Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online Games

Online games engage players in sharing their personal data with the games themselves and other players, which can pose security, privacy, and integrity risks to players. This paper presents an analysis of data practices in 21 online games and a qualitative interview study (N=20) that explores players' views on sharing their data in online games. Our results show that players' willingness to share personal information is contextual and related to game settings and game design elements. Our findings also highlight players' misconceptions and concerns surrounding data collection in games, and approaches to mitigate these concerns. Finally, this work identifies questionable design practices with online games and suggests design implications that will increase transparency and player control over data sharing.


INTRODUCTION
Online games are popular.Previous studies have established that playing online games can improve well-being [30,123] and foster social relations [29].However, online games also collect personal data, including players' location data, gender, and age [20] or even biometric data [22,72].A past smartphone study discovered that smartphone players were unaware of the nature and amount of their data collected, and the purposes of its use [11].Moreover, players are often encouraged to share more about themselves or even other players [78], for instance, when being rewarded with in-game assets for sharing [90,110].
Games collect personal data from users for various purposes, such as advertising [95] or personalization [61].Prior research has highlighted privacy, security, and integrity risks to users as a result of sharing information with the game and other players.For example, players may face discrimination in games if they reveal personal information, such as race, gender, or sexual orientation [91].
The lack of user awareness and transparency of data collection has been previously recognized as an issue with online games [72,111].However, no prior research has explored the e ectiveness of user risk mitigation strategies and evaluated game design elements that hinder or support them.To the best of our knowledge, our work is the rst (1) to explore users' understanding of data collection practices in online games, including their expectations and preferences in sharing their personal data with the game and other players, (2) to review what personal data games claim to collect and share as well as related design patterns, and (3) to provide design recommendations to improve privacy with games.
To address this objective, we de ned the following research questions (RQs): • RQ1: What are the user views on privacy and security when choosing, setting up, and playing online games?• RQ2: What are the factors that a ect users to share personal data in online games?For this study, we explore users' reasoning, understanding, and potential misconceptions related to sharing their personal data in games.We highlight what privacy settings users opt to set, the personal information that they share with the game and other players, methods they use to protect their privacy, and their general understanding of the data handling practices of games.To propose informed recommendations based on our interviews, we reviewed the most popular games for their data collection practices, privacy policies, and design patterns.Using the results of our interviews and the information obtained from studying the games, we explain the role of game design in in uencing users to share personal data and recommend design guidelines to researchers and designers to limit privacy-compromising practices by the games.

RELATED WORK
Players share personal information with games and with other players while playing.The popularity of online games with social interaction channels such as Massively Multiplayer Online Role-Playing Games (MMORPGs) has enabled players to connect and share with their peers.Previous research has highlighted various privacy and security concerns associated with sharing of personal information in online games.There has also been a number of studies that have identi ed the use of deceptive user interface designs (dark design patterns) to collect users' personal information.Next, we discuss user views on sharing their data in online games and provide an overview of the purposes of data collection and associated security and privacy risks to players of online games.

Users' perceptions of data collection practices
Although there is limited work exploring users' attitudes and awareness of data sharing practices in speci c online gaming contexts, there is a rich line of literature studying users' perceptions of sharing personal data online in general.Often, many instances of sharing data are revealed to be unintentional by users on online platforms [38,81].
When informed about data sharing practices, users often are surprised and feel a lack of control over the data sharing process [60].However, previous research has also highlighted that users are indeed willing to trade their privacy for convenience in certain contexts, such as when using social media [2].Even so, many users still end up with a sense of "learned helplessness" [114] and feeling creeped out [60] by online data sharing practices.This is speci cally puzzling when apps collect personal data that may not seem evident to be part of the app functionality.For example, where a game like Angry Birds would need access to the user's location, phone number, and other personal data that is not evident to be required for the game to function [81,114].Past studies suggest that users do not read permissions before agreeing to share their data, which makes this issue troublesome [38,43,44,67,81,87].
To date, several e orts were aimed at improving users' information about the data collected.Past studies have suggested that users consider the collection of their data and its purpose to be important information to know about [13,81].Moreover, transparency from service providers helps people make con dent decisions regarding their privacy [125].Yet, according to various studies, privacy interfaces do not provide users with enough information and control over data collection practices [39,57].That is a signi cant concern since privacy information is typically communicated to users through legal documents (for example, privacy policies) that are known to be lengthy and lled with legal jargon.One approach to address this issue proposed by Kelley et al. is creating "privacy labels" (similar to nutrition labels found on food packaging) that inform users of the data collected by apps [63].A similar approach has been adopted in Apple's App Store's privacy nutrition labels [7].Another approach is using personalized recommendations that alert users to any additional resources that the app might need, such as the camera or extra storage space [41].However, approaches of this kind either were not adopted within the context of online gaming or did not go beyond an academic contribution.
To summarize, there is a need for additional extensive research to connect user behaviors and views on data collection practices with the privacy-aware designs of online games.By studying users' understanding of privacy and security in online games, our work highlights potential misconceptions and challenges users face with having control over their data, both when playing and interacting with other players.

Purposes of collecting users' data
The purposes of collecting and using player data in online games vary and might not be evident to the players.Collected data is often used for advertisements and marketing, game troubleshooting and technical improvement, and game personalization and customization.Still, each of these common purposes involves associated risks to users' data.
2.2.1 Advertisement and marketing.Advertising and personalized marketing are one of the purposes of data collection in online games to gain revenue using players' data.For instance, the data can be shared with third parties [95], or games can place ads directly on their platforms [124] and provide in-game rewards for viewing advertisements [24].Such practices are especially common in free-to-play games [124].Player data can also enable targeted marketing content, which is often achieved by tracking users' online behaviors over time [72,128], and they are often oblivious or not expecting it to occur [35].

Game troubleshooting and technical improvement.
Other purposes of collecting player data, such as user feedback, crash reports, or in-game player behavior, include game troubleshooting and improvement of game performance and reliability [103].For example, user feedback is collected via app store reviews for the purposes of improving the app, and marketing [97].Prior work suggests that reviews may contain sensitive user information [27].

Personalization and customization.
Another common purpose of player data use is game personalization for player experience.Personalization can be de ned as "the automatic customization of content and services" and "constructing a system capable of tailoring video game rules and content to suit some aspect of the player, for example, a player's gameplay preferences, playing style, or skill level" [61].
To provide personalization and customized interaction combinations, games capture various user data, for instance, performance data and interaction events, such as starting or stopping the game, and technical data, such as changes in network connection bandwidth [120].Personalized games can be especially engaging for players, improve game performance [22], and support players' autonomous motivation [99], for instance, through certain game design elements, such as avatar customization [17].However, previous research shows that online games often collect excessive user data for purposes beyond game adaptation, and not all data that can be technically captured is strictly necessary for game personalization [120].
Although users appreciate personalized player experience, they still suspect that their personal information is being collected and tracked unknowingly, creating negative feelings about personalization [23] and contributing to "personalization-privacy paradox" [46,77].While many enjoy the facets of personalization, the privacy of their personal information remains a concern.
Previous studies highlight the importance of considering user views on data collection in games, learning and addressing potential misconceptions, and considering ethical constraints when implementing data acquisition methods.

