My DNS cache has more information and also more sensitive information then the processes running on my PC. A scan of my processes or a screenshot is directly related to what may or may not be influencing the game I'm playing, the DNS datapoint is of ancillary relevance. I just don't think that justifies its existence. I'd rather it not be there, but I'm not super angry about it.
Gabe Newell Responds On VAC Reports; We do not care what porn sites you visit
- Thread starter fluffydelusions
- Start date
My DNS cache has more information and also more sensitive information then the processes running on my PC. A scan of my processes or a screenshot is directly related to what may or may not be influencing the game I'm playing, the DNS datapoint is of ancillary relevance. I just don't think that justifies its existence. I'd rather it not be there, but I'm not super angry about it.
People home in onto technical terms they understand (DNS) and the title and just run wild with things.
All people read was DNS, VAC, send back to server and just ran with it. All of this was a small chunk of code that the majority of people have no idea what it does, found on a cheat forum trying to get around the VAC.
looooooooool gotdamn. I know who to add to my ignore list now, cya terrisus.
I'm glad that Valve communicates only when absolutely required; it's happened maybe once or twice with the Dota 2 devs and it works out beautifully.
Smokin' Sick Style!
Laughing Banana
Weeping Pickle
Stumpokapow
listen to the mad man
I guess I sort of see it as similar:
Search processes for targeted entry -> rely on trust that it doesn't see all your other processes, some of which might be private
Search open file handles for targeted entry -> rely on trust that it doesn't see all your other open file handles, some of which might be private
Search directory structure for targeted entry -> rely on trust that it doesn't see all your other directory structure, some of which might be private
Search DNS cache for targeted entry -> rely on trust that it doesn't see all your other DNS entries, some of which might be private
Search memory for targeted memory contents -> rely on trust that it doesn't see everything else in memory, some of which might be private
In fact pretty much all of these things are things that anti-virus programs also do to detect viruses. So it seems to me that, by design, anti-cheat programs need to do some sort of intrusive stuff. I mean, if your stance is that anti-cheating isn't worth giving that kind of access, then fair play. But it seems like this is roughly in keeping with the level of trust you need to give an anti-cheat program for any kind of cheat scans. Nothing seems materially different about DNS versus file handles versus memory.
But it isn't ancillary! If you're running this specific cheat, that specific DNS entry exists in your cache. Looking for this specific cheat signature is absolutely no different from scanning your processes looking for specific code running somewhere. That's not even getting into anything beyond the most basic, bare bones method of looking for cheats! These programs do all sorts of sneaky things and anti-cheat software like VAC comes up with all sorts of methods to detect them.
By looking at your processes Valve could easily report the existence of pirating software to Microsoft. They could take screenshot of that skype session with your girlfriend, potentially. If comparing a specific hash value client side is too far I cannot possibly see how any of that is not as well.
Dat implied "You're a known Steam hater so shut the fuck up"
Being a hater is a-okay, it's only when your hate interferes with your ability to be civil or informed that problems happen.
terrisus
Member
I don't think I said "Steam is evil," or really even discussed Steam much at all - just the VAC which was the topic of the thread.
But, I did enter the thread with a concern (and an issue with the way in which people with the concern were being addressed), which was then answered somewhat, and so I at least feel relatively better about it.
I certainly don't claim to know everything, and I'm glad some people were able to offer information that helped to clarify some of the issues that I had. And, once that happened, I accepted it. I don't see that admitting to that is a bad thing.
In any event, point taken about the other stuff. Yes, I'll freely admit that I don't like Steam and take issue with many of the things that they do. But, I guess complaining about it here isn't going to accomplish too much, so I'll just drop it. Sorry for the trouble.
Stumpokapow
listen to the mad man
Dat implied "You're a known Steam hater so shut the fuck up"
No, no, it's not that at all. If someone hates Steam, whatever, great (anyone can hate any platform, it's none of my business). I'm just saying that if you already know that you hate a platform, you're not likely to be charitable in how you approach new things about the platform, and that might cause you to make incorrect assumptions. And it speaks to the need to gut check yourself before declaring things quite so strongly, because the better move is sort of to investigate first, form provisional conclusions, follow up, revise. Like, if you know you have a blind spot, that's maybe a reminder that you're likely to miss something. I really wasn't trying to be a jerk or "lay the smackdown" or whatever, please don't cheer me for that. I was just trying to make it clear that I thought terrisus whiffed it big time and did so because he assumed his conclusion.
