Wednesday, October 23rd 2019
Pull the Plug on Unity Engine Telemetry with This Utility Under Development
Unity Engine powers a lot of games across platforms. The game engine includes a telemetry module that dials home every few minutes (depending on the game), pushing usage data and crash reports (if any). Some games, such as "Kerbal Space Program," allow you to opt-out from this telemetry, but even then the engine is known to dial home at game startup and at longer intervals, with far less amount of data.
TechPowerUp Forums member by the night and software developer by the day "R-T-B" created a nifty utility that can modify your game to completely strip it off Unity Engine telemetry, called UnityAnalyticsKiller. "Stop spying on my kerbals," reads the utility's GitHub page, describing UnityAnalyticsKiller as a game library replacement along with a ReadMe with some basic instructions. You can also inspect its source and build it by yourself if you're curious. R-T-B invites gamers and developers to test the utility and offer feedback in the TechPowerUp Forums thread here.
DOWNLOAD: UnityAnalyticsKiller by R-T-B
TechPowerUp Forums member by the night and software developer by the day "R-T-B" created a nifty utility that can modify your game to completely strip it off Unity Engine telemetry, called UnityAnalyticsKiller. "Stop spying on my kerbals," reads the utility's GitHub page, describing UnityAnalyticsKiller as a game library replacement along with a ReadMe with some basic instructions. You can also inspect its source and build it by yourself if you're curious. R-T-B invites gamers and developers to test the utility and offer feedback in the TechPowerUp Forums thread here.
DOWNLOAD: UnityAnalyticsKiller by R-T-B
21 Comments on Pull the Plug on Unity Engine Telemetry with This Utility Under Development
Be warned the source code is a little... strange in places. I wanted to make sure Unity dare not try and pretend it was their own. :laugh:
Good work on the utility, and hopefully it doesn't get stopped by Unity. Everybody is way more aware of being watched while on their own devices, and we should have the ability to deny access, even if it is just to understand what game we're playing.
And thanks to you and Dan for your work :)
Also, I got me my first issue report from a user. It's still sending some sort of GUID, the program name, and something that looks like duration of use but is so offkilter I think it's just random data.
Fix it in the morning, hopefully. Tis late here. But there was a heck of a lot of this from Unitys end, which was glorious:
Response
No content
Yeah, no content. That's right, you heard me! Would you like to hear it again, Unity?
However, it's pretty pushy. It monitors and calculates everything from how patient you are (using data like, how long you are willing to watch in game cutscenes or if you just skip them) to how social it thinks you are (yes, it does/can relay in game "chats" too). Based on all that, it is able to build a profile of you, to sell you god knows what with INGAME ads.
Most games don't use all this. But they could. Worse news? There's some kind of Remote "ConfigInterface" and it probably if I had to guess can remotely deploy these features for the publisher on a "changed my mind" whim.
Frankly, it's not about privacy anymore. The level of intrusion is just enough to bother me to get off my butt and do something about it.
Under GDPR and current legislation within the EU, is this level of data reporting without an explicit opt-in, even legal?
Regards,
Mathew
Anyhow, it puts my mind at ease to know that you've researched both the software and all the parties involved, and found it to be completely harmless and trustworthy. Further, I'm sure you also tested whether it has any impact on system performance, or most importantly, whether it might open millions of systems to any security vulnerabilities. You must have done all of this before posting your comment, I'm sure.
Nvm, found the post already and upvoted: KerbalSpaceProgram/comments/dls6l6
Good to see the mod community still alive and keeping us free of spyware data mining us and what we do constantly, it should be illegal to install this type of spyware.
*upvoted
KerbalSpaceProgram/comments/dls6l6
A cactus is basically a frog before he evolves to TPU status, is my explanation.
Oh, and there'll be a new bugfix release today. Hopefully we can make it even more silent.
I digress, telemetry is pretty much out of hand these days.
Clicking the button "Open Data Privacy Page" takes you to this in a browser:
I clicked the opt-out after the second or third time playing. I just clicked the "request my data."
24 hours?
To be fair to devs, a lot of them seem completely unaware of how badly Unity is handling this data on the opt-out part. They aparently don't get the opt-out error reports, so maybe Unity just shreds them. But it's still messed up.
Here is an opt-out error log still transmitting some limited data, even with my plugin:
github.com/R-T-B/UnityAnalyticsKiller/issues/1
Relevant JSON response from Unity Server in the log:
"connect": {
"enabled": true,
"limit_user_tracking": true,
"player_opted_out": true
},
"performance": {
"enabled": true
}
You will note that though the player has clearly opted out (""player_opted_out": true") it still thinks it's ok to track performance related things (connect is enabled, as well as performance logging).
An example of a transmitted "performance metric" packet that still slips through with my plugin (bug report currently up for this)
Content-Type: application/json
X-Unity-Version: 2019.2.2f1
Content-Length: 365
JSON [m:auto]
{
"common": {
"appid": "39811e89-d29d-4faa-bb01-997f3cda24f0",
"build_guid": "15721da0da695412299517d99c2e4d2a",
"deviceid": "unknown",
"localprojectid": "5be2ef0cdad9b1344ae103b0d475456b",
"platform": "LinuxPlayer",
"platformid": 13,
"sdk_ver": "u2019.2.2f1",
"session_count": 14,
"sessionid": 8372668789457274197,
"t_since_start": 3118069,
"userid": "1ddb05956cce640a48c123610a72c706"
}
}
I believe I can address this by building yet another dummy class for UnityEngine.UnityAnalyticsModule.dll That's a big dll (relatively speaking), but I'm trying. It's slow work. Dan was tired and may have just woken up. That slows me down, too.
github.com/R-T-B/UnityAnalyticsKiller/releases
1.7 branch for older Unity games still leaks data, and unfortunately, is in feature freeze for now with no fix in sight. Read about why and the options you have for now, here. Honestly, once Dan (my crazy, reverse engineering man) wrote the spec document for the classes, making this was crazy simple. I'm really just returning null everywhere. It was fun when v0.1 would sporadically try to transmit though, the Unity server on the other end kept sending ACKs (acknowledges) followed by a small pause and then a data packet containing a response saying "NODATA"
Basically, in english, the Unity server was saying "dude, that's a bunch of gibberish, can you try again?" Only to get the exact same response back...
v0.2 should transmit nothing beyond initial server "pings." I sure hope so. The wiresharks so far are really clean! It's out, btw.
The wiresharks unfortunately show we still have some dataleaks.
They are getting smaller each release. Unity code is like playing whack-a-mole sometimes.
Will work on it again tomorrow.