Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Privacy Games

Report: Valve Anti-Cheat (VAC) Scans Your DNS History 373

dotarray writes "If a recent report is to be believed, Valve is looking at your browsing history. Reportedly, the company's Valve Anti Cheat system (VAC) looks at all the domains you have visited, and if it finds that you've frequented hack sites, you'll be banned. 'The new functionality has been slammed by gamers, who claim it is "more like spyware than anti-cheat". Valve has not responded to the allegations, but all Steam users have agreed to abide by specific online conduct and not to use cheats. The company's privacy policy also explains that Valve may collect "personally identifiable information", but promises not to share it with other parties.'"
This discussion has been archived. No new comments can be posted.

Report: Valve Anti-Cheat (VAC) Scans Your DNS History

Comments Filter:
  • by aliquis ( 678370 )

    How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

    • Re:So (Score:4, Informative)

      by Anonymous Coward on Monday February 17, 2014 @10:45AM (#46266453)

      Create a steam user without access to your real user's files. Run steam only as this user.

    • Re:So (Score:5, Interesting)

      by Rosco P. Coltrane ( 209368 ) on Monday February 17, 2014 @10:48AM (#46266479)

      How many Linux users do you think have the idea of sandboxing Valve applications, just in case they might be peeking inside other applications' user data?

      There's no "Linux obviously" about it. It's a matter of trust, and Linux or not, users are far too trusting of the applications they install.

      • by gl4ss ( 559668 )

        well the rule is stupid if it is in effect because they would need to ban the operators of this scheme too.. since they obviously visited those sites to know whats there.

        • by PIBM ( 588930 )

          From TFA, they send themselves MD5 hash of the websites people have visited. Knowing that, I believe that they are using your DNS history signature to compare between players that are cheating. I don't see why they would ban people they aren't sure are cheating, as they certainly don't want to be hit by PR nightmare when people would get banned for no reason. The rare false positive they get at this time is already hard on them, and they go great way (well, large amount of steam credits happen) to make thos

    • Re:So (Score:5, Interesting)

      by Z00L00K ( 682162 ) on Monday February 17, 2014 @10:53AM (#46266533) Homepage

      Create a separate virtual machine where you do all your clandestine browsing from.

      If the steam engine is able to access the VM and the disks there then they really are insisting on digging through your computer, but I doubt that they will be able to go far with it.

      • Re: (Score:2, Funny)

        by wagnerrp ( 1305589 )
        Trying to run a graphically intense game inside a virtual machine can only end in tears.
        • Re: So (Score:5, Funny)

          by Anonymous Coward on Monday February 17, 2014 @11:03AM (#46266651)

          Reading comprehension must be particularly difficult for you. I am sorry.

          • He's running Slashdot inside a VM and using a virtual keyboard and mouse to hide his clandestine non-work-related browsing, give him a break.

        • Which might be why he suggested *browsing the hack sites* within a VM, not playing games.

        • by jabuzz ( 182671 )

          He is talking about running a web browser in the VM so that you can browse cheat web sites to your heart's content without Valve or anyone else having a clue that you are doing it. Next time engage brain first :-)

        • Z00L00K actually said to do your browsing in the VM, but thanks for trying!
      • by nurb432 ( 527695 )

        Several companies already block things from running in a VM, or software virtualization/sand-boxing.

    • Re: So (Score:5, Insightful)

      by Anonymous Coward on Monday February 17, 2014 @10:53AM (#46266537)

      We shouldn't have to worry about hiding our browser history from a fucking game company. They have no god damn business even taking a peak. I don't care if if there is a hidden clause in their Eula that they say allows it. It's wrong, and they know it's wrong.

      • While I agree with you - we find ourselves in a world where our government and our corporations have ASSumed the authority to spy on us. I suggest you deal with reality as it is. Let's all learn to hide our history from the likes of Steam, along with Google and all the other trackers out there.

        Run Steam on your real high-tech hardware - and keep everything else on a different machine, or in a virtual machine. Just separate the two, and you're good to go.

      • Re: So (Score:5, Insightful)

        by sosume ( 680416 ) on Monday February 17, 2014 @11:27AM (#46266885) Journal

        This is so wrong and against privacy laws (at least in the EU), this would be equal to the IRS regularly scanning your history to see if you visit sites with tips for tax dodging. The police arresting everyone who visits lockpicking tutorials. The RIAA arresting everyone for possession of an internet account, Or the TSA l.. oh wait, they already do that. But at least the TSA can claim that their work is in the public interest.

