Over the weekend, a Reddit thread started by user theonlybond accused Valve of using its Valve Anti-Cheat (VAC) software to read domains visited on a particular computer only to send back the data to VAC servers using an encryption algorithm.
While it was unclear exactly if and why Valve’s VAC service was supposedly sending user domain cache data back to its servers, the thread sparked concerns from gamers about the privacy implications behind such behavior by Valve’s anti-cheat software.
Some users in the Reddit thread turned to accusing others of “shrugging off” the threat that Valve might be tracking what domains users are viewing.
Others called for further scrutiny of the evidence provided in the thread, noting that the VAC code provided only inspected the domain name system (DNS) cache and didn’t necessarily send it back to Valve servers.
Public reaction to VAC domain tracking behavior had the potential to be a big problem for Valve.
Valve Managing Director Gabe Newell responded directly to the accusations publicly in a Reddit thread on Monday to debunk the rumors and accusations surrounding VAC domain cache tracking.
“We don't usually talk about VAC (our counter-hacking hacks), because it creates more opportunities for cheaters to attack the system (through writing code or social engineering). This time is going to be an exception,” Newell said on Reddit.
Newell explained that cheat developers recently have been using digital rights management (DRM) servers in order to keep non-paying video game cheaters from using their hacks and cheat software.
According to Newell, the VAC module in question checked for cheats and then checks to see if the cheat software contacted DRM servers known to be used by cheat software developers.
Furthermore, the particular module in question was active and effective for only 13 days, said Newell, since cheat software developers created a workaround to avoid the particular modules DNS check.
Unfortunately for game companies that provide anti-cheat and anti-hack monitoring services, detecting and blocking cheat software is a constant game of cat and mouse.
“Our goal is to make them more expensive for cheaters and cheat creators than the economic benefits they can reasonably expect to gain,” Newell said, acknowledging the reality of anti-cheat software development.
Normally, developers of anti-cheat software such as VAC and Punkbuster remain quiet about the workings of their software in order to stay ahead of cheat software developers.
But Newell chose to make a public response so players of games that use VAC could “make their own judgements as to whether or not [Valve] is trustworthy.”
While all of Valve’s intellectual property assets such as “Counter-Strike:Source,” “Team Fortress 2,” and “Dota 2” use the VAC service to detect cheats, Valve also provides VAC to game developers that publish their games on Steam, Valve’s digital distribution service.