You guys are too kind... Tried posting this to reddit and got exactly one upvote (my own).

Be warned the source code is a little... strange in places. I wanted to make sure Unity dare not try and pretend it was their own. :laugh:

R-T-BYou guys are too kind... Tried posting this to reddit and got exactly one upvote (my own).

Be warned the source code is a little... strange in places. I wanted to make sure Unity dare not try and pretend it was their own. :laugh:

Reddit can be harsh. I once got downvoted to hell because I stated an SFF PC doesn't just have to be strictly less than 15 or 20 L in volume, or something like that. Like jeez! Sorry I gave an opinion!

Good work on the utility, and hopefully it doesn't get stopped by Unity. Everybody is way more aware of being watched while on their own devices, and we should have the ability to deny access, even if it is just to understand what game we're playing.

@R-T-B PM me the reddit post, you'll at least get an upvote from me. I'd also try posting in r/privacy
And thanks to you and Dan for your work :)

Dan is actually a real live human. True story.

Also, I got me my first issue report from a user. It's still sending some sort of GUID, the program name, and something that looks like duration of use but is so offkilter I think it's just random data.

Fix it in the morning, hopefully. Tis late here. But there was a heck of a lot of this from Unitys end, which was glorious:

Response
No content

Yeah, no content. That's right, you heard me! Would you like to hear it again, Unity?

Wow, great work, thanks!

This paranoia is too much even for me.

OctopussThis paranoia is too much even for me.

I'm not worried about paranoia. No one is going to validly worry about this being used to spy on them (it only works in game).

However, it's pretty pushy. It monitors and calculates everything from how patient you are (using data like, how long you are willing to watch in game cutscenes or if you just skip them) to how social it thinks you are (yes, it does/can relay in game "chats" too). Based on all that, it is able to build a profile of you, to sell you god knows what with INGAME ads.

Most games don't use all this. But they could. Worse news? There's some kind of Remote "ConfigInterface" and it probably if I had to guess can remotely deploy these features for the publisher on a "changed my mind" whim.

Frankly, it's not about privacy anymore. The level of intrusion is just enough to bother me to get off my butt and do something about it.

Thanks for this. Yet another thing that should be opt-in but gets done anyway. It's not paranoia to cut off active snooping and prevent any in the future ;).

Hmm.

Under GDPR and current legislation within the EU, is this level of data reporting without an explicit opt-in, even legal?

Regards,
Mathew

OctopussThis paranoia is too much even for me.

I probably own 20+ games on the list and had no idea this was running in the background. Not that I was particularly seeking out the info, but still.

Anyhow, it puts my mind at ease to know that you've researched both the software and all the parties involved, and found it to be completely harmless and trustworthy. Further, I'm sure you also tested whether it has any impact on system performance, or most importantly, whether it might open millions of systems to any security vulnerabilities. You must have done all of this before posting your comment, I'm sure.

GlacierNineHmm.

Under GDPR and current legislation within the EU, is this level of data reporting without an explicit opt-in, even legal?

Regards,
Mathew

I wondered that myself. My best guess is since it has geolocation determination code, it just shuts down in EU.

The EggI probably own 20+ games on the list and had no idea this was running in the background.

I agree it's an issue but we have to keep the facts here, fact is it only runs when your game runs. It is not a "background" process.

The EggI probably own 20+ games on the list and had no idea this was running in the background.

R-T-BI agree it's an issue but we have to keep the facts here, fact is it only runs when your game runs. It is not a "background" process.

Eh....semantics. It doesn't run in the foreground, nor does it make its presence readily apparent to the user in any way. I'd call that background process.

Thanks a lot for this effort to help others @R-T-B ! :toast: Much appreciated. And point us to the Reddit section of this to upvote your post.

Nvm, found the post already and upvoted: KerbalSpaceProgram/comments/dls6l6

R-T-BDan is actually a real live human. True story.

Also, I got me my first issue report from a user. It's still sending some sort of GUID, the program name, and something that looks like duration of use but is so offkilter I think it's just random data.

Fix it in the morning, hopefully. Tis late here. But there was a heck of a lot of this from Unitys end, which was glorious:

Response
No content

Yeah, no content. That's right, you heard me! Would you like to hear it again, Unity?

Does he have a banjo?


Good to see the mod community still alive and keeping us free of spyware data mining us and what we do constantly, it should be illegal to install this type of spyware.

R-T-BI'm not worried about paranoia. No one is going to validly worry about this being used to spy on them (it only works in game).

However, it's pretty pushy. It monitors and calculates everything from how patient you are (using data like, how long you are willing to watch in game cutscenes or if you just skip them) to how social it thinks you are (yes, it does/can relay in game "chats" too). Based on all that, it is able to build a profile of you, to sell you god knows what with INGAME ads.

