
Epic Games Launcher appears to collect Steam friends and play history - fooey
https://www.resetera.com/threads/developing-epic-games-launcher-appears-to-collect-your-steam-friends-play-history-epic-responds-see-op.105385/
======
slashink
I’ll post Epic Games response in the thread here also.

———————————

We use a tracking pixel (tracking.js) for our Support-A-Creator program so we
can pay creators. We also track page statistics.

The launcher sends a hardware survey (CPU, GPU, and the like) at a regular
interval as outlined in our privacy policy(see the “Information We Collect or
Receive” section). You can find the code here.

The UDP traffic highlighted in this post is a launcher feature for
communication with the Unreal Editor. The source of the underlying system is
available on github.

The majority of the launcher UI is implemented using web technology that is
being rendered by Chromium (which is open source). The root certificate and
cookie access mentioned above is a result of normal web browser start up.

The launcher scans your active processes to prevent updating games that are
currently running. This information is not sent to Epic.

We only import your Steam friends with your explicit permission. The launcher
makes an encrypted local copy of your localconfig.vdf Steam file. However
information from this file is only sent to Epic if you choose to import your
Steam friends, and then only hashed ids of your friends are sent and no other
information from the file.

Epic is controlled by Tim Sweeney. We have lots of external shareholders, none
of whom have access to customer data.

Daniel Vogel VP of Engineering Epic Games Inc.

~~~
foxes
_> The launcher makes an encrypted local copy of your localconfig.vdf Steam
file._

This should not be done preemptively.

~~~
sigmar
Totally agree. It is too difficult for the average consumer to find out what
is does with that "local copy." Software shouldn't touch another program's
file without user consent.

~~~
AnIdiotOnTheNet
It's high time we started enforcing that by default at the OS level.

~~~
Wowfunhappy
It’s notable that you bring this up in a news story about PC gaming, which is
a prime example of why this _shouldn’t_ be enforced. There are huge community
efforts around modding games—adding features, updating old titles, improving
performance, etc etc. All of this is essential to PC gaming, and all of it
becomes impossible if software is sandboxed.

~~~
pfranz
You can look at macOS as an example. Using the command line I start searching
through my home directory. I get a pop up saying, "Terminal wants to access
your Contacts: yes/no" "Terminal wants to access your Calendar: yes/no." This
is the kind of behavior I think most people would like.

An example of the bad side is that Nvidia says they cannot develop drivers for
their cards because Apple hasn't allowed them to (Apple develops the drivers).
I technically believe they can, but they would have to make the user jump
through some very unreasonable steps (reboot into a maintenance mode and
disable integrity protection).

~~~
Wowfunhappy
> I technically believe they can, but they would have to make the user jump
> through some very unreasonable steps (reboot into a maintenance mode and
> disable integrity protection).

Just confirming this is accurate. SIP wouldn't need to be disabled completely,
just the blocking of unsigned kexts. (Apple allows you to selectively enable
and disable pieces of SIP).

I don't think this would be _so_ wholly unreasonable. The types of users
installing third party video cards in their Macs are the types of users who
should know how to do this. At the cost of their security, you could argue,
but of course you still have normal Unix root restrictions to protect you
there, as long as you're savvy enough to not grant such permissions to any
random software.

------
eeeeeeeeeeeee
I bought Metro Exodus on Epic Games recently. It was my second experience
outside of playing Fortnite on PC.

I completely understand why people do not want to pay the Steam tax, but the
Epic launcher is a scummy experience. Steam is popular and has a loud
following because it does not make unethical choices that annoy users. I have
no issue installing multiple launchers, either, but I don't want something
running on my system that operates in an unethical manor. And it's tiring how
common it is for companies to operate in this way, so we, as users, have to
scrutinize their behavior heavily.

For example:

1) By default, the Epic launcher appears to advertise "free games" via Windows
notification (popups). I never deliberately opted in to this. When I first saw
the notification, I was certain I had some sort of spyware on my system. It
looked like a spammy advertisement you see in free mobile games. I don't
believe even EA/ORIGIN has been gutsy enough to try something like this.

