I'm so tired of seeing this information brainlessly posted everywhere and responding to each post separately. It's annoying. People hate on anti-vaxxers because 'they see a few articles on the Internet and blindly follow them while ignoring facts lol' and then do EXACTLY the same.

So you've probably seen this thread: https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/ or that image that originates from 4chan: https://i.imgur.com/BqVfzBd.jpg. They are quite possibly created by one person or one was created based on another because they mostly repeat the claims.

Now, if you know like anything about programming, like not even much, you don't even have to be a programmer, you might notice that the creator tries to read a .js file and complains about it being 'unreadable'. This is called minifaction (https://en.wikipedia.org/wiki/Minification_(programming)) and is done pretty much everywhere to limit the size of the used javascript files, so they don't weigh in on your data usage.

This is basic knowledge for anyone who dabbles with web development. And that person lacks that basic knowledge. He's also weirded out that the application is talking to itself, this is basically how most web apps work nowadays, seriously... He doesn't understand how fiddler and ProcMon work and basically blames everything he sees on the Epic launcher. The language he/she uses is also alarmist and childish. Do you really think it's a trustworthy 'article'?

The only programmaticaly bad thing that the launcher did was copying and reading your local Steam localconfig.vdf file for the friends list. This shouldn't happen as that information should be (most probably is) retrievable through Steam API. The official explanation is that was done because it was a quick workaround. Working as a programmer, I do believe that, as I know how it is when you're behind on a project and the deadline is very near. You don't have to. So yes, that's one thing that is worrisome and even though if you check on what's being sent with fiddler it looks like it's only your steam id and the friends list, POTENTIALLY, something more could be sent in the early stages of the 'workaround'.

If you want to read a bit more, you can check out this link: https://forum.facepunch.com/general/bvnqr/Epic-Games-Store-Is-Shit-But-It-s-Not-Spyware/1/ (even though, the author is a bit of a dick) or google for like 15 minutes on the topic of Epic Games Store being a spyware. It's been clearly debunked and there's completely no reason to believe so. Or you can do what I did, just use ProcMon and Fiddler and see for yourself. Then compare those results to what steamwebhelper, or in fact any other launcher, does.

So yeah, feel free to hate on Epic Games Store, they lack shitload of features (reviews and achievements when?) and they get on people's nerves by signing the exclusive deals (personally I don't care, but I see it's a big issue for some people). There's a lot of valid critique to be said. But please, if you start going on and on about their launcher being a spyware just know that you're embarassing yourself to most people with some technical knowledge and no one will take your other arguments seriously after that.

That is all, here, have some GAs for (not) reading my semi-rant.
https://www.steamgifts.com/giveaway/C16z2/crashlands
https://www.steamgifts.com/giveaway/7i0ce/steamworld-heist
https://www.steamgifts.com/giveaway/o3sbB/ultimate-chicken-horse

5 years ago*

Comment has been collapsed.

all i know is i love the free games

5 years ago
Permalink

Comment has been collapsed.

Epic Games Store might suck, but it's definitely NOT a spyware - Epic Employee

5 years ago
Permalink

Comment has been collapsed.

Whatever helps you sleep at night, mate :P

5 years ago
Permalink

Comment has been collapsed.

What helps me sleep at night is pretending the spyware I have in my computer doesn't spy on me.

5 years ago
Permalink

Comment has been collapsed.

"People hate on anti-vaxxers because 'they see a few articles on the Internet and blindly follow them"
what???
anti-vaxxers are very misinformed and causing outbreaks of measles. so hate is deserved!

5 years ago
Permalink

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

Yeah, that's what I meant. People are behaving like antivaxxers regarding the Epic's launcher, they saw one, misleading image online and just grabbed their pitchforks immediately.

5 years ago
Permalink

Comment has been collapsed.

well what you wrote was not clear, sounded like you agreed with anti-vaxxers. and as far as Epic, you seem wrong. I am not really following the Epic controversy, but I don't like spying. You should listen to Archi as he is a developer and seems to understand the issue better than you do.

