Valve calls out Epic Games for ripping information from users, Steam

By Rebekah Drake


Mar 24, 2019

Reading time: 2 min

The Epic Games storefront client has recently been revealed to be using client data taken from rival digital storefront Steam.
The data file pulled from Steam is then sent to Epic Games, much to the displeasure of Steam developer Valve, who have clearly stated the files are not to be used by third-party companies.

The discovery gained attention when a detailed post accused Epic Games of accessing DLL files, which are the types of files used by Windows to store program data and code, along with a type of encryption file called a root certificate. Both of these types of files, the accusations claimed, were being accessed by the Epic Games launcher without the user’s permission. The data was then allegedly being sent directly to Epic Games.

As the claim became popular due to its controversial nature, more people began sharing similar claims that Epic Games’ software had been logged accessing Steam content files, or other files within the Windows Registry. Eventually, the thread garnered enough attention that Epic Games had no choice but to respond and to admit that certain files were being accessed and replicated without user permission.

In a post by Daniel Vogul, Epic’s vice president of engineering, it was said that the data is collected in line with the company’s privacy policy in order to optimise performance and provide data for Epic’s Support-a-Creator program. Information about computer hardware, software, and visited web pages is collected, all of which is outlined in the existing privacy policy. It was also claimed that any access to root certificates is due normal web page startup routines.

Vogul then explained the access to files created by Steam, stating that the file titled localconfig.vdf was copied by the Epic Launcher but only accessed once users gave explicit permission to import their friends lists. At this point, the hashtagged friend identifiers would be sent to Epic Games.

Valve then responded to the controversy, stating that information such as game lists, friend lists, and log-in tokens are private when stored on users’ home machines and should not be accessed by third-party services. Valve have also confirmed that it is further looking into Epic’s data handling practices to see if any other information is being taken from the Steam client.