Epic Games Denies Client Spying Accusations

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
This week, users on Reddit accused Epic Games of spying on their customers through the Epic Games Store software. Among other things, the thread accuses the Epic client of making a copy of Steam's localconfig.vdf, sending hardware information and a list of running processes to Epic, and generally accessing things it has no business accessing. This being Reddit, it quickly snowballed into a front-page post without much 3rd party verification, and much like he did after the previous scandals, Tim Sweeny has already posted a couple of official responses to the accusations.

Before he did, I briefly investigated some of those claims last night, and found that the client does, in fact, dive into Steam's userdata folder for all local Steam accounts as well as periodically generate a list of running processes. Notably, it started doing all this before I touched anything in the client's interface beyond logging into my Epic account. But I didn't find much beyond that, and Sweeny's Reddit responses seem to offer plausible explanations for the suspicious behavior. For example, he claims that Epic scrapes Steam's "localconfig.vdf" file for the purpose of importing Steam friends without relying on their API, and nothing else. It shouldn't be doing this before I use the import feature, but the CEO said that the relatively frequent and premature scraping is a consequence of the feature's quick-and-dirty implementation, which they will soon rectify. Meanwhile, I (and a security expert I talked to) speculated that the list of running processes could be used for anti-cheat purposes, but Epic claims they actually use it for compatibility checking, and don't upload or share it with anyone. Naturally, all this controversy brought up the fact that the Tencent owns a 40% stake in Epic Games, and once again, they had to re-iterate that the Chinese media giant doesn't control the company, nor do they share any user data with them. None of this necessarily absolves Epic Games of any guilt, but I don't think they were caught "red handed" like some posts and news outlets would lead you to believe.

Tencent is a significant, but minority shareholder in Epic. I'm the controlling shareholder of Epic. I reckon that many of you here at /r/pcgaming don't much like me or my decisions, but the decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs... That info may be stored in the Steam file, however we never parse it, and it's never sent to Epic. The only information that's sent to Epic are hashes of Steam friend ids, and only if you explicitly choose to import your Steam friends. We're working to update the implementation so that the Epic Games launcher only touches the Steam file at all if you choose to import friends.
 
Last edited:
I would not be surprised to hear that Valve believes that the list of Steam Friends is their property, and only they have the right to benefit from it.
 
epic store should crash and burn, trying to steer PC gaming into a shity place, and some naive ppl won't see this untill it's too late.
do not give epic money, if you do, you will regret it later, Tim replied many times and his roadmap is clear and he won't change his mind, because he already believes himself as the messiah for developers.
funny how my opinion did a 180° since the first annoncement of epic store.
 
Just uninstalled it if Epic wants to win over me they have to share the rights with games on Steam and other launchers.
 
  • Like
Reactions: MBTP
like this
Doesn't Steam also do some hardware/software profiling? They use it for their user metric stuff.

Seems to be a lot about nothing and I don't have a dog in this race.
 
I would not be surprised to hear that Valve believes that the list of Steam Friends is their property, and only they have the right to benefit from it.
Who cares. Epic has no business diving into steam files, copying my friends list without permission and then spamming them to install Epic's spyware client.

Epic needs to stop trying to copy Valves homework or take "quick and dirty" shortcuts to relevance like bribing publishers to stop selling games on Steam, and have the dignity and confidence to create their own excellent digital marketplace. This is fucking pathetic.
 
so scan processes and steamfriends?

What's the scandal?

Well that's the whole point, there isn't really a scandal yet.

spamming them to install Epic's spyware client.

As far as I can tell, it doesn't do anything with the list until you actually click on the button that adds Steam friends, and I don't think it ever spams your friends.
 
Well that's the whole point, there isn't really a scandal yet.
They have no business datamining Steam files or anything else on my PC without permission. Pretty simple.

If they'd prompted "import your Steam friends?" or otherwise asked user permission that's one thing, but they're doing everything covertly.

My neighbor is cool with me borrowing things but I'd never walk into his house and start taking shit.
 
Last edited:
LOL people will bitch about anything. We get it everyone hates EPIC store and its steam or nothing. Got it. Lets move on. I think people need to get off the internet all at once since EPIC scanned their friends list lol.
 
Doesn't Steam also do some hardware/software profiling? They use it for their user metric stuff.

Seems to be a lot about nothing and I don't have a dog in this race.

The controversy seems to specifically be about doing it without permission. You can opt in or out of Steam's hardware surveys if you want. Epic's begins scanning the second you launch the program, before you log in or anything. Whether or not it's nefarious is yet to be proven, but scanning without permission is uncool regardless.

LOL people will bitch about anything. We get it everyone hates EPIC store and its steam or nothing. Got it. Move on.

I'm not here to defend Steam or hate on Epic, but you can't say that doing things that could look suspicious without telling anyone is a good idea.
 
They have no business datamining Steam files or anything else on my PC without permission. What's hard to understand?

You have nothing to worry about since I assume you don't have epic store on your computer right? lol
 
Epic's begins scanning the second you launch the program, before you log in or anything. Whether or not it's nefarious is yet to be proven, but scanning without permission is uncool regardless.

For what it's worth, Steam also fetches the list of running processes when it starts up, without any kind of prompt.

Annotation 2019-03-15 124443.jpg


It doesn't look for friends lists, as far as I can tell, but it doesn't really need that as the market leader.
 
For what it's worth, Steam also fetches the list of running processes when it starts up, without any kind of prompt.

View attachment 148320

It doesn't look for friends lists, as far as I can tell, but it doesn't really need that as the market leader.

That's fair. I didn't know that part. Again, I'm not here to accuse either side of nefarious activity. Just curious what companies are doing with my data.
 
