Ursprünglich geschrieben von Kage Goomba:

You are misunderstanding and frankly everyone here needs to stop complicating this and simply say "NO"

What you are looking at is an API Interface that is using Steams interface to tempt you to log in.

So yes THAT part is official - but it is a trap - period.

Just close that window and walk away before you regret it.

People should stop being technical and call it like it is - its a threat - its not trustworthy - period.

Anything outside Steam's client or their primary domain is suspect and not trustworthy. Period.

So if you don't understand what I just said - close the window and walk away.
That's it - no more no less.

Except... that's a lie. I used steam trades for 13 years... I login on isthereanydeal all the time and I used barter for a few years. What threat could it be when those can't even access the private information like Login ID and password? It literally can't access sensitive info. o.O

Ursprünglich geschrieben von Zork:

Ursprünglich geschrieben von Kage Goomba:

You are misunderstanding and frankly everyone here needs to stop complicating this and simply say "NO"

What you are looking at is an API Interface that is using Steams interface to tempt you to log in.

So yes THAT part is official - but it is a trap - period.

Just close that window and walk away before you regret it.

People should stop being technical and call it like it is - its a threat - its not trustworthy - period.

Anything outside Steam's client or their primary domain is suspect and not trustworthy. Period.

So if you don't understand what I just said - close the window and walk away.
That's it - no more no less.

That is very clear, thank you.

How can the API there fish out my Steam ID? There must be a connection/leak somewhere.

Pass-The-Cookie.

Basically there's no easy means to explain what this type of exploit is, but the most basic one is that if you log into a website, they get a cookie, that cookie then can be taken by another user from that website, altered and used to log into your account while bypassing most security measures you have in place.

Its akin to giving your friend a key to your garage but not your house, someone cleaver can take that key and get into the garage, and then your house without having to ever meet you, they just need to meet your friend.

In that example, the friend is your browser, and the key is the cookie.

Ursprünglich geschrieben von Zork:

Ursprünglich geschrieben von Kage Goomba:

You are misunderstanding and frankly everyone here needs to stop complicating this and simply say "NO"

What you are looking at is an API Interface that is using Steams interface to tempt you to log in.

So yes THAT part is official - but it is a trap - period.

Just close that window and walk away before you regret it.

People should stop being technical and call it like it is - its a threat - its not trustworthy - period.

Anything outside Steam's client or their primary domain is suspect and not trustworthy. Period.

So if you don't understand what I just said - close the window and walk away.
That's it - no more no less.

That is very clear, thank you.

How can the API there fish out my Steam ID? There must be a connection/leak somewhere.

I'll try again - since you're curious.

The API is a "Bridge"

Steam Trades is giving a Bridge.
The information you give that interface is going back to steam - but the "Bridge" will pull the date you gave Steam and use it for their own purposes - notably an API Key/Token will be generated - think of it as a glorified "Autologin" that will be used by steamtrades however they wish.

If it was a legit site - Steam would sanction them - I don't see them saying one bloody thing - if anything they are saying "don't" - in fact the Terms of Service specifically warns you against sharing your account information - under that context your risking an account ban.

A legitimate version of this "Bridge" would be Elite Dangerous - their interface at their main site (frontier is the name of the company) will have you log into Steam (and even they have warning prompts etc) - so your "Stuff" in Elite will tie to your Steam Account.

This is a Game - A game Steam sells - A game that has fine print telling you this is a thing.

Bottom line - its a tool that's used in a lot of places - no one said the tool would always be in "trusted hands"


As to your question as to how they get the info?

Simple - you give it to them.
There's no leak - no hacking.

Its a phishing tactic - you are voluntarily giving it to them.
This is why people get suckered so easily.

So long as you didn't type a bloody thing and didn't hit OK/Submit - your in the clear.

Congratulations - you just dodged social engineering attack.

