Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Privacy Games

Report: Valve Anti-Cheat (VAC) Scans Your DNS History 373

Posted by samzenpus
from the lets-have-a-look dept.
dotarray writes "If a recent report is to be believed, Valve is looking at your browsing history. Reportedly, the company's Valve Anti Cheat system (VAC) looks at all the domains you have visited, and if it finds that you've frequented hack sites, you'll be banned. 'The new functionality has been slammed by gamers, who claim it is "more like spyware than anti-cheat". Valve has not responded to the allegations, but all Steam users have agreed to abide by specific online conduct and not to use cheats. The company's privacy policy also explains that Valve may collect "personally identifiable information", but promises not to share it with other parties.'"
This discussion has been archived. No new comments can be posted.

Report: Valve Anti-Cheat (VAC) Scans Your DNS History

Comments Filter:
  • Oh good (Score:2, Insightful)

    by Anonymous Coward on Monday February 17, 2014 @10:44AM (#46266449)

    So security researchers who also game are pretty much screwed then?

  • by Puls4r (724907) on Monday February 17, 2014 @10:46AM (#46266465)
    Actually, the article doesn't say anyone has been banned using the data. It specifically says that NO one currently knows what happens with the data. So that's a pretty large red herring. That doesn't negate the heinousness of them tracking the websites you visit *just* in case you might cheat. Very NSA-esque.
  • ipconfig /flushdns (Score:5, Insightful)

    by gatkinso (15975) on Monday February 17, 2014 @10:49AM (#46266495)


  • Re: So (Score:5, Insightful)

    by Anonymous Coward on Monday February 17, 2014 @10:53AM (#46266537)

    We shouldn't have to worry about hiding our browser history from a fucking game company. They have no god damn business even taking a peak. I don't care if if there is a hidden clause in their Eula that they say allows it. It's wrong, and they know it's wrong.

  • Re:Oh good (Score:4, Insightful)

    by Anonymous Coward on Monday February 17, 2014 @10:55AM (#46266561)
    Security researchers? Most game server admins I know (at least, the good ones) will browse hack sites/videos, so they know what's out there and what to look for. Unless it started very recently, they're not doing any banning for this.
  • Re:So (Score:5, Insightful)

    by lagomorpha2 (1376475) on Monday February 17, 2014 @10:55AM (#46266565)

    Steam isn't a subscription service, you pay full price (ok or wait for sales) for games and they can only be run through Steam. So uninstalling Steam means losing access to the games you've bought through the service unless you pirate them back. This does make me want to delete Steam and cease using the service though.

    I wonder if there are enough irritated users to delete and redownload their entire Steam library enough times to send Valve a high-bandwidth wake-up protest message.

  • Re:So (Score:5, Insightful)

    by ledow (319597) on Monday February 17, 2014 @11:00AM (#46266619) Homepage

    Why not just run Steam as a different user?

    It's not like Windows where you basically are expected to run everything as one user, create a Steam user which you can only "su" to from certain other users, and then set up a script to automatically make it run Steam only as a user that has access to nothing but Steam.

    But to be honest what's the point? What precisely are they going to do with the hash of a domain name that you looked up, not even visited? The bans are not going to be based on that information. You can't ban someone just because they strayed or were enticed into looking up a domain that might host a cheat, only if they actually use those cheats.

    I reckon they are using it to find similar users and spot trends more than anything else. If a load of confirmed cheaters all have the same hash in their history, but not most people, then its likely that it's worth looking into other user's with that same hash (or at least taking it into account when someone reports a new cheat).

    I'm a Steam fan, it has to be said, but while them looking at my domain history concerns me, they are at least hashing them and they have a full browser in the Steam client. If they want to track my visits, that's infinitely more worrying and does all sorts of cookie stuff (alright, you have to be running Steam and using their browser to visit whatever, but that's still much more info than the hash of a domain I looked up).

    Also, in case you hadn't noticed, the name of domains you looked up all go to your DNS server. If that's not a local one, you're already pushing this information in plain text across the Internet. Please tell me that you're not using Google or OpenDNS before you came to whine on this post.

    Plus, even aside from all the above, there is no real evidence that they are actually transmitting or collecting this information. Someone's just gone into the new anti-cheat modules with a disassembler and seen something suspicious. Doesn't mean that it's even enabled, or not test code. Nobody has yet seen it actually do this stuff (and what would it take? Wireshark and five minutes?).

    If you're using DNSSEC exclusively, didn't read the Steam agreement, are running as a completely unprivileged user (without even access to the name cache, on Linux, presumably?), and can confirm that what is alleged is actually happening, then maybe you have a case to be miffed.

    Otherwise? I have bigger privacy worries every time I send an email.

