Skip to main content

Valve Says Its Anti-cheat System Doesn't Spy on Users

Valve Software bossman Gabe Newell recently jumped on Reddit to dispel rumors that the company is spying on Steam users through the anti-cheat system (VAC). A Counter-Strike: Global Offensive thread claims that Valve recently changed the way the VAC worked, allowing it to read all domains that the player visits and then send that info back to Valve's servers.

"We don't usually talk about VAC (our counter-hacking hacks), because it creates more opportunities for cheaters to attack the system (through writing code or social engineering)," Newell writes. "This time is going to be an exception."

Newell explains that cheat developers create DRM and anti-cheat code for their kernel-level cheats because they have a hard time getting money from players. These DRM-laced cheats "phone home" to a DRM server that confirms if the player has indeed purchased the cheat. VAC checks for the presence of these cheats.

"If they were detected VAC then checked to see which cheat DRM server was being contacted," Newell writes. "This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. The match was double checked on our servers and then that client was marked for a future ban. Less than a tenth of one percent of clients triggered the second check. 570 cheaters are being banned as a result."

He says that the whole cheat vs trust scenario is much like a cat and mouse game. The specific cheat and anti-cheat solution that brought on the recent spying rumor was effective for 13 days. The VAC's solution is now no longer active because the cheat providers have found a way around it: manipulating the DNS cache on the customers' client machines.

"Kernel-level cheats are expensive to create, and they are expensive to detect. Our goal is to make them more expensive for cheaters and cheat creators than the economic benefits they can reasonably expect to gain," Newell writes.

He says that VAC is "a scary-looking piece of software" because it is trying to be obscure, sneaky, and going after code that is trying to attack it. Thus, one way to get around this scary software and generate revenue is for cheat makers to jump on social sites and create a cloud of distrust. That means Reddit users will likely see more comments about the VAC system.

Newell goes on to state that Valve does not collect a user's browser history, Valve does not care about what porn sites the user visits, and Valve is not using the success of Steam to go evil. "You have to make the call if we are trustworthy. We try really hard to earn and keep your trust," Newell concludes.

  • spartanmk2
    Still have respect for this guy not selling out to EA.
    Reply
  • dalethepcman
    "Valve does not collect a user's browser history, Valve does not care about what porn sites the user visits, and Valve is not using the success of Steam to go evil."

    Seriously though, if your cheating in an online game and worried about steam seeing the porn your browsing on the internet or whats in your DNS cache you should probably get out of the garage/attic/basement a bit more.

    Google already knows everything your doing and you don't see the NSA/DHS knocking on your door for downloading midget clown bestiality pron...

    "Who watches the watchmen?" /TinFoilHat.....
    Reply
  • back_by_demand
    I don't care who knows about my donkey porn, but I do care if some asshat cheats in CS:S
    Reply
  • Memnarchon
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
    Reply
  • edogawa
    12711258 said:
    I don't care who knows about my donkey porn, but I do care if some asshat cheats in CS:S

    That is a delayed system in terms of months.
    Cheaters learn, and adapt, they probably use separate accounts.
    Those games are always dirt cheap, so you can make 5 accounts for the price of 1.
    It does not function good in short or long term.
    Active admins are most effective.
    Reply
  • goodguy713
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
    If the NSA wanted to spy on you it wouldnt need to do so through valve or a video game. lol
    Reply
  • Memnarchon
    12711534 said:
    "Valve Says Its Anti-cheat System Doesn't Spy on Users" Yeah, NSA agrees with us...
    If the NSA wanted to spy on you it wouldnt need to do so through valve or a video game. lol
    Oh really?
    NSA Has Secret Agents Planted Inside World of Warcraft
    Reply
  • Maxor127
    Its anti-cheat system also doesn't stop cheaters because any game I've played that uses VAC has the worst cheating I've seen.
    Reply
  • SpadeM
    Biggest problem with VAC is not the delayed banning or checking for DNS cache entries that shouldn't belong. It's the fact that even for really old spin hacks, autoaims, wall hacks, the system does nothing. It doesn't ban the user automatically for hacks that have already been exposed.I'm all for sneakiness and what not, but when someone goes on a server with a 5 year old hack and blasts away at the opponents then ... 570 banned player out of millions isn't even scratching the surface.
    Reply
  • razor512
    The issue is that VAC does not work with the community.If they wante d to, they can implement a spam free support system by creating a vac screen recorder, and a report system for users with a paid game. False reports can be further be reduced by adding a warning system and ultimate account ban for false reports.This way, if there is a user who is clearly cheating, it can be recorded, then sent to valve. They can the monitor that user more closely to determine which Cheat is being used, then ban everyone using it.That would e better than their current me this that only focuses on cheats that their staff stumbles on.
    Reply