2) Epic launcher defaults to starting when Windows starts. I never explicitly
opted in to this. I'm sure I "affirmed" this somehow via some kind of user
agreement, but I don't ever remember seeing an explicit option.

~~~
learc83
>Steam is popular and has a loud following because it does not make unethical
choices that annoy users.

I don't think that's true. I think Steam is popular because they were in the
right place at the right time. Before Steam, the alternative for most games
was driving to the store--that's who they were competing with. Steam has done
many things to annoy users--they allow their store to be filled with absolute
garbage shovelware for one.

They still thrive because of momentum. The games are there because the user
base is there, the user base is there because the games are there.

~~~
AnIdiotOnTheNet
It's partly first-mover advantage, but also Valve has repeatedly made moves
that demonstrate their relative good will towards gamers and developers. Aside
from their own (vanishingly few) games, Valve has never enforced any kind of
exclusivity. You can even sell Steam keys through other vendors and Valve
doesn't even get a cut. They helped launch the indie explosion in the mid
oughties with their cross promotional stunts. They have so many sales, with
such outrageous discounts, that many of their customers have dozens if not
hundreds of games they unlikely to ever play. Said discounts set a new bar for
what a sale even looks like, with '40% off' often eliciting general consensus
of 'meh'. They have more tools to try and help users find games they might
like than anyone. They worked with HTC to develop new VR tech, again with no
exclusivity (unlike their competition). And as every Linux gamer here should
recognize: they've done more to make Linux gaming a realistic option than
anyone ever, and they never charged a dime for it.

As much flak as Valve gets for not curating games and letting games with
questionable content slide until some internets make a fuss, Steam is
actually, objectively, really great.

~~~
learc83
>Valve has never enforced any kind of exclusivity

Because they have no need to. Why deal with the backlash when they own the
market?

>They have so many sales, with such outrageous discounts

How does this demonstrate goodwill towards anyone? The developers are the ones
lowering the prices for those sales. And pushing down the price of games to
app store level prices isn’t something we should be celebrating. There's a
very good argument that encouraging deep discounts hurts the industry in the
long run.

>They have more tools to try and help users find games they might like than
anyone.

What do you mean “than anyone”. Versus itch.io and the brand new Epic store?
That’s not really a high bar. They could have 1 tool and that would literally
be more than anyone.

>And as every Linux gamer here should recognize: they've done more to make
Linux gaming a realistic option than anyone ever, and they never charged a
dime for it.

They never charged a dime for it because they were trying to expand their hold
over the market. This is like praising Google giving away Android. Their
interest in Steam is because they were worried Microsoft was going to use the
Windows store to force them off of Windows.

> Steam is actually, objectively, really great

You definitely can’t say it’s _objectively_ great because it could be a lot
worse. A single player dominating the market is almost never great for anyone.

~~~
AnIdiotOnTheNet
> Because they have no need to. Why deal with the backlash when they own the
> market?

They didn't always own the market. Steam was not embraced by PC gamers when it
debuted, yet Valve never asked for exclusivity agreements while it was growing
and still doesn't ask for them even as new competitors emerge.

> What do you mean “than anyone”.

I mean precisely that, more than literally anyone else selling games anywhere
at all. The fact that no one else even bothers doesn't detract from the fact
that they try.

> They never charged a dime for it because they were trying to expand their
> hold over the market.

Years ago, that was a worthwhile argument. A happy alignment of interests. But
now, when it is incredibly unlikely they're going to close the OS and force
everyone into a walled garden? Seems wasteful of them to expend as many
resources as they do on things like Proton.

> You definitely can’t say it’s objectively great because it could be a lot
> worse.

Um... what? I can't say it is really great because hypothetically it could be
worse?

> A single player dominating the market is almost never great for anyone.

I don't disagree at all with that sentiment, but lets give credit where credit
is due here. Valve earned their position at the top for a variety of reasons,
and notably _they aren 't trying to use that position anti-competitively_.
Isn't that exactly the kind of behavior we want to acknowledge and support?

