The Expanse author blasts Star Citizen for privacy breach

    
117
The Expanse author blasts Star Citizen for privacy breach

This is probably not how you want to get noticed by another major name in the sci-fi industry, but Star Citizen seems to have severely irked the writer of the popular Expanse series due to a privacy bug that activated his computer’s camera without permission.

“I install you and you instantly turn my laptop camera on without explicit permission? Way to volunteer to be uninstalled forever,” said James S.A. Corey (the pen name of two authors, Daniel Abraham and Ty Franck). Corey’s account went on to say, “One time invading my privacy without permission is enough […] Ask. Just ask first.”

In response, Star Citizen’s devs apologized and said that this situation concerned a documented bug for the camera (which is used to generate facial expressions for your in-game character): “We totally agree and that shouldn’t be the case! This is usually disabled by default and requires enabling in settings — this is a bug that crept up in our latest patch. Our team has been working on a fix already that we’re going to deploy in a patch soon.”

Meanwhile, the January report for Star Citizen is up for your inspection. In it, the devs covered improved combat AI, the final touches on microTech’s harsh moons, some half-eaten apples, and internal plans for the next quarter.

Source: Twitter, Star Citizen. Thanks Quavers!

No posts to display

newest oldest most liked
Subscribe to:
MurderHobo
Reader
MurderHobo

That’s not a bug you want to have at any point in your open alpha.

I learned a lot of paranoid habits from my time as an IT/R&D tech. I do not attach any mic or camera to my computers without a physical switch, which remains in the off position unless I need to use them. Laptop is a bit tougher to secure, but doable. Software lockouts aren’t lockouts at all.

Reader
Adam Chambers

Nope it is not, however it happens and isn’t the first time in a game it happens. Best thing to do is get a cover for the laptop camera and only take it off when you are wanting to use it tbh. Then good to go.

Not perfect solution but solves it for any software doing such thing even if by accident.

Phaserlight
Reader
Phaserlight

I just listened to a podcast on the Hummel reactor and couldn’t help but think of Star Citizen:

https://player.fm/series/physical-attraction/nuclear-fusion-vii-juan-step-beyond

Yes it would be amazing and great if all of Chris Roberts’ claims were true, and maybe it will be amazing and great yet, just not in the way initially pitched in 2012 – 2015.

Reader
Patreon Donor
Kickstarter Donor
Loyal Patron
agemyth 😩

Oh boy! I shouldn’t be surprised, but I didn’t actually expect fanboys to come and turn this bug into a fight for RSI’s honor. They messed up and a high profile person pointed it out. RSI considers turning on people’s webcams without permission to be a “known shippable” issue, and many people disagree. Either way, RSI knows and admits that is it bad, so don’t defend it.

Reader
petterbenjamin

How is this a privacy issue? Its a webcam talking to a local program.. and at the point where the webcam turns on, you’re not even connected to the PU(as they call the MMO arena), go and check out the settings and turn it off then, how are people this dense?
As for notifications on webcam privacy etc and endgame content, WTF, ITS ALPHA. Not really something you prioritize while still implementing new features.

Reader
Dementropy
Reader
Dementropy

I’ll refer you to Bree’s comment from earlier:

“What you’re describing – implementing security-weak “features” with obfuscated opt-outs instead of clearly communicated opt-ins – is straight-up dark design.

And as Bruno noted, CIG admitted it was a *bug* and that it should’ve been disabled by default. I don’t see the point of defending something even CIG won’t defend.”

Reader
Bruno Brito

Yeah. I like the sound of my own voice and all, but really, i’m tired of repeating myself.

Reader
petterbenjamin

Was describing a workaround for the bug, but ok. I have never understood why people feel violated over privacy stuff when something doesn’t even get sendt anywhere. In this case whats actually being sent, is a face translated to face coordinates to a server, to make an avatar repeat face movement. If it’s actually sending video or still images, well then its an actual privacy case, IMO. But obviously people get upset by different things.

Reader
Kickstarter Donor
Estranged

because it opened the camera to a hacker

Bree Royce
Staff
Bree Royce

Thank you! I’m mind-boggled that people don’t get this. Even if CIG didn’t mean to create the breach, it’s still responsible for it if someone else were to exploit it.

Reader
Kickstarter Donor
Estranged

Hey, Bree, ltns.

I keep my mic and cam unplugged for this very reason.

Reader
petterbenjamin

How? The faceware software is offline, meaning that it only sends data points (not video) to some other local software, that being star citizen.
If a hacker is going to get your camera feed, they will probably use their own software or other readily made programs. Why should they start all over to find vulnerabilities in the faceware program?
And if they already have access to exploit that, then they already have access to your pc, thats means faceware software is in no way the culprit for hackers having access to your webcam..
“I’m mind-boggled that people don’t get this.”

