Where does the attitude of complete transparency come from?

A bit of different question/discussion.
I’m a fairly new player, starting with DE in the beginning of the year and I am a bit baffled by the transparency in this game.

Every match I play online can be found online, my complete match history, including dates, time and opponents. Now AoE.net even allows to download the replay files, which include the chat, and casters like t90 have been asking for things like this, as if this would be something completely normal and required.
Though I can understand, that for people like him it is useful, I really am wondering if this does not kind of breach at least EU privacy laws, or what the general attitude in the community is.
I honestly find it a bit worrying, that if someone knows my steam name, they can find out the exact time and date when I played, and even can check what I talked about with my opponents/team mates.

The transparency is only for the ranked queue, which is still controversial but the reasoning is that since these are competitive games that determine ranking, they are public. During the games spectators can watch you too.

You can create unranked lobbies that disable spectating or game recording, and unranked replays aren’t auto-uploaded to the server.

I really don’t like it, and even unranked games have their results tracked. I gave an analogy in a previous post on this subject that it’s like if you bought a physical chess set, and there was a legal obligation to report a result every time you get it out and put pieces on the board, even if you’re just playing about with it.

To me, the whole thing is just stalker-tastic and frankly rather weird. There’s even an app where you can “follow” (stalk) people and the app will tell you whenever they start playing. I can see it maybe being appropriate for the top x players on the 1v1 leaderboard, say the top 32, so it’s analogous to being in the drug testing pool for physical sports. So if there’s a ranked game where all players are in the top 32, sure, I can see a case for wanting complete transparency around those games.

What I’d like to see is:

1. Unranked games should be totally off the record. If anyone doesn’t like them being off the record, well I guess they could be on the record if all participants give their authorisation for that to happen for that game. There should not be a concept of “unranked ELO”, which totally defeats the point of having unranked play.

2. For ranked games, I’d like to see a second system, the two systems could maybe be called private and public. Public ranked would be the current system. Private ranked would be like the current ranked system, in that the game would maintain ELO to rank players, but nothing would be published. You wouldn’t even know your own ELO, or the ELO of your opponent. The idea of private ranked would be that you can just play for fun, without having to worry about any public record of your games being created, BUT you’d still play against people of similar ability, as the game really isn’t much fun when people of significantly different abilities play each other. If anyone wants a record to be created, then it’s their choice, they can choose to play a mode where that happens.

As it currently stands, the only way I can see to play the game and not be tracked is to have multiple accounts for different purposes to avoid the history of an account revealing information you don’t want to reveal.

I agree it all seems a bit questionable in terms of GDPR, but there are currently many companies doing things that are rather questionable, so the ability of the EU to take action is going to be saturated for a long time.

If your main concern about your privacy is people being able to watch your online matches, man, you have been watching the wrong show

You dont need to make a private elo rating. You dont need games to be public for it to trace elo. I think the game should just either have an in game option, or respect the steam option of being set to invisible, and not record those games. Platforms like steam have an invisible setting for a reason. Sometimes you just dont want people to know. Be it, because you have needy friends that wany to play with you, or having colleagues from work in your friend list, or whatever. I dont mind that people can see my game history, i find it kinda need actually. But exact timings of games are a bit too much, and i would like to have the option to opt out of it.

Its not an immediate privacy concern, it is more that i can easily imagine a situation where i would not want a work colleague for example being able to trace back which days I stayed up late gaming. Not being able to opt out of that is quite weird.

Multiplayer gaming is always a risk, IMO. No matter the game involved. There are streamers/scammers all around the globe that may violate privacy of other players.

I think it is the result of what most where used to see before DE. Voobly was the best platform to play this game competative. Every ranked games was saved and you could even see more from the game stats then you could see now.

Streamers really request this function, so they could still do there thing. I do agree this thinks seems questionable in terms of GDPR. But it feels like the EU dont really care about this game.

I have questions…

@MustySnizl
I struggle to see what anyone could possibly gain from the information from a AoE2 match that would be of a detriment to you. If you could you elaborate on your specific concerns, then we would be able to address them as to whether or not there is a real risk that needs to be dealt with.

From the few things that you mentioned…

• Steam Name - unless you have put your real name & location to be viewed publicly by everyone on your steam profile (if so then shame on you for even posting this) then what risk is it if a random person on the internet (RPOTI) is scrolling through a list of games and happens upon your name? Additionally, they would have no way of tying any identification to that random steam name (unless of course you have posted stuff on the internet tying your person info to that steam name).
• Time & Date Played - again why would it be a problem if a RPOTI is able to see the time & date of a random steam user?
• In-game chat - Do you really chat anything in the middle of a AoE2DE game that you would find incriminating or scared to be accessible on the internet? Even still, this chat is not tied to you, but to a SteamUserName that only gives away what personal information you allow…

If there is one thing that I have learned over the years it is the following. If you are concerned about privacy and security to such an extent where your online interactions give you cause for alarm … don’t browse the internet and don’t play online games because everything you do online is tracked and stored for someone to view.