I'm not going to give Epic a free pass just because they're not Steam,
especially when they pull the anti-gamer shit they pull. There's already GOG
and itch.io, which I'm much happier to support if I want to support someone
for not being Steam.

~~~
learc83
>They didn't always own the market.

Before they owned the market they were new and trying to win customers.
Exclusivity agreements tend to happen when a previously dominant player starts
to lose market share, not when a company is still in a growth phase.

>I mean precisely that, more than literally anyone else selling games anywhere
at all.

That's like praising Windows PCs for having the best Antivirus software in
1997. I mean yeah you're not wrong but...

Most of Steam's competition are stores from publishers with small catalogs
that don't need the kind of discovery mechanisms that Steam does. GOG is has a
much smaller curated selection so they same thing applies. Itch has a large
catalog, but they are so small that they can't even be considered a competitor
because of the network effects in Steam's favor.

>Um... what? I can't say it is really great because hypothetically it could be
worse?

That sentence should have said "just because". You can't say it's objectively
great just because it could be worse.

>I'm not going to give Epic a free pass just because they're not Steam

Who wants to give them a free pass? They'd probably be worse if they had a
completely dominant market position the way Steam does. I don't want anyone to
be completely dominant. I want competition. Their 30% cut and refusal to
filter shovelware harms the industry because for 99% of indie devs, they
completely control the market.

------
xupybd
I just attempted to sign up with Epic. Only my email address had already been
signed up. I used the password reset and took over the account. No games just
setup with a strange name and in Thailand. Now I can’t buy games because of
the country. I can’t change country. Support wants a photo of my passport,
that’s not happening, to change country.

I found an article showing many email addresses had been signed up in the same
way. Epic was not validating email addresses.

They’ve lost my business.

~~~
mattigames
What is the incentive for people to pretend they own those email addresses?

~~~
xupybd
No idea the only feasible possibility I've come up is to damage Epics customer
relations. I don't know maybe it was just some idiot with a list of emails and
script but no real game plan.

Here is the an article discussing others with the same issue
[https://twinfinite.net/2019/03/psa-epic-store-doesnt-
validat...](https://twinfinite.net/2019/03/psa-epic-store-doesnt-validate-
email-addresses/)

Here is the last email I got from Epic:

Jan E. March 15, 2019, 11:39 +1300 | Conversation ID: #9950515 Hi (Player's
Name),

Thanks for the information!

I know how important it is for you to update and change your country to your
Epic account. No worries, I got your back and I'll do my very best to assist
you with your request. Additionally, I know how frustrating it can be. Please
know that here at Epic Games, we are serious about the player's security and
we assure you that your email address is secured as long as you keep the
password updated or enable 2FA.

In order to change the country on your account I will need you to reply with
an image of one of the following items with your name and address visible:

 _Passport_ Personal identification *Recent rent or mortgage statement

Any other personal information should be blacked out.

I'll be looking forward to hearing from you soon.

~~~
thedaemon
Are you required to prove your Country on sign up? I think not. So why all of
the rigmarole to change it? I'm guess for legal reasons.

~~~
dave7
It's because games can be cheaper in countries where the economy is weaker.
$60 in USA is a standard price, but that's outrageous in Thailand, and here
Epic might charge the equivalent of $30. They do not want people shopping
around for the cheapest country to purchase games from.

A passport is somewhat ridiculous, as is the lack of initial email
verification, of course.

------
m463
The fact that they even mess with files outside their directory means any
answer they give is ingenuous.

Some other steam games have much worse behavior. The EULA you had to accept
for Square Enix games was so horrible that I have games purchased on my system
that I will not play. I should probably ask steam for a refund.

If you want an interesting book to read, I recommend Dan Ariely's "The honest
truth about dishonesty".

In particular, license agreements seem to work like disclosure he mentions.
The way it works is that there is a veneer of justification that allows for
all sorts of unethical behavior.

