It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
high rated
I think, Im kinda late for party, but whatever. At the begining - thanks so much for @Gamer7281 for tip about dlls, @skeletonbow for IPs and @plagren for highlighting my little gogmix :D

Talking about third party telemetry - I think, GoG has no way to exclude it (ever most (if not all) of unity developers cant do that), as they have no access to source codes. Its all belong to devs. But, from GoG's side - they could, atleast, somehow highlight games, that may harm your privacy. Whatever - if they cant, we (users) can do so, right?

But, what really dissapointed me, is that GoG does same here. On galaxy page ( https://www.gog.com/galaxy ), they say, that they "We deeply respect our users, so we’ve also built GOG Galaxy to respect your privacy. We don’t track your personal data... we don’t even look for it.". Moreover - in p 7, they say "If you want to make sure that we receive no information at all, the client can still function in offline mode.". But, as you said above - ever if you have no client installed at all, games with galaxy features will still try to connect to GoG's servers, which is, as minimum, lie from their side.

I want to be smart person and really dont want to harm anyone, including gog team, without reasons, so - my quesiton is: since this thread is month old stale, did they patch information leak, highlighted by topicstarter, recently? Or it still exist?
Post edited April 20, 2017 by Gekko_Dekko
high rated
avatar
Gamer7281: In short, what is GOG current and future stance on telemetry on all their products and services? Including both Galaxy, Non-Galaxy, and Galaxy compatible games as well.
I don't know what GOG's "stance" is on telemetry, but Galaxy gathers telemetry itself and reports back to GOG owned domains, as well as a 3rd party domain. It appears to all be related to helping automatically diagnose Galaxy client crashes. Some parts of the GOG website also gathers such data I believe. I seem to recall the new support website using a 3rd party service or something but would have to check.

As for what actual data is transmitted to GOG or 3rd parties, that's unclear as it is encrypted over TLS. I block all traffic outbound by default and only allow connections necessary for a given program to work, so the telemetry stuff is blocked here.

Also, they're using Microsoft Visual Studio 2015 and by default it built telemetry gathering into all executables that were built with the compiler, and that data would feed back directly to Microsoft. Developers were unaware of this but it hit the news last year and many application developers updated their apps to turn off this "feature", and I believe GOG did as well but I'd have to investigate to be sure.


avatar
Gekko_Dekko: I think, Im kinda late for party, but whatever. At the begining - thanks so much for @Gamer7281 for tip about dlls, @skeletonbow for IPs and @plagren for highlighting my little gogmix :D

Talking about third party telemetry - I think, GoG has no way to exclude it (ever most (if not all) of unity developers cant do that), as they have no access to source codes. Its all belong to devs. But, from GoG's side - they could, atleast, somehow highlight games, that may harm your privacy. Whatever - if they cant, we (users) can do so, right?

But, what really dissapointed me, is that GoG does same here. On galaxy page ( https://www.gog.com/galaxy ), they say, that they "We deeply respect our users, so we’ve also built GOG Galaxy to respect your privacy. We don’t track your personal data... we don’t even look for it.". Moreover - in p 7, they say "If you want to make sure that we receive no information at all, the client can still function in offline mode.". But, as you said above - ever if you have no client installed at all, games with galaxy features will still try to connect to GoG's servers, which is, as minimum, lie from their side.

I want to be smart person and really dont want to harm anyone, including gog team, without reasons, so - my quesiton is: since this thread is month old stale, did they patch information leak, highlighted by topicstarter, recently? Or it still exist?
If you use Galaxy, it does connect to the list of domains I mentioned previously, as well as some additional ones I've discovered since then, some of which are new. Individual games may connect to just about anywhere and that may change from one game update to another and it's beyond GOG's knowledge or control for the most part.

The only way to know for cure that a game or program isn't "phoning home" behind the scenes is to have a default deny firewall and actively admin it with a fine toothed comb, which is something most people just are not comfortable nor knowledgable to do unfortunately.

