Black Mesa

Black Mesa

View Stats:
 This topic has been pinned, so it's probably important
The Privacy Policy matter
Howdy all!

After reading many reviews, especially the negative ones, we seem to have seen a trend that the privacy policy was in fact an issue for many players.

Until now, I have decided to lock all those threads to prevent them from turning into a political discussion as I witnessed in the past. However, this has caused some people to believe we had something to hide. We do not. Therefore, this pinned thread will be here to let anyone express their opinion and complaints around the privacy policy.

That being said, I would like for everyone to acknowledge Adam's note on this matter below.

Originally posted by [BMS:
Adam-Bomb]
The game does not collect any information other than usernames (display names in the game) and kill counts for the Black Mesa public servers. The ELUA and privacy policy were recommend to us by our lawyers, and while it is overly cautious (and therefor confusing), we'd rather be safe with the documentation.

We can reset or turn off server stat tracking, but we thought it would be a nice feature for players in the official servers.

Thanks for understanding.
< >
Showing 1-15 of 15 comments
Truder Jul 12 @ 8:00am 
How to Opt-Out From data collection - Privacy Policy
I searched previous posts here which sadly only provide limited information (one such explanation shows that the privacy policy is there to "cover legal bases" which while understandable I don't believe is truly acceptable.

Reading through the privacy policy, it looks like my only option is to contact Crowbar Collective to have any data related to me destroyed and to formally request no further data to be stored, are there no other options other than this?

While I'm clearly no legal expert, this privacy policy does not seem to be appropriate and there have definitely been people that are disgruntled about this policy.

I do appreciate that this is a delicate issue but it is important nevertheless, please could you look towards updating this policy to be more user friendly and respectful towards those who are indeed concerned about how their data is being used? (And if I may add, even though it's possible that no data isn't being collected or used, this policy does mean that there is potential for data to indeed be collected and used, it is very uncomfortable to know this).

Thanks
Howdy!

It is there for legal purposes, to comply with GDPR. The game itself does not collect any information whatsoever. It is there as a precaution to fill all the gaps.

Sadly, there is no way to "opt-out," but it is not like there is anything to opt out of to begin with.

Thanks for understanding.
I'm reading the reviews of this game for fun and apparently the privacy policy says they can take any info from your PC they want and give it to whoever??
Is this true or is this just a meme? I feel like if it was then Black Mesa would be boycotted and everyone would talk about this, but the amount of people who are saying this?
UPDATE: OK, it's not true. Don't worry.
The privacy policy has that there to be GDPR-friendly.
Legion Jul 12 @ 11:31am 
I'll directly copy paste the comment from a mod/dev in a thread made a few hours ago from a user with the same concerns.

'Howdy!

It is there for legal purposes, to comply with GDPR. The game itself does not collect any information whatsoever. It is there as a precaution to fill all the gaps.

Sadly, there is no way to "opt-out," but it is not like there is anything to opt out of to begin with.

Thanks for understanding.''
Last edited by Legion; Jul 12 @ 11:35am
Truder Jul 12 @ 11:38am 
I wanted to continue discussing this but the mod locked my topic before I could even reply which means this is clearly an issue for them.

The issue I find is, while they say they do not collect any information, the privacy policy does allow them to do that. I personally do not consent to that so I've done the only thing possible according the policy (other than not playing the game) and emailed Crowbar Collective.

I do believe that their policy isn't accurate and I am wondering if it's worth consulting data protection law specialists because this policy does give Crowbar Collective powers to use our data, despite what they say otherwise.

Please Crowbar Collective, tidy up this policy and ensure that we can have the ability to declare that we do not consent to any data collection regardless if there is any data collection occurring or not. It gives confidence, security and peace of mind.
Last edited by Truder; Jul 12 @ 11:41am
Howdy!

I have merged the previous discussions around this now.

