Metro Exodus

Metro Exodus

View Stats:
Metro Exodus > General Discussions > Topic Details
New accusations that Epic Games launcher collects your steam data - friends & play history
Report:

"Madjoki has done some cyber-sleuthing and finds that upon starting your Epic Games Launcher, it “searches for Steam install and proceeds to get a list of files in your Steam cloud.” Within the files, there are essentially lists of your friends and games that you’ve played when you dig deep enough, all within your Epic Games Launcher files. You can follow the process yourself by going to the link above.

To confirm this, one of our writers looked into it and found that his Steam ID listed at the end of files of a folder."

https://techraptor.net/content/epic-games-responds-to-allegations-of-tracking-steam-data-with-epic-games-launcher


Accusation:

"So this comes originaly from Reddit, I found out via lashman Metacounil post.
(This is not endorsement of those findings)

But I tried to replicate those and found out that Epic Games Launcher on start up searches for Steam install
and proceeds to get list of files in your Steam Cloud (this includes mostly game saves for every user that has logged in on your PC)

Steam Cloud is stored under userdata\[account id]\ if you wanna check

It will also create encrypted copy of config\localconfig.vdf.
This file contains your steam friends, their name history (groups you're part of, are considered "friends").

It seems friends might be used for friends suggestions, but I don't even use that feature and it collects more than that.

While it's called "localhistory" it is synced from cloud

It will read, encrypt and then write copy to: C:\ProgramData\Epic\SocialBackup\RANDOM HEX CODE_STEAM ACCOUNT ID.bak
It will also keep historical entries there."

https://www.resetera.com/threads/developing-epic-games-launcher-appears-to-collect-your-steam-friends-play-history-epic-responds-see-op.105385/


Epic's Response:

"We use a tracking pixel (tracking.js) for our Support-A-Creator program so we can pay creators. We also track page statistics.

The launcher sends a hardware survey (CPU, GPU, and the like) at a regular interval as outlined in our privacy policy(see the “Information We Collect or Receive” section). You can find the code here.

The UDP traffic highlighted in this post is a launcher feature for communication with the Unreal Editor. The source of the underlying system is available on github.

The majority of the launcher UI is implemented using web technology that is being rendered by Chromium (which is open source). The root certificate and cookie access mentioned above is a result of normal web browser start up.

The launcher scans your active processes to prevent updating games that are currently running. This information is not sent to Epic.

We only import your Steam friends with your explicit permission. The launcher makes an encrypted local copy of your localconfig.vdf Steam file. However information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed ids of your friends are sent and no other information from the file.

Epic is controlled by Tim Sweeney. We have lots of external shareholders, none of whom have access to customer data."

Daniel Vogel
VP of Engineering
Epic Games Inc.

https://www.reddit.com/r/PhoenixPoi..._game_store_spyware_tracking_and_you/eijlbge/

Valve's Response

In a statement sent to Bleeping Computer today, Valve's Doug Lombardi said that the company is "looking into what information the Epic launcher collects from Steam." It sounds like Valve isn't too pleased about the whole thing.

"The Steam Client locally saves data such as the list of games you own, your friends list and saved login tokens (similar to information stored in web browser cookies)," wrote Lombardi. "This is private user data, stored on the user's home machine and is not intended to be used by other programs or uploaded to any 3rd party service.

"Interested users can find localconfig.vdf and other Steam configuration files in their Steam Client’s installation directory and open them in a text editor to see what data is contained in these files. They can also view all data related to their Steam account at: https://help.steampowered.com/en/accountdata."

In other words, Valve doesn't think the Epic Store client should be touching localconfig.vdf at all, and presumably would prefer it if Epic used the Steam API to gather friends lists.

For Epic's part, it has not said that the entire file is uploaded, only that it parses out user IDs and uploads hashes of them, should users import Steam friends. In the future, Valve could potentially encrypt local user data to prevent the Epic client and other software from copying it.

Valve hasn't said that, though. In an email to PC Gamer, Lombardi said that Valve has nothing more to add at the moment. I've also contacted Epic to see if it has a response beyond yesterday's Reddit posts, and will update this article if I receive a reply.

https://www.pcgamer.com/valve-doesnt-sound-too-happy-about-the-epic-store-copying-steam-data/
Last edited by Redeemed; Mar 15 @ 6:23pm
< >
Showing 1-15 of 26 comments
You can just remove the privileges to that folder from all users but your own and then the software can't write to it. You have to set yourself as the principal and remove inheritance.
Last edited by Jig McGalliger; Mar 14 @ 5:46pm
Originally posted by Jig McGalliger:
You can just remove the privileges to that folder from all users but your own and then the software can't write to it. You have to set yourself as the principal and remove inheritance.
True but still something consumers shouldnt be expected to do
mP3+Z Mar 14 @ 8:04pm 
Hope GDPR can do something about it.
this explains how Sergey knew 60% of the Fortnite players that had Steam installed didn't use it regularly
johnttwo Mar 15 @ 3:20am 
commie spys at epic using spyware on steam what will be next i wonder
Mark Mar 15 @ 4:28am 
Yet another reason not to support that horrendous excuse of a store.
Watch game journalists not cover this at all.
There is considering there is an API that steam has that lets outside clients do this while maintaining actual privacy rights.
I just had an e-mail this morning from Epic telling me that Division 2 released. Is this coincidence or not? That's another reason i'm not gonna touch that :thetoilet: store
Hadji* Mar 15 @ 5:28am 
Good thing I never touched that malware.

Sorry for all the idiots who downloaded this hot garbage.
Last edited by Hadji*; Mar 15 @ 5:29am
PREDATOR Mar 15 @ 1:46pm 
Originally posted by T♥r♥u♥n♥d♥l♥e:
I just had an e-mail this morning from Epic telling me that Division 2 released. Is this coincidence or not? That's another reason i'm not gonna touch that :thetoilet: store
Wth? I have the e-mail too and i do not have epic account. ♥♥♥♥ing spy ♥♥♥♥♥
PREDATOR Mar 15 @ 2:29pm 
Originally posted by Prowler:
Originally posted by PREDATOR:
Wth? I have the e-mail too and i do not have epic account. ♥♥♥♥ing spy ♥♥♥♥♥

Originally posted by T♥r♥u♥n♥d♥l♥e:
I just had an e-mail this morning from Epic telling me that Division 2 released. Is this coincidence or not? That's another reason i'm not gonna touch that :thetoilet: store

Screenshots of the emails?

Cause I do have an Epic account and I got no such email at all. So I bet it isn't coming from Epic at all.
Too late. Already mark this e-mail as SPAM and instantly deleted. ♥♥♥♥ing Epic crap ♥♥♥♥!!!
Yeah I already marked it as spam do not need proof from that. :taffy:
PREDATOR Mar 15 @ 2:36pm 
Originally posted by Prowler:
oh, how convenient.
Yes, it is. Dont want be spamed with this kind of ♥♥♥♥.
Viper Mar 15 @ 4:04pm 
Even if they collect this data which I doubt. I could not care less. It is useless data.
< >
Showing 1-15 of 26 comments
Per page: 15 30 50

Metro Exodus > General Discussions > Topic Details
Date Posted: Mar 14 @ 5:43pm
Posts: 35