I'm surprised it hasn't come fully back around to Valve's curation policies, really.
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
Developing: Epic Games Launcher appears to collect your steam friends & play history (Up2: Valve responds, See Threadmarks)
- Thread starter Madjoki
- Start date
And suddenly it's a privacy issue AND mass corporate espionnage.
We are starting to lose the thread.
I feel it's important to establish the extent of what Epic did here, before further speculating "how high up does this go"
Well it certainly seems like it's starting to work because the discussion about the actual issue has been derailed and we now have people calling others racists to deflect from the issues.
I agree, let's not worry about if this does go higher for now, let's worry about the most significant part of this that media outlets and people are trying to sweep under the rug using deflection.
We still don't know exactly what data is being taken when we link our accounts.
The file they use to take that info is encrypted and it's literally their word that they only take the friends list info when we enable it on EGS, but for some reason they package everything else in that file as well.
The file they use to take that info is encrypted and it's literally their word that they only take the friends list info when we enable it on EGS, but for some reason they package everything else in that file as well.
2 points were raised earlier in the thread (on my phone, so can't look for the quotes)
1) during the linking process the actual .bak file does not appear to be accessed (raising the question of why do those files even need to be there then).
2) someone described the .bak files as not being encrypted but using some substitution code (not sure about this, may have misunderstood that post).
And that just opens so many other things of, if none of it is accessed for the account linking, why are they being copied and accessed by the client for any reason at all?
It doesn't make any sense with the reason they gave us, they have literally admitted to looking up and coping data they aren't suppose to but promising they aren't actaully going to do anything with it.
It's like a mother catching her child with a hand in the cookie jar but the child says 'but I wasn't going to take any, I'm just putting my hand in the jar, trust me'
Great comment from the RPS comment section and I completely agree.
"I've been reading RPS from the start, and I've watched them open up and grow out of the "our secret treehouse of games"-mentality.
RPS has always been staffed with straight-shooters (in my opinion), who sometimes make mistakes, and often own up to them via introspective articles.
We may not always agree with their stances, but at least they've tended to have their stances backed up by sound thinking.
This seems different. Unfinished. As others have put more eloquently than me, this really seems like a PR piece, nonchalantly dismissing privacy concerns and accusing people of racism. This is not the RPS I know and love- it's far, far beneath the standard of excellence I expect from RPS.
Software companies have shown time and time again that they cannot be trusted with respecting our privacy, our systems' integrity and at times even legal guidelines for data storage/dissemination, etc.
Why should we trust Epic? Because they say so?
FWIW, I don't think they're spying for the Chinese govt. I do not, however, trust for a second that Epic wouldn't happily wave good-bye to our privacy it benefited them and they could get away with it."
I just want to add as well that, it not racist to criticise the foreign/domestic policy of a government that quite literally spies on its own citizens and being critical of their policies isn't a reflection of thoughts towards people living under these regimes and has nothing to do with their race.
That's like saying anybody who criticises Trump or the US government outside of America is being racist towards Americans which simply isn't true, it's not the fault of the citizens.
People are concerned about their data being shared, RPS haven't addressed the evidence here, they are suggesting that people are being conspiracy theorists for being concerned about their data and privacy and worrying about what Epic might do with this data, all we have is Tim Sweeneys word that he isn't sharing this data, is that supposed to be enough to reassure people?
Making excuses for poor corporate behaviour (possibly illegal) is something I really cannot stomach.
"I've been reading RPS from the start, and I've watched them open up and grow out of the "our secret treehouse of games"-mentality.
RPS has always been staffed with straight-shooters (in my opinion), who sometimes make mistakes, and often own up to them via introspective articles.
We may not always agree with their stances, but at least they've tended to have their stances backed up by sound thinking.
This seems different. Unfinished. As others have put more eloquently than me, this really seems like a PR piece, nonchalantly dismissing privacy concerns and accusing people of racism. This is not the RPS I know and love- it's far, far beneath the standard of excellence I expect from RPS.
Software companies have shown time and time again that they cannot be trusted with respecting our privacy, our systems' integrity and at times even legal guidelines for data storage/dissemination, etc.
Why should we trust Epic? Because they say so?
FWIW, I don't think they're spying for the Chinese govt. I do not, however, trust for a second that Epic wouldn't happily wave good-bye to our privacy it benefited them and they could get away with it."
I just want to add as well that, it not racist to criticise the foreign/domestic policy of a government that quite literally spies on its own citizens and being critical of their policies isn't a reflection of thoughts towards people living under these regimes and has nothing to do with their race.
That's like saying anybody who criticises Trump or the US government outside of America is being racist towards Americans which simply isn't true, it's not the fault of the citizens.
People are concerned about their data being shared, RPS haven't addressed the evidence here, they are suggesting that people are being conspiracy theorists for being concerned about their data and privacy and worrying about what Epic might do with this data, all we have is Tim Sweeneys word that he isn't sharing this data, is that supposed to be enough to reassure people?
Making excuses for poor corporate behaviour (possibly illegal) is something I really cannot stomach.
