A user on Reddit has posted a decompiled module that claims Valve’s anti-cheat service, VAC, is quietly going through your browser history and sending results back to its servers. Something Valve boss Gabe Newell has made a public statement to deny.
It’s technical stuff, but the gist of the original claim is that VAC is monitoring your DNS cache looking for evidence of you having visited a hacking site, then sends all that data back to Valve. That means you wouldn’t even need to have visited the site itself for it to find something; clicking on a hotlinked image, for example, would still set it off, resulting in the potential for people being banned who didn’t actually cheat.
In a public response, also on Reddit, Newell denies the claims that VAC is sending your browsing history back to Valve, saying that it only sends back hashes of “non-web” entries that are “matches” for those on its cheat server blacklist. His full statement is itself technical – and spends a great deal of space appealing for your trust – but the tl;dr version goes like this:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don’t think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
VAC now reads all the domains you have visited and sends it back to their servers hashed [Reddit]
Valve, VAC, and trust [Reddit]
Comments
10 responses to “Valve Denies It’s Going Through Your Browser History”
Cheats have DRM because you have to pay for them. They phone home to check. The places they check are not www addresses that you can go to.
VAC will check to see if your computer has phone homed by checked the DNS cache IF IT DETECTS CHEATS while you are playing. Not for everyone.
Apparently they have stopped because the cheats now mask the DNS cache on the client machine and it no longer works.
Good description
Of the major companies Valve is one I trust the most. I know Gabe is a tool at times but I really think overall he is trying to do the right thing. maybe I am just buying into the hype, but as it stands I beleive Valve is doing the right thing by its customers.
If this was EA the outrage and boycott threats that would ensue…. Oh wait…
As wiz mentioned above, trust matters. People trust Valve because they’ve earned it. People don’t trust EA because they’re constantly undermining it. There are some people that don’t trust Valve or that do trust EA, but as an overall trend it’s the other way around.
No offense, but this is really badly written, anyone looking for some actuall information check this article done by Arstechnica http://arstechnica.com/gaming/2014/02/valve-dns-privacy-flap-exposes-the-murky-world-of-cheat-prevention/
This code was used for about 13 days before cheats found a way around it and can only see a hashed list of DOMAINS contacted. That data is all but useless if someone wanted to get info on you for whatever reason.
Pretty sure NSA said the same thing for a long while
an article with words. hallelujah!
Hmm I am not sure what to think on this. I will admit in the past I have visted sites to see how a certain hack has worked (I used to play DoD Source competitively and ran a server so I wanted to keep up with these things). I never actually used the cheats.
Does this mean that someone who looks this up in a manner like I did is automatically flagged as a cheat?
No, the domain names being hashed are non-web addresses that were used by the cheat software to dial back to verify they weren’t pirated. From what’s been said at least, visiting cheat websites alone isn’t enough.