The only safe assumption one can make is to treat the gun as loaded and assume that all games phone home and talk to the remote end possibly just gathering data such as game news or whatnot, but also possibly transmitting usage information or other telemetry, and that in some cases they do it even without the developer's own knowledge thanks to Microsoft (if the developer hasn't become aware of that and purposefully disabled it on their end).
Post edited April 21, 2017 by skeletonbow
avatar
plagren: Judging by this they're OK with it.
^ This mix:
Its unity game. https://unity3d.com/legal/privacy-policy There is no way to turn telemetry off, other than add this game into firewall's blacklist.
Spyware is optional (for the developer) in Unity.
high rated
avatar
skeletonbow: ...As for what actual data is transmitted to GOG or 3rd parties, that's unclear ...
Well, a quick look into CD PROJEKT RED – Gwent – Privacy Policy gives a good idea, what is actually collected. By far too much, if you ask me. Take a look at "4. WHAT INFORMATION IS COVERED?".
Post edited April 22, 2017 by DeMignon
high rated
avatar
plagren: Judging by this they're OK with it.
avatar
Starmaker: ^ This mix:

Its unity game. https://unity3d.com/legal/privacy-policy There is no way to turn telemetry off, other than add this game into firewall's blacklist.
avatar
Starmaker: Spyware is optional (for the developer) in Unity.
there should be wall of text, but GoG removed my reply, when I've tried to quote few people at once, for some reason. So, I ll just quote unity's privacy policy and note, that all (like 30) of paid singleplayer unity games, I've played on pc, tried to "call home" on boot. And it wasnt developer's site or steam, but one of adresses, belong to unity.

I play a game built with Unity software, what should I know?

A: Unity has probably collected some or all of the following information about your device: unique device identifiers (e.g., IDFV for iOS devices and Android ID for Android devices) ); IP address; country of install (mapped from IP address); device manufacturer and model platform type (iOS, Android, Mac, Windows, etc.) and the operating system and version running on your system or device; language; CPU information such as model, the number of CPUs present, frequency, and instruction set support flags; the graphics card type and vendor name; graphics card driver name and version (example: "nv4disp.dll 6.10.93.71"); which graphics API is in use (example: "OpenGL 2.1" or "Direct3D 9.0c"); amount of system and video RAM present; current screen resolution; version of the Unity Editor used to create the game; sensor flags (e.g., device support for gyroscope, touch pressure or accelerometer); application or bundle identification ("app ID") of the game installed; unique advertising identifiers provided for iOS and Android devices (e.g., IDFA or Android Ad ID); and a checksum of all the data that gets sent to verify that it did transmit correctly. Some Unity developers use Unity’s analytics and ad services which collect additional information
Post edited April 23, 2017 by Gekko_Dekko
avatar
skeletonbow: If you use Galaxy, it does connect to the list of domains I mentioned previously, as well as some additional ones I've discovered since then, some of which are new
But if you dont? Gamer7281 mentioned, that
avatar
Gamer7281: Was playing Legend of Heroes Trails in the Sky, single player game, with Wireshark running in the background. Noticed things were being sent to Europe with "GalaxyService" as message. Galaxy not installed on computer.
Is it still a thing? Thats actually reason, why I was intrigued by this thread. Or you can just get rid of galaxy.dll and calm down, and nothing will break? Or you wont get galaxy.dll, if you downloaded game from browser? I didnt buy/update anything for a long time and have no idea, how it works now, since galaxy left beta and many games got its support

avatar
skeletonbow: The only way to know for cure that a game or program isn't "phoning home" behind the scenes is to have a default deny firewall and actively admin it with a fine toothed comb, which is something most people just are not comfortable nor knowledgable to do unfortunately.
Whitelists?
Only problem with firewalling is that you will have fun time, setting it up, if you ll wish to play with your friends over network, but dont want to leak your info to someone else (ya-ya, I know, that its not always possible, coz of ways, some games netcoded. No need to note)
Post edited April 23, 2017 by Gekko_Dekko
high rated
Kind of necro, but anyway.

Bought Grim Dawn on this sale. Downloaded galaxy-free version from site. Game tries to connect somewere on each launch. Galaxy.dll exist, but you cant remove it, coz game will insta-crash with error about missing dlls.

Maybe Im unlucky, since other games, I own on GoG so far (torchlight, nwn and so on - old titles, overall), still feature trully galaxy-free installers on downloads page. But thats it
Post edited April 18, 2018 by Gekko_Dekko
avatar
Gekko_Dekko: Kind of necro, but anyway.

Bought Grim Dawn on this sale. Downloaded galaxy-free version from site. Game tries to connect somewere on each launch. Galaxy.dll exist, but you cant remove it, coz game will insta-crash with error about missing dlls.

Maybe Im unlucky, since other games, I own on GoG so far (torchlight, nwn and so on - old titles, overall), still feature trully galaxy-free installers on downloads page. But thats it
Yes, its been like it for a while on various games. Victor Vran does a dial home also, there have been others. Need to be careful and block them with firewall. As for the galaxy.dll, again thats been around as long as galaxy. It is there for two purposes, first to handle calls for achievements and things like that, otherwise they might break, but it doesn't actually do anything as it doesn't link anywhere. Much like the steam.dll found in some installs.

