Stories
Slash Boxes
Comments

Dev.SN ♥ developers

Gabe Newell Responds to DNS Snooping Allegations

posted by Dopefish on Tuesday February 18 2014, @01:00AM   Printer-friendly
from the move-along-nothing-to-see-here dept.

Lagg writes:

"We're in a climate where it's easy to accuse a company of spying on you by various means with a distinct possibility that you could be right, but sometimes a reality check is needed. A Reddit user recently posted a thread accusing Valve of writing code for VAC that iterates your DNS cache and sends the hashed entries to their server. The proof provided of this was a prettied disassembly (that was not easily reproducible due to how VAC loads symbols) that showed only that VAC was indeed iterating the DNS cache, which any knowledgeable programmer understands is not exactly an uncommon thing to do, as no socket code was to be seen. Today, Gabe Newell responded to these allegations by confirming that no they do not in fact snoop your cache entries.

There are probably a few things to learn from this, including not trusting a screenshot of code that looks complex without actually understanding what it's doing. A lack of any level-headed investigation is a bad idea and it's important to handle these situations before they snowball into a mob (as Redditors are bound to do)."

 
This discussion has been archived. No new comments can be posted.
Gabe Newell Responds to DNS Snooping Allegations | Log In/Create an Account | Top | 1000 moderator points   | 48 comments | Search Discussion
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by kru on Tuesday February 18 2014, @01:26AM

    by kru (795) on Tuesday February 18 2014, @01:26AM (#1422)

    I read TFA (are we allowed to do that here?) and it has this bit in it.

    "VAC checked for the presence of [kernel-level] cheats. If they were detected VAC then checked to see which cheat DRM server was being contacted. This second check was done by looking for a partial match to those (non-web) cheat DRM servers in the DNS cache. If found, then hashes of the matching DNS entries were sent to the VAC servers. "

    So, from the horse's mouth comes the story that Valve does indeed snoop on DNS entries when it think it has detected a potential cheat. Valve has somewhere north of 10 million clients, so that it at least 10k people who have had their DNS caches snooped. Are they snooping on you and me? I doubt it, but I don't know for certain. I have no idea what it takes to trip VAC into peeking at my dns cache.

    I do appreciate the integrity of Valve with the quick, concise and transparent announcement made in the wake of this news. The NSA could learn something from Gabe.

    Starting Score:    1  point
    Moderation   +4  
       Informative=4, Total=4
    Extra 'Informative' Modifier   0  
    Total Score:   5  

  • (Score: 5, Funny) by bugamn on Tuesday February 18 2014, @08:32AM

    by bugamn (1017) on Tuesday February 18 2014, @08:32AM (#1557)

    I read TFA (are we allowed to do that here?) and it has this bit in it.

    No, we aren't. Return your new id.

  • (Score: 1) by sar on Tuesday February 18 2014, @03:51PM

    by sar (507) on Tuesday February 18 2014, @03:51PM (#1849)

    Not only was original "accusation" right on. It is very good it snowballed.
    It is possible that Valve use this snooping with good intents. Nonetheless this story may detract some other companies from doing something evil if they now know it could be easily discovered...