Thread whining is bannable. Report and move on.
"It's entirely racist to think a chinese company may be spying on people for its government"
C'mon.
While sure, there is a lot of fear mongering over Tencent with no evidence, there is reason to be worried that has nothing to do with racism, much like you can point out that certain facebook/youtube posts "sound like russion trolls/bots" or that certain MMO economies are dictated by chinese/venezuelan/korean farmers.
There is also the fact that the racism accusation comes from a piss poor written article that is being written to dismiss Epic's action and paint everyone concerned about it as Valve-fanboy-children-that-you-should-not-listen-to-since-they-may-even-be-racists, just another day on the internet! *slaps knee*
You are not the customer for video game journalism. You pay nothing to read most. You are a metric and traffic to sell ad rates. You can like them or hate them, you are still counted as a number if you click on it. They can write a great article or sensationalist trash. Remember that. Guess where they do get their money.
Last edited:
We really don't need to pass the blame on to Tencent, Epic are perfectley capable of doing this by themselves. It's not like american companies don't spy on their customers and competitors.
Yup, I think it's a big mistake to start talking about it like it's Tencent's doing. There is no proof of that, and doing so is a perfect way of derailing threads like this one.
Exactly.
Even if there is truth behind the Tencent stuff, there is no need to speculate when we already know Epic aren't to be trusted. You just weaken your argument.
I agree with you both as things currently stand and I also agree that we should all be focusing on the real issue which is what Epic have done.
The RPS article was a blatant deflection attempt and it worked but I am hoping we get back on to the real issues now.
I want to quote this again because.... well, has Sweeney or anyone else at Epic given an explanation for this?
Is there a reason why the "Non-english" publication see it far harder?
(German)Gamestar wrote a really good article.
(German) 4Players too.
(German)Gamestar wrote a really good article.
(German) 4Players too.
EU countries seem to put more emphasis on privacy concerns.
Most English speaking games media is US based, which don't care much about privacy concerns.
Notice how many of them minimize what is occurring at the same time companies like Facebook and google and being hauled up to Congress for privacy concerns
As far as I remember they did. Something about implementing code for testing or something like that. But I find it really curious that they added that just 2 weeks after Valve locked Steam accounts and Sergey wos most vocal about it and worked at Epic at that time.
We just have his assurances that none of that is linked and they have nothing to do with SteamSpy.
While they still have the guy running it on their payroll helping run the Epic Store.
Yeah not sure I buy it. "Implementing code for testing"... in a live, production setting? This doesn't add up.
And the community and the overall industry still hasent addresses Sergi running SteamSpy while working on a Steam competitor, still to this day.
And yet somehow it has nothing to do with Epic
This was their response to that:
I don't feel it's good enough (since people didn't even know that they would add that functionality in the future)
This was their response to that:
I don't feel it's good enough (since people didn't even know that they would add that functionality in the future)
Also the fact they are scraping way more than just friends ID's.
Makes no logical sense and sounds like they are being dishonest to me.
What's more, they claim the file that contains all of that extra information they scrape isn't even involved in the friend list linking.
And yet that begs the question, why is any of that data being accessed in the first place and copied. That file shouldn't even exist and all we have is their word that they don't touch it after making it.
I want to kind of add my final thoughts to this as things stand.
I am all for more competition in the PC space if it's for the benefit of consumers (prices coming down, more features and less demanding clients) so when I was aware Epic was coming into the market to compete with Steam I didn't view it as a bad thing.
The sad part is, now after everything that has happened, I have little faith they will turn this around and do what is right for consumers from a business or moral stand point.
And even if they did, the trust is fractured now so it is going to be really difficult to gain it back for most people.
Exactly, I won't be trusting the words of a company who have already failed to be transparent.
I am all for more competition in the PC space if it's for the benefit of consumers (prices coming down, more features and less demanding clients) so when I was aware Epic was coming into the market to compete with Steam I didn't view it as a bad thing.
The sad part is, now after everything that has happened, I have little faith they will turn this around and do what is right for consumers from a business or moral stand point.
And even if they did, the trust is fractured now so it is going to be really difficult to gain it back for most people.
Exactly, I won't be trusting the words of a company who have already failed to be transparent.
Fortunately the retail version of Division 2 seems to run directly through UPlay, what a thing to say these days...
Epic kinda looks like they're trying to take the Aldi approach to game stores but they're missing the low prices part. Guess they gotta do shady shit if they cannot offer customers a real reason to shop there...
Epic kinda looks like they're trying to take the Aldi approach to game stores but they're missing the low prices part. Guess they gotta do shady shit if they cannot offer customers a real reason to shop there...
This was their response to that:
I don't feel it's good enough (since people didn't even know that they would add that functionality in the future)
Wait... they are going to replace to local file copying with a registry check? Can they please stop snooping around the local files and just use the API that have exactly the function they are claiming to be interested in?
And there is that. Even *with* the user permission they are sill parsing a file that has more info then just the friends list. Their insistence in accessing local files even after all of this is really getting suspicous for me.
Ah, ignore that, read the original post wrongly, thought that the text ws what was originally in the Steam file.
