OP
OP
News Epic Game Store, Spyware, Tracking, and You!
- Thread starter lashman
- Start date
Well, seems like I was able to decrypt the file:
It seems to be parsed to binary format (possible some used by Unreal Engine?).
It seems to parse VDF (valve definition format to that)
Interestingly TimSweeney specifically claimed they didn't parse the file for playtimes in addition to not using it.
It did seems odd claim (especially as he didn't have to make that claim), since if you used any kind of parser, you'd end up parsing everything, even if technically.
But they definitely seem to even save that information to new file in their own format, which I'd definitely count as "parsing".
It's just XOR.
XOR cipher - Wikipedia
For me key was 223, this may differ for you.
Yeah it doesn't. Much less keeping history even if it's just locally. Even if there is no code now, they could plausibly implement code in patch and get data from users and get rid of evidence. Or even stream code from server and instantly get rid off it (I believe Valve's VAC works similarly, for example, to make it harder to know what it actually checks). Possibilities are there. (But no proof whatsoever, just random thoughts)
---
Here's no warranty decode tool + source code if someone wants to try figuring out file contents:
MEGA
Just drag file into it and it will write decoded version with .dec extension.
It seems to be parsed to binary format (possible some used by Unreal Engine?).
It seems to parse VDF (valve definition format to that)
Interestingly TimSweeney specifically claimed they didn't parse the file for playtimes in addition to not using it.
It did seems odd claim (especially as he didn't have to make that claim), since if you used any kind of parser, you'd end up parsing everything, even if technically.
But they definitely seem to even save that information to new file in their own format, which I'd definitely count as "parsing".
It's just XOR.
XOR cipher - Wikipedia
For me key was 223, this may differ for you.
Yeah it doesn't. Much less keeping history even if it's just locally. Even if there is no code now, they could plausibly implement code in patch and get data from users and get rid of evidence. Or even stream code from server and instantly get rid off it (I believe Valve's VAC works similarly, for example, to make it harder to know what it actually checks). Possibilities are there. (But no proof whatsoever, just random thoughts)
---
Here's no warranty decode tool + source code if someone wants to try figuring out file contents:
MEGA
Just drag file into it and it will write decoded version with .dec extension.
OP
OP
well, well, well ... things are getting interesting
so you're saying a multi-billionaire CEO of a huge corporation LIED?! well i never ....
What's this? An article that doesn't say it is all on the head of Steam fanboys? So strange....
Look, all we found out is that they go through Steam folders to grab a lot more information than they claim to be after, and store several obfuscated full backups of this info on another directory, and all of that without bothering us users with pesky questions. I'm sure Tim will pinky swear that they filter out this "extra" data later.
OP
OP
That response from Valve is amazingly clean. They don't see this as a workaround that Epic had any right to use. I wonder how far Valve intends to take this, after they've looked into it further.
OP
OP
OP
OP
legally? who knows
but they sure as hell can make it impossible for epic to do that shit anymore ... so there's that
If Valve finds something then I think they'll ban Epic from using the API and make changes so that the file is inaccessible.
While the information on this file isn't something that usually would need be encrypted (and I don't want Steam encrypting everything like an UWP app) I don't think there is really any other choice here, specially if the press continues to do this "excellent" job of covering this issue.
Epic could have simply said they will start to use the API from now on but instead we got an "we will just check the registry first", so it seems they really want that data.
There is zero chance that as a private company they give this much info away freely, but I would like Steam to actually just kick the industry-wide standard of secrecy.
Privatize all user specific data so something like this can’t happen again, but start giving regular sales numbers that exponentially surpass the depth of industry standards like NPD and Media Create.
Privatize all user specific data so something like this can’t happen again, but start giving regular sales numbers that exponentially surpass the depth of industry standards like NPD and Media Create.
They can't give sales numbers without the constent of each and every company involved in the game probably. Which sucks. I suppose they could make it an opt in thing but given sales numbers would inevitably lead to charts the charts would be useless with major companies missing. As much as I'd still be interested in seeing the rest for myself, like how much indie game x sold. Although even indies wouldn't necessarily like to divulge that outside framing it on their own timing under their own PR message potentially if they attempt to change their fate by appealing to the community via media or something.
Would encrypting make it inaccessible to users? Cos in that case I'm sure the press would just speak of shady Steam not telling us what data it gathers.
If they do something they should also ban steamspy to scrape data or force to take down it.
As it is today, it indirectly is a competitor to Steam and more or less is stealing business information
OP
OP
well it's easier to change a few lines of text than to change your spying software
not that it makes any difference in the EU, lol
OP
OP
i'm not sure, but ... yeah, probably
pretty much everything leaves a trace in the registry
Doing a quick search using "epic" didn't bring back anything, but there might be some residue left
Turns out there were a couple installer-related stuff in there, but nothing of note it seems...