A Gamer’s Take on Privacy in Online Gaming

Published by Foundation for Media Alternatives (FMA) on

A Gamer’s Take on Privacy in Online Gaming

By: JB San Miguel, FMA Intern

Why is it important that we address digital privacy in online gaming? Why should you be concerned? The global market size, or the potential revenue that could be generated by the industry is 225.28 billion USD (244.68 billion USD in 2026), with the Asia-Pacific market dominating the online gaming market with a 51.2% share in 2025, and a projected growth of 501.91 billion by 2034. Furthermore, the platform that is most dominant in the online gaming market would be mobile gaming. Lastly, it has surpassed the movies and entertainment industry’s global market size of 112.93 billion USD.

Online gaming has become far more mainstream and more popular than it was 20 to 30 years ago, not only as a market and an industry but also something cultural. No longer is it a niche; everywhere we go, we see people playing online games. On their mobile devices, at internet cafes, at their homes, or maybe even at work! What I’m trying to say is that just like movies, just like other hobbies like sports, video games have become an integral part of a person’s day-to-day life.

Thus, it is of great importance that we further analyze, discuss, and converse the topic of digital privacy in online gaming. It isn’t just a space for playing, but a way to socialize and communicate with others from all over the world. People converse with each other in games, and talk about the latest updates on topics that interest them. In other words, video games are as much an activity for entertainment as it is a way of socializing, making it susceptible to malicious intent, especially towards someone’s private information.

Risks of Online Gaming

Addressing the risks and concerns of online gaming is a vast topic, so I’d like to focus on two sub-problems: anti-consumerism and toxic communities. Complete opposites within the spectrum, but both share a single commonality: people.

Anti-Consumerism

Anti-consumerism, the bane of all gamers.  It is never good to see a beloved game devolve into a slurry of microtransactions (digital purchases made within apps or games) which add nothing of value to a game, except a new way for the company to increase profit. Now, one may ask, why is this wrong? Microtransactions, especially ones that border on a predatory or aggressive level, rely on collected data to manipulate spending habits–spending habits developed through video games made for the sole purpose of profit.

Where would companies get this data? Online games routinely collect gameplay patterns, reaction times, spending behavior, in-game communications, social interactions, and device and location metadata. This is what is known as telemetry data in game development terms. This refers to any remotely collected data based on how players interact with a game, or how the game’s system performs. Its original purpose was to function as a remote playtesting tool, a way for developers to iron out any glitches and errors. Nowadays, it’s used by publishers to optimize engagement and monetization, which greatly increases the risk of data privacy violations.

One may ask, are the consumers completely unaware of this? On the contrary, consumers are well aware of the issues. The main problem is that it has become an industry standard. These multi-billion-dollar companies have invested plenty to keep it this way. In other words, the gaming industry is decentralized, resulting in vague and blurry standards that differ from company to company. But, there is a clear and definite process that more often than not creates profit.

Going back to the risk that this brings to data privacy, how is it done? An example, and a primary foundation that puts your data privacy at risk, would be the End User License Agreement (EULA), a legally binding contract between a software creator or vendor and the person using the software, designed to protect the intellectual property of the software developer. If handled improperly or with malicious intent, they can function as legal workarounds to force compliance, permit behavioral or telemetry tracking, and/or third-party data sharing. 

A bigger question is now raised: how do they get away with this? Well, to access your favorite game, you’ll first need to accept the EULA, and by clicking the “I accept” button on the screen, that constitutes consent and agreement to the EULA, whether or not you had read it pre- or post-fact. Another reason would be how digital commerce is structured, a separation between ownership and access. In other words, you don’t have ownership of the product; you simply have a limited revocable license. Lastly, digital commerce platforms such as video games create or permit their EULAs to typically include clauses that give them the right to change the agreement when they deem fit, whether it be to lengthen the document when someone finds a legal loophole or misuses the software.

EULAs as a legal document are extremely lengthy, ranging from 5 to 20 pages of dense legal text. Thus, leading to my final point, their length provides them legal shielding; by filling these documents with “boilerplate” language to limit liability, capping the potential damages to the amount paid for the software, or exclude certain damages altogether, such as lost profits or data loss resulting from software use. Anti-consumerism isn’t the product of the past 5 or 10 years, but rather a product of decades of skewed normalization in an industry that favors the software or the company.

Toxic-Communities

While the scourge that is anti-consumerism does seem daunting and impossible to push back against, there is a more solvable and even more apparent problem: toxic communities. Every fanbase, be it for music, films, sports, or games, always has some sort of toxic fanbase. They may often be a minority of fans who are a bit too ecstatic about their favorite celebrity, sports team, or video game. In a sea of toxic fans, the problem lies in those who take it too far. 

