Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gabe Newell Responds: Yes, We're Looking For Cheaters Via DNS

Posted by timothy on from the but-maybe-you-were-just-visiting dept.

dotarray writes "Valve has stepped up to answer allegations that the company's anti-cheat system was scanning users' internet history. Rather than a simple, sanitized press release or a refusal to comment on 'rumours and innuendo,' Valve CEO and gaming hero Gabe Newell has personally responded." Newell or not, not everyone will like the answer. The short version is that Yes, Valve is scanning DNS caches, with a two-tiered approach intended to find cheating users by looking for cheat servers in their histories. Says Newell: "Less than a tenth of one percent of clients triggered this second check, accessing the DNS cache. 570 cheaters are being banned due to DNS searches."

13 of 511 comments (clear)

  1. Still abusive by i+kan+reed · · Score: 5, Insightful

    Sorry Gabe, you're not allowed to see my DNS history. You aren't allowed to see GabeNewellNatiliePortmanHotGritsFanFiciton.net in my history. That's not allowed.

    1. Re:Still abusive by PhrostyMcByte · · Score: 5, Informative

      The app is comparing DNS records with a client-side database of cheat sites, and if it finds a match sending it to Valve's servers for verification & ban-hammer. It's not sending every site you visit, unless the only sites you visit were via DNS records used by cheat developers.

    2. Re:Still abusive by ebrandsberg · · Score: 5, Informative

      did you even read his response? They look for indications that the cheat is in play, THEN they check DNS as verification, and send a HASH of the dns name to their servers for comparison. This means they don't even see the actual dns name on their side, they can just check against known hashes of the sites the DRM used for verification. That is why it is two staged. Simple existence of the names in your DNS cache won't trigger the ban hammer.

    3. Re:Still abusive by Zembar · · Score: 5, Informative

      He specifically says that it doesn't care about what web sites you are visiting, it's the adresses to the cheat DRM servers it looks for, to detect if a cheat has dialed home from that computer. It only checked this if the account was already suspected of using the cheat.

      So, in an impressive turn of events, many cheats now include DRM and anti-cheat codes. These phone home to a DRM server that confirms whether or not a cheater has paid to use that particular cheat

      Also, he says that since the cheats invented countermeasures to this in just 13 days, they already stopped doing it. The summary is quite misleading. (Not necessarily a big surprise on slashdot...)

    4. Re:Still abusive by wagnerrp · · Score: 5, Insightful

      It's more like an anti-theft service that when it thinks the laptop may have been stolen, it then turns on the camera to see who is using the laptop. Access to the DNS cache is only triggered by some other first-tier behavior.

    5. Re:Still abusive by Anubis+IV · · Score: 5, Informative

      So you can't be good at video game and curious about technologies at the same time?

      You can be, actually. As Gabe pointed out, the cheats these days have DRM installed to ensure that users of the cheat are actually paying for it. VAC, if it detects indications of the cheat, checks to see if the DRM's phone-home servers are in your DNS record, then sends back hashes of those servers for verification in Valve's system. It was made pretty clear that merely visiting the site for a cheat to check it out, whether intentional or accidental, would not result in getting flagged for the DNS check, let alone getting banned. Even purchasing the cheat would not get you banned, in and of itself.

      Basically, the DNS check only kicks in after you've purchased a cheat and used it in a game, at which point you've crossed the line from mere curiosity into abuse, and even then, they weren't banning people immediately, but rather doing the DNS check for final confirmation of cheating activity. And even then, it's only looking for the phone-home servers, not the web servers, used for those cheats, so people who were merely good players and had looked at the servers for the cheat without ever installing and running it would be perfectly fine.

      So...what's your gripe then?

    6. Re:Still abusive by wagnerrp · · Score: 5, Informative

      I don't care what it is sending or not sending to Valve. It's still an unnecessary invasion of privacy. In fact, its so easy to circumvent that I have a hard time believing that he is even being honest about why they are looking at the DNS records to begin with. How hard is it to clear my history, browse in Incognito mode, or do all of my cheating on a separate machine or in a VM? Trivial.

      It's not your web browser accessing cheat websites, it's your cheat software itself accessing its servers. Clearing your history or browsing in Incognito mode won't do anything. You cannot use a VM, since the cheat software must be run on the same machine as you are running the game (and VAC).

      And in fact, it may incorrectly flag me as a potential cheater anyway. I have looked up exploit information for games. I did not look in order to cheat at the game, but because I kept running into people who were not being busted for cheating and I wanted to know how they were exploiting the game. I was looking for a better way to tell when someone was cheating, not to actually cheat myself.

      Then it will not flag you as a potential cheater, since you were not running the cheat software to access the DNS entries in question. Further, it would never flag you as a potential anyway. This mechanism is only triggered after some other behavior has already flagged you as a potential cheater. This is a confirmation mechanism.

