Report: Valve anti-cheat scans your DNS history

Discussion in 'privacy general' started by SweX, Feb 17, 2014.

Thread Status:
Not open for further replies.
  1. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://www.playerattack.com/news/2014/02/17/report-valve-anti-cheat-scans-your-dns-history/
     
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,321
    Location:
    AmstelodamUM
    In response to the 'Valve dns scan' news, reaction by 'Marzhall' (aka 'Bloomfield Holmes') on Reddit link;
     
  3. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    I have long considered Steam to be one of the greatest intelligence treasure troves in history. Either Steam is working with the NSA, or the NSA would surely love to harvest data from Steam. Since we've only seen roughly 2% of what Snowden released, we may eventually know. We now have confirmation of the NSA having 'great interest' in gamers, gaming, and gaming platforms. They've spied on many MMO's, and Xbox-Live users - this we already know from recent documents. Consider on average, there are around 6,000,000 computers connected to Steam. That's throughout all time zones.. This would be a remarkable field of intelligence.

    For a decade or more I have considered DNS to be a 'weakpoint' for security, and for the life of me cannot understand why DNS traffic isn't encrypted, by default, or why people don't concern themselves with localized DNS caches. As part of my lockdown of Windows machines, localized DNS caching is always disabled. DNS cache is a byproduct of older, slower days, and has little to no use with todays connections, and DNS servers that return results in milliseconds of query.

    Reboot your machine
    Press Windows-r, type services.msc and hit enter.
    Locate the DNS Client service, right-click it and select Stop.
    Double-click it and set the startup type to disabled.


    Alternatively - and this would be a quick fix. Start steam with a batch file, then execute the command 'ipconfig /flushdns', however why not just disable it in the first place? Remember your DNS, and DNS traces can be used against you, harvested, and if necessary archived as meta-data.

    Encrypting DNS is done through a VPN, or at the very least something like DNS-Crypt. DNS-Crypt solves both issues, since it isn't a localized cache, there is nothing for anything to see locally if you utilize it; Also localized DNS poisoning can't take place if there is nothing to poison that's cached, and everything is encrypted to begin with.

    http://dnscrypt.org

    Take DNS seriously, IMO of course.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Someone makes baseless statement... check.
    Someone gives rational response... check.
    Someone mentions NSA... check.

    Welcome to the Internet.
     
  5. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Says the guy already encrypting his DNS...

    Nevertheless, I think it very prudent to anticipate Valve is spying, either as a proxy to the NSA, or working with the NSA. If the NSA issued a NSL to Valve we'd never know, and Valve would be forced to comply. If Gabe was offended, or angry about this NSL issue, what would a most likely response be? Umm, maybe to develop your own OS, or to move to Linux, or both? Oh wait..

    http://store.steampowered.com/livingroom/SteamOS/

    These days we can assume *EVERY* US Corporation with a wealth of potential data to be issued NSL's. Why wouldn't they be? While nobody can really know if Valve did, we should be working under the assumption they have. Steam has encrypted chat, that alone makes it a valuable asset don't you think?

    Nevertheless, I am highly suspicious of Steam using DNS Caches for Bloom Algorithms, and actually doubt they'd do it. I am not entirely buying the explanation.

    Steam polling used to show your installed, and most used Software. This started to create a stir, so they removed now. Now they show everything else, even the free space on your HD. One can logically assume they have a laundry list of installed products/services/applications, in addition to a more detailed profile of your setup.
    http://store.steampowered.com/hwsurvey/

    The question is - we can't know if Steam is sniffing the DNS for bloom, or something else. But the big question is - do you trust Steam, or any US Corporation for that matter? I don't.
     
  6. mattdocs12345

    mattdocs12345 Registered Member

    Joined:
    Mar 23, 2013
    Posts:
    1,892
    Location:
    US
    This just shows that no closed source software can be trusted.
     
  7. kupo

    kupo Registered Member

    Joined:
    Jan 25, 2011
    Posts:
    1,121
    Encrypting DNS request is not just for privacy but more on improvements in security.
     
  8. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,415
    Location:
    U.S.A.
     
  9. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    Good to see Gabe Newell putting the NSA trolls back in their closet.

    :D

    Nope it's only to protect against the NSA! Totally not to protect against MITM attacks or anything sensible like that... /s

    I must say though, there's a large difference between taking privacy precautions (which I do) and just living in some extremist NSA reality distortion field.
     
  10. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Gabe didn't do anything other than to confirm they did harvest DNS cache data.. Which by the way I disable on every machine I touch.

    Since we've only seen roughly 1-2% of what Snowden gathered, wonder what's waiting for us? I can only imagine it's going to get worse. So anyone with a good head on their shoulders views the NSA and their criminal activity as a grave threat.
     
  11. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,076
    You might as well give this religion you're following a name whilst you're at it, because it's nothing other than blind faith that you're choosing to believe in. No facts, just what you think is happening. Or rather, what you hope is happening to try and confirm your actions.

    Yep, that's really smart. :D So instead of making 1 DNS request per domain you're now creating a DNS request every single time you visit a site. That means you're increasing the amount of data being exchanged and are inherently increasing your risk of the big evil NSA being able to pick up on one of those requests.

    It's a matter of numbers. The more you do something, the higher the likelihood someone will notice. But I can't honestly imagine what it is you're doing to be taking such drastic steps. I can only feel sorry for the people "that pay you" if they are having this scaremongering sway their computing decisions.
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I don't want to disable DNS Client service, to reduce DNS lookups. Every now and then I only delete DNS Cache with CCleaner...

    hqsec
     
  13. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    DNS lookups are so fast now, a machine specific cache is somewhat antiquated, and certainly can be a security risk. That cache can be poisoned, or sniffed, as we see here. But more importantly realize your ISP is caching DNS already, and should have a 24 hour purge on it. If you use a VPN, the VPN provider is caching DNS. Some routers also cache DNS, creating more redundancy.

    I believe Kaspersky AV also disables DNS Client on installation. Kaspersky always recommends DNS Client be disabled on the local machine;

    https://support.kaspersky.com/kis2009/sysfirewall?qid=208279774
    DNS (Domain Name System) Caching: when first addressing to the network resource computer inquires the server DNS. This DNS is located in the computer cache and by further connections to the same network source this computer resolves the server DNS from cache. This option accelerates work of the LAN or Internet but decreases the computer security level.

    Imagine wiping your browsing history, and being secret about it, then leaving the DNS cache operational? Pretty easy to see what someone has been doing, and your DNS cache can be sniffed remotely. Sort of like someone wiping files, and being sneaky, yet leaving the USNJRNL files on the drive. o_O
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.