It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
avatar
cryware: After checking the list, seems most of the offenders are Unity games.
"According to unity's privacy policy, it "phones home" on 1st launch. Unsure if you can disable it, aside from blacklisting the game in firewall"

And searching into the forum, I found this post,
https://www.gog.com/forum/general/unity_engine_telemetry_killer/post1

Seems there is a possible solution replacing DLLs

Also, wikipedia provides a list of unity games:
https://en.wikipedia.org/wiki/List_of_Unity_games

If anyone could test and let us know would be greatly appreciated!
It seems to work but at the time I made that post, was having trouble with some game (I believe it was GRIS or Cities Skylines) so, I added the game executable to the Windows Firewall black list, both inbound and outbound just to be sure and checked Windows Resource Monitor (Performance tab of Task Manager) for any network spike, since they were gone I just played the game.
Since then, just started to use the Firewall for those kind of tasks. How efective it is I don't really know but most of the times I just play offline anyway.

Regarding Unity games list, want to add that the Pc Gaming Wiki is far more complete than the Wikipedia. Actually, it's pretty much a ritual to check PCGW website while installing a game. That way I'd be informed to any thing game related, including wich engine it uses and if it's updated.

www.pcgamingwiki.com/wiki/Engine:Unity
This website should be in any "Gamer's" toolbox

Edit: Can't fix the link... It seems GOG now auto-link any complete adress. Nice, if it eventually works.
Bold works though
Post edited June 01, 2021 by Dark_art_
Thanks for sharing Dark_art_
low rated
avatar
Dark_art_: It seems to work but at the time I made that post, was having trouble with some game (I believe it was GRIS or Cities Skylines) so, I added the game executable to the Windows Firewall black list, both inbound and outbound just to be sure and checked Windows Resource Monitor (Performance tab of Task Manager) for any network spike, since they were gone I just played the game.
Since then, just started to use the Firewall for those kind of tasks. How efective it is I don't really know but most of the times I just play offline anyway.

Regarding Unity games list, want to add that the Pc Gaming Wiki is far more complete than the Wikipedia. Actually, it's pretty much a ritual to check PCGW website while installing a game. That way I'd be informed to any thing game related, including wich engine it uses and if it's updated.

www.pcgamingwiki.com/wiki/Engine:Unity
This website should be in any "Gamer's" toolbox

Edit: Can't fix the link... It seems GOG now auto-link any complete adress. Nice, if it eventually works.
Bold works though
I've made redirectors and used tinyurl, 'cause GOG has problems with valid URL characters.

I'm still curious about poking in a good solution by hijacking/patching things like UnityPlayer.dll. Functions that let you manually import a function from another program (dlopen, for example) could be used to hijack and override functions. We just always implement the symbols in the symbol table and have it call all the functions except in situations where it calls telemetry functions, right? Or, you could hijack whatever DLL they use to get sockets (by changing the name of the DLL by 1 letter).
avatar
kohlrak: I wonder if anyone thought about "black box reverse engineering" some of the DLLs and replacing them to get rid of the telemetry.
I had some thoughts about it, but as mentioned above - it would be a whack-a-mole. Say, for galaxy.dll, we had at least 3 updates thus far that required people to redownload their games solely due to internal changes of this library. So you have to patch it once, then again, then again. And keep backwards compatibility for those who live on the countryside and cant afford downloading new installers due to low speed/pricey connection.
And thats just one library that doesnt update too much. For game engines, you must verify every single patch to ensure things still work as intended.
Thus we are stuck with either making per-app firewall rules or adding whole telemetry domains to hosts.