      While the basic idea of a piece of software accessing and reporting this information, at least in Valve's public explanation of what they were doing, it was entirely in good faith.

    7. Re:Still abusive by CrankyFool · · Score: 5, Insightful

      This isn't quite the same as that old "well, just don't use it" canard.

      Valve was engaging in a set of behaviors which you considered acceptable, and so "purchased" (more on why "purchased" is in quotes in a second) some games from them.

      They've changed their behavior. Let's say you don't want to do business with them anymore. You could, of course, stop using Steam ... and lose access to all your games, which you probably thought you "purchased" in some sort of "I can use it for the rest of my life" sense, but actually just got a license to use for as long as they feel like it. This is different from a "service" where the expectation is that the benefit you're getting from them is recurring on some sort of cycle.

      Someone will, doubtlessly, point out that you can put the Steam client into offline mode. To which I'll say that you can't do it indefinitely. To which they'll say "but Valve says you should be able to do that," to which I'll point to http://www.pcgamer.com/2013/11... which basically says "Valve says they want to make offline mode work 'forever', but they're not there yet."

      It doesn't really matter, IMHO, that the scope of what they did here was relatively minor. The issue is that Valve, much like Sony, feels like they can trawl through your computer in areas that have nothing to do with playing the game. Today it was minor because it makes sense to start small; but if they feel comfortable trawling your DNS history -- and Newell clearly says that he has no problem with this practice -- what else do they feel comfortable doing?

    8. Re:Still abusive by vux984 · · Score: 5, Insightful

      I am not the person you are responding to, but for my part:

      At this stage I have no real gripe at all and would have opted into this without hesitation, had it been disclosed. (I also understand that disclosing it mitigates its effectiveness as the cheat makers will now all switch to ip based lookups, or rotating dns names etc to make detection more difficult, however, as this cat and mouse game between valve and cheaters is being waged on MY computer I still feel I should have some idea what is going on.)

      That said, I do find it... somewhat disturbing that they took the liberty they did. The fact that they didn't abuse it still raises the issue that they could have.

      When the next shoe drops will it be revealed that some anti-cheat / anti-virus / anti-malware software is quietly reading my bank statements when I view them online automatically for evidence of cheating / infection / whatever.

      And it raises the point yet again just how little we collectively realize what applications are doing with data on our system, how desperately we need to figure out how to mainstream sandboxing / selinux type permissions / application partitioning etc in a way that makes it both easy and reliable, and how much information even the host operating system leaks about us to other applications.

    9. Re:Still abusive by Minupla · · Score: 5, Insightful

      OK, I'm going to rant a bit here, and it's not specifically directed at the parent comment.

      Hashs are NOT a form of magic pixie dust you spread on information to make them magiclly private.

      Consider:
      You enter your SSN, the app hashes it and then sends it to me to compare against a hashed list of SSNs from some other source. I never get your unhashed SSN.

      Are you safe?

      No. There is NOTHING preventing me from hashing every possible SSN and comparing them. the total number of possible SSNs (ignoring for the moment that I can narrow the attack space significantly by ruling out SSNs that have not been issued yet) is not computationally prohibitive to search, even salted.

      OK, now bringing us back to the case in point.

      Does hashing the DNS address provide you any useful privacy preservation benefit?

      Well Valve has already said that they have a list of DNS addresses they're searching for. Ergo, they have hashed that list ot compare against your DNS. How hard would it be to hash the $(sites viewed as evil by your cultural/legal framework) and compare it to your hashed DNS list. Trivial.

      Do you feel like your privacy is preserved?

      Min

      --
      On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
    10. Re:Still abusive by Baloroth · · Score: 5, Informative

      That would be me choosing to enlist my private sensors in a service that is specific to the use of those sensors.

      Except in the case of VAC you did choose to enlist the use of VAC to prevent cheats, specifically, when you connected to a VAC enabled multiplayer server. VAC isn't some generic thing Valve sticks on all Steam games, you know: it's only enabled when you connect to a server that is VAC enabled (which is in every game I've player very clearly marked as such). You don't want VAC poking around on your computer? Don't play on a VAC server.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
  2. Better than nothing by BlackPignouf · · Score: 5, Insightful

    I don't like the answer, but it could be worse, and it's nice the director answered honestly.

  3. RTFA by Grantbridge · · Score: 5, Informative

    From the actual article: 1)This is no longer in operation, it was only running for a couple of weeks in the constant cat-and-mouse game with cheat developers 2)It was targeted at the DNS for DRM servers which cheat authors used to SELL cheats to PAYING customers. The system simply reported if the MD5 hash matched the DNS for the known cheat DRM servers, once the cheat had been detected during gameplay already. The DRM servers were not running a website.