User Privacy Alert & Profile Updates
The CG team has been hard at work building a platform that equips players and organizers with the tools they need to seamlessly create, facilitate, and participate in esports tournaments with automated payouts. As we continue to scale to communities around the globe, a large component of that will be the social layer of the platform.
New user-oriented features and privacy improvements have recently been implemented and more are in the works to ensure users can enjoy the platform without divulging their identity if they choose, but also allow for a robust social layer that can be utilized by communities that want to build up a strong reputation.
User Privacy Notice
Before getting into some of the upcoming player profile changes, we want to inform our users of an issue we recently discovered that could affect some information we maintain about our users. On June 29th, we discovered an issue that inadvertently would allow a non-organizer to be able to call our server and get back a participant list from a given tournament page. While we have no indication that any unauthorized individual accessed any information as a result of this, and while this information was not accessible directly from the platform, it could have been leveraged to generate a list of tournament participants that included a players given account name, email address, and date of birth.
Having been in the crypto space for many years, we understand how important user privacy and trust is so we’re sharing this info in the interest of complete transparency and sincerely regret any concern this issue may cause. Upon learning of the issue, we immediately began working to resolve this issue and patched the vulnerability following updates that were deployed on July 4th. As outlined above, our investigation has not identified any evidence that any unauthorized individual was able to leverage this issue to access any tournament participant information. Furthermore, we can confirm that this issue did not involve any sensitive personal information, such as financial account information or identification information for any of our users as we do not collect this type of information.
Although this issue did not affect any sensitive user information, we have written an article that provides information and best practices for protecting data that is specifically designed for players operating in the crypto gaming space. This article includes basic and advanced steps users can take to maintain secure custody of their self-managed assets and avoid being potentially phished/scammed as these have become ever present threats that all cryptogamers should be aware of.
New User Privacy Features Going Forward
User privacy is extremely important to us and we have taken steps to help protect against this type of issue arising in the future. As most users are probably aware, our platform is entirely non-custodial, meaning Community Gaming does not collect or have access to our user’s private keys to their linked wallets. This is by design as we do not wish to have custody of any user funds and prefer to limit the information our users provide upon sign up to only what is necessary to administer the account. This includes a field for ‘Name’ which is a custom field that does not require users to provide their full names. We also collect email, date of birth, and the user’s country in order to ensure they’re above 18 years old and are from non-sanctioned countries.
We have also implemented measures to limit the sharing of our users’ emails with their own tournament organizers. Specifically, we have added a new feature called “Make an Announcement” that allows organizers to send emailed messages to all participants from their tournament page without providing them with the ability to export the participants’ email addresses. While organizers may choose to collect additional information through custom registration questions, these are completed directly by participants if they choose to participate and further opt into providing the requested information on an ad hoc basis. Finally, we have also started the process of getting a SOC 2 compliance certification to further underline our commitment to ensure user data safety.
User Profile Updates
As outlined above, our platform allows users to register using the name of their choice rather than providing their full names. Upcoming changes to Player Profile pages will allow users who wish to reveal their gamer identity to take advantage of enhanced reputation and achievement features. This includes platform achievements, past tournaments hosted and participated in, linked social accounts, team rosters, and accumulated earnings.
Later this quarter we will also launch our Weekly Quest System. Quest rewards will be added and trackable on player profiles, enabling us to award engaged users with stablecoin payments and special NFT badges. This will bring the added benefit of providing reputation indicators that let other players know they are participating in a verified organizer’s tournament who has a history of successful events.
We are offering these updates while preserving our users’ ability to control what information they associate with their profiles. Users can choose what social media and gaming accounts are linked on their profile (if any), whether to make their location public, and we currently show only the player’s username (not Name) on their profile. You can configure your profile to serve as your “Gamer LinkedIn”, outlining your past history and achievements, or alternatively, your identity can be kept much more private if you choose not to include identifying information or link a wallet that is publicly associated with you. We plan to continue making improvements and review user feedback, while also giving users control over what information is viewable on their profile.
Our focus is on building a platform for the hundreds of millions of gamers worldwide that is secure, fun, and esports driven. Our rewards program will hopefully be a large part of that community growth going forward and, although we hope users will take advantage of and enjoy these features, we want to preserve the ability for those with privacy concerns to limit what information they provide and make accessible to the community while playing in tournaments.