Steam's new privacy settings bring an end to Steam Spy

Madmick

Zugzwang
Staff member
Senior Moderator
Joined
Jun 13, 2005
Messages
61,392
Reaction score
25,193
Steam’s new privacy settings bring an end to Steam Spy
Valve made a big change to user privacy settings on Steam that, among other things, will render one of the most useful data tools inoperable.

That being Steam Spy, the analytics site useful for determining the number of owners for any given game, and plenty of other very helpful, usually hidden, statistics and insights about them.

In a blog post, Valve revealed several key changes that are supposed to enhance Steam users’ control over their privacy. Each category in the profile privacy settings page now offers more details about what it is and what it does.

The game details section is the one that controls who can see the games you own or have wishlisted. You can limit it to only show this information to friends, or keep it private. You can also prevent others from seeing your playtime regardless of whether or not they can see your library.

By default, your game library is no longer public. This is what Steam Spy relied on to generate its data, which means it’ll no longer be able to do what it’s been doing for years.

Creator Sergey Galyonkin shared his opinion about the changes on Twitter. “Steam Spy relied on [game details] information being visible by default and won’t be able to operate anymore,” he announced on Twitter.

Valve curiously didn’t spill out this particular change in its blog post, but even if it allowed users to set this option to ‘public’, the data won’t be enough to get a complete or near-complete picture.

steam_spy_header_1.png

Valve is also working on a new invisible mode to accompany the currently available ‘online’, ‘away’, and ‘offline’ statuses.

Invisible mode allows Steam users to enjoy the benefits of being online like seeing their friends list, and sending and receiving messages, without having to go online and be seen by others. This new mode does not yet have a release date.

News of Steam Spy’s demise is definitely disappointing. Having a record of one’s Steam library available to the public (the horror!) was a small price to pay for any semblance of transparency in an industry that avoids it like the plague.
Steam Spy announces it’s shutting down, blames Valve’s new privacy settings
Ars Technica said:
Within hours of this announcement, one company confirmed the policy change's collateral damage. Steam Spy, the world's most comprehensive game ownership and play estimator available to the public, announced that it "won't be able to operate anymore"thanks to Valve's official policy change.

"Valve just made a change to their privacy settings, making games owned by Steam users hidden by default," the site's operators announced on its official Twitter account. "Steam Spy relied on this information being visible by default." In answering questions from fans, Steam Spy creator Sergey Galyonkin suggested that the site will only remain as an "archive" from here on out.


This is a disaster.

To me this is little more than an admission that hackers have won the war. It's not a matter of if they'll break in, but when. Protection of your private information can't possibly be guaranteed. That is what this tells me.

Because otherwise I don't see the point. There's nothing that forces you to link your Steam account to your real identity, so unless your account is hacked and somehow tied to your real identity through credit cards or bank accounts or whatever, then okay, but at that point, I'd dare venture that 99% of gamers are going to be more concerned with their bank accounts than with people seeing that they like to play in their spare time.

Oh yeah. Thanks, Zuckerbuttface.
 
Last edited:
I've never heard of Steam Spy so maybe I'm missing its contributions to the gaming community but I don't see how improved privacy is a bad thing.

Even if your identity is not at risk, data mining is intrusive and rampant today, and people should have the right to participate or not in any sort of market survey.
 
To me this is little more than an admission that hackers have won the war. It's not a matter of if they'll break in, but when. Protection of your private information can't possibly be guaranteed. That is what this tells me.

That has always been the case, the hackers always win and there if they want in they will get in. You privacy is never promised no matter what they tell you. Source: I work in infosec.
 
PCN: Game developers mourn Steam Spy: "it's possible that more devs will quit"
PCN said:
“As a developer, Steam Spy was a very useful tool to research the size of various niches and to estimate the success of other games,” says Chris Wilson, lead designer on Path of Exile. This sentiment was echoed by more or less everyone, with Charles Griffiths, design director at Sexy Brutale devs Cavalier, noting that “developers certainly benefit as it means they are not completely reliant on their publisher’s provided figures.”

