A few days ago, some eagle-eyed gamers exploring the code that runs Valve Anti Cheat (VAC) spotted some disconcerting lines. In short, it looked, initially, like Valve was taking the contents of a user's DNS Cache and reporting back to VAC's servers with it. That, of course, would be a huge violation of the trust Valve has built within the gaming community.
It wasn't too long, though, before Valve's Gabe Newell decided to address the issue in a lengthy post on Reddit. In the post, Newell talks about the way this element of the software actually works, the reasoning behind it, and VAC's relationship with the community.
"Trust in the developer, trust in the system, and trust in the other players," Newell explains, are all important parts of a multiplayer gaming community. Cheats, he says, harm the majority of players less than they help the minority that chooses to take advantage of them. "There will be thousands of cheats created for a game like Counter-Strike," Newell says. "Of those, several hundred will be in use at any given time, created by ten or twenty different groups. Those groups will not only create the cheats themselves, but they'll also engage in social engineering," he added, doing things like compromising users' trust in the system itself.
With these ideas in mind, Newell says, he felt it necessary to explain VAC's new behavior.
In addition to the cheats one can download for free off the internet – easily installed, easily detected – there's an entire community devoted to paid cheats. The cheats, interestingly, engage in the exact practice that so many fans find outrageous in legitimate gaming software: DRM. DRM phones home to a server to confirm that the cheater is paying for their cheat. VAC's new behavior checks for the presence of these cheats. To do this, part of the detection method looks for "a partial match to those (non-web) cheat DRM servers in the DNS cache" of a user's computer. If a match is found, VAC will contact Valve's servers to double check the information.
Less than one tenth of one percent of clients resulted in this check being initiated, or about 570 cheaters.
"The process of building safe systems for users and those systems being attacked by malicious players is a constant arms race; circumventing spam detection, anti-virus clients, and even Valve Anti-Cheat are subject to this," said Newell. Cheats of this nature are "expensive to create, and they are expensive to detect," Newell says, and the goal is to tip the cost-benefit scale so that it's not worth cheating or even creating the cheats.
Whether the original poster was just a community-oriented software explorer or someone that plays a role in the creation of these cheats, the net result of the original post was to compromise trust in Valve's software. Newell says that, even though it risks the effectiveness of VAC, he would rather make it clear that Valve is doing.
Newell capped off the post with a short FAQ:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted. 3) Is Valve using its market success to go evil? I don't think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
The top comment on the thread does a good job of summing it up: VAC isn't pulling DNS for the entire machine, but looking for the record of the call to the cheat server by the cheat itself. Looking at the cheat site won't get you banned. With the actions of the NSA calling wider privacy assumptions into question, people are already paranoid about their privacy, and situations like this prey on that paranoia.
It seems like Valve is being straight-forward about their actions and intentions, but Newell leaves it up to the reader to decide how they feel. Gamers can choose not to play games that are watched by VAC and avoid the situation altogether if they are uncomfortable with it.
The Galaxy S20 Ultra's Space Zoom camera is amazing and a bit creepy
The Galaxy S20 Ultra supports up to 100X zoom, which Samsung calls Space Zoom, but is it any good? Can a phone really product usable photos at 100x zoom? We've got our Galaxy S20 Ultra already so join us to find out!
Win an iPhone, iPad and Apple Watch with the Reader's Choice giveaway!
What's the best phone of 2019? Is it the iPhone 11 Pro, Pixel 4 or OnePlus 7T? What about the best laptop, games console, tablet and more? Vote NOW in the Reader's Choice awards and win BIG in time for the holidays!
Here are the best products from IFA 2019!
Here are the products announced at IFA 2019 that were worthy of our Best of IFA 2019 awards. Also featuring MrMobile's single best product at the show!
The Dungeons and Dragons loot you always wanted
These are the accessories you need to be at the most prepared D&D player at your table.