Sections

Epic responds to accusations of Steam data mining

Update: Valve is "looking into" issue that Epic's Tim Sweeney attributed to “our rush to implement social features in the early days of Fortnite”

Original story, March 15, 2019: Epic Games has defended itself against claims that its digital games store is accessing users' Steam data and transmitting information back to the company.

The accusations stem from a Reddit thread that says the Epic Games Store launcher enumerates running processes and attempts to access root certificates and DLLs without the user's knowledge.

It was also claimed that the launcher transmits data back to Epic without making the reasons clear. PC Gamer confirmed that it specifically access Steam files as well.

Responding to the thread, Epic's vice president of engineering Daniel Vogel attempted to explain all this.

He claimed a tracking pixel was used as part of the firm's Support-A-Creator program "so we can pay creators" and track page statistics. The root certificate and cookies access were explained away as "a result of normal web browser start up" because the launcher's UI uses a lot of web technology rendered by Chromium.

Access to Steam's files centres around the ability to import Steam friends, with Vogel stressing the Epic Games Store only does so "with your explicit permission."

"The launcher makes an encrypted local copy of your localconfig.vdf Steam file," he explained. "However, information from this file is only sent to Epic if you choose to import your Steam friends, and then only hashed IDs of your friends are sent and no other information from the file."

Vogel also addressed concerns that collected user data was getting into the hands of Tencent -- which owns a majority of Epic -- and by extension the Chinese government.

"Epic is controlled by Tim Sweeney," said Vogel. "We have lots of external shareholders, none of whom have access to customer data."

Sweeney himself weighed in, acknowledging users were right in some of their concerns and that "we ought to only access the localconfig.vdf file after the user chooses to import Steam friends."

He said the current setup is "a remnant left over from our rush to implement social features in the early days of Fortnite."

"It's actually my fault for pushing the launcher team to support it super quickly and then identifying that we had to change it," he said. "Since this issue came to the forefront, we're going to fix it."

Update, March 18, 2019:Valve has confirmed that it is investigating the information the Epic Launcher collects from Steam.

In a statement issued to Bleeping Computer, a Valve spokesperson said: "The Steam Client locally saves data such as the list of games you own, your friends list and saved login tokens (similar to information stored in web browser cookies).

"This is private user data, stored on the user's home machine and is not intended to be used by other programs or uploaded to any 3rd party service."

Epic responded by point to the paragraph in its previous statement about the need for "explicit permission" from the user before Epic imported lists of Steam friends.

Additional reporting by Matthew Handrahan.

Related stories

Epic paid 505 Games parent over $10m for Control PC exclusivity

Digital Bros financial statements reveal exclusivity deal payout for Remedy's latest release

By Rebekah Valentine

Darq developer offers Epic revenue to charity if given non-exclusivity

Unfold Games offers to let the gaming community choose which organisation would receive donations

By James Batchelor

Latest comments (1)

James Prendergast Research Chemist 6 months ago
I don't see the problem here. I mean, it's freely open data on the user's end. The user "agrees" to this in the EULA in the sense that the company provides protection to what it decides is private information. Clearly, the files in question are neither protected or private from the end-user themselves. IMO, any company that gets the approval from their users to "mine" that data (granted, it's a bit murky that Epic explicitly laid this out) has no issue with the original provider or the user themselves...

At the same time, from the other side, it's, IMO, impossible for the controlling/issuing company to deny the ability of the user to apply or share that personal, private information with a third party as they see fit. A.K.A. Steam have no leg to stand on to challenge this or any other similar action.

Edited 2 times. Last edit by James Prendergast on 19th March 2019 10:22am

0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.