Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Delicieuxz

Concerns arise over the Epic Games Store client doing non-authorized things on people's PCs - Tim Sweeney responds to the discussions

Recommended Posts

Posted · Original PosterOP

 

This topic first came up on Reddit, and has been also discussed elsewhere since.

 

There is drama, hyperbole, and hysteria involved, but there is also the detail of the EGS client scraping data on a person's PC without permission. This data may be limited, but the fact that it is done by scanning other programs (Steam) on a PC and that the system owner isn't notified or asked for permission to do it is concerning, to me.

 

Some people have raised an analogy between this and Valve's Steam client collecting system data for the the Steam hardware survey. However, that isn't analogous because the Steam client shows a prompt that asks whether a person wants to participate in the Steam hardware survey, and if the system owner declines to participate in the survey then the system hardware is never scanned.

 

Tim Sweeney has made various responses to the Reddit discussion, including an acknowledgement that some things about this are not as they should be and will be amended:

Quote

You guys are right that we ought to only access the localconfig.vdf file after the user chooses to import Steam friends. The current implementation is a remnant left over from our rush to implement social features in the early days of Fortnite. It's actually my fault for pushing the launcher team to support it super quickly and then identifying that we had to change it. Since this issue came to the forefront we're going to fix it.

 

 

Here's the original Reddit thread.

 

 

A more technical look has been made on the Tech Power Up forums. I've only added the first of the post's images in this quote. Look at the thread on Tech Power Up to see the others.

Quote

 

In a recent post over on Reddit a user has found just what the EGS gets up to when installed on your laptop.

Firstly, it is clear the client is listing all of the processes running on the system. As seen below

IRjCX3I.png.e5f660e6a3d9d2a1d3945a7b7db2d8cd.png

As well as following up with trying to access .dll files of other programs.
 
 [image]


What's more worrying is that the user goes on to show that the client likes accessing your root certs on the PC.

 

[image] 

As well as all things Internet related, including Cookies, Keys and other aspects.

 
[image]

As well as a hardware survey, like Steams, without asking your prior permission to do so
 
[image]
 
However, none of this is not as bad as the final, Despite users not wishing to link their Epic games account with their steam account or their friends list, and without any permission or notification Epic Games launcher is taking a copy of your steam localconfig.vdf. a file containing your entire steam data, Friends list, Games owned, playtime history.

Epic Games have confirmed that it is in fact true, with Tim Sweeney stating Epic "ought to only access the localconfig.vdf file after the user chooses to import Steam friends" .

With Epics links to Chinese company Tencent, it really does make you wonder what they're compiling all this data for and if it isn't getting passed on to other parties.

 

 
Link to post
Share on other sites

Yay even more stuff to throw at people when I say I refuse to touch epic! 


I spent $2500 on building my PC and all i do with it is play MTGA & watch anime at 720p...

Builds:

The Toaster Project! Northern Bee! The Cassette Deck!

 

The original LAN PC build log! (Old, dead and replaced by The Toaster Project & 5.0)

Spoiler

"Here is some advice that might have gotten lost somewhere along the way in your life. 

 

#1. Treat others as you would like to be treated.

#2. It's best to keep your mouth shut; and appear to be stupid, rather than open it and remove all doubt.

#3. There is nothing "wrong" with being wrong. Learning from a mistake can be more valuable than not making one in the first place.

 

Follow these simple rules in life, and I promise you, things magically get easier. " - MageTank 31-10-2016

 

 

Link to post
Share on other sites

These concerns are fairly overblown, though they do need to fix that localhost.vdf bodge soonish.

 

I'm more annoyed by their business decisions, competing to get devs to lock their games to EGS rather than competing to give end users a better experience, lower prices etc. - and of course side effects like Phoenix Point losing Linux support.

Link to post
Share on other sites
1 hour ago, Sakkura said:

These concerns are fairly overblown, though they do need to fix that localhost.vdf bodge soonish.

accessing these certificates is a BIG problem, most programs use them to encrypt files and data on the system, it also uses them to encrypt data sent to servers and other systems.

such as authentication and/or logon credentials and other sensitive data...

the reason they are accessible by other programs is because some enterprise's use a custom certificates for their networks, without it the client's requests get ignored and if done repeatedly, causes the network protection software (if they have one which most do) to block the client entirely from the network for security reasons since the program doesn't know the encryption that it needs to understand the network correctly.

