Lagg writes:
"We're in a climate where it's easy to accuse a company of spying on you by various means with a distinct possibility that you could be right, but sometimes a reality check is needed. A Reddit user recently posted a thread accusing Valve of writing code for VAC that iterates your DNS cache and sends the hashed entries to their server. The proof provided of this was a prettied disassembly (that was not easily reproducible due to how VAC loads symbols) that showed only that VAC was indeed iterating the DNS cache, which any knowledgeable programmer understands is not exactly an uncommon thing to do, as no socket code was to be seen. Today, Gabe Newell responded to these allegations by confirming that no they do not in fact snoop your cache entries.
There are probably a few things to learn from this, including not trusting a screenshot of code that looks complex without actually understanding what it's doing. A lack of any level-headed investigation is a bad idea and it's important to handle these situations before they snowball into a mob (as Redditors are bound to do)."
(Score: 5, Insightful) by juggs on Tuesday February 18 2014, @05:47AM
... programmers should get used to justifying why they need to iterate a user's DNS cache.
It may be necessary it may not, all this article offers is along the lines of "programmers have been doing it for ever" and "trust me I'm a programmer". Ergo it is OK. It's like doffing a cap to the local GP because he's "a doctor".
Having always done it in the past is not justification for continuing to do it. The article could do with some balance on ~why~ programmers think it OK to go snooping around around in DNS caches.
(Score: 1) by Lagg on Tuesday February 18 2014, @06:13AM
http://lagg.me [lagg.me] 🗿
(Score: 5, Insightful) by biff on Tuesday February 18 2014, @06:15AM
Anti-cheat code is necessarily intrusive as part of its function, but I agree. The range of acceptable behavior from computer programs continues to expand and is still almost entirely defined by entities that aren't end users. At the very least it should be clearly defined and prominently featured (i.e. not buried in EULA) when a program is about to do something unrelated to its direct function, such as scan the drive, collect device identifiers and information, communicate with a third-party service, or so on. I doubt it'd put most gamers off, especially as multiplayer gaming that relies on client-side optimizations would be completely unenjoyable if cheaters weren't kicked, but gamers should still be informed participants in the process.
Gabe Newell handled this like a champ though.