GuRu Asaki eredeti hozzászólása:

Ever curious what the STEAM WebHelper is? What it does? What it's there for?

I read this after finding out there was a large number of WebHelper's in Task Manager...

So some people had stated Chromium was being put into STEAM,
at first this did not bother me, I just ignored it...

I hope you just not found out recently that Steam is using chrome/chromium as a render engine for....almost...8 years or so?

Probably it would have been better if they have stayed with the IE Engine....^^

cinedine eredeti hozzászólása:

Start_Running eredeti hozzászólása:

It's a way of identifying hardware to prevent collisions in operations and in surveys to avoid double counting.

This.
You need some kind of identifier and most surveys have one*. Either you provide them yourself via something like "fis leter of your first name, second letter of your last name, third letter of your birthplace and year of birth." or they already have one imprinted.

* one of the reasons people shouldn't post links to online surveys on a forum. You will inevitably get troll entries. Masses of them.

Then you end up with Justin Bieber voted to do a concert in North Korea.
Just like voting you need a way to be sure no one votes twice, to avoid the influx of noise into your sample data.
Otherwise you could end up with the same machine being surveyed mutliple times and biasing the statistics just because multiple users log into that computer Steam client.

ShelLuser eredeti hozzászólása:

[The part where it seems you actually believe a random blog article (or so it seems). I'm afraid we're going offtopic here but to keep it short: it's a load of nonsense. [url=https://en.wikipedia.org/wiki/One-way_function]This[/url] is a very good read for it.

The "random blog article" was just an additional citation, not the basis for my argument.

Edit: Additional sources:
"The Pitfalls of Hashing for Privacy", Demir et al. https://ieeexplore.ieee.org/document/8023740 https://hal.inria.fr/hal-01589210/document
"Hashing of personally identifiable information is not sufficient", Marx et al. https://pdfs.semanticscholar.org/0d61/82754e6a4ae42f39367c998cf02530264ae5.pdf

Believe me, I understand one-way functions. Yes, you can't run them backwards, but you can run them forwards a bunch of times until you hit on the answer you're looking for. If the search space isn't very big, this sort of thing is a practical attack. And the search-space for MAC addresses isn't big enough to make it impractical.

And that's another thing which I find incredibly funny because unless you actually know what hashes have being used then there's no way you can conclude any of this.

The actual hash function itself isn't really relevant to the argument, as the exact properties of any particular hash function aren't relevant. Hash functions which are designed for use with passwords are deliberately extremely computationally intensive to make this sort of attack more difficult by making it take large amounts of time or memory to compute. This is to resist this sort of attack, when people try to recover cleartext passwords from leaked databases of hashed passwords.

There are tools to do this sort of thing, like hashcat[hashcat.net]. I'm sure they'll be very interested to learn that what they're doing is impossible!

Anyway, the actual hash algorithm is almost certainly SHA1, a common standardised general-purpose hashing algorithm not designed to withstand these sorts of attacks. The hash value is 160 bits long, and SHA1 is the only common one with that length. And they already use it in Steam, so, it's right there to hand.

The only thing I'm really missing is exactly what they're hashing (e.g.: just the raw bytes, text with uppercase hex, lowercase hex...). But that's no secret from either Valve themselves, or anyone who wants to spend some time reverse-engineering the Steam client. With time and a bit of tooling I could probably figure it out.

And no offense but something tells me you're not a programmer nor one working for Valve.

You're right, I don't work for Valve. Did contribute a little bit of code to an open-source project of Valve's on Github, though.

GuRu Asaki eredeti hozzászólása:

ok420 eredeti hozzászólása:

if you go to help, then to system information and scroll down, u will find them.
Those 2 are almost exclusively used to violate privacy by fingerprinting a device, most software uses those for binding itself to a specific PC like a hardware license as they cant be changed normally.

So the question is why the ♥♥♥♥ does steam rat your system for those device identifiers?!?

