What if I told you that in-game pop-up achievements are hiding a dirty secret? A secret so obvious that we frequently forget or overlook it? The secret, hidden in plain sight: Games are tracking you. For a game to know when you’ve achieved X or Y, it must track at least some of what you do in-game.
Privacy threats are nothing new, but they’re often overlooked when it comes to gaming on PC. Achievements, for example, are par for the course.
But once we recognise how ubiquitous and taken for granted such in-game tracking is, we might start to question just how much of an overlooked threat PC gaming could be to our privacy.
I’ve broken down what exactly might cause privacy concerns when PC gaming and what shouldn’t. And for those of you who want to take extra steps to protect your personal data while gaming, I’ve given you some tips to maintain your privacy below, too.
What personal data can PC games collect?
Broadly speaking, and within reason, PC games can collect as much or as little personal information as you allow them to. And there might be many different ways game devs and platforms can use or share this data.
Based on my research into the privacy policies of game companies, information that some games might collect could include:
- Name, contact info, and location
- PC hardware ID and IP address
- PC specifications
- Game or platform friends and contact info
- Payment information
- Social media details
- Operating system (OS) details
- Internet Service Provider (ISP) details
- Network details
- In-game text and voice chat logs
- In-game character choice and action details
- Money spent in-game
This is an incomplete list—the number of things games can track, if you allow them to, can be quite extensive.
How do PC games collect personal information?
Some information might be entered on account creation pages either in-game or when signing up for a new DRM (digital rights management) platform like Steam or Battle.net. Some of it might be information you enter on-the-fly in a game’s e-store. But other data, such as the decisions that you make in-game, might be what you’ve agreed to give the company access to just by installing and playing the game and related software.
PC gamers don’t just have to think about the privacy implications of the game they’re playing and the platform hosting it, though. They must also consider the operating system they’re running this software on. Microsoft Windows, for example, can collect all kinds of information about you, your device, and how you use it.
Case study: Valorant
When Riot’s Valorant launched in 2020, it brought controversy over its anti-cheat software. This software ran on the kernel level of the operating system (the core level) which led users to question the security of giving a game access to the most privileged area of the operating system. This controversy helped shine a light on the issue of anti-cheat software more broadly, including potential privacy implications.
New avenues for data collection have also opened up with the introduction of VR headsets for gaming. Not only can some VR devices gather biometric data such as facial expressions and eye movements (although this is more so the case with non-gaming-oriented headsets, such as the Meta Quest Pro), but outward-facing cameras can (and do) capture information about the environment you’re in.
Why might data collection in games be a privacy concern?
Because the age of digital data collection is still in its infancy, we might not initially see the problems it can pose. Here are some of the privacy concerns that data collection in games pose.
One of the biggest questions about data harvesting is where this data ends up and how it’s used.
For example, the collection of data about your in-game decisions, combined with personally identifying information, could allow a company to build a personality profile on you to better target ads or even nudge you into purchasing things you might not have purchased otherwise.
One common response to surveillance concerns is that « there’s nothing to worry about if you have nothing to hide », but the worry might not be what a company knows about you, but how it can use that information. Especially considering the improvements in AI which can propel data analysis to astronomical proportions, it would be egotistical to think ourselves immune from the resulting ultra-personalised, data-driven, predatory ‘nudge’ techniques.
In The Age of Surveillance Capitalism, Shoshana Zuboff shows how the modern, technological economy uses « instrumentarian » methods to collect and sell personal data to advertisers and nudge us into spending more to improve company profits. According to Zuboff, the « habituation » (or normalisation) of surveillance, combined with nudges to get us to accept such surveillance, is all part of the process.
The concern is that data harvested by PC games and gaming platforms might feed into this model.
Data protection doesn’t solve everything
Data protection laws and regulations such as the EU’s General Data Protection Regulation (GDPR) have started to require « data protection by design and by default ». It’s getting more difficult by the year for game developers and platforms to hoodwink users by hoping they simply overlook the small-print privacy implications of using their services.
But it’s not all sunshine because, as a Brookings commentary points out, « The GDPR created a labyrinthine process for consumers to access their own data, and European authorities have failed to consistently enforce privacy violations. »
In other words: « Privacy by default » regulations haven’t eliminated the need for gamers to be proactive in considering how and when and where to give companies access to our personal information.
