Tim Sweeney: The Epic Game Store Doesn’t Spy on People

Tim Sweeney: The Epic Game Store Doesn’t Spy on People

Users investigating the Epic Game Store have come away with some concerns about how the code operates. Various posts at Reddit and Resetera have been filled with (self-acknowledged) amateur sleuthing/investigations on how the Epic Game Store works and how it behaves once installed. Epic CEO Tim Sweeney and VP of Engineering Daniel Vogel have taken to Reddit to discuss some of these findings, possibly kicking off additional controversy in the process.

There are several different threads of concern running through the initial remarks. Some users are concerned about Epic’s association with Tencent and believe that this means Epic would distribute spyware through the Epic Game Store to gather data about user PCs in secret. Some users are angry about Epic convincing developers who had put a game up on Steam already to instead move it to the EGS.

Much of the behavior categorized by users as potentially suspicious, like enumerating running processes, really aren’t. For the most part, this appears to be a tempest in a teacup. For example, the launcher does enumerate all currently running processes — so it can avoid attempting to update games that are currently running. It uses a tracking pixel to cover the Support-A-Creator program so it can pay creators. Code for various functions, like the Hardware Survey and the UDP traffic created by an Unreal Editor communication function, can be found on Github. Epic’s VP of Engineering, Dan Vogel, responded to some of these concerns in his own posts.

Tim Sweeney: The Epic Game Store Doesn’t Spy on People

But Sweeney does acknowledge one point where gamers have a genuine complaint. At launch, the Epic Game Store scans and makes an encrypted copy of the localconfig.vdf Steam file. Vogel writes:

We only import your Steam friends with your explicit permission. The launcher makes an encrypted local copy of your localconfig.vdf Steam file. However information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed ids of your friends are sent and no other information from the file.

Users have asked why Epic would need to import this information this way, given that Steam includes APIs that allow other applications to access this sort of data without scanning files in other folders. Sweeney’s response hasn’t gone over particularly well:

The current implementation is the result of a system that was built quickly and then rapidly modified before launch as the online team identified that we needed to authenticate with Steam on the web (in case there were multiple Steam users on the PC) and make other privacy-oriented changes identified by the online team. It’s a klunky method that we’ll fix… We don’t use the Steam API because we avoid including third-party code in our engine wherever possible, as it often brings its own privacy, security, and licensing complications (though Valve has a fine reputation).

This is not a particularly good explanation. Even if Epic has no nefarious intent — and there’s no proof they do — there’s also no reason not to make a specific exception for a specific, trusted, third-party. And maybe more to the point, it’s clear that the privacy expectations of users aren’t even being considered, here.

Sweeney goes so far as to acknowledge that the current method EGS uses to perform this task is the result of a rushed delivery schedule and a tight timeframe to add social features to Fortnite, but he apparently believes that the mistake is in scanning the file before the user chooses to import Steam friends. The idea that his application shouldn’t be scanning user files at all when an API exists to gather this information in another fashion, or that the EGS is performing a malware-like activity, doesn’t seem to have occurred to him — or, if it did, it’s viewed as less of an issue to breach user expectations of privacy than to risk the privacy issues inherent to integrating an isolated third-party API usage to perform a specific task.

While I don’t agree with Sweeney’s decision on this topic, I have a hard time arguing with the logic. In a world where Facebook deliberately shares private and personal information on tens of millions of people with companies that never should have been allowed to see it, the idea that scanning a single file for a list of friends you won’t even upload without permission would constitute a privacy violation is pretty laughable by comparison.

The constant drumbeat of Facebook privacy scandals hasn’t just damaged Facebook. The fact that Facebook and so many other companies continue to be allowed to exist with little-to-no meaningful punishment after breach after breach and scandal after scandal also demonstrates how little value is placed on privacy, anonymity, or security by our society overall. This arguably feeds the unconscious perception that these aren’t issues that actually need to be considered when designing a product.

There is, as far as we can tell, no evidence that the Epic Game Store is spying on people or performing untoward PC monitoring. I’d love to end this story with a discussion of how frustration with Epic’s policies might be a sign Silicon Valley would start to consider user privacy more seriously and to take more steps to secure it. But honestly, I’m not feeling that optimistic.

Continue reading

Elon Musk: SpaceX Will Send People to Mars in 4 to 6 Years
Elon Musk: SpaceX Will Send People to Mars in 4 to 6 Years

SpaceX and Tesla CEO Elon Musk likes to make bold claims. Sometimes he comes through, and we end up with a reusable Falcon 9 rocket, but Musk also has a tendency to get carried away, particularly when it comes to Mars. The SpaceX CEO has long promised a Mars colony on an aggressive, and some…

190,000 Ceiling Fans Recalled After Blades Fly Off, Hitting People
190,000 Ceiling Fans Recalled After Blades Fly Off, Hitting People

King of Fans is recalling some 190,000 ceiling fans sold through Home Depot after the blades began detaching during operation.

Signia Active Hearing Aids Review: For People Who Love Earbuds
Signia Active Hearing Aids Review: For People Who Love Earbuds

For many people, the idea of wearing hearing aids comes with a stigma, even if it would benefit them. So hearing aid companies have been working on new form factors to try and make that less of an issue. We review one of the latest, the earbud-shaped Active Pro model from Signia.

Newegg Forced People to Buy Gigabyte Power Supplies With Catastrophic Failure Rates
Newegg Forced People to Buy Gigabyte Power Supplies With Catastrophic Failure Rates

An investigation into Gigabyte power supplies has found that an unacceptable number of units suffer failures, many of them explosively. What makes all of this worse is that the same two model numbers known to be affected were part of Newegg's forced bundling program earlier this year.