Valve Bans Developer From Steam for Prank Exposing Vulnerability - Update

[LordMonty]

[HEADING=2]Good intentions do NOT justify illegal activity.[/HEADING]

Except when they do.

A revolution could be considered illigal but the perspective of 'who' your rebeling against is a factor to consider and a point of view so, and evil in the same logic comes into the defintion of who views what evil and when?

Perspective really matters this whole thing could've been worse if it was found and abused later by people with real ill intent, so forcing Valve's hand was quite likely for the best. Shame this man got punished for what was a break of the rules and so be it they have rules they must inforce. But it takes nothing away from him being a martyr in some regaurd for Value's failure in acting quickly on a breach of its systems.

 

[RicoADF]

Regardless of the context or lack of actual fallout, using the exploit counts as hacking. I am unaware of any jusridiction in the US where cybercrime gets a free pass.

Just to clarify something you seem to mistaken. The dev did not commit a crime in any form, he used his access that he had from work to demonstrate that scripts can be executed in announcements and store pages after alerting valve to the potential of misuse. They banned him because he made them look bad not because he broke any laws.

I'll admit I have no clue what hacking is before I respond, so I could be very wrong on this. But he still tampered with something and the definition of a hacker is "someone who seeks and exploits weaknesses in a computer system or computer network" He exploited a weakness by changing... whatever he did.

Hacking is gaining access to a system (weather network, hardware or software) which you have not been granted access to (breaking and entering/tresspassing would be the real world equivalent). The dev had access and was allowed to modify the news post. He added a code that made the screen shake to show that there was potential for misuse. As such he did not hack or misuse anything and valve should apologise and reinstate his account immediately if they haven't already.

 

[Magmarock]

Like I needed another reason to hate Valve. They should be paying this guy not banning him. He pointed a problem with their system, they didn't listen and when he proved it, then they banned him.

The share audacity of Valve. Yes he broke the contact but this feels like a total violation of not only his basic consumer rights but ours as well.

I really believe more government action needs to be taken towards those end user agreements. EULA are obvious being used to exploit people and it needs to stop.

 

[WhiteTigerShiro]

Good intentions do NOT justify illegal activity.

Except when they do.

The road to hell is paved with good intentions. If Valve did not rush to fix the exploit after his demonstration then all sorts of nonsense could have happened.

The road to hell has a highway- appeasing the word of the law and not the spirit of it.

Which is an interesting way of putting it, because technically it makes both of our arguments right. He was right in that the expression does apply to this situation, but I was right in that it doesn't apply to his actions. Simply put, his actions didn't lead to any sort of metaphorical "hell" that were caused by his good intentions. Meanwhile, the guy who issued the ban, while he meant well (he was just following what the ToS dictated, after-all), caused a little bit of negative PR for Valve and Steam.

But anyway, it looks like they were able to sort it out, so at least it all had a happy ending.

 

[WhiteTigerShiro]

Like I needed another reason to hate Valve. They should be paying this guy not banning him. He pointed a problem with their system, they didn't listen and when he proved it, then they banned him.

The share audacity of Valve. Yes he broke the contact but this feels like a total violation of not only his basic consumer rights but ours as well.

I really believe more government action needs to be taken towards those end user agreements. EULA are obvious being used to exploit people and it needs to stop.

*Ahem*

Update: looks like there's a happy ending. The dev got unbanned

https://twitter.com/tomasduda/status/479031656184295424

 

[Shadow-Phoenix]

Like I needed another reason to hate Valve. They should be paying this guy not banning him. He pointed a problem with their system, they didn't listen and when he proved it, then they banned him.

The share audacity of Valve. Yes he broke the contact but this feels like a total violation of not only his basic consumer rights but ours as well.

I really believe more government action needs to be taken towards those end user agreements. EULA are obvious being used to exploit people and it needs to stop.

*Ahem*

Update: looks like there's a happy ending. The dev got unbanned

https://twitter.com/tomasduda/status/479031656184295424

Even after reading the news and the comments section and getting the whole story, I still have one simple question from all this, should we go back to dick sucking Valve and praising them to the high heavens like they are our personal best buddy?.

 

[Headsprouter]

I don't think Valve is overreacting too much.
He should've thought before acting like this on an account used for his job...

Can you overreact too little?

Valve is known for its heavy-handed approach to these kind of things. But in other cases when people expose exploits in TF2 for example, such as recoding crate-a-pults (that MIGHT be the actual name...) to be usable as a key since they are the only item besides keys usable on crates, which was more quietly exposed to Valve because it would have broken the economy. And then they gave them unusual hats!

(But one of the guys asked for an unusual which the TF2 Wiki people didn't like him having [unusual wiki cap], so they got butthurt and asked him to pick a different one. Guys. He's one of the two people who saved the TF2 economy. LET HIM HAVE YOUR STUPID HAT.)