Risks to player data in online gaming
As discussed earlier, by collecting players' personal data, online games can introduce security, privacy, and even integrity risks to the players.However, unlike digital health interventions or nancial services [5,130], such risks in the gaming context might be less evident to the users [19].Addressing this phenomenon, a stream of research investigated various threats to player data in the context of online games.

Security risks.
Gaming platforms are not exempt from security attacks and potential personal data breaches, and there were a number of large-scale personal data leaks from gaming websites, such as the leak of 32 million passwords from the gaming website RockYou in 2009 [33,134] and a 2011 leak of roughly 500k passwords from the gaming website Battle eld Heroes [131].In 2011, Sony PlayStation shut down its online store as a result of an attack where hackers gained unauthorized access personal information of 77 million Sony PlayStation users [36,83].Other gaming companies experienced similar incidents: EA Games (2021) and Capcom (2020) [18].
Cheating in online games provides unfair advantages [139] and can compromise the gaming experience [16].Common cheating forms in online games include compromising passwords, modifying client infrastructure, exploiting the lack of authentication, and compromising game servers [25].One practical example of cheating is the use of Denial of Service (DoS) attacks against other players to create unfair advantages in MMORPGs [139].Other harmful forms of creating unfair advantages are using game bots, destroying the in-game economy through gold farming, and stealing virtual belongings [138].

Privacy risks.
Players can desire to remain anonymous in online games even if they do not completely understand the data sharing process [11].This can be seen in multiplayer games: when players meet other players, they can be overly concerned about their own privacy [59].Players' privacy concerns can be stronger when other parties are unidenti able or anonymized [59].
The lack of user authentication in games may lead to theft of gaming accounts.One such example is when adversarial actors use another player's personal information to impersonate them online, which can enable criminal activities online [76].A study by Chen et al. [25] suggests over 90% of online games lack authentication.
Another way that players share their identities in online games is through character sharing by exchanging account information between players.When needed, character sharing occurs between guild member friends in Role-Playing Games (RPGs) if a task is time-consuming or if an agreement is already established [137].Research also suggests that players who play MMORPGs share high levels of their personal information with other players [109].A study by Osmanovic and Pecchioni [96] suggests that the closeness of a relationship positively in uences self-disclosure in gaming.
Social media has enabled personal data to be shared with games.For example, many popular Facebook apps, including games, have transmitted users' personal information to third-party apps [132].Using social media accounts in games, users need to grant various permissions for games to access their personal information.A study of Wang and Bashir [133] shows that by allowing users to link their gaming accounts to their social media accounts, 9 out of the 20 popular games were able to modify players' personal information.
Games request permissions from users to access their microphone for communication, camera for streaming, and location for tracking and personalization.Having a microphone and camera on can lead to other people listening and watching without the players' knowledge [127].

Integrity risks.
Many games today rely on social interactions between players, and to establish such social connections and relationships, players often disclose personal information [141].Such genuine intentions can expose them to safety and integrity risks ranging from in-game discriminatory behaviors from other players [91], trash-talking, o ensive objectionable language [15], and exploitation [109].
Previous studies indicate that revealing personal details, such as race, gender, sexual orientation, or political stance, can result in abuse and bullying from other players [91].Revealing a player's gender can be risky for women players [40].To mitigate these risks, some women players hide or camou age their gender by carefully managing the game character or adopting aggressive behavior to steer away harassers [32] or withdraw from the game completely [40].

Design of data collection practices online
Design features of user interfaces of online platforms and services have a great impact on user behavior and, in particular, on sharing personal data.Although some design strategies can encourage informed consent to share and increase the transparency of data practices, others can be deceptive and coerce users into disclosing personal information.
2.4.1 Dark design pa erns and associated privacy risks.Deceptive designs or dark design patterns emerged as a manipulative or coercive way to make users give up personal information for businesses to harvest [92].This is often done without necessarily informing users why their personal data is needed [56].Dark design patterns rely on a variation of emotion, colors, language, and cognitive biases to in uence users [84].An example dark pattern is to reassure users that they are always able to cancel the purchase before the free trial period is over, which may turn out to be a di cult task [84,108].
Another common example of a dark design pattern is so called in nite scrolling, that is, content is loaded automatically and constantly as the user scrolls down a page [89].Other forms of dark patterns and strategies have been studied by Gray et al. [51] some of which include (1) Nagging: redirection of anticipated functionality that lasts longer than one or more interactions; (2) Obstruction: making a process more challenging than it is; (3) Forced action: requiring the user to take a speci c action in order to access (or maintain access to) a speci c functionality; (4) Interface Interference: manipulating the user interface to give some activities priority over others, which includes hiding information from users or aesthetic manipulation.

User protection mechanisms.
To address the problems that occur from the use of dark design patterns in online platforms and their detrimental outcomes on users, previous research indicates a number of strategies to reclaim users' agency.For example, the use of repair tools allows easing the use of websites by altering the design or blocking ads.Such repair tools include AdGuard (ad blocker) [3], Greasemonkey (a tool for customizing website aesthetics) [79], and GreaseDroid, a tool that allows non-expert smartphone users to reduce dark patters on mobile apps [66].
Another strategy is to use modi ed versions of popular apps, such as Facebook [37] and Whatsapp [80].Such modi cations exist in online games as well: many online services o er alternative software that replaces the o cial game, including The Sims (life simulation video game) [86] and League of Legends (multiplayer online battle arena) [47] these solutions can pose security and privacy risks [50,136], since such modi cations rely on software vulnerabilities.In addition, they require consistent development support that may not be available [66].
Previous research indicated various privacy, security, and integrity risks to data sharing in online games.No work yet has explored users' awareness and knowledge about data collection practices, the mitigation strategies they adopt, and their e ectiveness and potential misconceptions.As games evolve and new ways of data collection emerge, it is important to identify user beliefs and behaviors that might make them more vulnerable to such risks and promote designs that would support player awareness and control over their data.

METHOD
We combined qualitative interviews and game analysis in this work.We rst conducted semistructured interviews with 20 participants to investigate their experiences in playing online games.We then evaluated data practices and associated user interface design patterns of the games typically played by the participants.Next, we present the interview and analysis methods followed by our process for evaluating the sample of 21 online games.

Ethical considerations
The ethical board of our institute ruled that this research does not require an ethics review.We followed the best practices for informed consent with participants.Before conducting the study, participants were provided with information sheets, privacy policies, and consent forms.Participants were encouraged to contact the researchers for any questions about the data handling process before, during, and after interview sessions.These documents provided to participants contained information about the data handling practices of this study (for example, how long the data is stored) and general information about the project.During the interview sessions, the researchers explained the content of the information sheet and privacy policies to participants to ensure informed consent.After the participants completed the study and gift cards were sent out to them, all personal data was anonymized and stored in accordance with the institute's guidelines for storing personal data.

Semi-structured interviews
The semi-structured interviews were conducted remotely between February and March 2022 and lasted approximately 30 minutes.

