Stories
Slash Boxes
Comments

SoylentNews is people

Gabe Newell Responds to DNS Snooping Allegations

posted by Dopefish on Tuesday February 18 2014, @05:00AM   Printer-friendly
from the move-along-nothing-to-see-here dept.

Lagg writes:

"We're in a climate where it's easy to accuse a company of spying on you by various means with a distinct possibility that you could be right, but sometimes a reality check is needed. A Reddit user recently posted a thread accusing Valve of writing code for VAC that iterates your DNS cache and sends the hashed entries to their server. The proof provided of this was a prettied disassembly (that was not easily reproducible due to how VAC loads symbols) that showed only that VAC was indeed iterating the DNS cache, which any knowledgeable programmer understands is not exactly an uncommon thing to do, as no socket code was to be seen. Today, Gabe Newell responded to these allegations by confirming that no they do not in fact snoop your cache entries.

There are probably a few things to learn from this, including not trusting a screenshot of code that looks complex without actually understanding what it's doing. A lack of any level-headed investigation is a bad idea and it's important to handle these situations before they snowball into a mob (as Redditors are bound to do)."

 
This discussion has been archived. No new comments can be posted.
Gabe Newell Responds to DNS Snooping Allegations | Log In/Create an Account | Top | 48 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by juggs on Tuesday February 18 2014, @05:47AM

    by juggs (63) on Tuesday February 18 2014, @05:47AM (#1430) Journal

    ... programmers should get used to justifying why they need to iterate a user's DNS cache.

    It may be necessary it may not, all this article offers is along the lines of "programmers have been doing it for ever" and "trust me I'm a programmer". Ergo it is OK. It's like doffing a cap to the local GP because he's "a doctor".

    Having always done it in the past is not justification for continuing to do it. The article could do with some balance on ~why~ programmers think it OK to go snooping around around in DNS caches.

    Starting Score:    1  point
    Moderation   +4  
       Offtopic=1, Insightful=4, Underrated=1, Total=6
    Extra 'Insightful' Modifier   0  
    Total Score:   5  

  • (Score: 1) by Lagg on Tuesday February 18 2014, @06:13AM

    by Lagg (105) on Tuesday February 18 2014, @06:13AM (#1439) Homepage Journal
    It's less "it's okay because I'm a programmer" and more "this is a pretty common micro-optimization". Meaning that it doesn't necessarily equate to malicious code, just that by itself it cannot be used to come to the conclusion that it's snooping. Personally I think rolling one's own hasher is kind of silly, except for on embedded stuff maybe.
    --
    http://lagg.me [lagg.me] 🗿

  • (Score: 5, Insightful) by biff on Tuesday February 18 2014, @06:15AM

    by biff (170) on Tuesday February 18 2014, @06:15AM (#1440)

    Anti-cheat code is necessarily intrusive as part of its function, but I agree. The range of acceptable behavior from computer programs continues to expand and is still almost entirely defined by entities that aren't end users. At the very least it should be clearly defined and prominently featured (i.e. not buried in EULA) when a program is about to do something unrelated to its direct function, such as scan the drive, collect device identifiers and information, communicate with a third-party service, or so on. I doubt it'd put most gamers off, especially as multiplayer gaming that relies on client-side optimizations would be completely unenjoyable if cheaters weren't kicked, but gamers should still be informed participants in the process.

    Gabe Newell handled this like a champ though.