|And I still don't trust mainstream games, or game services companies enough to install anything they distribute.|
November 2011 hack
On November 6, 2011, Steam temporarily closed the community forums, citing potential hacking threats to the service. Subsequently, on November 10, Valve reported that the hack included a compromise of one of their customer databases, potentially allowing the perpetrators to access customer information including encrypted password and credit card details. At that time, Valve was not aware if the intruders actually accessed this information or discovered the encryption method, but warned users to be alert for fraudulent activity.
The company ReVuln, a commercial vulnerability research firm, published a paper in October 2012 that claimed the Steam browser protocol was posing a security risk by enabling malicious exploits through a simple user click on a maliciously crafted steam:// URL in a browser. The report was taken up by various online publications. As the second serious vulnerability of gaming-related software, following a recent issue with Ubisoft's copy protection system "Uplay", it led the German IT platform "Heise online" to recommend strict separation of gaming and sensitive data, e.g. by using a dedicated gaming PC or at least a second Windows installation, or minimally a dedicated gaming account with limited rights on the gamer's own PC.
|Accusations of spying|
Origin's end-user license agreement (EULA) gives EA permission to collect information about users' computers regardless of its relation to the Origin program itself, including "application usage (including but not limited to successful installation and/or removal), software, software usage and peripheral hardware." Initially, the EULA also contained a passage permitting EA to more explicitly monitor activity as well as to edit or remove material at their discretion. However, this section was removed following an outcry over privacy implications. That outcry was fueled in part by pictures and video captured by several German gamers which showed Origin accessing tax programs and other unrelated software, as well as a report by the news magazine Der Spiegel investigating the allegations. In response to the controversy, EA issued a statement claiming they "do not have access to information such as pictures, documents or personal data, which have nothing to do with the execution of the Origin program on the system of the player, neither will they be collected by us." EA also added a sentence to the EULA stating that they would not "use spyware or install spyware on users' machines," though users must still consent to allowing EA to collect information about their computers.
Situation in Germany
According to reports in German newspapers, the German version of Origin's EULA violates several German laws, mainly laws protecting consumers and users' privacy. According to Thomas Hoeren, a judge and professor for information, telecommunication and media law at the University of Münster, the German version of the EULA is a direct translation of the original without any modifications and its clauses are "null and void".
|For instance PunkBuster, it starts up silently as a system process and allows servers to get screenshots from you. What guarantee does one have that it cannot be used to screencap your desktop?|
There is no ethical or regulatory oversight of Punkbuster or Even Balance. Based on their EULA they have complete access to a user's computer: their personal information, bank account information, online purchase history, or anything stored on the computer or viewable using its display. Punkbuster simply expects users to trust them. In PunkBuster's EULA, PunkBuster notes they are invasive, and that they reserve the right to inspect someone's entire harddrive and all of their files:
"Licensee understands and agrees that the information that may be inspected and reported by PunkBuster software includes, but is not limited to, Licensee's Internet Protocol Address, devices and any files residing on the hard-drive and in the memory of the computer on which PunkBuster software is installed." "Further, Licensee consents to allow PunkBuster software to transfer actual screenshots taken of Licensee's computer during the operation of PunkBuster software for possible publication." "Licensee agrees that any harm or lack of privacy resulting from the installation and use of PunkBuster software is not as valuable to Licensee as the potential ability to play interactive online games with the benefits afforded by using PunkBuster software."