Screening survey.
To balance the sample of interview respondents by age and gender, we conducted a 30-question screening survey with those interested in participating (see Appendix A.1).The survey was conducted between the 16th of February and the 24th of March 2022.It was advertised through online gaming forums and university social media accounts as well as through word of mouth and snowball sampling.The decision to participate in the study was voluntary.Participants who completed a screening survey wered entered to a random draw for a 20-euro restaurant gift card.
Interview eligibility criteria included age 18 and higher, experience with playing online games, the level of English from intermediate or higher, and residing in Finland (participants needed to reside in Finland for the purpose of the institute's remuneration policies).To check for diversity in the sample, we asked participants whether their current residence was di erent from their country of birth.To participate in the study, participants needed to (1) play online games, (2) specify their country of residence, and (3) provide a list of games they play.
A total of 283 individuals started the survey and consented to participate.After removing incomplete and fraudulent responses, we had a sample of 31 complete and unique responses (completion rate = 11%), and 20 of them were then invited for the interviews.The 20 participants were the rst to respond to the interview invitation and agreed to participate in the interview study.

Topic
Research Intention Sample questions

Gaming experience and preferences
To understand what do users enjoy and experience in games.
Can you describe the games you like to play in few words?

Permissions and privacy policies
Participants' thoughts on game permissions and privacy policies.
When you installed the game, did it ask for any permissions?

Use of communication channels
Participants' perceptions of social media integration and use of communication channels.
Was 3.2.2Participants.Most participants were 18 to 30 years old (13/20 or 65%) and obtained higher education from universities and universities of applied sciences (19/20 or 95%).Although we did not collect participants' occupations, we diversi ed participants based on education and age groups.
Participants' online gaming experience ranged between 2 and 27 years (median = 14 years, SD = 7.1 years).The gaming experience was self-reported by participants as the number of years they actively played games.Table 2 presents basic demographic information of our study cohort (N=20), full demographic data can be seen in Table 7 and participants' gameplay characteristics in Table 8 (Appendix A.5).

alitative analysis.
The semi-structured interviews covered the following central topics and example questions (as shown in Table 1): (1) gaming experience and preferences, (2) permissions and privacy policies, (3) the use of social and communication channels, (4) account creation and online identity, (5) views on anonymization, (6) sharing personal information in games, and (7) expectations on data ows.
Table 2. Demographic characteristics of interview participants (N=20).To check for diversity in the sample, we asked participants whether their current residence was di erent from their country of birth.We initially conducted three pilot interviews to validate the order of topics, ow of the interview script and clarity of questions, but the topics of the interviews remained unchanged (see the nal interview guide in Appendix A.2). Interviews were then conducted by the rst and second author; all of them were voice recorded and transcribed using professional transcription services.

Attribute
Due to the focused nature of the semi-structured interviews, we adopted a hybrid approach to our qualitative data analysis [28,75].Initially, the rst two authors discussed and agreed on higher-level categories for the codebook, which corresponded to the main topics of the interview guide.The interviews included the following categories: general gaming preferences and experiences, social interactions in and out of games, awareness of gaming rules and data practices, and data protection techniques in games.While the interviews were being conducted, authors regularly discussed preliminary insights.After 20 interviews, the authors agreed that data saturation for the primary interview questions was reached, and no more participants needed to be recruited.
Next, the authors proceeded to code the three interviews, resolved disagreements, and agreed on a common codebook.Two researchers then proceeded to code additional same two interviews using the agreed codebook and then discussed any new codes to be added.Since no other codes were introduced, coding of the remaining interviews was distributed amongst the rst two authors using the nalized codebook.
The codebook was developed after the interview data collection, transcription, and anonymization were completed.Using the codebook, the rst two authors generated themes based on recurring patterns of meaning across the participants.At this step, the codes were interpreted against contexts, understanding, beliefs, and self-reported behaviors present in participants' quotes.

Evaluation of data collected by games
We conducted an analysis of the games reported in the screening survey to gain additional understanding of player experiences with data sharing practices of games they play.The sample included 21 individual games.We examined the data types collected by games from users.We extracted the following characteristics from the list of online games for comparison: the name of the game, platform, genre, player mode, and game purchase (paid or free) (Table 3).For the full list of game characteristics, see Table 5 in Appendix A.3.
Table 3. Characteristics of online games played by interview participants (N=21).This list of games was compiled from the online games played by the study participants.We use the following abbreviations: Massively Multiplayer Online Games (MMOs) and Role-Playing Games (RPGs).In addition, the analysis covered the evaluation of the following sources and documents:

Category
(1) Personal information handling in games: (i) data types required or optional during the registration process (by examining games interfaces presented to users), (ii) reasons why personal information is collected (descriptions provided by games), (iii) personal information displayed or accessed in the game and to whom, (iv) user pro les on games.(2) Data protection regulations relevant to the games.
(3) Privacy policies of games, game cloud providers, and game stores.In this technical evaluation of games, back-end processes of the data collection practices were out of the scope of this work, as many of the games in the sample were closed source [62].After noting down these characteristics for each game, we ranked them based on the amount of personal information collected to uncover issues with the game design features around users' personal data collection.These are discussed in Section 6.

QUALITATIVE STUDY RESULTS
This section highlights that the players' decisions to install an online game are often based on game characteristics, developer's reputation, peer recommendations, and security and privacy considerations.Players often share also their personal information in the process of customization as well as through in-game social interactions with other players.

User journey within the game
The rst part of the interviews explored participants' views and experiences within the games: from the decision to choose and play certain games to the process of set up, including their authentication and customization preferences.
4.1.1Decisions to adopt online games.Among the most common reasons for selecting online games to play, participants mentioned game characteristics, the community and peers, and privacy and security considerations.Game characteristics.Game characteristics were the rst category of reasons to choose an online game.Participants often described being attracted to games that had an interesting storyline or diverse engaging scenarios or games that helped them develop their skills and interests.
Several participants (6/20) valued games that had an aesthetically pleasing look and feel, and saw the game graphics as an important factor in choosing a game to play.
More than half of the participants (11/20) mentioned that the platform where the game is available to download (e.g., Google Play) or game ecosystem (e.g., EA games, Steam, or Facebook games) as important trust factors ensuring the game has gone through a certain validation process and can be considered to be trust worthy to play ("If you download it from a trusted source like Steam of Google Play, it's mostly not sketchy, because at least there's Google or Steam who will verify it for you that it's from that trusted source, " P16).
Game developers.Game developers' characteristics were another important factor in selecting games.A few participants (4/20) shared that the reputation of game developers in uenced their choice to download online games, for instance, being known for manufacturing speci c types of games, such as educational or political games ("I downloaded it from the website of the developer, who is very famous, so I trusted his reputation," P10).The size of a company also contributed to the decision to adopt, and large companies that have existed for a long time were seen as more trustworthy.
Peer recommendations.The role of the community and peers was often mentioned as a factor in uencing game adoption decisions, as a source of game recommendations, and as a motivation to connect with friends and family through online games.
Several participants (5/20) shared that they followed recommendations from the gaming community members on social media or downloaded the game because it was popular in their social circle ("I do somewhat follow gaming news from Twitter, from Kotaku, other gaming news organisations too... so I know what games have been published and what people think about them and that's mostly how I get interested in new games," P03).Other participants (6/20) mentioned peer pressure or recommendations from friends to in uence their choice of games.
The cooperative aspect of online games was also seen as a way to connect with peers, and one participant found it especially bene cial during the COVID-19 pandemic when it was challenging to meet face to face ("Very recently, I played Battle Royale games for the cooperative aspect of it.So in the pandemic and outside now that we cannot sit together, it has become a way for our friends to get together, chat it just so happens that you are also playing the game, " P13).
Security and privacy considerations.Security and privacy were considered at the adoption stage by all participants but one (19/20).However, they often were mentioned in relation to concerns and reasons for not to adopt certain games.For almost half of the participants (9/20), potential privacy and security risks negatively a ected the levels of trust they experienced with games or even prevented them from adopting certain games ("If there's some sketchy things going on, when you see the reviews, people are telling that this seems to be logging something stu and this is pushing advertising or something like that, " P20).
One of such concerns related to the vulnerability to security attacks, such as Distributed Denial of Device Attacks (DDoS) or taking the bene t of learning players' IP addresses ("There are big games, who have really, really bad security and privacy.A good example would be Grand Theft Auto Online [...] It's really easy to DDoS people and it's really easy to get their IPs and do all kinds of horrible stu to their machines, like force it to restart and stu like that, " P06).
Games that ask for extensive personal information upon sign up and mobile games were often perceived as privacy-infringing.Other signs included questionable behavior of other players, such as stalking ("People would nd out where you live and then call the SWATs (Special Weapons And Tactics) on you or something like that, " P06) or pressure to get personal information from unknown contacts ("They want to know your real identity, or at least not identity but some picture of you, so they want to see a picture, " P10).
Games without advertisements or paid games were among the indicators that the game was secure and private.Participants believed that paid games had less incentive to distribute players' information ("They [reference to paid games] have less incentive to sell your data yes, but that doesn't mean they won't.But they have less incentive to, " P13).