Considering the kind of thing the OP says this exploit could have created gateways to, I think Valve's reaction was actually pretty gentle. If all the repurcussions last only a year, damn, that's light.

Good intentions, but he didn't think it through. Nobody's the bad guy, here.

 

[Agente L]

Valve should be more careful with this kind of thing. Sure, he did hack steam, but they should give him a slap on the wrist and then fix the bug, not ban a game developer over it.

Valve really need to hire more community managers/support so they can deal with all of this.

 

[Kahani]

I mean from one point, he did contact Steam and they did nothing.

So he claims, and he may well believe that. But he has absolutely no idea if it's actually true. Fixing bugs and releasing a new version of something like Steam is far from trivial. With the limited information we have, this seems much more like a case of "I reported something and they didn't act fast enough or give me sufficient acknowledgement for my liking" rather than "I reported something and they didn't care and told me to bugger off". If you have a complaint, with any company for any reason, the next step after reporting it and not getting the reaction you want is to keep complaining, escalate things, demand to talk to a manager, and so on. Taking things into your own hands is almost never a sensible course of action.

 

[erbkaiser]

Oh that is funny. www.istimmystillbanned.info has the same "exploit" on it: on a touch device, do the Konami code

 

[fix-the-spade]

Good Valve saw a degree of sense in the end.

It would be one thing going mental when someone breaks into your house, it's quite another to go mental when someone who works with you spends weeks telling you your front door's broken and you ignore them until they walk in and sit on your couch.

Yes he broke the system, but Valve really brought that on themselves.

 

[Vivi22]

It's unclear whether this is because the initial ban was a sudden reaction by some moderator or security personnel or if Valve considered the PR implications.

I would bet large sums of money it was the former.

 

[FancyNick]

I'm going to go out on a limb here and say this was probably the result of a knee jerk reaction by some moderator. The people at valve are human and humans are keen to making mistakes. Valve isn't the devil yet, move on.

 

[RandV80]

Yep that's the same thing I figured, and totally called this in the 6th post. When you 'report' something it tends to have to be filtered through some bureaucratic process. When you 'break' something you're calling down the law with a much swifter response. Generally these are two different entities that don't necessarily work on the same page. That's why in Valve's case you allow for an appeal process.

 

[NuclearKangaroo]

i bet people will still accuse valve of not listening to its community

well its good to see the man banned, he had good intentions in the end afterall, but he and everyone else should think twice before trying to break their contracts

 

[KungFuJazzHands]

I'm going to go out on a limb here and say this was probably the result of a knee jerk reaction by some moderator.

I agree. Steam's moderators are known for their quickfire nonsensical bans, and this case reeks of overreaction on the part of a single employee. Maybe Valve will look at this as a "lesson learned" and finally start putting leashes on the mods that are more prone to hysteria.

Honestly though, I wouldn't put it past one of the bigwigs at Valve to have ordered the ban simply because they were embarrassed that Duda exposed the company's ineptitude in such a colorful manner.

 

[AstaresPanda]

....... Wait they ONLY banned him for a year? I am ALMOST surprised at the comments in the thread, but not really.

Take this into context of another situation. A bank has a security flaw in their ATM, and at a company that has the contract to load software ads into the ATM(common in areas of America) an employee notices this fault. So as a joke to point out the issue after you put your card in the system, put in your pin, and request cash he makes it play the harlem shake for 60 seconds and flash the screen. The bank would press charges, and people would be IRATE.

MANY people have their credit card data in Steam, MANY people have hundreds of dollars in games on Steam. ANY hack or attack on that system is playing with a system that other people have invested money and or time into. As a DEVELOPER he should have known better as a gamer he should be appalled at himself.

said it dead on. He cant really ***** and i dont know why people are bitching at valve. They forget what is locked away in valve. So for some tit to pull this is very n00bish, then he goes and cries about it ????!?! trololol

 

[ckam]

I can see the wrongs and rights of both parties, but why don't we just fix the problem and then call it a day?

 

[waj9876]

Are people seriously saying he deserves it? Because he "hacked" Steam?

Is "hacker" the new "terrorist" and anyone who does anything unusual the common people don't know about is going to be labeled a hacker by everyone and their grandmother?

He didn't hack shit. He pointed out a flaw that anyone could exploit, hack free, and when it was ignored he did something completely harmless to get people to notice.

 

[WhiteTigerShiro]

Since there's still a little activity here, here's a blog post I wrote [http://whitetigershiro.blogspot.com/2014/06/game4thought001.html] that goes into detail on why I am more-or-less completely on the side of the developer who got banned, and feel that Valve/Steam should be held accountable for the entire incident.