-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Valve Anti-Cheat seems to scan your DNS cache, but probably doesn't send it anywhere
- Thread starter Delusibeta
- Start date
Woo-Fu
Banned
What is anti-consumer about their anti-cheat software looking at the DNS cache? Anti-consumer is if they're doing anything with that data besides trying to catch cheaters.
Are they?
Unhandled Exception
Member
Valve are not inept enough to think that having a list of naked domains is acceptable proof of cheating. We're not talking about Nintendo here.
There's no need to be so defensive. We don't know what they will do with the data as of yet. I don't see how using dns is a good way of catching cheaters.
Woo-Fu
Banned
Why are you assuming that is how it works?
How about if there is an entry for an auth server where they know the address of that server yet in your DNS cache it is pointing to some other address? An address they've already determined is a proxy set up to get around that auth process?
Think about it.
I'm not defensive. I'm pointing out that for something to be anti-consumer I expect it to be detrimental to the consumer in some way shape or form. I don't see it.
If I'm defending anything it is basic logic.
Fuz
Banned
GOG sales!
Principate
Saint Titanfall
jim-jam bongs
Member
Or you could get active and fight for your right to privacy rather than sit around being complacent because you have gardening work to do.
then why bother collecting it if valves not gonna look at it? he may be right but people dont collect data "just because".
Woo-Fu
Banned
The ROI on fighting for my right to privacy is practically nil, particularly when I don't have anything I need to hide from my government. I've quite honestly got more important things to worry about, including gardening.
At least he's being honest. Most people act shocked and appalled, post a message about how shocked and appalled they are, and then forget about it 15 minutes later.
If you're not currently writing a letter to Valve or actually taking some kind of action to try to change things, then you're really no different than someone who doesn't care.
http://www.valvesoftware.com/email.php
https://support.steampowered.com/
jim-jam bongs
Member
Like I said, terrifying attitude.
It says right there in the post: Steam could be comparing it to a local blacklist without transmitting anything back to Valve.
Unhandled Exception
Member
Even in this highly specific scenario nothing is actually being proven other than two addresses speaking to each other.
Oh, I see. Didn't realize what I was dealing with.
Why attack their own data? Why should they have to "attack their own hashed data"?
They know which algo they used, so if they want to know how many users visited myp0rn, they will just create the MD5 of ww2.myp0rn.com and check it that way. It's really simple to do.
This data shouldn't be sent at all in the first place. If they want to check for known sites, why not check locally and just send the RESULT to valve instead of the actual data.
Are you absolutely sure that this data is a) not saved anywhere at Valve and b) that every single Valve employee is 100% trustworthy and that c) some secret US court hasn't already sent them a nice letter?
plaintext uses way more space and people would easily see what they are sending over the line.
RedNumberFive
Banned
Jesus Christ...
They have become....G-man
Anyway interesting story and makes you wonder how much of a norm it is
SteveWinwood
Member
Why are you assuming they use it as the sole reason to ban someone?
Woo-Fu
Banned
You must have a very easy life if you have time to be terrified by what others think about their own privacy. I do not. I have real problems to deal with. I don't have to make a mountain out of a molehill to feel like I'm fighting the good fight. Playing Don Quixote just isn't a good use of my time.
Unhandled Exception
Member
It shouldn't be used as even secondary evidence is my point. Guilt by association is laughable.
Woo-Fu
Banned
It has proven that you're using a non-authorized server for that part of their auth process which is enough information to kick you out of the game. They could even say they were doing it for your own protection.
I've yet to see anybody banned solely for what was in their cache. Why are you assuming that is what is happening?
Principate
Saint Titanfall
But why would it play a part. If they had conclusive evidence they wouldn't need it. If they didn't this would be the tipping otherwise they be no reason to include it locally. The only reason this wouldn't be the case was if the information was sent back for someone to actually analyse the information and make decision.
This is the first time this specific type of problem has occurred but a lot of people are willing to put up with Valve trampling on their legal powers.
Valve is Trying to Stop People From Sueing them as a Collective Group
If you don't wish to accept the new Steam EULA
ashecitism
Member
Is this actually confirmed? I'm bot going to read through that reddit thread.
Unhandled Exception
Member
As I said, if this is an acceptable means of even secondary evidence to ban a person then you guys might want to go through all of your steam friends and make sure none of them have VAC bans on record. Wouldn't want to give the impression that you're for cheating.
Their pricing and sales are terrible, so hell no.
could be doing a ton of things. he says its not sending data then gives an example of what it could be doing. if he knew it wasnt being sent, he could tell what was happening with the dns cache. not a baseless guess.
PetriP-TNT
Member
It isn't and VAC scanning your DNS records means jack shit anyway, but people like to jump into conclusions when you throw around words like "privacy" and some technical terms like NSA GDDR3 DNS IP.
Seems like it's confirmed to inspect the DNS cache, not confirmed to actually send anything back to Valve.
SteveWinwood
Member
It's not even confirmed that it's vac inspecting your dns cache, if I'm reading it right.
jim-jam bongs
Member
Oh I get it, your garden is really important to you. With real problems like that I can understand being incapable of appreciating the bigger picture ramifications of complacency when it comes to the government invading the privacy of its citizens.
phantomspiker
Member
Yeah, I feel like we are not getting the full story here.
some evidence needs to be shown or more users need to confirm. idk why vac would need the info
Vulcano's assistant
Banned
How else do you guys think they counted Gaben weight jokes in order to delay HL3?
