team to support it super quickly and then identifying that we had to change it. Since this issue came to the forefront we're going to fix it.
We don't use the Steam API because we work to minimize the number of third-party libraries we include in our products due to security and privacy concerns (not from Valve specifically, but see e.g. https://www.macrumors.com/2019/02/22/ios-apps-sending-private-data-to-facebook/ for the general concern of APIs collecting more data than expected)

EDIT: I just looked over the Steam Web API and see no reason they couldn't use the proper way. https://developer.valvesoftware.com/wiki/Steam_Web_API#GetFriendList_.28v0001.29

GetFriendList returns 64-bit Steam ID's of all your friends and then you have to iterate through GetPlayerSummaries for each of them to get their display names. Then you compare those with people on Epic to find matching friends. Harder maybe, but the right way.
 
Last edited:
Oct 27, 2017
180
EDIT: I just looked over the Steam Web API and see no reason they couldn't use the proper way. https://developer.valvesoftware.com/wiki/Steam_Web_API#GetFriendList_.28v0001.29

GetFriendList returns 64-bit Steam ID's of all your friends and then you have to iterate through GetPlayerSummaries for each of them to get their display names. Then you compare those with people on Epic to find matching friends. Harder maybe, but the right way.
It is late here and maybe I'm missing something, but I don't get what he is talking about in regards to the API. Isn't web based? Why he is going on about third party libraries and using examples of apps that appear to be sending more data to Facebook on purpose?

As for the first part... well, "rush job" or not it does raise concerns about their general privacy policies when deploying features.
 
Oct 25, 2017
460
Not only is it collected, they also stored a copy on your computer (obfuscated). Tim Sweeney of Epic has responded to me on Reddit and I have sent him a few more questions. I'm still mad that he thinks he can rummage through the localconfig.vdf file but at least he now believes the user should be asked first!

Here is a reply from him : https://www.reddit.com/r/PhoenixPoi...game_store_spyware_tracking_and_you/eikbeya/?

TimSweeneyEpic 1 point 16 minutes ago
You guys are right that we ought to only access the localconfig.vdf file after the user chooses to import Steam friends. The current implementation is a remnant left over from our rush to implement social features in the early days of Fortnite. It's actually my fault for pushing the launcher team to support it super quickly and then identifying that we had to change it. Since this issue came to the forefront we're going to fix it.
We don't use the Steam API because we work to minimize the number of third-party libraries we include in our products due to security and privacy concerns (not from Valve specifically, but see e.g. https://www.macrumors.com/2019/02/22/ios-apps-sending-private-data-to-facebook/ for the general concern of APIs collecting more data than expected)

EDIT: I just looked over the Steam Web API and see no reason they couldn't use the proper way. https://developer.valvesoftware.com/wiki/Steam_Web_API#GetFriendList_.28v0001.29

GetFriendList returns 64-bit Steam ID's of all your friends and then you have to iterate through GetPlayerSummaries for each of them to get their display names. Then you compare those with people on Epic to find matching friends. Harder maybe, but the right way.
That is some serious damage control. I can't believe they thought that something like this could be implemented and it wouldn't get called out.
 
Oct 25, 2017
254
Cardiff, Wales
I uninstalled that dumpster fire store months ago, and this week I started the process of deleting my account.

I was hoping I’d maybe support Epic Store one day, when they stopped doing the exclusivity bullshit, but the spyware stuff (and subsequent damage control) is the last straw.
 
Mar 14, 2019
20
Tim replied to my questions and you can see the thread here: https://www.reddit.com/r/PhoenixPoi..._game_store_spyware_tracking_and_you/eik31to/

Sorry for linking off-site but it's too much to post. His reply shows that they only perform the Steam API <-> Epic authorization during the import friends procedure to verify that you are the owner of the Steam installation on your computer. He points out that there might be multiple Steam installs on a computer. The end result is that they aren't currently using the Steam Web API to pull friends - once they confirm your identity they go through your local Steam file directly. Now he's left fighting numerous battles and doing damage control for taking a shortcut.

He neglected to answer why they make a copy of that important Steam file in their own directory (and obscure/encrypt it).
It is late here and maybe I'm missing something, but I don't get what he is talking about in regards to the API. Isn't web based? Why he is going on about third party libraries and using examples of apps that appear to be sending more data to Facebook on purpose?