~~~
rurounijones
Oh dear, I have a bunch bought(mostly due to nostalgia, haven't played them on
steam)

Can you give an example and the shennanigans it does?

~~~
m463
I remember the last time I tried launching a square enix game I got to the
accept dialog and read the terms and conditons.

Since then I think they have reworded their privacy policy.

It used said they could collect basically every interaction you ever had with
their games, information on your system unrelated to the game, and when
agreeing it was binding, irrevocable and forever.

the current policy is here, and it is still amazing:

[https://www.square-enix-
games.com/en_US/documents/privacy](https://www.square-enix-
games.com/en_US/documents/privacy)

read the first section - they basically collect everything they can and can
share it with everybody.

------
Disparallel
Note that the original reddit thread[1] is pretty suspect and alarmist. The OP
is clearly inexperienced with the process inspection tools they are playing
around with. They complain about the launcher using minified JS, opening dlls,
and checking root certificates among other things all of which are very normal
things for a desktop application to do.

[1][https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_g...](https://www.reddit.com/r/PhoenixPoint/comments/b0rxdq/epic_game_store_spyware_tracking_and_you/)

------
hoorayimhelping
Skip the clickbaity title drama and read Epic's response, which is included a
little bit lower down on the top post, before forming an opinion.

~~~
minimaxir
The title isn't clickbait and is the most fair phrasing possible for this
situation. (the Epic response provides more sensible context for the
allegations)

------
vamos_davai
I don't see what's wrong with this if they asked for permission first. I gave
access to Epic Games to collect info on who my steam friends are so I could
play Apex with them.

~~~
phonypc
Confusing Epic launcher for Origin? Or Fortnite for Apex?

~~~
vamos_davai
Ah I did confuse Origin Launcher for Epic. Thanks for addressing that.

------
Benjamin_Dobell
I don't know if it was in response to this debacle, but Epic Games have
published a public roadmap for the Epic Games launcher on Trello:

[https://trello.com/b/GXLc34hk/epic-games-store-
roadmap](https://trello.com/b/GXLc34hk/epic-games-store-roadmap)

------
k_sze
On a related note, Steam could (should?) also encrypt that data on disk, using
a key derived from your Steam account ID (not your Steam password, because you
may need to change the password), so that no other process can snoop on your
Steam profile without your explicit consent to begin with.

~~~
philpem
The simple fact of the matter is, this shouldn't even be necessary.

An application shouldn't be sniffing the user's private data from another app
without explicit permission.

This is literally the sort of thing a piece of malware would do, grab your
data and upload it to the botnet...

~~~
k_sze
I agree. But it doesn’t hurt to put up preemptive defense. In fact, the OS
should also isolate and encrypt per-app profiles. And when one app wants to
access data that belongs to another app, it should ask the user’s permission.
I don’t know if any of the major desktop OSes (including Linus distros)
already provide this kind of mechanism, and that it’s just the app developers
not bothering to use the mechanisms.

------
Criper1Tookus
Why I'm not surprised some people are already defending or at least minimizing
this?

I certainly don't want one program snooping data from other installed programs
without my explicit permission.

And this explains how Galyonkin knew how much of the Fortnite players had
Steam installed and, specifically, were using it on a regular basis.

------
xwat
There's also this annoying problem with the launcher multicasting stuff on
network constantly.

[https://www.epicgames.com/fortnite/forums/bug-
reports/battle...](https://www.epicgames.com/fortnite/forums/bug-
reports/battle-royale-aa/455395-aggressive-multicasting)

------
ratling
I mean, they're owned by Tencent and have zero experience with this outside of
Fortnite. Pretty much what I expected to happen (not this specific gaffe but
in general).

About what I expected. Say what you want about Steam but they made most of
their most dumbass mistakes years ago and learned from them.

------
scoutt
Any explanation on why the links for the source code on Github are dead, and
the repositories are gone?

------
Gunstig2Snath
Even if you didn't install it, one of your steam friends probably did which
included you with it :O

------
keithnoizu
Jokes on them, I don't have any friends.

------
stunt
It would be Epic, if it was true.

