Pull the Plug on Unity Engine Telemetry with This Utility Under Development

[btarunr]

Unity Engine powers a lot of games across platforms. The game engine includes a telemetry module that dials home every few minutes (depending on the game), pushing usage data and crash reports (if any). Some games, such as "Kerbal Space Program," allow you to opt-out from this telemetry, but even then the engine is known to dial home at game startup and at longer intervals, with far less amount of data.

TechPowerUp Forums member by the night and software developer by the day "R-T-B" created a nifty utility that can modify your game to completely strip it off Unity Engine telemetry, called UnityAnalyticsKiller. "Stop spying on my kerbals," reads the utility's GitHub page, describing UnityAnalyticsKiller as a game library replacement along with a ReadMe with some basic instructions. You can also inspect its source and build it by yourself if you're curious. R-T-B invites gamers and developers to test the utility and offer feedback in the TechPowerUp Forums thread here.

DOWNLOAD: UnityAnalyticsKiller by R-T-B



View at TechPowerUp Main Site

 

[R-T-B]

You guys are too kind... Tried posting this to reddit and got exactly one upvote (my own).

Be warned the source code is a little... strange in places. I wanted to make sure Unity dare not try and pretend it was their own.

 

[Ripper3]

You guys are too kind... Tried posting this to reddit and got exactly one upvote (my own).

Be warned the source code is a little... strange in places. I wanted to make sure Unity dare not try and pretend it was their own.

Reddit can be harsh. I once got downvoted to hell because I stated an SFF PC doesn't just have to be strictly less than 15 or 20 L in volume, or something like that. Like jeez! Sorry I gave an opinion!

Good work on the utility, and hopefully it doesn't get stopped by Unity. Everybody is way more aware of being watched while on their own devices, and we should have the ability to deny access, even if it is just to understand what game we're playing.

 

[Wyverex]

@R-T-B PM me the reddit post, you'll at least get an upvote from me. I'd also try posting in r/privacy
And thanks to you and Dan for your work

 

[R-T-B]

Dan is actually a real live human. True story.

Also, I got me my first issue report from a user. It's still sending some sort of GUID, the program name, and something that looks like duration of use but is so offkilter I think it's just random data.

Fix it in the morning, hopefully. Tis late here. But there was a heck of a lot of this from Unitys end, which was glorious:

Response
No content

Yeah, no content. That's right, you heard me! Would you like to hear it again, Unity?

 

[Kenjiro]

Wow, great work, thanks!

 

[Octopuss]

This paranoia is too much even for me.

 

[R-T-B]

This paranoia is too much even for me.

I'm not worried about paranoia. No one is going to validly worry about this being used to spy on them (it only works in game).

However, it's pretty pushy. It monitors and calculates everything from how patient you are (using data like, how long you are willing to watch in game cutscenes or if you just skip them) to how social it thinks you are (yes, it does/can relay in game "chats" too). Based on all that, it is able to build a profile of you, to sell you god knows what with INGAME ads.

Most games don't use all this. But they could. Worse news? There's some kind of Remote "ConfigInterface" and it probably if I had to guess can remotely deploy these features for the publisher on a "changed my mind" whim.

Frankly, it's not about privacy anymore. The level of intrusion is just enough to bother me to get off my butt and do something about it.

 

[Prince Valiant]

Thanks for this. Yet another thing that should be opt-in but gets done anyway. It's not paranoia to cut off active snooping and prevent any in the future .

 

[GlacierNine]

Hmm.

Under GDPR and current legislation within the EU, is this level of data reporting without an explicit opt-in, even legal?

Regards,
Mathew

 

[The Egg]

This paranoia is too much even for me.

I probably own 20+ games on the list and had no idea this was running in the background. Not that I was particularly seeking out the info, but still.

Anyhow, it puts my mind at ease to know that you've researched both the software and all the parties involved, and found it to be completely harmless and trustworthy. Further, I'm sure you also tested whether it has any impact on system performance, or most importantly, whether it might open millions of systems to any security vulnerabilities. You must have done all of this before posting your comment, I'm sure.

 

[R-T-B]

Hmm.

Under GDPR and current legislation within the EU, is this level of data reporting without an explicit opt-in, even legal?

Regards,
Mathew

I wondered that myself. My best guess is since it has geolocation determination code, it just shuts down in EU.

I probably own 20+ games on the list and had no idea this was running in the background.

I agree it's an issue but we have to keep the facts here, fact is it only runs when your game runs. It is not a "background" process.

 

[The Egg]

I probably own 20+ games on the list and had no idea this was running in the background.

I agree it's an issue but we have to keep the facts here, fact is it only runs when your game runs. It is not a "background" process.

Eh....semantics. It doesn't run in the foreground, nor does it make its presence readily apparent to the user in any way. I'd call that background process.

 

[HD64G]

Thanks a lot for this effort to help others @R-T-B ! Much appreciated. And point us to the Reddit section of this to upvote your post.

Nvm, found the post already and upvoted:

https://www.reddit.com/r/KerbalSpaceProgram/comments/dls6l6

 

[Steevo]

Dan is actually a real live human. True story.

Also, I got me my first issue report from a user. It's still sending some sort of GUID, the program name, and something that looks like duration of use but is so offkilter I think it's just random data.

Fix it in the morning, hopefully. Tis late here. But there was a heck of a lot of this from Unitys end, which was glorious:

Response
No content

Yeah, no content. That's right, you heard me! Would you like to hear it again, Unity?

Does he have a banjo?


