A Reddit thread raising concerns over how Valve's anti-cheat system (or VAC) works caught the eye of Valve CEO Gabe Newell, who took the unusual step of posting a detailed response explaining how it all works and why Valve's system must access data sometimes to identify and ban suspected cheaters. Newell addressed head-on concerns in the Counter-Strike: Global Offensive sub-Reddit that Valve was spying on players' internet usage.
First he explains that cheat makers (aimbots and all hacks) use a form of DRM in order to get users to pay for using their programs. Before a user can start using the software it has to connect to a DRM server to validate that the user has paid. This, Newell explains, is what they are looking for when using VAC.
"Trust is a critical part of a multiplayer game community - trust in the developer, trust in the system, and trust in the other players," writes Newell. "Cheats are a negative sum game, where a minority benefits less than the majority is harmed. There are a bunch of different ways to attack a trust-based system including writing a bunch of code (hacks), or through social engineering (for example convincing people that the system isn't as trustworthy as they thought it was)."
Newell goes on to explain that VAC first checks for the presence of various cheats. If it finds some indication, it is only then that it checks the user's DNS cache to see if it connected to a cheat DRM server. He closes by saying that Valve does not get sent any user internet history, it does not care what porn sites players visited, and it is not using its power to begin some sort of evil campaign against players.
For a more detailed and thorough explanation of the entire process, check out the Reddit thread. Interestingly enough, Newell says that cheat makers have already abandoned this method of validating the purchase of their software.