This week, some corners of the Internet game have been abuzz with a bit of self-described "amateur analysis" that suggests some "pretty sketchy" activities like Epic Game Store spyware and its software startup. Epic has now stepped in to defend itself against these allegations, while also admitting an "obsolete implementation" that can make unauthorized access to local Steam information.
The post Reddit "Epic Game Store, Spyware, Tracking and You!" indicates a broad set of implications based on some extensive observations on file traffic and network access when Epic Game Store is running. But much of the post focuses on Epic's association with Chinese gaming giant Tencent, which holds a stake in the company.
"Tencent is a significant but minority shareholder in Epic," co-founder and CEO Tim Sweeney wrote in a Reddit thread in a conspiracy theory. "I am the controlling shareholder of Epic … The decisions taken by Epic are ultimately my decisions, made here in North Carolina on the basis of my convictions as a game developer on what the industry of game needs! "
Sweeney offered a similar defense of Epic's relationship with Tencent in December, when similar concerns emerged. "Epic does not share user data with Tencent or any other company," he wrote at the time. "We do not share, sell or mediate access to it for advertising as do many other companies. I am the founder and controlling shareholder of Epic and I would never allow that to happen."
"Epic is controlled by Tim Sweeney," Epic's vice president of Energy, Daniel Vogel, added in response to another recent thread. "We have many external shareholders, none of whom have access to customer data."
Vogel has continued to offer explanations for some other activity in the Epic Games Store app from the suspect aspect. An "tracking.js" file, for example, is used to track revenue sharing statistics for Epic's Support-a-Creator program, he wrote. Vogel also pointed to the open source code behind functions such as the anonymized hardware survey, the Unreal Editor and the Chromium-based boot user interface, which he says causes most of what the original post identifies as an "inaccurate" app activity.
Vogel admits, however, that "the launcher performs an encrypted local copy of the localconfig.vdf Steam file" automatically and without explicit permission from the user. However, he writes, the hash file is sent to Epic only if you choose to import your Steam friends into the Epic Game Store to find potential matches with others who have opted for entry.
Sweeney acknowledged that Epic makes local Steam access to files without direct authorization could rightly challenge some users the wrong way. "You guys are right that we should only access the localconfig.vdf file after the user has chosen to import Steam's friends," he wrote to Reddit. "The current implementation is a residue of our haste to implement social features in the early days of Fortnite . It is actually my fault for pushing the startup team to support it super fast and then to identify that we had to change the subject, since this problem came to the fore, we solve it. "
" This type of independent analysis of what data access the software … is a healthy trend and I'd like to see it done more widely ", wrote Sweeney in another comment. "In analyzing the results, it is important to distinguish the normal from the abnormal … and to separate the technical analysis from the rhetoric of inflammation, like the insane claim that we are a group of Chinese spies. "