News Epic Game Store, Spyware, Tracking, and You!

lashman

lashman

Dead & Forgotten
Sep 6, 2018
33,330
93,667
113
Edit: the reddit stuff was meh ... but madjoki looked deeper into the steam stuff ... replacing the OP with his findings:

madjoki said:
Here's my findings on this topic, I also posted to ResetEra.

But I tried to replicate those and found out that Epic Games Launcher on start up searches for Steam install
and proceeds to get list of files in your Steam Cloud (this includes mostly game saves for every user that has logged in on your PC)

Steam Cloud is stored under userdata\[account id]\ if you wanna check

It will also create encrypted copy of config\localconfig.vdf.
This file contains your steam friends, their name history (groups you're part of, are considered "friends").

It seems friends might be used for friends suggestions, but I don't even use that feature and it collects more than that.

While it's called "localhistory" it is synced from cloud

It will read, encrypt and then write copy to: C:\ProgramData\Epic\SocialBackup\RANDOM HEX CODE_STEAM ACCOUNT ID.bak
It will also keep historical entries there.

As for contents of file:

Example of friends entry:

MEgXCG2.png


Play history, will contain last playtime

5peS608.png


300 = Day of Defeat

Code: 
"300"
                    {
                        "LastPlayed"        "1384125348"
                    }

(1384125348 is unix timestamp near end of 2013). Apparently I have played this then.

To replicate these findings you can use Microsofts Process Explorer:

docs.microsoft.com

Process Explorer - Sysinternals

Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.
docs.microsoft.com

It's recommended to add filter: "ProcessName is EpicGamesLauncher.exe" otherwise there will be tons of crap. Also you can set Drop Filtered events to save on memory.

First step is finding out where Steam is:

TYgs6Hg.png


Then it will enumerate everything in Steam Cloud.

It doesn't seem to read anything, but just names of all your saves of games

s7aZl70.png


Then it will read localconfig.vdf

qpgGA4s.png


after it's done:

8pGAeFK.png


42834588 = steam account id

76561197960265728 + account id = steam id = 76561198003100316 (this is my account)
Click to expand...
 
Last edited:
  • Like
Reactions: Deku, InquisitorAles, DriftedPlanet and 11 others
Didn't they even say they wanna give developers as much userdata as legally possible?
 
  • Like
Reactions: lashman
Mivey said:
Not that surprising. This should land them in trouble in the EU, for sure, if it can be shown that this data is also leaving your PC without express agreement from you.
Click to expand...

hopefully
 
gabbo said:
So I guess I'll be uninstalling the client now. Jeesus
Click to expand...

i mean - it might not be accurate, obviously ... but even if everything else isn't a big deal or accurate - what the fuck are they looking for in people's steam folders?!
 
We need this tweeted about in poorly-translated Russian so Galyonkin can deny it.

The guy is reaching Bond villain-like levels of shamelessness at this point - he, and Epic in general, appear to have absolutely no concern as to how they're perceived, so I assume they'd simply brush this off, too. That Tencent and Fortnite cash armour is thick and strong.
 
  • Like
Reactions: lashman
Ok. Bus Simulator 2018 was released in June 2018. I installed the mod tools for the simulator (unreal engine) in June 2018. I also found several "backups" with my steamID (steamID3 to be precise) in the filenames. First backup was made in June 2018. What the fuck? Why?
 
  • Like
Reactions: DriftedPlanet, Kurt Russell and lashman
sk2k said:
Ok. Bus Simulator 2018 was released in June 2018. I installed the mod tools for the simulator (unreal engine) in June 2018. I also found several "backups" with my steamID (steamID3 to be precise) in the filenames. What the fuck?
Click to expand...

yeah, apparently they've been doing this since AT LEAST May of last year ... maybe longer
 
  • Like
Reactions: DriftedPlanet, sk2k and Kurt Russell
Here's my findings on this topic, I also posted to ResetEra.

But I tried to replicate those and found out that Epic Games Launcher on start up searches for Steam install
and proceeds to get list of files in your Steam Cloud (this includes mostly game saves for every user that has logged in on your PC)

Steam Cloud is stored under userdata\[account id]\ if you wanna check

It will also create encrypted copy of config\localconfig.vdf.
This file contains your steam friends, their name history (groups you're part of, are considered "friends").

