So, the idea of Galaxy 2.0 is great, but i kinda can't get on board in ''putting all my eggs in one basket'' from a data sharing, data aggregation and privacy standpoint. For instance, i don't use facebook nor whatsapp, i rather go with coms apps that are totally open source and end to end encrypted, innocently believing that almost no data can be collected, aggregated and used.

Now, from what i read about Galaxy 2.0, we have well meant promises of data minimalism and that this entire endevour is as privacy minded as one can expect from GOG. Still, GOG is in the process of aggregating pretty much all of the gaming related online lifes of interested users in one app and service. All games owned, play times, achievements, friends lists, chat messages, pretty much all of it. The problem is not that there will be much of a difference of GOG knowing what you play and how, with whom etc. VS Ubisoft or Valve and the like. It's that one company has everything aggregated.

The question thus is; what parts of the data flows from all different game company's backends to Galaxy 2.0 are handled purely locally, not flowing through GOG's own servers and/or being analyzed by GOG in the Galaxy 2.0 local instance and then synced with GOG servers?

I am not trying to hate on the general idea of Galaxy 2.0, i am just trying to meticulously fathom how Galaxy 2.0 will actually work and whether i am ok with the convenience vs privacy tradeoff.

Ideally (especially since Galaxy is a pure desktop client), Galaxy 2.0 was totally open source so the community could audit it, and was handling everything that is not GOG related locally, including login and all polling from the various 3rd party clients it integrates under one roof.

Since Galaxy 2.0 does not need 3rd party clients running in the background when not actively playing a 3rd party client game, i assume that Galaxy 2.0 is directly hooking into those clients services via special apis provided by those 3rd parties. Is this purely handled locally, or is this being done through GOG's own server infrastructure and then fed to my local Galaxy 2.0 client?

I encourage the devs to lay out in fine detail how the various "data flows" (login details, chat messages, gametime played, achievements etc.) are being handled. I assume i won't get my dream answer, but i feel that if GOG really means business concerning privacy, they should not shy away from laying it bare and open, so we customers can my a well informed decision whether we want to use what Galaxy 2.0 promises. Cheers

From what I gathered...

Galaxy 2 DOES need the clients to be installed. It interfaces with them when a game needs to be launched.

As for the data, I think it's only the data related to the authentication to the third party stores. I guess all the rest is handled through the APIs provided by the third party stores.

0% sure of this though. It'd be nice to have a clearer view on all this, I agree.

This is not necessarily true. Playnite functions similarly, and it doesn't collect any of your info like that. Not to say Galaxy works the same way, just pointing out that it doesn't necessarily do what you think.

I'm in the same position. I love the idea of this new launcher, and I really want to give it a try with my accounts, but I'm finding it difficult to find answers to some basic questions that anyone should be asking before filling in their credentials. I can't make the decision on what risks I'm taking without more information.

Ideally these other stores and platforms would have better, more secure methods of interfacing, but they don't. Much of that is in the interest of vendor lock-in, which Galaxy 2.0 is poised to undermine. Because of this, I understand that some of the integration methods used will be sub-optimal and also outside of GoG's control to improve.

But I would still like to know the following:

- Which credentials are stored, if any, and where? The current Privacy Policy in §4.3 states "We will not store your account credentials." However, the connection in the Settings window appears to be maintained, so something is being kept. Is it only storing a cookie or API token, or something more? They force me to use a built-in browser to initiate and accept the connection, which is the least-trustworthy method possible.

- If kept local, how are those credentials/API tokens/cookies stored? Are they reasonably secure from other malicious applications (i.e. using the Windows Credential Store or macOS Keychain instead of plaintext files)?

- What information is harvested from each account, where is it stored, and how is it used? A Microsoft account used for XBox Live is potentially tied to an entire host of non-game services, such as email, contacts, calendars, and more. The current Privacy Policy in §4.3 also states that they will access "chat and conversation history". I presume chat and conversation history is mentioned for the prospect of providing a chat service, but it is unclear whether this list is exhaustive, and there's no indication we will be notified if an expansion of access occurs. Being able to view the entire bulk of my data they have stored for each Integration would be a transparent disclosure.

- Are the recommended "Popular" Community Integrations vetted on each update against possible exfiltration of my data?

I know that the whole thing is still in beta and subject to change, but these are crucial questions that need to have an answer in the FAQ and Privacy Policy by the time this product goes live. I trust GoG to not be doing anything intentionally malicious with this launcher, but the less I need to trust them and the less I need to trust in them not making mistakes, the safer we all are.

- What information is harvested from each account, where is it stored, and how is it used? A Microsoft account used for XBox Live is potentially tied to an entire host of non-game services, such as email, contacts, calendars, and more. The current Privacy Policy in §4.3 also states that they will access "chat and conversation history". I presume chat and conversation history is mentioned for the prospect of providing a chat service, but it is unclear whether this list is exhaustive, and there's no indication we will be notified if an expansion of access occurs. Being able to view the entire bulk of my data they have stored for each Integration would be a transparent disclosure.

This is what i am mostly interested in understanding better. I have not looked to deeply into this, how the different vendors apis work. But from what i could imagine, Galaxy 2.0 could purely locally hook into uplay/steam/origin api to check on chat messages and all the stuff the different systems offer, and since using the api directly, neither the steam or uplay client needs to run for this, nor would galaxy 2.0 need to pull this from GOGs cloud infrastructure. And only if you want to fire up one of the DRM games the specific launcher needed to start, otherwise Galaxy 2.0 would need to break those launchers DRM machanism. Fair enough.

But if GOG goes the other way, where you give them access to all your gaming accounts and they periodically ping those accounts from their own Galaxy 2.0 server infrastructure and then relay all updates to your local Galaxy 2.0 client, then this thing is not for me! And i feel they would betray some of their core values (at least as i see them), that even the most trustworthy, well meaning, pro consumer company should not have all your data. Lets put like this; if the people behind GOG are really as pro consumer and have learned anything from the threats of Facebook, Google, Amazon and the rest of the digital giants, then they should pretty much NOT want to have all our data.

So there is two things GOG needs to do; make Galaxy 2.0 open source, and detail minutely how all of this works so we can make an imformed decision. And especially if they don't bother to do the latter, then we know they are not so serious about data privacy.