 

granted valve should be encrypting the localhost.vdf file due to it containing "sensitive data" (i put it in quotes since some don't think it goes in the category of sensitive data)

but the fact that it's already taken it before even asking if you wanted to link the account is unacceptable since it's still feeding someone before asking if they are hungry.

the hardware servery thing can take a pass, most programs (chrome, firefox, vlc etc.) do this so the devs can understand the platform their products are running on, allowing them to better optimize the product for more common configurations. this is done automatically without user request, valve asks since it can be wrong (e.g running steam in wine on Linux gives incorrect results on the hardware) and that can give incorrect info to the devs (both for valve and companys developing games on steam) about what they need to do.


I once wrote a fan fiction between Luke and Dennis for Luke on one of his streams, he never read it, I SPENT 15MIN ON THAT!!!! (read it here: test1.docx )

and i am also the man who asked Linus to set his profile pic on twitter to something awesome: https://twitter.com/samiscool51/status/758526342396715009

(i didn't expect him to reply, nor for it to turn into official merchandise and actually affect LTT's video style!!!! i am god!!!) 

System Config: https://au.pcpartpicker.com/list/yJ2cQV















Anyone reading this is a very nosy wanker....

Link to post
Share on other sites

Aww, now the Fork-Knife the kids are talking about will be taken off of the ChatSnap and Facebook...


My "Amazing" Guide to Getting a Free Computer:  https://linustechtips.com/main/topic/1037246-hitch-hikers-guide-to-pc-dumpster-diving/

PC 1:

CPU: AMD Ryzen 7 1800X    GPU: EVGA Superclocked GeForce GTX 1080

RAM: 2x8GB Corsair Vengeance LPX 3000MHz DDR4    SSD: Crucial MX500 500GB

PSU: Corsair CX750M V2   HDD: Seagate Barracuda Compute 3TB 7200RPM

Case: Phanteks Eclipse P400STG Red/Black   MOBO: ASRock X370 Killer SLI/ac

OS: Windows 10 Pro  Keyboard:  Corsair K68 Red  Mouse:  Corsair M65 Pro RGB

 

PC 2:

CPU: Intel Core i7 3770    GPU: Sapphire PULSE Radeon RX 580 8GB

RAM: 1x8GB Adata 1600MHz DDR3    HDD: Seagate Barracuda 500GB 7200RPM

PSU: Corsair VS450     Case: NZXT H440 Red/Black

MOBO: Intel BOXDH77EB H77    OS: Windows 10 Home

Keyboard:  Rii RK100  Mouse:  Rosewill Fusion C40

 

LINUX:

CPU: Intel Pentium E5400   GPU: Intel 82G41 Chipset

RAM: 1x2GB Kingston 1066MHz DDR3    HDD: Seagate Barracuda 250GB 7200RPM

PSU: Sparkle-Power 300W     Case: Nobilis Micro ATX OEM

MOBO: Intel DG41WV 775   OS: Ubuntu LTS 18.04

Keyboard:  Apple A1048  Mouse:  Rosewill Fusion C40

 

MAC:

CPU: Intel Core i7 3615QM    GPU: Intel HD4000

RAM: 2x2GB Crucial 1600MHz DDR3    HDD: WD 1TB 5400RPM

PSU: Mac Mini PSU    Case: Mac Mini Case

MOBO: Mac Mini Motherboard    OS: macOS "Mojave"

Keyboard:  Apple MB110LL/A   Mouse:  Logitech M325

 

Consoles: Wii, SNES, NES, N64, Atari 7800, Commodore VIC-20, Genesis, Dreamcast, PS1, PS2, 2DS, Steam Link, and GBA

Link to post
Share on other sites

Salt needed, Reddit based source.

 

The guy that did this original write up on Reddit was obviously tilted at EGS before he even start looking into it. His whole write up sounds like someone who has a personal grudge and is looking for anything to make them look bad. They could have been uploading pictures of kittens and it would have been good enough for him.

 

I'm not saying he's not right, but I would rather someone who is more professional and at the very least unbiased look into this before we take anyone out to burn at the stake.

 

I did take a quick look through the .js file he uploaded and based on my limited programing knowledge, it looks like it is sending user data but it seems to be limited to web browser cookies, and browsing patterns from inside the EGS. As far as I can tell this is no worse than what something like Chrome would be tracking. Somebody who has more experience can jump in and correct me if I'm wrong.


