Forum Thread
  Posts  
Issues with personal info when connecting accounts (Neo Scavenger) (Forums : Support : Issues with personal info when connecting accounts (Neo Scavenger)) Locked
Thread Options
Dec 6 2013 Anchor

So the developer of Neo Scavenger is issuing Steam keys to those that own the game on Desura, which includes me. But instead of simply issuing a key to our accounts as virtually every other developer has done, he has decided that we must connect our Desura accounts with the developer site, and in the process of connecting we must hand over our full legal name, email, location, and all of our Desura account details.

Setting aside how very unethical this is, I have a couple of questions about how this connection process works:

First of all, is the info that we must give over to the developer decided by him, or by Desura? In other words, is the information that is handed over (name, email, etc.) always the same regardless of where we are connecting our Desura account to, or does each developer dictate those pieces of information individually? I ask this because I see no justifiable reason why a developer should be able to require such personal details about us, and so I am assuming that this is the "default loadout" that has been set by Desura without any option to modify it.

Secondly and more importantly, is this a one-time transfer, or does the developer have continuous access to our info as long as our accounts are connected? For example, if we change our Desura email address/username/whatever at some time in the future, will they see the updated info on their end?

And lastly, can we disconnect our accounts whenever we like? And when we do (and assuming the developer did not copy/paste the information somewhere on their end), is the info deleted on their end?

Edited by: ThreeSon

grouchbag
grouchbag I art grouchier than thou.
Dec 6 2013 Anchor

I don't know all the answers,but my advice is don't do it! I am speaking from experience.

--

"sweet"  little old lady

TKAzA
TKAzA Community Manager
Dec 6 2013 Anchor

These are questions you will need to ask the game developer, Regarding your desura account informaiton... dont give away your account details ever.

Edited by: TKAzA

Dec 6 2013 Anchor

TKAzA wrote: These are questions you will need to ask the game developer, Regarding your desura account informaiton... dont give away your account details ever.


The developer would be unable to answer any of the questions I asked. All of them are Desura-specific questions. The ability to connect to third-party accounts is a feature of the Desura system, and I am looking for details on how that system is implemented here on Desura, not on the developer's side.

As far as not giving away my account details, I would love to not have to do that. But according to these instructions on how to connect my Desura account, giving away our details (minus our password) is part of the connection process.

Edited by: ThreeSon

Dec 6 2013 Anchor

Hey ThreeSon,

First off, let me apologize for the cumbersome key request process. It was an outgrowth of my old system for letting Desura and bluebottlegames.com customers have equal access to the other platform. When Steam keys finally became available, I piggybacked on the same key request system. Obviously, there were some use cases that I hadn't considered, and I'll probably have to come up with a new system next time.

That said, I can try to answer a few questions you had, though I'll understand if you prefer to hear it straight from Desura.

First, the information shared between Desura and developer sites defaults to the fields you described. Developers simply specify a URL to which the Connect process sends data, and a landing page for when it succeeds. The data is determined by Desura.

Second, the transfer is indeed a one-time transfer. When you click the Connect button, the data is sent, and unless you click it again, no more data is shared. In fact, the Desura documentation warns developers to not rely on most of the information as it may change at a later date. The field we are encouraged to key-on is your user ID number, which doesn't change.

To your third question, there is no mechanism in place to disconnect accounts at this time. I could probably manually do it, if you want. (Indeed, I think I must if you want, whether I wanted to or not.)

I'm not sure if it'll alleviate your concerns or not, but I've since updated my website with a privacy policy. Namely, I do not, and will not ever, share your personal data with any third parties. Not for profit nor for free. I don't like spam, and I don't like people sharing my info with other parties, so I don't do that to my customers. Indeed, I want as little to do with customer data as I can. I just want to make games, and the data is used to validate customer purchases.

Finally, if the above doesn't satisfy your concerns, I'm sure we can work out an arrangement where you skip my site entirely. Feel free to PM me on Desura, and I can get you your key that way.

