Install Steam
login
|
language
简体中文 (Simplified Chinese)
繁體中文 (Traditional Chinese)
日本語 (Japanese)
한국어 (Korean)
ไทย (Thai)
Български (Bulgarian)
Čeština (Czech)
Dansk (Danish)
Deutsch (German)
Español - España (Spanish - Spain)
Español - Latinoamérica (Spanish - Latin America)
Ελληνικά (Greek)
Français (French)
Italiano (Italian)
Bahasa Indonesia (Indonesian)
Magyar (Hungarian)
Nederlands (Dutch)
Norsk (Norwegian)
Polski (Polish)
Português (Portuguese - Portugal)
Português - Brasil (Portuguese - Brazil)
Română (Romanian)
Русский (Russian)
Suomi (Finnish)
Svenska (Swedish)
Türkçe (Turkish)
Tiếng Việt (Vietnamese)
Українська (Ukrainian)
Report a translation problem
This topic has been locked 
Discussions Rules and Guidelines
Report this post
This thread hilariously says otherwise. Demanding everyone hand over their personal IDs just to make yourself feel better playing video games.
You can’t assume everyone takes it as seriously as you do.
And here is where your short-sightedness is at its peak. It’s not you that I’m worried about and it’s not even a solution that works.
There are at least 3 VAC banned/confirmed cheaters on your friends list... At least one of them also has a game ban. And you can't claim that its just new because its over 2400 days old at this point...
Might want to consider checking your own account over at Steamrep so you can see your friends with VAC bans. And before you snooping and try to call me out on it, I'm not the one who made a claim that there is no cheaters on my friends list. I know there is on my list, they were caught after I added them and got a chewing out by me and a bunch of others that are friends with them.
Cheating is SUPER easy and cheap. You can literally buy hardware that will help you cheat for just a few bucks. Heck there are keyboard you can buy now that some companies consider cheating to use features they come with. There are monitors that can put a crosshair on your screen in games that don't come with crosshairs. You can even "subscribe" to cheats that get updated and changed all the time. for just a few bucks a month.
Many cheaters don't care about the price. Heck in the past for games like Counter-Strike, when cheaters were caught, they would spin up a new account, buy the game over again, get a new cheat that wasn't being detected and keep playing.
No thats me being tired of seeing the same suggestions over and over and over and over and over and over and over and over and people not bothering to do a little bit of research, a little bit of searching before they make their threads of "I have a great idea how to stop cheaters!!!!" and then its just the same stuff over and over and over again....
So I put it in a copy and paste message that I update now and then with a list of why their ideas are not going to work...
Another reason why its so long is because when told their idea won't work, and explained why it won't work, they pivot to some other reason... which is then pointed out why it won't work... and so on...
We have seen it over and over again. We have literally seen it at least 400 to 500+ times if not more, again which is the reason why I have a copy and paste for this.
We have yet to see a single "I have a great idea to stop cheating" post that is actually a great idea. All of the ideas have problems that make all of them pretty much pointless.
You say, it should not be illegal, then say it protects them from jail... make up your mind. No, in most places they are not going to go to jail for cheating at a game... the places that they will go to jail, has massive human rights issues (china) and even there they still have cheating problems. South Korea its illegal to distribute the hacks.but you can still use them. You just can't give them to anyone.
There is literally nothing that has worked against cheaters because of how easy it is to change a cheat to be undetectable again... Even invasive anti-cheat software fails to stop cheaters.
Its always going to be an unending game of whack-a-mole till one side gives up.
All we users can do is hope the anti-cheat people keep working on things and don't give up.
In about 10 minutes on google you can find peoples identification for sale... hundreds or even thousands of them for pennies each. Its disturbing just how easy it is to find them stuff.
As for what are we trying to hide... I just don't want a gaming company to have access to government databases with my SIN number and other vital information that I can't easily change because some hacker broke into the gaming company.
I don't want to hand over that kind of information to a gaming company. I hand out as little personal info to gaming companies as I can. I don't even like them having my phone number.
Every website I sign up to I give false information when ever I can. Up till Valve was required by laws to ask for tax info, they never had my real name as I had many ways to buy games without giving them that info.
Same goes for google, facebook and lots of other websites. Lots of fake info in them even if they claim all of it has to be real.
As for linking system... there are ways.. but all of them can be easily defeated... because of how open PC software/hardware is.