Hence, almost everyone was pessimistic about a future without Steam Spy. Wilson says devs will “have to rely on more expensive market research methods to validate whether there’s an audience for the type of game they want to make”. As Steam Spy’s creator, Sergey Galyonkin, told us, this will obviously hurt indies far more than triple-A.

Paul Kilduff-Taylor, of Mode 7 Games, went further: “There are a lot of horror stories from devs and negative perceptions from players around at the moment - without being able to get some objective verification of how the market is behaving, it’s possible that more devs will quit”...

While imperfect, Steam Spy was very useful to developers. Its loss is likely to hit indies hardest, which surely Valve don’t want to see. Indeed, Fargo was so surprised by this decision that he wondered if it might have been “an unintended effect of some broader issue that Steam was trying to accommodate for.”

We won’t speculate as to whether Valve had any other reasons than the ones they stated for making this change. It can clearly be said that many devs have come to rely on Steam Spy, especially indies, and those we spoke with are concerned for the state of the industry if no-one steps forward to provide similar data.


Eurogamer: Why Steam Spy has to close, from the creator himself
That has always been the case, the hackers always win and there if they want in they will get in. You privacy is never promised no matter what they tell you. Source: I work in infosec.
Part of me accepts that this is just Valve being "adults" about the reality once and for all, but I can't help feeling cheated. I'm someone who has long referenced their data, and never for nefarious means. Most of us benefit from this data whether or not we realize it because devs and journalists alike use it to target us with games we like and information we want.

I'm not sure if everyone will understand what this means. What's the point in checking the Steam charts? Not much point in looking at peak concurrent users, anymore: your data set is tainted.

Everybody bitches and moans about Facebook, but all of my friends are still using it: still the #1 source of America's news. Mark Zuckerberg can go and blather his face off in front of Congress. Won't change a thing. Nothing will get them off that service except, possibly, a pay-wall. Ironic, right? This despite that Facebook is collecting data and using it in way that is negatively influencing our lives concretely.

I've never heard of anyone's Steam game data getting mined and "leaked" like Ashley Madison accounts by some conservative hacktivist. It was guys like me trying to tell gamers like those in this forum what was popular with other gamers, and in what way. It's a finger on the pulse of culture. It was actually useful, and yet this we lose.

Meanwhile, a billion secrets deep, and a billion secrets sold...Facebook isn't going anywhere. Amazon isn't changing a thing.

 
Last edited:
This due to GDPR compliance? The timing makes it seems like it is. Can't blame Facebook if it is.
 
This is a disaster.

It actually isnt.

Steamspy, Steam users and all other third parties were told 22 months ago to stop botting the Steam API. Past week is Valve dropping the hammer.


I've never heard of anyone's Steam game data getting mined and "leaked"

This hit its peak for a typical Steam user at the start of 2017. Steam users would get bombarded daily with friend/group request from user/group advertising. This was a result of datamining Steam users through the Steam API.
 
Last edited:
Steam’s new privacy settings bring an end to Steam Spy

Steam Spy announces it’s shutting down, blames Valve’s new privacy settings



This is a disaster.

To me this is little more than an admission that hackers have won the war. It's not a matter of if they'll break in, but when. Protection of your private information can't possibly be guaranteed. That is what this tells me.

Because otherwise I don't see the point. There's nothing that forces you to link your Steam account to your real identity, so unless your account is hacked and somehow tied to your real identity through credit cards or bank accounts or whatever, then okay, but at that point, I'd dare venture that 99% of gamers are going to be more concerned with their bank accounts than with people seeing that they like to play in their spare time.

Oh yeah. Thanks, Zuckerbuttface.

Exactly. This is all part of the facebook fallout. But really don't put something online that you don't want others to have access to.
 