And unlike Aldi, they don't have any professional gamers to pwn some kids and make them eat their dinner on time...lol.
Yeah it's very strange for a company that is denying collecting data to be creating files with more data than they claim to have access to.
"It's just for friends ID's guys, ignore all that other stuff, it doesn't exist and if it did that's just irrelevant data that we promise we will not access, trust us."
"Epic is also owned by Tencent, which is a Chinese company, so really if you criticize Epic you're also criticizing a Chinese company, which is racist. So if you criticize Epic you're being racist".
Aren't Medion a Lenovo company mostly known for making crappy cheap laptops?
Pretty sure they have nothing to do with Aldi, outside of Aldi having a deal with them to sell their laptops in some countries. Tesco used to sell them here.
OP
OP
Well, seems like I was able to decrypt the file:
It seems to be parsed to binary format (possible some used by Unreal Engine?).
It seems to parse VDF (valve definition format to that)
Interestingly TimSweeney specifically claimed they didn't parse the file for playtimes in addition to not using it.
It did seems odd claim (especially as he didn't have to make that claim), since if you used any kind of parser, you'd end up parsing everything, even if technically.
It's just XOR.
https://en.wikipedia.org/wiki/XOR_cipher
For me key was 223, this may differ for you.
Edit: Correct key is 255, this will produce original file as intended. with 223 some bits are corrupt, which is why it looked weird format.
Yeah it doesn't. Much less keeping history even if it's just locally. Even if there is no code now, they could plausibly implement code in patch and get data from users and get rid of evidence. Or even stream code from server and instantly get rid off it (I believe Valve's VAC works similarly, for example, to make it harder to know what it actually checks). Possibilities are there. (But no proof whatsoever, just random thoughts)
It seems to be parsed to binary format (possible some used by Unreal Engine?).
It seems to parse VDF (valve definition format to that)
Interestingly TimSweeney specifically claimed they didn't parse the file for playtimes in addition to not using it.
It did seems odd claim (especially as he didn't have to make that claim), since if you used any kind of parser, you'd end up parsing everything, even if technically.
It's just XOR.
https://en.wikipedia.org/wiki/XOR_cipher
Edit: Correct key is 255, this will produce original file as intended. with 223 some bits are corrupt, which is why it looked weird format.
Yeah it doesn't. Much less keeping history even if it's just locally. Even if there is no code now, they could plausibly implement code in patch and get data from users and get rid of evidence. Or even stream code from server and instantly get rid off it (I believe Valve's VAC works similarly, for example, to make it harder to know what it actually checks). Possibilities are there. (But no proof whatsoever, just random thoughts)
Last edited:
Well, seems like I was able to decrypt the file:
It seems to be parsed to binary format (possible some used by Unreal Engine?).
It seems to parse VDF (valve definition format to that)
Interestingly TimSweeney specifically claimed they didn't parse the file for playtimes in addition to not using it.
It did seems odd claim (especially as he didn't have to make that claim), since if you used any kind of parser, you'd end up parsing everything, even if technically.
But they definitely seem to even save that information to new file in their own format, which I'd definitely count as "parsing".
It's just XOR.
https://en.wikipedia.org/wiki/XOR_cipher
For me key was 223, this may differ for you.
Yeah it doesn't. Much less keeping history even if it's just locally. Even if there is no code now, they could plausibly implement code in patch and get data from users and get rid of evidence. Or even stream code from server and instantly get rid off it (I believe Valve's VAC works similarly, for example, to make it harder to know what it actually checks). Possibilities are there. (But no proof whatsoever, just random thoughts)
They are lying through their teeth. They are processing and analyzing all the data. Has someone checked if something is being sent back?
They also said that they were only looking at the friend list and they are collecting info about the played games.
Has anyone scanned their network traffic yet to see if any of this is being submitted?
We already know Epic are lying on some things. We need to see how deep the rabbit hole goes.
We already know Epic are lying on some things. We need to see how deep the rabbit hole goes.
Except it's clear they are doing way more then that, and CEF doesn't run like that. It's a closed container and none of your information would reside anywhere other then in Epics own folders.
Same.
I was fine with using it for a few free games, but I won't support such dishonest and shady practices. Especially when they are called out and still just lie through their teeth. Fuck Epic.
If they are collecting info from other areas of your disk for "future use" without permission that's dubious.
But let's say they don't send the data anywhere, just leave it "encrypted" on your disk where they know it is. They can still use that data within the EGS. Storing it on their servers is just a bonus for them. It's just that theycan't shouldn't then send that to their servers.
GDPR makes allowances for "trade secrets" I expect a lot of that to happen when people request the data Epic have collected on them.
But let's say they don't send the data anywhere, just leave it "encrypted" on your disk where they know it is. They can still use that data within the EGS. Storing it on their servers is just a bonus for them. It's just that they
GDPR makes allowances for "trade secrets" I expect a lot of that to happen when people request the data Epic have collected on them.
Germany is a pretty PC-centric country, and hardcore too. Probably the most in EU too (I can see France writing similar articles too).