Epic Games Store - 88% split goes to devs


Agree. I think a lot of people wouldn’t actually be so happy with the quality of the interface and service if that data were all blocked from the provider. Certainly there would be zero chance of Steam (or any store) providing useful purchase suggestions.

That said, virtually nobody actually enumerates what they actually capture and use it for in specific terms. They just give a blanket “we capture data about what you do and use it however we like but don’t share it seriously we promise” type line.


Well it would be pointless for Steam to offer me a Friends List and not save it. It kind of annoys me when categories get messed up. It’s not the same thing though. They didn’t take my Friends list.

The thing about Epic though is… they’re thinking more mobile right, going with the Fornite crowd. Almost every Social Media application wants to suck information from other applications. I always say no, but many of them ask multiple times a year, still.


Let me get the Epic apologists started: well Steam is a monopoly, and you can’t expect to take on a monopoly without stealing some information, right?


What ever. You want to live in your bubble, that’s on you. Me, I want competition. But that might just be because I am a red blooded American who believes in the free market.


We are all right here. We can have a reasonable discussion without calling each other names. I am not a mod just a fellow poster and I invite you to consider changing your post.

Privacy should be something we all care about imho regardless of whether we prefer Steam or Epic or whatever to buy games from.


The remark I made was based on a longer pattern than just this thread, but I took your advice to heart. Thanks.


For those that want competition I hope they rally this strongly for GOG and itch.io when needed. :-)


Serious question, is that GDPR compliant? This sounds like conversion tracking. Steam currently does not do sourced conversion tracking and one of the explanations I’ve heard is privacy (another is that it’s technically hard). I’ve thought about it and it’s actually kind of hard to track a sale from lead to conversion in a GDPR compliant way. (I am not a lawyer, and I am especially not an EU GDPR lawyer).


Precisely. itch.io is a little too indie for me, but I try to buy all my games on GOG. If we really want competition of the good kind, everyone should be buying from GOG as well.


Cheers! Thanks for the consideration.

Also @jsnell

My views were mis characterized that way, despite my best efforts. But the internet is a tough place to make a long form argument :)

I was being sincere when I said Steamspy was a customer privacy issue as well as a developer privacy issue.

Again thats just my perspective. Folks may disagree but I hope they will accept I am and was sincere.

Data theft and privacy really are a big deal to me. I hope to persuade you and others to join my position.


Put a trigger warning on that dance gif


So Epic is saying the intent is to import your Steam friends.

From what I have read, they could be using the Steam API which conforms to privacy standards but they are not seemingly. Epic is also accessing game time played, saved game data, and games list (which shouldn’t be needed to transfer a friends list) and perhaps other data points. The Epic Games client scans the Steam folders even before the user has logged into the Epic client.

Also the Epic client is still scraping data even if your Steam account is set to Private.

Scrape/Data collection frequency is about once per week.


Guys, I think steam is tracking who is on my steam friends list.


The also know whats on your wishlist!


Friends are on my wishlist. 😥


Here is the incomplete list they provide. (@jsnell posted the link above).

General Account DetailsPurchase HistoryShopping Cart HistoryLicensesAccount Phone NumberSubscriptionsPreferencesLanguage SettingsMobile Push Notification SettingsVideo DevicesVideo BookmarksVideo Encrypted Content LicensesExternal Funds UsedFamily SharingWorkshop Payment InfoFamily ViewRecent Help RequestsRecent Third Party Site LoginsRecent Login HistoryDeveloper SettingsSteam Hardware RegistrationsTournament RegistrationsSteam Box Beta RegistrationsComputer Names

Community & Profile

Your ProfileEdit Your ProfilePrivacy SettingsFriendsSteam GroupsComments & Discussion PostsComment NotificationsDiscussions Subscription & Usage DataProfiles You’ve ReportedCommunity, Chat, and Discussion BansCommunity Moderator MessagesMy Group AnnouncementsMy Group EventsMy Activity FeedFriends Activity FeedYour Game Server Accounts