But really don't put something online that you don't want others to have access to.

Your misinterpreting voluntarily divulging personal information to that of information currently available on a Steam Profile Page.
 
Steamspy, Steam users and all other third parties were told 22 months ago to stop botting the Steam API. Past week is Valve dropping the hammer.
Weird, then, that there people on Twitter observing that Valve's lone employee at GDC just this past year was touting Steam Spy as the most useful Developer Utility in existence. Meanwhile, the creator of Steam Spy himself said that he has gotten a single email from Valve in the entire time he has ran the site.

Also, why? Third party scraper websites are incredible useful, and if a game developer really minds them, then they don't have to make them public. Why make them public at all? They're how we track our stats in many games we play: K/D ratios and the rest. For Steam Spy the main purpose was for tracking ownership and playtime.

22-months sure is a slow swing on a hammer. Forgive me for not buying this as mere coincidence.
This hit its peak for a typical Steam user at the start of 2017. Steam users would get bombarded daily with friend/group request from user/group advertising. This was a result of datamining Steam users through the Steam API.
So you're saying that the abuse peaked in early 2017, but Gabe didn't do anything about it until the week Zuckerberg is getting grilled in front of the nation? Please, don't insult me again by pretending that this was a "pre-planned vacation", and expect me to believe you. I get enough of that from FOX News.

What is the specific nature of the most sensitive material they were "data-mining" from Steam's API that might offend users?
 
New Steam Privacy Changes Kill Steam Spy Service
Joel Hruska on April 11, 2018 at 3:24 pm
$


With the Cambridge Analytica scandal still roiling, Silicon Valley companies have collectively just discovered that privacy is something they care about. Valve, which owns the Steam gaming service that dominates PC game distribution, has announced a new set of privacy changes that give users more control over their profiles, and a greater ability to hide what other people see in them. Unfortunately, one side effect of these changes means the end of the Steam Spy service.

Valve describes the new policy changes as follows:

You can now select who can view your profile’s “game details”; which includes the list of games you have purchased or wishlisted, along with achievements and playtime. This setting also controls whether you’re seen as “in-game” and the title of the game you are playing.

Additionally, regardless of which setting you choose for your profile’s game details, you now have the option to keep your total game playtime private. You no longer need to nervously laugh it off as a bug when your friends notice the 4,000+ hours you’ve put into Ricochet.

Valve has also notified users that it’s working on a new “invisible” mode that will allow people to hide being online while still having the option to send and receive messages. Such changes are a welcome adjustment to overall user privacy, but there’s a price to be paid for them. While Valve doesn’t actually tell people about this change in its blog posts on privacy, everyone’s game library has been made private by default. But because user game libraries are now hidden by default, there’s no longer any way for services like Steam Spy to build a third-party profile of which people own which games.



Steam Spy has been quite useful if you’re in the business of reporting on video games. Its reports serve as a way to monitor whether a game is becoming more or less popular, or to track the impact of reduced prices on sales figures. Sergey Galyonkin, who founded Steam Spy in 2015 and is currently Director of Publishing Strategy at Epic Games, has said the changes leave him no choice but to stop collecting data. PCGamesN spoke to other devs about the changes; the apparently near-universal opinion was that the loss of the service will impact them as well. Developers apparently used Steam Spy data to gauge how well titles that catered to specific niches performed over time.

Of course, one criticism of Steam Spy is that Valve’s Steam API was never intended to be used to generate sales data. Its figures aren’t always a great mechanism for judging sales, and a Valve-provided service could do the job better — if Valve had even the slightest amount of interest in providing one. (According to Galyonkin, Valve’s contract with developers forbids the sharing of sales information with third parties).

