Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Report: Valve Anti-Cheat (VAC) Scans Your DNS History

samzenpus posted about 8 months ago | from the lets-have-a-look dept.

Privacy 373

dotarray writes "If a recent report is to be believed, Valve is looking at your browsing history. Reportedly, the company's Valve Anti Cheat system (VAC) looks at all the domains you have visited, and if it finds that you've frequented hack sites, you'll be banned. 'The new functionality has been slammed by gamers, who claim it is "more like spyware than anti-cheat". Valve has not responded to the allegations, but all Steam users have agreed to abide by specific online conduct and not to use cheats. The company's privacy policy also explains that Valve may collect "personally identifiable information", but promises not to share it with other parties.'"

cancel ×

373 comments

Sorry! There are no comments related to the filter you selected.

So (2)

aliquis (678370) | about 8 months ago | (#46266403)

How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

Re:So (4, Informative)

Anonymous Coward | about 8 months ago | (#46266453)

Create a steam user without access to your real user's files. Run steam only as this user.

Re:So (0)

Bert64 (520050) | about 8 months ago | (#46266701)

Or just use a dedicated box for gaming... Not having other crap installed/running will improve gaming performance and reduce other potential compatibility problems too.

Re:So (2)

Runaway1956 (1322357) | about 8 months ago | (#46266709)

Separate user - or separate machine. Nothing says that my gaming machine is the same as my general purpose machine.

Re:So (1, Informative)

Anonymous Coward | about 8 months ago | (#46266457)

Cancel subscription, uninstall steam and move on.

Re:So (5, Insightful)

lagomorpha2 (1376475) | about 8 months ago | (#46266565)

Steam isn't a subscription service, you pay full price (ok or wait for sales) for games and they can only be run through Steam. So uninstalling Steam means losing access to the games you've bought through the service unless you pirate them back. This does make me want to delete Steam and cease using the service though.

I wonder if there are enough irritated users to delete and redownload their entire Steam library enough times to send Valve a high-bandwidth wake-up protest message.

Re:So (4, Insightful)

Anonymous Coward | about 8 months ago | (#46266747)

So you buy games that you can't play unless you have steam? Why would you do that? I play all my games without permission from anyone. I bought them, they belong to me and I play them when I want without some service watching over me. What is wrong with people today... why do you put up with this kind of crap?

Re:So (-1)

Anonymous Coward | about 8 months ago | (#46266805)

troll lacks insight someone help

Re:So (-1)

Anonymous Coward | about 8 months ago | (#46266891)

So that is the limit of you intellectual capability? Name calling? Why not address the issue at hand instead of reverting to 3rd grade tactics.

Re:So (2)

PriceChild (1138463) | about 8 months ago | (#46266787)

Not always... It is my understanding that many games simply use Steam as a handy distrubution mechanism. There is nothing to say they must incorporate DRM. I'm pretty sure The Binding of Isaac is a good example...

Re:So (5, Insightful)

Nationless (2123580) | about 8 months ago | (#46267009)

They also offer a variety of services which I greatly appreciate in this day an age.

I don't have to lug around all my cds/dvds/Floppies every time I move and honestly I've gotten rid of all my physical media (external hard-drives excluded) about 2 international moves ago.

It automatically keeps all my games up to date, no more Battlefield 1942 patch hell.

As a store front it allows me to keep up to date on game releases and even pre-load certain titles.

Steam sales.

A robust offline mode which automatically works as long as you've downloaded the game and run it a single time while being connected online.

I use it as a unified launcher.

I use it as a communication tool dedicated to getting in touch with other people I know who are playing games and can easily organize matches of any game on our collective steam lists.

Also not all games come with the steamworks DRM and can be run freely without steam even being installed on the system. Granted you have to download it through Steam first, but that would apply to any digital store front. Not to mention I've never noticed the DRM in action, making it the most non-intrusive form so far and if it doesn't even bother me, I don't see much reason to rage about it if it means that Steam is more likely to stay in business.

I no longer have to input CD-keys or even worry about where I've physically kept the myriads of manuals containing them and installing software is as quick as simply wanting to play something and double clicking the title and download/installation is automatic. I don't have as much time to waste on gaming as I used to so streamlining it is in my best interest.

Having to live with the "fear" that one day my games will be gone is like worrying that a Jumbo jet will land on my house. Honestly, I'd just pirate the games I'd lost.

Re:So (4, Interesting)

Rosco P. Coltrane (209368) | about 8 months ago | (#46266479)

How many Linux users do you think have the idea of sandboxing Valve applications, just in case they might be peeking inside other applications' user data?

There's no "Linux obviously" about it. It's a matter of trust, and Linux or not, users are far too trusting of the applications they install.

