Civ 5/Steam:Offline Mode Question

Its up to everyone to decide for himself what will he/she believe.

The first part is your opinion, therefore i will not argue about this with you. (even if my thoughts differs a bit ;) ). But in the quoted point i can agree, everybody here will come to a different conclusion, based on his own experiences, expectations and his speculation. The problem in this discussion (or better: presentation of opinions) is the general lack of respect towards different conclusions.

Edit:
Considering your Edit: Following my educated (believe it or not, there will be no prove from my side) guess about what is (a couple of things, but not everything already anticipated) / will be possible. I have enough reasons to be very cautious towards the availableness of my data (and not only the so called the personal informations). Let´s finish this with a nice quote: “I keep saying that the sexy job in the next 10 years will be statisticians,” said Hal Varian, chief economist at Google. “And I’m not kidding.” (link)
 
Same can be said about every piece of SW. Lack of proof that some1 is stealing in local supermarket doesnt mean that person should have to provide proof that he isnt stealing.
Poor argument.

In the context of the current discussion this person already would have been at the exit and would have had some goods in his hands.
What you are trying to indicate is that "it might be that he just wanted to turn back to the cash desk".

Fact is that any "Joe Average"-user of the Steam client would assume that "offline mode" means "no communication between my computer and Steam's servers".
And that is what not is being done.
 
Quickly just to get this out the the way, I've been playing the Civ series since Civ1 released. I have enjoyed all Civ releases and loved AC.

Since I haven't seen it in this thread, and am a fan of the series so much I though of warning some about steam in offline.

Do not count on offline mode to always work. Yes, it might work 98% of the time for most but sadly for me there have been instances when It didn't and I was was royally annoyed. Nothing like being on a long trip (train/plane) only to find out Steam could not run as for some reason it would be stuck in a update loop. This has happened to me on a few different systems and even the home PC when the net was down. The only solution I found was to hook up my mobile phone and let it connect so I could re-connect once, then unplug the phone and run in offline.

The other thing that hasn't been mentioned about steam and has affected me is the inability to have multiple steam games running from different computers. I've had friends over and we split and wanted to play different games, I couldn't let one guy use my killing floor account while the rest played BF:BC2, games that I payed for but was unable to use one. When you buy a DVD/store game/console game you can always lend it out after your bored with it or don't need or just use it to quickly entertain that extra guest, not so with steam.
One other example is that sometimes I play more games at once. I have civ4 running on the laptop while playing CS:S. If I bought civ4 though steam this would be a no go. One of the main reasons I also will avoid Civ5 on steam if I can.

In the beginnings, the "trivial" unable to log into steam more then once didn't bother me but as my catalog of games has grown over 50+ games through steam it is starting to rear its ugly head, especially with turn based games.

I find that Impulse is great in this aspect. I can run the games directly from the install folder bypassing Impulse or from the Impulse launcher if I want to connect. I can even "install" games offline to another PC, I just copy the game over and enter the serial key which I store in a txt file and run the games executable file, brilliant.

Would I buy Civ5 if it was only on steam? Probably once it was price reduced(I've decided to never pay full price for full games I can't fully use) and even then I would always have civ4 installed as a fallback game in-case I can't connect to steam.....again.
 
Ori, what evidence do you have that sinister data collection is taking place? Or would your definition of undesirable data collection include the Steam client checking to see if a newer, updated, more secure, bugfixed version is available come under that?

Do you ever get tired of manually updating Windows, your browser, your anti-virus and all the rest?

1) it claims that it does not check for updates - hence the need for an updated version before going to offline mode
2) I never said something about sinister data collection - I said something about misleading the customer. If you offer someone an "offline mode" and tell them it does not connect to the server ever then it damn well better not connect to the server ever. My main gripe is misleading information or even plain false information like the one from Take2.
3) Actually no: I know what the programs do, I know what I allow them to do, and I do not get tired of doing it manually for the programs I decide to set to manual updates.

Yes, checking for updates is a violation of rights.

It is a violation of what they tell you it does.