Intel Xeon 1650 V0 (4.4GHz @1.4V), ASRock X79 Extreme6, 32GB of HyperX 1866, x2 XFX GTR RX 480 (@ 1370 MHz), Silverstone Redline (black) RL05BB-W, Crucial MX500 500GB SSD, Seagate Barracuda 500GB 7200RPM, WD AV-25 1TB 2.5" HDD, Seagate 2TB SSHD, SeaSonic Focus Plus Gold 850, x3 Acer H236HL, be quiet! Dark Rock Pro 4, Logitech K120, Tecknet "Gaming" mouse, Creative Inspire T2900, HyperX Cloud Flight Wireless headset, Windows 10 Pro 64 bit
Link to post
Share on other sites
7 hours ago, Delicieuxz said:

Some people have raised an analogy between this and Valve's Steam client collecting system data for the the Steam hardware survey.

Steam isn't involved with the Chinese.

Epic is....


That should be cause for concern...


"Hell is full of good meanings, but Heaven is full of good works"

Link to post
Share on other sites

Distribution exclusivity and spyware. Reasons to vouch for Epic


Awareness is key. Never enough, even in the face of futility. Speak the truth as if you may never get to say it again. This world is full of ugly. Change it they say. The only way is to reveal the ugly. To change the truth you must first acknowledge it. Never pretend it isn't there. Never bend the knee.

 

Please quote my post in your reply, so that I will be notified and can respond to it. Thanks.

Link to post
Share on other sites
Quote

You guys are right that we ought to only access the localconfig.vdf file after the user chooses to import Steam friends. The current implementation is a remnant left over from our rush to implement social features in the early days of Fortnite. It's actually my fault for pushing the launcher team to support it super quickly and then identifying that we had to change it. Since this issue came to the forefront we're going to fix it.

If Sweeney had been this transparent earlier on then I think most gamers wouldn't have hated EGS quite so much. It's definitely a step in the right direction.

Link to post
Share on other sites
2 hours ago, ZacoAttaco said:

If Sweeney had been this transparent earlier on then I think most gamers wouldn't have hated EGS quite so much. It's definitely a step in the right direction.

Yeah this, some stuff needs cleanup for sure. 

Link to post
Share on other sites

More reasons to never touch Epic Games launcher. Cool.
 

This makes me think of all those mobile apps that want access to essentially everything on your phone and want internet access... when they really have no business getting it in the first place because it's a single player game that doesn't access the internet. All that harvesting to deliver personalized ads to you and/or sell your info to other companies...


CPU: Intel Core i7 875k / GPU: Radeon HD7970 GHz 3GB  / RAM: Crucial Ballistix Sport 8GBx2 DDR3-1600
MOBO: ASUS P7P55D-e LX / SSD: Intel 520 120GB / Case: Cooler Master HAF912 / PSU: Corsair TX850w / OS: Windows 10 Pro

Link to post
Share on other sites
Posted · Original PosterOP
7 hours ago, Stefan Payne said:

Steam isn't involved with the Chinese.

Epic is....


That should be cause for concern...

To be honest, the US government harvests more data from everybody than any other country could - and the US government does it in partnership with all of the major tech companies and many thousands of the smaller ones.

Link to post
Share on other sites
1 minute ago, Delicieuxz said:

To be honest, the US government harvests more data from everybody than any other country could - and the US government does it in partnership with all of the major tech companies and many thousands of the smaller ones.

They don't hinder you in your travels when they don't like you, China does.


"Hell is full of good meanings, but Heaven is full of good works"

Link to post
Share on other sites
14 minutes ago, Delicieuxz said:

To be honest, the US government harvests more data from everybody than any other country could - and the US government does it in partnership with all of the major tech companies and many thousands of the smaller ones.

Wonder if they have got Valve to create a backdoor for them in steam...

Link to post
Share on other sites

I love this shit. 

image.png.302180d3f8fa2ed799397ae7a693643b.png

says the thread on a Tencent "owned" platform, which actively censors anti-chinese posts. 


muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to post
Share on other sites

They deserve anything and everything thrown at them, heck im pretty sure they just tell other devs to state there opinions to get attention of them, good riddance that we finally get to see reality finally, with their current strategy im sure Tencent will own 100% shares soon on Epic.

Link to post
Share on other sites

Not really knowing, but aren't they also going through general Windows cookies instead of EGS specific cookies (...Roaming\Microsoft\Windows\Cookies instead of something like ...Roaming\Epic\EGS\Cookies)?

 

Either way this is kind of bad. Steam at least asks you if you want to join the hardware survey and it really isn't that hard to know if some game from the launcher is running before updating (Steam and Battle.net at least do this through using their game overlay). This doesn't really bid well for the future of EGL, if they have rushed and done the bubblegum and duct tape in the beginning to get into this kind of light, I don't really want to know what flavour of bubblegum they are going to use to make the reviews and other features they are going to bring "as soon as possible" to compete against Steam.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×