Valve Breaks 'Steam Spy' With New Privacy Settings

Earlier this week, Valve announced that it was updating Steam with new privacy settings that were supposed to help gamers keep more information to themselves. The company also made an unannounced change: Game libraries are now private instead of being public by default. That change will help protect Steam users' privacy, but it also effectively broke Steam Spy, a popular analytics tool that relies on that data.

Steam is something like the default store for many PC gamers. Large publishers, indie developers, and everyone in between relies on Valve's platform to sell and distribute their wares. Because all of those purchases are tied to individual accounts, which also reveal a player's most recently played titles and how much time they've spent in specific games, this popularity makes Steam a good source of data about PC gaming.

The problem is sifting through a bunch of Steam profiles to get at that information. Steam Spy did that for you by automatically scanning profiles to learn more about what games are popular at any given time. The tool is quite popular--its creator, Sergey Galyonkin, brings in $7,670 via Patreon each month. But Galyonkin took to Twitter to explain that Valve's changes to Steam's privacy settings will essentially blind Steam Spy:

Valve just made a change to their privacy settings, making games owned by Steam users hidden by default. [...] Steam Spy relied on this information being visible by default and won't be able to operate anymore.

Galyonkin also clarified that making everyone's game library private by default is separate from the changes Valve discussed in its blog post. (For our purposes, we've lumped this decision in with "privacy settings," because Valve is changing a default setting that affects user privacy.) The goals are the same--protecting Steam users' privacy--but changing the default settings for game libraries has the side effect of blocking Steam Spy.

Privacy Vs Convenience Is Always Give And Take

We often see things break any time a platform works to improve user privacy. Just look at Facebook's changes following the Cambridge Analytica scandal: In its efforts to prevent app developers from gathering a bunch of information, Facebook inadvertently broke Tinder. Developers are used to having access to specific data or systems. Changing how those things are accessed or denying access to them poses a real problem.

Often this tradeoff comes down to what the platform values more, enabling third-party developers or protecting their users' privacy. With the increased scrutiny that's bound to follow the Cambridge Analytica scandal, and the general trend of consumers paying more attention to how their personal information is used, it's no surprise that Valve decided on the latter with these updates. Sometimes spying just isn't allowed.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • tom10167
    I consider myself a privacy advocate but can't really see the big deal with the internet knowing what games I own?
  • brianhojensorensen
    I think Valve is doing the right thing, sharing of data should always be opt-in not opt-out (yes Facebook, I'm looking at you).

    Without knowing exactly if it could be done, Steamspy could ask users to enable public sharing (and perhaps changing the settings for them if possible), thereby Steamspy would be able to report on all users with Steamspy, and ofcourse other users who have chosen to go public with their library.
  • ikaz
    Well I personally don't care either however as a general rule any information about me should only be avail to the public if I personal deem it ok. There is nothing stopping people from changing there profile back to public.
  • Giroro
    If people are profiting off of data about me, then I should be entitled to be paid royalties. We should be allowed to copyright our "life stories" (as told through data) in the same way that an author can claim copyright on a published autobiography.
    In cases where one consents to freely give their information to a single service AND understands that that information will be sold to a third party, that third party should not be allowed to infinitely copy and sell that information to whoever they feel like. It's like... piracy.
    If you buy a CD, movie, or a game, you aren't buying actual ownership or rights to copy and sell that data, just a "license" for use. Personal data (or facebook pictures, videos etc.) should all work the same way - citizens can license it out or give away individual copies freely if they want, but we should still retain primary ownership of it.

    As for Valve making more of their data private, I think its a good thing. I think most people don't even realize Steam has privacy settings.
  • spdragoo
    Valve already provides the information on their site, anyway -- maybe with a focus on the top games, perhaps, vs. "every" game on Steam, but it's still there: average users per day, tech support calls & refunds per day (& by hour), their hardware survey, etc. And I would imagine that developers with games on Steam already have access to the stats for their particular games (including daily usage & purchase totals). So, aside from a "lookee here!" to the general public, I really don't see how this website was of any help to developers (3rd-party or otherwise).

    Not to mention my question: the API that he used to access the Steam software distribution service, a) was this an API he (or someone he paid) developed or something that Valve developed in-house for developers to use, & b) did he have permission from Valve to use it for this purpose? I could see, for example, Rockstar Games using the API to access Steam for information on Rockstar's own games...but I would imagine that Valve would have frowned a bit on Rockstar having access, say, to the data on Firaxis's or EA's games (& vice versa), as that smacks of giving them "insider information". If they were to frown on that, I can imagine they wouldn't be too happy about some 3rd-party spectator getting that kind of access.
  • dextermat
    It starts with games, then hardware, then txt files then someone hacks the system, does a mistake and steal sensible information. Then the info is sold online without you knowing. After all that no one is responsible for the leak. They should really offer a permanent opt out option!
  • asgallant
    20876522 said:
    I consider myself a privacy advocate but can't really see the big deal with the internet knowing what games I own?

    What you said is a variant of the "I've got nothing to hide" argument. There are no consequences that you can see, therefor no one should care if their games list is made public. "Nothing to hide" is a fallacy that assumes the only reason for privacy is to hide something that is wrong.
  • photonboy
    It would be very difficult to calculate what your info is worth but it would be very small.

    You actually already do "profit" though when you benefit from the aggregate data being used to make Steam suggestions, or other data and applications like Netflix that see what people are watching or how they use products so that they may improve things.

    We'll have some knee-jerk to the Russian attacks and it may go too far in some cases, but better to be overly protective than not enough (especially when companies find ways to violate the protection rules anyway).

    We do need to focus on what's most important to protect though such as our family data (and use common sense to not post "here's my cute daughter... here's our address...)
  • cryoburner
    20876522 said:
    I consider myself a privacy advocate but can't really see the big deal with the internet knowing what games I own?
    Post your Steam profile here, and I'm sure we can find something. : 3

    I've always wanted to see more detailed privacy controls on Steam. Having only the options for your entire profile to be either public, private or friends-only really limits your options. Maybe you want your achievements to be public, for example, but don't necessarily want random Internet bots and others cataloging how many hours you've played of a particular game, or how much gaming you've done on the service in the last two weeks, or whether you're in a game at any given time, which with repeated look-ups could be combined with other data to build information about a person's daily schedule.

    This addition is a good start to making more detailed controls available, though I'd like to see that added for all parts of the profile. Badges, recent activity, friends list, and so on. All should have the option to be individually marked private, public or friends-only. I also wouldn't mind seeing at least two layers of friends. Many Steam users have a mixture of people they actually know in person, online friends that they've known for a while, and then just random people that they may have had a good multiplayer match with. Being able to keep those separate from one another, and having the option to control what profile data is available to each would be nice.