Again, I apologize for the cumbersome nature of the key redemption, and even more so for appearing to be a privacy concern. Hopefully, some of the information above helps resolve this situation to your satisfaction!

Best,
Daniel Fedor
Founder, Blue Bottle Games

Dec 6 2013 Anchor

Alright. Thank you for responding. I personally trust you not to share my info or to mishandle it, if you say you won't. The issue comes 5 or 10 years down the line, when you've moved on, changed missions, sold to a publisher or some other unforseen event, and at that time your users' personal data you've been carefully guarding all those years is now out of your control. 5 years ago, Facebook's privacy policy was a couple of paragraphs and now it's a small novel, right? That's what I'm worried about.

But I'll take you at your word that you'll delete my data as soon as you've verified ownership. So I'd have no more qualms about linking my account with yours. My only remaining concern is about the inability to decouple the accounts. If the information transfer is only a one-time event, that's good, but if the accounts remain connected forever, what are the potential consequences for me? I personally can't think of any right now, I'm just trying to avoid a bad surprise somewhere down the line.

I know most of this is a problem that Desura needs to solve and not you, but until they do, whatever assurance you could give me would be great.

Dec 7 2013 Anchor

That's a fair point. I have no intentions of selling my company, but you're right that intentions could change in unforseen ways.

I reacquainted myself with the "Connect" code on my site, just to refresh my memory with what I'm tracking vs. not. It looks like I read the following fields and store them:

userid - the unique ID of the user on Desura
email - contact info for the user
username - non-unique (or at least non-permanent) username
checkout id - If this copy was purchased, this is the corresponding checkout ID. An ID > 0 indicates they have purchased this branch.
cd key - If a key or gift hash is connected to this install, it will be provided here.
date - Date this branch was installed.
first name
last name

Looking at the above, I could argue that email and first/last name are maybe useful for corresponding with customers, but not strictly necessary. Desura username is more of a convenience, too. I could probably strip those out with no issues, as the customer specifies their preferred username and email when registering at my site during the process, and I could just address them accordingly.

userid is a field I need to retain, just to avoid duplicate "Connect" attempts. And the remaining fields are, theoretically, useless to anyone except in that they can verify that you own the game on Desura.

As someone careful about the way their data is handled, which of those above fields seem like risks to you? And are any of those fields more or less risky if they are stored indefinitely vs. temporarily?

Regarding decoupling of the accounts, are you referring to my ability to read your Desura data at a later date? As far as I am aware, I only receive data when you click that "Connect" button, and any subsequent changes are invisible to me. Or do you mean erasing all the aforementioned data fields from my site?

Dec 7 2013 Anchor

I would say that the Desura fields that are innocuous (harmless no matter who obtains them) are userid, checkout id, cd key, and date. None of that info is anything I would consider "personal info" that could be used in an invasive manner by anyone. The username field is mostly harmless, as long as it in not combined with other, more personal data. However "ThreeSon" is not only my username on Desura but many other sites as well (my online identity, basically), so I'd prefer to keep as much control of it as I can.

If my username is paired with my email or my real first and last name, that's a major problem, because then whoever has that info (either you or someone else who acquires your website data in the future) can now identify me anywhere on the internet where I have used that moniker. I consider this to be a serious problem for Desura and something they need to rectify. There's simply no reason any connected account would truly need that info. The default information share should not include any personally identifiable data.

You said that name and email could be useful in customer relations, but I assume we'd have to provide an email to you anyway when creating our account on your site, so you'd already have that. And first and last name would only be needed in formal correspondence (legal or business matters), in which case you would almost certainly have learned it ahead of time.

As far as decoupling accounts: You mentioned before that there is currently no mechanism to disconnect our Desura and Blue Bottle accounts that you know of, but also that the transfer of information is only a one-time occurrence. My confusion is that those two facts seem to be contradictory, don't they? In other words, if I go through the connection process, and then 5 minutes later change my Desura email address, you would have no way of learning that new address - Are you completely certain of that? If so, do you know what purpose it serves for our accounts to be connected indefinitely, if the act of being "connected" doesn't provide either of us with any ongoing benefits?

