This week, certain corners of the gaming Internet have been abuzz with a bit of self-described "amateur analysis" suggesting some "pretty sketchy" spyware-like activity on the part of the Epic Game Store and its launcher software. Epic has now stepped in to defend itself from those accusations, while also admitting to an "outdated implementation" that can make unauthorized access to local Steam information.
The Reddit post "Epic Game Store, Spyware, Tracking, and You!" points to a wide-ranging set of implications based on some broad file and network traffic traffic observations when the Epic Game Store runs.
"Tencent is a significant but minority shareholder in Epic," co-founder and CEO Tim Sweeney wrote in response. to the conspiracy theory in one reddit thread. "I'm the controlling shareholder of Epic … The decisions that Epic makes is ultimately my decisions made here in North Carolina based on my beliefs as a game developer about what the game industry needs!"
Sweeney offered a similar defense of Epic's relationship with Tencent back in December, when similar problems first popped up. "Epic does not share user data with Tencent or any other company," he wrote at the time. "I do not share it, sell it, or broker access to it for advertising like so many other companies. I'm the founder and controlling shareholder of Epic and would never let this happen."
"Epic is controlled by Tim Sweeney, "Epic's VP of Engineering Daniel Vogel added in response to another recent thread. "We have many external shareholders, none of whom have access to customer data."
Vogel went on to provide explanations for some other suspicious-looking Epic Games Store app activity. A "tracking.js" file, for example, is used to track the revenue-sharing statistics for the Epic's Support-a-Creator program, he wrote. Vogel also pointed to the open source code behind the features, such as the anonymized hardware survey, the Unreal Editor, and the Chromium-based launcher UI, which he said was the cause of most of what the original post identified as "sketchy" app activity.
Vogel does admit, though, that "the launcher makes a local copy of your localconfig.vdf Steam file" automatically and without explicit user permission. However, he writes that the hashed file is only sent to Epic if you decide to import your Steam friends to the Epic Game Store in order to find potential matches with others who have opted in.
Still, Sweeney acknowledged that Epic making local access to Steam files without direct permission could justifiably rub some users the wrong way. "You guys are right that we should only access the localconfig.vdf file after the user chooses to import Steam friends," he wrote on Reddit. "The current implementation is a remnant left over from our rush to implement social features in the early days of Fortnite . It's actually my fault for pushing the launcher team to support it super quickly and then identifying what we had to Change it. Since this issue came to the forefront we're going to fix it. "
" This kind of independent analysis of what data software accesses … is a healthy trend, and I'd love to see it done more widely, "Sweeney wrote in another comment. "In analyzing the results, it's important to distinguish the normal from the abnormal … and separate technical analysis from the inflammatory rhetoric, such as the insane claim that we are a bunch of Chinese spies."