The brand new Steam Chat has just launched. Barely 24 hours later and rumblings of a possible exploit and “spying” have surfaced.
According to Reddit user u/Presistan, it was possible to exploit Steam Chat. This would allow you to listen to your friends without them knowing. Other users were alarmed and chimed in, and soon the post was shared on other subreddits as well. To some, it felt like a serious breach of trust, a violation of laws, or, simply put, spying.
Steam Chat gets a quick fix
Sometime later, Valve representative u/jmccaskey replied in the thread, and he couldn’t help but throw some shade at Presistan.
In some ways, the Valve representative does have a point. While nobody wants their privacy to be exploited through Steam Chat, it’s probably not a good idea to tell the world about a way of doing so. After all, we live in an interconnected, digital world filled with strangers. We’ll never know how many bad apples out there are looking to cause harm. The Steam Chat vulnerability might be something they wouldn’t have known about had it not been highly publicized.
Fortunately, in this case, if you were kicked you continued to show up as in the voice chat in your own friends list, and you could leave from there. You were in a weird state transmitting but not receiving, but you would have still seen that you were in the voice chat.
That’s why jmccaskey mentioned Steam’s program with HackerOne where white hat hackers and computer wizards check vulnerabilities in the system. It would be more responsible to report a security issue there rather than telling millions about it.