Its not "calling home" its checking for connection to servers which are core part of that service. When you start it in offline mode it WONT connect to them even if you have active connection. It will just check if connection is available because it most likely was easier to program it this way when this program was created.

1. I am carefull about privacy, but I couldnt care less if some company see that I played game XY for X hours in last 14 days and what HW do I have in that PC (HW data are collected/sent only if you agree to it).

2. To be used for security breach attacker would need to take total control over Steams master servers which is about as likely as taking over control of Microsoft master activation server (and from my experience working in IT i know how well protected such servers are - without very very good knowlage of systems, databases, encryption etc. which those master servers use attacker would need some time to be in control of those servers to start such attack). This is not some server hosting high school email system with protection software bought for 20€.

3. Unstable connection isnt problem in my experience. Sometimes when I use my notebook and I have wifi connection I start Steam in online mode, when I have to go I simply put NTB into hibernation and when I can use it again I resume from hibernation, start game and if that game was activated already and unless that game need internet connection to be played (for example DoD:S) that game will start.

4. Most people have either no data limits or at least reasonable limits (in my country all major providers canceled data limits years ago, with exception of mobile internet). And being online in itself dont consume much bandwith (unless you are installing some game from Steam servers or downloading updates).


There is no easy way of checking what data is transferred - but even if it just pings the server it "calls home" and I doubt it does just this. But frankly they tell you it does not communicate with the servers in offline mode - when it in fact does, whatever data is transferred doesn't matter for the fact that it does something that they tell you it doesn't.

1) doesn't mean everyone finds this data to be ok for publicity, and again, I don't have a problem with the collection if they are truthful about it.
2) this is just not correct: every program that has any kind of two way communication can have security flaws that allow its misuse without taking over the servers - microsoft windows has in the past been a prime example for this.
3) the stated behavior is that if you wish to use a game offline you need to put it into offline mode - whether that is true or not I don't know, but I'd be surprised if there were not problems associated with dropped connection ever.
4) *most* doesn't mean its not a problem for every customer - In Germany ~15% of internet users are not covered by this (2009 data).

But again: I don't mind a company implementing such a scheme - I mind them not being truthful about it.
 
tl;dr: Offline Mode shouldn't be taken literally. It has problems. You will need to connect to Steam periodically. You will not be installing this game, turning on Offline Mode and never connecting again until patch day.


(HW data are collected/sent only if you agree to it).
I believe that policy only applies to the public version of the Steam Monthly Hardware. I suppose we can ask 2K what data their non-public reports contain. But when you install Steam, you agree to their data collection policy - which is not the same as the opt-in Hardware Survey. http://www.valvesoftware.com/privacy.html
By using Valve's online sites and products, users agree that Valve may collect aggregate information, individual information, and personally identifiable information, as defined below. Valve may share aggregate information and individual information with other parties. Valve shall not share personally identifiable information with other parties, except as described in the policy below.

2. To be used for security breach attacker would need to take total control over Steams master servers
"Steam" isn't just a DRM system. It is also a storefront and in-game community client, using a web interface, which has its own inherent and discrete vulnerabilities.
http://seclists.org/fulldisclosure/2009/May/165

Hacker site database, documenting an exploit/attack vector:
http://www.milw0rm.com/exploits/9386
Among other things, this underscores that Steam runs a local admin level service, as a matter of convenience. Without that service you'd be prompted with UAC dialogs frequently - but with the service, the user really does have control about what the client is doing - or what some 3rd party malware written to attack the client is doing.

