A few days ago, some eagle-eyed gamers exploring the code that runs Valve Anti Cheat (VAC) spotted some disconcerting lines. In short, it looked, initially, like Valve was taking the contents of a user’s DNS Cache and reporting back to VAC’s servers with it. That, of course, would be a huge violation of the trust Valve has built within the gaming community.
It wasn’t too long, though, before Valve’s Gabe Newell decided to address the issue in a lengthy post on Reddit. In the post, Newell talks about the way this element of the software actually works, the reasoning behind it, and VAC’s relationship with the community.
“Trust in the developer, trust in the system, and trust in the other players,” Newell explains, are all important parts of a multiplayer gaming community. Cheats, he says, harm the majority of players less than they help the minority that chooses to take advantage of them. “There will be thousands of cheats created for a game like Counter-Strike,” Newell says. “Of those, several hundred will be in use at any given time, created by ten or twenty different groups. Those groups will not only create the cheats themselves, but they’ll also engage in social engineering,” he added, doing things like compromising users’ trust in the system itself.
With these ideas in mind, Newell says, he felt it necessary to explain VAC’s new behavior.
In addition to the cheats one can download for free off the internet – easily installed, easily detected – there’s an entire community devoted to paid cheats. The cheats, interestingly, engage in the exact practice that so many fans find outrageous in legitimate gaming software: DRM. DRM phones home to a server to confirm that the cheater is paying for their cheat. VAC’s new behavior checks for the presence of these cheats. To do this, part of the detection method looks for “a partial match to those (non-web) cheat DRM servers in the DNS cache” of a user’s computer. If a match is found, VAC will contact Valve’s servers to double check the information.
Less than one tenth of one percent of clients resulted in this check being initiated, or about 570 cheaters.
“The process of building safe systems for users and those systems being attacked by malicious players is a constant arms race; circumventing spam detection, anti-virus clients, and even Valve Anti-Cheat are subject to this,” said Newell. Cheats of this nature are “expensive to create, and they are expensive to detect,” Newell says, and the goal is to tip the cost-benefit scale so that it’s not worth cheating or even creating the cheats.
Whether the original poster was just a community-oriented software explorer or someone that plays a role in the creation of these cheats, the net result of the original post was to compromise trust in Valve’s software. Newell says that, even though it risks the effectiveness of VAC, he would rather make it clear that Valve is doing.
Newell capped off the post with a short FAQ:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don’t think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
The top comment on the thread does a good job of summing it up: VAC isn’t pulling DNS for the entire machine, but looking for the record of the call to the cheat server by the cheat itself. Looking at the cheat site won’t get you banned. With the actions of the NSA calling wider privacy assumptions into question, people are already paranoid about their privacy, and situations like this prey on that paranoia.
It seems like Valve is being straight-forward about their actions and intentions, but Newell leaves it up to the reader to decide how they feel. Gamers can choose not to play games that are watched by VAC and avoid the situation altogether if they are uncomfortable with it.