Valve: Our anti-cheat software doesn't record DNS data; we don't 'care what porn sites you visit'

Valve is defending itself against claims from a Reddit user that the VAC anti-cheat software used in its games is recording the DNS data of gamers. Its CEO Gabe Newell posted a response on the same site saying that is not the case.

The accusations started over the weekend, when Reddit user "theonlybond" posted a claim on the "Counter-Strike: Global Offensive" subreddit that VAC  "Goes through all your DNS Cache entries ... Hashes each one with md5" and "Reports back to VAC Servers."

The accusations generated a lot of hits on Reddit, so much so that Newell decided to post his own response on the site. He admitted that Valve doesn't like to talk much about how VAC works so that cheaters can't use the information to beat their software, but that the Reddit claim about DNS data gathering demanded an exception.

Newell says that some developers are actually putting in DRM and anti-cheat code for their own cheats, so that users have to pay for them. If gamers do decide to pay money for cheat software, that information is then sent to a DNS server so that the code is unlocked. He said:

VAC checked for the presence of these cheats. If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban. Less than a tenth of one percent of clients triggered the second check.

Newell said they were able to detect this method for about 13 days, after which the anti-cheat coders figured out a way to change the DNS cache of their user's PCs. He also suggested that cheat code developers were behind this attack on Valve and VAC, saying, "If 'Valve is evil - look they are tracking all of the websites you visit' is an idea that gets traction, then that is to the benefit of cheaters and cheat creators." 

The bottom line, according to Newell, is that Valve is not using VAC in its games to track a user's browser history, and added, "Do we care what porn sites you visit? Oh, dear god, no. My brain just melted."

Source: Reddit and Reddit | Image via Valve

Report a problem with article
Previous Story

Sony: PlayStation 4 worldwide sales top 5 million, exceeding predictions

Next Story

HTC to announce new flagship on March 25th

26 Comments

Commenting is disabled on this article.

So, he doesn't care what porn sites you visit, but he's pretty much confirmed he knows who visits them.

Obviously a guy like that doesn't get it. It's not whether he cares that people care about, it's whether he knows...and he does. So who is he trying to reassure with comments like these?

_dandy_ said,
So, he doesn't care what porn sites you visit, but he's pretty much confirmed he knows who visits them.

Obviously a guy like that doesn't get it. It's not whether he cares that people care about, it's whether he knows...and he does. So who is he trying to reassure with comments like these?


You, sir, have cracked this case wide open. I never even thought to look at this way. Ladies and gents, you heard it here first: steam porn is on the way!

Seriously, using VAC to grab preliminary data on what "content" their customers would prefer under the guise of "finding cheats?" Truly diabolical.

All this does is take a list of every server you've visited recently, turn them into a series of MD5 hashes, uploads those hashes to valve where they're processed and stored based upon a policy that isn't disclosed.

As you can see, this is perfectly safe and not open to abuse at all.

It's kinda sad that this whole issue got blown this far out of proportion. Granted, the whole DNS-checking thing is stepping a little bit too far, even for a trusted company like Valve. Though it is good to see that GabeN himself realized that and stepped up to admit it and let us all know what was going on.

On the other hand, I don't see why any of this is too surprising. VAC is easily Valve's most controversial product. It's been well known since the beginning that it goes to pretty extreme lengths to detect and flag cheaters. And it's been an uphill battle since cheaters have gotten ridiculously desperate over the years. I mean, come on…DRM-protected cheats? Again, not surprising, but still pretty sad. At least VAC is evolving to catch even that. At the end of the day, it's just a necessary evil. Yeah, it has some questionable methods, but it gets the job done about as well as it could.

Kudos to Valve really for having Gabe respond to criticism and help clear things up on Reddit. I do genuinely believe Valve are some of the few remaining 'good guys' out there who do only have gamers interests at heart.