Second is to provide a hook for if you might install galaxy later, so galaxy can pick up the install. Thats my understanding anyways.

Afraid that is where we are, its not going to go away and it will just get worse and worse each release as more galaxy features are implemented and classic installers are edged further out the door.
avatar
Gekko_Dekko: Kind of necro, but anyway.

Bought Grim Dawn on this sale. Downloaded galaxy-free version from site. Game tries to connect somewere on each launch. Galaxy.dll exist, but you cant remove it, coz game will insta-crash with error about missing dlls.

Maybe Im unlucky, since other games, I own on GoG so far (torchlight, nwn and so on - old titles, overall), still feature trully galaxy-free installers on downloads page. But thats it
avatar
nightcraw1er.488: Yes, its been like it for a while on various games. Victor Vran does a dial home also, there have been others. Need to be careful and block them with firewall. As for the galaxy.dll, again thats been around as long as galaxy. It is there for two purposes, first to handle calls for achievements and things like that, otherwise they might break, but it doesn't actually do anything as it doesn't link anywhere. Much like the steam.dll found in some installs.

Second is to provide a hook for if you might install galaxy later, so galaxy can pick up the install. Thats my understanding anyways.

Afraid that is where we are, its not going to go away and it will just get worse and worse each release as more galaxy features are implemented and classic installers are edged further out the door.
Hm, i remember a while ago seeing the windows firewall coming up for some games. I assumed since it hasn't been bugging me that nothing's been asking for access. Now that i think about it, i might've disabled the asking for all the problems it was causing. Anyone know off hand how to get a list of what is and isn't allowed outgoing connections? Might be handy to see what's been asking for access and been automatically allowed. Might also be helpful to see how to lock it down.

EDIT: FIgured it out myself. Sure enough, many programs are set to allow connections through. Given so many games tend to throw the firewall into a fit when i installed them before and accessed multiplayer menus, i find it strange that games with no multiplayer have entries in the firewall. I find this very concerning, and alot of these are very obscure.
Post edited April 18, 2018 by kohlrak
avatar
nightcraw1er.488: Yes, its been like it for a while on various games. Victor Vran does a dial home also, there have been others. Need to be careful and block them with firewall. As for the galaxy.dll, again thats been around as long as galaxy. It is there for two purposes, first to handle calls for achievements and things like that, otherwise they might break, but it doesn't actually do anything as it doesn't link anywhere. Much like the steam.dll found in some installs.

Second is to provide a hook for if you might install galaxy later, so galaxy can pick up the install. Thats my understanding anyways.

Afraid that is where we are, its not going to go away and it will just get worse and worse each release as more galaxy features are implemented and classic installers are edged further out the door.
avatar
kohlrak: Hm, i remember a while ago seeing the windows firewall coming up for some games. I assumed since it hasn't been bugging me that nothing's been asking for access. Now that i think about it, i might've disabled the asking for all the problems it was causing. Anyone know off hand how to get a list of what is and isn't allowed outgoing connections? Might be handy to see what's been asking for access and been automatically allowed. Might also be helpful to see how to lock it down.

EDIT: FIgured it out myself. Sure enough, many programs are set to allow connections through. Given so many games tend to throw the firewall into a fit when i installed them before and accessed multiplayer menus, i find it strange that games with no multiplayer have entries in the firewall. I find this very concerning, and alot of these are very obscure.
Yes, I always block any app trying to contact. If it breaks somewhere down the line then I might go in a put in a manual exclusion, or I just bin the app. Unfortunately the world has moved to a stage where being offline is almost unthinkable, and this filters down into all development new and old, even going back and adding galaxy items to old games.
Only safe way now is to turn of the net altogether, unplug the cable. Even then its likely amazon or facebook have a drone camera looking through your window monitoring everything you do!
And if you think that's far fetched:
http://www.bbc.com/news/av/science-environment-43775593/uk-spacecraft-watches-moving-vehicles
Its just around the corner.
avatar
kohlrak: Hm, i remember a while ago seeing the windows firewall coming up for some games. I assumed since it hasn't been bugging me that nothing's been asking for access. Now that i think about it, i might've disabled the asking for all the problems it was causing. Anyone know off hand how to get a list of what is and isn't allowed outgoing connections? Might be handy to see what's been asking for access and been automatically allowed. Might also be helpful to see how to lock it down.

