The paper isn't saying games are spying on you. It's saying that if someone decided to analyse the data about someone playing then they could infer certain things.
I mean sure I guess.
I'm pretty skeptical that this is really occuring though. I mean, to what end?
As someone who runs an online game we have text logs of user actions, yes. They sit there because it's useful debugging info. A server crash happens and we look at the logs of what the user was doing at the time. An exploit is reported and we look at the logs of what the user doing the exploit did so we can fix it. Etc etc.
I really don't know what nafarious thing people imagine is really occuring.
> I really don't know what nafarious thing people imagine is really occuring.
Unregulated anticheat software retaining user clipboard contents, sending/uploading arbitrary files, all window titles, all processes and computer and username, and any other IPs on LAN and ARP cache, sending in plaintext across country borders, ignoring GDPR/CCPA/etc.
In the meantime, most users with that anticheat software installed presume that it is simply looking out for them, in terms of eliminating cheaters in __ video game, and could not possibly be doing the nefarious things you mention. Yet, all of us working in software know this is not a far stretch, given the application is already designed to gather information about the environment surrounding the running game. We have a long way to go with software, put simply..
Pretty much this. I've worked in the field. If you do development work, drivers, and/or have installed certificates or root CAs that are "rare" or not installed on a large majority of machines, they absolutely WILL be uploaded.
If you are detected to be a reverse engineer based on running processes or otherwise, even if it has nothing to do with the game, expect significantly more surveillance too, up to and including literal streaming shellcode running from the server at the highest privilege level at any time, none of which you can control.
Anti-cheat software bundled with games is prevalent, it is in the company's interest to overreach with its data collection and fingerprinting, and users give them sufficient permissions to do so.
It'll depend on how much data is being reported back. For some games where users are asked to make certain moral choices, I figure you can infer a lot about someone by analyzing those choices.
Imagine if games like Mass Effect phoned home about the choices you took. You can build up a pretty complete psychological profile of someone based on their gameplay.
I really doubt that, honestly. You have no idea if those models are correct without comparing it to real personality of an actual person.
If anything, you'll be dumped into big buckets like "buys lots of cosmetic items", "usually makes good choices first", "likes to try breaking aspects of games", etc
I mean sure I guess.
I'm pretty skeptical that this is really occuring though. I mean, to what end?
As someone who runs an online game we have text logs of user actions, yes. They sit there because it's useful debugging info. A server crash happens and we look at the logs of what the user was doing at the time. An exploit is reported and we look at the logs of what the user doing the exploit did so we can fix it. Etc etc.
I really don't know what nafarious thing people imagine is really occuring.