If watching paint dry sounds like the kind of game that would never make it onto Steam, you’re (half) wrong.
Ruby Nealon, a UK technology security researcher, took it upon himself to prove that there was a way to bypass Valve’s verification checks and launch a game on the Steam marketplace without being approved.
According to the programmer, who has also revealed loopholes for Microsoft and other firms, it was partly meant as an April Fools Day prank – but also served to highlight issues he had reported to Valve to no avail.
Recounting his complex method for sneaking Watch Paint Dry – a self-described “sports-puzzle game that evolves around one mysterious cutscene” – through Valve’s various authorisations, which include ensuring Steam Trading Cards are included, Nealon offered some advice from his experiences.
"Something I've definitely learned from doing this is when working with user-generated content that first needs to be approved, do not have 'Review Ready' and 'Reviewed' as two states of existence for the content,” he suggested. "Or just don't allow users to set the item to 'Released'."
As for the exploit itself, Nealon pointed the finger at Valve’s Steamworks foundation.
Valve has since closed the backdoor, so don’t expect a Watch Paint Dry sequel anytime soon.