In a 2016 presentation at the Usenix Enigma security conference in San Francisco, Rob Joyce – head of the NSA’s Tailored Access Operations – stated that the popular PC game distribution service Steam can be used by the NSA to remotely access your computer and the networks it is connected to. For anyone who values privacy and security but who also wants to play PC games, this has been problematic. Until now?
Valve, developer of Steam, recently fixed a remote code execution vulnerability that has existed in all versions of Steam for the past 10 years. Could this be the backdoor that was used by the NSA? Were other spy agencies (or criminal hackers) also aware of it, and actively exploiting it? Are there more vulnerabilities in Steam (or in games downloaded by Steam) still undiscovered?
If you value your data privacy, it is always safer to avoid closed-source commercial software such as Steam and Windows. Two free open-source operating systems that are designed to protect your privacy are Qubes OS (which must be installed onto a dedicated computer) and Tails (which is designed to be run from a USB drive without leaving any trace on the computer’s internal hard drive). Use a separate computer for playing games.