It seems friends might be used for friends suggestions, but I don't even use that feature and it collects more than that.

While it's called "localhistory" it is synced from cloud

It will read, encrypt and then write copy to: C:\ProgramData\Epic\SocialBackup\RANDOM HEX CODE_STEAM ACCOUNT ID.bak
It will also keep historical entries there.

As for contents of file:

Example of friends entry:

MEgXCG2.png


Play history, will contain last playtime

5peS608.png


300 = Day of Defeat

Code: 
"300"
                    {
                        "LastPlayed"        "1384125348"
                    }

(1384125348 is unix timestamp near end of 2013). Apparently I have played this then.

To replicate these findings you can use Microsofts Process Explorer:

docs.microsoft.com

Process Explorer - Sysinternals

Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more.
docs.microsoft.com

It's recommended to add filter: "ProcessName is EpicGamesLauncher.exe" otherwise there will be tons of crap. Also you can set Drop Filtered events to save on memory.

First step is finding out where Steam is:

TYgs6Hg.png


Then it will enumerate everything in Steam Cloud.

It doesn't seem to read anything, but just names of all your saves of games

s7aZl70.png


Then it will read localconfig.vdf

qpgGA4s.png


after it's done:

8pGAeFK.png


42834588 = steam account id

76561197960265728 + account id = steam id = 76561198003100316 (this is my account)
 
  • Like
Reactions: freshVeggie, InquisitorAles, DriftedPlanet and 12 others
Sampson said:
Also the Steam friends thing is complete bull. I purposefully have zero friends on my Steam profile and therefore would never have linked Epic and Steam for "friends" purposes. It's doing this all on its own.
Click to expand...

yup ... you don't even have to click the "find steam friends" button ... it does that the moment you install and run it

so ... yeah ...
 
  • Like
Reactions: Prodigy, Kurt Russell and Ex-User (307)
Sampson said:
Don't worry bud, since they don't do any actual email verification, you may already be the lucky owner of an account created in your name by someone else!
Click to expand...

yeah ... i'll never be able to understand it ... volvo has like 50 locks and verifications on people's accounts ... and epic is just "yeah, go ahead, you don't even need to confirm your email" ... like WUT?!
 
  • Like
Reactions: DriftedPlanet and Kurt Russell
Glad I never even bothered with Epic Store/Account. No Epic crap on my PC except for Unreal Engine stuff I guess.

lashman said:
literally nothing is being tracked about anyone on MC ... even google analytics isn't linked, or so i've heard ;)
Click to expand...

\o/ bless. At least according to NoScript, the only google anything is the ajax.api which I assume is needed for the various add-ons and stuff here.

I love that MC is so clean in that regard. No ads, barely any scripts. Feels safe.(y)
 
  • Like
Reactions: DriftedPlanet, oipic, lashman and 4 others
... wow. I guess that's what happens when customers are so low in your list of priorities.

I'm feeling reaaaaaaaaaly smart for installing it to try Subnautica and "to be able to have an informed opinion on the launcher".

And this explains how Galyonkin knew 60% of the Fortnite players that had Steam installed didn't use it regularly.
 
  • Like
Reactions: DriftedPlanet, oipic, lashman and 2 others
I'm holding off on bringing out the pitchforks just yet. Here's the thing, there is legitimate information that could be used by Epic's game launcher regarding Steam and its presence, very similar to how a browser would want to import settings from another browser type. Now, I'm not going to defend Epic saying they are doing this or doing that, but there's a variety of situations where getting information from Steam and your system makes sense:

  1. Collecting information regarding what games you own, specifically in conjuction with stopping you from buying them again.
  2. Collecting info about what games could have cross-compatibility in terms of online multiplayer that don't use Steam servers, but external ones.
  3. Collecting compatibility info regarding games that are installed with directx versions, etc.
  4. The ability to import information from a Steam account into a Epic account in the future (it could be a feature)

Now granted, this should be brought up to Epic and this should be presented to them and see their reaction, but I hate to break it to you all: but a lot of companies do this when it comes to those that have multiple platforms and options available. That doesn't make it right per say, but this is also information publicly available in most cases regarding your steam profile and the information in your steam profile. Epic's not really THAT different in that regard.
 