As for the first part... well, "rush job" or not it does raise concerns about their general privacy policies when deploying features.
I don't know what he's talking about either. I think he's saying they didn't want to have to use the Steam Web API in the launcher itself because of yet another API, but come on.

Tim continues to get clobbered on Reddit :
TimSweeneyEpic-17 points • submitted 19 days ago
I’ve posted and answered some questions below, but they’ve been downvoted, so use “show all posts” to see the whole context.

In relation to Chinese gaming company Tencent owning part of Epic:
TimSweeneyEpic • -7 points • submitted 2 hours ago
Tencent is a significant, but minority shareholder in Epic. I'm the controlling shareholder of Epic. I reckon that many of you here at /r/pcgaming don't much like me or my decisions, but the decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs!

LOL.
 
Last edited:
Oct 25, 2017
3,582
Don't use the Epic Games Store. Wait for the games to come to Steam or other platforms.

Epic is trying to fragment PC gaming and has a history of questionable practices. Steam offers several features for free via their APIs and doesn't give a damn what other platform you distribute your games on.

Yes, steam has problematic curation and customer service, but Epic is worse in every way for the gaming industry. And they definitely will pull back on those lower margins once the fortnite money begins to dry up, and/ or if they get significant market share - it's all bribery that will be pulled out from underneath everyone once it's no longer necessary.
 
Oct 27, 2017
180
I don't know what he's talking about either. I think he's saying they didn't want to have to use the Steam Web API in the launcher itself because of yet another API, but come on.
I'm hesitant to comment because I'm not familiar with the Steam API, but it doesn't make sense to me. He talks about using "Steam on the Web" (I'm assuming the API) to validate the user, but instead of continuing to use it, they switch to this local and invasive method. He justifies it "because we avoid including third-party code in our engine wherever possible". Does Valve supply any library for the API or is it all web-based? And if it is local, can't they inspect the code?

Again... I must be missing something. And that's ignoring the fact that coding something that goes around directly snooping in other folders without asking the user first is a *big* mistake to do.

Thank you for trying to extract some info from him. Just to give people context I'm going to quote his response to you here:
Tim on Reddit said:
The current implementation is the result of a system that was built quickly and then rapidly modified before launch as the online team identified that we needed to authenticate with Steam on the web (in case there were multiple Steam users on the PC) and make other privacy-oriented changes identified by the online team. It's a klunky method that we'll fix, but I don't think there's an issue of privacy law issue regarding data that is purely stored on your computer.
We don't use the Steam API because we avoid including third-party code in our engine wherever possible, as it often brings its own privacy, security, and licensing complications (though Valve has a fine reputation).
 

Nome

Designer
Verified
Oct 27, 2017
1,554
NYC
According to this website: Fortnite Guide- Now Add Steam Friends In Fortnite - VoStory the functionality that lets people import their Steam friends into the EGL was added with Update 4.3 of Fortnite. That update was released on May 30, 2018. The first files scrapped by the EGL on my computer were generated on May 4, 2018. Did those files travel in time?
It's common practice to ship code for incomplete features but not launch them until a later update.
See: https://en.wikipedia.org/wiki/Continuous_integration
 
Oct 25, 2017
259
Mar del Plata
It's common practice to ship code for incomplete features but not launch them until a later update.
See: https://en.wikipedia.org/wiki/Continuous_integration
Yes, but they started using the "incomplete feature" without notifying anyone. I have six files that were generated BEFORE that "feature" was publicly turned on (and a ton more afterwards, since they got almost 500mb of Steam data).
 
Oct 25, 2017
3,615
Seeing how this story is the top post on /r/Steam, it shows the hypocrisy of Steam fans yet again, because Steam goes further than that and essentially looks at your browsing history.
1) That's 2014. It might've changed since then.
2)

According to the thread author, VAC is retrieving the cache information and submits hashed versions of each domain you have visited or was looked up to remote servers. Hashed means it does not know the url itself, but only a hash of it.

While it is not clear what happens then, it is likely that the hashes are compared against a database of known cheating services and websites.
3) Considering that CS:GO is VAC protected and there's tournaments that have millions in prize money every year, it's not unjust to determine if someone who may or may not enter those tournaments could be downloading hacks which are incredibly hard to find.

So, yes, you're right. But also, no, you're not, because the two situations aren't the same, even if Valve are still doing that 5 years on from that article.
 