Thanks for understanding.
Alright, I trust you. You don't collect any personally identifying data, only usernames and other server statistics. That's fine, I'm using your service, and you need data to identify one computer from the next.
What's stopping you from stealthily or openly collecting data then? The EULA does give every right for Crowbar to do so.
I'm no lawyer, of course, but starting a privacy policy in the lines of "The singleplayer game collects no data from the host computer". Sounds very GDPR-compliant. Multiplayer is another story, and I'm fine with data collection there, as it's required for the servers to operate.
[BMS] Adam-Bomb  [developer] Aug 3 @ 9:46am 
Originally posted by SigmaSquadron:
I'm no lawyer, of course, but starting a privacy policy in the lines of "The singleplayer game collects no data from the host computer". Sounds very GDPR-compliant. Multiplayer is another story, and I'm fine with data collection there, as it's required for the servers to operate.

Good questions.
1. Short of installing a virus, how would we get any data? You don't put your email or anything into Black Mesa, so we don't have access to anything anyway.
2. If we were going to do shady stuff, I don't think we would have bothered with an EULA that outlines what we were going to do.
3. To be compliant with GDPR and CCPA we would still need ways for people to remove any data we had collected (iirc).

The short answer is we don't collect data and we won't ever collect data :) We may amend the policy to state specifically why the policy says what it says, and to outline the server ranks.
1. You can very easily get data from an user's PC if any program that you control is running. Unless Steam is sandboxed, you'll be able to get information such as a disk's UUID, display size, CPU model, and a couple other things that could be used to identify and fingerprint a computer. Discord did something similar a while ago, by mining the UUIDs of the computers of their users. Especially on Windows, there is little to no sandboxing on Steam games, and quite a bit of data can be stealthily collected that would single out any computer that runs the game.
2. I think you would. If you didn't, I could very well go to court and attempt to prosecute Crowbar for illegal data collection under GDPR. If your policy allows for such collection, and a contract is accepted by the end user when they install the game, then the company is completely protected to do "shady stuff" by the law.

I do still have a couple of questions though.
1. If no data is collected in the singleplayer game, and only technically required data is used in the multiplayer game, why the overly protective policy? GDPR and CCPA doesn't need you to specify every type of data you can collect, only the types you do collect, and at that point, specifying that an user's IP address, username and other server-required data is collected is enough to comply with the law, without the need to give every right to Crowbar to collect data. This shouldn't be a problem, since no data is sold or kept, right?
2. Would separating the policy between the singleplayer and multiplayer game remove some confusion? If no data is collected in the singleplayer game, a simple "We don't collect, keep, or sell any data" would be more than GDPR-compliant.
[BMS] Adam-Bomb  [developer] Aug 3 @ 11:54am 
As I said, the policy is what our lawyer recommend. I don't pretend to know more about this stuff than them.

We're definitely not going to put in 2 separate policies, but we may clarify the one that is there.

I can understand why there may have been confusion on first reading the policy, but I'm not sure there is anything else to be said. We don't collect (outside of the server ranks) and we don't sell data. The privacy policy is intentionally over protective because CCPA and GDPR are vague laws.
Still, I can't trust you, and as far as I'm aware, there's nothing stopping you from lying about your data collection practices. I can only trust what is written in the contract, and thus, I must assume Crowbar Collective does indeed unnecessarily collect data using Black Mesa. You should talk to your lawyer. If no data is collected, then this isn't such an issue at all.
Originally posted by Peter Brev:
Howdy all!

Originally posted by [BMS:
Adam-Bomb]
The game does not collect any information other than usernames (display names in the game) and kill counts for the Black Mesa public servers. The ELUA and privacy policy were recommend to us by our lawyers, and while it is overly cautious (and therefor confusing), we'd rather be safe with the documentation.

The solution is simple:
Unless you guys plan to stealth-grab everything the players have of personal data in the future, you should ask your Lawyer to get you an ELUA and privacy policy that declares your actual data collecting. Such a simple change is necessary if you want to start gaining the trust of privacy-oriented players. Tell what you actually are doing and intend to do forward, not all what you might consider to do with infinite possibilities for infinite reasons.

The current ELUA and privacy policy might protect you from being sued by players who should have acknowledged these before starting the game, but it also gives Black Mesa an unnecessary bad reputation.
< >
Showing 1-15 of 15 comments
Per page: 15 30 50