From https://metacouncil.com/threads/epic-game-store-spyware-tracking-and-you.766/, originally from Reddit https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/
Another user continued studying and found that it was scanning contents of their Steam directory:
In addition, we know that data tracking was always meant to be a key component of the Epic store, with Sergey Galyonkin stating he wants to be able to give much more usage data to third party developers than what Steam currently allows. We also recently had him state how many users of the Epic store had Steam running and now we know how: They track all running processes on your machine.
This is about what I've found after poking the Epic Game Store client for a bit. Keep in mind that I am a rank amateur - if any actual experts here want to look at what I've scraped and found, shoot me a DM and I can send you what I've got.
One of the first things I noticed is that EGS likes to enumerate running processes on your computer.
As you can see, there aren't many in my case; I set up a fresh laptop for this. This is a tad worrying - what do they need that information for? And why is it trying to access DLLs in the directories of some of my applications?
More worrying is that it really likes reading about your root certificates.
Like, a lot.
In fact, there's a fair bit of odd registry stuff going on period. Like I said, I'm an amateur, so if there are any non-amateur people out there who would be able to explain why it's poking at keys that are apparently associated with internet explorer, I'd appreciate it.
It seems to like my IE cookies, too.
In my totally professional opinion, the EGS client appears to have a severe mental disorder, as it loves talking to itself.
I'm sure that this hardware survey information it's apparently storing in the registry won't be used for anything nefarious or identifiable at all.
Steam is at least nice enough to ask you to partake in their hardware surveys.
Now that's just what it's doing locally on the computer. Let's look at traffic briefly. Fiddler will, if you let it, install dank new root certs and sniff out/decrypt SSL traffic for you. Using it and actually reading through results is a right pain though, and gives me a headache - and I only let the Epic client run long enough to log in, download slime rancher, click a few things, and then I terminated the process. Even that gave me an absolute shitload of traffic to look through, despite filtering out the actual download traffic.
I didn't see any massive red flags in the traffic. I didn't see any root certs being created. But I also had 279 logged connections to look at by hand, on an old laptop, and simply couldn't view it all, there's an absolute fuckload of noise to go through, and I didn't leave the client running for very long. It already took me hours to sort through the traffic, not to mention several hundred thousand entries in ProcMon.
If you want to replicate this, it's pretty easy. Grab Fiddler and set it up, enable SSL decryption (DON'T FORGET TO REMOVE THE CERTS AFTERWARDS), start up Epic, and watch the packets flow, like a tranquil brook, all the way to Tim Sweeney's gaping datacenters. Use ProcMon if you want an extremely detailed, verbose of absolutely everything that the client does to your computer, you'll need to play with filters for a while to get it right. And I'm sure there are better ways to view what's going on inside of network traffic - but I am merely a rank amateur.
I give this game storefront a final rating of: PRETTY SKETCHY / 10
I also welcome attempts from people who do this professionally to take a crack at figuring out what sorts of questionable things the Epic client does. Seriously, I'd love to know what you find.
NB: CreateFile in ProcMon can actually indicate that a file is being opened, not necessarily created.
edit: oh yeah it also does a bunch of weird multicast stuff that'll mess with any TVs on your network. Good job, Epic.
Another user continued studying and found that it was scanning contents of their Steam directory:
In addition, we know that data tracking was always meant to be a key component of the Epic store, with Sergey Galyonkin stating he wants to be able to give much more usage data to third party developers than what Steam currently allows. We also recently had him state how many users of the Epic store had Steam running and now we know how: They track all running processes on your machine.