        Besides. This is a new definition of guilty by association.

        " all Steam users have agreed to abide by specific online conduct"

        I would say this is only valid while using a Steam product. the way it is worded in TFA sounds more like a lifestyle where you have to abide to their rules at all times. Steam makes it even illegal to cheat in games from their competitors!

        This is so ridiculous, all I can do is wait for the class action lawsuit to commence. Steam is done with, if this turns out to be true.

    • How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

      The only useful workaround is to boycott steam. Otherwise they will work around your workarounds till they finally just install a Sony rootkit. Do you really want a company that even takes even one step over the line? teach them a lesson.

      • flush the dns cache before you launch steam:
        on a mac that command is:
        sudo killall -HUP mDNSResponder

        However since steam is normally installed with admin permissions it may very well be running some sort of spyware deamon that is violating your privacy even when the application is not running, making that dodge useless. Since they are willing to go that far I would not put it past them to also be running a spyware daemon as well.

        • No on Debian, I run steam as a normal user under user credentials. It doesn't launch any daemons, and has no suid executables, but it does have read/write access to all local files which includes saved history of browsers. Will do strace when I get home. Should be interesting.

      • by dshk ( 838175 )

        Players who are frustrated by cheaters are also ready to boycott Steam. If I were Steam, I would serve my frustrated, honest users. We also maintain a gaming site, and you cannot believe how many people get angry because of cheaters.

        I have no issue if they only check for domains or only selectively download the list. But I use three different machines for gaming, development, and system administration.

    • Re:So (Score:4, Informative)

      by l_bratch ( 865693 ) <> on Monday February 17, 2014 @10:54AM (#46266551) Homepage

      The claim is that the operating system's DNS cache is scanned, not any particular application's history.

      • Re:So (Score:5, Interesting)

        by Immerman ( 2627577 ) on Monday February 17, 2014 @11:07AM (#46266681)

        Still pretty fucking invasive if true. I'm going to have to watch this and, if true, protest. Not quite sure how yet, I'd hate to lose my game library but this sort of invasive behavior can't go unanswered. The "repeatedly redownload your gaming library" idea has some merit if done en-masse along with vocal enough complaints. Perhaps we can dig up the phone number and address of the company executives so we can send our complaints directly to the parties responsible for allowing such a thing .

        • Re:So (Score:5, Informative)

          by l_bratch ( 865693 ) <> on Monday February 17, 2014 @11:15AM (#46266765) Homepage

          I agree that it's very invasive if the list is returned to Valve, however I can't find any evidence that it is. The code originally posted only details the *reading* and hashing of the DNS cache, with no sign of *transmitting* it.

          As far as I can see, numerous headlines and articles since the code was posted have made the claim that the list is sent to Valve, without any evidence.

          • by Arker ( 91948 )
            It would be nice to know exactly what they are doing with it, but it seems fair to assume they are doing something with it or it wouldnt be collected in the first place.

            And I cant think of anything, however far-fetched, that they could be doing with it that would be legitimate.
          • It doesn't matter.

            Look, when I was a kid, I used to play Counterstrike pretty seriously. I was curious about these cheats that I kept seeing on VAC-secure servers, so I went and found some and played around with them - on VAC-insecure servers, of course*. They're really cool bits of code that hook into the game and understand the engine well enough to find the head "bone" and wait for it to come into the player's view. Being a coder, I wanted to know how they worked - not to write my own, but software that

    • Re:So (Score:5, Insightful)

      by ledow ( 319597 ) on Monday February 17, 2014 @11:00AM (#46266619) Homepage

      Why not just run Steam as a different user?

      It's not like Windows where you basically are expected to run everything as one user, create a Steam user which you can only "su" to from certain other users, and then set up a script to automatically make it run Steam only as a user that has access to nothing but Steam.

      But to be honest what's the point? What precisely are they going to do with the hash of a domain name that you looked up, not even visited? The bans are not going to be based on that information. You can't ban someone just because they strayed or were enticed into looking up a domain that might host a cheat, only if they actually use those cheats.

      I reckon they are using it to find similar users and spot trends more than anything else. If a load of confirmed cheaters all have the same hash in their history, but not most people, then its likely that it's worth looking into other user's with that same hash (or at least taking it into account when someone reports a new cheat).

