OTTAWA—For many of us unwrapping new video game systems this holiday season, the “terms and conditions” will be a vague memory between taking the console out of the box and finally getting to play Fallout 4.

But with more and more video game companies collecting ever greater amounts of data about their customers, privacy advocates are starting to warn about risks to gamers’ personal privacy — as well as the dangers in normalizing surveillance.

“A lot of people have argued in various circles that the fun applications of having your privacy invaded are actually, in a lot of ways, a gateway to getting used to sort of bigger changes,” said Alex Cybulski, a doctoral candidate at the University of Toronto studying technology and privacy issues.

“You would probably be a little weirded out if you found out how widely facial recognition systems are used in a lot of contexts, but a lot of people didn’t really bat an eyelash when they were getting facial recognition systems in Facebook or on a camera that recognizes people’s faces.”

“People see those playful contexts and I think it desensitizes them a bit.”

Before we get into the scope of the problem — and what gamers can do to protect their information — we need to understand what kinds of information companies are collecting.

Cybulski argued in a recent article that, far from being a new development, surveillance and video games have gone together since at least 2005 with the release of the Xbox 360.

That console introduced the idea of “achievements” in games, over and above high scores. The idea was that if you played a game in a more challenging way — more than beating a boss or passing a level — a little notification and pleasant “ping” sound would pop up on your screen.

“Achievements act as recognition of a player’s videogaming prowess and these trophies are facilitated by complex surveillant algorithms and code built into the architecture of contemporary videogames,” Cybulski wrote.

Basically, gamers were suddenly aware that the system was tracking exactly how they were playing, and rewarding them for playing certain ways by increasing their “gamerscore.” Not unlike the high score boards in old school arcades, a higher gamerscore meant greater prestige. And “completionists” — gamers dedicated to getting every achievement in a given game — were rewarded for their obsessive behaviour.

But, like with everything else, the Internet fundamentally changed the relationship. Unlike the simple arcade scoreboard, which served as a monument to players’ skill, the Internet allowed companies to collect data on how players were using their systems and games in real time.

As players began purchasing games and products through their consoles, game companies began storing credit card information. As motion sensors — such as Nintendo’s popular Wii console, and later the Xbox Kinect — became incorporated into gaming, consoles began collecting biometric data like weight and facial features.

All this data was used to provide services — the Wii collected health data for the wildly-popular WiiFit exercise game, Kinect measures the distance between facial features to recognize users — to gamers. But some of it can also be used to tell gaming companies who is using their products, and how they can better market them.

Using customer data for fun and profit

“Ubisoft uses the customer data we have primarily for our internal marketing and demographic studies, which are designed to constantly improve products and services we provide and ensure they meet customers’ and players’ expectations,” wrote Stéphanie Perotti, a vice president with gaming studio Ubisoft, in an email to the Star.

“Ubisoft also conducts surveys to get players’ feedback on our games before, during or after the games’ development.”

Ubisoft is far from the only company using gamers’ data to improve its ability to sell games. But the company’s privacy policy is instructive. Ubisoft says it can collect, at any time, information on its customers’ gaming habits including:

The unique identity of the gaming console

Internet provider

Dates and times spent playing Ubisoft games

Game scores, metrics and statistics

How much money is spent in-game

Perotti says this information is closely guarded, and the company takes appropriate steps to ensure its customers’ data is secure.

“Ubisoft takes the privacy and security of personal information very seriously,” Perotti said.

“Our security procedures are based on the good standards of our industry and are constantly reviewed to take into account new technologies and practices.”

In addition to marketing, companies can actually change games themselves based on their users’ data. King, the developer behind the insanely successful Candy Crush series, noticed that many users of the free mobile app were quitting around Level 65. So they made Level 65 easier, and users started playing much further into the game.

If all this sounds trivial, King was bought by Activision Blizzard for $5.9 billion in November.

How gamers can protect their information

Well, just don’t play if you’re so concerned about your privacy, right? It’s not that simple, says Cybulski.

“Surveillance is (ubiquitous) now. As much as people might say, ‘oh don’t play that game,’ well don’t use your cellphone either because every single app you install asks for location permission,” Cybulski said. “Don’t even have a cellphone in the first place because your cellphone company is triangulating your position based on what cellphone towers you’re closest to. So surveillance is everywhere.”

So what can gamers do to protect their personal information? The first step is perhaps the most obvious, but the most tedious: understand what information a company is collecting about you.

Loading... Loading... Loading... Loading... Loading... Loading...

“(Increased data collection) makes it that much more important that these organizations are very, very upfront with not only saying what type of information they’re collecting, but also explaining the why,” said Brent Homan, director general of the privacy commissioner’s private sector investigations branch.

“How does it complement the user experience, explaining that so that the users and the gamers can make an informed decision on whether or not they wish to engage with that game or not.”

When you download a mobile game on your phone, for instance, question why exactly it needs to access your camera or location data. Many apps request permission for a wide variety of applications on your phone, but don’t actually require them to function properly or at least partially.

Homan said his office also wants companies to think about how they can customize privacy controls to allow users to select what information they’re comfortable sharing.

Cybulski agreed, noting the implications go beyond the video game industry. Ultimately, it’s about people having control over what personal information is collected, who gets to see it, and how it is used.

“(It’s) a drama that’s playing out in so many technologies. It’s going on in your iPod from 2006, it’s going on in your phone, it’s going on in your Fitbit. All of these networked technologies are doing this to some extent,” Cybulski said. “My bigger argument would be until we get our act together, until we demand some sort of informational self-determination … we’re going to be losing that fight on every front.”

Playing with your privacy

As privacy issues become more ingrained in wider culture, they also find their way into video game’s storylines.

—

Memory stick

Assassin’s Creed central bad guys, Abstergo Industries, are a shadowy multi-national company bent on world domination through subtle social controls. They even go so far as to extract their employees’ (and sometimes captives’) “genetic memories,” allowing them to access their ancestors’ lives in a video game within the video game. The irony of how much information the game studio Ubisoft collects from their customers shouldn’t be lost on many gamers.

—

Data hack

Another Ubisoft production, Watch Dogs, puts players in the role of a mercenary hacker in near-future Chicago. The character hacks the fictionalized central operating system controlling everything from traffic lights to security cameras. But he also has sensitive personal information, such as bank and career data, at his fingertips. The game takes these threats seriously — in one mission, the player’s character can remotely shut down an enemy’s pacemaker.

—

Mind games

Fallout: New Vegas’ protagonist, the Courier, starts of the game by getting shot in the head. After patching the player’s character back together, the local small town doctor asks the player a series of “psychological” questions, word association games, and a short Rorschach test to build the character’s skills. Given the game takes place in a post-apocalyptic nuclear wasteland, however, it’s unlikely this personal information would get very far.

—

Candid cameras

There are countless security cameras littered across Rockstar’s wildly popular Grand Theft Auto V, some used in story missions, but most just document daily life in the sprawling city of Los Santos. Players can also switch between the game’s three protagonists during play, with the camera zooming out to a satellite image of Los Santos and then zooming back in, often interrupting the characters during their various interactions with family and friends. The scenes with Trevor are best not discussed in a family setting.