GameIndustry.eu Logo

2018 2022   2019 2018 2018 2019 2018   
Gameindustry.eu /  Frequently asked questions (FAQ)

  Frequently asked questions


General

On these pages, you may come across various technical terms that might not be immediately clear. For this reason, a small glossary has been created, where some of these terms are explained in detail.

The abbreviation "IP" (Internet Protocol) refers to the address of a device or service within a network. It serves as a digital identification, similar to a postal address, and is present in every online interaction – whether retrieving a website, watching a video, or opening an email.


You can view your current IP address under the section My IP-Adress.

The abbreviation "CDN" stands for "Content Delivery Network", which often consists of geographically distributed server networks that enable content such as websites, videos, images, or files to be delivered faster and more efficiently to users worldwide.

The Network Connectivity Status Indicator (NCSI) is a feature in Microsoft Windows that displays the network status of a computer. It is a system that checks whether the computer is connected to the internet and if the connection is functioning properly.


NCSI regularly checks if an active internet connection is available. When a connection is present, it is indicated by an icon (e.g., a network or Wi-Fi icon).


The service performs simple tests to determine whether the computer is connected to the internet or if there is an issue with the network connection. For example, it checks if websites can be reached.

 

NCSI as Tracker

From a data protection perspective, a service like NCSI, which runs regularly in the background and cannot be explicitly controlled or disabled, can indeed be considered problematic, as this small query involves the transmission of various data:
  1. The IP address
  2. Timestamp
NCSI falls into the category of silent callbacks, which are often implemented without transparency or consent. Stored NCSI information can be analyzed, aggregated and used to create movement profiles or enable profiling.

 

Header

  http://www.msftconnecttest.com/connecttest.txt

Request:
GET /connecttest.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftconnecttest.com

Response:
HTTP/1.1 200 OK
Date: Tue, 19 Nov 2024 21:16:51 GMT
Connection: close
Content-Type: text/plain
Cache-Control: max-age=30, must-revalidate
Content-Length: 22

Microsoft Connect Test

 

Used addresses and hosts

 
Name: Wert:
ActiveDnsProbeContent 131.107.255.255
ActiveDnsProbeContentV6 fd3e:4f5a:5b81::1
ActiveDnsProbeHost dns.msftncsi.com
ActiveDnsProbeHostV6 dns.msftncsi.com
ActiveWebProbeContent Microsoft Connect Test
ActiveWebProbeContentV6 Microsoft Connect Test
ActiveWebProbeHost www.msftconnecttest.com
ActiveWebProbeHostV6 ipv6.msftconnecttest.com
ActiveWebProbePath connecttest.txt
ActiveWebProbePathV6 connecttest.txt

 

Windows Registry

 Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet


NCSI or similar services can be found in almost all modern operating systems and network environments. The mechanism is universal but is implemented differently depending on the provider.

A repository (Latin "repositus" – the storage place, the act of keeping)) is a central storage location where data, files or code are stored and managed. It is commonly used in software development to store and version source code and documentation. A repository allows developers and users to track changes, restore previous versions and collaborate on projects.


Well-known repository services like GitHub or GitLab provide a central source for collaboration and the use of version control systems.

As part of the transparency initiative, it was decided to publish various host files on repository platforms such as Github  .


This brings several advantages:

  1. Transparency - The work is open-source and consistent
  2. Users have the ability to track even the smallest changes to the files
  3. The platform offers areas for suggestions and comments where users can get involved

  Signatures

Digital signatures, CRC32 & Sha

A digital signature ensures that a file comes from a specific developer and has not been tampered with. It can be considered a digital equivalent of a handwritten signature. Provided files are accompanied by another file with the same name and an "*.asc" extension.


The "*.asc" files are associated with OpenPGP and allow users to verify the origin and integrity of downloaded files in comparison to the original.

A hash can be most easily described as a digital fingerprint of a file, created using SHA algorithms (Secure Hash Algorithm).


SHA stands for "Secure Hash Algorithm" and generates a unique checksum for each file, similar to digital signatures. Each file thus has a specific, distinctive checksum that is used to verify the integrity and origin of the file.


Users can therefore use hash values, in addition to OpenPGP signatures, to check files for possible tampering or changes, as well as to verify their origin. On the GameIndustry.eu website, hash values are used in various places: In the product search, hash values are assigned to the respective products, and downloads as well as images are provided with corresponding hash values to ensure their integrity.


Current SHA value of the GI-Host-Templates.exe from the download section:


 Sha256:


This value is unique. Even if the smallest byte in the file changes, it will result in a different checksum being displayed.


If the file was downloaded from another site and does not have the same checksum, it has been tampered.

CRC stands for "Cyclic Redundancy Check."


This method is used to determine checksum values for file transfers or file storage. If a CRC value does not match, the file contains a data error. This can occur, for example, if a download was prematurely interrupted.


