GOG Galaxy 2.0 has gained official Epic Games Store support.

[WYP]

Epic Games and GOG have partnered up to enhance GOG 2.0.



Read more about GOG Galaxy 2.0 gaining official Epic Games Store support.

 

[NeverBackDown]

Now if more of them partner up this will only be a good thing. To bad most people will complain its EGS they started off with...

 

[looz]

Neat, so there's going to be one integration which is done properly.

They use a really shady method for Steam, Battle.net, Origin etc. There's this FriendsOfGalaxy repo on Github which provides most of these "third party" plugins. The way they work is that they let you login with a limited functionality web browser (for instance there's no address bar so you could verify it's the legit website) and then snatch your session cookie.

It's a method often used in malware and they use it to circumvent ToS - using official APIs would mean millions of requests, which would lead to the key getting revoked unless they negotiate a special deal. In addition, the API is more limited in scope.

So by using a "third party" repository, they're absolving themselves of any responsibility.

The session cookie essentially lets you perform anything, from reading all chatlogs to doing purchases in store - though the latter occasionally asks for CCV.

Sure, the code is open source and in the repo, but there's no easy way of verifying that your client is running that same code - not to mention a rogue update could lead to users' session cookies getting transmitted to a third party. This doesn't even require malice from FriendsOfGalaxy, one of them getting phished is enough.

But since people want an unified client and also hold GOG in high regard, nobody really gives a toss. Nor do people really understand the implications of this.

 

[Warchild]

I do wonder if the goal is to have a unified solution that includes all but Steam. Sounds a bit petty, but there has to be ways to break the monopoly.

 

[NeverBackDown]

@looz while they are indeed using a 3rd party, so far even after months of use it still has no malicious signs and people have made PR trying to implement malicious tactics and they have been tossed out.

GOG at least seem to be reviewing PR. As it's their reputation. However that doesn't mean it's not possible for them to miss something in the future.

It's really the only way to do it as we all know Steam won't work with them with using their own API. The steam monopoly needs to end.

 

[looz]

They could take the approach of making its users enroll their own Steam API key, which would be more secure and when compromised, wouldn't give away full account control.

But instead their most marketable feature is essentially implemented with ugly hacks and they refuse to comment beyond "it's none of our business what the third party plugins choose to do". Which is absolute nonsense for a commercial product like GOG Galaxy 2.0.