A report surfaced two days ago on Reddit that claimed anti-cheat software used by video game developer Valve was allowing the Half-Life 2 and Steam creator to spy on its users' internet histories. Now, in a statement also issued on Reddit, Valve co-founder Gabe Newell has denied the accusation directly.
The original report said that Valve Anti-Cheat (VAC), software designed to stop the use of hacks and cheats in many games available on Steam, was pulling DNS data from its users' computers, before sending it back to Valve, a process that it suggested was designed to allow the company to build a picture of Steam users' browsing habits. Newell, who rarely addresses such conjecture directly, responded to the concerns with a short Q&A.
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don't think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
Newell also explained the reasoning for VAC's use of DNS data, explaining that as cheats get more advanced, cheat creators for Steam's online games can charge money for their hacks. Many, Newell said, also create DRM and anti-cheat code for their original hacks, designed to ensure a cheater has actually paid for their cheat. Those cheats "phone home" to an external DRM server that confirms a cheater has paid to use the cheat, a process that leaves a tell-tale trail in the users DNS entries. If found by VAC, then details of the matching DNS entries would be sent to Valve's VAC servers. The details would be checked one final time, and that client would be marked for a future ban.
DNS entries were apparently checked to search for the presence of specific cheats during a 13-day period
VAC's use of DNS data in this manner apparently continued for a 13-day search for "a specific round of cheats," during which, 570 cheaters were banned. The VAC test that checked DNS records for the offending entries is now, according to Newell, no longer active as hackers have already adapted. "Cheat providers have worked around it by manipulating the DNS cache of their customers' client machines."
The apparently inaccurate suggestions of the original report could've been due to misunderstanding. Newell called VAC "inherently a scary looking piece of software," because it was "trying to be obscure," and explained that Valve doesn't usually talk about its anti-cheat efforts "because it creates more opportunities for cheaters to attack the system." But he also said that as VAC gets better at stopping cheaters and the cost of developing new cheats rises, the number of complaints about VAC's nefarious intentions will increase. "For most cheat developers," he said, "social engineering might be a cheaper way to attack the system than continuing the code arms race, which means that there will be more Reddit posts trying to cast VAC in a sinister light."