    P.S. Damn lameness filter, what the hell are you seeing?

  • How ironic . . . (Score:2, Insightful)

    by Kimomaru (2579489) on Monday February 17, 2014 @11:03AM (#46266645)
    I thought the point of playing a game was to relieve stress. Getting online to play something is starting to become more involved and complex than most people's jobs. It is kind of a shame, though, that people take Counterstrike and Call of Duty so seriously that they need to scam the system. Defeats the purpose, no?
  • Re:So (Score:4, Insightful)

    by Anonymous Coward on Monday February 17, 2014 @11:14AM (#46266747)
    So you buy games that you can't play unless you have steam? Why would you do that? I play all my games without permission from anyone. I bought them, they belong to me and I play them when I want without some service watching over me. What is wrong with people today... why do you put up with this kind of crap?
  • Re: So (Score:5, Insightful)

    by sosume (680416) on Monday February 17, 2014 @11:27AM (#46266885) Journal

    This is so wrong and against privacy laws (at least in the EU), this would be equal to the IRS regularly scanning your history to see if you visit sites with tips for tax dodging. The police arresting everyone who visits lockpicking tutorials. The RIAA arresting everyone for possession of an internet account, Or the TSA l.. oh wait, they already do that. But at least the TSA can claim that their work is in the public interest.

    Besides. This is a new definition of guilty by association.

    " all Steam users have agreed to abide by specific online conduct"

    I would say this is only valid while using a Steam product. the way it is worded in TFA sounds more like a lifestyle where you have to abide to their rules at all times. Steam makes it even illegal to cheat in games from their competitors!

    This is so ridiculous, all I can do is wait for the class action lawsuit to commence. Steam is done with, if this turns out to be true.

  • Re:So (Score:5, Insightful)

    by Nationless (2123580) on Monday February 17, 2014 @11:40AM (#46267009)

    They also offer a variety of services which I greatly appreciate in this day an age.

    I don't have to lug around all my cds/dvds/Floppies every time I move and honestly I've gotten rid of all my physical media (external hard-drives excluded) about 2 international moves ago.

    It automatically keeps all my games up to date, no more Battlefield 1942 patch hell.

    As a store front it allows me to keep up to date on game releases and even pre-load certain titles.

    Steam sales.

    A robust offline mode which automatically works as long as you've downloaded the game and run it a single time while being connected online.

    I use it as a unified launcher.

    I use it as a communication tool dedicated to getting in touch with other people I know who are playing games and can easily organize matches of any game on our collective steam lists.

    Also not all games come with the steamworks DRM and can be run freely without steam even being installed on the system. Granted you have to download it through Steam first, but that would apply to any digital store front. Not to mention I've never noticed the DRM in action, making it the most non-intrusive form so far and if it doesn't even bother me, I don't see much reason to rage about it if it means that Steam is more likely to stay in business.

    I no longer have to input CD-keys or even worry about where I've physically kept the myriads of manuals containing them and installing software is as quick as simply wanting to play something and double clicking the title and download/installation is automatic. I don't have as much time to waste on gaming as I used to so streamlining it is in my best interest.

    Having to live with the "fear" that one day my games will be gone is like worrying that a Jumbo jet will land on my house. Honestly, I'd just pirate the games I'd lost.

  • Re:So (Score:4, Insightful)

    by FatdogHaiku (978357) on Monday February 17, 2014 @12:03PM (#46267235)

    Cancel subscription, uninstall steam and move on.

    Oh come on, this anti cheating detection simply demands that we cheat it!

  • Re:So (Score:5, Insightful)

    by geminidomino (614729) on Monday February 17, 2014 @12:23PM (#46267469) Journal

    You forgot

    *) Possibility to cancel your business relationship with Valve and keep playing the games you paid for.

    Oh, wait.. No you didn't.

    DRM is DRM, and there's no such thing as "DRM done right."

  • Re:So (Score:5, Insightful)

    by Sperbels (1008585) on Monday February 17, 2014 @01:52PM (#46268503)
    * or, what if they disable your entire game library because you visited a blacklisted website.
  • Re:So (Score:3, Insightful)

    by LoRdTAW (99712) on Monday February 17, 2014 @01:58PM (#46268583)

    What games are those? Console? Older PC games?

    Steam and their competitors make it easy to buy, download and play games. Even if you don't want Steam you have few options: buy the actual game on CD or DVD (and have it loaded with buggy malware-like copy prevention and needing the CD/DVD when you want to play) or a publishers distribution platform which works just like Steam. Downloading the game makes so much more sense in the internet age and I would never go back to buying physical media copies.