Cheating ruins online gaming, so it's easy to understand why they're going to such extreme measures to try and catch those out. Thing I don't understand is why people do it? It's normally clearly obvious if you're cheating, you only piss off other gamers, and it's not like your "talents" will get you anywhere as you couldn't play for a clan or in a tournament as you'd be busted and sacked immediately.

Who cares, the NSA/GHCQ can see and hear everything you do, even you (if you have a webcam).

Oh and that illusion of security/encryption flew out of the window(s) a very long time ago...

Want privacy? don't do/go online - stick to the real world...

The NSA? Every ISP has DPI (Deep Packet Inspection) systems which track and manipulate traffic based on usage and priority. These systems read packets and can intercept pretty much every protocol header there is. ISPs can shape traffic based on even the domain rather than the protocol. It was giving me chuckles how much Gbps was actually being used on porn.

People are worrying about the wrong things. ISPs have been tracing and recording this information for years. You don't want your Netflix streams to keep buffering do you?

Not every ISP. ISP's can not use DPI in my country on consumer connections.
ISP's are not allowed to discriminate data that flows over the cable.
Internet equals public transit.

Simon Fowkes said,
Want privacy? don't do/go online - stick to the real world...

Except for those pesky street/red light/security window/geo-mapping/satellite cameras, microphones, and technology.

Want full privacy? Dig a deep hole, jump in, and pull the dirt over you.

it just there so the dns history lookup data can be sold to advertiser. extra incomes.
why do you think google let you use their dns server for 'free'? its because google want to compiles a profile about your dns histories.

Torolol said,
it just there so the dns history lookup data can be sold to advertiser. extra incomes

* Citation needed

Steam is as close to a trustworthy company as you can get. Show me where they have actually broken the trust of companies?

Or show logs - actual reproducible proof - that has your browsing history sent to Steam.

You know... like proof that Sony installed root-kits on computers or Starforce destroying PC performance. Actual malice.

PROVE the actual ill intent and I'll stop trusting Steam. Until then? This is smoke & mirrors and FUD against one of the few companies I can say I respect (although they COULD work on releasing Half Life more than once ever 10 years).

Torolol said,
it just there so the dns history lookup data can be sold to advertiser. extra incomes.
why do you think google let you use their dns server for 'free'? its because google want to compiles a profile about your dns histories.

Yes but, for a "free" service, 8.8.8.8 is pretty decent.

I does produce false positives. I was banned from a Steam game once and have never used hacks. If you join a random hacked server there is always a chance you will be banned for nothing.

Geoffrey B. said,
and this is only really a problem if you are a cheater so i do not see much of a big deal here.

Unfortunately it's never that simple. There's nothing to stop malicious individuals from bundling cheats in mods with the sole intention of getting people VAC banned, or a malicious 'friend' getting back at you. It concerns me, as a legitimate gamer who has never cheated, that VAC bans are permanent and apply even if your account was hacked and demonstrably out of your control. As someone who owns over 500 games on Steam it concerns me that Valve has so little accountability and has so much control over my gaming experience.

I fully support efforts to prevent and punish cheating but my concern is the impact it has on legitimate users. The cheaters will keep creating new Steam accounts to get around VAC bans, so it's legitimate users who are most affected when things go wrong.

And of course we couldn't get through a topic like this without the NSA getting brought up. "btw, hi NSA if you did a keyword search and found us...lol"..

-adrian- said,
Well the NSA spying on everyone is also just a problem when you are a terrorist (or similar). How naïve.. boy

Valve != NSA. The intents are completely different.

Oh god why am I even replying.

"Do we care what porn sites you visit? Oh, dear god, no. My brain just melted."
3 capital letters - Half Life 3... confirmed!

sagum said,
"Do we care what porn sites you visit? Oh, dear god, no. My brain just melted."
3 capital letters - Half Life 3... confirmed!

Team Fortress 3 CONFIRMED INSTEAD!!

Lord Method Man said,
I guess I was naïve in hoping we could get through this article without these asinine comments.

I too was too naíve.