Is Epic Games spying on us?

What is this?
When this appears in the console:

"Log LogDerivedDataCache ../../../Engine/DerivedDataCache: Maintenance finished in +00:00:16.999 and deleted 0 files with total size 0 MiB and 0 empty folders. Scanned 8899 files in 11035 folders with total size 2567 MiB "

the following lines are (this has happened 5 or more times (with warning) with this pattern):

Warning      LogHttp                   00000A1565570A00: request failed, libcurl error: 65 (Send failed since rewinding of the data stream failed)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 0 (Found bundle for host: 0xa15031708a0 [serially])
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 1 (Re-using existing connection with host datarouter.ol.epicgames.com)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 2 (We are completely uploaded and fine)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 3 (TLSv1.2 (IN), TLS alert, close notify (256):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 4 (Connection died, retrying a fresh connect (retry count: 1))
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 5 (state.rewindbeforesend = TRUE)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 6 (Closing connection)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 7 (TLSv1.2 (OUT), TLS alert, close notify (256):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 8 (Issue another request to this URL: 'https://datarouter.ol.epicgames.com/datarouter/api/v1/public/data?SessionID=
%"I deleted this ID"
%7D&AppID=UEEditor.UnrealEngine.Release&AppVersion=5.3.2-0%2BUE5&UserID="I Deleted this ID"&AppEnvironment=datacollector-binary&UploadType=eteventstream')
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 9 (  Trying 100.26.71.44:443...)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 10 (Connected to datarouter.ol.epicgames.com (100.26.71.44) port 443)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 11 (ALPN: curl offers http/1.1)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 12 (SSL reusing session ID)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 13 (TLSv1.3 (OUT), TLS handshake, Client hello (1):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 14 (TLSv1.3 (IN), TLS handshake, Server hello (2):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 15 (TLSv1.2 (IN), TLS handshake, Certificate (11):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 16 (TLSv1.2 (IN), TLS handshake, Server key exchange (12):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 17 (TLSv1.2 (IN), TLS handshake, Server finished (14):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 18 (TLSv1.2 (OUT), TLS handshake, Client key exchange (16):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 19 (TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 20 (TLSv1.2 (OUT), TLS handshake, Finished (20):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 21 (TLSv1.2 (IN), TLS handshake, Finished (20):)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 22 (old SSL session ID is stale, removing)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 23 (SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 24 (ALPN: server accepted http/1.1)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 25 (Server certificate:)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 26 ( subject: CN=*.ol.epicgames.com)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 27 ( start date: Feb 28 00:00:00 2023 GMT)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 28 ( expire date: Mar 27 23:59:59 2024 GMT)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 29 ( subjectAltName: host "datarouter.ol.epicgames.com" matched cert's "*.ol.epicgames.com")
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 30 ( issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 31 ( SSL certificate verify ok.)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 32 (using HTTP/1.1)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 33 (necessary data rewind wasn't possible)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 34 (Closing connection)
Warning      LogHttp                   00000A1565570A00: libcurl info message cache 35 (TLSv1.2 (OUT), TLS alert, close notify (256):)
Warning      LogHttp                   Retry exhausted on https://datarouter.ol.epicgames.com/datarouter/api/v1/public/data?SessionID=
%"I deleted this ID" 
%7D&AppID=UEEditor.UnrealEngine.Release&AppVersion=5.3.2-0%2BUE5&UserID="I Deleted this ID"&AppEnvironment=datacollector-binary&UploadType=eteventstream

I want to believe that:

“it is not malicious and has nothing to do with my project. These warning messages in the Rider console for an Unreal Engine project indicate problems connecting to an Epic Games server during the data registration process. They do not suggest that you are being spied on…”

But I have seen so many things that have been trivialized by saying “it is not important, it is just routine and has nothing to do with your project” that I no longer believe anything.

What is EPIC Games going to say?

Employee1: "No, these warning messages in the Rider console for an Unreal Engine 5 project indicate problems connecting to an Epic Games server during the data registration process. They do not suggest that you are being spied on. "

Employee2: “The information provided in the warning messages is related to communication between your Unreal Engine 5 project and Epic Games servers. However, the specific nature of the connection and messages does not necessarily imply spying.”

Employee3: “The presence of libcurl messages in your logs indicates that your project is using the libcurl library to make HTTP requests. However, this does not necessarily mean that data from your project is being collected maliciously.”

ㅤ
ㅤ

Me: “Now I feel safe”

What if I hadn’t given a warning? I think this post would not exist.
ㅤ
ㅤ
ㅤ
I don’t think it’s of any use since if Epic has injected scripts we won’t be able to do anything.

ㅤ
Note: If you want to spy, what you can do is send an object serialized to binary through sockets and deserialize it where you receive it. So if it never gives a warning, I won’t see anything. In case you are interested in the code track. Now if you want to put an extra layer of security (encryption) on that serialized object, you can do that too.