Actually, Im genuinely interested if game engine with built-in telemetry (that doesnt have any way to opt-out for both developer and those who play the games) violates GDPR. Like... shouldnt there be some clear indication that "yeah, we collect stuff. Accept it or refund the game" on game's startup?
Post edited July 11, 2021 by Gekko_Dekko
avatar
Gekko_Dekko: Actually, Im genuinely interested if game engine with built-in telemetry (that doesnt have any way to opt-out for both developer and those who play the games) violates GDPR. Like... shouldnt there be some clear indication that "yeah, we collect stuff. Accept it or refund the game" on game's startup?
Th other problem is when the game has been around for a while and the developers just decide to add spyware because they can after people have invested themselves in the game and it isn't limited to video games either.
low rated
Hope we will reach 100% telemetry soon and algorithms will find the bad people, and we can punish them.
Clearly, only bad people are against this.
avatar
Gekko_Dekko: Actually, Im genuinely interested if game engine with built-in telemetry (that doesnt have any way to opt-out for both developer and those who play the games) violates GDPR. Like... shouldnt there be some clear indication that "yeah, we collect stuff. Accept it or refund the game" on game's startup?
It would be in the EULA if needed. You need to actively accept the EULA to install and run the game, so that would likely cover it off from a legal standpoint. Of course, whether the EULAs have been updated is an open question as nobody reads them.
avatar
pds41: You need to actively accept the EULA to install and run the game, so that would likely cover it off from a legal standpoint.
From what I understand (but I am not a lawyer), most EULA are downright illegal and would be worth nothing in court. Privacy laws can not be bypassed with a mere commercial contract.
avatar
pds41: You need to actively accept the EULA to install and run the game, so that would likely cover it off from a legal standpoint.
avatar
vv221: From what I understand (but I am not a lawyer), most EULA are downright illegal and would be worth nothing in court. Privacy laws can not be bypassed with a mere commercial contract.
Yeah, some could, but if an EULA states what it does personally when you accept, they say that it was stated in the contract and you gave permission. Also in many EULA's they state that if it destroys or somehow messes your device, they are not responsible. So, EULA's are proof to the court that you gave and understood the risks and things that were happening when you use and accepted the EULA contract. However, there could be a slim chance of winning against a EULA if it violates something, but many probably do not care.
User Agreements
avatar
BookCrazy: Yeah, some could, but if an EULA states what it does personally when you accept, they say that it was stated in the contract and you gave permission.
At least in Europe EULA are only applicable if you had a chance to see them before paying any money. Everything that pops up after that is not part of the contract, whether you "accept" or not.
avatar
Gekko_Dekko: Actually, Im genuinely interested if game engine with built-in telemetry (that doesnt have any way to opt-out for both developer and those who play the games) violates GDPR. Like... shouldnt there be some clear indication that "yeah, we collect stuff. Accept it or refund the game" on game's startup?
avatar
pds41: It would be in the EULA if needed. You need to actively accept the EULA to install and run the game, so that would likely cover it off from a legal standpoint. Of course, whether the EULAs have been updated is an open question as nobody reads them.
when did you last time see some EULA while installing some game from gog or steam, aside from storefront's agreement? Sometimes games indeed include these. Most of the time (when we talk indies, which are like majority of market) - they dont. Or else its hidden somewhere on developer's site, which you need to google and open manually to read.
And most of the time, game's own EULA only include statements about stuff, developers added by their own. I've seen quite a few EULAs, saying "we are using unity's analytics in our product" - but thats for the very reason I've just described - coz devs decided to add it ON TOP of what engine uses out of box. Im yet to see some game's EULA, covering data collection by game engine itself.

Say, lets talk about unity again. Their site indeed has license agreement where they say that you must agree to their terms when you play games made with their engine. But you dont actually get to agree to this, unless you open their site manually and find this section - there is no pop up with terms and conditions on game's first boot. Sometimes its not even clear that game is made with unity, unless you manually check game's file structure (and obviously its not clear before purchase - I cant count amount of times, I've had to ask game devs, which engine they are using)
Post edited July 12, 2021 by Gekko_Dekko
avatar
BookCrazy: Yeah, some could, but if an EULA states what it does personally when you accept, they say that it was stated in the contract and you gave permission.
avatar
toxicTom: At least in Europe EULA are only applicable if you had a chance to see them before paying any money. Everything that pops up after that is not part of the contract, whether you "accept" or not.
Oh, okay. I did not know that. Thank you for the information! :)
avatar
BookCrazy: Yeah, some could, but if an EULA states what it does personally when you accept, they say that it was stated in the contract and you gave permission.
avatar
toxicTom: At least in Europe EULA are only applicable if you had a chance to see them before paying any money. Everything that pops up after that is not part of the contract, whether you "accept" or not.
True, but remember that giving consent under GDPR doesn't have to be under a valid contract - you just need to have an indication that the consumer has given consent. So, if you have to tick the box in the offline installer that says "I've read and accepted the EULA", that would probably be consent to process data under the GDPR. The only argument you could make would be that the EULA wasn't clear enough (which might get you there if anybody could be bothered to take anyone to court over this).


avatar
Gekko_Dekko: when did you last time see some EULA while installing some game from gog or steam, aside from storefront's agreement?
The last time I installed a GoG game. When you run the installer, there's a box that comes up at the bottom after you've selected language that says "Yes, I have read and accept EULA". Clicking EULA took me to the EULA for the game (I just tested it on the installer, obviously when I installed it the first time, I didn't bother because nobody does). Steam or Galaxy, Christ knows, but I assume it comes up when you click download, or run first time. Could be mistaken of course.
avatar
pds41: True, but remember that giving consent under GDPR doesn't have to be under a valid contract - you just need to have an indication that the consumer has given consent. So, if you have to tick the box in the offline installer that says "I've read and accepted the EULA", that would probably be consent to process data under the GDPR. The only argument you could make would be that the EULA wasn't clear enough (which might get you there if anybody could be bothered to take anyone to court over this).
Doubtful. What if you don't consent?

But... telemetry data is not necessarily a subject to the GDPR. The GDPR is concerned with privacy - the handling of personal information. That means, it concerns data that is traceable to an individual. As long as telemetry only collects general information (hardware, drivers, crashes, performance) and omits anything that could be traced back to an individual (login name, IP address) it might not be subject to GDPR. Might, because in the end it would be have been for a court to decide. And if an IP address is a personal datum is still discussed. In Germany they lean to a "yes", because an IP address can easily be connected to other information (are you logged into a forum/account with the same IP? Bingo!).

But yeah, somebody should maybe take all this telemetry to court. Because if some of it is considered "personal data" it's not only about consent. The companies would be obligated to document how they process this data, they'd need to appoint someone in charge as contact for users and overseer, they'd have to make sure users can a) get a copy of all data stored about them and b) demand deletion of that data.