Inventory & Items

Your InventoryInventory HistoryGift & Guest Pass HistoryTrading Cards & BadgesTrade Offers & Offer HistoryTrade HistoryCommunity Market Listings, Buy Orders, and History

Steamworks Game Data

All Games, Playtime, and Personal Game DataRecently PlayedAchievementsLeaderboard EntriesTurn NotificationsRecently Played WithActivity at Steam Licensed Sites

Uploaded Content

Steam CloudScreenshotsArtworkVideosWorkshop FilesMerchandiseCollectionsGuidesGreenlightMy Uploaded Content Votes


WishlistReviewed GamesYour Vote and Tags on ReviewsYour Reports on Game ReviewsCurators you FollowCurators you IgnoreMy Curator ReviewsCurator Connect Game OffersMy Curator Recommendation List and ItemsDiscovery QueueDiscovery Queue HistorySocial media linked accountsOther linked accountsLoot Drops and Giveaway ParticipationsGame User Tag VotesMy App ReportsEmail PreferencesOutgoing Email

Store & Community Events

Sale ParticipationMy Sale VotesSteam Award Nominations 2016Steam Award Nominations 2017Spring Cleaning Event 2018Community Events Followed or Ignored


Own BroadcastsBroadcast PreferencesViewed BroadcastsReported BroadcastsBroadcast RTMP Settings


Friend Chat Messages

Your call as to whether its cool that Steam tracks and can view your private messages to your friends for example.

They track a lot and this is just the out of game stuff for the Steam platform. Many games (including Valve’s) have far more telemetry about what you do in your games, even single player.

Again Steam is simply following the games industries now standard practice. I think that practice needs to change.

Even of you are cool with it all, its worth at least a look and see what they are recording about you.

This doesnt mean Steam is out to get you, or Epic or anyone. In the same way Facebook isnt out to get you. Just that once that data is stored, well, its only a matter of time before something bad happens isnt it? Even if they are great people that data will get stolen or hacked one day, that seems inevitable.

You dont have to subscribe to my “stop telemetry” position. But you should be aware of whats going on.


Ok, fair enough.

They’re a messaging platform. They need to store the messages in order to allow you to read them. Note that the retention period on messages appears to be fairly short. Probably a month or two weeks. I don’t understand what you find objectionable here.

Would it be possible for them to not store the messages for a couple of weeks? Sure, they could require both users to be on-line when the message is sent and have them be totally transient. Or they could do end-to-end encryption, but that ends up being either security theater or totally unusable for a normal user (has anyone reading this ever actually verified the e2e encryption status of a WhatsApp chat?). Both of these would make for a garbage user experience in a multi-device environment.

I think this is where our fundamental disagreement is. You appear to be opposed to absolutely all kinds of user data being stored. Doesn’t matter how beneficial it’s to the user, or how fundamental it’s to the service that the user is actually wanting to use. That seems counter-productive. “Our vision is for Gmail to delete all your emails before you read them, for Netflix to never remember where you left off watching Star Trek Discovery, and for Amazon to always challenge you with extra verifications when logging in since they can no longer do sign-in risk analysis.”. That sounds like a horrible deal!

There’s a sharp contrast to things like Facebook promising they were collecting phone numbers only for second factor authentication purposes, but then covertly using those numbers for building their social graph. Or silently hoovering up your SMS message history from the phone if you install the Facebook Android app, and keeping that history forever. It’s not somebody collecting data necessary for providing a service, and keeping that data around as long as is reasonably needed. It’s fooling people into giving away data they didn’t expect, and then using it for absolutely any purpose that the company feels like.

Equating these two categories just means that people will become fatigued and stop caring about the second one.


Just because they hold it, doesn’t mean the messages should be visible to steam. End to end encryption should be standard.


Apart from the fact that is bad that Epic Store or any other software shouldn’t collect information from your HDD that isn’t directly tied to that software, we also should ask the software developers to be more proactive in securing the data in the first place.
You cannot trust any other third party utility, hoping they all will be good guys. You never know if this text editor or that music program or this innocuous strategy game is going to do the same. And because you can never know, the data should be encrypted, unreadable to any third parties.


I addressed that in the previous post.