tl;dr: Offline Mode shouldn't be taken literally. It has problems. You will need to connect to Steam periodically. You will not be installing this game, turning on Offline Mode and never connecting again until patch day.
(HW data are collected/sent only if you agree to it).
I believe that policy
only applies to the public version of the Steam Monthly Hardware. I suppose we can ask 2K what data their non-public reports contain. But when you install Steam, you agree to their data collection policy - which is not the same as the opt-in Hardware Survey.
http://www.valvesoftware.com/privacy.html
By using Valve's online sites and products, users agree that Valve may collect aggregate information, individual information, and personally identifiable information, as defined below. Valve may share aggregate information and individual information with other parties. Valve shall not share personally identifiable information with other parties, except as described in the policy below.
2. To be used for security breach attacker would need to take total control over Steams master servers
"Steam" isn't just a DRM system. It is also a storefront and in-game community client, using a web interface, which has its own inherent and discrete vulnerabilities.
http://seclists.org/fulldisclosure/2009/May/165
Hacker site database, documenting an exploit/attack vector:
http://www.milw0rm.com/exploits/9386
Among other things, this underscores that Steam runs a local admin level service, as a matter of convenience. Without that service you'd be prompted with UAC dialogs frequently - but with the service, the user really does have control about what the client is doing - or what some 3rd party malware written to attack the client is doing.
Another browser tech vulnerability for Steam client (2008, Internet Explorer) courtesy of McAfee:
http://vil.nai.com/vil/content/v_147315.htm
So, these were first hits on googling "steam vulnerability". We have a McAfee report, a hacker site db entry, and browser vulnerability. You can google yourself for more examples, including this one - which has pictures:
http://www.sophos.com/blogs/sophoslabs/?m=200902
Please don't guess about stuff like this. It isn't just your own computer that is affected and you are being irresponsible by trying to allay concerns - when people should be concerned. Everyone should be aware of risks, and stop assuming Valve is protecting you - they won't fix your PC or cover loss of data if an exploit comes in through a Steam related vector. Put another way, without Steam, you have fewer vectors of attack. With Steam, you have more points of failure in your own PC/LAN security. Do you use firefox, block cookies and run adblock or noscript to protect against java, JS, or Adobe exploits? I do. But even now with the webkit based client, I cannot block cookies, scripts, or flash. Their client is a complete black box, and I'm at their mercy to protect my computer. And they do about as a good job of it as Microsoft (IE) and Adobe (Flash). Which isn't all that great. Moving to a webkit-based client just gives us another relative unknown.
Most people have either no data limits or at least reasonable limits
You and I do not have limits. Maybe most people do not have limits. You can read on any given day of the year on Steam forums from someone in Australia, New Zealand, or whatever country that pay exorbitant prices for limited bandwidth. Read some posts from the launch day of Supreme Commander 2 - a SteamWorks title - where a day 1 patch did two things:
1) Prompted the download of most of the game files - even for those that pre-loaded prior to launch, and
2) Absolutely - with no work-around - prevented *anyone* from playing the game whether they were in offline mode or not,
whether they bought the DVD from a store or not. The DVD was quite literally a frisbee.
This topic is from the 2010 UI Beta forum, but people are *still* posting their issues with having to redownload entire games.
http://forums.steampowered.com/forums/showthread.php?t=1157669
Finally, my own experience about offline mode, taken from another topic. updated to be in context with this thread, and reposted here:
I have more than 65 game library entries in Steam now, including the 4 extra links for the Civ IV complete that don't actually work.
I like Steam. But we're only getting half the story wrt "Offline Mode", so I'll add a couple of points.
About Offline Mode
Steam Client Offline Mode isn't. You must be online to go offline. I feel that people that jump to point to offline mode as some brand of magic sauce haven't actually used it. Each month (literally) offline mode fails for some reason or other. Sometimes the offline mode bug is specific to one game, sometimes the problem is systemic, affecting everything in your games library. Here are some recent examples from Steam Client patch notes where offline mode will either fail or create new/different problems effectively preventing use of a game:
Jan 18: Fixed cloud games attempting to sync when the client is in offline mode
Feb 23: Fixed offline mode not working
Mar 2: Really fixed offline mode not always working
Apr 29: Fix reconnect attempts while Friends/VAC is offline causing stuttering in the client and potentially in Steamworks games
I can't wait to see what's brewing for May.
Once a month, consistently, there is at least one game you can't play when offline. But, "hey," you say, "what are the odds of that game and downtime applying to you personally?" My answer to that is "Pretty damned high".
You don't know this unless
you actually use offline mode, but innocuous-sounding issues like "Fixed cloud games attempting to sync when the client is in offline mode" really translate to "game crashes to desktop when attempting to sync because the error handling sucks and we need to patch in a fix to the Steam client, which you will need to go online to obtain so you can go offline again".
This month's (May) offline mode issue is being argued about in the current steam beta topic.
I have a sizeable investment already in Steam games - and it continues to grow. But offline mode has always been a technical problem for at least some subset of Valve's 25+ million active subscribers. I use offline mode typically one weekend a month and 2 weeks over the summer. It doesn't always work and if you're in my situation you can't just plug into the 'net when you're away. The point of this post is to raise awareness - and to politely ask people that don't use offline mode to stop regurgitating it as a solution to the several different types of concerns relating to online connectivity.