5 years ago
Permalink

Comment has been collapsed.

Yeah, no, I'm also a developer, I just don't enjoy flaunting that much. I guarantee I understand the issue as well as he does, we differ in our interpretation though or in my opinion, he's overinterpreting based on no evidence.

I'll look into the phrasing though, I'm bad at writing long passages, I'll try to make the anti-vax bit a tad clearer.

5 years ago
Permalink

Comment has been collapsed.

Good post, and I agree.
Not new to me though, as I also checked this for myself like you suggested.
But, to be fair, this a bit getting bogged down in semantics. Because, as you mention in your initial post, the Epic Launcher did in fact access local files on the user's system only meant for internal use by Steam. And as others have already pointed out in here, that pretty much fits the definition of spyware. I don't think that there is any arguing around here, and Epic has to live with this accusation in this case.
But still, spot on, because this whole thing is getting totally blown out of proportion. All mixed together with some weird Anti-China sentiment and conspiracy theories only because of a business and investment partnership of Tencent with Epic Games? Really?
This is all pretty normal stuff, nothing to get riled up on. And I'm not defending China in any way, I don't care. Only a dead communist is a good communist, by the way. But please, let's get real here..

5 years ago*
Permalink

Comment has been collapsed.

View attached image.
5 years ago
Permalink

Comment has been collapsed.

My only hate epic store is that they have banned my country, and few others from all of their services, unlike steam.
they won't even allow us to download the launcher, so fuck them, I'm sticking with steam

5 years ago
Permalink

Comment has been collapsed.

NOT a spyware

The only programmaticaly bad thing that the launcher did was copying and reading your local Steam localconfig.vdf file

Those two statements contradict each other, so one of them is a lie. Dixi.

And, to make things clear - I don't hate epic game store.

5 years ago*
Permalink

Comment has been collapsed.

bump

5 years ago
Permalink

Comment has been collapsed.

You are completely right, my boyfriend and I were saying the same thing.

5 years ago
Permalink

Comment has been collapsed.

As a dumbass who's too dumb to have a real opinion, I'm still reeling from when you'd need to opt-out of stuff at checkout. Small beer, but it's that kind of fineprint BS that sounds off li'l red alarms that I don't like much. Only place I can think of that does that kinda garbage is G2A. So I mean...?

I guess... if it looks shady that doesn't mean it is shady but also doesn't mean I'll use it, maybe? Props for the write-up, though.

5 years ago
Permalink

Comment has been collapsed.

I am not going to discuss the whole "spyware" vs "not spyware" thing because you and I disagree on what the definition of spyware is. What I want to discuss is the following statement by you:

"The only programmaticaly bad thing that the launcher did was copying and reading your local Steam localconfig.vdf file for the friends list. This shouldn't happen as that information should be (most probably is) retrievable through Steam API. The official explanation is that was done because it was a quick workaround. Working as a programmer, I do believe that, as I know how it is when you're behind on a project and the deadline is very near. You don't have to. So yes, that's one thing that is worrisome and even though if you check on what's being sent with fiddler it looks like it's only your steam id and the friends list, POTENTIALLY, something more could be sent in the early stages of the 'workaround'."

I am a software architect with 25 years of experience and there are so many problems with this part:

  1. It's not a "bad thing" because the information is accessible from the API's. It's a bad thing because software is not supposed to look at other software that is installed on the computer. That just shouldn't happen. Windows doesn't enforce this but that doesn't mean that it's ok in any way, shape or form. It's totally unacceptable.
  2. The official explanation is hogwash. Getting information from the API (GetFriendList) is much easier than sniffing that information from a file on the computer. The API is clearly documented. You pass in a steam ID and they return a friend list. Nothing could be easier. Getting the information from the file means that you need to first analyze the file and then build some software to extract the information you need from the file. That's not easy, even if the file is not encrypted. This was a conscious decision to work around the API because they were worried that steam would block their requests. It had nothing to do with a "quick workaround".
  3. They were unethical in how they retrieved this information. Why would you give them the benefit of the doubt regarding what information they have sent through to the server? You don't know what was sent in the past and you don't know what will be sent in the future. They might have some detection looking for fiddler and only send limited information when that is running. They have proven themselves to be unethical and there is no way they should be given the benefit of the doubt on anything. At this point, they need to prove that they are trustworthy over a long time. They don't get that handed to them on a plate.
5 years ago*
Permalink

Comment has been collapsed.

