Welcome to Player Attack!

Report: Valve anti-cheat scans your DNS history

Valve is looking at your browsing history right now, if a recent report is to be believed. It seems that the company's Valve Anti Cheat system (VAC) reportedly looks at all the domains you have visited, and if it finds that you've frequented hack sites, who knows what actions it will take.

Valve Software

Keeping an eye on things

UPDATE: Gabe Newell, co-founder and CEO of Valve has made a statement about Valve, VAC and Trust, explaining that yes, the company is scanning your DNS cache, and detailing exactly why - as well as how it will affect you.

ORIGINAL POST:
Every time you visit a website, your PC stores a record in a Domain Name System (DNS) database. This is similar to your browser's cache, but keeps details across everything you use to access the internet - browsers, your email client, messenger programs, Twitter client, even that weather gadget that lives on your desktop.

The thing is, the DNS cache stores details of every site your computer has touched, whether or not you've actively visited it. If an article you are reading links to a blacklisted site, your DNS will record the address of that site, as well as the article. More subtly - if a page you are reading is using a graphic hosted on a blacklisted site, then that blacklisted site will again show up in your DNS. Even if you've never actively visited a cheat website, there may be traces of them in your DNS, and that's what VAC is reportedly now looking for.

The news was first posted to the Counter-Strike: Global Offensive Reddit, explaining that VAC now:

  • Goes through all your DNS Cache entries (ipconfig /displaydns)
  • Hashes each one with MD5
  • Reports back to VAC Servers

It is not immediately clear what happens to the MD5 hashed data when it returns to the VAC Servers, but it seems likely that the list is compared against a database of known cheating services or websites.

The new functionality has been slammed by gamers, who claim it is "more like spyware than anti-cheat". Valve has not responded to the allegations, but all Steam users have agreed to abide by specific online conduct and not to use cheats. The company's privacy policy also explains that Valve may collect "personally identifiable information", but promises not to share it with other parties.

VAC bans happen all the time, with more than 60 games using the service. The timing of this allegation is interesting - in recent days there has been a "huge" wave of bans, many affecting zombie survival title Rust, which uses the VAC system.

While it is an interesting anti-cheat approach, it is not infallible. Your local DNS cache is not stored permanently, and can be flushed with a simple command. We have contacted Valve to find out what's going on - but in the meantime, it can't hurt to be careful where you tread online.

Why not check out our latest vidcast!
Player Attack TV: April 11 2014, SE2 EP9 or subscribe to our YouTube channel.


  • Twitter
  • Facebook
  • email
  • Delicious
  • Google Bookmarks
  • Myspace
  • Digg
  • Reddit
  • StumbleUpon
  • N4G


  • Follow us on Twitter or like us on Facebook


Get The Latest Episode News
Email Address


57 Responses to “Report: Valve anti-cheat scans your DNS history”

  1. Easy resolve says:

    Simple resolve:

    “Clear Your DNS Cache to Protect Your Privacy

    Did you realize that the DNS cache on your computer is tracking everything you do, even if you use Google Chrome’s “Private Browsing” mode? Simply use this command line to view everything in the cache:
    image

    ipconfig /displaydns

    Then use this one to flush it: ipconfig /flushdns

    source: http://tinyhacker.com/hacks/clear-your-dns-cache-to-protect-your-privacy/47

    instructions on how to create a shortcut to run the task …

    Open NOTEPAD.EXE and insert this line :
    next SAVE AS and name it FLUSHDNS.BAT

    Next on your DESKTOP in a blank/empty area RMB and select NEW ==> SHORTCUT. This will open a DIALOG box that will allow you to BROWSE for FLUSHDNS.BAT where ever you decided to save it, and name it FLUSHDNS. After you finish you’ll have acFLUSHDNS icon on your desktop. Just click on it and it will run. You can RMB on the icon, select PROPERTIES and change the icon for it if you wish as well.”

    • Affable777 says:

      I really want to make this file you speak of. But your instructions are missing the main line for the NOTPAD.EXE

      All it says is “Open NOTEPAD.EXE and insert this line :”

      Please correct it, because I would really like to know

      • Chris says:

        Just write “ipconfig /flushdns”
        in the notepad text area. nothing else. Save it as that. Test that it’s working by using the ipconfig /displaydns command in cmd.exe.

    • Patrae says:

      DNS Resolver Cache is something that’s kept on your system in order to make accessing any resource quicker and easier. Its purpose is not to “track” everything you do, and frankly someone being this ignorant about DNS is infuriating.