Authentication mechanisms.
Only two participants (2/20) shared that they use regular sign up (with email) to create gaming accounts.Almost half of the participants (8/20) reported using social media login to authenticate in online games.The reasoning for signing in with social media accounts included its convenience, such as no need to enter pro le details or remember multiple passwords for gaming accounts, and receiving in-game rewards (2/20).Finally, one participant believed that social media login is more secure than creating a dedicated game account ("I think it's more secure rather than I use my own email and password, because it means if someone hacking the game, they cannot take my password from the game, because the game will not have my password.They only have my Facebook and then my email, " P16).
Only a few participants (3/20) shared that they preferred not to connect their social media to the games out of concerns of sharing too much information ("That is a limit I will not cross.If the games that I play with friends start asking for [social media to login to games] I'll basically force all of my friends to switch to a di erent game, " P13).
4.1.3Online game setup.In addition to exploring participants' initial authentication preferences, interviews also covered their experiences with game settings, con guring permissions, and customization of games.Participants speci cally discussed security and privacy settings, sharing what they found challenging with privacy policies and suggesting the changes they thought would improve game data handling practices.
Permissions.During the interviews, participants were asked about their attitudes to game permission requests and the types of permissions they usually accept or decline during the game installation process.
The majority of them (18/20) did not allow games to collect one or more of the following permissions: photos, contacts, messages, browser history, location, les, devices, and sharing with third-party.The reasons for that included the perceptions of such permissions being too personal, concerns of excessive noti cations, suspecting permissions could cause advertisements and not feeling comfortable with that, concerns of their information being collected automatically if permissions to access are provided, the lack of information and trust to game companies or developers, or apps coming from certain countries ("There's this app which asks for wide permissions, like the addresses and stu .I don't trust the [country] company that runs the application, so that wouldn't be okay, " P17), or previous negative experiences ("I had some very nasty occasion actually with the delivery app and the location, and that made me very aware of when I'm sharing my location, and that's why, that's rst thing that I don't want to do, never share my location with games, " P04).
Participants' permission concerns often related to the collection of personal data in online games, and several participants (5/20) speci cally mentioned that they do not allow games to access their media or location out of concern of compromising their physical safety ("If they would ask my precise position [...] if there's some hacker that wants to know where I precisely am [...] I would not like to have someone on my door, " P05).
Game Se ings.Our interviews explored participants' experiences with two types of settings: general, including video resolutions or graphic and sound controls, and privacy/security settings, such as pro le data controls or passwords.In particular, interviews explored participants' awareness and use of the game settings: initially and during the gameplay.
The majority of participants (17/20) modi ed one or more of the game settings, and the most used settings were audio, graphics, and keyboard controls.When concerning privacy and security settings, more than half of the participants (11/20) said they understood the privacy settings to consist of one or several of the following controls: name, ag, pro le visibility, and progress data.A few participants (4/20) mentioned that they had checked privacy settings before.Others (4/20) remembered seeing privacy controls only early in the setup process and considered the Terms & Conditions or privacy policies to be privacy settings.For instance, one participant speci ed seeing privacy policies only through the service providing the game (e.g., Steam) and not in the game itself ("I think it's probably before the game installation.[...] For example, Steam has privacy policies, so if I bought a game through Steam, I assume that it's the Steam privacy policy that applies.I think that is the case, yes, " P13).
Other participants (7/20) shared that they were not sure what privacy settings meant, what controls they included, or where to nd them ("I think there are no privacy settings.I think you just decide everything, when you're selecting the character and the name.Then you can change the ag of your country if you want, " P05).There were also a few participants (5/20) who either did not care about modifying privacy settings or did not check them at all, and 3/20 participants (P05, P06, P13) believed the games they play do not provide any privacy settings.
The interviews also focused on participants' views and preferences regarding game customization.Almost all of the participants (19/20) expressed that they customized or altered their game character(s) by modifying the skins, out ts and weapons.One interesting reason to modify their character in the game included camou age purposes ("Usually, the default player is basically only wearing panties, so you immediately notice.I just put this kind of normal trousers or dark clothes, so you can be hidden in dark, " P05), and the lack of such camou age could reveal certain characteristics or skills of the player, a knowledge that can be used by others.
Character and pro le customization often enabled the re ection of one's self or identity within the game.Half of the participants (10/20) shared that the customizations re ected true things about themselves when customizing the game, for example, by adding their real name or gender.
Still, many participants (14/20) shared that they did alter some or all parts of their real-life identity when playing online games.For example, they would choose speci c clothing styles and facial features and enhancements (makeup) (3/20), skin color (1/20), living lifestyle, and house building (1/20).The reasons for such alternations included creating a ctional character and a story in the game di erent from the player's real life, choosing a gender that the player prefers to be identi ed with ("I don't really want to be identi ed as a woman, and I try not to be identi ed as a woman [...] I just construct my avatar, as I look like, minus the boobs, then it's generally more or less the same, " P10) or to hide the real gender for anonymity.
Privacy Policies.Interviews also explored players' awareness of game privacy policies and their understanding of data handling practices within them, as the ambiguity of general privacy policies has been extensively reported in previous research [63].
Similarly to other contexts, many participants (11/20) saw privacy policies of online games as being too long and complicated.Most of them (9/20)  privacy policy and often skipped them to get started with the gameplay.One participant mentioned privacy concerns as the only reason to read a section of the privacy policy, as they were worried about Steam sharing their personal data with third parties ("Except that one case where I went to the reviews, and they mentioned that they asked for a phone number and their privacy policy says that they would share information with third party publishers, e ectively selling your information, " P13).
Several participants (6/20) suggested how privacy policies can be improved, for instance, by providing its summary instead of long chunks of text, information on reasons why users' data is required, or showing relevant pop-up messages during the gameplay.