Also consider that agreements can sometimes be required (for example, via creation of a privacy-walled game account) to access other desirable parts of the game such as cloud saves, achievements, or battle passes, after purchasing and installing the game. Gamers already invested (monetarily or otherwise) in the game might feel pressured to grant it access to further information for convenience or fear of missing out.
A major concern with any kind of data collection is that data’s security. Even if a game company or DRM platform doesn’t sell your data to someone else, they could lose it to someone else.
This is a concern for any digital service that collects and stores user information, but the problem for PC gaming could be especially acute because many gamers don’t know how much of their personal data is stored in the first place. When a gaming data breach happens, many gamers can be taken by surprise.
How to protect your data and have privacy while gaming on PC
Thankfully, the situation is far from hopeless. There are several things you can do to help protect your data and retain some privacy while gaming on PC.
Prevent and disable Windows tracking and telemetry
Protecting your privacy while gaming on PC involves more than just in-game privacy. Windows itself can track certain information about you and how you use your device. To ensure privacy while gaming, you need a solid bedrock, which means disabling Windows tracking and telemetry.
The first thing to do is disable all that you can from the Windows Privacy Settings page. On Windows 11, go to Start -> Settings -> Privacy & security, and uncheck all that you can from the different sections under Windows Permissions.
You can also use third-party apps to disable Windows tracking features. For instance, there’s DoNotSpy11 for Windows 11 and Ultimate Windows Tweaker for Windows 10. Applications like these can often disable more tracking features than are shown in Windows Settings, but they might risk software conflicts or issues down the line if you’re not careful, so use with caution.
Agree to as little as possible
Many of us launch our games in a state of dopamine anticipation, mouths foaming as we impatiently click through start-up screens to get in-game and top up our motivation and pleasure receptors. In the process, we might unthinkingly agree to things we never had to.
One sure way to limit any potential privacy compromises is to limit the number of services you sign up for. Digital Rights Management (DRM) services–which often double as game stores, community hubs, and so on–might be unnecessary.
According to GOG, for example, games purchased from its store are « DRM free. No activation or online connection required to play. » This means that its games won’t require you to use a DRM platform that will almost certainly collect personal information from you in line with its own privacy policies.
Don’t create or link accounts
Many games give us the option to create an (online) account. This is often sold as something that can benefit us by opening access to many different things, such as cloud saves, community scoreboards, and extra content. But this usually comes at the cost of handing over more personal information and possibly giving the game company permission to track even more of our activity. If you’re unsure whether to sign up, and you want to safeguard your privacy, you can always say no until you’ve decided.
An often overlooked way to improve your privacy is to be deceptive in what information you hand over whenever possible. Use fake names and addresses, for example. You can also create dummy social media pages if the game requires social media linking, or at least a separate email address to use just for gaming accounts. You could even set up a separate online credit or debit card to use as a middle-man for game payments.
Secure and anonymise your network
Game and DRM companies can only access information that’s given to them via your network, so any positive steps taken towards securing and anonymising your network can improve your privacy while gaming on PC.
Most obviously, you should only game on a trusted home Wi-Fi network. And you should secure this network by configuring your router to be as privacy-focused as possible. You could also consider setting up a VPN (virtual private network). This encrypts your internet traffic and makes it hard to pinpoint data to a specific user (you).
You could even consider setting up a Pi-hole, which is a « DNS sinkhole » that essentially prevents certain incoming connections from accessing your network, instead sucking these requests into the « sinkhole ». You could use this in conjunction with a manually configured DNS blacklist (via something like DNSBL) to block some incoming requests for data.
You should, however, ensure that any network changes are allowed by the games you want to play. Some games, for example, don’t play well with VPNs.
Secure your passwords
Data breaches and password leaks aren’t quite as compromising if the compromised password is only used for one service. So, a great way to reduce personal risk is to ensure you use a different password for every game or platform.
This needn’t even be a chore, because a password manager can create and manage (duh) all these passwords for you. You can use software such as Bitwarden, 1Password, or Dashlane to auto-generate and store secure passwords for different websites, but I recommend Bitwarden because I’ve found it to be easy to use and dependable (plus, it’s open source).
Deny cookie tracking requests and clear cookies
How to do this will depend on the games and platforms in question, but usually you’ll be asked whether to accept cookies, for which you can answer no. And you can usually clear cookies by visiting settings and privacy pages.