Since my first review and the developers response, the product has changed.
Drago Entertainment has addressed the criticism and defused the mechanics as far as can be seen. With the version 1.0.2.46397 is also the CrashReportClient.exe disappeared.
Whats left? Social platform ,- and advertising remains and they are optional... I have not to mention that companies like Facebook (inclusive Instagram), Twitter and Co have their own mechanics to track users with pixels and Cookies but in this case users must take action to activate them.
Edit: 18.05.2022
CrashReportClient.exe was implemented again.
Old review
In the game Gas Station Simulator by Movie Games S.A. and HeartBeat Games I noticed a strange behavior for the first time.
The game starts with the parameters
x:\Steam\steamapps\common\Gas Station Simulator\GSS2\Binaries\Win64\GSS2-Win64-Shipping.exe
Parameters: GSS2
x:\Steam\steamapps\common\Gas Station Simulator\Engine\Binaries\Win64\CrashReportClient.exe
Parameters: -READ=688 -WRITE=700 -MONITOR=1840
In the background, CrashReportClient.exe activates and monitors for the time being. As soon as irregularities occur,
Epic Games Datarouter telemetry is activated. Epic's Datarouter Telemetry is a highly invasive and flexible piece of spyware and used for Event telemetry and tracking. It's active in many games on Steam, other platforms and of course in Epic's game launcher as well. In this case it's used as crashlytics.
Different datarouter mechanics are known
[list]
Datarouter activation during game initialization or Launcher
Datarouter activation 30 seconds after reaching a main menu
Datarouter activation as crashlytics (as example here)
[/olist]
Not to forget this service has changed during the time. Depending on the game, the Datarouter telemetry linked with online constraints. No Internet? Telemetry off? No game... Bad luck for users, because they have to get virtually naked....
Epic's server and also
Amazon's AWS service is involved as a quasi endpoint and let alone one game itself can do callbacks to few dozend ipv4 adresses.
It should be noted that among other things, a window can open where users must confirm that data is being sent, but a connection has already been established on its own as a precaution.
WITHOUT consent. Including data records, unique Id's, hardware data and timestamp. Note... the crashlog itself has not been actively sent.
54.87.107.53
datarouter-weighted.ol.epicgames.com
ec2-54-87-107-53.compute-1.amazonaws.com
{
"Events" : [
{
"DateOffset" : "+00:01:01.667",
"EventName" : "SessionStart",
"Platform" : "Windows"
},
{
"AppDefaultLocale" : "en-US",
"CPUBrand" : "",
"CrashGUID" : "UE4CC-Windows-D51515A24261BC76DB8522A85C3B6842_0000",
"CrashReportClientVersion" : "1.0",
"CrashType" : "Assert",
"CrashVersion" : "3",
"DateOffset" : "+00:01:00.059",
"DeploymentName" : "",
"EngineData.Platform.AppHasFocus" : "true",
"EngineData.RHI.AdapterName" : "NVIDIA GeForce GTX 1080",
"EngineData.RHI.DriverDate" : "8-5-2021",
"EngineData.RHI.FeatureLevel" : "SM5",
"EngineData.RHI.InternalDriverVersion" : "30.0.14.7168",
"EngineData.RHI.IsGPUOverclocked" : "false",
"EngineData.RHI.RHIName" : "D3D11",
"EngineData.RHI.UserDriverVersion" : "471.68",
"EngineMode" : "Game",
"EngineModeEx" : "Unset",
"EngineVersion" : "4.25.4-14469661+++UE4+Release-4.25",
"EpicAccountId" : "78c27f1f77f941859d3d53ad18209238",
"EventName" : "CrashReportClient.ReportCrash",
"GameName" : "UE4-GSS2",
"GameSessionID" : "",
"LoginID" : "xxxxxx",
"PCallStackHash" : "xxxxxx",
"Platform" : "Win64 [Windows 10 (Release 2009) 64b]",
"PlatformCallbackResult" : "0",
"TimeOfCrash" : "637694539731180000",
"UserActivityHint" : "",
"UserName" : "",
"bHasPrimaryData" : "true",
"bInBackground" : "false",
"bIsOOM" : "false",
"bIsRequestingExit" : "false",
"bLowMemoryWarning" : "false"
}
]
}
Who then of course clicks on "send", gives the company even more of course
CrashReportClient.exe
At this point it should be noted again that anyone who cares about their own privacy and data sovereignty should remove the CrashReportClient.exe from the respective installation directory before playing. For
every game where it's found. Manual or by selfwritten
Tool.
Social Network tracking
From ingame-menu users can reach several services. Unfortunately, we get some more stuff like
Facebook Tracking pixel and clientlogging, same for Instagram (again Facebook), Twitter Event and Impressiontracking and last but not least, Discord with experimental reporting features, location metadata and more.
Summary
As usual, consumers are not being informed. The window which opens for error reporting sends data without agreement or user action and at the end of the line are big tech companies. Even for Gas Station Simulator here some people would say it's more or less harmless, but it's hidden and contains Unique identifiers, as well as player behaviour and is taken by self-evident by BigTech.
Again one more reason why people should look at their system. Singleplayer game with Internet connection? There is something wrong.
Till now, i have discovered around 120 ipv4 adresses by the Epic spyware in games and the launcher. An overview with more examples can be found at
Epic Games Inc company profile i created. German content, but code examples can be read.
For translation feel free to ask. For interested, there are also published host files with all related entries to secure any device from data theft by game companies and enhance your own privacy during gaming sessions.
