Steam Deck

Warning: *privacy not included with this product

Steam Deck

Valve
Wi-Fi Bluetooth

Review date: Nov. 1, 2023

|
|

Mozilla says

|
People voted: A little creepy

If you're a serious PC gamer, you probably use Steam, the online game store, community, and place to go to find and play nearly 30,000 games. Owned by Valve, Steam launched their handheld console, Steam Deck, to let PC gamers play someone other than their PC. Turns out, people liked that idea. It was so hard to get a hold of one when it came out that it was referred to as a "Nintendo Switch for adults" by one publication. That's all fine and dandy, but how does Valve's Steam Deck do at privacy? Well, eh, they aren't the worst, we'll give them that.

What could happen if something goes wrong?

Good news! Valve's privacy policy, which covers the Steam Deck and the Steam store, doesn't raise any huge privacy concerns for us. It’s a little vague for our tastes, but we didn’t see any big red flags. We like that they say they don't require users to provide a real name when signing up for a Steam User Account. You will need to provide an email and a user name, and then will be assigned a Steam ID number that will be used to reference your account, rather than something more personally identifiable. This is good. Of course, Valve still says they can collect personal information on you, including any information you provide identifying yourself in posts to chats or message boards, so, as always, be aware of what you share online.

We also like that Valve says they don’t sell data. Yay! They make no explicit mention in their privacy policy if they share data with third parties for targeted advertising purposes. It’s always nice when a privacy policy explicitly states they do or do not share your personal information like that. However, you can bet that Valve knows what games you're playing, when you’re playing, for how long, and the like so they can target you with ads for similar games. Through their API, the software that connects to other software, Steam makes certain user information available to other players and their partners. That includes your alias, avatar, and whether you’ve cheated in a multiplayer game. Not that any of you all would have to worry about that! All in all, it’s pretty standard stuff.

Valve does say they can process anonymous data and they may share anonymous data, aggregated or not, with third parties. This is a fairly common practice and doesn’t worry us too much. However, it is always good to remind people that some anonymous data has been found to be relatively easy to re-identify. But, Valve does grant everyone -- regardless of whether or not you live under strong privacy laws -- the right to delete their data. So, that's good and a good thing to do from time to time.

Here’s the bad news about the Steam Deck though. We can’t confirm it meets our Minimum Security Standards because we can’t confirm it uses encryption or if Valve has a way to manage security vulnerabilities. We emailed Valve three times with our privacy and security questions again this year and, just like last year, haven’t heard back from them. (It’s super common for brands to ignore our messages to their privacy inbox, but still a bummer.) There is a lot written out there on the internet about how to set up encryption on the Linux-based SteamOS yourself, but you have to be pretty tech savvy to sort it out. And, we don’t think that users should have to go through that to protect their data. If you would like some easier tips to make your Steam Deck more private, we found this article pretty helpful.

What’s the worst that could happen with your Steam Deck playing all those games online? Well, Steam is an online gaming community and those have been known to be pretty toxic, especially to women, the LGBTQ+ community, and minority gamers. So, be careful what you share on those public chats and message boards. Because while Valve might indicate they are doing a decent job handling your personal information, we’re not so sure every person on Steam will do the same. You don’t need to get doxxed or swatted or whatever the latest form of gaming harassment is because you overshared (or heck, just even shared) while playing Call of Duty.

Tips to protect yourself

  • Do not sign up with third-party accounts. Better just log in with email and strong password.
  • Chose a strong password! You may use a password control tool like 1Password, KeePass etc
  • When starting a sign-up, do not agree to tracking of your data if possible.
  • Review the tips in this help article.
  • mobile

Can it snoop on me? information

Camera

Device: No

App: Yes

Microphone

Device: Yes

App: No

Tracks location

Device: Yes

App: No

What can be used to sign up?

What data does the company collect?

How does the company use this data?

Privacy Policy

"Valve does not sell Personal Data."

"Additional Information for Users from California ...
The CCPA also gives California residents a right to opt-out from the sale of their Personal Data. As described in section 5, we do not sell Personal Data and have not done so in the past 12 months. ..."

"Valve collects and processes Personal Data for the following reasons:
a) where it is necessary for the performance of our agreement with you to provide a full-featured gaming service and deliver associated Content and Services;
b) where it is necessary for compliance with legal obligations that we are subject to (e.g. our obligations to keep certain information under tax laws);
c) where it is necessary for the purposes of the legitimate and legal interests of Valve or a third party (e.g. the interests of our other customers), except where such interests are overridden by your prevailing legitimate interests and rights; or
d) where you have given consent to it."

How can you control your data?

Valve grants everyone the rights to delete their data, no matter what privacy laws they live under. Good work, Valve.

"The data protection laws of the European Economic Area, United Kingdom, California, and other territories grant their residents certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights, we make the tools designed to exercise such rights available to our customers worldwide. (When we talk about the GDPR in this section, we mean the version of the GDPR that applies to you in the EU or UK)."

" We will only store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. After that your Personal Data will be deleted, blocked or anonymized, as provided by applicable law."

What is the company’s known track record of protecting users’ data?

Average

In 2020, CheckPoint found four major vulnerabilities in the popular Valve games networking library. All vulnerabilities were acknowledged and received CVE’s. There were four major vulnerabilities in total.

In 2019, Valve investigated Epic’s use of Steam data after users raised privacy concerns on Reddit.

Child Privacy Information

" The minimum age to create a Steam User Account is 13. Valve will not knowingly collect Personal Data from children under this age. Where certain countries apply a higher age of consent for the collection of Personal Data, Valve requires parental consent before a Steam User Account can be created and Personal Data associated with it collected. Valve encourages parents to instruct their children to never give out personal information when online. "

Can this product be used offline?

Yes

An online connection is required to download games and play online multiplayer games. Once downloaded, some games can be played offline.

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

Unknown

Encryption

Can’t Determine

Security researchers highlighted the lack of disk encryption at Steam Deck.

Strong password

Yes

Security updates

Yes

Manages vulnerabilities

Can’t Determine

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine

*privacy not included

Dive Deeper

  • Steam Deck Privacy and Security
    SecureIdeas Link opens in a new tab
  • A Complete Guide to Privacy on the Steam Deck
    Make Use Of Link opens in a new tab
  • Pressure grows on Valve to unplug Steam gaming platform vulnerabilities
    PortSwigger Link opens in a new tab
  • Standard Privacy Report for Steam
    Common Sense Link opens in a new tab
  • Game over? Vulnerabilities on Valve’s Steam put hundreds of thousands gamers at risk
    Check Point Link opens in a new tab
  • Valve to investigate Epic’s use of Steam data after users raise privacy concerns
    MCV/Develop Link opens in a new tab
  • After 14 years, Steam finally gets some decent privacy settings
    Mashable Link opens in a new tab
  • 4 security bugs discovered in games on Valve’s Steam platform
    TechRepublic Link opens in a new tab
  • Steam Pulls Game After Dev Goes On Transphobic Rant Against Keffals
    Kotaku Link opens in a new tab

Comments

Got a comment? Let us hear it.