jamyskis had a good point about this - if someone were to break into GOG to get this info, then they also probably got the orders and even your account info while they were at it. They'd have to hack GOG's servers already to get it, so why would they only be able to get the IP instead of the order numbers too while they hacked GOG - or even better they'd just hack the accounts and see what games you bought that way?

But then just to send "game related phishing" seems like a poor excuse to do so especially since GOG does not store CC info - what hackers are really after (see massive MasterCard/Visa hack that just happened today).

That said, yes it would be good for GOG, given its own policies (and EU law), to mention in this thread and somewhere in the FAQ what they're sharing and with whom and why and what they store. But as far as I can tell, they're not actually sharing personally identifying information - as in information that can be linked without hacking and which would be available anyway if the company were hacked and its passcodes to decrypt its data were taken too.

Nope, you need to actually read the privacy policy. Direct financial information isn't even stored on GOG servers, but information relating to the transactions is, and they give it to google. Besides, we're not talking about people "breaking into gog", we're talking about them simply giving our information away without telling us about it, and specifically denying that any information is passed to 3rd parties, which turns out not to be the case.

I'm not freaking out, and it's not a massive issue to me, but there I do believe GOG has some explaining to do.

You misunderstand what I'm saying. Someone would have to break into GOG for that info to become personally identifying. They have your account on GOG's servers - so a person can see the games you bought (just the "My Games" list) and you location is (at least what you say it is) from breaking into GOG. That information though is encrypted, but regardless I'm saying someone would have to break into GOG for the info they hand out to become personally identifying.

So yes they hand out transaction information to third parties, but not info that can actually be linked to anybody on GOG. I agree however, that it is a fine line and that it would be better if GOG did this in-house or was able to use Google Analytics without any kind of unique number associated with a transaction - that would pretty much remove any doubt anyone had about privacy.

So yes, I agree it would good for GOG and us to come and clear some stuff up - and so I think we agree on the salient point of this discussion. So right now we're debating exactly how much of a non-issue this is. You think it's not a big deal, but should be addressed, and I think it's just barely a little one, but should be addressed anyway. :P

Well, I don't like it. Don't see why GOG can't do their own statistics themselves (if that's why they use google). Maybe google pays them for it, or it's somehow cheaper for them doing it that way, who knows (surely it's about money though, as usual). True that the details are not too personal and probably "everyone's doing it," but since when did that line make it okay anyways? Though I'm not personally concerned that google or anyone will get that much truly personal info from what GOG is sending out, we would be wise to let them know we (at least I) don't like it. ...Just so they or any other company, won't decide to send out even more information for profit. We don't really want to sit on our rears and keep letting companies do more and more such actions, eventually it could get out of hand, but then, it may be too late to say we don't like it, and be heard. Of course it may not, but, it never hurts to be catious.

What GOG is doing is not serving their customers here, so I don't know why anybody need defend them. My guess is they are just trying to save some dimes at the expense of a little bit of our privacy. Is that okay? My question is, what would be next, what else may they do to save a few more coins? And when is it finally not okay? Go ahead, charge us a few cents more a game if that's what it takes to better respect customers privacy. It's worth it. It's stuff like this that make loyal customers, not so loyal anymore.

That is a bit of an assumption - how can you (or anyone else here) be sure that GOG isn't offering database access to other companies?

As to the "personal-ness" of the order ID, it is the one item of data that can be linked to an individual and hence subject to EU data protection legislation. From a human perspective though, clearly it is the details that matter more (items purchased, money spent) and having this data sent to Google (or any third party) without user consent is what I would consider unacceptable.
If it was anyone other than Google receiving the information, you would have a point.

However Google have a number of ways of linking the purchase information GOG (and other shopping sites) send them with the other data they collect. How much data they have will vary depending on what services each person uses (GMail users probably have the most reason to worry since it is almost certain that their account - or some of the emails sent/received - will show who they are) . However even those who forswear Google will very likely still have some data collected on them (a list of sites visited that used GA or Google/Doubleclick advertising).

Now if it is possible to identify an individual solely from their search history (which Google also keeps) then it shouldn't be beyond the bounds of reason for other people to be picked up via web traffic data. That needn't involve GOG or Google directly, just one other GA-using website that creates a specific page (with a unique URL) for each individual. Now how many posters here have such a page with a social-networking website?

i actually believe you.

i sincerely hope that you put as much effort and time into complaining to your government about its surveillance practices as you display here, considering your own country has been rated an "endemic surveillance society" close to China's level of privacy violations...

get real. this whole thread is a travesty of a privacy concern. if this were actually a legit concern people wouldn't dismiss it so easily.

i don't see a thread complaining about a video camera on every friggin' street corner in urban England, but one about a digital games shop supposedly letting Google know what games have been bought from what country?!? yes, that sure sounds like the real concern we should all be up in arms about...

it's not, but apparently that doesn't stop people from going nuts over it.


damn, if this concerns you i truly hope you're staying far away from any account-based online services, don't pay anything electronically, don't shop online, don't play online etc.

OH NOES, GOOGLE KNOWS WHAT I'VE BOUGHT

Oh wait.

They already do!

So your response to illicit data sharing is that it's the users' fault for doing something online? Well how acceptable would you consider it if your local storekeeper chose to gossip with your vicar/doctor/sheriff about what you bought from them?
You've made a conscious choice to put such data online. This topic is about GOG making that decision for you, regardless of your preferences.

PS: nice artwork.

Heh, reminds me of Queen Aleena from Sonic Underground. Although, neither Sonic's two siblings nor their mother runs like that... I never watched that show as a kid, but only found out about it a few years ago. I'm not sure I watched any Sonic series, though I did read a few comic books.

This thread needs some dramatic music ^^ !

He almost certainly does... unless he just doesn't care.
Dwellers of "small" towns everywhere have invented two basic ways of dealing with such issues: not doing things others might gladly discuss on one hand and not giving a fuck on the other.

Threads like this tend to upset me, since despite my desperate attempts to fit in, it seams more and more obvious that not even paranoid schizophrenics are a group to which I truly belong ;P.

The logic is a bit flawed here, because if that was the case, your issue will be moot: direct access to GOG database would grant FAR MORE personal informations, so the data passed to Google Analytics would be completely useless in comparison and the least of your problems...

Oh I know, I was just trying to poke fun.

Also, I don't really keep my real name and my er, internet name separate. I don't really do much of anything that could get me in trouble.

By the way, I didn't make that post. I just reblogged it. :p

Too late! Your Wonder Woman/Queen Aleena fetish has now been exposed to all!

Let the mockery commence... :)

Actually, it's more like "Has Google been illegally told what you've bought?"

Breaking Data Protection laws can get companies in a lot of trouble. We'll have to wait and see what they say though.