Re:So (1)

gl4ss (559668) | about 8 months ago | (#46266637)

well the rule is stupid if it is in effect because they would need to ban the operators of this scheme too.. since they obviously visited those sites to know whats there.

Re:So (2)

PIBM (588930) | about 8 months ago | (#46266915)

From TFA, they send themselves MD5 hash of the websites people have visited. Knowing that, I believe that they are using your DNS history signature to compare between players that are cheating. I don't see why they would ban people they aren't sure are cheating, as they certainly don't want to be hit by PR nightmare when people would get banned for no reason. The rare false positive they get at this time is already hard on them, and they go great way (well, large amount of steam credits happen) to make those people happy when errors really do happen.

I have looked at websites offering hacks myself, and that was mostly to know what I was against; I don't want to ragequit out of a game when the players are really good, but I certainly don't want to provide free kills to cheaters. Being able to recognize the difference is important, and knowing their arsenal helps a lot in that department.

Oh well, I've not been playing competitive steam games in a while anyway.

Re:So (0)

Anonymous Coward | about 8 months ago | (#46266493)

Maybe run it inside an SELinux sandbox? See `man 8 sandbox'.

Re:So (4, Interesting)

Z00L00K (682162) | about 8 months ago | (#46266533)

Create a separate virtual machine where you do all your clandestine browsing from.

If the steam engine is able to access the VM and the disks there then they really are insisting on digging through your computer, but I doubt that they will be able to go far with it.

Re:So (1, Funny)

wagnerrp (1305589) | about 8 months ago | (#46266591)

Trying to run a graphically intense game inside a virtual machine can only end in tears.

Re: So (5, Funny)

Anonymous Coward | about 8 months ago | (#46266651)

Reading comprehension must be particularly difficult for you. I am sorry.

Re:So (1)

pushing-robot (1037830) | about 8 months ago | (#46266671)

Which might be why he suggested *browsing the hack sites* within a VM, not playing games.

Re:So (1)

jabuzz (182671) | about 8 months ago | (#46266679)

He is talking about running a web browser in the VM so that you can browse cheat web sites to your heart's content without Valve or anyone else having a clue that you are doing it. Next time engage brain first :-)

Re:So (1)

Wookact (2804191) | about 8 months ago | (#46266683)

Z00L00K actually said to do your browsing in the VM, but thanks for trying!

cmake (-1)

Anonymous Coward | about 8 months ago | (#46266687)

He didn't say that. It's the opposite. But running a VM only so that you can browse without being spied on is just as absurd.

Re:So (0)

Anonymous Coward | about 8 months ago | (#46266841)

Would that work? It is looking at your DNS history, would'nt the VM'ed browser box just be passing the DNS requests down the stack to the host?

Re:So (1)

PIBM (588930) | about 8 months ago | (#46266933)

I though the same, but he must have been refered to those VM on VPNs which you only get to see the remote rendering of, in which case this is totally valid :)

Re: So (5, Insightful)

Anonymous Coward | about 8 months ago | (#46266537)

We shouldn't have to worry about hiding our browser history from a fucking game company. They have no god damn business even taking a peak. I don't care if if there is a hidden clause in their Eula that they say allows it. It's wrong, and they know it's wrong.

Re: So (2)

Runaway1956 (1322357) | about 8 months ago | (#46266759)

While I agree with you - we find ourselves in a world where our government and our corporations have ASSumed the authority to spy on us. I suggest you deal with reality as it is. Let's all learn to hide our history from the likes of Steam, along with Google and all the other trackers out there.

Run Steam on your real high-tech hardware - and keep everything else on a different machine, or in a virtual machine. Just separate the two, and you're good to go.

Re: So (5, Insightful)

sosume (680416) | about 8 months ago | (#46266885)

This is so wrong and against privacy laws (at least in the EU), this would be equal to the IRS regularly scanning your history to see if you visit sites with tips for tax dodging. The police arresting everyone who visits lockpicking tutorials. The RIAA arresting everyone for possession of an internet account, Or the TSA l.. oh wait, they already do that. But at least the TSA can claim that their work is in the public interest.

Besides. This is a new definition of guilty by association.

" all Steam users have agreed to abide by specific online conduct"

I would say this is only valid while using a Steam product. the way it is worded in TFA sounds more like a lifestyle where you have to abide to their rules at all times. Steam makes it even illegal to cheat in games from their competitors!

This is so ridiculous, all I can do is wait for the class action lawsuit to commence. Steam is done with, if this turns out to be true.

