Let's start of with this,
I think the Epic Games Store client is shit, it is slow, it lacks many many many features compared to it's competitors, and the exclusivity deals do feel like a kick in the balls.
However there is a disproportionate amount of claims being spread that the Epic Games Store client is outright spyware, this is complete nonsense. My post is a technical analysis of the Epic Games Store client and claims made by other people, I don't like narratives being led by untrue shit so here goes.
----------------------------------------------------
Edit: since this is a lot bigger then I initially thought it'd be - below I've elaborated on my findings to the best of my ability, I'm not claiming it is a perfect analysis and some things I might describe poorly, however I will say I am much more qualified then the original reddit poster on this sort of stuff. At the end of the day he was a self described amateur yet nobody seemed to have much doubt in him.
With that out of the way;
I definitely suggest that other people analyze what data is being sent for themselves, the more people that are able to corroborate or even contradict my findings the better, people shouldn't just be relying on what one person says.
You can download Fiddler here:
Fiddler
I'd also recommend checking out what your other game launchers are sending, you may be surprised.
Below is my original post untouched, I apologise for poor wordings or explanations but I want to leave my original findings untouched so people can contradict them and there's no misconceptions that I'm changing my answers afterwards.
---------------------------------------------------------------
The /r/PhoenixPoint Reddit Post
Let's start with
this specific Reddit post, it is linked to in just about every thread regarding Epic however; the guy who writes it self describes himself as an amateur, and rightly so almost everything in his post is him failing to understand how software works. (List is reworded from lotaSherbet with a few more points from me on how this is how Fiddler and DLLs work)
EGS likes to enumerate running processes on your computer
This isn't EGS enumerating processes, this is literally how tools like Procmon and Fiddler work, they have injected themselves into the running process.
why is it trying to access DLLs in the directories of some of my applications?
This is how shared libraries work on Windows, and once again in this example he is showing Fiddler which is something he has injected into EGS, nothing here.
it really likes reading about your root certificates Like, a lot
It is a launcher based around a web browser, this is how HTTPS works, of course it has to check your available certificate authorities -
every other Electron application including Discord and Steam do this.
if there are any non-amateur people out there who would be able to explain why
it's poking at keys that are
apparently associated with internet explorer, I'd appreciate it.
It seems to like my IE cookies, too.
Once again, it is a launcher based around essentially being an internet browser, any application that does that reads these registry values, because it's how internet browsing works.
In my totally
professional opinion, the EGS client appears to have a severe mental disorder, as
it loves talking to itself.
A demonstration of him showing how little he knows about what he's saying, this is literally how software works by communicating with itself on private TCP ports and pipes, especially modern web applications. This one might even be Fiddler's internal proxy server.
I'm sure that this
hardware survey information it's apparently storing in the registry won't be used for anything nefarious or identifiable at all.
What is being stored in the registry is simply a flag stating if you've taken the hardware survey test, which he didn't even bother looking into. Automated hardware surveys are also a thing in basically every other launcher and software suite such as Origin, Uplay, Adobe, Autodesk, Windows, etc... it is useful anonymous information that helps developers better understand their target hardware.
The big concern that everyone has is tracking, right? Well, Epic does that in SPADES. Look at all those requests. Look at the delicious "tracking.js". Mmm, I'm sure Xi Jinping is going to love it. Here's a copy of that script, I couldn't make heads or tails of it, but I'm also unfamiliar with JS. It looks less readable than PERL, though.
He has discovered what analytics and minified javascript is, the script is a minified Javascript analytics tracker - every single website you go on, including Steam has this, everywhere. This is nothing new, nothing dodgy, they just want to know how many users are viewing product pages and their retention etc..
The localconfig.vdf
The only worrying part of the Reddit Post is the localconfig.vdf file the launcher copies, however there is again a huge amount of misinformation with this too. There are huge concerns over the sheer amount of information the file contains, just to name a few things:
* Steam accounts you've logged in to on this PC
* Your entire friends list
* Your steam groups
* Your games and settings for those games
There is a lot more in the file, all unencrypted (the file includes login tokens also which means the file REALLY should be encrypted). And whilst the file does contain huge amounts of information, there is no evidence that Epic Games Store client uses anything other then the bare minimum in their import friends feature.
A look at what is actually collected
I decided to open Fiddler and see exactly what data was being collected and sent to Epic and to no surprise it's exactly what they say is collected.
https://files.facepunch.com/forum/upload/828/db90021b-28fc-4816-a0d9-bc1bb54fc731/image.png