Us "security warriors" as you put it, seem to know just how hard it is to stop cheaters and that whats being suggested is also rather pointless and would actually go against laws in our countries, laws that were put in place to protect our privacy.
this is why most games offer pay to win for all those people with no hope of having any skill they can simply buy a win or a better team.
stopping cheating is simply, just make a game that people can't cheat in, remove the element of cheating and you will notice the games die because the skill requirement thresholds to high.
That means anyone can verify that a passport is authentic, because the certificate you need to prove it is publicly accessible. You can download Japan's certificates here[www.mofa.go.jp] for example.
As to having to divulge ID information to a random company, that's a fair concern. It may well be possible to be sure, using cryptography, that a passport / ID number hasn't been reused without Valve knowing what that number actually is.
The concern that you may not have an eMRTD or a phone capable of reading one is also legitimate. At the moment, there's a system Valve uses called "Trust Factor" which allows them to factor in how legitimate they think your account is. Having a non-reused ID would be a strong signal to the Trust Factor system that your account is legit; it doesn't have to be a binary "provide ID or you can't play" system.
* Note: the information is encrypted and can't be read without reading the string of text (the one with lots of <<< characters) on the passport photo page, so you can't passively sniff this data over the air.
Stupid people do stupid things.
Nothing, but I don't want random people on the internet to know my address of residence for example
I don't have a facebook, and if Youtube recommendations are any indications of how well google knows me, they know me less than some rando on the internet.
If that were true, this topic wouldn't exist.
I don't like people enough to want to play multiplayer games with people.
Being disparaging of other members shoots your entire argument in the foot with 00 buck.
It's not about "hiding", it's simply about "privacy of personal information". Two very different things. Giving up sensitive information is not an offer that should be on the table.
Except it doesn't bother me. No pretending. But I don't think about my "investment" when I play games either. I just enjoy them and the ones I don't, I drop.
An ID is more than "basic level identification". And as said, according to the laws around here Valve isn't allowed to ask it or deny access if people don't provide it.
Yet again... NOT EVERYONE HAS A PASSPORT BECAUSE THEY ARE EXPENSIVE AND IF YOU DON'T TRAVEL WHY BOTHER WITH ONE....
Maybe all caps will help people understand why people don't have one.
Also not all phones have NFC... mine doesn't.
And on top of this, Valve would STILL need access to the database to verify the information is correct... because here is the thing.... the government is not going to give Valve the ability to decrypt the chips. You can also get blank RFID chips and write anything to them as long as you have an RFID writer... which is also cheap... like less then 30 bucks on amazon which allows you to write ANY information to the chip.
And if cheaters are willing pay for cheats and to buy the same games over and over again, which we know happens, then they could easily pick up an RFID reader/writer one time for 30 bucks and make up the needed info...
https://passwork.pro/blog/biometric-data-passport-can-it-be-hacked/
Random website, but that info can be found anywhere with a simple google search.
So no, an RFID chip on a passport is not as secure as you think it is.
As a programmer there was one simple thing I went by.... if it can be programmed, it can be hacked.
An RFID chip/information can be programmed, so it can be hacked. Even if encrypted.
Cryptography which Valve would have to have access to a database to know if the data is actually real or not... because as pointed out... passport RFID chips can be faked. How is Valve suppose to know you are scanning the chip from an actual passport, or some chip sitting on your desk.
It can however be decrypted... and as pointed out, can be used in fake passports.
Repeat after me... if it can be programmed, it can be hacked. Passport RFID is not fool proof. To detect fake ones, you need to have actual physical access to it... which Valve is not going to have. So any data sent to them doesn't actually verify anyone.
If Valve doesn't have the codes to read the info on the RFID, then its useless for Valve to bother with this method. And again no government in their right mind is going to give a gaming company the keys to decrypt the info on their passports and they are not going to give them access to a government database to know if the info is legit.
The "trust factor" system Valve uses, is of their own making as far as I know. And you can easily get a non-reused ID.... by making a new account. Your trust factor builds up by playing games and not having any issues like leaving in the middle of games.... It has nothing to do with actually verifying who is behind the keyboard which without having a Valve employee standing behind your chair, it not going to happen.