I very much appreciate the time you've taken to help me with this, by the way; I know you're busy. Most of the time I can't get developers to even respond to a single question I ask, especially in regards to privacy concerns.

Edited by: ThreeSon

Dec 8 2013 Anchor

I think you're right about which fields are most sensitive. I could probably drop the username, email, first, and last name fields without disrupting the key assignment process, so maybe I'll look into doing that this upcoming week. Especially since the process involves specifying a new email that the user prefers to be used, so I should still be able to reach them if there are any issues.

Re: decoupling, I'm certain that I have no access to your data after the Connect process. So if you change your data after Connecting, I don't see the changes. Basically, the Connect feature sends a POST request to a webpage at my site with certain fields, and I use these fields to keep track of which Desura users have Connected already. There isn't a way for my site to query Desura again later, as Desura has no such API (that I'm aware of).

It's possible "Connect" is a misleading term, as this isn't opening a channel between two services as much as it is one service vouching for a user on another. E.g. Desura is telling me "yes, ThreeSon really is a NEO Scavenger customer, so grant him rights on your site accordingly." The "connection" is really just my site storing Desura userID 1234 as having claimed their connection, and the corresponding userID on my site.

Let me know if that makes sense. I know what I'm trying to say, but I might not be saying it well :)

And I'm happy to answer your questions. I believe being a game developer is running a business, and customers deserve to be treated with respect. Explaining what I do with personal info is an important topic!

Dec 8 2013 Anchor

Ok, that all sounds reasonable to me. I agree that "connecting" accounts may not be the best term to use, given the situation, although I can't think of a better term off the top of my head that would be clearer.

I went ahead an connected my accounts. If you could strip whatever information was gathered that you do not need, I would be grateful. In the future, if you were to provide an option to delete our Blue Bottle account completely, it would also be appreciated (presuming that were possible).

This probably goes without saying given all the questions I had for you, but the game is great and I really look forward to playing it whenever I can. Best of luck with whatever further updates and future games you have planned. :)

Dec 9 2013 Anchor

I've just finished making a few changes, and I think we're getting closer to a more privacy-secure arrangement.

This afternoon, I dropped the Desura username, first name, last name, and email fields from my database. Now, the connect feature just records Desura's userid and checkoutid/date/key. I believe that removes all personal data coming from Desura for all customers, past, present, and future.

Also, it's pretty easy for me to manually delete your account at bluebottlegames.com, if that's something you want. I wasn't sure if that's what you were requesting or not, but if so, just say the word, and I can remove the account (I do a similar thing almost daily to remove spambot accounts from my databases). Probably best that you PM me directly from bluebottlegames.com, just so I'm sure to delete the correct one :)

Let me know if the above change to Connect seems satisfactory to you. And thanks again for your patience with this. As someone new to running his own studio, I think this was a valuable lesson for me, and a benefit to other privacy-conscious customers!

Dec 9 2013 Anchor

Great work. I'm happy to keep my account at Blue Bottle for now. Normally I would prefer to have as little online "presence" as possible, just as a precaution, but it's obvious that you care enough about customer privacy that it's not likely to ever be a problem.

Also, because the community of privacy-conscious gamers is pretty small to begin with, we tend to be dismissed as paranoid by developers, gaming press, and many other gamers (see: HooterBabby's comment on Desura's Neo Scavenger store page), So I always try to demonstrate tat, with just a little bit of effort, my/our concerns can be easily alleviated. And I can't imagine that any rationale person who cares about their privacy would read this exchange and think you aren't willing to put forth that effort. So kudos for that.

Now I'm only hoping that the Desura programmers have been paying attention and are willing to make a few small changes to their default Connection process...

Edited by: ThreeSon

Reply to thread
click to sign in and post

Only registered members can share their thoughts. So come on! Join the community today (totally free - or sign in with your social account on the right) and join in the conversation.