Laughing Banana
Weeping Pickle
Well, I only realized the added edit after I quoted and posted but honestly, yeah, before that, I think to myself that you're going too far with that post.
But eh,
To be honest I'm not super clear on the technical side of what VAC already does or what information it could collect from the things it already scans. If it's already as intrusive as claimed, then perhaps this is just a drop in the bucket. I guess I'm just not comfortable with giving cheat software the kind of access that makes it effective.
ElectricBlanketFire
Member
considering what other software/websites collect from you, this is the least harmful or intrusive. working on vac must be a pain in the ass, always cat and mouse game.
jim-jam bongs
Member
Opinions are great, opinions make GAF interesting. Dogma is dull and anathema to debate. It's like Bill Nye facing off against a creationist, amusing but ultimately not worth the effort.
terrisus
Member
Holy shit.
I do have to admit I was pretty impressed at that collection - a link for every word.
Buckethead
Banned
Kinda sucks that it was worked around by hackers already. Jesus. Nothing survives very long, and every attempt to curb cheating is met with extreme scrutiny. You have to wonder at what point do they just give up and let it all go wild wild west style.
I swear on my soul I was about to do this, but thought it wise to read the thread first.
I swear on my soul I was about to do this, but thought it wise to read the thread first.
RadioactiveLobster
Member
I really like it any time the "There is a Calvin and Hobbes comic that can apply to any situation" law is proven.
Any chance to read more Calvin and Hobbes.
SteveWinwood
Member
Are you playing on VAC servers?
I'm happy somebody brought up this point.
SteveWinwood
Member
I wanna say even though I've never played them COD does use it and you cant avoid it as all of the servers have it.
Valve games are totally different though as you can actually have custom servers.
What I learned from all this is that
- people actually buy cheats
- those cheats have DRM
That's pretty wild.
- people actually buy cheats
- those cheats have DRM
That's pretty wild.
I'd much rather have cheating.
TheRedSnifit
Member
EA has PunkBuster, which takes screenshots of your computer and sends them back to EA, which is bad even if we ignore its tendency to go through your installed programs and kick you if it finds one EA doesn't like. Yet if Valve did the exact same thing you'd be up in arms.
Hoho for breakfast
Member
Just an anecdote/story more than anything because I don't know anything about what Valve or anyone else does, but the technology for web monitoring has been available for a long time.
I used to be a mod/admin for an online game and one way of detecting cheats was to have a database of questionable web sites (sites where known cheats and such were available). If those sites were visited by a player while the game was running the player would be flagged and put in a database of possible cheaters and it'd show their game name and the website visited. Programs running on computers were also checked and some programs that may have been used to cheat were flagged.
Now this was only used to detect possible cheaters, but it could be easily abused if someone wanted to do so. But no as far as I'm aware nobody cared what websites were visited or what was running on your computer. It was all used strictly to catch potential cheats/cheaters.
I used to be a mod/admin for an online game and one way of detecting cheats was to have a database of questionable web sites (sites where known cheats and such were available). If those sites were visited by a player while the game was running the player would be flagged and put in a database of possible cheaters and it'd show their game name and the website visited. Programs running on computers were also checked and some programs that may have been used to cheat were flagged.
Now this was only used to detect possible cheaters, but it could be easily abused if someone wanted to do so. But no as far as I'm aware nobody cared what websites were visited or what was running on your computer. It was all used strictly to catch potential cheats/cheaters.
TheRedSnifit
Member
Search -> Steam -> Click first thirty threads -> F3 + terrisus
The best part imo, is where Gaben learned us about the social engineering aspect of this scenario. The idea of disparaging VAC, encouraging non-cheating players off VAC protected servers and onto unprotected ones for fodder, is devious. I hadn't considered this aspect before Gabens response. I used to just go for lowest ping, not really bothered about VAC, but now I'll be more considerate.
Well, no. If you actually read the quote, you'll see that he doesn't say that at all.
D
Deleted member 102362
Unconfirmed Member
This is the kind of communication I like to see from Valve.
Thanks for the transparency, Gabe.
Thanks for the transparency, Gabe.
Atraveller
Banned
I would if I could, bitch!
I'm pretty sure that you can't figure out open file handles for anything but your own process in Windows, unless that process has administrator rights.