Another browser tech vulnerability for Steam client (2008, Internet Explorer) courtesy of McAfee:
http://vil.nai.com/vil/content/v_147315.htm

So, these were first hits on googling "steam vulnerability". We have a McAfee report, a hacker site db entry, and browser vulnerability. You can google yourself for more examples, including this one - which has pictures:
http://www.sophos.com/blogs/sophoslabs/?m=200902

Please don't guess about stuff like this. It isn't just your own computer that is affected and you are being irresponsible by trying to allay concerns - when people should be concerned. Everyone should be aware of risks, and stop assuming Valve is protecting you - they won't fix your PC or cover loss of data if an exploit comes in through a Steam related vector. Put another way, without Steam, you have fewer vectors of attack. With Steam, you have more points of failure in your own PC/LAN security. Do you use firefox, block cookies and run adblock or noscript to protect against java, JS, or Adobe exploits? I do. But even now with the webkit based client, I cannot block cookies, scripts, or flash. Their client is a complete black box, and I'm at their mercy to protect my computer. And they do about as a good job of it as Microsoft (IE) and Adobe (Flash). Which isn't all that great. Moving to a webkit-based client just gives us another relative unknown.

Most people have either no data limits or at least reasonable limits
You and I do not have limits. Maybe most people do not have limits. You can read on any given day of the year on Steam forums from someone in Australia, New Zealand, or whatever country that pay exorbitant prices for limited bandwidth. Read some posts from the launch day of Supreme Commander 2 - a SteamWorks title - where a day 1 patch did two things:
1) Prompted the download of most of the game files - even for those that pre-loaded prior to launch, and
2) Absolutely - with no work-around - prevented *anyone* from playing the game whether they were in offline mode or not, whether they bought the DVD from a store or not. The DVD was quite literally a frisbee.

This topic is from the 2010 UI Beta forum, but people are *still* posting their issues with having to redownload entire games.
http://forums.steampowered.com/forums/showthread.php?t=1157669

Finally, my own experience about offline mode, taken from another topic. updated to be in context with this thread, and reposted here:
I have more than 65 game library entries in Steam now, including the 4 extra links for the Civ IV complete that don't actually work.

I like Steam. But we're only getting half the story wrt "Offline Mode", so I'll add a couple of points.

About Offline Mode

Steam Client Offline Mode isn't. You must be online to go offline. I feel that people that jump to point to offline mode as some brand of magic sauce haven't actually used it. Each month (literally) offline mode fails for some reason or other. Sometimes the offline mode bug is specific to one game, sometimes the problem is systemic, affecting everything in your games library. Here are some recent examples from Steam Client patch notes where offline mode will either fail or create new/different problems effectively preventing use of a game:




Jan 18: Fixed cloud games attempting to sync when the client is in offline mode
Feb 23: Fixed offline mode not working
Mar 2: Really fixed offline mode not always working :lol:
Apr 29: Fix reconnect attempts while Friends/VAC is offline causing stuttering in the client and potentially in Steamworks games

I can't wait to see what's brewing for May.

Once a month, consistently, there is at least one game you can't play when offline. But, "hey," you say, "what are the odds of that game and downtime applying to you personally?" My answer to that is "Pretty damned high".

You don't know this unless you actually use offline mode, but innocuous-sounding issues like "Fixed cloud games attempting to sync when the client is in offline mode" really translate to "game crashes to desktop when attempting to sync because the error handling sucks and we need to patch in a fix to the Steam client, which you will need to go online to obtain so you can go offline again".

This month's (May) offline mode issue is being argued about in the current steam beta topic.

I have a sizeable investment already in Steam games - and it continues to grow. But offline mode has always been a technical problem for at least some subset of Valve's 25+ million active subscribers. I use offline mode typically one weekend a month and 2 weeks over the summer. It doesn't always work and if you're in my situation you can't just plug into the 'net when you're away. The point of this post is to raise awareness - and to politely ask people that don't use offline mode to stop regurgitating it as a solution to the several different types of concerns relating to online connectivity.
 
ok just to check the argument that it just checks for internet connection and doesn't actually connect I fired up Windows Network Manager and allowed steam to use the internet in offline mode. Within the first minute it connected to 2 separate Servers and uploaded 14 packages while downloading 10 packages. Each of them quite small - but still not whats advertised. And certainly more than just pinging the servers.
 
How big was the total amount?
Which servers?

2. To be used for security breach attacker would need to take total control over Steams master servers which is about as likely as taking over control of Microsoft master activation server (and from my experience working in IT i know how well protected such servers are - without very very good knowlage of systems, databases, encryption etc. which those master servers use attacker would need some time to be in control of those servers to start such attack). This is not some server hosting high school email system with protection software bought for 20€.