- The service that currently has an F with the BBB and has done nothing to fix it other than changing their TOS to not allow users to screen shot customer service interactions https://www.bbb.org/us/wa/yarrow-point/profile/online-gaming/valve-corporation-1296-27030704
- The service that does nothing for you if you are hacked
- The service that cannot maintain consistency in a TOS
- The service that one day randomly leaked and displayed users real names and info on their home page
I get where you are coming from, but you have far too much faith in theses companies to actually make the right call or the people running it to be completely neutral and not employ petty tyrants who have axes to grind
https://abcnews.go.com/Blotter/business-bureau-best-ratings-money-buy/story?id=12123843
If you'd read my entire post before knee-jerking out a reply, you might have seen that I say later in that post that it's perfectly legitimate for users to not have passports, or ID cards, or their passports/ID cards might not be eMRTDs, and their phones might not have NFC, so any system shouldn't be designed to require those things. I specifically addressed that issue.
You don't need any special access to decrypt the data on the chips. There's open source code which can do it, for example: https://github.com/AndyQ/NFCPassportReader or commercially available things like this: https://developers.innovatrics.com/digital-onboarding/technical/remote/dot-ios-nfc/latest/documentation/
How to do this is *not* a secret.
You can make up any info you like, you can't get the government to cryptographically sign any data you make up. That's the point. I can make up a 9-digit number, I can't get the government to cryptographically sign a 9-digit number.
It's possible older versions of the eMRTD standard could be skimmed, but as I mentioned in my prior post, the data on new (at least the last 15 years or so) the data is encrypted with a key derived from the MRZ on the photo page of the passport, so passive skimming won't work.
I shouldn't have to state the obvious here, but: governments literally use these for border security. There are automatic border gates[en.wikipedia.org] which use the data on biometric passports. If it's good enough for border control, I might say it's good enough for Steam.
Sure, but good luck decrypting something AES encrypted without the key, or forging digital signatures without the private key. The security of the internet is, in an extremely literal sense, founded on those being impossible.
If you could forge digital signatures, the security guarantees provided by TLS against man-in-the-middle attacks would be gone. That'd be bad!
That is a legitimately tricky problem. IIRC, this sort of problem solved with things like contactless credit cards by having the card itself be a tiny computer that's capable of cryptographic signing, so it has to sign a challenge which is presented during transactions, and the key material never leaves the chip. So you can't just copy data off the chip and reuse it, the actual chip has to be there.
I don't know if eMRTDs support anything like that, and I have spent enough time in my life staring at the ICAO documents describing it to dive into them again now; international standards can make incredibly dry reading. So: it might be possible to just clone the data off a passport chip and reuse that data undetectably, sure. It might also not be possible.
Even if it is possible, the crux is that the document ID is signed by the government, and you can't fake that (without stealing the government's secret key material, which would be... kind of a national security incident!). So, if we base a system on making it so that a document ID can be used only once in Steam, you can't clone a single passport 100 times for 100 Steam accounts, you would need 100 separate passports. That's harder. Making things harder for the bad guys is the goal.
It's possible that the bad guys might be given incentive to try to go out and steal a lot of passports, but I would be willing to bet that the incentive to steal passports to use on Steam is probably significantly lower than all the other mischief you could get up to with a lot of stolen passports.
You can prove the data is authentic, which is the important point.
As I said before, the keys you need to show authenticity are available to all. See the links to the code above, or try this app on a phone with NFC: https://www.inverid.com/readid-me-app
I think you missed what I was trying to communicate. The point of Trust Factor is to make it so that legit users are more likely to be matched together, and that non-legit (e.g. people who are using a new account because their old one was banned) are more likely to be matched together.
So things which increase your trust score are things which make it more likely that you're legit, for example, your account being more than 10 years old, or having lots of purchases or inventory items. Something which might decrease your score might be recently resetting your password, because there's a chance that's a symptom of a hijacked account.
Registering a passport ID which hasn't been used before could be a strong signal to the Trust Factor system that you're a legitimate user. It doesn't have to verify that you are exactly who you say you are to be a good input to the Trust Factor system, just like your account being 10 years old doesn't prove for sure that you are who you say you are.
Didn't say that it was. You could use passports as a component of an identity-verification scheme, but I was not suggesting that. Other people might, but I'm not.
https://www.trustpilot.com/review/www.steampowered.com
Pick your review of commerce website.
Good chance that Stream is ranked VERY POORLY
at some point, it's not the business review site, it's the business
It makes sense that every site on there would be rated very poorly (EGS is rated half a point lower than Steam is, out of 5) because nobody goes looking for a third party site to complain on when they have a good experience.
The point is, you can link to new websites where people can post yelp reviews of other websites all day, but it's not going to change the experiences that the people reading this thread, who already use Steam and understand how it works, have had.