Epic Games hasn’t had the easiest time with the launch of its Store, with many criticising its lack of features, poaching of exclusive titles and now, allegedly mining data from Steam without permission. The studio has since responded to the accusations, stating that while it does collect user data, it only does so when it has a purpose and never without permission.
The allegations initially appeared on Reddit, suggesting that the Epic Games Store was utilising spyware to enumerate a user’s processors while the software is open, access the DLLs of other applications and diving into root certificates. The person behind the lengthy post revealed that they were by no means an expert, but its “odd registry” actions cause concern and seem to corroborate claims that Epic Games’ partnership with Tencent was resulting in the collection of data on behalf of the Chinese government.
A reply chimed in on Epic’s supposed mining of Steam files, stating that the Store was “making their own copy of the localconfig.vdf Steam file” under the guise of encryption. This file in particular contains friend data, games owned on the account and when each title was last booted.
Epic Games responded to the accusations, giving an explanation to each individual claim. It was revealed that “tracking.js” is the tracking pixel used to help pay users of its Support-A-Creator program, as well as keep an eye on page statistics. This is all outlined in the company’s privacy policy, as a part of the “Information We Collect or Receive” section.
“The UDP traffic highlighted in this post is a launcher feature for communication with the Unreal Editor. The source of the underlying system is available on github,” explains Epic's vice president of engineering Daniel Vogel, although users require an account with free UE4 access before opening the link. “The majority of the launcher UI is implemented using web technology that is being rendered by Chromium (which is open source). The root certificate and cookie access mentioned above is a result of normal web browser start up.”
As for Steam data, Epic states that it only accesses Steam’s friend data when importing friends at the request of the user. The encryption is not to cover this fact up, but to secure it and send hashed friend IDs when the import process has been executed.
Lastly, Vogel took the time to once again deny claims that Epic is being dictated by outside forced like the Chinese government. “Epic is controlled by Tim Sweeney. We have lots of external shareholders, none of whom have access to customer data.”
KitGuru Says: It seems as though the Epic Games Store is still doing many things without asking, such as taking the Steam friend data ‘just in case’ it needs to use it in the future and indulging in regular hardware surveys without permission. It’d be nicer to conduct actions like these when needed and with the express consent of each person.