    Steam and steam like service benefits:
    - I can pre-order, buy or gift a game instantly from my PC, no running to stores, shipping or waiting for packages.
    - Instant download. Buy the game and play it once its downloaded which can easily happen in under an hour.
    - NO CD/DVD's needed and no storing of bulky media and packaging. Who wants a shelf full of plastic taking up space and collecting dust?
    - Built in communications. My brother and I once played a game of TF2 while casually chatting using the Steam voice chat. It was an amazing thing to be able to casually talk as if he were next to me yet still be able to play the game and use its voice to talk to teammates.
    - I can log into another PC using my Steam ID and I instantly gain access to my games. No lugging around any media.
    - You can't lose the media. Remember old games and their copy protection? "Turn to page 42 of the manual and enter the second word in the third paragraph" or One that I hated until I got a cracked version from a friend who was a BBS master, Quarinitine. It had a dark red card the size of a sheet of paper with black almost unreadable text (to prevent photocopying). It was a chart you used to look up a set of numbers and then enter the corresponding code to play the game. Those were the devil, loose that card or manual and you were screwed.

    -no refunds. Easy - play the demo, look for recommendations/reviews or don't buy it, I haven't regretted one purchase yet (well maybe crysis 2 but that was because its gameplay sucked compared to the original but on a whole it was pretty fun).
    -sometimes there are connection/server issues but they usually clear up within hours or a day. You won't die from not playing games.
    -off line might crap out. But honestly, who uses that? Only two scenarios need off-line mode: places where the internet is flaky and prone to outages OR you are away from home like on a business trip or vacation. If you are part of the former, then the problem isn't Steam, its your shitty internet. If you are the latter then I assume you have better things to do than play games. Go out and have some fun. That or people just like to bitch about a non-issue just to bolster their prejudice against a media distribution platform. They could be paid shills but I digress.

    Since using Steam from the day it was released (after the beta AIM looking days), I have only had two or three connection issues with Steam cloud syncing. They were steam server issues that went away within a few hours, no big deal. Contrast that to my last run-in with copy prevention CD malware like securom which randomly crashed, randomly locked up my pc on launch or permanently changed my mouse cursor to a rainbow colored CD until I rebooted (after it randomly crashes). I actually had to download a crack for Crysis just to play the fucking game without securom (aka suck-rom). And of course what if you lose or damage the CD/DVD? How do you play your copy protected need-the-cd-to-make-sure-you-aren't-a-thief game? Screw that.

  • Re:So (Score:5, Insightful)

    by Anubis IV (1279820) on Monday February 17, 2014 @03:42PM (#46269651)

    Nonsense. I dont buy licenses. I buy games.

    No, you don't (unless you're representing a game publisher or developer, in which case maybe you do). Read the fine print included with any game you buy today on physical media. You bought the disc, so you generally have the right to resell the disc, and the licenses are transferable as well, so it gives many consumers the illusion of ownership, but the fact is, you don't own any of the games that you've "bought". That's why companies are legally capable of cutting off customers who break rules in their games. I provided links to several examples a few posts back in this thread.

    I'm not suggesting I like that it's this way, mind you, nor that it should be this way. I'm merely pointing out that it's the reality of the situation. Having you deny it doesn't magically make it untrue.

  • by gman003 (1693318) on Monday February 17, 2014 @10:54PM (#46272953) []

    Basically, they're looking only for the DRM servers used by some very specific kernel-level cheats (apparently even cheats have DRM now - and these are not web sites, but DRM servers they're looking for, you won't trigger it by searching for or even buying cheats unless you use them). They do this comparison client-side, transmitting only if there is a match, and only transmitting the hashed value (which is used so the VAC servers can confirm it was a cheat when issuing the ban - otherwise one would be able to forge a "cheat" and get someone else banned). They also only do this scan at all if VAC has detected the cheat in the first place, which they claim has affected less than 0.1% of their users.

    Valve is explicitly denying that they are gathering your browser history.

    So my overall analysis:
    1) If what they say is true, then they're doing everything they can to *not* gather your browsing history, and are only gathering the hashed value to protect users.
    2) This should be possible to verify - see if the code doing the checks is triggered at all during normal use, and see what a packet sniffer picks up.
    3) Even though I like Valve a lot, after recent events (Snowden, some personal betrayals, etc.) I feel I can't trust anybody. I'll let others do the verification (I'm not technically skilled enough to trust my own work on it), but if it turns out that this is all they are doing, it's a good thing that is very, very close to being a bad thing. If, however, they are not just spying on us but then lying about it, I will be downloading a Steam crack immediately (I spent over $1000 on Steam games, they're mine no matter what the law says) and taking everything into offline mode.

The trouble with being punctual is that people think you have nothing more important to do.