My problem with them is that they scanned peoples hard drives and read the Steam friends file. That sort of behavior is not acceptable. It wasn't a normal business operation. People give installation software raised permission so it can install itself on the hard drive. They don't intend for that same software to start looking at other files on the computer. The only other software that does that sort of thing is malware and Antivirus software. Epic crossed a line with that action. We have no idea if they sent that information up to their servers or not. We have to take their word for what they did with the file. Their excuse that it was easier than calling the Steam API is hogwash. The Steam API is literally a single API call where you pass in the steam id. The API confirms that you have permission to get the information and then returns it in the same format as the file was storing it.
If one of our installations did something like that then we would be opening ourselves up to all sorts of trouble. There is no way that it's ok for Epic to do it. It's just not acceptable. What if they started reading your documents or getting your pictures? The worst part is that they haven't changed the behavior which begs the question, why?