Slashdot Mirror


Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS

dotarray writes "Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitized press release or a refusal to comment on 'rumours and innuendo,' Valve CEO and gaming hero Gabe Newell has personally responded." Newell or not, not everyone will like the answer. The short version is that Yes, Valve is scanning DNS caches, with a two-tiered approach intended to find cheating users by looking for cheat servers in their histories. Says Newell: "Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches."

6 of 511 comments (clear)

  1. Still abusive by i+kan+reed · · Score: 5, Insightful

    Sorry Gabe, you're not allowed to see my DNS history. You aren't allowed to see GabeNewellNatiliePortmanHotGritsFanFiciton.net in my history. That's not allowed.

    1. Re:Still abusive by wagnerrp · · Score: 5, Insightful

      It's more like an anti-theft service that when it thinks the laptop may have been stolen, it then turns on the camera to see who is using the laptop. Access to the DNS cache is only triggered by some other first-tier behavior.

    2. Re:Still abusive by CrankyFool · · Score: 5, Insightful

      This isn't quite the same as that old "well, just don't use it" canard.

      Valve was engaging in a set of behaviors which you considered acceptable, and so "purchased" (more on why "purchased" is in quotes in a second) some games from them.

      They've changed their behavior. Let's say you don't want to do business with them anymore. You could, of course, stop using Steam ... and lose access to all your games, which you probably thought you "purchased" in some sort of "I can use it for the rest of my life" sense, but actually just got a license to use for as long as they feel like it. This is different from a "service" where the expectation is that the benefit you're getting from them is recurring on some sort of cycle.

      Someone will, doubtlessly, point out that you can put the Steam client into offline mode. To which I'll say that you can't do it indefinitely. To which they'll say "but Valve says you should be able to do that," to which I'll point to http://www.pcgamer.com/2013/11... which basically says "Valve says they want to make offline mode work 'forever', but they're not there yet."

      It doesn't really matter, IMHO, that the scope of what they did here was relatively minor. The issue is that Valve, much like Sony, feels like they can trawl through your computer in areas that have nothing to do with playing the game. Today it was minor because it makes sense to start small; but if they feel comfortable trawling your DNS history -- and Newell clearly says that he has no problem with this practice -- what else do they feel comfortable doing?

    3. Re:Still abusive by vux984 · · Score: 5, Insightful

      I am not the person you are responding to, but for my part:

      At this stage I have no real gripe at all and would have opted into this without hesitation, had it been disclosed. (I also understand that disclosing it mitigates its effectiveness as the cheat makers will now all switch to ip based lookups, or rotating dns names etc to make detection more difficult, however, as this cat and mouse game between valve and cheaters is being waged on MY computer I still feel I should have some idea what is going on.)

      That said, I do find it... somewhat disturbing that they took the liberty they did. The fact that they didn't abuse it still raises the issue that they could have.

      When the next shoe drops will it be revealed that some anti-cheat / anti-virus / anti-malware software is quietly reading my bank statements when I view them online automatically for evidence of cheating / infection / whatever.

      And it raises the point yet again just how little we collectively realize what applications are doing with data on our system, how desperately we need to figure out how to mainstream sandboxing / selinux type permissions / application partitioning etc in a way that makes it both easy and reliable, and how much information even the host operating system leaks about us to other applications.

    4. Re:Still abusive by Minupla · · Score: 5, Insightful

      OK, I'm going to rant a bit here, and it's not specifically directed at the parent comment.

      Hashs are NOT a form of magic pixie dust you spread on information to make them magiclly private.

      Consider:
      You enter your SSN, the app hashes it and then sends it to me to compare against a hashed list of SSNs from some other source. I never get your unhashed SSN.

      Are you safe?

      No. There is NOTHING preventing me from hashing every possible SSN and comparing them. the total number of possible SSNs (ignoring for the moment that I can narrow the attack space significantly by ruling out SSNs that have not been issued yet) is not computationally prohibitive to search, even salted.

      OK, now bringing us back to the case in point.

      Does hashing the DNS address provide you any useful privacy preservation benefit?

      Well Valve has already said that they have a list of DNS addresses they're searching for. Ergo, they have hashed that list ot compare against your DNS. How hard would it be to hash the $(sites viewed as evil by your cultural/legal framework) and compare it to your hashed DNS list. Trivial.

      Do you feel like your privacy is preserved?

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
  2. Better than nothing by BlackPignouf · · Score: 5, Insightful

    I don't like the answer, but it could be worse, and it's nice the director answered honestly.