Epic Games admits obtaining data in a questionable way from Steam, generating a great controversy
Table of Contents
Great controversy generated after it was discovered that the launcher of the Epic Games Store obtains data from Steam in a way, at least, incorrectly.
US-based video game development studio Epic Games has gained popularity thanks to Fortnite. The popularity of the game seems to have its days numbered before the arrival of the Apex Legends game. But the company's plans go further, as reflected in the creation of its own store, the Epic Games Store. This one that is now in the eye of the hurricane for supposedly having spyware inside its launcher. And is that according to some users the application would be stealing user data.
Reddit as the starting point of the controversy around Epic Games
Several users on Reddit have opened threads about Epic improperly obtaining Steam data. Users are reporting that the app requests information from our Steam friends. Something normal up to this point that some social networks also do. The problem is that not only our friends on the Valve platform would be collected, but also more data. According to the information, data would be obtained from our friends' libraries and what is the last game they played.
A controversy to which Madjoki, one of the most important members of the Metacouncil forum. He has confirmed that everything public is true and that the Epic launcher is getting the files from the Steam Cloud. Apparently what it does is get the file 'localconfig.vdf' and all the data stored in it. But it is also that a duplicate and encrypted copy is created inside the Epic folder with the name 'RANDOM HEX CODE_STEAM ACOUNT ID.bak'
This file stores the data of our friends on Steam, the story with their name, the groups to which they belong and a large amount of internal data. To see what was happening Madjoki used the Microsoft Process Monitor, which exposes everything that happens. You can see all the information obtained by the Epic Games store in real time.
Sweeney acknowledges that this is a complete mistake.
Tim Sweeney is the founder of Epic Games and has acknowledged his share of the blame. It is not usually normal for the founders of a company to be the ones to come forward and acknowledge guilt. Sweeney agrees with users and says that they should only access the 'localconfig.vdf' file when users want to import their contacts into Steam. The problem is due, according to Sweeney, to the rush to develop and implement Fortnite's social features.
He assures that the current configuration of the launcher is his fault, since he was the one who pushed the developers to do it this way so that it was done in the shortest possible time. Although it also highlights that they do not use the Steam API to minimize the amount of third-party data for security and privacy. Also stressing that they are working on correcting it.
What does Valve say about this mess?
Logically there is a third party that is Valve, since the data of its users are being accessed on Steam. The company highlights that the file 'localconfig.vdf' has not been created for third parties to access the file. The company created it as a kind of Cookie for the video game platform. Something that suggests that Epic Games is exceeding its way of acting.
What problems can you report to Epic Games?
Facebook is perhaps the closest and clearest case. The social network is facing lawsuits for selling user data and allowing access to third-party data fraudulently. Cambridge Analytica accessed the users' network of contacts obtaining different information, something that is not legal.
The thing is that although the user is informed, private information from third parties cannot be obtained through our consent. We could allow Epic Games to see who we have on our network and easily find them in the store. The situation becomes illegal when third-party data is accessed, such as a game library, the last game they have played, and to know what data else. And even if it were only to our data, it would also be illegal, since we have not given permission.
But it is a growing problem on the part of companies that systematically skip any legality as it suits them. The case of Epic Games is one more example of a practice that has existed for years. We will see how this story ends.