LOL people will bitch about anything. We get it everyone hates EPIC store and its steam or nothing. Got it. Lets move on. I think people need to get off the internet all at once since EPIC scanned their friends list lol.

i dont think you read the post of what epic client is actually accused of doing. and tim sweeney is making excuses like crazy as we speak now saying that this is all just he product of a rapid launch and constant updates.
 
1. The fact this happens before the user initiates it, is not okay. I can understand pre-emptive coding stuff to give a good UX (User Experience), however in this case, I would argue privacy trumps convenience until the user gives explicit permission.
2. They have how much money? And can't afford a better way to do this than scraping locally? Bullshit. The Epic Launcher has been around for years, and they could have done a better job implementing this functionality _BEFORE_ they executed their new store strategy.
3. Don't need to ask permission if you can ask for forgiveness. Yet again, the Epic CEO saying one thing, and doing another. The other example is the same CEO bitching about Windows being a closed platform, wanting to release their games and stuff on all platforms, and ignoring Linux, which is a platform _THEIR ENTIRE ENGINE ALREADY OFFICIALLY SUPPORTS_. Thanks for the bait and switch Epic CEO fuckhead.

No money for you!
 
Yep! I am pretty sure if you have google account you are out there already. Thats probably like everyone.

I use Google Chrome - logged in - only for Alphabet related services. YouTube, YouTube TV, Gmail, etc. For everything else, I use the Firefox browser.

Only way I know to keep the Google cross-contamination in check without losing the benefits of using Google.
 
Doesn't Steam also do some hardware/software profiling? They use it for their user metric stuff.

Seems to be a lot about nothing and I don't have a dog in this race.

Steam asks you if you're willing to participate in the hardware survey before scanning your system hardware. If you decline then your hardware isn't scanned and your hardware information isn't sent to Valve.
 
Scanning the list of processes on start up would be necessary for Epic or Steam to prevent the program from running multiple instances, yes? I don't see the harm there. Scraping files from your competitors software seems not as cool though.
 
no epic client for me

Epic claims they actually use it for compatibility checking
fine so its not needed to run so you could put up and opt-in screen first right ?
 
Before he did, I briefly investigated some of those claims last night, and found that the client does, in fact, dive into Steam's userdata folder for all local Steam accounts as well as periodically generate a list of running processes. Notably, it started doing all this before I touched anything in the client's interface beyond logging into my Epic account. But I didn't find much beyond that, and Sweeny's Reddit responses seem to offer plausible explanations for the suspicious behavior. For example, he claims that Epic scrapes Steam's "localconfig.vdf" file for the purpose of importing Steam friends without relying on their API, and nothing else. It shouldn't be doing this before I use the import feature, but the CEO said that the relatively frequent and premature scraping is a consequence of the feature's quick-and-dirty implementation, which they will soon rectify. Meanwhile, I (and a security expert I talked to) speculated that the list of running processes could be used for anti-cheat purposes, but Epic claims they actually use it for compatibility checking, and don't upload or share it with anyone. Naturally, all this controversy brought up the fact that the Tencent owns a 40% stake in Epic Games, and once again, they had to re-iterate that the Chinese media giant doesn't control the company, nor do they share any user data with them. None of this necessarily absolves Epic Games of any guilt, but I don't think they were caught "red handed" like some posts and news outlets would lead you to believe.

From what I have read, which is referencing the reddit topic, it is doing more than just scrapping steam info.
One interesting thing I learned was the launcher was built using chromium, so that could explain a few things. "The majority of the launcher UI is implemented using web technology that is being rendered by Chromium (which is open source). The root certificate and cookie access mentioned above is a result of normal web browser start up."
 
  • Like
Reactions: MBTP
like this
For what it's worth, Steam also fetches the list of running processes when it starts up, without any kind of prompt.

View attachment 148320

It doesn't look for friends lists, as far as I can tell, but it doesn't really need that as the market leader.

It's not worth much since anti-cheat and VAC are a thing that you opt into as part of Steam's EULA, and you're missing the forest here with the Steam whataboutism. Epic continues to rack up a pattern of shady business practices in a short amount of time. Steam's been around for eons, yet have avoided scandals because they haven't engaged in any.

"But they're the market leader" -- right, as if they just got lucky and therefore their competition should be able to engage in whatever slimy tactics they want, without pushback.

Valve did the heavy lifting and trailblazing and took the initial risks, and they did it without resorting to slimy, customer-hostile or otherwise anticompetitive business tactics; they've never bribed publishers to stop selling their games on other stores.
 
Last edited:
i dont think you read the post of what epic client is actually accused of doing. and tim sweeney is making excuses like crazy as we speak now saying that this is all just he product of a rapid launch and constant updates.

yea I did. Its a fact EPIC Is the most hated store because it's usually coming from everyone who is love with steam. I don't give two shits about either.
 
Why is it that anyone that dislikes Epic's approach is labelled a Steam Lover and/or Epic hater? Is it not a legitimate point of view to see Epic's client scrape the Steam's Friends List file without permission as distasteful? I think it is. Folks that make excuses for that kind of behavior only invite more privacy eroding code. In addition, if Epic really wants to challenge Steam, then offer a better experience and put in the hard work to get there. Enticing new Epic users by saving them few keystrokes by scraping a Steam Friends List is weak sauce. It's like leeching off of another company's work.

I don't mind having more than one launcher. The competition is good. I use Origin and that's fine. But I never saw Origin take these kind of tactics. I'm glad I paid $10 more and bought Exodus from Steam before Epic paid off the developers. Something about Epic's brute force approach to finding their way onto the desktop space without building a better mouse trap to begin with turns me off.
 
Back
Top