Ursprünglich geschrieben von Seraphita:

Ursprünglich geschrieben von Kage Goomba:

You are misunderstanding and frankly everyone here needs to stop complicating this and simply say "NO"

What you are looking at is an API Interface that is using Steams interface to tempt you to log in.

So yes THAT part is official - but it is a trap - period.

Just close that window and walk away before you regret it.

People should stop being technical and call it like it is - its a threat - its not trustworthy - period.

Anything outside Steam's client or their primary domain is suspect and not trustworthy. Period.

So if you don't understand what I just said - close the window and walk away.
That's it - no more no less.

Except... that's a lie. I used steam trades for 13 years... I login on isthereanydeal all the time and I used barter for a few years. What threat could it be when those can't even access the private information like Login ID and password? It literally can't access sensitive info. o.O

Is it?

It's 3rd party.
Steam won't sanction/back you up if you fudge it.
So unless your willing to accept the risk - its not trustworthy.
Frankly newbies have no business going there.

I can't stop them - but considering the number of people who showed up after getting phished - yeah no.

Steam already has a trade system - and its backed by their own ToS - no its not polite - yes it has annoyance - those annoyances keep people from doing stupid things.

So yeah - I'll take Steam's trade system over 3rd party - thanks.

Ursprünglich geschrieben von Kage Goomba:

As to your question as to how they get the info?

Simple - you give it to them.
There's no leak - no hacking.

Its a phishing tactic - you are voluntarily giving it to them.
This is why people get suckered so easily.

So long as you didn't type a bloody thing and didn't hit OK/Submit - your in the clear.

Congratulations - you just dodged social engineering attack.

Bruh... I usually trust you to be rational but I must remind that steamtrades has been used by millions of people over 15 years. And you're now throwing rumors (which are not based on any evidence) that the website is a scam? Come on, now. It didn't appear today...

Same thing for other websites I login to. They literally can't steal my account even if they wanted because it's not the same thing as manually entering your info which too many people do (CSGO anyone). I was also paranoid and yet, steam trades works great.

Ursprünglich geschrieben von Kage Goomba:

Is it?

It's 3rd party.
Steam won't sanction/back you up if you fudge it.
So unless your willing to accept the risk - its not trustworthy.
Frankly newbies have no business going there.

I can't stop them - but considering the number of people who showed up after getting phished - yeah no.

Steam already has a trade system - and its backed by their own ToS - no its not polite - yes it has annoyance - those annoyances keep people from doing stupid things.

So yeah - I'll take Steam's trade system over 3rd party - thanks.

You're being paranoid because csgo people complain about being phished all the time, which is fair. Who ever complained once about being phished over steamtrades? Or barter? Or even isthereanydeal? Those never actually take your sensitive data. It's all very safe.

In fact, the only "risk" is that you take the risk to trade with someone and hope that they will not run away with your items. But that's part of the risk of trading games. You can always report them with proof on steamrep, they'll be marked as scammers / untrusted.

Ursprünglich geschrieben von Seraphita:

Ursprünglich geschrieben von Kage Goomba:

As to your question as to how they get the info?

Simple - you give it to them.
There's no leak - no hacking.

Its a phishing tactic - you are voluntarily giving it to them.
This is why people get suckered so easily.

So long as you didn't type a bloody thing and didn't hit OK/Submit - your in the clear.

Congratulations - you just dodged social engineering attack.

Bruh... I usually trust you to be rational but I must remind that steamtrades has been used by millions of people over 15 years. And you're now throwing rumors (which are not based on any evidence) that the website is a scam? Come on, now. It didn't appear today...

Same thing for other websites I login to. They literally can't steal my account even if they wanted because it's not the same thing as manually entering your info which too many people do (CSGO anyone). I was also paranoid and yet, steam trades works great.

They say the same thing about CashApp.

The question you need to ask is will Steam help you if you get suckered?

If that's a no - then you have your answer.
If Steam sanctions use of the system - then I retract my "paranoia" and default to "be responsible" with your information.