EDIT: FIgured it out myself. Sure enough, many programs are set to allow connections through. Given so many games tend to throw the firewall into a fit when i installed them before and accessed multiplayer menus, i find it strange that games with no multiplayer have entries in the firewall. I find this very concerning, and alot of these are very obscure.
avatar
nightcraw1er.488: Yes, I always block any app trying to contact. If it breaks somewhere down the line then I might go in a put in a manual exclusion, or I just bin the app. Unfortunately the world has moved to a stage where being offline is almost unthinkable, and this filters down into all development new and old, even going back and adding galaxy items to old games.
Only safe way now is to turn of the net altogether, unplug the cable. Even then its likely amazon or facebook have a drone camera looking through your window monitoring everything you do!
And if you think that's far fetched:
http://www.bbc.com/news/av/science-environment-43775593/uk-spacecraft-watches-moving-vehicles
Its just around the corner.
If you'd like, i have some better examples. I've talked over teamspeak already, only to get advertisements on facebook hours later revolving around the topic on teamspeak (on more than a few occasions). Mind you, I wasn't googling the topic. And that's not even the scariest.
avatar
nightcraw1er.488: Yes, I always block any app trying to contact. If it breaks somewhere down the line then I might go in a put in a manual exclusion, or I just bin the app. Unfortunately the world has moved to a stage where being offline is almost unthinkable, and this filters down into all development new and old, even going back and adding galaxy items to old games.
Only safe way now is to turn of the net altogether, unplug the cable. Even then its likely amazon or facebook have a drone camera looking through your window monitoring everything you do!
And if you think that's far fetched:
http://www.bbc.com/news/av/science-environment-43775593/uk-spacecraft-watches-moving-vehicles
Its just around the corner.
avatar
kohlrak: If you'd like, i have some better examples. I've talked over teamspeak already, only to get advertisements on facebook hours later revolving around the topic on teamspeak (on more than a few occasions). Mind you, I wasn't googling the topic. And that's not even the scariest.
Well, the most worrying thing recently has been the facial recognition software push, ever been on a picture uploaded there, well, you have been scanned. So much for phone unlocking with facial recognition, fb will be able to do that on all phones soon.
avatar
kohlrak: If you'd like, i have some better examples. I've talked over teamspeak already, only to get advertisements on facebook hours later revolving around the topic on teamspeak (on more than a few occasions). Mind you, I wasn't googling the topic. And that's not even the scariest.
avatar
nightcraw1er.488: Well, the most worrying thing recently has been the facial recognition software push, ever been on a picture uploaded there, well, you have been scanned. So much for phone unlocking with facial recognition, fb will be able to do that on all phones soon.
That bothers me, too. It'd be cool if no one would use that data maliciously, but Uncle Sam cannot be trusted.
high rated
Below are some fragments from a post I made in a thread about Unity engine telemetry.


Here's a blog from Windward's developers confirming that Unity collects some anonymous statistics about hardware. Windward is made with Unity 4, I think, and it doesn't create those analytics files, but it tried to reach the internet first time I launched it. As I don't play multiplayer, I block all the games in the firewall.

The Unity 5 games will create their config, analytics and save files inside the folder:
C:\Users\*user name*\AppData\LocalLow\*company or dev's name*\*game's name*\

Here can be a bunch of folders and/or files, but what you need to look for is the Unity folder, which keeps the analytics files, so you'll see something like this:
\Unity\*big string of letters and numbers*\Analytics\ArchivedEvents\

Inside the ArchivedEvents folder are lots of other folders which contain 2 small files, e and s. You can safely delete everything in this folder. Those 2 small files can be viewed with a text editor, like Notepad.


I personally make a custom entry in CCleaner for every game that makes this crap. People who don't know about this, will probably have thousands of these files and folders. Or maybe they get deleted after are sent to those servers? Don't know, I won't give it internet access to test it. So it wasn't enough that many Unity games run like crap, now they're filling our drives with telemetry junk.
high rated
The problem with Unity games is that you can't really figure out much without having super-pro level of reverse-engineering skills.

It's a closed source proprietary code. Wireshark will only show you encrypted traffic for the parts that are interesting.

I would not be surprised if Unity games end up disclosed to have a way to harvest all metrics stored on a specific machine. Unity loves its data too much for me to be comfortable with, even though I firewall anything trying to knock on the gateway without a damn good reason.

Interestingly enough, a lot of games on GOG require localhost loopback or they crash... and that itself could be used to hook into svchost.exe to get access to network (Windows relies on it to maintain network connection, so unless you have a really fancy firewall that will differentiate between each instance of it running, you're SOL on blocking things).

Mostly, though, I'm concerned at GOG's direction lately. More and more it smells like they are planning to cash in on their userbase metrics. It's a company, that data sure is in demand, but I'd like to have one goddamn source of games that won't fuck me over on the flip-back.