Workaround (1)

goombah99 (560566) | about 8 months ago | (#46266545)

How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

The only useful workaround is to boycott steam. Otherwise they will work around your workarounds till they finally just install a Sony rootkit. Do you really want a company that even takes even one step over the line? teach them a lesson.

another workaround. if you care (2)

goombah99 (560566) | about 8 months ago | (#46266705)

flush the dns cache before you launch steam:
on a mac that command is:
sudo killall -HUP mDNSResponder

However since steam is normally installed with admin permissions it may very well be running some sort of spyware deamon that is violating your privacy even when the application is not running, making that dodge useless. Since they are willing to go that far I would not put it past them to also be running a spyware daemon as well.

Re:Workaround (2)

dshk (838175) | about 8 months ago | (#46266927)

Players who are frustrated by cheaters are also ready to boycott Steam. If I were Steam, I would serve my frustrated, honest users. We also maintain a gaming site, and you cannot believe how many people get angry because of cheaters.

I have no issue if they only check for domains or only selectively download the list. But I use three different machines for gaming, development, and system administration.

Re:So (3, Informative)

l_bratch (865693) | about 8 months ago | (#46266551)

The claim is that the operating system's DNS cache is scanned, not any particular application's history.

Re:So (4, Interesting)

Immerman (2627577) | about 8 months ago | (#46266681)

Still pretty fucking invasive if true. I'm going to have to watch this and, if true, protest. Not quite sure how yet, I'd hate to lose my game library but this sort of invasive behavior can't go unanswered. The "repeatedly redownload your gaming library" idea has some merit if done en-masse along with vocal enough complaints. Perhaps we can dig up the phone number and address of the company executives so we can send our complaints directly to the parties responsible for allowing such a thing .

Re:So (4, Informative)

l_bratch (865693) | about 8 months ago | (#46266765)

I agree that it's very invasive if the list is returned to Valve, however I can't find any evidence that it is. The code originally posted only details the *reading* and hashing of the DNS cache, with no sign of *transmitting* it.

As far as I can see, numerous headlines and articles since the code was posted have made the claim that the list is sent to Valve, without any evidence.

Re:So (4, Insightful)

ledow (319597) | about 8 months ago | (#46266619)

Why not just run Steam as a different user?

It's not like Windows where you basically are expected to run everything as one user, create a Steam user which you can only "su" to from certain other users, and then set up a script to automatically make it run Steam only as a user that has access to nothing but Steam.

But to be honest what's the point? What precisely are they going to do with the hash of a domain name that you looked up, not even visited? The bans are not going to be based on that information. You can't ban someone just because they strayed or were enticed into looking up a domain that might host a cheat, only if they actually use those cheats.

I reckon they are using it to find similar users and spot trends more than anything else. If a load of confirmed cheaters all have the same hash in their history, but not most people, then its likely that it's worth looking into other user's with that same hash (or at least taking it into account when someone reports a new cheat).

I'm a Steam fan, it has to be said, but while them looking at my domain history concerns me, they are at least hashing them and they have a full browser in the Steam client. If they want to track my visits, that's infinitely more worrying and does all sorts of cookie stuff (alright, you have to be running Steam and using their browser to visit whatever, but that's still much more info than the hash of a domain I looked up).

Also, in case you hadn't noticed, the name of domains you looked up all go to your DNS server. If that's not a local one, you're already pushing this information in plain text across the Internet. Please tell me that you're not using Google or OpenDNS before you came to whine on this post.

Plus, even aside from all the above, there is no real evidence that they are actually transmitting or collecting this information. Someone's just gone into the new anti-cheat modules with a disassembler and seen something suspicious. Doesn't mean that it's even enabled, or not test code. Nobody has yet seen it actually do this stuff (and what would it take? Wireshark and five minutes?).

If you're using DNSSEC exclusively, didn't read the Steam agreement, are running as a completely unprivileged user (without even access to the name cache, on Linux, presumably?), and can confirm that what is alleged is actually happening, then maybe you have a case to be miffed.

Otherwise? I have bigger privacy worries every time I send an email.

P.S. Damn lameness filter, what the hell are you seeing?

Re:So (1)

arth1 (260657) | about 8 months ago | (#46266621)

How do one set up rules to block Steam from accessing firefox profiles? (Linux obviously, though guide for Windows is fine too. Also Chrome.)

That's not how this works. FTFA, it apparently does "ipconfig /displaydns" in Windows, which (among other things) lists what DNS lookups you have done lately.

This is easily thwarted - use a proxy server, and the only lookup that will be registered is the one of the proxy server(s).

Re:So (1)

X0563511 (793323) | about 8 months ago | (#46266699)

That's not how (most) proxies work.

Re:So (1)

arth1 (260657) | about 8 months ago | (#46266949)

That's not how (most) proxies work.

You should be more careful about making statements about things you know little about.
I run and administer several proxy servers, and have even written my own; I think I know how they work.

When you have a proxy server configured in the web browser, instead of looking up the IP address of the web site, and then connecting to that IP, the browser will look up the IP address of the proxy server, and send the request including the full URL to the proxy.
The proxy server does the lookup of the address of the destination site, connects to it, and fetches the data, which it presents back to the client. The client does not do a lookup of the destination site - it has no need to know it, and indeed, may not be able to (one of the use cases for proxy servers is when the clients are not allowed to use DNS).

So you're dead wrong.

VM is your friend... (0)

Anonymous Coward | about 8 months ago | (#46266815)

run your cheat browsing in a VM.
Problem solved...

Oh good (2, Insightful)

Anonymous Coward | about 8 months ago | (#46266449)

So security researchers who also game are pretty much screwed then?

Re:Oh good (4, Insightful)

Anonymous Coward | about 8 months ago | (#46266561)

Security researchers? Most game server admins I know (at least, the good ones) will browse hack sites/videos, so they know what's out there and what to look for. Unless it started very recently, they're not doing any banning for this.

Summary that misrepresents the Article... *shock* (5, Insightful)

Puls4r (724907) | about 8 months ago | (#46266465)

Actually, the article doesn't say anyone has been banned using the data. It specifically says that NO one currently knows what happens with the data. So that's a pretty large red herring. That doesn't negate the heinousness of them tracking the websites you visit *just* in case you might cheat. Very NSA-esque.

Re:Summary that misrepresents the Article... *shoc (-1)

Anonymous Coward | about 8 months ago | (#46266577)

In any case, Valve can do what they so choose, even scan Web browsers for history for site visitations or check the filesystem for programs. One agreed to this when logging and downloading their software, and this EULA/TOS will stand up in any court in the US.

Only thing one can do is not use their service.

Re:Summary that misrepresents the Article... *shoc (2)

moronoxyd (1000371) | about 8 months ago | (#46266673)

Luckily, not everyone lives in the US.
Some countries have different laws, even consumer protection laws that are worth that name.

And yes, even companies operating out of the US have to conform to at least some of these laws if they want to do business in Germany/Europe. An yes, they WANT to, because Europe is not an insignificant market.

Re:Summary that misrepresents the Article... *shoc (0)

Anonymous Coward | about 8 months ago | (#46266691)

In any case, Valve can do what they so choose,

Bullshit. They cannot do things thay violate the law (not saying this does or doesn't in any jurisdiction). It also does not pur Valve above criticism even if this tired excuse line wasn't bullshit.

One agreed to this when logging and downloading their software, and this EULA/TOS will stand up in any court in the US.

While this particular EULA may, just because someone enters into a contract does not make it legally valid. See illegal contracts.

Only thing one can do is not use their service.

No, one can do many other things such as loudly criticize them, report them to the country's consumer protection group, etc.

Re:Summary that misrepresents the Article... *shoc (0)

Anonymous Coward | about 8 months ago | (#46266745)

Unlike in 'murica, in the civilized world the answer to corporate misbehavior is not to simply continuing taking it up the butt. I know, I know. It's ebil "socialism"!!!!!!

Re:Summary that misrepresents the Article... *shoc (1)

Immerman (2627577) | about 8 months ago | (#46266789)

I'm not so sure.
1. Are you sure the EULA actually states that they may monitor your non-steam related activities? I would appreciate a pointer to the relevant paragraph if so.
2. My understanding is that it's still somewhat up in the air exactly how legally binding an EULA really is. Though I doubt most people could afford a good enough lawyers to press the issue
3. Even assuming the EULA is binding, it's generally accepted that a contract cannot demand that either party surrender their constitutional rights, and the 9th Amendment specifically states that the enumerated rights are only a sampling, not a comprehensive list, or even a list of the most important, and in no way should be interpreted to detract from the importance of the rights not so enumerated. Privacy included.

Re:Summary that misrepresents the Article... *shoc (0)

Anonymous Coward | about 8 months ago | (#46266607)

Indeed, it also says the the actual entries themselves are not sent back, but only the hashes. This would not stop someone checking if Joe has visited a specific site, but it would stop someone from looking at all Joes history to find out what he's been up to.

I'd guess that they are not looking for *web*sites related to cheats, but rather the servers that provide software updates etc. for the cheats.

Re:Summary that misrepresents the Article... *shoc (2, Informative)

Anonymous Coward | about 8 months ago | (#46266689)

> Indeed, it also says the the actual entries themselves are not sent back, but only the hashes

DNS names are easily enumeratable, the only reason to emphasize that it's hashes is if you're clueless or dishonest.
From a privacy perspective, they are sending back DNS names, saying that's hashes is only fooling people.

Re:Summary that misrepresents the Article... *shoc (0)

Anonymous Coward | about 8 months ago | (#46266831)

It'll no doubt get used as features. Correlate DNS lookups to someone caught cheating, find other users with similar patterns, watch/ban them.

Visiting !=guilt (0)

Justpin (2974855) | about 8 months ago | (#46266473)

For example a recent case was with World of Tanks. There was a botter who had been caught red handed, he was even silly enough to use his WoT user name as the bot forum user name. He was subsequently banned, but had a long winded argument with the support crying innocence, claiming it was a bad connection. The forumites even suggested he say that his son was disabled and used WoT as his only communication outlet. As a result quite a lot of legitimate WoT players visited this site (before the link was removed) simply to laugh and mock him. Does this mean all of us who went are all guilty of being cheaters?

Re:Visiting !=guilt (1)

mlts (1038732) | about 8 months ago | (#46266643)

This might be a way to bully/troll someone. Find what their account name is, then make an account with the identical name on every botting site. Of course, account names are hard to come by, but it is a way for someone to cause mischief, similar to people who create bogus FB profiles.

GoG? (1)

Torp (199297) | about 8 months ago | (#46266477)

I've been trying to switch my gaming purchases to GoG anyway, mainly because it's a pain to game on both a laptop and desktop with Steam. This is just another reason for it.
All GoG needs is to start supporting Linux...

Re:GoG? (1)

neilo_1701D (2765337) | about 8 months ago | (#46266801)

Windows person first and foremost; I'm a Dynamics AX technical consultant (please don't hurt me).

I've been evaluating various Linux distros for my desktop, as my hobby time is more and more Linux (hello, Raspberry Pi and robotics!). I looked at Wine, and learned about CodeWeaver's CrossOver (this is probably old news to you). Once I had appropriate 3D drivers installed for my Toshiba S955 (that was a battle), I was able to install some stuff from GOG. Medal Of Honor: Allied Assault, for example, ran flawlessly in an XP bottle. Unreal was a disaster. That's my experience so far, which matches with what I read on CodeWeaver's site.

So, whilst having GOG support Linux would be ideal, that's not going to happen. This seems to be a good alternative.

(FWIW, I certainly got a buzz out of seeing Office 2010 install and run flawlessly on Fedora 19!)

Uh-Oh (-1, Offtopic)

Anonymous Coward | about 8 months ago | (#46266481)

Since SLASHDOT BETA is the functional equivalent of a terrible, glitchy hack written by hacks, it seems pretty safe to assume that they will issue perma-bans to anyone caught with traces of it in their system. Game over, Slashdot....game over!

Is it safe now? (-1, Offtopic)

SeattleGameboy (641456) | about 8 months ago | (#46266483)

Is it safe for me to post again? How did the boycott go? Looks like the beta announcement is gone, so good news?

Re:Is it safe now? (0)

Anonymous Coward | about 8 months ago | (#46266753)

The amount of comments are only a third of what they were before, but articles get posted more often.

Haven't seen as many spambots, so not all bad. Still get modded troll when I post for some reason, so not much has changed with the community make-up.

Re:Is it safe now? (1)

sideslash (1865434) | about 8 months ago | (#46266825)

WHY HELLO, MY FELLOW LOYAL, SLASHDOT-READING COMRADE. LET US TALK OF DNS CACHES AND GAME SUBSCRIPTIONS AND VALVE AND STUFF.

[whisper] Would you shut up? You're gonna get us killed. All the first wave of revolutionaries have already been lined up against the wall and shot. Keep it under the radar. Now see if you can sneak over to the Facebook love analysis article, and another resistance operative will brief you there.[/whisper]

Re:Is it safe now? (0)

Anonymous Coward | about 8 months ago | (#46266859)

Nope I was redirected to beta again this morning.

Browsing history? (0)

Anonymous Coward | about 8 months ago | (#46266485)

I have no browsing history.

Clear history when firefox closes. check

Re:Browsing history? (1)

Rosco P. Coltrane (209368) | about 8 months ago | (#46266567)

Why gee, such skills in online browsing history masking leave me speechless...

Re:Browsing history? (2)

X0563511 (793323) | about 8 months ago | (#46266719)

Last I checked that doesn't do shit about your OS' DNS cache.

Re:Browsing history? (1)

Barefoot Monkey (1657313) | about 8 months ago | (#46266791)

Not browsing history.

Run cmd.exe and in the command prompt type "ipconfig /displaydns" (without the quotation marks). That's your DNS history, and that's what Steam is looking through.

To clear that, type "ipconfig /flushdns".

Re:Browsing history? (1)

Immerman (2627577) | about 8 months ago | (#46266807)

Won't make any difference if they're monitoring your DNS cache instead. Sorry, did you not realize that your porn-browsing habits leave secondary footprints on your system as well?

Sweet! (1)

Anonymous Coward | about 8 months ago | (#46266491)

So all I have to do to limit the competition is search a cheating site from my buddies computer?! Thanks for the tip!

ipconfig /flushdns (5, Insightful)

gatkinso (15975) | about 8 months ago | (#46266495)

Done.

Re:ipconfig /flushdns (1)

peon_a-z,A-Z,0-9$_+! (2743031) | about 8 months ago | (#46266751)

But... Is an "empty" DNS history more suspect than a moderately populated one?

Re:ipconfig /flushdns (1)

Mashdar (876825) | about 8 months ago | (#46266863)

flushdns, ping goatse.Solved!

Re: ipconfig /flushdns (1)

lostfayth (1184371) | about 8 months ago | (#46266901)

most operating systems boot with a clean cache, and steam typically runs at startup/login. an empty or near empty DNS cache would not be an uncommon finding.

Re:ipconfig /flushdns (1)

Immerman (2627577) | about 8 months ago | (#46266819)

Right. Just be sure to do that before every time you launch Steam, and always shut down Steam before browsing the web.

DNS cache really doesn't say that much (0)

DigitalSorceress (156609) | about 8 months ago | (#46266503)

Yes, sure, if your dns cache is full of porn sites, one may be able do deduce that you're actively visiting porn sites, but there are lots of sites on blocked/porn net nanny lists that are not actually porn.

If your dns cache is full of right wing news sites, maybe you're right wing right? or wait, maybe you're not ,but you keep tabs on them, or maybe your brother used them.

For instance, back when i was playing WOW a lot, I was also authoring (legal) addons for it. Since one of the activities I was supporting with dual boxing/multi-boxing (one player playing on multiple characters at once (each through their own paid account - legal under the TOS of the game), I did need to tread carefully to keep from crossing the line into what they'd consider "botting" (automation that allows an account to play without human intervention). I did research on some of the bots / botting that was available at the time - as part of understaning the difference (I never downloaded or used one, but yes, I surfed around and very likely included some "bad sites"

My point being that dns histroy is only the grossest of measures of what you're doing on your pc - yes, it may be true that someone who never visits hack sitex/cheat sites will be less likely to have them show up on dnscache, but if they're active in gaming forums or if they're jus plain inquisitive, they could so easily be falesly accused.

Someone who is actually cheating would likely be able to quickly figure out that they should use another computer to download/browse and/or ipconfig /flushdns before playing, etc...

Like most all copy protection - it only stops the casual user and inconveniences many legit users. Anyone actively cheating with any amount of effort will easily avoid this.

Yeah,

Re:DNS cache really doesn't say that much (1)

X0563511 (793323) | about 8 months ago | (#46266731)

Doesn't WOW have public test servers? Why didn't you do your work on that?

Re:DNS cache really doesn't say that much (1)

Immerman (2627577) | about 8 months ago | (#46266861)

>My point being that dns histroy is only the grossest of measures of what you're doing on your pc

Don't worry, it's still enough to let the NSA send you to Guantanamo indefinitely if you do anything else suspicious, or if someone doesn't like you. I'm sure it's only a matter of time before such privileges extend to their secret corporate sponsors as well. And for those kinds of privileges who *wouldn't* sponsor them?

What about cheat haters? (1)

AlienSexist (686923) | about 8 months ago | (#46266505)

I've known gamers to frequent cheat sites just to see what the cheaters are using and what is possible to exploit When a legitimate player suddenly faces inexplicable challenges sometimes they go find where people are downloading their skills/advantages from in order to explain their new struggles. Often times it starts with the feeling "that HAS to be a cheat" then digging around finding if there is a cheat the enables that behavior.

Re:What about cheat haters? (1)

Rich0 (548339) | about 8 months ago | (#46266549)

I imagine that they'll get the same experience as somebody who runs a Tor relay-only node. Admins will block them because it is easy to do, and has a minimal impact on their sales. They really don't care if it has no impact on security.

Re:What about cheat haters? (0)

Anonymous Coward | about 8 months ago | (#46266667)

I swear, I just read it for the articles.

This is the VAC and not steam client (1)

Anonymous Coward | about 8 months ago | (#46266509)

Keep in mind they're talking about the VAC software and not the steam client. VAC runs when you run a game that supports it. (The wiki page has a list of games though I do not know how up to date it is.) The Steam client doesn't do this reporting itself.

Re:This is the VAC and not steam client (1)

Torp (199297) | about 8 months ago | (#46266593)

And this makes it better how?

Article based on REDDIT post (5, Funny)

Anonymous Coward | about 8 months ago | (#46266517)

The article is based on a REDDIT post. We all know they are always 100% accurate and credible. They did catch the boston bombers afteralll!

journalism at its finest.

Re:Article based on REDDIT post (-1)

Anonymous Coward | about 8 months ago | (#46266605)

what an utterly pointless and bitter post, will the reddit boys & girls not give your football back?

Re:Article based on REDDIT post (0)

Anonymous Coward | about 8 months ago | (#46266817)

But we hate Valve, so it must be true. Just have some faith.

Re:Article based on REDDIT post (0)

Anonymous Coward | about 8 months ago | (#46267017)

Now if only there was another interesting source of news articles

This is why you should use the apk host file. (1)

Anonymous Coward | about 8 months ago | (#46266527)

Obviously it blocks malicious behavior such as this.

Time to run apps as if they were applicances? (1)

davidwr (791652) | about 8 months ago | (#46266531)

Perhaps its time to put certain applications, such as web browsers in their own "VM appliance" to isolate them from being spied on or misused by other apps.

In the meantime, get into the habit of using your browser's "privacy mode."

If games and other apps that don't "need" to work with your other applications can run in a VM without an unacceptable performance hit, consider putting them in such a box as well.

If your OS supports running apps in sandboxes/jails and your favorite games work well in such an environment, that may be easier than putting them in a full-blown VM.

Re:Time to run apps as if they were applicances? (1)

Immerman (2627577) | about 8 months ago | (#46267005)

Perhaps its time to put certain applications, such as web browsers in their own "VM appliance" to isolate them from being spied on or misused by other apps.
\In this case that would have no effect - the DNS cache is (indirectly) accessed by every 'net enabled application on you computer.

Or perhaps it's time to start implement finer-grained permissions for all applications, such as the security system OLPC was experimenting with. There's no reason anything in my game library should be able to look at anything except the application and save-game folders. A document editor may need access to your complete documents folder and external media, but there is no reason for it to be able to examine what other programs are installed on my computer. And *nothing* should be able to touch my web cam without explicit permission. Law enforcement can already listen in on any conversation that takes place within earshot of a telephone, but there's no reason to let nefarious individuals do the same thing with any conversation within earshot of a laptop/tablet/etc.

AppArmor (0)

Anonymous Coward | about 8 months ago | (#46266535)

That's why my steam client and games are confined to an AppArmor profile.

they know where you porn, (0)

Anonymous Coward | about 8 months ago | (#46266573)

where you bank, where you talk politics, who your friends are, what your secrets are...

solutions to this might be drastic (0)

Anonymous Coward | about 8 months ago | (#46266581)

I still haven't purchased a single game that requires Steam, Microsoft Live or the like. It sucks, but it is what it is. I fully intend to do whatever it takes to defend my First Sale Doctrine rights and purchase physical versions I can re-sell later on. Until these rights are extended to digital goods, I'm gonna die one grumpy dude playing CIV II, III and IV, but never V, Dawn of War and all the expansions, but never DoW II and so many other titles.

At least I have my PS3, and so far, PS4 titles that don't require Online Passes...

I'm voting with my dollars.

DEBUNKED (5, Informative)

Anonymous Coward | about 8 months ago | (#46266601)

This story is being debunked in the original reddit thread.

http://www.reddit.com/r/technology/comments/1y4za5/steams_vac_now_reads_all_the_domains_you_have/

Re:DEBUNKED (0)

Anonymous Coward | about 8 months ago | (#46266733)

Ok maybe they are not doing it. However, it is an interesting idea. Using other applications on your system and scanning thru them and sending the data back. Obviously you want some sort of sandboxing. How do we as end users enable this behavior? If it does not exist how do we as developers build it? Then on the flip side there are many applications I want to share data between. For example doc files I want them to be seen by both the editor and my email application, however not by my steam instance. But sometimes I would want to enable that behavior?

Re:DEBUNKED (0)

Anonymous Coward | about 8 months ago | (#46266917)

Scanning the DNS cache, looking for suspect sites, is apparently common technique for other anti-cheat tools like PunkBuster. There's nothing in the original "article" (*cough* astroturf *cough*) to indicate that Steam is sending the analyzed DNS data back to their mothership. They're not Canonical and Ubuntu, after all, Steam actually *has* a business model.

Now *if* Steam collected the data, what could they do with it? They could sell it, data on what web sites gamers like to visit could be valuable. They could also analyze it for tuning ads on their own Steam client for their own customer, which could even be done loally but is more easily done upstream. And they could *analyze the DNS data from know cheaters for common sites!*, and use that to flag customers as "keep an eye on this one". That would be exactly the kind of system monitoring a political or law enforcement or divorce lawyer analysis could find intriguing, without requiring decryption or complex analysis of logs that might be harder to find.

So it's raised an interesting question.

How ironic . . . (1, Insightful)

Kimomaru (2579489) | about 8 months ago | (#46266645)

I thought the point of playing a game was to relieve stress. Getting online to play something is starting to become more involved and complex than most people's jobs. It is kind of a shame, though, that people take Counterstrike and Call of Duty so seriously that they need to scam the system. Defeats the purpose, no?

Promise not to share (1)

gmuslera (3436) | about 8 months ago | (#46266707)

... unless an employee decides to use it, a secret order of the NSA requires to disclose it, their servers get hacked (by the NSA, other countries intelligence agencies, hacking groups, or script kiddies) or the protocol have a vulnerability or the information can be captured and decrypted. The respect of privacy by US companies had become an oximoron. Is a promise that they can't possibly honor, and they are too big to close doors like Lavabit if the NSA want their customers data.

Isolate browsing (0)

Anonymous Coward | about 8 months ago | (#46266755)

You should be isolating your web browsing on a vm you use only for that anyway.

This isn't as hard to combat as you think.... (1)

Todd Hofer (3540871) | about 8 months ago | (#46266781)

The easiest thing to do is, is created a batch script that empties your history and flushes your DNS. After that, it opens steam. Assign your steam icon to that batch file. Problem solved.

Ineffective anti-cheat mechanism, no? (1)

rnturn (11092) | about 8 months ago | (#46266835)

It wouldn't, for example, prevent anyone from cheating by doing some browsing at the local coffee shop to find the cheats and then coming home to play games on the desktop system at home.

This is hacking (1)

Anonymous Coward | about 8 months ago | (#46266855)

If an individual does something like this, you can bet the government would charge them with computer crime under the Computer Fraud and Abuse Act. If a company does it, nothing gets done.

uninstall (0)

Anonymous Coward | about 8 months ago | (#46266899)

time to uninstall steam and stop getting anything from valve

that insane... (0)

Anonymous Coward | about 8 months ago | (#46266907)

so now no one with a CS degree can play on steam!? REALLY!? who the hell thought this was a good idea...

Different question (0)

Anonymous Coward | about 8 months ago | (#46266953)

The question is not whether Steam is doing it.

The real question is what is there to stop them from doing this, or worse. Now, or in the future.

Steam is a company, it won't die with the death of its dictator-in-chief. Today we a graced with benevolent chap, but the next chap might decide to tighten the screws.

So, what you gonna do about it?

Me, I personally thought about complaining to UK office for fair trade (or some such name) about potential case of tying here, which is illegal in UK. But other than that, I have no idea what one can do. Tying means selling you one product but also implicitly tying into using another service, where you can't use product you bought without using the service also.

Good not to be a gamer (1)

erroneus (253617) | about 8 months ago | (#46267021)

I have a non-addictive personality in general... perhaps it would be more accurate to say "anti-addictive" as there have been times when I would go overboard with some activities. X-Wing vs Tie Fighter, for example, cost me hundreds of dollars in "sick days" after calling in to work because I wanted to accomplish something. (Sick and stupid right?) I came to my senses after a paycheck demonstrated the value of my lost time. Anyway, I don't really play games which are time consuming and/or deeply involving... not often anyway.

But if I were a gamer, I would be intensely offended by Valve's activities. Then again, I spent some really late nights playing Halo 2 losing sleep and feeling miserable... yeah... I did it again. Didn't cost me money, but cost me in health and rest and all that. It was while playing that and similar games that I really appreciated how much I hate cheaters. Aim-bots and all this other crap just served to anger me...which kept me awake playing. Eventually, I woke up to what I was doing (again) and restored myself to healthier ways. But I do know cheaters see cheating as a game in and of itself which is why they do it.

So I understand why Valve wants to do it but as a Bill of Rights guy, I am deeply disturbed and disgusted by Valve's actions as well. (Yes, I know Valve isn't government but the principles have a way of bleeding into all walks and areas of life and it's quite likely that they are sharing data with government as just about everyone seems to be. Go visit Dick's Sporting Goods and see how much information they try to get from you when you buy guns and/or ammo. Holy crap it's scary and disgusting. And they CERTAINLY and DEFINITELY share data with the government electronically.)

I'm not going to say I don't care about this or that I don't have a dog in this fight. I do. I see many of the principles laid out in the BoR as common sense and as a structure for how to maintain mutual respect for various parties not only government.

Personally, I think people should stop playing shooting games and buy real guns and ammo. It's harder to cheat, for one, but is more expensive to be sure. But the effect of practice and skill certainly serve to trigger those accomplishment feelings. Also, PC gamers can also appreciate the desire to acquire high performance devices of all sorts ranging from scopes to lasers and all sorts of creative and amusing shotgun ammo. Caution: Guns and Ammo are expensive... way more than PC gaming. But the fun is unquestionable.

Stop using the software and services of these rights offenders entirely. They need to understand where the line should be drawn.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?