The amount of data Sony keeps about your PlayStation activity is insane!

Some PlayStation users have requested Sony to send them their personal data, and the results are quite shocking. Twitter user @AlexCheer1 found out that Sony had logs of him running the Adrenaline PSP Custom Firmware on his PS Vita, for example.

Sony knows you’ve been running hacks

AlexCheer1 has shared a few screenshots of what his data looks like (screenshots below). He’s found out that Sony knows, among other things:

  1. What controllers/portable consoles you connect to your console
  2. What games you play online, and whether it’s F2P/Free Weekend or on PS Plus
  3. Which parts of the system menu you’ve browsed

Their systems also log every kind of game you launch, even offline (the data gets sent the next time you go online), and even if those are homebrew games. As such, it isn’t completely surprising, but interesting, to see that they know he’s been using Adrenaline (identified as PSPEMUCFW).

Furthermore, they keep a long history of all this data. In the package AlexCheer1 was sent, his entire history had been kept back to 2012!

Nothing’s really surprising in there, but it’s “funny” to see PlayStation know about hack usage, and overall it’s a shockingly massive amount of data.

What Sony logs about you

It probably won’t be a surprise to most people following this blog, but Sony monitors a lot of information when you use a PlayStation console, and in particular when you connect to the PlayStation Network.

In theory, that kind of information is aggregated and anonymized in most cases internally before being used to monitor various metrics (whether for marketing, legal, or engineering purposes). At the individual level, the data is also collected for some legal reasons, as stated in PlayStation terms and conditions.

Although the terms may vary depending on your country, all versions of the PSN rules that we checked has a variation on “we are not responsible for recording or monitoring any activity on PSN, although we may do so in order to investigate violations of or enforce this Agreement, or to protect the rights and property of SIE, its partners, and customers.”

For further details on what is being logged, one has to go to PlayStation’s legal page, select their country, and head over to the Privacy Policy page. (examples: for Europe and the US)

There, you can see a laundry list of what is being collected: your name, username, address, payment methods of course, as well as content that gets stored in their databases such as purchases, voice messages, chat content, posts, and more generally any user-generated content that gets stored on their end.

The metrics and monitoring part (“We may also automatically or passively collect information about your use of our Services”) is where it gets interesting. They say:

Each time you use a PlayStation console or a PlayStation app on a PlayStation console or other devices (such as a mobile phone or PC), we may automatically collect information about your use of that device and app. If you sign into an Account, we may combine it with other information we have for that Account.

Follows a list of the kind of stuff that gets logged (emphasis bear). We only reproduce below a few of them, you’ll have to check the official document for the whole list.

  • Device identifiers such as your PlayStation console ID, mobile device IDs, cookie IDs, or serial numbers
  • Network identifiers such as your IP address and MAC address
  • Account authentication tokens that avoid you having to log in repeatedly
  • Content and ads downloaded to your device for the online services that you access
  • Your current and recent locations (eg on PS Vita)
  • Trophies, scores and rankings achieved online and offline
  • Information about the device you are using, any connected peripherals (such as controllers and VR headsets) and how you have configured them
  • Information about how you use the software installed on your device (which may include information about the use of the software offline), such as date and time of use, what games or music you play, what content you browse, share or download, what services you access and for how longincluding how often you use chat and other communication applications
  • The actions you take within games or apps published by SIE (eg what obstacle you jump over and what levels you reach)
  • Software errors and load times detailsand if you have the “Report System Software Errors Automatically” setting turned on, detailed information about the crash, including screenshots and video captured before the crash

Again, it’s been known for a while by hackers that Sony monitors a lot of information, and may have used such telemetry in the past to patch vulnerabilities while they were being worked on. This is why most hackers looking for vulnerabilities always make sure they block some specific Network communications for their device (eg on PS5 we block specific IPs when running the kernel exploit).

How Can I request my PlayStation data from Sony?

If you’re interested in knowing what PlayStation knows about you and your activity, follow the instructions below.

Whether you can ask Sony to send you your PlayStation data or not depends on the country you live in. In general, check their privacy policy for details on that. In Europe, Australia or NZ, you can email [email protected] with the request (you will then need to be able to prove your identity, typically by sending your PSN ID along with some other form of identification). In the US, you can follow the instructions on this form or use the phone number provided.

Leave a Comment

Your email address will not be published. Required fields are marked *