Reader
petterbenjamin

And I’m sorry, but “because IT opened the camera to a hacker” makes no sense computer wise.
What I mean is, if the camera is connected to the computer, it will always be “open” to hackers. No software will enable it to be hacked, if it’s already connected.
The camera being “on/enabled”, makes no difference.

kjempff
Reader
kjempff

You are correct that enabling the camera is not “opening the camera to hackers”, because of the reasons you gave; it would be impractical for a hacker because he would already have access to the machine, and then there are much easier ways. People here are not programmers or with understanding of how things work on a tech level, so we speak to the deaf.

However, it IS a privacy issue. Just because data may be processed on the pc, and you not being recognizable in the data being sent, I am pretty sure it still counts as private data. Meaning you have to give explicit consent to use (and depending on where are in the world, other rules about storing, requesting to delete etc also applies).
But yeah chill the frack out, it was a bug in an alpha, in one build and it is being fixed asap. But.. Also, stop buying overpriced jpgs with promises.

Reader
Loyal Patron
Patreon Donor
Alberto

Yeah I actually noticed this last big patch my webcam has a LED that flicks ON when in use and it turned on by itself for the first time after 3.8 dropped. It never did that before that patch which dropped about 2 weeks ago. Mr Corey has been a backer for years Now and has played the game before as well, so yes this is a recent Bug or we would have heard about this via his twitter years ago. Big Name person talking about this is the only reason this is even being talked about. Which is kind of sad all things considered, CIG needs to fix this asap to quell this “Storm in a Teacup.”

Reader
Kickstarter Donor
NeoWolf

It was bound to be tied to the FOIP software that is part of SC which like everything else is a WIP.

Reader
Tee Parsley

CIG is just sloppy. They too often take on the characteristics of their top management.

jb1000999
Reader
jb1000999

I bought a webcam specifically for this feature so it doesn’t concern me

Reader
Zero_1_Zerum

Customer’s privacy should be paramount. And SC admitted it was a bug. But, I mean, that’s to be expected when you are playing a game you paid to test the Alpha for, instead of getting paid to be a tester, or waiting for the game to go gold and come out.

Reader
Smith Davis

This is likely a serious privacy violation, and I wouldn’t be surprised if they are sued out of existence.

In fact, they probably should be because this may be the biggest money-taking endeavor I have ever seen in my life.

My understanding is that the owners are driving multiple, several-hundred-thousand-dollar vehicles and living in a mansion, all at the expense of the people who are funding this project.

It may just be the world’s biggest con job. They say the game is in development, but it never ends, the game is never complete, and they keep taking in money.

Most big game studios can finish an AAA game in three to four years max.

My understanding from public news files is that they have been under the watchful eye of various agencies, including the Better Business Bureau and others. But in the end they persuaded the agencies that they would be more transparent by releasing project schedules.

They must have some pretty good lawyers, because the game continues.

Someone who’s a lawyer or who has a lot of money and time should finally take them down and do the world a good service. Many innocent people are putting their money into a “black hole”, in my opinion.

All of the preceding editorial commentary is my personal opinion and may or may not be 100 percent accurate. I have freedom of speech and choose to use it. However, i don’t want to be sued, so i am being cautious.

Godnaz
Reader
Godnaz

This is likely a serious privacy violation, and I wouldn’t be surprised if they are sued out of existence.

Yeah, not really. That rest of your comment though is tinfoil.

All of the preceding editorial commentary is my personal opinion and may or may not be 100 percent accurate.

Ahh there we go..

Reader
Loyal Patron
Patreon Donor
Kickstarter Donor
Paragon Lost

Well Godnaz, it actually “is” a serious privacy violation. Agreed that they probably won’t get sued out of existence though. This could be compared to RATTing, folks don’t know they’re being watched and someone has remote access to their computers camera? Not good.

Godnaz
Reader
Godnaz

Agreed that they probably won’t get sued out of existence though.

I was referring to this. Sorry I wasn’t specific.

Reader
Loyal Patron
Patreon Donor
Kickstarter Donor
Paragon Lost

Ah, that makes a lot more sense. :)

Reader
Bryan Correll

It may just be the world’s biggest con job.

Even if it’s a con, it’s nowhere close to being the biggest. Bernie Madoff stole $18 billion (or up to $60 billion depending on how you look at it.)

Reader
TripleA513

A pre-release game has a bug, and you think they’re gonna get sued out of existence…. Wow, just wow.

Your post has an impressive amount of wrong in it, so much that you must be guessing at all of it. Next time do your own research and stop listening to what other people say.

Reader
kothoses

Before I begin disassembling this, I am not a Star Citizen fan, I have no money invested in this “game” and I have long since given up on seeing a product that is anywhere near what was peddled all those years ago.