      I'm a Steam fan, it has to be said, but while them looking at my domain history concerns me, they are at least hashing them and they have a full browser in the Steam client. If they want to track my visits, that's infinitely more worrying and does all sorts of cookie stuff (alright, you have to be running Steam and using their browser to visit whatever, but that's still much more info than the hash of a domain I looked up).

      Also, in case you hadn't noticed, the name of domains you looked up all go to your DNS server. If that's not a local one, you're already pushing this information in plain text across the Internet. Please tell me that you're not using Google or OpenDNS before you came to whine on this post.

      Plus, even aside from all the above, there is no real evidence that they are actually transmitting or collecting this information. Someone's just gone into the new anti-cheat modules with a disassembler and seen something suspicious. Doesn't mean that it's even enabled, or not test code. Nobody has yet seen it actually do this stuff (and what would it take? Wireshark and five minutes?).

      If you're using DNSSEC exclusively, didn't read the Steam agreement, are running as a completely unprivileged user (without even access to the name cache, on Linux, presumably?), and can confirm that what is alleged is actually happening, then maybe you have a case to be miffed.

      Otherwise? I have bigger privacy worries every time I send an email.

      P.S. Damn lameness filter, what the hell are you seeing?

    • by arth1 ( 260657 )

      How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

      That's not how this works. FTFA, it apparently does "ipconfig /displaydns" in Windows, which (among other things) lists what DNS lookups you have done lately.

      This is easily thwarted - use a proxy server, and the only lookup that will be registered is the one of the proxy server(s).

      • That's not how (most) proxies work.

        • by arth1 ( 260657 )

          That's not how (most) proxies work.

          You should be more careful about making statements about things you know little about.
          I run and administer several proxy servers, and have even written my own; I think I know how they work.

          When you have a proxy server configured in the web browser, instead of looking up the IP address of the web site, and then connecting to that IP, the browser will look up the IP address of the proxy server, and send the request including the full URL to the proxy.
          The proxy server does the lookup of the address of the dest

    • Just don't support valve with your money for pulling crap like that.

  • Oh good (Score:2, Insightful)

    by Anonymous Coward

    So security researchers who also game are pretty much screwed then?

    • Re:Oh good (Score:4, Insightful)

      by Anonymous Coward on Monday February 17, 2014 @10:55AM (#46266561)
      Security researchers? Most game server admins I know (at least, the good ones) will browse hack sites/videos, so they know what's out there and what to look for. Unless it started very recently, they're not doing any banning for this.
  • by Puls4r ( 724907 ) on Monday February 17, 2014 @10:46AM (#46266465)
    Actually, the article doesn't say anyone has been banned using the data. It specifically says that NO one currently knows what happens with the data. So that's a pretty large red herring. That doesn't negate the heinousness of them tracking the websites you visit *just* in case you might cheat. Very NSA-esque.
    • That doesn't negate the heinousness of them tracking the websites you visit *just* in case you might cheat.

      They aren't tracking websites you visit. They are tracking your DNS-requests. They are not the same thing, DNS-requests only show what domain names your system has queried and doesn't even say if the queries have come from the browser, IM, games or anything else -- there is no way for Valve to deduce the websites you've been visiting from these if there's more than one site behind the domain, like e.g. many blogging platforms and such host thousands of blogs under a single domain-name.

  • by Torp ( 199297 )

    I've been trying to switch my gaming purchases to GoG anyway, mainly because it's a pain to game on both a laptop and desktop with Steam. This is just another reason for it.
    All GoG needs is to start supporting Linux...

    • Windows person first and foremost; I'm a Dynamics AX technical consultant (please don't hurt me).

      I've been evaluating various Linux distros for my desktop, as my hobby time is more and more Linux (hello, Raspberry Pi and robotics!). I looked at Wine, and learned about CodeWeaver's CrossOver (this is probably old news to you). Once I had appropriate 3D drivers installed for my Toshiba S955 (that was a battle), I was able to install some stuff from GOG. Medal Of Honor: Allied Assault, for example, ran flaw

  • ipconfig /flushdns (Score:5, Insightful)

    by gatkinso ( 15975 ) on Monday February 17, 2014 @10:49AM (#46266495)


  • I've known gamers to frequent cheat sites just to see what the cheaters are using and what is possible to exploit When a legitimate player suddenly faces inexplicable challenges sometimes they go find where people are downloading their skills/advantages from in order to explain their new struggles. Often times it starts with the feeling "that HAS to be a cheat" then digging around finding if there is a cheat the enables that behavior.
    • by Rich0 ( 548339 )

      I imagine that they'll get the same experience as somebody who runs a Tor relay-only node. Admins will block them because it is easy to do, and has a minimal impact on their sales. They really don't care if it has no impact on security.