Most games don't use all this. But they could. Worse news? There's some kind of Remote "ConfigInterface" and it probably if I had to guess can remotely deploy these features for the publisher on a "changed my mind" whim.

Frankly, it's not about privacy anymore. The level of intrusion is just enough to bother me to get off my butt and do something about it.

Holy crap man. If this were a movie that almost sounds like a plot to take over the world through games. Well done creating this kill switch :)

*upvoted

The EggEh....semantics. It doesn't run in the foreground, nor does it make its presence readily apparent to the user in any way. I'd call that background process.

I guess for a user it's semantics. Us coders are made of semantics.

HD64GThanks a lot for this effort to help others @R-T-B ! :toast: Much appreciated. And point us to the Reddit section of this to upvote your post.

Nvm, found the post already and upvoted: KerbalSpaceProgram/comments/dls6l6

Yep, post is by "CactusWeapon." Confusing reddit account, I know.

KerbalSpaceProgram/comments/dls6l6
A cactus is basically a frog before he evolves to TPU status, is my explanation.

Oh, and there'll be a new bugfix release today. Hopefully we can make it even more silent.

OctopussThis paranoia is too much even for me.

Just because you're not paranoid doesn't mean they're not out to get you.

I digress, telemetry is pretty much out of hand these days.

The first Unity game to make me suspect I was being tracked was Raft.



Clicking the button "Open Data Privacy Page" takes you to this in a browser:



I clicked the opt-out after the second or third time playing. I just clicked the "request my data."

24 hours?

UnityData is being processed. Come back in 24 hours.

I've seen a lot of evidence via error reports the opt-out is just a reduced mode too (basically reverts to performance data and crash reports). It sort of bugs me. Optout is not supposed to halfass optout, it's supposed to just kill it.

To be fair to devs, a lot of them seem completely unaware of how badly Unity is handling this data on the opt-out part. They aparently don't get the opt-out error reports, so maybe Unity just shreds them. But it's still messed up.

Here is an opt-out error log still transmitting some limited data, even with my plugin:

github.com/R-T-B/UnityAnalyticsKiller/issues/1

Relevant JSON response from Unity Server in the log:

"connect": {
"enabled": true,
"limit_user_tracking": true,
"player_opted_out": true
},
"performance": {
"enabled": true
}

You will note that though the player has clearly opted out (""player_opted_out": true") it still thinks it's ok to track performance related things (connect is enabled, as well as performance logging).

An example of a transmitted "performance metric" packet that still slips through with my plugin (bug report currently up for this)

Content-Type: application/json
X-Unity-Version: 2019.2.2f1
Content-Length: 365
JSON [m:auto]
{
"common": {
"appid": "39811e89-d29d-4faa-bb01-997f3cda24f0",
"build_guid": "15721da0da695412299517d99c2e4d2a",
"deviceid": "unknown",
"localprojectid": "5be2ef0cdad9b1344ae103b0d475456b",
"platform": "LinuxPlayer",
"platformid": 13,
"sdk_ver": "u2019.2.2f1",
"session_count": 14,
"sessionid": 8372668789457274197,
"t_since_start": 3118069,
"userid": "1ddb05956cce640a48c123610a72c706"
}
}

I believe I can address this by building yet another dummy class for UnityEngine.UnityAnalyticsModule.dll That's a big dll (relatively speaking), but I'm trying. It's slow work. Dan was tired and may have just woken up. That slows me down, too.

Nicely done RTB

Release v0.2 (for KSP 1.8/Unity 2019), with a possible fix for the data leak issue, has dropped.

github.com/R-T-B/UnityAnalyticsKiller/releases

1.7 branch for older Unity games still leaks data, and unfortunately, is in feature freeze for now with no fix in sight. Read about why and the options you have for now, here.

MusselsNicely done RTB

Honestly, once Dan (my crazy, reverse engineering man) wrote the spec document for the classes, making this was crazy simple. I'm really just returning null everywhere. It was fun when v0.1 would sporadically try to transmit though, the Unity server on the other end kept sending ACKs (acknowledges) followed by a small pause and then a data packet containing a response saying "NODATA"

Basically, in english, the Unity server was saying "dude, that's a bunch of gibberish, can you try again?" Only to get the exact same response back...

v0.2 should transmit nothing beyond initial server "pings." I sure hope so. The wiresharks so far are really clean! It's out, btw.

The wiresharks unfortunately show we still have some dataleaks.

They are getting smaller each release. Unity code is like playing whack-a-mole sometimes.

Will work on it again tomorrow.