That's why we're talking about "black box reverse engineering." This means that you completely reimplement the functions from scratch. In this case, though, you wouldn't even have to fully implement, just drop a return code that didn't result in a crash. These apps usually don't break when there's no internet connection, so you need to find out what return code is "error" for a given function.

This method also comes with the benefit of being entirely legal to distribute, too.

On the first point, my understanding of the GDPR is that a company can refuse to provide a service if you don't consent. In that circumstance, it would be grounds for a refund of the product or service (assuming that you haven't previously given consent and enjoyed the service - or game). I think the best bet would be to argue the ambiguity of the consent (i.e. if it's in the EULA, it's not clearly separated from the other line items, so how do you know the consent is specific). The other joys of the GDPR is that it's "General" in the European sense of the word - i.e. the rules are harmonised but implemented and enforced very differently in the EU27 + the UK (it never ceases to amaze me how that happens).

On the second point, I've been thinking about that, and I suspect that argument could be relied upon by the games companies. I know that Germany operates a lower bar around what personal data is than other countries - it would be interesting to see what happened if this ever did come to court. Not that I'm going to do a court case myself as I'm really not that worried about it (and I don't let my GoG games through the firewall anyway).

If they were, I doubt Win10 could be legally used in any business processing personal data (and those are most). Not unless MS reliably and reproducibly lays open what data their telemetry transmits, and how it's not possible to link any of it to actual people.

Sadly "the power of fact" is that everyone is dependent on MS' products and services. It just won't happen, because TINA.

And how would you set up a standard for ensuring people are informed? The problem is, we need a system that goes both ways. But, here we are, expected to read several pages of text and understand our roles, and all this post-purchase of a license to a product. This really isn't any different from the usual BS that comes with medical treatment where, at least in the US, you never know what you're paying until after the procedure is finisehd. It's rare that you can even give estimates, because they just won't tell you, and that's partially because the doctors don't know. You'd think that'd be someone's job to help you consider your options, especially if you don't have insurance, but no. I distinctly remember a lot of criticism against a certain US president for trying to fix that system, though. Let's be clear: the money makers are in charge and they know you'll pay anything as long as you don't know hte price and have to pay it off later. Or comply with something you don't agree with... etc... Oh, but we so diligently sign them anyway.

EDIT: Relevant

USA law seems to be very different, personal data there can be a commercial product like any other kind of data. That’s why a regulation like GDPR would make no sense in the USA.

But in Europe personal data is not regular data. It can not be negotiated in a commercial contract, including EULA. Anything asking you to share personal data for commercial reasons is now downright illegal.

Personal data collection from European citizens based on some post-purchase EULA agreement is not allowed.

This is a really good thread. Is there a list anywhere of Unity games that use telemetry (without giving the user an opt-in)? The impression I have is that Unity has a telemetry module, but developers can disable it or choose not to use it. So, it doesn't seem reasonable to simply assume that all Unity games are using telemetry.

Garrys mod changed it's terms a while back to force extra spyware into it's game. Someone tried justifying it by saying valve was already doing it to an extent.

i bet most of them have hidden telemetry

Everything in the US is fucked up. Better to not think too much about it, and treat it as the madhouse it is.

On GDPR, it's definitely a move in the right direction. But what it doesn't cover, is the analysis of the personal data, which is the more important part. Yeah, it's nice that I can tell company X to delete the data about me, but when that data already is let loose on 1000 servers and analysis tools, it's kinda too late, and you can't take back all that stuff. Well, you could (nobody believes it's anonymous anyway), but GDPR doesn't cover it.

I have no source at hand, but I kind of remember it being the other way around: the basic Unity3D contracts do not allow the developers to disable telemetry in the game builds they sell.

Thank you for sharing that information.