A user on Reddit has posted a decompiled module that claims Valve's anti-cheat service, VAC, is quietly going through your browser history and sending results back to its servers. Something Valve boss Gabe Newell has made a public statement to deny.
It's technical stuff, but the gist of the original claim is that VAC is monitoring your DNS cache looking for evidence of you having visited a hacking site, then sends all that data back to Valve. That means you wouldn't even need to have visited the site itself for it to find something; clicking on a hotlinked image, for example, would still set it off, resulting in the potential for people being banned who didn't actually cheat.
In a public response, also on Reddit, Newell denies the claims that VAC is sending your browsing history back to Valve, saying that it only sends back hashes of "non-web" entries that are "matches" for those on its cheat server blacklist. His full statement is itself technical - and spends a great deal of space appealing for your trust - but the tl;dr version goes like this:
1) Do we send your browsing history to Valve? No.
2) Do we care what porn sites you visit? Oh, dear god, no. My brain just melted.
3) Is Valve using its market success to go evil? I don't think so, but you have to make the call if we are trustworthy. We try really hard to earn and keep your trust.
VAC now reads all the domains you have visited and sends it back to their servers hashed [Reddit]
Valve, VAC, and trust [Reddit]