Sure, they are not amateurs.
But well, it's a bit more than a month ago, when one of the main servers of the apache foundation got hacked (here).
And their level of professionalism is sure not less.
Hacking a main server is possible.
 
I took 2k word for it, and that offline mode meant offline... this looks bad for 2k and Firaxis, because they either do not know that this is the case, or they are frosting the truth. Out of these 2 'what-if's', I certainly hope it is that they just do not know (or didn't do their homework on what they were integrating into their game).

But being a bunch of programmers, we know that not to be true, which in case 2k is just spinning words.

It is reasons like this that I don't cheer for DRM's I don't have a problem with (like Impulse), and stay skeptical even of them.
 
How big was the total amount?
Which servers?

minor, total maybe a kb upstream and half a kb downstream in a minute (not counting that the game itself wanted to call home, which I didn't allow, since I assume that behavior is actually dependent on the publisher). The servers are two servers from an IP range owned by a company called Limelight which apparently services part of the Steam servers.

Bottom line for me is that there is data exchange in offline mode.
 
minor, total maybe a kb upstream and half a kb downstream in a minute (not counting that the game itself wanted to call home, which I didn't allow, since I assume that behavior is actually dependent on the publisher). The servers are two servers from an IP range owned by a company called Limelight which apparently services part of the Steam servers.

Bottom line for me is that there is data exchange in offline mode.

Sounds relatively innocuous to me.
 
Of course a KB from Valve is possibly harmless, as Ori has already mentioned numerous times (which you seem to intentionally ignore), the issue is that they are not forthcoming in their statements with the reality of what Steam does.

"Lying" may be going a bit too far. But "Untruth" hits the mark on the head from 2K Liz's statements.

Do you understand the difference now in which the conservation is based on?
 
Yes, checking for updates is a violation of rights.

If it's connecting to the internet even though I specifically have it set so that it's not supposed to, then yes it is a clear violation of my right to choose. What it's checking for is completely irrelevant.
 
More importantly, it is not even necessary to do so to exploit Steam Client related vulnerabilities.

Yes, to exploit the vulnerabilities sitting in front of the monitor is way easier :/.

tl;dr, anyone who doesn't trust steam is paranoid

Anyone who trust's steam is throwing his data into the mouth of Big Brother :).

minor, total maybe a kb upstream and half a kb downstream in a minute (not counting that the game itself wanted to call home, which I didn't allow, since I assume that behavior is actually dependent on the publisher). The servers are two servers from an IP range owned by a company called Limelight which apparently services part of the Steam servers.

Dathknight has observed this behaviour also here, but there has been two things more, one connection to a server of the hungarian telecom (er...well...no idea) and to a Valve server itself.

At limelight, i've looked at the site of the company, which is a content delivery service.
I guess nobody can find something reasonable, why in offline mod content (like patches, or so) should be delievered.

Bottom line for me is that there is data exchange in offline mode.

Come on, you can ignore it! Just trust Valve! You're paranoid! They are not really doing it! And if, then it's harmless! Believe it! They are cute!
 
Yes, to exploit the vulnerabilities sitting in front of the monitor is way easier

3 of the 4 examples given were technical exploits, not social engineering scams.

But if you remove Steam or SteamWorks from the scenario, you remove the technical exploits as well as the human engineering exploits enabled by Steam Client and SteamWorks.
 
I was considering to sandbox steam, as it doesn't bother me what it spies out in a virtual machine and I can reliably restrain it from breaking out. But then I heard it is reported to not always work in sandboxes. Does anyone have practical experience with that?
 
Anyone who trust's steam is throwing his data into the mouth of Big Brother :).

Big Brother is watching you through a kb up and half a kb down.

Genocide, drug dealing, murder, military battles, human rights violations and now nightmare dystopias. Why don't you just take your comparisons about this itunes for games straight to Hitler?
 
Top Bottom