Personal data sharing in online games
The interviews explored what information participants considered private and what information they were willing to share with the games and peers.In addition, we navigated participants' anonymity preferences and why they preferred to remain anonymous when playing online games.
4.2.1 Private vs. non-private information.When discussing whether the information is private or not, participants often mentioned categories of personal data that they consider private and they are not willing to share within the game.Data categories that were considered private by participants included personally identi able information (PII), such as real name, social security or phone number, bank card information, political or religious views (10/20), demographics including age or country (6/20), and gameplay data, for example, progress level, achievements, or info on the teammates (5/20).
Although considered private, participants discussed acceptable amounts, recipients, and purposes for these data categories.For instance, several participants (4/20) mentioned that they were okay with sharing one or more personal data types to an extent that would not identify them in real life ("Email address, maybe address if payment is involved, and that's it [..] So how I play, what I play, what my system requirements are and they can ID me and that is also ne.But anything beyond that that relates directly to me as a person in the real world, " P13) or that would not let other players to label them accordingly, for example, for supporting certain causes ("It could be Black Lives Matter matters, or the Asian hate one or the LGBTQ+ community, they is certain cosmetic items and banners that you can put which other players in the game then see that you are supporting those, " P13).
Similarly, di erent recipients for speci c data types were considered more or less acceptable.For instance, third-party applications were predictably considered as a non-acceptable recipients of PII and demographic data, but one participant would not even share the gameplay progress data with them ("The data brokers can then use it and sell it [reference to personal information] for anyone.My data should be between [me and] the game developer," P13).As a way to deal with such concerns, two other participants shared that since they play with fake pro les, they are not very worried about the data handling practices for games; ("They're kind of collecting my fake personality that I made up, " P08).

Community and peer interaction in online games.
In addition to participant views on sharing their data with the game, another important theme is sharing with peers and the gaming community.The discussions on peer communication often revolved around their preferred communication modality (that is, video, audio or text) and the types or the amount of personal information to be shared with others.
Peer communication channels in online games.The use of speci c communication channels is often related to convenience and privacy considerations.For instance, none of the participants preferred to use video streaming as a means of communication with other players, and the hesitation often related to the high use of resources ("For video you're already killing a lot of resources, and it's not a good idea I think, " P18) or just lack of necessity during the gameplay.
Meanwhile, the voice chat modality was seen as more acceptable, and 14/20 participants saw it as a useful communication channel in online games.For instance, they commented on its convenience compared to typing ("About voice, actually I think it's useful.Sometimes you can spend time on typing and you want to tell some, your teammate, what to do, " P07).
However, several participants (6/20) considered voice chat as private and preferred to use it only with friends and not with strangers or after reaching a certain level of comfort through text ("If I'm playing with random people on the internet, then it's only chat until I realise that OK, this is absolutely necessary that I use voice, " P13) Indeed, seven participants had speci c privacy and security concerns about using voice chat to communicate with strangers.Such concerns related to receiving threats or inappropriate language from other players, accidentally revealing personal information ("In a multiplayer game, if they choose to be silent, you don't really know who it is, so it worries me, " P18), or even potential recording and criminal use of players' voices ("Maybe blackmailing someone, [...] your voice that they recorded from somewhere and making you saying some things, and when the case happens, the police [could] track it, " P16).
As for the text chats in games, participants saw them useful, for instance, in case of the lack of screen space and for saving time in mobile games ("I mean, for the mobile screen, [it] is really small, so we don't have time to type, it's not easy to type long words and while you type the sentence actually you already lose a lot of time on it," P14) or when a game does not allow other communication mediums, such as sound/audio to protect players.One participant also commented that game text chats are monitored for inappropriate language or threats, something that is possible in voice chat ("So what happened was that somebody spoke on the voice chat something very o ensive based on the characters customization.He responded to them in the chat.The company monitors chat for toxic behavior but not the voice chat.So people are telling him hey, if you like to curse, you should have used the voice chat, " P13).
Personal information shared between players.As for the types of personal information shared with peers in online games, participants would disclose di erent types of information depending on whether the person they are interacting with was a friend or a stranger.For example, in the conversations with strangers, they would be okay to share or hear background noise in case of audio chats (children screaming or the use of a foreign language), weather conditions of residence area, hobbies or interests, or even reveal their real name.They would also be ne to discuss things relevant discussions to gameplay, such as game strategy ("I would then write in that chat and try to discuss who might be the killer or the imposter, " P02).
As for the interactions with friends, participants would share private information, as they saw online games as a channel to stay connected.For example, players living in di erent countries would share life events while chatting in a game.Players during COVID-19 lockdown, when face-to-face meetings were not possible, would use online games to stay in touch.

ANALYSIS OF DATA COLLECTED BY GAMES
We conducted an analysis of the games played by participants based on their screening survey responses.This section contributes to answering RQ2: what are the factors that a ect users to share personal data in online games?We investigated the role of game design elements in in uencing users to share their personal data in online games.Our ndings also assists to address RQ1: What are the user views on privacy and security when choosing, setting up, and playing online games?We do this by highlighting concerns related to sharing practices of online games.We also examine whether data practices and associated player beliefs match and identify possible misconceptions and limitations or opportunities for game designs.
To record player data collected in the games, we reviewed the collection of personal data at the advertisement, download, registration, and gameplay stages.In addition to the online games played by the study participants, the analysis also covered the most popular gaming platforms and mobile app stores that host these games (see Appendix A.7).

Games
We analyzed 21 games.Most of these games were cross-platform games (15/21), which are available on multiple devices, such as mobile devices, desktops or consoles.The most common genre of game was casual games.These are games that have fun, simple and easy-to-understand simulations.Other types of games were action Role-Playing Games and Massively Multiplayer Online games.See Table 5 (Appendix A.3) for complete game characteristics.

Collected Data Types and Practices in Games
As the rst step in our analysis, we reviewed personal user data categories collected by the games and related data collection data practices.See Table 6 (Appendix A.4) for a complete list of all recorded data types.We present the results of this section as follows: (a) collected data types (what types of data is shared), (b) data collection practices and game design patters (how data is shared and concerns related to these practices).

Collected data types.
Data types collected in our set of online games can be generally categorized as player characteristics, represented through characters or avatars and Personal Identi able Information (PII), such as email, name, location, gender, age, mobile number, and bank details or credit card information.
Figure 1 shows personal information collected by games.It shows that the cross-platform games with complex game scenarios, such as Final Fantasy and League of Legends, that collected users' data the most amount of personal data.On the contrary, mobile casual games, such as Cats and Soups and My Singing Monsters that collected the least amount of personal data.
Fig. 1.Games that were listed by users in the screening survey and the number of personal data types collected by these games.Note that the count of data types is based on the information provided by the game developers.