However (*Channeling my inner Regi D hunter), some times on the internet, you just see a collection of wrong so egregious that you can not just be a dirty cop and turn the other way.

This is likely a serious privacy violation, and I wouldn’t be surprised if they are sued out of existence.

Only if the data is some how recorded, transmitted or otherwise accessed. Simply turning on a device alone is not enough to constitute unlawful access by any legislation (computer Misuse, Data Protection etc etc).

My understanding is that the owners are driving multiple, several-hundred-thousand-dollar vehicles and living in a mansion, all at the expense of the people who are funding this project.

The owners were pretty wealthy prior to this, and most rich people got there by taking money for goods services or (and this is the important part) Promises of the above. Now you can argue till you are blue in the teeth that they have yet to produce on most of those promises, but heres how the world works, some people have shit you or some one elses wants, and to get it, you or some one elses trades them bits of paper that if taken to the central bank of what ever country can be traded for minted currency to the value denoted on said paper. In this case, people donated money to a cause in the hopes of seeing an outcome. No one has “bought the game” and no one who kickstarted has “Invested”. They all donated money in the hopes of securing an outcome.

So like the owner of any profitable business they drive expensive cars… wonder if they are the only studio head with an expensive car (Hint they are not). Morally maybe questionable by gamer logic, but by real world logic, they have not done anything illegal, yet.

Most big game studios can finish an AAA game in three to four years max.

That depends entirely on the scope, budget and quality of the product, a project the size of SC is going to rack up considerable technical debt, not to mention the engine switch setting them back massively. Now I am not defending their decisions because some of them have in my opinion been very naive to put it kindly, but look at GTA 5, SWTOR, Destiny, Cyberpunk, Witcher 3, Assassins Creed Odyssey, WoW, Red Dead Redemption 2, or any other super massive production, many of them spent 6 years + from inception to release. The era of kickstarter has given people insight into the cycle of game development that was unheard of previously. You only heard of games within a year of them coming out, but big cames these days can take the best part of a decade to get from concept to launch. Now, that is if a studio is effective, efficient and makes clever productions choices, I am not able to say with any certainty if SC does or does not fulfill those criteria.

My understanding from public news files is that they have been under the watchful eye of various agencies, including the Better Business Bureau and others. But in the end they persuaded the agencies that they would be more transparent by releasing project schedules.

Which agencies? Because the BBB is simply a registered charity not a government or civil agency of any kind, they exist as an independent mediator and not as a Watchdog. The BBB actually has zero authority or power, they have influence obtained by being essential a pre internet review site. But they are an agency as much as Web of Trust is an agency.

Someone who’s a lawyer or who has a lot of money and time should finally take them down and do the world a good service. Many innocent people are putting their money into a “black hole”, in my opinion.

If there was a case there that a lawyer could make money off, it would have already happened. The fact that their only lawsuit of note is with Crytek and even that is unlikely to move on either side should tell you that for all the internet outrage there is nothing there to take them down with.

All of the preceding editorial commentary is my personal opinion and may or may not be 100 percent accurate. I have freedom of speech and choose to use it. However, i don’t want to be sued, so i am being cautious.

This statement is about as useful in terms of indemnifying you from defamation suits as pissing in to a hurricane and hoping it will change its direction. Freedom of Speech simply means you can not be prosecuted by your government for voicing opinions in contradiction to their policies, it does not make you immune to defamation or slander suits.

Basically, nothing you said is of any real substance or value and I urge you to take a bit more time to research your opinions forthwith.

Now all that being said, what this does show is that their method of “Alpha testing” needs to be revised with more UX and QA testing done in house prior to releasing a “Test build” to the public.

Bree Royce
Staff
Bree Royce

“Only if the data is some how recorded, transmitted or otherwise accessed. Simply turning on a device alone is not enough to constitute unlawful access”

I thought the whole point was that your webcam data were being transmitted so they could be turned into usable character emotions in the game. Is that not the case?

Reader
kothoses

Well that is the crux of it mate, the wording implies that in this case it only activated the camera, not the feature, if all it did was turn the camera on but not broadcast any data, that is one thing (Especially as windows now allows you to explicitly control if things have access to the camera and microphone).

There is also an element of explicit vs implicit consent, IE is the feature a known element.

Both of these are questions that would require answering before it can be decided if anything unlawful has occurred (Which is what I was specifically referencing in reply to the post above).

Is it shambolic that such a feature is allowed to function without input, yes, is it a tardy bug, of course. But the post I was replying to implied that something illegal had happened, and that was the part I wanted to specifically address.

I mean its a sucky scenario, but Cambridge Analytica it is not.

Reader
Mike Collins

“I have freedom of speech and choose to use it.”

Same here, and I have it on good authority that nCov attacks people with the smallest brains first! So I hope you are wearing a mask.