It isn’t clear if this shutdown is being driven by the same Facebook/Cambridge Analyticaissues, the advent of the General Data Protection Regulation (GPDR) in Europe, or something internal. Nor are we sorry to see companies putting privacy front and center. It’s unfortunate that services like Steam Spy won’t be allowed to exist going forward. But it seems a small price to pay for winning back even a few inches of ground from corporate attacks on the very concept of privacy.
Yet Facebook goes on despite the public howling: squeaky wheels that won't grease themselves.
 
So you're saying that the abuse peaked in early 2017, but Gabe didn't do anything about it until the week Zuckerberg is getting grilled in front of the nation?

It was first addressed two weeks(?) after the initial complaints in early 2017. Group invites were restricted so that the Steam user receiving the Steam Group invite needed to be a Steam friend with someone in the group. An the datamining of Steam users via the Steam API were restricted to X amount of total queries per day.



Also, why? Third party scraper websites are incredible useful,

In the case of SteamSpy and Vac-ban.com this from what we know publicly is 100% true. While other third parties were still using the Steam API for unethical behavior.

If Valve took the approach of trusting a company like Steamspy. They run same risk of Facebook>Professor>Cambridge Analytica situation.
 
It was first addressed two weeks(?) after the initial complaints in early 2017. Group invites were restricted so that the Steam user receiving the Steam Group invite needed to be a Steam friend with someone in the group. An the datamining of Steam users via the Steam API were restricted to X amount of total queries per day.

In the case of SteamSpy and Vac-ban.com this from what we know publicly is 100% true. While other third parties were still using the Steam API for unethical behavior.

If Valve took the approach of trusting a company like Steamspy. They run same risk of Facebook>Professor>Cambridge Analytica situation.
Didn't take long to extract that concession. Next time spare us the pre-planned vacation nonsense.

I don't see the parallel. Facebook actively sold its users' data themselves, and this data was connected (in most cases) to accounts that reflected a person's real identity. I repeat: I just don't care if companies are tracking the games I own and play on an account that doesn't (though this public API) expose my real identity.

Next, more importantly, how in the hell is that chain analogous?
  • Aleksandr Kogan, a Russian-American academic at Cambridge University, got permission from Facebook to pull data via an app he created — but he reportedly claimed he’d use this data only for academic purposes, not commercial ones.
  • Kogan’s app, “thisismydigitallife,” was a personality quiz Facebook users could take. However, to take the quiz, users had to consent to give the app access to their and their friends’ Facebook profiles.
  • More than 270,000 people used the app and took the quiz. However, because they consented to give the app access to their friends’ profiles, too, Kogan ended up collecting data from far more. Initially, the estimate was 50 million raw profiles, of which about 30 million could be matched with other records that helped identify people. Now, Facebook says 87 million users’ profiles “may have been improperly shared” with Cambridge.
Facebook greenlit Professor Kogan from St. Petersburg university the right to run that app, in order to collect data, and then he violated his agreement to distribute this information (which included everything pertaining to real identities and relationships) to Cambridge Analytica. None of that information was part of a public API. Users had to willfully engage the app. The app also collected data about users friends when they weren't given permission to do that.

Is Steam granting access to apps that would otherwise get flagged, and which track all kinds of sensitive data about our real identities, to guys like Sergey Galyonkin that they fear he will then "improperly share" to some nefarious gaming corporation (like EA)? How in the hell does him scraping data from a free public API without ever directly engaging users risk anything resembling that scandal?

Stop spinning. Steam is afraid that they'll get hacked, all of their users data will get stolen, and then these real identities can be connected to all of the publicly scraped data about what that person was doing on what account (ex. spending 6hrs a day playing an Japanese Subway Rape "adult" video game). Any information Steam stores about friends and their gaming habits might also be lifted. This is the most sensible explanation for why we're losing the most reliable industry tracker in PC gaming.

We already lacked the Nielsen, Billboard, and "Demand Expression" monitors to replace it. That's fine if you don't care about PC gaming. People will just write about Steam games less and discuss them less. Developers won't have as reliable a sense of what gamers are buying, or what they're buying but didn't actually play (i.e. No Man's Sky). It will be as opaque as Blizzard with the key difference that Blizzard was never trying to help other developers succeed on their platform.

