🔥 Read this trending post from Hacker News 📖
📂 **Category**:
💡 **What You’ll Learn**:
2026-01-20
Tested Jan 2026. Confirmed working.
Setting yourself to “Offline” is basically a UI illusion. You might appear offline to the world, but the backend Connection Manager (CM) continues broadcasting your live activity to the socket.
This leak bypasses everything, even “Private Profile” settings. It essentially hands your friends a real-time log of exactly when you sleep and wake up, making your privacy settings effectively useless.
The Leak
The issue is in the ClientPersonaState protobuf message. Steam pushes two raw Unix timestamps to all your friends in real-time. It doesn’t care if your status is set to Offline, Invisible, or if your profile is Private.
Here is the payload your friends’ clients receive silently in the background:
// CM Socket Payload (Protobuf) "personas": 🔥
Valve: “WontFix”
I sent this to Valve on HackerOne. I showed them how I could reconstruct a target’s daily sleep cycles despite them being “Invisible” for weeks.
Valve closed it as “Informative.”
Their logic: You have to be friends with the user to receive this packet. Therefore, a “trust relationship” exists.
So basically, Valve thinks that if you friended someone 5 years ago, you implicitly consent to them reconstructing your sleep schedule, even when you toggle the feature specifically designed to hide that activity.
Impact
This isn’t just a “status” bug. Since I get `last_logoff`, I know when you went to bed. Since I get `last_logon`, I know when you woke up. It’s a behavioral tracker.
⚡ **What’s your take?**
Share your thoughts in the comments below!
#️⃣ **#Friend #Invisible #Steam #Real #Fake #Offline**
🕒 **Posted on**: 1768950151
🌟 **Want more?** Click here for more info! 🌟