Ever curious what the STEAM WebHelper is? What it does? What it's there for?

I read this after finding out there was a large number of WebHelper's in Task Manager...

So some people had stated Chromium was being put into STEAM,
at first this did not bother me, I just ignored it...

So then STEAM got an Update for Library Update including the Chromium further along...

Web Helper was moved from Client to Friends List...

Friends List went slow, STEAM had many problems, Group Chats had Crashes...

Soo?

- Web Helper (Google Owns It)
- Chromium (Google Owns It)
- Chromium (Now Appears In Task Manager When STEAM Is Running)
- STEAM Uses Chromium Implementation (Replace Old Client With A Browser Based Client)
- Web Helper (Takes Up a Chunk Of Task Manager)
- Web Helper (Leaks RAM Resources On PC's)
- Web Helper (Uses Tons Of RAM On PC's)
- Web Helper (Slows STEAM & PC's Down)
- Web Helper (Is Used To Collect Private Data From Users)
- Web Helper (Collects Keyboard Key Inputs Typed By Users)
- STEAM (Pushes For Less Wallet Usage & More Bank Card Usage)
- STEAM (Has Added Extra Purchase Info For Home Addresses)
- Politics Supposedly was Reported To Build A Giant Facility Holding Privacy Information
- Politics Is Trying To Place Cameras Everywhere


Now, to your Question?

"Those 2 are almost exclusively used to violate privacy by fingerprinting a device"

I believe this would be your answer (STEAM's Web Helper is Behind This)

It explains everything that was going wrong with my PC while STEAM was running,
it's why I wanted to get rid of STEAM Library ASAP, & also seems to explain your
issue, & question above...

It also explains why some people's Anti-Virus was claiming that STEAM was a Virus,
which most people had just ignored, & ultimately ended up adding STEAM as an
Exception to their Anti-Virus Software, since they didn't find it as a Threat to their PC's...


Here is a Article About Web Helper: (Not The One I Found)

Web helper is the name of a parasite software that we might as well consider as malicious too, mainly because it doesn’t clearly explains the user what the program will do before it’s installed. Web helper was created with two goals in mind: to show as much ads as possible when we’re browsing the net and to collect important data about us.

Keyword: Collects Important Data About Us.
Keyword: Curious Why It's Browser Based? (WebHelper Shows Many Advertisements in Browsers)


What Is WebHelper Search Link: (Or Visit Google & Type What Is WebHelper)

https://www.google.com/search?source=hp&ei=ApH8Xu_MINPVtAaX-LKICQ&q=What+Is+WebHelper&oq=What+Is+WebHelper&gs_lcp=CgZwc3ktYWIQAzICCAAyAggAMgIIADICCAAyAggAMgIIADICCAAyBAgAEAoyAggAOgUIABCxAzoKCAAQsQMQRhCAAlD7LFjYcmCkdWgEcAB4AIABSIgB4weSAQIxOJgBAKABAaoBB2d3cy13aXqwAQA&sclient=psy-ab&ved=0ahUKEwjv1bPdlazqAhXTKs0KHRe8DJEQ4dUDCAg&uact=5

For any reason chrome is maybe one of the most used broswers out there (i would not recommend it, nor do i know how that could happen). So your "discovery" is a bit off reality.

I dont see ads in browsers because i use steam.

Current browsers all use more than one process, for "features". Not to tell you, LOOOK HERE IS SOMETHING TO WORRY!

ShelLuser eredeti hozzászólása:

aiusepsi eredeti hozzászólása:

Yes, you can't run them backwards, but you can run them forwards a bunch of times until you hit on the answer you're looking for.

Yet that answer is usually a hash in itself.

Look up what rainbow tables are.

Anyway, why the discussion about hashes? Throwing around useless half-knowledge? The oint aiusepsi wanted to make is that the data can be de-anonymized. Which it can anyway as Steam is aware which account it is.

