I mean really, what's the difference? They can access that file at any time they want anyhow---as long as they only send it to their server after user consent, I'm really failing to see a problem here. Making a copy of one file they can already access to another place they can also already access isn't really violating anyone's privacy. It's what they DO with the information that matters.

>It's what they DO with the information that matters.

99% of end users will not be able to reverse engineer the binary and find out that copy is never transmitted. The fact it is 'touching' private files at all without any consent degrades trust.

Furthermore, if I want to delete all traces of Steam from my computer how the hell would I know there is a copy of steam's localconfig in a different program's folder? or what if I backup or share privately/publicly my EpicLauncher directory without realizing all my steam contacts are in there?

But is it malevolent or just a little lazy? I can't decide.

if it were malevolent, they'd just load it into ram and send it to the server without persisting on the drive... (and without asking)