Yes they are… That said… Is it 100% nefarious? @Tim_Sweeney is probably the only one that can answer that… But the answer is probably not… Why? Big Tim hails from an era where selling your grandma out for monetization (just because you can), is not really to be honest. Unlike most magnificent-seven founders, who feel obliged to completely ignore this point.

That said… If you search on the domain listed above, you’ll see Epic phone-home beacon telemetry is not exactly new. But lets be thankful at least, that Unreal is still by far the best looking engine that can still be used 100% air-gapped. So DEATH to Unity / Microsoft / Adobe / HP, or any other corp / c-suite that can’t even understand the argument being made here.

You can review the Epic Games privacy policy here. It covers all Epic Games subsidiaries and products, including Fortnite, so it is pretty broad in scope. In there you’ll find typical software practices like collecting analytics.

The last thing I’ll mention is that the file scanning from the Derived Data Cache is unrelated to your http requests. It’s just diffing your cached assets to make sure nothing needs to be re-cached.

Stephen, we both know one thing. Not everything that is said in the privacy policies facing the public is fulfilled or you may not know it.

Personally, I don’t really like it when someone does the same practices as Google or Apple regarding this issue.

I understand that you want to defend him, it is respectable. If I were you I would do the same. But I have the advantage of not working for EPIC and being totally transparent.

I’ll give you 5 cents (EPIC insider knowledge). What approximately ~90% of EPIC staff know is about the privacy policies and their use. The other 10% I’ll just say, they know a little more about it.

In any case, nothing more can be done nor am I interested in saying anything since yesterday (Yesterday afternoon the Holy Virgin Mary appeared to me and made me see the sky).

I think it is recommended and it would be positive to leave the issue as it is for the benefit of the community.

Note: Stephen is referring to the cache. I am referring to the CURL requests.
ㅤ
ㅤ
ㅤ
ㅤ

If any administrator feels like deleting the post, they have my permission.

Anyone ever gotten anything useful out of Epic’s privacy policy? Not sure Max Schrems / Johnny Ryan or even AI, could get much out of it. Privacy policies are the biggest joke in tech ever. Its not what lawyers opt to disclose, its what the programmers and partners are actually doing that counts.

1. Got questions about the strange behavior of the Launcher? How it opens up so many ports across so many different services? Amigo and other users raised questions about this years ago, but Epic revealed → NOTHING. Ban the Launcher from production rigs.

2. Got questions about Epic’s use of 3rd-party trackers like ‘New-Relic’ → NOTHING.

3. Got questions about the Editor and phone-home telemetry → NOTHING.

4. Got questions about Discourse telemetry → NOTHING.

5. Epic’s privacy policy doesn’t even load (enforced javascript + invasive attempts to fingerprint users). Who does that, seriously??? Privacy policies should always be viewable no matter what, without VPN-blocks or attempts at user fingerprinting. No wonder Epic got hit with 0.5 billion dollar fines for data-protection offenses… Do better Epic… Be more transparent…

@Tim_Sweeney

I think that they don’t need that

Anyway, I came to this post 'cause a week ago I noticed my output log being spammed with yellow lines every few minutes. I tracked down the address (https://datarouter.ol.epicgames.com) in the source code and it’s used in 3 files:

• EngineAnalytics.cpp
• AutomationAnalytics.cpp
• DumpMaterialShaderTypes.cpp

I actually care more about this constant spam than Epic reading my machine specs :

image1841×659 190 KB

You did good by posting this. Imo yes they are doing things behind developers’ backs and i suspect some employers might be in on it. It is definitely not ok. I’ve seen code in the game engine that looks snatched from certain projects, they either spied on certain systems or the employers sold something without the consent of the workers involved to epic, there might be stooges placed in certain countries or companies, i have reasons to suspect that might be true. I’ll leave it at that. This world is too ■■■■ corrupt. Hope i’m wrong. I found the consent window in the editor preferences as one of you pointed out in this section, however, it is by default set to collect, and chances are you will never ever be told about it.

Untitled-11600×1255 369 KB

Right now I’m working on springboot and react for the web, I’ll be back here shortly to see what’s going on on this topic.
Since both the website and the application with UE5 take up too much of your time…
ㅤ
I remember that when the NVIDIA water plugin came out that integrated with UE, magically shortly after UE already had it by default with the plugin.

NVIDIA: Nvidia PhysX RealTime Water Physics Demo # 2_720p) - YouTube
EPIC+NVIDIA: Unreal Engine Physics Simulation (youtube.com)
Shortly after, water ocean came out. Call it a coincidence of fate. Water Plugin

Is that copying?.. well, we can say that Unity took longer to implement it.
ㅤ
The only one who can reverse engineer any UE project is EPIC… So if there is some “nice” functionality in some game, EPIC can get that functionality. I don’t think I’m saying anything wrong by saying this. Sometimes the employees pretend to be Swedish and say that I am totally wrong.