Basic logic tells you that invasion of privacy is detrimental to the customer. Get off your high horse and use that logic you say you have. I love Valve but this is bad practice.
gigantor21
Member
This. I've gotten a shitton of games of Amazon through Steam. In fact, the ubiquity of Steam codes there is probably why I started using Steam in the first place.
Allowing other sites to sell Steam codes was a brilliant approach on Valve's part.
Visualante2
Member
They are assuming that everyone is a cheater, by invading their privacy. The police don't search everyone's house in the hopes of catching criminals.
And given that Valve is based in the USA, people are justified in having concerns over the explicit usage of this data.
SteveWinwood
Member
fix'd
Stumpokapow
listen to the mad man
Setting aside the fact that we don't actually know if the claim is true or not (and someone in that thread, who has been reposted here, claims that there's no evidence of the hashes being sent to Valve or even being connected to VAC--but we'll assume all the OPs claims are true);
The OP's argument claims that using MD5 for this purpose is bad because MD5 is a poor hashing algorithm. The argument alleges that this, that MD5 is a poor algorithm, is a bad thing. The two arguments why this might be the case is that a MITM attack could be used to steal data, or that Valve themselves would want to steal data.
My response was to not understand how the issues with MD5 are connected to this. Your response to me is that they can analyze the hashed data because they know the hash function. Okay, but what does that have to do with MD5 being a poor algo have to do with anything? If they were using any other hashing function, they'd be equally able to verify the hash. That's the purported point here. Obviously they can analyze the hashed data. That's the supposed reason for them to gather the data.
You seem to be responding to someone who isn't me.
But beyond that, a local blacklist is essentially a distinction without a difference from a remote blacklist, provided users don't have access to the contents of the blacklist. A local blacklist that contained, say, the most popular 100,000 domains on the web (roughly 4.5 hex characters worth of entropy), they'd be able to analyze 99.9%+ of web traffic. So if you're opposed to remote analysis on the basis that it's part of a dragnet spying effort, you might as well be opposed to local analysis and remote transmission of results (which could be done as, say, a bit-array rather than per-site hashes) because the results will be the same.
I'm not sure of any of those things, but you're also misunderstanding my point if you think they're relevant. I'm disputing why the OP's argument focuses on MD5 as a weak hashing mechanism as though that is an argument.
- If the fear is a MITM, that's valid in the hypothetical I guess but also not remotely established (it also hasn't been established that transmission itself, if this scan is real and connected to steam, is not done over SSL)
- If the fear is that Valve is using the data, then what does the strength of the hashing function matter because you're already under the belief that they're taking your data and they can do that regardless of how strong a hashing function they have.
- If the fear is that Valve is cooperating with external actors, then they're able to do that regardless of the method of transmission.
MD5 hashes are 32 hexadecimal characters. Most domains are shorter than 32 hexadecimal characters, and there are more common domains at less than half that length than double that length, so the average transmission size would be smaller without hashing them.
People can already easily see what they are "sending over the line", as evidenced by this thread.
So now we're on the same page, right? The one that reads "Yeah, we're gonna need more information/research before we jump into conclusions on what some paranoid reddit kid with a 'basic' level of terminal-fu thinks about privacy and intrusion made up to get some sweet karma points".
Unless you guys wanna keep talking about privacy in the digital world. Which is cool, just read through the thread we before ya do.
Unless you guys wanna keep talking about privacy in the digital world. Which is cool, just read through the thread we before ya do.
I don't think many people in this thread understand the implications of the method they're using. MD5 is a one-way hash. You put in some data, you get out a hash. Going directly from that hash to the original data is impossible. Surprisingly enough it's not a magical compression method that can change anything to a lossless 128bit chunk! What is possible is generating a list of precomputed hashes of "interesting" data and comparing retrieved data to that. The ONLY reason valve would be doing it this way is specifically to protect user privacy.
MD5 has collision issues that make it inappropriate for stuff like secure communication verification, but it rocks for stuff like this when you don't care at all (or don't want to know) what the original data was and just want to see if, with a high probability, it matches something you're specifically looking for. It's fast cheap and easy. Or, for instance, if you download a program from a site mirror and want to ensure that it's identical (again - with a very high probability) to the program from the original site then md5 is just the tool.
MD5 has collision issues that make it inappropriate for stuff like secure communication verification, but it rocks for stuff like this when you don't care at all (or don't want to know) what the original data was and just want to see if, with a high probability, it matches something you're specifically looking for. It's fast cheap and easy. Or, for instance, if you download a program from a site mirror and want to ensure that it's identical (again - with a very high probability) to the program from the original site then md5 is just the tool.
jim-jam bongs
Member
Security through obscurity is generally an illusion. Robust security systems should be able to be widely understood without being compromised, and transparency can often increase their efficacy by allowing more people to spot potential flaws in their implementation.
I was basically waiting for someone on GAF who actually knows what they're talking about to take a look and explain what all this actually means. The initial reddit link isn't very helpful.
Rickenslacker
Banned
I can imagine games known for rapid patching would be miserable on GoG.
gregor7777
Banned
Where does it say Valve is collecting this info? If this is true, it would seem to me they are looking for very specific hashes on the client side and acting on the server side if that very specific hash is found. And even that doesn't seem to be confirmed.
Why is everyone going so far with the hyperbole with so little information?
Why is everyone going so far with the hyperbole with so little information?