Home / Gaming / Tim Sweeney: The Epic Game Store Doesn’t Spy on People

Tim Sweeney: The Epic Game Store Doesn’t Spy on People

This site may earn affiliate commissions from the links on this page. Terms of use.

Users investigating the Epic Game Store have come away with some concerns about how the code operates. Various posts at Reddit and Resetera have been filled with (self-acknowledged) amateur sleuthing/investigations on how the Epic Game Store works and how it behaves once installed. Epic CEO Tim Sweeney and VP of Engineering Daniel Vogel have taken to Reddit to discuss some of these findings, possibly kicking off additional controversy in the process.

There are several different threads of concern running through the initial remarks. Some users are concerned about Epic’s association with Tencent and believe that this means Epic would distribute spyware through the Epic Game Store to gather data about user PCs in secret. Some users are angry about Epic convincing developers who had put a game up on Steam already to instead move it to the EGS.

Much of the behavior categorized by users as potentially suspicious, like enumerating running processes, really aren’t. For the most part, this appears to be a tempest in a teacup. For example, the launcher does enumerate all currently running processes — so it can avoid attempting to update games that are currently running. It uses a tracking pixel to cover the Support-A-Creator program so it can pay creators. Code for various functions, like the Hardware Survey and the UDP traffic created by an Unreal Editor communication function, can be found on Github. Epic’s VP of Engineering, Dan Vogel, responded to some of these concerns in his own posts.


But Sweeney does acknowledge one point where gamers have a genuine complaint. At launch, the Epic Game Store scans and makes an encrypted copy of the localconfig.vdf Steam file. Vogel writes:

We only import your Steam friends with your explicit permission. The launcher makes an encrypted local copy of your localconfig.vdf Steam file. However information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed ids of your friends are sent and no other information from the file.

Users have asked why Epic would need to import this information this way, given that Steam includes APIs that allow other applications to access this sort of data without scanning files in other folders. Sweeney’s response hasn’t gone over particularly well:

The current implementation is the result of a system that was built quickly and then rapidly modified before launch as the online team identified that we needed to authenticate with Steam on the web (in case there were multiple Steam users on the PC) and make other privacy-oriented changes identified by the online team. It’s a klunky method that we’ll fix… We don’t use the Steam API because we avoid including third-party code in our engine wherever possible, as it often brings its own privacy, security, and licensing complications (though Valve has a fine reputation).

This is not a particularly good explanation. Even if Epic has no nefarious intent — and there’s no proof they do — there’s also no reason not to make a specific exception for a specific, trusted, third-party. And maybe more to the point, it’s clear that the privacy expectations of users aren’t even being considered, here.

Sweeney goes so far as to acknowledge that the current method EGS uses to perform this task is the result of a rushed delivery schedule and a tight timeframe to add social features to Fortnite, but he apparently believes that the mistake is in scanning the file before the user chooses to import Steam friends. The idea that his application shouldn’t be scanning user files at all when an API exists to gather this information in another fashion, or that the EGS is performing a malware-like activity, doesn’t seem to have occurred to him — or, if it did, it’s viewed as less of an issue to breach user expectations of privacy than to risk the privacy issues inherent to integrating an isolated third-party API usage to perform a specific task.

While I don’t agree with Sweeney’s decision on this topic, I have a hard time arguing with the logic. In a world where Facebook deliberately shares private and personal information on tens of millions of people with companies that never should have been allowed to see it, the idea that scanning a single file for a list of friends you won’t even upload without permission would constitute a privacy violation is pretty laughable by comparison.

The constant drumbeat of Facebook privacy scandals hasn’t just damaged Facebook. The fact that Facebook and so many other companies continue to be allowed to exist with little-to-no meaningful punishment after breach after breach and scandal after scandal also demonstrates how little value is placed on privacy, anonymity, or security by our society overall. This arguably feeds the unconscious perception that these aren’t issues that actually need to be considered when designing a product.

There is, as far as we can tell, no evidence that the Epic Game Store is spying on people or performing untoward PC monitoring. I’d love to end this story with a discussion of how frustration with Epic’s policies might be a sign Silicon Valley would start to consider user privacy more seriously and to take more steps to secure it. But honestly, I’m not feeling that optimistic.

Now Read:

Let’s block ads! (Why?)

ExtremeTechGaming – ExtremeTech


Leave a Reply

Your email address will not be published.

twelve + 10 =

Read previous post:
ET Deals: Get Civilization VI With Humble Strategy Bundle

This site may earn affiliate commissions from the links on this page. Terms of use. Let’s engage our brains, and...