At the heart of all this is the unavoidable truth that the real undertaking of these technological companies in the wake of Facebook's scandal is solving the pesky nuisance of user consent. Where do my privileges end with regard to willfully sharing information about myself that you've collected, and who is to blame when "my" information isn't only about me, but gets compromised?

Valve's solution is to make that decision for them, but without taking it away. Steam Spy threatened nothing; simultaneously nothing was solved.
 
Didn't take long to extract that concession. Next time spare us the pre-planned vacation nonsense.

Valve also in mid-2016 issued a warning to all CSGO community run server owners to stop using in-game skin changers on their server. Valve started issuing bans on said server certificates eight months after that announcement.

All your doing is looking at this through the lens of SteamSpy. When the Steam API highest usage and earners was of those scam/phishing.
 
Valve also in mid-2016 issued a warning to all CSGO community run server owners to stop using in-game skin changers on their server. Valve started issuing bans on said server certificates eight months after that announcement.

All your doing is looking at this through the lens of SteamSpy. When the Steam API highest usage and earners was of those scam/phishing.
Of course that's my prism. SS is what I care about. Go after the scam/phishers. Don't present dishonest parallels to Facebook's security breach which aren't valid.

I can see that you have no meaningful response to muster. I didn't expect one, but you can spare us the pretense.
 
I can see that you have no meaningful response to muster.

Ive given you two instances of outside sources botting the Steam API. Along with a time frame and actions of Valve attempting to mitigate/eliminate such actions since mid-2016.

In 2009 i was told in confidence that the company i was working for was closing down at months end. By the end of that business day i had my next career path lined up. SteamSpy having 22 months to adjust and failing to do so. Im sorry but i cant show sympathy here.
 
Ive given you two instances of outside sources botting the Steam API. Along with a time frame and actions of Valve attempting to mitigate/eliminate such actions since mid-2016.
And I've pointed out that these are not at all analogous to the Facebook breach. I've also pointed out that Valve hasn't actually done anything to prevent their own users from making public this data themselves (which is closer to the Facebook debacle).

If this issue is "botting", then why not just reduce the API requests available daily and give SteamSpy the necessary access for higher approval?
https://steamcommunity.com/dev/apiterms
  • You are limited to one hundred thousand (100,000) calls to the Steam Web API per day. Valve may approve higher daily call limits if you adhere to these API Terms of Use.
 
If this issue is "botting", then why not just reduce the API requests available daily and give SteamSpy the necessary access for higher approval?

For this was a formula followed since 2014(that i know of in the space of CSGO). Favoritism was given to specific Steam API bots. Mid-2016 is when Steam informed everyone across the entire Steam platform that it was stopping.

An in terms of SteamSpy seeking higher approval. Thats between SteamSpy and Valve. Fact that they havent and or werent approved is an indication that their value as a service is being grossly over exaggerated.
 
For this was a formula followed since 2014(that i know of in the space of CSGO). Favoritism was given to specific Steam API bots. Mid-2016 is when Steam informed everyone across the entire Steam platform that it was stopping.

An in terms of SteamSpy seeking higher approval. Thats between SteamSpy and Valve. Fact that they havent and or werent approved is an indication that their value as a service is being grossly over exaggerated.
Not a long walk from the-little-engine-that-could to corporate scumbag, is it?
 
@Madmick

Never understood your pattern of turning topical discussions into personal attacks.
 
I am not savvy enough to know if this is related or not:
For the past couple months I have been getting steam security alerts at least once a day warning me of shitty third world IPs trying to log onto my account.
I used all the steam security features available and nothing bad came of it. I even submitted a support ticket and asked if we can just block Russia, China, and Brazil from logging into my shit.

Anyways it stopped all together recently, does this have anything to do with the topic of this thread?
 
Back
Top