Current CRC32 value of the GI-Host-Templates.exe from the download section:


 CRC32:


Published software (such as *.exe, *.ocx, or *.dll files) can be signed with a trust certificate by providers like Comodo CA, Sectigo, Thawte, Symantec, GoDaddy, and others. This process is known as "code signing."


It works similarly to the SSL certificates used in browsers to ensure the security of websites.


The key difference, however, is that a code signature from these providers can cost several hundred euros per year – an amount I am not willing (and can't) to invest. Furthermore, trust cannot simply be bought with financial resources.

  Website

Corrections, Website, Content

The purpose of this website is to provide consumers with a basic insight into the topic of analytics and telemetry. Thousands of products and websites are analyzed, the involved companies are named, and the results are systematically summarized, processed, and regularly updated.


Additionally, filter lists for digital self-defense are provided, allowing users to block unwanted program behavior.


The information provided on the website thus offers a foundation for further research.

The product search on these pages is an optional feature for consumers, allowing them to search for products contained in the hosts files and display them individually. The results are identical, but they offer further links and information about the services contained in the products.


The key services present in a product are optionally listed in the results, so visitors can see additional pages explaining things like what Denuvo Anti-Tamper is, what the Steam Datagram Relay is, what servers are contacted, or what the company Epic Games, Inc. is about.

The privacy badge automatically assesses a product’s privacy risk based on its features and detected services. The assessment has four levels from low to critical and helps you make informed decisions.

How the assessment works:

  1. Analysis of product features: The system checks various privacy-relevant properties such as data collection, camera access, or third-party integrations.
  2. Service detection: Automatic identification of integrated tracking and analytics services (e.g., Google Analytics, Facebook Pixel).
  3. Risk matrix evaluation: Each feature is weighted by severity (1–5) and category. Critical features have a greater impact.
  4. Dynamic adjustment: Combinations of multiple risk factors can amplify the rating.
  5. Opt-out consideration: Available opt-out options can improve the rating by up to 30%—except when it is a "placebo opt-out" without actual effect.

The four risk levels:

Level Meaning Typical Features
Low Minimal data collection Basic functionality, no critical trackers, local data storage
Moderate Moderate data use Telemetry, crash reports, CDN usage, online features
High Extensive data processing Analytics services, social media integration, profiling, third parties
Critical Very extensive data collection Ad trackers, biometric data, children’s data, comprehensive monitoring

Assessed risk categories:

Show all categories (expand)
Category Risk Factor Examples
Critical privacy risks (factor 5)
Data harvesting5 Comprehensive data collection across multiple platforms
Profiling 5 Automated decisions, behavioral analysis
High risks (factor 4)
Personal data 4 Name, email, address, phone number
Camera/Microphone access 4 Voice chat, webcam access
Contacts/Location 4 GPS data, IP collection, geodata
Medium risks (factor 3)
Tracking & Analytics 3 Cookies, telemetry, usage statistics
Third parties 3 External services, SDKs, plugins
Advertising 3 Ad networks, banners, CTAs, retargeting
Anti-cheat 3 System monitoring, kernel-level access
Low risks (factor 1–2)
Online features 2 Multiplayer, cloud saves, social features
Launcher/DRM 1 Steam, Epic Games, copy protection
Basic telemetry 2 Crash reports, performance data
Regional restrictions 1 Geo-blocking, country restrictions

Detected services and their impact:

The system automatically detects integrated services and adjusts the rating accordingly:

  • Critical services: Ad networks (Google Ads, DoubleClick), attribution trackers (AppsFlyer, Adjust) → minimum rating "critical"
  • High services: Analytics (Google Analytics, Firebase), game analytics, social SDKs → minimum rating "high"
  • Moderate services: CDNs (Cloudflare, AWS), crash handlers, frameworks → minimum rating "moderate"
  1. What does "opt-out" mean?: An opt-out allows you to object to data collection. A functioning opt-out improves the rating. A "placebo opt-out" is an option without actual effect and is rated negatively.
  2. How accurate is the rating?: The rating is based on detectable technical features and known services. It provides good guidance but cannot capture all aspects of data processing. Additionally, read the privacy policy of the respective product provider.
  3. Why does a product have a high rating?: Hover over the badge to see the main reasons. Details can be found in this section in the list of product features.
  4. Can I trust the rating?: The rating is an automated tool for an initial assessment. For a complete evaluation, you should always read the privacy policy and consider your individual requirements.

The privacy badge is continuously being improved. Feedback and suggestions for improvement are welcome.

The GameIndustry.eu website offers a comprehensive collection of information and data, the maintenance and research of which involves considerable effort and time.


Therefore, it may occasionally happen that not all information is always up to date.


If you have new data about a product, are a developer and would like to make changes to datasets, or if certain terms are unclear, the contact options are always available to you.

The tested products are owned by myself and are purchased through platforms like Steam, Epic Games, GOG and other distribution platforms. During the tests the available data from the respective products is extracted and where possible, processed.