  • Like
Reactions: DriftedPlanet, Kurt Russell, oipic and 2 others
† Echo † said:
\o/ bless. At least according to NoScript, the only google anything is the ajax.api which I assume is needed for the various add-ons and stuff here.

I love that MC is so clean in that regard. No ads, barely any scripts. Feels safe.(y)
Click to expand...

awww, thanks :cat-heart-blob: and yeah, some of the "usual stuff" is being downloaded from CDNs ... like jQuery, Twemoji etc. ... you know, "the works" :P

Dragnix said:
I'm holding off on bringing out the pitchforks just yet. Here's the thing, there is legitimate information that could be used by Epic's game launcher regarding Steam and its presence, very similar to how a browser would want to import settings from another browser type. Now, I'm not going to defend Epic saying they are doing this or doing that, but there's a variety of situations where getting information from Steam and your system makes sense:

  1. Collecting information regarding what games you own, specifically in conjuction with stopping you from buying them again.
  2. Collecting info about what games could have cross-compatibility in terms of online multiplayer that don't use Steam servers, but external ones.
  3. Collecting compatibility info regarding games that are installed with directx versions, etc.
  4. The ability to import information from a Steam account into a Epic account in the future (it could be a feature)
Now granted, this should be brought up to Epic and this should be presented to them and see their reaction, but I hate to break it to you all: but a lot of companies do this when it comes to those that have multiple platforms and options available. That doesn't make it right per say, but this is also information publicly available in most cases regarding your steam profile and the information in your steam profile. Epic's not really THAT different in that regard.
Click to expand...

yeah, of course ... the thing is - they start collecting all of that data the moment you install and run the client ... NOT when you click the "find steam friends" button

also - they aren't even using the steam API apparently, so this method goes completely around your privacy settings on steam

not to mention the fact that they REALLY don't need most of it anyway - they're only supposed to check your friends list - that's the only thing you're giving them permission to do by clicking that button (and i don't care what they have in their ToS or EULA - none of that shit is applicable in the EU :P)
 
  • Like
Reactions: DriftedPlanet, Deleted member 113 and Kurt Russell
madjoki said:
Steam profiles are private by default.

Actually Kurt Russell 's image shows this starting when (May 2018) Steam made their profiles private by default, assuming this isn't coincide, this could be done to bypass privacy options you set.
Click to expand...

yeah, exactly!

that's why services like gog connect tell you to make your profile public ... because they are using steam's API - which does respect the privacy settings

EGS doesn't ask for that when you "import friends", correct?
 
  • Like
Reactions: DriftedPlanet and Kurt Russell
I see we're in the "You're tracked already, why do you care about this?" stage.

Some people don't care. Some people care so much that they go out of their way to use non-mainstream OS setups and applications.

Personally, I don't care as much as that latter group, but I do like to have as much clarity as possible about when my data is going to be used.

Sure, I know Google collects my data, but I can pretty readily see almost all of what they track in my account, so I've accepted it out of convenience. I know Facebook collects my data and sells it, so I deleted my personal account and only keep a business account that is used in a container browser quarantined away from everything else. I know websites try to track me everywhere I go, that's why I almost always have extensions like uBlock and Privacy Badger on so that as much of the tracking is muffled as possible. I know that Apple tracks my usage analytics on my MacBook and iPhone, but I've accepted using their products (for now) because of their strong stance on encryption.

There's a huge difference between transparent data collection, especially data collection where you can actually see what was collected, and data collection happening behind your back. Collect analytics on me if you want, but you should at least be required to notify me beforehand.
 
  • Like
Reactions: RionaaM, DriftedPlanet, Deleted member 113 and 3 others
Dragnix said:
I'm holding off on bringing out the pitchforks just yet. Here's the thing, there is legitimate information that could be used by Epic's game launcher regarding Steam and its presence, very similar to how a browser would want to import settings from another browser type.
Click to expand...

I'm struggling to see any justifiable reason for Epic to be tracking what is being played on Steam, or when it was last played, other than for nefarious data mining purposes - particularly given they're doing so without any sort of acknowledgment or seeking of consent.

Imagine the media uproar if the tables were turned and Valve introduced sneaky Epic Launcher activity tracking to Steam! We'd never hear the end of it.
 
  • Like
Reactions: Kurt Russell, lashman and Ex-User (307)
73 More Posts...
You must log in or register to reply here.
Top Bottom