When you came to this website:

• if you are like 77% of people, you used a computer that has windows that is storing information of your interactions locally and sending it to microsoft,
• if you are like 63% of people, you used chrome which sends & stores information of your online interactions to google
• if you are like any person alive on the internet, you used an Internet Service Provider who logs and keeps track every site you ever visited.

Also side note, if you are like 51% of people in the world, then you use social media platforms that take your personal information and sell it to the highest bidder.

AND did you know that I can click on your profile and learn your username, I can find out the exact time and date when you posted, and even can check what you talked with other users on this forum about (along with a host of other things about you).

image1155×644 181 KB

I really think that a website that lists the information from a game of age of empires 2 is the least of your privacy concerns …

Ah, this is a good specific example. For this specific case I would understand wanting to keep your specific game stats hidden . Perhaps this is something worth mentioning then to the Dev team for the functionality for users to be able to opt-out of public stats or make their profile private (like steam allows currently) etc.

The fact that other problems exist isn’t a reason to not tackle a problem. Yes, there is a question of priorities, but there’s also a question of likelihood of success. If the current publication of information on AoE II DE games is unpopular among players (I don’t know if it is or isn’t) then there would be a realistic possibility that it could change.

Seeing as none of the details in a match recording, including the chat, constitutes personally identifiable information - this breaches no EU GDPR or other privacy law elsewhere.

In fact, since players use the game’s matchmaking system and ranking system and the match itself takes place in their server - they are actually the owners of the recording,

Game chat is not a medium for private conversations either. If you want to engage in private conversations with whomever, do it outside the game.

It sounds like this colleague would be your Steam friend and also playing aoe2. I would want more such colleagues And why would you care if some of your Steam friends stay up late? Relax

There is some discussion here about this subject:

My view is that any data that has the potential to be de-anonymised should be regarded as personally identifiable information. Suppose Steam were hacked and their entire user database published. All the supposedly anonymised information that has been made available based on the premise that a Steam ID is anonymous then becomes linked to individuals. The possibility of this is so real and predictable that I’d argue the data should never have been regarded as anonymous in the first place.

All data has the potential to be de-anonymised. Your Steam ID is accessible to people outside of a match recording repository. Even when you simply match make, your Steam ID is visible to those you’re match made with.

Steam ID is hence not personally identifiable information.
You are right that Steam does hold actual PII that can be referred to by your Steam ID, but only in their internal databases and presumably in a manner that cannot be easily accessed by malicious actors (i.e. via encryption and active cyber security measures).

Just as an example, this forum’s name tag which isn’t PII (in my case, if you Google my name you’ll find my real world identity which I’m ok with). However, in Microsoft’s servers, the name tag/username is associated at least with an IP address which in itself is ultimately associated with your ISP’s billing account and hence one’s personal identity.

GDPR wasn’t meant to make internet communication impossible. It was only meant so PII managers will take reasonable measures to prevent privacy violations.

Also, remember the long EULAs nobody reads that you sign whenever you create a new account or even before you play a certain game? There are sections about privacy there where you consent to data associated with you to be available publicly - even where such a consent is not required by any law or regulation.

How this is different from what we had before? MS Zone and voobly already were collecting match data before DE just like all popular games nowdays (like league of legends). I think it was much worse previously as peer to peer connection allowed other players to know your ip address just by playing with you.

I’m not a legal expert, but my understanding of GDPR is that “take it or leave it” consent isn’t permitted. If they don’t need to use the data in a particular way to provide a service, then they can’t require you to consent to that usage to be able to use the service:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/consent/what-is-valid-consent/#!

“The GDPR is clear that consent should not be bundled up as a condition of service unless it is necessary for that service”

I said the exact opposite of that. Steam has a reason:

1. To have an ID associated with your account and have that ID be public for gameplay purposes.
2. To have your PII for billing purposes (and other stuff such as making sure you’re above a certain age for certain contents).

Despite having justifiable reasons, they still explicitly mention them in an EULA.

GDPR would prevent a situation where a service provider could demand to have your PII for no justifiable reason or demand to reveal your PII. This is clearly not the case.

Anyway, again, the public availability of game recordings and ranking ladders is by no means a violation of GDPR or any privacy law. And actually, the “take it or leave it” stipulation cannot be absolute as well. It is reasonable to have your Steam ID publicly available on a ranked ladder and have said games open for auditing to prevent cheating, smurfing, griefing, etc. It would have been equally reasonable to have such measures if you were a Sunday league football player or a chess enthusiast who takes part in official competitions.

GDPR wasn’t meant to be a law that backs paranoia. It’s simply a common sense standard of conduct where 1) service providers keep PII safe if they need it to provide their service and 2) service providers make a clear distinction between PII and other information. In Steam’s case, the fact that there’s no straightforward way to translate a Steam ID to any identifying information is sufficient.

Maybe its not a colleague, my guess its the BOSS

A boss who knows your Steam ID and knows how to use aoe2.net sounds scary indeed. You can’t hide from him