Thank you.

5 years ago
Permalink

Comment has been collapsed.

Just to add to this. It appears that the game launcher does look at running processes so it's possible that they change the information that is sent based on those applications.

5 years ago
Permalink

Comment has been collapsed.

I agree on your points, as I said, I don't really understand their decision. It looks like it was actually a conscious choice as they said something along the lines of: "Yeah, we didn't want to copy it without the permission of user, but we do want to use Steam's file regardless of the existence of API". I'd actually like to know who made that call, because no experienced developer would (nor should) make that call, unless there are some unexpected reasons that are not known to me.

But still, I do give them benefit of the doubt, as everything that people say about any unwanted information being sent is pure speculation. I think it's okay to be careful with Epic, but I don't believe in putting someone on a trial based on assumptions only.

If anything like what you're saying would be confirmed then I'd delete the thread in a second, hell, I'll be first to grab pitchforks and write to EU officials about a significant breach upon the user's privacy law. Until then, I'm just going to stay tuned to the news about Epic and calm down people being paranoic about Chinese goverment spying on them. Personally, I'd like Epic to succeed, because I think Valve didn't have any pressure put on them for far too long, so I'm expecting good things to come of it in the long run. But hey, we'll see.

5 years ago
Permalink

Comment has been collapsed.

Let me put it this way. What other mainstream application accesses data files from other applications? I can think of two legitimate ones, Antivirus software and disk defragmenters. Of course malware does but there isn't any other legitimate reason to do it. I really doubt that you will find even one. It's like an unwritten rule and I wouldn't be surprised if it's against the MS certification rules.

What other files did they copy/access? If they are prepared to do this then why should I or anyone else trust what they say that they are doing with the data. That's like catching a person in your house and then letting him go because he says that he just doing a security check and wasn't planning on stealing anything. Why should we wait until they do something bad with the data? It's not even up to them. They could get bought I tomorrow by an advertising company and the new company could use the data.

If they want my trust then they should earn it. The first step should have been to remove the file and change the installer but they can't even be bothered to do that.

5 years ago
Permalink

Comment has been collapsed.

What other files did they copy/access?

I was wondering the same thing. Fortunately, with this current situation, they will be closely scrutinized down the road.

The first step should have been to remove the file and change the installer but they can't even be bothered to do that.

Indeed, you'd think that would have become high priority, given the amount of publicity it gained while EGS is still new on the scene. Instead, Tim spent his time running a smoke screen and making excuses.

5 years ago
Permalink

Comment has been collapsed.

There are at least two more, unfortunately:

  • "Anti-cheat software;" I read some have gone heuristic and I bet they are now analysing more than just the programs currently running.
  • The Origin client; as far as I know their EULA still states that by accepting it you give EA/Origin the right to scan every file on your pc and upload it to their servers. Unfortunately this hasn't stopped millions of people from downloading the Origin client.
5 years ago
Permalink

Comment has been collapsed.

I do agree on that it is somewhat shady. I've spent the last hour just checking the responses of Sweeney and Dan on reddit and Twitter and I must admit their explanations for not using Steam API are pretty, eh, weird... Like Sweeney posting an article about some app stealing user's data, while I'm sure they could just evoke Steam REST API manually without getting any external dependencies into their project.

I'm still giving them the benefit of doubt, but I'd like to see a proper post-mortem on this paired with an actual change to how the friends feature works to match other launchers and stores. As is of now, they're just taking a huge crap on their company's public image.

I've changed the title of the thread, as I can't guarantee that the launcher didn't send more data than the user agreed to.

5 years ago
Permalink

Comment has been collapsed.

5 years ago
Permalink

Comment has been collapsed.

Closed 3 years ago by Slowacki.