Ursprünglich geschrieben von Kage Goomba:

They say the same thing about CashApp.

The question you need to ask is will Steam help you if you get suckered?

If that's a no - then you have your answer.
If Steam sanctions use of the system - then I retract my "paranoia" and default to "be responsible" with your information.

The thing is. It was already set on FIRST post that it wasn't a part of steam so of course they will not help you if you link your account to steamtrades. It's a risk that you take but the risk itself is not with steamtrades itself but with the people you will be trading with. XD.

What I am saying here is, and trust me I would not risk my whole steam account to try to phish someone as I love my games too much, linking your account the way steamtrades does is safe. Or at least it's been safe for me and millions of other users for over a decade.

NOW yes, if you get scammed by someone you trade with, steam will not involve itself. You have to take it to steamtrade mods. Same with barter (another trade website). Barter will be the one to manage users if you find yourself with a bad trader but such is the risks.

BUT more to the point. No, he doesn't risk his account's integrity by linking his account to steamtrades. Common sense says to just never enter info manually. I'm just really trying to help the OP understand how the whole steamtrades fun side of the world works.

Ursprünglich geschrieben von Seraphita:

Ursprünglich geschrieben von Kage Goomba:

They say the same thing about CashApp.

The question you need to ask is will Steam help you if you get suckered?

If that's a no - then you have your answer.
If Steam sanctions use of the system - then I retract my "paranoia" and default to "be responsible" with your information.

The thing is. It was already set on FIRST post that it wasn't a part of steam so of course they will not help you if you link your account to steamtrades. It's a risk that you take but the risk itself is not with steamtrades itself but with the people you will be trading with. XD.

What I am saying here is, and trust me I would not risk my whole steam account to try to phish someone as I love my games too much, linking your account the way steamtrades does is safe. Or at least it's been safe for me and millions of other users for over a decade.

NOW yes, if you get scammed by someone you trade with, steam will not involve itself. You have to take it to steamtrade mods. Same with barter (another trade website). Barter will be the one to manage their users if you find yourself with a bad trader but such is the risks.

BUT more to the point. No, he doesn't risk his account's integrity by linking his account to steamtrades. Common sense says to just never enter info manually. I'm just really trying to help the OP understand how the whole steamtrades fun side of the world works.

I can accept that - however - this precludes user has an understanding of what to do and not to do.

But as I said - if there's no recourse to Steam via 3rd Party - you're setting yourself up for a disaster.

And we all know how people get when things go wrong - granted usually by their own hand.

Ursprünglich geschrieben von Kage Goomba:

I can accept that - however - this precludes user has an understanding of what to do and not to do.

But as I said - if there's no recourse to Steam via 3rd Party - you're setting yourself up for a disaster.

And we all know how people get when things go wrong - granted usually by their own hand.

Well, true. But I want to make things clear about what OP is asking and I am seeing concerning answers when people jump on the "Don't do it, you will be phished and put your account at risks!". And I understand the feeling, I really do. I was paranoid as well.

I learned all means of protecting myself and honestly, when I saw how this website and some other ones I named function, I shrugged and thought it was pretty neat. What they do is really just link your public steam ID (The unique string linked to your account) to make a new account on their own website. Now how is used? First so they know who you are.

By example, in steamtrades, it allows them to see basic information about you. For the sake of if you're trustworthy or not. If someone has something to hide, people may not trust them in a trade. Which is fair. it does not reveal any sensitive info about your account.

In Barter, it pushes a little further to know your wishlist or your owned games (As long as you make them public in steam. Website cannot bypass that). It allows people to know what you're looking for and what they may tempt you with in a trade for other games that you have. All of it is transparent and this is why it's trusted. Barter has a steam group, btw.

https://steamcommunity.com/groups/bartervg

For isthereanydeal, by example, it allows you to link your wishlist for sales if you want, always as long as you allow it to be seen in public in steam itself because they cannot take what they do not see. I never was left with the impression that they phished. It's all well done.

