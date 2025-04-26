  • Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Ubisoft accused of stealing user data

https://noyb.eu/en/play-alone-ubisoft-still-watching-you

https://noyb.eu/sites/default/files/2025-04/Ubisoft_complaint_EN_redacted.pdf

https://gdpr-info.eu/art-6-gdpr

TL;DR

Ubisoft single player games were caught pulling a crapload of data from machines and uploading it to 3'rd party servers with no user opt out options.
When asked what the data was Ubisoft didn't provide any clear answers and instead gave excuses about how they are allowed to because it was in the EULA
The privacy group NOYB, claims the game is violating GDPR section 6, they are unable to verify what data is being taken because it is heavily encrypted.
They have shown that the Steam version of the game contains a switch to play entirely offline with no login and no changes in gameplay, which means any of the data that is being collected is not necessary for gameplay, if true that would violate GDPR as there was no means of opting out of sending the data.

If their complaint moves forward to a conclusion against Ubisoft they would be required to delete all the data and pay a fine estimated to be around 92 Million Euros.
 
Of course, Ubi is going to try to hide behind a EULA. More reasons why modern days EULAs should be made illegal.

And does that "switch" extend to Ubi Connect behavior? Something tells me once a game is launched from that, Steam rules don't apply (by Ubi's logic).

#launchception
 
For those curious about game telemetry analysis there's a German site (GameIndustry.eu) that for years has analyzed where game analytics gets sent, organized in a database. When I first encountered the site each game analysis was accompanied by an article IIRC but it seems now they also have simpler pages with just the network requests pe se in a format reminiscent of SteamDB or such.

Tbh I avoid all this by just firewall blocking all singleplayer games before I play them.
 
Practically every EULA is illegal in some way, shape or form but nothing can be done until someone takes the time, effort and money to take the company to court over the EULA. When found illegal all it does is void the specific EULA or parts of that EULA and does nothing about any of the other ones out there. The problem is there are too many EULAs, litigating them costs way too much and even if someone has the funds to do so won't bother because the amount of damages is so small. That EULAs have such broad and illegal terms is because companies know the chance of being taken to court over a EULA is so small and any damages they might have to pay will be small compared to what they gain.
 
and this is the sad truth. the pirate is getting the better experience. no EULA BS, no accounts to sign up for that harvest personal information, no restrictive/performance reducing DRM and most of all....you don't get to waste your money on an overhyped game that was crap.

i'm still angry about homeworld 3. and diablo 3 for that matter. last game i pre-ordered.
 
While not a preorder it was my last day 1 purchase was Master of Orion 3. Not because of any DRM, eula or other nonsense the game was just ass compared to the previous.

Now when I get games they most definitely are not day 1, in fact I usually wait for them to hit sales because I dont have to play right now, and I let a series patches to fix problems, see plenty of reviews or let's play videos and I know what I'm getting
 
For the most part I have learned this lesson. HW3 got the best of me, I'm a big fan of the old games.
 
"Delete all the data"

These requests are so stupid..
How do they verify said data was deleted, from everywhere..
How do they get the company to go and pull back all data created from said stolen data, used in other data sets, reports et cetera..

They don't and can't..
 
I recall in the U.S at least, wasnt it years back it was found a EULA is not binding because they can often only be viewed after the fact of purchasing a product? I guess now with most content being digital, the EULA can be presented before said game is purchased..
 