Data collection practices and game design pa erns.
Each game was analyzed based on the design features and methods that are used to collect players' personal information.We also analyzed game privacy policies and relevant protection regulations.
Table 4 (Full table in Appendix A.4) provides a summary of the analysis.We observed that most of the games collect players' account name (15/21), email address (11/21), and age (9/21).More than half of the games restricted player age to above 13 (11/21).Most games disclose users' personal information to third-party applications (10/21).Most of the games used text (14/21) followed by voice (10/21).
The majority of games follow the General Data Protection Regulation (GDPR) (12/21), and California Consumer Act (CCPA) (9/21).This information was not available for (6/21) games.In addition, we collected and analyzed game design patterns that involve players sharing their personal data during stages of game installation, user age veri cation and authentication, social media integration, and sharing user data with third parties.
A. User prompts at the installation stage.Prior to installing online games, users are often presented with Terms & Conditions to accept before downloading a game.Usually, game platforms have a separate privacy policy from the games.
Gaming platforms such as Steam share some personal information with games registered on the platform.It is unclear to players what entity -the game platform or the game itself -collects what information.It is not easy to nd this information since users need to read both the privacy policy of the platform and the game.
For example, Player Unknown's Battlegrounds (PUBG) [14] and League of Legends [94] can be downloaded from Steam and the games have their own privacy policies.If users would like to know what data was collected from them, they need to read through both Steam's privacy policy and those of the games.
Another example of such a case is Destiny 2 hosted on the gaming platform Steam.At the game setup stage, Destiny 2 requires users to accept Steam's Terms & Conditions, where it is unclear whether the Terms & Conditions the user agrees to are extended to the game itself (see Figure 2  Another common installation issue arises when games force players to install additional software.In Destiny 2, players are required to install an anti-cheat software Battleye.Otherwise, they are not allowed to continue the installation process and play the game (see Figure 3).Anti-cheat software typically can gain access to both user and device information [49].
B. User age veri cation.Online games often specify an age limit, disallowing minors to play the game due to the graphic content or violent game scenarios.For example, the age limit for League of Legends is 13+ years old.If you state your age as younger, the game instantly rejects the sign-up process, as shown in Figures 4 and 5.However, if a user tries to repeat the sign-up session with a di erent age, for example, 15 years old, the game immediately approves the sign-up process.
C. Linking accounts and authentication options.Some games allow players to link their social network accounts.Sometimes, this enables players to login to the game.Sometimes, it just allows to post events from the game to the social media.When social media accounts are linked to games, it is unclear what access the games have to these accounts and what information the games receive from the social media accounts.
For example, PUBG, a popular battle royal game, allows users to login with a guest account or use email and social media sign-ups.Users can also link multiple social media accounts in the game settings even if they had initially logged in with their email, as seen in Figures 10 and 11.PUBG does not specify what data is collected from such integration.D. Incentives to integrate social media accounts.Another common design pattern in online games is encouraging users to link their social media accounts and invite others in order to receive game rewards.For example, Monster Legends o ers exclusive rewards (Gems) for logging in with Facebook (see Figure 6) and for sharing the game with friends (up to 50K in rewards), as shown in Figure 9.This is an incentive to share their social media account details and also their contacts.
E. Sharing user data with third parties.Several games share user data with third-party apps.Several prior studies suggest that games bene t monetarily from sharing user data [112,124].
Players may have limited control on how and when their data is shared to third parties.Even when there is a possibility to opt out from data sharing, this may not be straightforward.For example, Monster Legends o ers an option in the app Settings for players to choose that their data should not be sold (see Figure 7).When clicking this option, players are redirected to a web page that presents the California Consumer Privacy Act (CCPA) [93].CCPA applies to players who are residents of California in the United States.What happens to player data in other parts of the world or how players can prevent personal data sharing is not clear.
To summarize, we discovered several issues with design patterns used in popular online games.We highlighted with examples how dark designs 1) facilitate the collection of player data, 2) encourage integrating social media accounts, and 3) enable sharing player data with third-parties.

DISCUSSION AND IMPLICATIONS
Our goal was to explore participants views, including their understanding and concerns about sharing personal data in online games as well as the strategies they adopt to preserve their privacy.We also reviewed the games and gaming platforms participants tend to play to investigate typical personal data collection practices and associated design patterns.This section summarizes our main ndings and provides design recommendations for developers and designers to support players in having higher awareness and more control over sharing their data in comparison to the current state.Finally, we discuss potential future research directions.
In line with previous research, our study shows that online games attract players with their design, graphics, and engaging game scenarios, but also as a way to connect with peers and improve their skills [29,58,140].Social factors are important both when playing games and at the stage of choosing games to play and setting them up, for instance, by connecting various social media accounts.Moreover, online games collect Personal Identi able Information (PII) for various purposes such as social interconnectedness.This collection of information may contribute to additional risks to players' privacy, security, and even safety.

Contextual views on personal data privacy (RQ1)
Our interviews show that the privacy and sensitivity of di erent personal data types for players of online games depend on the context, such as game characteristics, purposes of data use, and its recipients.From the player's point of view, disclosure of personal information in online games can be both active (for example, lling in the game pro le, connecting social media accounts, and sharing info with peers in communication channels) and passive, for example, by being aware of games collecting player data during the gameplay (for example, text chats or gaming performance).Players' risk awareness and privacy protection strategies also di er in these cases.
The same data can be considered both as private and not private in di erent contexts and depending on the potential consequences of its disclosure.For example, private information can be okay to share when players believe that by revealing it they could not be identi ed in real life or that other players would not stigmatize or judge them (for example, for political views, identity, or causes they support), even if these beliefs are not always true.
Although participants considered some personal information sensitive, we observed that they still shared such information with the game upon signing up.During the gameplay, participants would be mindful about disclosing personal information; however, as trust levels progressed towards the game and other players, players shared more personal information about themselves.
Game characteristics can also indicate when it is somewhat acceptable to disclose personal information.For example, participants viewed games that ask for extensive personal information to be less secure, and paid games were deemed to be more secure than free games and were expected to ensure better privacy.This nding also emerged in previous research on free vs. paid mobile apps: while participants tend to trust more in the privacy protection of paid apps and consider them more secure than those that are free, such views do not necessarily correspond to the reality [74,113].
Monetization in games is particularly in uenced by the advertisement industry.Contextual privacy factors can be addressed by existing solutions that could be applied to online games to shield players from tracking.One example is Apple's Ask App Not To Track, which allows players to block any app from collecting information that identi es the players or their device [9].Another potential solution is contextual advertising, which is the opposite of behavioral targeting, where an advertisement matches the content of the app or webpage instead of creating user pro les [4].Although player data is still collected in these scenarios, these may be less intrusive approaches.

Purposes of sharing personal data (RQ2)
We observed that participants' decisions to share personal data in online games are often purposespeci c and related to certain bene ts of disclosure, such as receiving in-game rewards, achieving a more personalized game experience, the opportunity to re ect on one's identity, or connecting with peers.
6.2.1 Sharing for game rewards.Online games facilitate players to share more information than necessary to play.For instance, by o ering generous in-game rewards to those who successfully link their social media accounts with the game or share the game with their social media contacts.Although social media integration can be convenient for players to enable a faster sign-up process, such games do not clearly show what data they gain access to or how the data is used.Our interview data indicate that players' immediate bene ts outweigh suspected privacy risks, which is consistent with earlier research on compromising privacy for convenience [2].Players often receive no clear instructions on the consequences of linking their social network accounts to their gaming accounts, which might negatively impact their experiences when using these systems [11,39,57,63].Moreover, participants are actively encouraged and rewarded for signing up using their social media accounts.Prior work has explored the impacts of using deceptive designs and the potential harms on users' digital well-being [89], such as cognitive burden and distrust in the systems [26,84].Hence, game providers should consider the risks of losing longer-term engagement for short-term commercial bene ts.
6.2.2 Sharing for personalization and identity representation.Personalization of player experience leads to more engagement and better game performance [22].Players can often select from various options, for example, avatar features, environmental settings, or modi cations, which are also re ected in our interviews.However, personalization requires more personal data, and players may not be aware of the potential consequences of sharing that data.Interviews show that some participants attempt to camou age and hide some features of their characters to remain unnoticed by other players.As being unnoticed sometimes provides an advantage in games.These ndings open a discussion of whether games should warn players of the potential consequences in choosing certain features when customizing their avatars, while still enjoying self-expression in the game.We suggest that these points should be incorporated into the privacy training that games could provide, that could also include information on game privacy and security con gurations.

