AlphaAtlas
[H]ard|Gawd
- Joined
- Mar 3, 2018
- Messages
- 1,713
This week, users on Reddit accused Epic Games of spying on their customers through the Epic Games Store software. Among other things, the thread accuses the Epic client of making a copy of Steam's localconfig.vdf, sending hardware information and a list of running processes to Epic, and generally accessing things it has no business accessing. This being Reddit, it quickly snowballed into a front-page post without much 3rd party verification, and much like he did after the previous scandals, Tim Sweeny has already posted a couple of official responses to the accusations.
Before he did, I briefly investigated some of those claims last night, and found that the client does, in fact, dive into Steam's userdata folder for all local Steam accounts as well as periodically generate a list of running processes. Notably, it started doing all this before I touched anything in the client's interface beyond logging into my Epic account. But I didn't find much beyond that, and Sweeny's Reddit responses seem to offer plausible explanations for the suspicious behavior. For example, he claims that Epic scrapes Steam's "localconfig.vdf" file for the purpose of importing Steam friends without relying on their API, and nothing else. It shouldn't be doing this before I use the import feature, but the CEO said that the relatively frequent and premature scraping is a consequence of the feature's quick-and-dirty implementation, which they will soon rectify. Meanwhile, I (and a security expert I talked to) speculated that the list of running processes could be used for anti-cheat purposes, but Epic claims they actually use it for compatibility checking, and don't upload or share it with anyone. Naturally, all this controversy brought up the fact that the Tencent owns a 40% stake in Epic Games, and once again, they had to re-iterate that the Chinese media giant doesn't control the company, nor do they share any user data with them. None of this necessarily absolves Epic Games of any guilt, but I don't think they were caught "red handed" like some posts and news outlets would lead you to believe.
Tencent is a significant, but minority shareholder in Epic. I'm the controlling shareholder of Epic. I reckon that many of you here at /r/pcgaming don't much like me or my decisions, but the decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs... That info may be stored in the Steam file, however we never parse it, and it's never sent to Epic. The only information that's sent to Epic are hashes of Steam friend ids, and only if you explicitly choose to import your Steam friends. We're working to update the implementation so that the Epic Games launcher only touches the Steam file at all if you choose to import friends.
Before he did, I briefly investigated some of those claims last night, and found that the client does, in fact, dive into Steam's userdata folder for all local Steam accounts as well as periodically generate a list of running processes. Notably, it started doing all this before I touched anything in the client's interface beyond logging into my Epic account. But I didn't find much beyond that, and Sweeny's Reddit responses seem to offer plausible explanations for the suspicious behavior. For example, he claims that Epic scrapes Steam's "localconfig.vdf" file for the purpose of importing Steam friends without relying on their API, and nothing else. It shouldn't be doing this before I use the import feature, but the CEO said that the relatively frequent and premature scraping is a consequence of the feature's quick-and-dirty implementation, which they will soon rectify. Meanwhile, I (and a security expert I talked to) speculated that the list of running processes could be used for anti-cheat purposes, but Epic claims they actually use it for compatibility checking, and don't upload or share it with anyone. Naturally, all this controversy brought up the fact that the Tencent owns a 40% stake in Epic Games, and once again, they had to re-iterate that the Chinese media giant doesn't control the company, nor do they share any user data with them. None of this necessarily absolves Epic Games of any guilt, but I don't think they were caught "red handed" like some posts and news outlets would lead you to believe.
Tencent is a significant, but minority shareholder in Epic. I'm the controlling shareholder of Epic. I reckon that many of you here at /r/pcgaming don't much like me or my decisions, but the decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs... That info may be stored in the Steam file, however we never parse it, and it's never sent to Epic. The only information that's sent to Epic are hashes of Steam friend ids, and only if you explicitly choose to import your Steam friends. We're working to update the implementation so that the Epic Games launcher only touches the Steam file at all if you choose to import friends.
Last edited: