Gdevelop: Privacy issue with game.json files?
In game.json files, in the properties section, there's a projectFile key whose value is the absolute path to that game.json file on the developer's computer. I'm wondering if, considering these game.json files are often distributed online (be it for testing, support, or release), there's a privacy issue here...?
This value allows you to potentially see:
- The directory structure of the developer's computer
- The developer's computer username
- Various directory names on the developer's computer
Is this key/value necessary? When I download someone else's game.json file and run it, it works perfectly fine (even though that directory path doesn't apply to my computer).
In addition, I can change the name of my game.json file (e.g. to my-super-awesome-game.json) and it still works, even though this directory path value still points to the old, now non-existent, game.json file... It's only when I save the game in GDevelop that this value is updated.
That leads me to think this key/value isn't needed, but maybe there's a purpose I'm missing...?
BWPanda
All 4 comments
Privacy issue, I think the term is a bit too high ;) Let me explain:
It's used for storing the game current folder, to be used for opening the game folder when you select a new file, and storing the last folder where the game was exported, so you don't have to choose it again and again (especially when you export a lot).
Ideally, this could be stored in a separate file containing other settings like grid size.
- I don't think it's dangerous because this does not increase the surface of any attack against you and is not a vector of attack by itself. If your computer is vulnerable to an attack that needs to know your user folder, then your computer is relying on "security through obscurity" - which is not secure :) A username is easy to get once you have access to a computer - it's not a encrypted information and easy to obtain.
- I don't think it's creating any danger for you privacy, because it's highly unlikely that any sensitive information is stored in a folder name that leads to your game file. If anyone have a folder with a name containing sensitive information well... please use a password manager or a proper encryption :D At most, this will expose a username/name that is already accessible on Linkedin/GitHub or other social network.
If you're extra concerned with this, as you noted it's fine to remove the value from your game.
I could do also change so that it's not stored and the compilation directory is stored instead as a relative path - so that it's not exposing the complete path to the folder - even if again I hardly doubt anyone will have any issue with this before GDevelop is long dead and replaced by another project ;)
4ian
on 12 Jan 2019
I understand your points, thank you for explaining/clarifying. I think a relative path would be a good idea, but that's just me. And good to know this value can be deleted safely if/when posting online if needbe.
BWPanda
on 12 Jan 2019
Maybe we can add an option in the (upcoming) "Save As" feature that erases the personal data from the project file. This way the project could savely be distributed.
Wend1go
on 14 Jan 2019
Many people don't like their Windows usernames, as it just takes the first 5 letters from your email and uses that. For me, I don't really care, I would just prefer to not share my user name.
nailuj29gaming
on 4 Nov 2020
Related issues
4ian
路
4Comments
Wend1go
路
3Comments
Bouh
路
3Comments
triptych
路
5Comments
Jeje2201
路
5Comments
Most helpful comment
Maybe we can add an option in the (upcoming) "Save As" feature that erases the personal data from the project file. This way the project could savely be distributed.