Sharing to connect with others.
Online games are often used as communication channels or as a means to connect with others, and multiplayer games provide ample opportunities for building and maintaining interpersonal relationships [29,140].Our interviews show that players often share their personal data with other players even if they consider it private and sensitive, not only with the closest contacts but also even with strangers.We recognize that this may be so because participants value meaningful connections with other players, even if this results in sacri cing some of their privacy to do so, a form of "privacy paradox" to create positive interactions [12].
To achieve such meaningful connections and to avoid disclosure risks, such as bullying, discrimination threats, and the use of inappropriate language, players adopt a range of strategies to protect their privacy yet still connecting with others.One such strategy is the choice of communication channels that are not revealing and moderated, such as using text to chat instead of voice.While voice chats are common and very popular in online games [129], our review showed that games do not o er the same level of moderation to voice chats as they do to text chats.This can worsen the player experience or even make them stop playing [121].
Other strategies include distorting or revealing limited personal information and hiding parts of their identity when designing their characters or avatars, such as racial features, gender, clothing style, or makeup.Previous studies suggest that this strategy is also adopted to overcome security risks [11].Gaming environments can be hostile towards women and minorities [122].Our ndings emphasize that women players felt the need to hide information about their gender, that is shown in previous research on concerns and risk perceptions of women players facing harassment in online games [32,82].Thus, resorting to hiding their gender by constructing their avatars without genderrevealing features or avoiding using voice chats when using a male character.Players could bene t from granular control over their data within general privacy settings.Such implementation could help to prevent unintended information disclosure by allowing players to decide for which players they want to display their full avatar, depending on how secure they feel while playing.Players could also change their voice when using voice chat to gain more control over their representation.One such existing solution in online gaming is Voicemod [126].

Player views on game data collection practices (RQ1)
We examined the security and privacy concerns of participants in online games.The data collection in itself is not always obvious to the participants.For instance, participants might be aware of the monitoring of certain in-game communication channels (text chats) but not others (voice chats).While some purposes were expected, such as sharing the date of birth for age veri cation, participants were often unsure about the other purposes of games collecting their data.
Players are often unaware their chats might be used and disclosed to third-party services, as our game analysis shows.In other words, once gamers unmute themselves to speak to others, they may be unaware of how their personal data is transmitted during this process.One such case is PUBG, a game that uses real-time voice transmission processing by sharing it with third parties to provide voice chat services to players [14] yet does not notify users while playing of this process.
Our participants were also aware of only some of the risks involved in games automatically collecting their data, such as being targeted by ads or being susceptible to security breaches.
However, other common PII risks recognized in previous research on gaming were not evident to our participants.One is impersonation, for example, a player posing as an authoritative gure pretending to assist a player in the game, only to capture their nancial account information [76].Such risks can have serious consequences beyond the gaming environment, such as someone else using stolen personal information to buy goods or taking loans in the name of the victim [88].The same applies to the game performance risks, which also were not evident to our participants.Such risks include exploitation, for example, cheating in online games to reap rewards and in ate player levels bene ting some players over others [25,98], and stealing or damaging user's virtual assets [98,138], leading to gaming account compromises and nancial losses.

Game design and data practices (RQ1, RQ2)
Our ndings show that game design patterns, privacy and security settings, privacy policies and terms of services impact player perception of online games.
6.4.1 Privacy and security se ings.Privacy and security settings were generally expected in online games, even if participants could not often recall using them or were often unsure where to nd them.Moreover, participants were unsure what personal information they could modify under privacy settings, which raises questions on their awareness and understanding of what personal data control are available to them in online games.For instance, they saw their name, country ag, pro le visibility, and progress data as part of the privacy settings.
However, not all games provide such settings.For example, a popular game such as PUBG o ers no privacy-speci c controls, and players can adjust their personal information in general game settings ("Player Card").The single-player game Sims 4 provides no privacy settings to players (See Figure 12) and redirects them to the game's Privacy Policy or EA Games User Agreement [45].

Privacy
Policies and Terms of Service.Privacy Policies and Terms of Service (PPs and ToS) can contain essential information for user data protection.A vast amount of prior work provides recommendations to improve the readability of privacy policies and Terms & Conditions, such as using tables to summarize content, interactive visuals [105], and nudges [10].Our interviews also reveal various player suggestions to improve them.For instance, participants preferred the summaries of data handling practices related to speci c data collection purposes and their representation as pop-ups during gameplay in case of any sudden change in data practices.force players to use paid subscriptions or click on ads [108].Our game analysis identi es several examples of them being used.
We found that games often make it easier to sign-up with social media accounts instead of signing up just with email (Figure 13).After signing up, games provide incentives (usually in-game rewards) for linking social media accounts or sharing contact lists (Figure 9).Forcing players to perform certain steps before proceeding aligns with the taxonomy by Gary et al. on dark designs [51].Our ndings show that many potentially dark patterns are used in games.As some dark design patterns might already be considered as a default design pattern, we encourage game designers to be critical about selecting design patterns and considering their players autonomy with privacy decisions.

Design recommendations
Our ndings highlight the importance of games giving players control over their own data.
Privacy settings.Contrary to participants expectations, many games examined have no dedicated menu option for privacy settings, or privacy controls are often scattered across di erent menus.This problem is recognized beyond the context of online gaming [38,64,65], and there have been various initiatives to improve the design of privacy settings.One of them is implementing privacy prompts or friendly defaults [41] that remind users if a new type of data will be collected and what are the alternatives (for example, device information, game identi er, or updating software).These alerts may increase players awareness and the sense of control, but they should be used carefully, as excessive alerts may also become disruptive [135] and negatively a ect the overall gaming experience.Moreover, we observed that participants are sometimes uncertain in identifying what is included in the privacy settings; therefore, online games should both help participants to navigate such privacy controls and clearly indicate what personal data items are being shared.
Player protection mechanisms.To protect speci c player populations, such as underage players, games should improve the data validation mechanisms and monitor inappropriate behavior within game communication channels.Flagging is one approach for the player community to collaborate and report online bullying in games.However, agging largely relies on human judgment, that might be insu cient for protecting players, given the di culty of social decision-making [68].The YouTube Trusted Flagger program [142] provides an illustration of how to identify and empower dependable aggers as an attempt to resolve this challenge, by o ering reliable aggers critical roles in moderation.Future research could explore how to encourage players to help other players with bullying [73] Previous studies have suggested several machine learning techniques to examine audio data from women players to assess game toxicity [104] and to predict the quality of interactions [42].Machine learning could also address text chat.For example, Overwatch (a rst-person shooter game) has shown promising results in reducing chat abuse [53].Future studies could explore the applicability and e ciency of these tools and approaches to a wider range of online games.
Avoiding player manipulation.Earlier, we discussed how popular online games employ various deceptive designs to persuade players to share their personal data.Prior studies have examined the moral principles of popular games to reveal manipulative design tendencies and investigated their wider impact [1].
The existence of dark designs could be attributed to potential misalignment of what gaming industry and society considers to be important [92].Many dark patterns may be unlawful according to regulations such as The United States Federal Trade Commission (FTC) Act Sec.20 that prohibits "unfair or deceptive" commercial practices [31].However, as such designs are still widely used, existing policies should revisit the application of existing regulations and identify the gaps within them.On the application level, we call for the design community to establish guidelines that limit the use of dark patterns and empower participants in identifying and avoiding them.