So yes, CSGO phishing exist in mass and it makes people afraid. But this is not CSGO trading and I would never recommend getting close to those shady websites anyway. I personally vouch for steamtrades, having used it for long. But yes, it's not affiliated to steam.

Edit: Just remembered that isthereanydeal also have a group. Very good one, too.

https://steamcommunity.com/groups/isthereanydeal

Holy... There's a lot of uneducated in here, or they're just paranoid of any 3rd party website that asks you to login with your Steam ID. CS:GO users? lol

To answer your question - While not affiliated with Valve, it is safe, along with SteamGifts. Anyone who tells you it isn't is either uneducated or paranoid. I've be been signing into those sites for over a decade.


Here you go:
https://www.steamgifts.com/user/boxanata
https://www.steamtrades.com/user/76561198037084966

Ursprünglich geschrieben von boxanata:

Holy... There's a lot of uneducated in here, or they're just paranoid of any 3rd party website that asks you to login with your Steam ID. CS:GO users? :wheelchair: lol

To answer your question - While not affiliated with Valve, it is safe, along with SteamGifts. Anyone who tells you it isn't is either uneducated or paranoid. I've be been signing into those sites for over a decade.


Here you go:
https://www.steamgifts.com/user/boxanata
https://www.steamtrades.com/user/76561198037084966

And it's important to remind people that NO manual information is entered. The steam account is only linked in order to match the new account with whoever we are on steam. It's all it does and the websites only see the data that we allow it to see. (privacy settings)

The only legit form of trading is done through Steam itself. If you have to use a third party site... That's a risk you take on your own cognitive. Any third party site like that opens you up to potential scams, even if not perpetrated by the site owners themselves. So keep in mind that if you get scammed, Valve will NOT help you.

Ursprünglich geschrieben von Seraphita:

Ursprünglich geschrieben von boxanata:

Holy... There's a lot of uneducated in here, or they're just paranoid of any 3rd party website that asks you to login with your Steam ID. CS:GO users? lol

To answer your question - While not affiliated with Valve, it is safe, along with SteamGifts. Anyone who tells you it isn't is either uneducated or paranoid. I've be been signing into those sites for over a decade.


Here you go:
https://www.steamgifts.com/user/boxanata
https://www.steamtrades.com/user/76561198037084966

And it's important to remind people that NO manual information have to be entered. The steam account is only linked in order to match the new account with whoever we are on steam. It's all it does and the websites can only see the data that we allow it to see.

Yup. Both sites use the Steam OpenID provider to allow them to authenticate users SteamIDs without requiring them to enter their Steam username & password. There's nothing malicious or nefarious happening here. lol

For the OP, see here:
https://steamcommunity.com/dev
https://www.steamgifts.com/about/faq

Ursprünglich geschrieben von boxanata:

Yup. Both sites use the Steam OpenID provider to allow them to authenticate users SteamIDs without requiring them to enter their Steam username & password. There's nothing malicious or nefarious happening here. lol

For the OP, see here:
https://steamcommunity.com/dev
https://www.steamgifts.com/about/faq

Nice link. I was looking for them like a goof. But yeah. Authenticate was the word I was looking for. It's really just for identification purpose but steam account itself is never threatened. But as Chika said. If something happens, it is not the business of steam to fix it anyhow. These websites have respective teams to contact for these problems if any.

P.S.: These teams will NEVER ask for ID or PASSWORD either, by the way. It's all in-site.

Ursprünglich geschrieben von Chika Ogiue:

The only legit form of trading is done through Steam itself. If you have to use a third party site... That's a risk you take on your own cognitive. Any third party site like that opens you up to potential scams, even if not perpetrated by the site owners themselves. So keep in mind that if you get scammed, Valve will NOT help you.

This is the core of my point and sentiments right here.

You either accept the risk - or you don't.
In this day and age - better to be safe than sorry.