The same should be true for memory contents. Which means VAC could check the game's own process memory, but only get names of other processes running under the current user - w/o memory contents of those processes.
Which means VAC could check memory and open file handles of the game, that is running, but nothing else. Which is fine in my book.
The DNS cache however is different. It's shared between all applications running on your system.
Looking at the process list, they could figure out that I'm currently running firefox - but nothing more. By looking at the DNS cache, they can figure out which sites I visited including my e-mail provider and much more. For example software that checked for updates and so on.
You could just extend your argument further and allow them to go through cheater's browser history, because "they are just looking, if the targeted user visited cheat websites". There is anti-virus software, that is monitoring visited websites to protect the user, so quite similar. Normally such anti-virus software doesn't send the visited websites back to the anti-virus company. And if they did, it would be a privacy violation as well.
I would have liked a more specific explanation. "If they were detected, VAC then checked to see which cheat DRM server was being contacted." - so is the DNS cache read for all users and the search is only done for those users. Or is the DNS cache read only for those specific users?
I also would have expected more of Gaben. Conspiracy theories "VAC is so good and effective that hackers will desperately try to attack people’s trust ", playing the whole issue down "what porn sites you visit" and also vilifying people, that don't like this specific behaviour of their software as cheaters / cheat creators. No Gaben, I'm not a cheater and I'm also not a cheat creator. I love you, but I also love my privacy and I just don't like software, that is snooping around in my DNS cache. And that's not because of porn sites, but actually EVERYTHING else. I would have prefered a "we possibly went overboard with VAC and didn't see privacy issues, we removed that code from it". Thank you very much.
For normal win32 programs, decompiling is quite impossible. I guess you meant using a disassembler. And that's really complicated work, especially for larger programs and takes ages to do.
Sure, one could create code, that injects itself into VAC and look around that way. But this may cause VAC to think, that the injected code is a cheat and ban you.
That only helps for unencryted data. For encrypted data you just know that it's transmitting something. And in Valve's case their software is supposed to communicate with their servers and the game's servers. That's expected. And I bet that the communication is encrypted, which means Wireshark wouldn't help at all.
I actually figured out that Firefox is sending out data to google right when starting it. I searched around a bit and found out that it's a "feature". I don't like software, that is connecting to google without my approval especially after the NSA leaks, so I switched that specific feature off.
Exactly. It's literally impossible to make absolutely sure, that there is no software on your computer is spying on you and sending sensitive data out. Plenty of software does auto-updates. Firefox plugins are auto-updated every now and then, which means you would have to monitor everything constantly to make sure. But that simply doesn't excuse any software in that regard.
If you have nothing to hide.........
This isn't the government this is a private company that deals with entertainment. It's interest to ensure certain users are playing fairly. If you don't like the policy then don't use steam. Personally I don't care cheating is so vile to some of the games I play I'm glad they nail cheats in this manner.
SolidsnackooFoxhound
Banned
I do believe this. The people that develop these cheats use them as a source of income.
charlequin
Banned
Then they... probably should steer clear of games that use anti-cheat systems? I mean, there actually isn't a way to create system that protect against cheating that aren't "secretive systems analyzing private information on their PC." Playing in a VAC-enabled game, on a VAC-enabled server, is a choice you make that involves getting a specific benefit (hopefully, a lack of cheaters on your server) in exchange for a specific sacrifice (letting the software scan your system and make sure you're not cheating.)
As stump mentioned, this is pretty similar to the privileges you'd expect to give to something like an anti-virus, and Valve are even using the same sorts of techniques to preserve user privacy that would be used in an anti-virus program to keep local detections from sending private info back to the company.
Gabe specifically answers this in the thread. Going to a cheat website will not get you banned. That isn't what is being looked up. Only the "non-web phone home signal" which if detected flags a user for ban. Apparently that system is obsolete anyway now.
NTIETS13A_Superiority
Banned
Why so dishonest Gabe? You clearly search for suggestions for your own porn consumption.
I am in absolute awe Mr Stump. Mod of the year of all years
Monocle
Member
I resent Gabe's implied rejection of my excellent taste in porn.
Whoa. Stump for President.
D
Deleted member 102362
Unconfirmed Member
If anything, VAC makes me feel more comfortable using Steam and playing multiplayer games than without.