Yes, but they started using the "incomplete feature" without notifying anyone. I have six files that were generated BEFORE that "feature" was publicly turned on (and a ton more afterwards, since they got almost 500mb of Steam data).
speaking as someone who was a software developer for years and not that it excuses the slimy behaviour at all but this is absolutely standard practice, the back end code was in place before they had the front end code live. Though typically you would have the backend code there but not actually running until you enable the feature.
Epic has royally fucked up in many ways and they should be held accountable for this. I honestly feel they have broken laws
 

Nome

Designer
Verified
Oct 27, 2017
1,554
NYC
Yes, but they started using the "incomplete feature" without notifying anyone. I have six files that were generated BEFORE that "feature" was publicly turned on (and a ton more afterwards, since they got almost 500mb of Steam data).
If you believe Sweeney, then that data wasn't being sent to Epic anyway.
I kind of believe him, just because I've been in development situations where corners had to get cut in order to ship something in a timely manner.
That said, I think when it comes to user data, there's no room for sloppiness.

speaking as someone who was a software developer for years and not that it excuses the slimy behaviour at all but this is absolutely standard practice, the back end code was in place before they had the front end code live. Though typically you would have the backend code there but not actually running until you enable the feature.
Epic has royally fucked up in many ways and they should be held accountable for this. I honestly feel they have broken laws
Yeah, usually you'd feature flag something like this.
But there's also the possibility they were A/B testing, doing a phased rollout, running silently to check for bugs/stability, or a host of other reasons.
You could also just take Sweeney's word that they were rushing the feature and maybe just didn't bother to throw in a switch.

Really hard to say at this point, but bottom line is that the feature being on production clients prior to official launch doesn't mean anything conclusive.
 
Oct 25, 2017
2,997
Tim replied to my questions and you can see the thread here: https://www.reddit.com/r/PhoenixPoi..._game_store_spyware_tracking_and_you/eik31to/

Sorry for linking off-site but it's too much to post. His reply shows that they only perform the Steam API <-> Epic authorization during the import friends procedure to verify that you are the owner of the Steam installation on your computer. He points out that there might be multiple Steam installs on a computer. The end result is that they aren't currently using the Steam Web API to pull friends - once they confirm your identity they go through your local Steam file directly. Now he's left fighting numerous battles and doing damage control for taking a shortcut.

He neglected to answer why they make a copy of that important Steam file in their own directory (and obscure/encrypt it).

I don't know what he's talking about either. I think he's saying they didn't want to have to use the Steam Web API in the launcher itself because of yet another API, but come on.

Tim continues to get clobbered on Reddit :
TimSweeneyEpic-17 points • submitted 19 days ago
I’ve posted and answered some questions below, but they’ve been downvoted, so use “show all posts” to see the whole context.

In relation to Chinese gaming company Tencent owning part of Epic:
TimSweeneyEpic • -7 points • submitted 2 hours ago
Tencent is a significant, but minority shareholder in Epic. I'm the controlling shareholder of Epic. I reckon that many of you here at /r/pcgaming don't much like me or my decisions, but the decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs!

LOL.
Has he answered how Sergey knew that 20% of Fortnite players *regularly* use Steam? They are lying by omission with how far they are going with this.
 
Oct 28, 2017
1,331
If nothing gets sent off anyone's machine without consent there is absolutely zero problem here. Software is expected to query things off your machine.

Detecting and saving hardware information locally is not data collection. Transmitting that data to another machine is.
 
Mar 14, 2019
20
I covered this the best I could thanks to everyone’s input, prior to the update given by Epic later today:
Epic Games Store Caught Stealing Personal Information
Please let me know if there’s anything more I can do to get the word out.
That's a good report SmashJT. You covered everything known at the time. I've posted some minor updates above but the end result is that Epic was simply lazy/rushed and didn't use the API that Steam freely provides for this. Instead they sifted through your local Steam files and only added a Steam Web API authentication check whenever they realized at the last minute it was necessary.