... again: which is true for most surveys if you have a closed group or they're given out specifically for you. (Personally I like the "completely anonymous" surveys companies to internally where each employee has a unique link to participate in.)

cinedine eredeti hozzászólása:

Anyway, why the discussion about hashes? Throwing around useless half-knowledge? The oint aiusepsi wanted to make is that the data can be de-anonymized. Which it can anyway as Steam is aware which account it is.

Not necessarily. The survey data might be DDBB stored in a totally unlinkable way to the account. (I know it could be eventually linked back given we dig enough into the rabbit hole)

In any case that doesn't exclude the discussed fact that given enough metadata almost any info can of course be de-anonymized, but not every source who gets that piece of info is doing it with that purpose.

There's a lot of misdirection in regards privacy worries (no wonder why as it's a complex issue becoming more and more complex each day) that often focus on the wrong targets.

There's a lot of teaching to do in regards this subject and threads like these are the proof that privacy is still a hard piece to chew for the largest part of the population.

Muppet among Puppets eredeti hozzászólása:

Steam knows the account you login with.
They can not see your computers mac address in the internet. And if someone can, why do you think the system info is so bad?

Do you worry about fingerprinting and leaking infos in browsers? I would start there to be concerned about.

Because serial number & mac hash are used to violates basic privacy by associating accounts and everything I do to my PC.
Its not about my damn mac address, its about tracking and fingerprinting by using info that the steam client absolutely shouldnt gather in the first place and has 0 reason to.

I mean if banks, papyal, credit cards (organizations that are designed from the core to track, spy and violate your privacy) use all sorts of fingerprinting and linking together in browser, by behaviour, by device IDs, apps, etc. NO SURPRISE....

But if Steam attempts to do that with the client?!?! Not only unexplainable but very shady aswell, like who knows what they will make out of this info.

A game launcher has absolutely no reason to do that and should collect as little info as possible, ideally not even IP addresses but for that there are atleast some more or less legitimate reasons.

And to your question: yes I do, have my all my browsers set up to block or spoof/randomize all known fingerprints (canvas, audio, webgl, many js functions) and on many sites i do much more to fully anonymize myself.

Because the epic game store is Chinese spyware. Do I care if an American company knows my personal information, no. Do I care if a country other than America has my personal information? Hell yes. Why? because I can sue the American company if they betray me. Anyone else is untouchable and can send me malicious content without repercussions. Another fact, Tencent has been known to blatantly copy American games, they are thieves that copy off the success of American companies. If they had their way, you would be playing some Chinese F2P, were you pay to play by the minute; literally you pay for 30 minutes of game time. WTF, this is F'n America, not some restricted Chinese gov. BS. American games are free like the people that make them.

Back to your question, "Why is steam client checking/saving your disk serial & mac hash?". Guess what, it doesn't matter, because Steam and Valve are 100% American owned. Nothing to worry about. Now if epic was doing that, I would be seriously concerned because of their close ties to the Tencent/Chinese government.

ok420 eredeti hozzászólása:

Because serial number & mac hash are used to violates basic privacy by associating accounts and everything I do to my PC.
Its not about my damn mac address, its about tracking and fingerprinting by using info that the steam client absolutely shouldnt gather in the first place and has 0 reason to.

Fortunately the hardware survey is opt-in. So you don't have to send it if you don't want to.
It's been explained why fingerprinting a survey can be necessary and how it doesn't mean the survey data to be relatable to the account itself. At the end of the day is the user choice to follow the survey or not. It won't even scan your computer unless you tell it to.

vexviron eredeti hozzászólása:

this is F'n America

No, its not.

And you might be surprised that america is not the country that is seen as state of the art for privacy.

Muppet among Puppets eredeti hozzászólása:

And you might be surprised that america is not the country that is seen as state of the art for privacy.

At least in Europe we came up with the GDPR. Thanks to it anyone can check now all their data stored in Steam.