Hey,
I had a peek behind the scenes of the Galaxy client again and noticed an awful lot of requests to an insights-collector.gog.com domain. So I played around with the client for some time to see what kind of insights GOG is collecting. Here's a quick list of the events that were transmitted, loosely in the order that I triggered them:
- When the client is launched
- When you successfully log in
- When you open/focus the client window
- When you unfocus the client window
- When you minimize the client window
- When you view your activity feed
- When you view a game
- When you switch tabs (Overview, My progress, Extras) in the game view
- When you view your friend list
- When you view a friend's profile
- When you view your library
- When you click the install button on a game
- When you look at the currently downloads
- When you open the store
- When a game finished downloading including how long it took
- When you open a store page
- When a game is installed
- When you open the settings
- When you switch settings tabs
- When you change a setting
- When you click the menu option to file a bug report
- When you open the search
- When you click on a search result
- When you filter the library
- When you clear library filters
All of these actions are sent to GOG as soon as they are triggered along with a second-accuracy timestamp and the currently logged in user. In summary there's very little you can do in the Galaxy client without GOG knowing exactly what you did.
Now, is this a reason for concern? Maybe. There is nothing in the transmitted data that couldn't also be collected from using the website. It's also very unlikely that this stream of events would reveal anything personal about you. It's still a bit unsettling, to me at least, that Galaxy users are tracked so closely and without any attempt at anonymization. I have no problem with GOG having the technical ability to look at who I chat with and whose profiles I visit, but to know that they actually feed that data into their analytics... that's just a little bit creepy. There's surely a use to some level of telemetry, but this seems quite far away from the amount required to ensure a good user experience, especially when there are more than enough people who voluntarily give their opinions on what needs improvement.
What I can say for sure is that all the privacy focused marketing from GOG is quite dishonest. Galaxy has not been designed with privacy in mind. The people still downloading their games manually and launching them without any clients in between do have at least one more reason to do so. I'm also going to be requesting another personal data dump from GOG according to GDPR to see if there is anything interesting in it that they're honest about collecting.
To all the regular angry forum people, please keep the comments on topic. This thread is about Telemetry in Galaxy and not how much you hate everything about the client and love manual downloads.