Extreme behaviors like doxxing, online bullying, and gender-based harassment are often the most common forms of toxicity put into action. Instances where victims either have their personal information leaked and/or have been afflicted with psychological harm are common. At a larger scope, toxic communities become the foundation for hackers or cheaters in online gaming, with their qualms being directed at person/s or the company itself. I’d like to bring a further focus to these hacker groups, especially those that deal in ransomware and DDoS (Distributed Denial-of-Service).

As aforementioned, our personal information is engrossed whenever we play online games, particularly in microtransactions, where the users’ payment details are saved for in-game purposes. For hacker groups that deal in ransomware, the online gaming market serves as a treasure trove. For instance, a recent case of a scam resulted in stolen Steam accounts from players (Steam is a digital storefront and launcher for PC games). The scam itself utilized fake FACEIT (an e-sports platform) verification pages, utilizing official branding, working links, and the illusion of a real Steam login window. The scam would ask for your password, and before you know it, your Steam account has been stolen.

Now, why are FACEIT users being targeted? FACEIT is one of the largest platforms for competitive play for the highly popular online game, Counterstrike 2, This game averages around 600,000-900,000 online players at any given time and is known for having a lootbox system, a type of gambling-like mechanic where players can roll to get rare skins that have actual monetary value. A stolen account may not seem damning, but in truth, could contain hundreds of dollars worth of purchased games, valuable and limited items that are actually worth a significant amount of real money, and more importantly, wallet funds and saved payment details.

These DDoS or other disruption hacker groups specifically target the companies. They attack by threatening an organization’s digital infrastructure through overflowing it with digital traffic, resulting in its inability to provide and be accessible for legitimate users, resulting in a company’s financial and reputational loss. In 2024, the total amount of recorded DDoS attacks was primarily composed within the gaming industry. Why is this the case? Oftentimes, a DDoS attack would be used as a distraction to take down the essential infrastructure of an online game’s server, resulting in the preoccupation of the IT staff, thus opening the opportunity for these hackers to commence a data breach.

A severe case of a DDoS attack happened last October 6, 2025, where the suspected source, Aisuru botnet (network of internet-connected devices infected with malware, and controlled by a hacker), had targeted major digital services such as Steam, Riot Games, PlayStation Network, and many others through the usage of a TCP-based cluster bomb traffic; or in other words, several bursts of digital traffic throughout multiple IPs. This would result in simultaneous outages for all affected digital services. As severe as this case was, this is all the information that we’ve gotten. It isn’t known whether several data breaches ensued after the attack, but if it had, it would have led to millions of compromised accounts across several digital services.

Solutions

There are many solutions to the risks that’ve been laid out. An immediate solution would be for the digital service to see their mistakes, improve their network security, and be more ethical in their business practices. Unfortunately, that is unrealistic. So, what can we do as consumers to protect ourselves from both predatory business practices and external threats like hacker groups?

The Stop Killing Games Initiative is a decentralized global initiative demanding legal consumer protection against the intentional destruction of games. This was created on the fact that video games are beginning to require central servers to function, even for single-player content, and so if a publisher decides to shut the servers down, the game is destroyed in its entirety. This initiative promotes the preservation of older games, giving us consumers rights to actually own our games and not just a license, and pushes the efforts of gamers beyond simply complaining, but creating legal action.

Hence, my recommended solution for the risks that are present in data privacy in online gaming? Petition. Support preexisting initiatives with petitions, like the Stop Killing Games Initiative. Be present, and be loud, as if we are not loud, then our qualms, and concerns will not be addressed. I understand that this is not an immediate solution, but I did not want to write about creating backups to protect you from ransomware, or any other solution that can be found with a quick Google search. Instead, what we need is advocacy, as that’ll eventually lead to action. Of course, this’ll take time, and there is a chance that our efforts are for naught. However, perseverance is key to seeing long-term improvement. This may not be the most effective way, but I see it as the right way. Financially boycotting a gaming company can only take you so far, as it may not only harm frontline employees, but also force the company to cut costs so it can remain unaffected by the boycott. Again, efforts in advocating for consumer rights, the protection of our data, and the preservation of games may be for naught, but in the age of a digital world, it’s better to leave a lasting impression.

DISCLAIMER: This article was written by JB San Miguel, a student from Ateneo de Manila University who is currently an intern in FMA. 

Categories: News Blog

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *