The past 48 hours have been a hotbed of roiling trust issues over in the Reddit Steam community, as one user claimed to have proof that Valve’s anti-cheating software, VAC, was sending browsing history data back to Valve servers and effectively tracking all Steam gamers. However, now Gabe Newell, Valve’s CEO, has come forward to deny these claims, explaining them away as another new addition to the company’s anti-cheating software.
The original claims came from this thread, which broke down what a Reddit user believed was essentially, Steam spyware. According to the post, Valve was going through user DNS cache entries and checking to see if they’d visited any sites that came from a Valve watch-list (linked with hacking/cheating) and would therefore use that as part of its ban system. It was all quite vague, with suggestions that Valve could keep the data for years potentially and that it might be using it to find out other information about its user base too.
However, now Mr Newell has straightened things out and explained instead that it’s to do with catching cheats that have actually paid to have an unfair advantage in-game – the worst kind of micro-transaction users.
“There are a number of kernel-level paid cheats that relate to this Reddit thread,” he began, suggesting that this would be a rare occasion that he’d lift the skirt on VAC, as doing so too often makes it easier for hackers and cheaters to get around it. “Cheat developers have a problem in getting cheaters to actually pay them for all the obvious reasons, so they start creating DRM and anti-cheat code for their cheats. These cheats phone home to a DRM server that confirms that a cheater has actually paid to use the cheat.”
What VAC was doing when the Redditor thought his browsing history was being parsed, was in-fact checking to see if there were any cheats present that “phoned home.”
“If they were detected VAC then checked to see which cheat DRM server was being contacted,” Newell continued. “This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban.”
While according to Mr Newell, cheat creators have already found a way to circumvent this check by modifying their ‘clients” DNS cache, he hopes that this roadblock will make it that much harder and more expensive for these types of cheats to be created in the first place and therefore less financially viable.
To sum it all up, Mr Newell responded to some simple questions in the most direct way possible:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don’t think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
Kitguru Says: I’d be pretty surprised if Valve, a company that despite annoying gamers with its lack of commentary on certain tri-game developments, has been very community focused for a long time, would suddenly about face and gather data on its customers – especially in the wake of PRISM revelations.