Good to see the mod community still alive and keeping us free of spyware data mining us and what we do constantly, it should be illegal to install this type of spyware.

 

[Vayra86]

I'm not worried about paranoia. No one is going to validly worry about this being used to spy on them (it only works in game).

However, it's pretty pushy. It monitors and calculates everything from how patient you are (using data like, how long you are willing to watch in game cutscenes or if you just skip them) to how social it thinks you are (yes, it does/can relay in game "chats" too). Based on all that, it is able to build a profile of you, to sell you god knows what with INGAME ads.

Most games don't use all this. But they could. Worse news? There's some kind of Remote "ConfigInterface" and it probably if I had to guess can remotely deploy these features for the publisher on a "changed my mind" whim.

Frankly, it's not about privacy anymore. The level of intrusion is just enough to bother me to get off my butt and do something about it.

Holy crap man. If this were a movie that almost sounds like a plot to take over the world through games. Well done creating this kill switch

*upvoted

 

[R-T-B]

Eh....semantics. It doesn't run in the foreground, nor does it make its presence readily apparent to the user in any way. I'd call that background process.

I guess for a user it's semantics. Us coders are made of semantics.

Thanks a lot for this effort to help others @R-T-B ! Much appreciated. And point us to the Reddit section of this to upvote your post.

Nvm, found the post already and upvoted:

https://www.reddit.com/r/KerbalSpaceProgram/comments/dls6l6

Yep, post is by "CactusWeapon." Confusing reddit account, I know.

https://www.reddit.com/r/KerbalSpaceProgram/comments/dls6l6

A cactus is basically a frog before he evolves to TPU status, is my explanation.

Oh, and there'll be a new bugfix release today. Hopefully we can make it even more silent.

 

[JAB Creations]

This paranoia is too much even for me.

Just because you're not paranoid doesn't mean they're not out to get you.

I digress, telemetry is pretty much out of hand these days.

 

[biffzinker]

The first Unity game to make me suspect I was being tracked was Raft.

Clicking the button "Open Data Privacy Page" takes you to this in a browser:

I clicked the opt-out after the second or third time playing. I just clicked the "request my data."

24 hours?

Data is being processed. Come back in 24 hours.

 

[R-T-B]

I've seen a lot of evidence via error reports the opt-out is just a reduced mode too (basically reverts to performance data and crash reports). It sort of bugs me. Optout is not supposed to halfass optout, it's supposed to just kill it.

To be fair to devs, a lot of them seem completely unaware of how badly Unity is handling this data on the opt-out part. They aparently don't get the opt-out error reports, so maybe Unity just shreds them. But it's still messed up.

Here is an opt-out error log still transmitting some limited data, even with my plugin:

Some data still transmitted · Issue #1 · R-T-B/UnityAnalyticsKiller

After substitution some Unity data is still transmitted in first release (0.1_18 series). See the following log from a kind user report: It isn't much, but it's far TOO much for my goals. Critical ...

github.com

Relevant JSON response from Unity Server in the log:

"connect": {
"enabled": true,
"limit_user_tracking": true,
"player_opted_out": true
},
"performance": {
"enabled": true
}

You will note that though the player has clearly opted out (""player_opted_out": true") it still thinks it's ok to track performance related things (connect is enabled, as well as performance logging).

An example of a transmitted "performance metric" packet that still slips through with my plugin (bug report currently up for this)

Content-Type: application/json
X-Unity-Version: 2019.2.2f1
Content-Length: 365
JSON [m:auto]
{
"common": {
"appid": "39811e89-d29d-4faa-bb01-997f3cda24f0",
"build_guid": "15721da0da695412299517d99c2e4d2a",
"deviceid": "unknown",
"localprojectid": "5be2ef0cdad9b1344ae103b0d475456b",
"platform": "LinuxPlayer",
"platformid": 13,
"sdk_ver": "u2019.2.2f1",
"session_count": 14,
"sessionid": 8372668789457274197,
"t_since_start": 3118069,
"userid": "1ddb05956cce640a48c123610a72c706"
}
}

I believe I can address this by building yet another dummy class for UnityEngine.UnityAnalyticsModule.dll That's a big dll (relatively speaking), but I'm trying. It's slow work. Dan was tired and may have just woken up. That slows me down, too.

 

[Mussels]

Nicely done RTB

 

[R-T-B]

Release v0.2 (for KSP 1.8/Unity 2019), with a possible fix for the data leak issue, has dropped.

Releases · R-T-B/UnityAnalyticsKiller

Binary distributions of my other Unity Telemetry related projects. Basically a custom coded dll stack that replaces Unity methods and kills "analytics" or telemetry of most sorts. Also ...

github.com

1.7 branch for older Unity games still leaks data, and unfortunately, is in feature freeze for now with no fix in sight. Read about why and the options you have for now, here.

Nicely done RTB

Honestly, once Dan (my crazy, reverse engineering man) wrote the spec document for the classes, making this was crazy simple. I'm really just returning null everywhere. It was fun when v0.1 would sporadically try to transmit though, the Unity server on the other end kept sending ACKs (acknowledges) followed by a small pause and then a data packet containing a response saying "NODATA"

Basically, in english, the Unity server was saying "dude, that's a bunch of gibberish, can you try again?" Only to get the exact same response back...

v0.2 should transmit nothing beyond initial server "pings." I sure hope so. The wiresharks so far are really clean! It's out, btw.

The wiresharks unfortunately show we still have some dataleaks.

They are getting smaller each release. Unity code is like playing whack-a-mole sometimes.

Will work on it again tomorrow.