      DNS is literally the backbone of our current internet, and without DNS caching, then (almost) every attempt to resolve a domain name would go to the DNS roots, which is just not feasible.

      The DNS cache clears records over 24 hours old automatically, and this is editable in your registry (N.B. Before making any changes to your registry, ensure you back it up).

      The main reason this suggestion to clear your resolver cache is stupid is the following:

      Each time your machine looks up a DNS record, it will go through the following steps until it finds the IP address of the name you are looking up (for example, microsoft.com):

      1.) Checks if your local machine has the name you are looking up
      2.) Checks your DNS resolver cache for the name (including HOSTS file)
      4.) Goes to the root server to find the authority for the top level domain
      5.) Goes to the top level domain server to find the server authority for the second level domain (.com domain server)
      6.) Goes to the second level domain server to find either the authority for the next domain, or the IP of the server requested (microsoft.com)

      If you continually clear your cache in order to “protect your privacy” you are actually creating a larger audit trail and slowing down access to material for yourself.

      In practice, your ISP also keeps a DNS cache of its own that will be looked at before going out to the top level server.

      I know this is not a 100% accurate descriptor of how DNS works (I have not included reverse lookups to determine authority, for instance), but I’ve written it in a way that should be understandable to most.

  2. Stranger on the Road says:

    “If an article you are reading links to a blacklisted site, your DNS will record the address of that site, as well as the article.”

    The DNS only knows the ‘domain’ part of the URL, it does NOT cache the page, infact it doesn’t know which page you visited or what you did in that website.

    Also it only keeps the domain resolution until it expires, the expiry depends on the setting of the DNS server that returns your queries. Connecting to something like OpenDNS or GoogleDNS (both of which have a 5 minutes time-to-live) will mean that the entry will be auto deleted in few minutes after you visit that site…. unless you changed your setting of the Windows DNS cache setting is messed up.

  3. zethreal says:

    @Stranger on the road – but Steam likes to stay running in the background. If you still have it running in the background, it technically only needs to be in your DNS cache for fractions of a second.

  4. […] http://www.playerattack.com/news/201…r-dns-history/ Now, while I don't like cheaters, I also don't like spyware. […]

  5. frankster says:

    There is scant evidence so far that this information is sent to Valve’s servers, instead of for example, being checked against a blacklist that is sent to the client.

  6. Freman says:

    net stop dnscache

  7. Raklödder says:

    Don’t be a part of Valve’s sheep herd, find out for yourself, why you shouldn’t trust Valve to begin with, and the same can be said about EA’s origin, Ubisoft’s Uplay and Xfire, all being DRM-service providers,

    if you want to be safe(r) install Linux and only use open source software, this comes from a Windows user, who have had enough of all this shit, governments and big corporations with monopoly who spy on us non-stop, smart meters, smart phones, smart kitchens, smart cars who track you non-stop (they prefer the word “smart” over spy grid, surveillance or tracking device, not being anti-technology) store all our phone calls, text messages, im-messages (instant messages such as skype and e-mail) bank transactions, habits, hobbies, education, friends, family, relations, sexual preferences and they’re the ones who go to war over territorial disputes, oil, gold, they’re the ones who steal from the unborn by (debt, inflation and taxation) and who divide and conquers us all, not the people, end-user or gamer,

    all the best from Sweden.
    /Raklödder

  8. Nope says:

    This command:

    ipconfig /flushdns

    Does NOT work on Windows 7.

    I can still see a long list of domain names after the command:

    ipconfig /displaydns

    And yes, I’m setup as admin.

  9. Nope says:

    This didn’t work either:

    > net stop dnscache
    > net start dnscache

  10. NopeAgain says:

    I see the problem. I have hundreds of websites blocked in my Windows hosts file.

    This command:
    ipconfig /displayns

    will show all of these domain names as 127.0.0.1 records.

    Is this bad?

    • NopeAgain says:

      Can Valve see all the records in my Windows hosts file?

      That is stupid if they can. These are all blocked 127.0.0.1 records.
      They are all malicious, ad tracking, spyware, etc… websites.

  11. […] posted a PlayerAttack report that Valve’s Anti Cheat System scans your browsing history to see if you visit…. The details were posted to the Counter-Strike: Global Offensive Reddit claiming the VAC goes […]

  12. […] Read the rest here: Report: Valve anti-cheat scans your DNS history « Player Attack […]

Leave a Comment

Article Details

Author Bio:

I like video games and music and cups of tea and noodles and beagles and colour-cycling LEDs.
Like me on Facebook?

Popular Articles

Dark Souls II PREVIEW: Dark Souls II

By Jonny Robot