Trying to discredit people because of the forum on which they discussed a topic, or because you view them as beneath your skill level, is a more than a little misguided, and frankly, disingenuous.

Epic themselves have admitted to copying Steam data and scanning running processes, as has been documented in various news articles. (example, example)

In any case, the point is not one particular incident or report, but rather that they have the capability, grant themselves permission to use it via their policy documents, and have earned distrust among a lot of gamers. Posting condescending emoji here doesn’t change that.

Edit: P.S. In future comments defending Epic, you might do readers the courtesy of stating up front that you are moderator of an Epic Games forum.

You might want to read my other comments elsewhere on this post.

Please keep in mind that no matter what technical measures you take, accepting Epic’s “free” games requires agreeing to their terms and conditions, which they can change after you get the games. I really don’t recommend it.

I do not recommend running Epic software at all.

You could download and play the games on a machine that is never used for any other purpose, but it would still be able to collect biometric data (mouse movement, keystroke patterns, voice if you have a microphone, etc.) and probe/fingerprint your network.

Short of a dedicated machine, the closest you’re likely to get is a hypervisor-based virtual machine. Of course, that won’t safeguard your biometrics or (in most cases) your network, either.

Such a machine would be safer if you never gave it network access, so it couldn’t exfiltrate any data that it had collected, but downloading games requires network access at some point, and it would only take milliseconds for a “helper” process (perhaps quietly installed or launched with the game) to leak the data.

In general, hostile code will always be unsafe. If it concerns you, it’s best to avoid it entirely.

Flatpak permissions are famously coarse, and its sandboxing mechanism is weak and full of holes. It can be useful for guarding against damage caused by programming mistakes, but I would not recommend it to anyone wanting protection from adversarial software.

Heroic Games Launcher doesn’t change the code in the game executable itself, so yes, it is still an issue when using Heroic.

One catch is that Epic’s mystery code is allowed to execute on your computer.

Note that I don’t mean just their launcher. Often, if not always, the games themselves are linked with Epic code, ostensibly for license checks and/or integration with Epic services. This gives them the ability to snoop on stored data, installed/executing processes, biometrics, etc.

Running those free games with an alternative launcher does not protect against this.

It’s not just a theoretical concern, either. Epic has already been caught copying Steam files, collecting friends play history, and scanning running processes.

https://www.resetera.com/threads/developing-epic-games-launcher-appears-to-collect-your-steam-friends-play-history-up2-valve-responds-see-threadmarks.105385/

https://old.reddit.com/r/fuckepic/comments/wakewr/epic_games_spyware_vs_steam_vs_as_comparision_ea/

https://www.pcgamesn.com/epic-launcher-spyware

I don’t trust them, their CEO, or Tencent (which owns a significant chunk of Epic), so I don’t run games that come from them.

Tencent owns a substantial portion of the company, and therefore has substantial access and influence. Nitpicking about the percentages is irrelevant.

Let’s be careful how we phrase things here. JavaScript form submission and navigation are choices, not needs.

Also, progressive enhancement / graceful degradation exists. When competent developers (or bosses) want script effects on our sites, we can include them and make the sites continue to function with scripts disabled. It might require more work, but it is absolutely possible.

Framing the script-based approaches to these things as if they were needs contributes to the problem, IMHO.

(I am referring to the vast majority of web sites, of course, not special-purpose web applications like games.)

Web developers are complicit in browser fingerprinting, by insisting that sites require JavaScript (or WASM).

All of us are complicit in browser fingerprinting, because we tolerate this script dependence.

IMHO, a web site being allowed to execute arbitrary code on visitors’ hardware should be an anomaly. The vast majority of them could be built to deliver the same information without requiring that inherently dangerous permission.

If you put a SIM into a phone that has power and cell access, then an association between the SIM and the phone’s IMEI will be recorded somewhere.

If your identity is linked to that SIM, then it’s only one more step to link your identity to the phone, of course. You’ll have to decide for yourself whether that’s unsafe for you.

human brains are weirdos.

Truer words were never said. :)

the reason people post pictures of text is to give proper attribution, but also to distance themselves from the content,

If only we had some way to reference an original source. Something like a figurative link, if you will.

If only there was a way to copy text, and then paste it someplace else. Sigh… unsolved problems.

0. Getting users to post text instead of screenshots of text.

It’s also behind a third-party captcha service, which can fingerprint your browser, and collect a history of which articles you read and what pages you come from to view them.

Last I checked, archive.org usually didn’t work when articles are paywalled. Has that changed?

In my experience, it depends on when the snapshot is made. If made early enough that the paywall was not yet in place (probably because publishers want their articles to be indexed by search engines) then it will not have the paywall.

One nice thing about archive.org’s mirroring is that they list all their snapshots of a page by date and time, so if the latest one contains a paywall, you can sometimes go back to the first one and find it with no paywall.

It would be interesting to see the annual global power consumption from design choices like this.

If I wanted to do this, I think I would start by getting to know the IT staff. This would:

• Help me to understand the challenges they face in getting their work done: what’s problematic for them, what’s helpful, what skills they already have, etc. This would eventually guide me in how to approach suggesting changes with minimal friction.
• Make me a familiar person to them, and allow opportunities to build trust in my skills, knowledge, and judgment. If this is established before I ever suggest a change, it could avoid some of the doubt and resistance that would surely come if a stranger walked up and pushed for changes. I want to be a friend, not a foe.
• Potentially identify an ally within IT: Someone who might already want to make the switch (perhaps because they’re tired of Microsoft’s BS) or at least agree that it would make sense. An ally on the inside would not only make it easier to get others to seriously consider the change, but also potentially help gather information about how MS Office is currently being used so that I could prepare equivalent LibreOffice workflows for users who need them.

I suggest taking your time, and saving Linux for later so that it doesn’t create more friction against moving to LibreOffice.

Hm… Those options make it seem like like you’re configuring a widget within the panel (like the application launcher and task manager widgets) rather than the panel itself.

It’s possible that the options we’re looking for were moved in Plasma 6, but I don’t have a Plasma 6 installation at hand, so I can’t look for their new location. Maybe someone else who sees this will be able to.