Also, we shouldn't let Valve off the hook here either. They should not be storing all that information in a plain text file in the userdata directory. Make it much harder to access/scrape at least.
I'm hesitant to comment because I'm not familiar with the Steam API, but it doesn't make sense to me. He talks about using "Steam on the Web" (I'm assuming the API) to validate the user, but instead of continuing to use it, they switch to this local and invasive method. He justifies it "because we avoid including third-party code in our engine wherever possible". Does Valve supply any library for the API or is it all web-based? And if it is local, can't they inspect the code?
I think the Steam API is web-based but here's what's going on : When you go to add friends it opens a browser to Steam to grant permission to Epic to use the Steam API for your account (This part is "Steam on the Web"). You do that and agree, then Epic gets a token. Epic has confirmed your identity and could now use the Steam API & token to pull your friends but they never implemented that. Instead they just go through your local Steam files. I hope that makes it clear. All they need to do is have their launcher work with the Steam API instead of going through the local file. They seem like they are cutting corners to get their launcher and store going as fast as possible.
 
Oct 25, 2017
2,585
If you believe Sweeney, then that data wasn't being sent to Epic anyway.
I kind of believe him, just because I've been in development situations where corners had to get cut in order to ship something in a timely manner.
That said, I think when it comes to user data, there's no room for sloppiness.


Yeah, usually you'd feature flag something like this.
But there's also the possibility they were A/B testing, doing a phased rollout, running silently to check for bugs/stability, or a host of other reasons.
You could also just take Sweeney's word that they were rushing the feature and maybe just didn't bother to throw in a switch.

Really hard to say at this point, but bottom line is that the feature being on production clients prior to official launch doesn't mean anything conclusive.
But there is still literally no reason to do any of this to get just a friends list.

the Steam API has exists for years and years for JUST THIS.

And somehow their cludge workaround they made up on the spot is better? And he has the audacity to talk about security when the Epic launcher is known to have terrible email and account security? And wants to make Steam look like the vulnerable one?
 
Yeah, usually you'd feature flag something like this.
But there's also the possibility they were A/B testing, doing a phased rollout, running silently to check for bugs/stability, or a host of other reasons.
You could also just take Sweeney's word that they were rushing the feature and maybe just didn't bother to throw in a switch.

Really hard to say at this point, but bottom line is that the feature being on production clients prior to official launch doesn't mean anything conclusive.
This is absolutely true. with the rapid development of fortnite/launcher it wouldn't surprise me in the least if he is being straight about this.

But there is still literally no reason to do any of this to get just a friends list.

the Steam API has exists for years and years for JUST THIS.

And somehow their cludge workaround they made up on the spot is better? And he has the audacity to talk about security when the Epic launcher is known to have terrible email and account security? And wants to make Steam look like the vulnerable one?
Yup I agree also with this. They should have used the API and his excuse for not is thin as a wet sheet of single ply tp.
 
Oct 25, 2017
2,585
This is absolutely true. with the rapid development of fortnite/launcher it wouldn't surprise me in the least if he is being straight about this.
The Epic launcher is not some new out nowhere thing and they started data scrapping before they launched their Steam Friend linking.
 
Oct 25, 2017
2,262
OP
OP
Madjoki
Oct 25, 2017
2,722
But there is still literally no reason to do any of this to get just a friends list.

the Steam API has exists for years and years for JUST THIS.

And somehow their cludge workaround they made up on the spot is better? And he has the audacity to talk about security when the Epic launcher is known to have terrible email and account security? And wants to make Steam look like the vulnerable one?
And valve api don't need code. You do that from server. They already do Auth, so they have code there.
 
The Epic launcher is not some new out nowhere thing and they started data scrapping before they launched their Steam Friend linking.
I am not saying it is but they have a ridiculously release schedule and I doubt they follow rigorous standard practices when it comes to code releases. My statements were not saying they were right in doing this, just as to why it may have happened. again Not saying it was right to let it happen. They dun fucked up regardless of how it happend.
 
Oct 25, 2017
2,585
I am not saying it is but they have a ridiculously release schedule and I doubt they follow rigorous standard practices when it comes to code releases. My statements were not saying they were right in doing this, just as to why it may have happened. again Not saying it was right to let it happen. They dun fucked up regardless of how it happend.
The fact that they scrapped more then just the friends list means this wasn’t just a cludge job to hastily set up a linkup system.

You don’t need to look up peoples game history and playtime to find a friends list and they went out of their way to package all of that information for themselves. They did MORE work then Is necessary to find a friends list.

Even their cries that they didn’t upload any of it back ring hollow, why are you gathering the data you shouldn’t be getting if you are not using it?