  • by Anonymous Coward on Monday February 17, 2014 @10:52AM (#46266517)

    The article is based on a REDDIT post. We all know they are always 100% accurate and credible. They did catch the boston bombers afteralll!

    journalism at its finest.

  • DEBUNKED (Score:5, Informative)

    by Anonymous Coward on Monday February 17, 2014 @10:59AM (#46266601)

    This story is being debunked in the original reddit thread.

    • by makomk ( 752139 )

      For values of "debunked" equal to "people clueless about how VAC works are loudly insisting that it's not true, and being believed because Valve fanbois". (Amongst other issues, you won't find the code of any VAC modules in Steam's or the game's DLLs because they're downloaded from the server at runtime in order to make them harder to reverse-engineer and block.) Someone later in the thread has apparently tested and found that stuffing the DNS cache with bogus entries increases the amount of SSL-encrypted d []

  • How ironic . . . (Score:2, Insightful)

    by Kimomaru ( 2579489 )
    I thought the point of playing a game was to relieve stress. Getting online to play something is starting to become more involved and complex than most people's jobs. It is kind of a shame, though, that people take Counterstrike and Call of Duty so seriously that they need to scam the system. Defeats the purpose, no?
  • ... unless an employee decides to use it, a secret order of the NSA requires to disclose it, their servers get hacked (by the NSA, other countries intelligence agencies, hacking groups, or script kiddies) or the protocol have a vulnerability or the information can be captured and decrypted. The respect of privacy by US companies had become an oximoron. Is a promise that they can't possibly honor, and they are too big to close doors like Lavabit if the NSA want their customers data.
  • It wouldn't, for example, prevent anyone from cheating by doing some browsing at the local coffee shop to find the cheats and then coming home to play games on the desktop system at home.
  • I have a non-addictive personality in general... perhaps it would be more accurate to say "anti-addictive" as there have been times when I would go overboard with some activities. X-Wing vs Tie Fighter, for example, cost me hundreds of dollars in "sick days" after calling in to work because I wanted to accomplish something. (Sick and stupid right?) I came to my senses after a paycheck demonstrated the value of my lost time. Anyway, I don't really play games which are time consuming and/or deeply involvi

  • These are different things.

    Also, not to apologize for Valve, but there are games far more invasive than this. Some NFS games (NFS:S2U for one) will trawl your actual browser history to put targeted ads on in-game advertising surfaces. Unless you use a software firewall to block their Internet access ;-)

  • Oh, wait. I'm a slash-dotter. I have lots of computers. So I'll Steam on one computer and get cheats on another. Sorry Valve.
  • by gman003 ( 1693318 ) on Monday February 17, 2014 @10:54PM (#46272953) []

    Basically, they're looking only for the DRM servers used by some very specific kernel-level cheats (apparently even cheats have DRM now - and these are not web sites, but DRM servers they're looking for, you won't trigger it by searching for or even buying cheats unless you use them). They do this comparison client-side, transmitting only if there is a match, and only transmitting the hashed value (which is used so the VAC servers can confirm it was a cheat when issuing the ban - otherwise one would be able to forge a "cheat" and get someone else banned). They also only do this scan at all if VAC has detected the cheat in the first place, which they claim has affected less than 0.1% of their users.

    Valve is explicitly denying that they are gathering your browser history.

    So my overall analysis:
    1) If what they say is true, then they're doing everything they can to *not* gather your browsing history, and are only gathering the hashed value to protect users.
    2) This should be possible to verify - see if the code doing the checks is triggered at all during normal use, and see what a packet sniffer picks up.
    3) Even though I like Valve a lot, after recent events (Snowden, some personal betrayals, etc.) I feel I can't trust anybody. I'll let others do the verification (I'm not technically skilled enough to trust my own work on it), but if it turns out that this is all they are doing, it's a good thing that is very, very close to being a bad thing. If, however, they are not just spying on us but then lying about it, I will be downloading a Steam crack immediately (I spent over $1000 on Steam games, they're mine no matter what the law says) and taking everything into offline mode.

MESSAGE ACKNOWLEDGED -- The Pershing II missiles have been launched.