Valve has stepped up to answer allegations that the company’s anti-cheat system was scanning users’ internet history. Rather than a simple, sanitised press release or a refusal to comment on “rumours and innuendo”, Valve CEO and gaming hero Gabe Newell has personally responded.
Newell posted a lengthy statement to Reddit, where he addressed the issues of trust in the gaming community, and explained a little more about what’s going on behind the scenes.
We don’t usually talk about VAC (our counter-hacking hacks), because it creates more opportunities for cheaters to attack the system (through writing code or social engineering).
This time is going to be an exception.
Simply put: Valve is not interested in which porn sites you visit, but the company is scanning your DNS cache.
Newell explains that the cheats in question are commercially available, kernel-level paid cheats. Obviously, due to the nature of cheating, the developers have no problems in getting people to download their software – but paying for it is a different question. So, in an impressive turn of events, many cheats now include DRM and anti-cheat codes. These phone home to a DRM server that confirms whether or not a cheater has paid to use that particular cheat.
According to Newell, VAC was checking for the presence of these specific cheats, as part of an ongoing “cat-and-mouse game”.
If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban.
Newell further breaks protocol by talking explicit numbers: Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches.
As gamers were actively discussing earlier, it is relatively simple to manipulate a computer’s DNS cache – something the cheat developers were also aware of.
This specific VAC test for this specific round of cheats was effective for 13 days, which is fairly typical. It is now no longer active as the cheat providers have worked around it by manipulating the DNS cache of their customers’ client machines.
One of the bigger ramifications of situations like this one is that it impacts on the levels of trust gamers have with a company like Valve. The more people hear about things like Valve “tracking all of the websites you visit”, the more the cheaters and cheat developers win the battle.
Valve‘s admirable response is to make it clear what the company is doing – and why it is doing it – to ensure that gamers can make their own judgements about whether or not it has earned their trust.
tl;dr? From Gabe Newell himself:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don’t think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
To put it another way: VAC was looking at your DNS cache, but it was only looking for one particular phone-home call from one particular cheat. This was a banworthy offense. If it was not found, no further action was taken.