Conviction Zone: S.T.A.L.K.E.R. 2 is watching players every second
The scandalously famous game S.T.A.L.K.E.R. 2: Heart of Chornobyl became the center of attention after new risks were discovered in it. Specialists found out that the Ukrainian studio GSC Game World collects personal data of gamers. Information about the user, his activity in the game, configuration and IP-address - all this data is updated every second and sent to the servers of the developers, experts interviewed by "Izvestia" said. They warn that information about the personal data of Russians is more dangerous than it seems at first glance, as the creators of S.T.A.L.K.E.R. 2 officially support the Ukrainian Armed Forces.
What risks does S.T.A.L.K.E.R. 2 to Russians
In the game S.T.A.L.K.E.R. 2: Heart of Chornobyl discovered a system that spies on users. Ukrainian studio GSC Game World collects players' personal data every second. Using the Game Analytics tool, all information about the user, his activity in the game, his configuration and other data is sent to the developers' servers. As blogger and streamer Roman Dorogavtsev told Izvestia, the Game Analytics system is built into the game. It can be used to improve the project, but the amount and frequency of data collected raises the question of what exactly the developer is pursuing and what is going to be done with the entire collected data set.
- I don't like my computer being invaded without asking. Imagine you're streaming, the camera is on, and that video goes to the developers. So I'm not going to support this game," he added.
The program uses telemetry, which is the collection of data from a distance. It is the most common form of data collection: it involves tracking user behavior, from session times to specific actions and ways of interacting with other players.
Game Analytics software presents a serious vulnerability in terms of user data protection, said Igor Bederov, Head of Investigations at T.Hunter. Incorrect configuration of the tool can lead to illegal collection and use of personal information, violating user privacy. Such critical data can include users' geolocation information, information about their devices and activity in the game.
- By standard protocol, Game Analytics requests personal information less frequently and does not require a constant internet connection. Due to the fact that the company officially supports the WSU with finances, telemetry is much more dangerous for Russian players - the data can be transferred both to the WSU and to third parties from hacker groups or the darknet," he added.
According to him, Russian users whose data has fallen to a Ukrainian company may face the risk of their personal information being intercepted and used without their consent. In some cases, identified players of interest to Ukrainian security services may be attacked by downloading spyware to their computers under the guise of updating S.T.A.L.L.K.E.R. 2. The consequences of such attacks, ranging from discrediting to sending malicious content to the user's contact list, are hard to imagine, the expert said.
- For protection, we can recommend the use of antivirus programs. If users are concerned about the safety of their data and do not trust a particular company, including their position on a political topic, they may decide to stop using the product or service in question," said Igor Bederov.
If we recognize the fact that the game contains tools that allow collecting personal information, and at the same time it is done in such a way that no antivirus can detect it, then these are quite serious risks. They put a cross on the reputation of this manufacturer of computer games, because it is beyond reason and common sense, said Alexander Gorbachenko, director of the Intercontinental Cybersports League and a leading Russian expert in the field of computer sports.
- Regardless of whether the game is banned or not, it has become a tool that can harm Russian users. Especially since they install it voluntarily. Therefore, it should be removed without a doubt. Most likely, players may simply not know what other additional tools it contains. Software developers from Ukraine have already been caught on this. Creators of software for computer clubs sewed mining tools into their programs without users even knowing about it. And this is not the first case. Therefore, in order not to become a victim of fraudsters, some structures, individuals who will use the data in the future, you should delete this game, - summarized the expert.
What experts of the video game industry are afraid of
Officially, the game S.T.A.L.K.E.R. 2: Heart of Chornobyl is not available to users from the Russian Federation on any of the platforms - on personal computers (Windows) and video game consoles (Xbox Series S, Xbox Series X), including in the subscription service Game Pass, which is blocked for our country. Nevertheless, according to information from social networks, many domestic gamers managed to get access to the project by downloading it in pirate file-sharing networks or buying it through legal stores using fake accounts that are registered in other countries and regions, said Nikolai Skarzhinsky, founder of the Autonomous Nonprofit Organization "Chair of Cybersport" and CEO of the company - developer of computer software "ION".
- Many users from Russia have accounts in other countries, which will facilitate their access to the game. Additionally, it's impossible to recharge on Steam directly, which leads to the use of third-party services for payments, making it difficult to track them. Not to mention, it's simply impossible to determine what games users are purchasing without Steam's assistance. In fact, there is a lot to ban the game for in Russia, so I personally don't recommend purchasing it," he added.
Screenshot from the game S.T.A.L.K.E.R. 2: Heart of Chornobyl
The game gives a choice between the ability to provide data or refuse to do so, but users of the largest gaming platform DTF noted that in some cases data was collected even after refusing to provide it to the company-right holder.
The decision to possibly ban a game that collects information about Russian players should be made only on the basis of a thorough forensic examination, conducted by qualified and competent experts, reasoned and in accordance with the norms of current legislation, said Alexander Gorbachenko.
Screenshot from the game S.T.A.L.K.E.R. 2: Heart of Chornobyl
In general, collecting telemetry in games is a common thing. The developer wants to know which locations the player visits most often (if players don't linger somewhere, perhaps it's an uninteresting location that should be redesigned), where players die most often (perhaps it's worth reducing the difficulty with a patch), which game mechanics are used, and which ones only annoy them, said Svyatoslav Pegov, director of the Center for Sports Programming, Algorithmic Robotics, Cybersecurity and Cybersport at the Ufa University of Science and Technology.
- A modified version of this software, which may be embedded in a pirated distribution, may pose a danger. Whether there will be malware there to create a botnet - you won't know," he said.
S.T.A.L.K.E.R. 2 was released on November 20, selling over 1 million copies of the game in the first 48 hours.
Переведено сервисом «Яндекс Переводчик»