Limitations and further work
As with any qualitative study, our participants cannot represent all players.The interviews included participants with a wide range of online gaming experience, however, the participants were mostly younger tech-savvy adults, representing one of the demographics who enjoy internet gaming [52].The interviews were conducted in Finland, and participants in other regions or demographic groups might have di erent views on personal data disclosure in online games.
This study o ers a broad discussion on perceptions of sharing personal information in the online gaming context without focusing on speci c genres or platforms.Our work also provides design implications for additional transparency and control over user data ows.Further studies could target speci c design features for sharing personal data and associated player views or focus on speci c game platforms and their data practices.Finally, in this study, we analyzed online games based on the data openly available to players and did not cover paid online games.

CONCLUSIONS
Online games collect players' personal data.In this study, we analyzed data collection practices openly available to players and reviewed designs of 21 games.We then compared our analysis with players' views on sharing their data.Our ndings show that the perception of privacy in online games is contextual.It can change with time and often depends on the perceived collection purpose or attitudes towards potential data recipients.For example, in multiplayer games, players tend to share more to connect with other players, especially as their trust levels increase.Perceived bene ts of disclosure a ect players' decisions to share their personal data.This can be manipulated by dark patterns in games.We also identi ed the lack of awareness and a range of user misconceptions about game data collection practices and the potential risks of sharing personal data in online games.Based on our ndings, we o er design recommendations for online games to support user awareness and equip them with the means to have more control over sharing their personal data with games or other players.(9)

A.7 Gaming platforms
Steam is a digital distributor that hosts thousands of video games coming from major developers and game manufacturers worldwide.Games available on Steam are mainly played on PCs.Steam's privacy policy is available in multiple languages for users [119].The company collects and processes data according to GDPR and CCPA.Steam collects basic account data of the users (email address, country of residence, username, password) and assigns an automatic number ("Steam ID") during the setup process, so the real user name is not required.Steam hosts paid games, so it also requires transaction and payment data, such as name, address, credit card number, expiration date of card and 3-digit security code.It also collects data on Steam client and websites (browser and device information, usage data) and information required to detect violations, which is not disclosed if disclosure compromises the mechanism of detection and investigation of the violation.Other collected usage data includes user posts, comments or chats and so on.
Similarly to Steam, Electronic Arts (EA) provides online games for various devices (PCs, mobile and game consoles).
Following its Privacy Policy Agreement [34], EA collects users' basic account data (email address, username, real name, country, date of birth, password and telephone number) and device information (hardware identi ers, IP or platform type).In multiplayer mode, EA also registers game pro le information, game-play, statistics, and might record the gameplay in certain multiplayer scenarios that can be later played to others.Using EA games through other third-parties like PlayStation and Xbox entails the transfer of users' information from third-party user accounts, but these do not include users' credit card information.
PlayStation and Xbox are gaming platforms for Consoles.PlayStation provides a Privacy Policy for its users [102].In summary, it mentions the following collected user data types on PlayStation: basic information (name, email, country, phone number), console and other devices use, and progress information (trophies, rankings or friend lists).PlayStation also collects users' billing information (credit card details or address).
Xbox is a gaming division of Microsoft.Xbox does not provide a separate Privacy Policy statement, and its link redirects users to the Microsoft's privacy policy [85], which includes aa section on Xbox.While the section describes data handling practices of child players (under 13 years of age), there is no speci c section that talks about adult players.We assume that adult players are subject to the general data collection practices of Microsoft, which also include Xbox.Following these practices, user data collected from Xbox includes purchase history.usage data (game progress, achievements or time play per game), content (uploaded, pictures, text and videos), and users' social activity.Google Play Store is an online platform where users can download apps.Currently, users can download Google Play Games to play games without installing the game.Google Play Games has over 5 Billion downloads as of 2022 [100].Google provides a dedicated Terms of Service for Google Play to guide developers when handling users' data [101].However, it does not provide users with a separate Privacy Policy for Google Play, so we infer collected user data types from the general Google Privacy Policy [48].These data types include basic user information (email or photos), users' apps, browsers and devices, user activities (search terms, watch history, voice and audio), and user location (GPS or IP).
Unlike to Google Play, Apple's App Store provides a general Privacy Policy with information related to data types collected from users [6], such as account information ( Proc.ACM Hum.-Comput.Interact., Vol. 7, No. CHI PLAY, Article 418.Publication date: November 2023.

6. 4 . 3
Design Pa erns.Many design patterns used in games can be considered to be dark patterns intended to be deceptive, misleading, or coercive to users[1,143].These dark patterns, for example, Proc.ACM Hum.-Comput.Interact., Vol. 7, No. CHI PLAY, Article 418.Publication date: November 2023.

Fig. 2 .
Fig. 2. Prior to installing Destiny 2 on Steam players are required to accept Terms & Conditions [21].

Fig. 3 .
Fig.3.Players are required to install an anti-cheat so ware Ba lEye before playing Destiny 2. Ba lEye collects both user data and device information[55].

Fig. 4 .
Fig. 4. Players are asked to enter their age upon sign-up in League of Legends [107].

Fig. 5 .Fig. 6 .
Fig. 5. From League of Legends, Sign-up process fails if the age entered is less than 12 years old [106].

Fig. 7 . 41 Fig. 8 .
Fig.7.Monster Legends seemingly o ers players an option to request the game not to sell their data.When players click the option on the bo om right they are requested to a web page that is directed at California residents whose data are protected by law not to be sold[117].

Fig. 10 .Fig. 11 .
Fig.10.Players can link one or multiple social media accounts to the same account on PUBG (Facebook and iCloud accounts)[70].

Fig. 12 .
Fig.12.The Sims4 Game Options.Players are provided a link to EA Games privacy agreement for information about their data handling practices[54].

Fig. 13 .
Fig. 13.Players can sign-up with one or multiple social media accounts on PUBG (Twi er, Facebook and Game Center accounts) [69].

A. 7 . 1
Mobile app stores.Mobile app stores, such as Apple's App Store and Google Play Store, are most popular sources of online games.

Table 1 .
Central interview topics, research intentions, and sample questions from interview script.

Table 4 .
Summary of data types collected from games (N=21).
What devices do you own and do you use them for playing games?(Please, choose all that apply) Do you have social media pro les?If yes, which ones and how often do you use them?Thank you for answering the survey and your interest to participate in this interview, we greatly appreciate your help with our research.My name is [..] and I will conduct this interview.The interview will last around 40 minutes and will be audio recorded.The recording is to accurately record the information you provide and will be used for transcription purposes only.After the transcription, we will destroy the audio recording.If you don't wish to be recorded you can stop the interview.However, incomplete interviews will not be compensated.If you feel any discomfort, please, let me know and we Proc.ACM Hum.-Comput.Interact., Vol. 7, No. CHI PLAY, Article 418.Publication date: November 2023.

Table 8 .
Table illustrates participant experiences in years, the genre and styles of the games they played.