Microsoft have their standard clauses of "thou shalt not modify the code in bad ways" and "thou shalt not use this code to commit malicious actions". I don't see any similar level of restriction being placed on the 'compiled executable as a result of using the libraries/tools' but they do have restriction on the distribution of modifications to the core without it being made clear. Having looked over the Epic's TOS/EULA they've written theirs in more of a permissive way than restriction, but a similar - if you stand on one leg and cock your head to the side - situation exists for distributing your game with 'uncooked engine code'.

I strongly believe that this whole issue is most likely as a result of the seat licensing mechanism being broken by cloud based service providers, or being outright bypassed. The closer analogy being the licensing arrangement for Visual Studio mandates you have a license per seat to use it, even if you publish it as a virtual application, and the license needs to be tied to an actual person - granting you one use of the application.

I struggle to believe that there is even a remote intent to prevent the use of cloud based service providers supplying compute space for developers to run their application on. It would align well with the beta cloud hosting services that they're investigating now, but I think it is counter the company's image to go down this path.

<edit>

Another thing occurs to me, elsewhere in the EULA/TOS there is mention that you agree to allow Unity to record details about the consumers of the application you've released, in some way to determine the number of people who have purchased your game... perhaps it is related to this and assuring that we're not just nvidia sheild streaming games from web platforms (all computation done on server, end user sees only video)? Maybe this style of streaming breaks their ability to track the number of consumers?

Unreal EULA says snippets of up to 30 lines are fine to put on public forums where non-licensees can see them, within a few (reasonable) limits.

41 minutes ago, Stragen said:

Another thing occurs to me, elsewhere in the EULA/TOS there is mention that you agree to allow Unity to record details about the consumers of the application you've released, in some way to determine the number of people who have purchased your game... perhaps it is related to this and assuring that we're not just nvidia sheild streaming games from web platforms (all computation done on server, end user sees only video)? Maybe this style of streaming breaks their ability to track the number of consumers? 

As far as Europe goes, and the GDPR, this is a bit dubious if there is no programmer off-switch and the data will be pseudonymised e.g. a hash of an IP address or a GUID cookie which still puts it clearly in GDPR remit.

Now i am no lawyer, but have dealt with GDPR as a manager at my current role and i know this much:

I can't silently give permissions on the player's behalf for analytics to be harvested, by agreeing to some EULA, and this sort of thing must have a clear opt-in, and that opt-in can't be "allow it or you cant use this program". As such, if there is no clear way to turn this completely off/on at the players request, with clear notification that the game is going to do this, this is quite a big violation of data privacy law within the EU.

I've noticed UE4 doing similar things for metric gathering so that they can conduct a steam style user-survey, but as i use that engine i know that i can go in and disable that feature, and we're golden. As i don't actively use Unity, i can't say for sure if this is an option there - maybe someone who actively uses it can enlighten me?

Since the GDPR was brought up: they're very diligent with it. Deleting my account took them 80 days.  I never user support, forum, asset store, made any games, not even compiled any exes and only ever ran editor for 2-5 hours once to check examples out one day a months ago.

They've mentioned GDPR ("Your request has been received and is being reviewed by our GDPR taskforce.") when confirming my request for deleting my account on 6th of August via email. I'm guessing it's because I am an EU citizen and live in the EU.

Then on 31st of August I got this:

Quote

Hi,

We are working on your data deletion request. As residents of the European Economic Area know, a 30-day time period applies to requests for personal data deletion unless there is an unusually high volume or the requests are overly complex. In such circumstances, Unity may take an additional 60 days as necessary under EEA laws to complete the requests. At this time, Unity will be extending the timeframe for your deletion request by an additional 60 days due to volume and complexity. This should not imply that we will need all 90 days, but we are reasonably certain that we will need at least 31.

We appreciate your patience and hope to provide a confirmation within the coming days.

Thank you,

Unity Privacy team

I was doing this in response to the July email drama so the "unusually high volume" part gave me a chuckle (or maybe it was just a complex task to delete an account that never did anything  ).

I got two more copies of the above email (which I assume to be a mistake) on 26th of October and this email, all within same minute:

Quote

Hi,

Per your request and in accordance with your right to erasure, all relevant personal data related to your email address and device ID were removed from Unity’s data systems. Keep in mind that Unity will retain any information to the extent necessary (1) to meet financial and legal compliance, (2) if applicable, to prevent fraud or respond to valid legal process, and (3) where our systems have anonymized or heavily pseudonymized the data. If your account was created for a development project, then that project administrator must request account deletion.

Also, please remember that renewed use of Unity products or services will create a new data set. Unity will always endeavor to honor deletion requests as appropriate; however, if requests become excessive or repetitive, then Unity may elect to refuse or to charge a fee for such requests.

We thank you for your business, and we hope you will consider us in the future as a business partner.

Unity Privacy team

1 hour ago, Brain said:

I can't silently give permissions on the player's behalf for analytics to be harvested, by agreeing to some EULA, and this sort of thing must have a clear opt-in, and that opt-in can't be "allow it or you cant use this program". As such, if there is no clear way to turn this completely off/on at the players request, with clear notification that the game is going to do this, this is quite a big violation of data privacy law within the EU. 

Did you take a look at these two pages (second seems specific to Unity Analytics but lol @ "Unity Analytics Data Privacy Plug-in" not supporting Linux)?

https://unity3d.com/legal/privacy-policy

https://docs.unity3d.com/Manual/UnityAnalyticsDataPrivacy.html

9 hours ago, FRex said:

Unreal EULA says snippets of up to 30 lines are fine to put on public forums where non-licensees can see them, within a few (reasonable) limits.

There are qualifiers around what you can and cant do, for those who are considering it and to save people looking for it themselves, the appropriate section is below.

"You are permitted to post snippets of Engine Code, up to 30 lines of code in length, online in public forums for the sole purpose of discussing the content of the snippet, or distribute such snippets in connection with supporting patches and plug-ins for the Licensed Technology, so long as it is not for the purpose of enabling non-Engine Licensees to use or modify any Engine Code, or to aggregate, recombine, or reconstruct any larger portion of the Engine Code."

GDPR is a minefield of conditions, i'm not even mildly across all the rules and regs for that (i'm going to be doing a course on it soon enough no doubt), so i'll make no comment on anything to do with GDPR.

Happening today/tomorrow (in 13 hours):

While i know this is a week or so old now, but the updates they've made to the ToS now, with their changes to the ToS retrospective-ness, make the whole conversation much different. It seems that they've listened and the restructure and re-wording seems much clearer and less restrictive.