Is hour boosting safe? The honest answer.
Short version: no VAC ban has ever been documented for hour idling, the practice is over a decade old, and the technical design of Valve's anti-cheat makes idling invisible to it. Long version below - including the parts other services don't tell you.
Why VAC can't ban you for idling
VAC (Valve Anti-Cheat) works by scanning the memory and modules of a running, VAC-secured game process for known cheat signatures. An hour idler never launches the game. There is no process, no injected code, no modified files - nothing exists for VAC to scan. What idling actually does is speak Steam's own network protocol to report "this account is in game 730" - which is precisely what the official Steam client says when you sit in a menu. From Valve's infrastructure perspective, an idling account is indistinguishable from a player who left the game open on the main menu overnight.
The same logic applies to Easy Anti-Cheat, BattlEye, and kernel-level systems: they all police the machine running the game. In idling, no machine runs the game.
A decade of precedent
Idling is not new or fringe. Team Fortress 2 players idled for item drops as far back as 2010. Open-source card-farming idlers have millions of users and public GitHub repositories. Valve has taken action against fake-game scams and market fraud - never against playtime idling itself. That's a meaningful track record, and it's the honest basis for calling this low-risk.
The gray area we won't hide
Is idling officially endorsed by Valve? No. The Steam Subscriber Agreement doesn't explicitly address it, and Valve could theoretically change stance someday. Any service claiming hour boosting is "100% allowed by Valve" is misleading you. What we can honestly say: it's a decade-old, widespread practice with zero documented account bans, it involves no cheating in any game, and we've designed the service so the blast radius of any policy change would be paused idling - not compromised accounts.
The real risk is credential handling - here's ours
- Your Steam password is never stored - it's used once, in memory, to complete Steam's login handshake, then discarded.
- The refresh token Steam issues is encrypted with AES-256-GCM under a per-user key derived from a master key that never sits next to the database.
- Steam Guard stays on. We never ask you to disable it - the opposite: we require it.
- You can revoke access instantly - unlink in the dashboard (deletes the token) or deauthorize all devices in Steam's security settings.
- We reject accounts with recent VAC bans outright - we don't want that traffic near our IP ranges, and neither do you.
What we deliberately don't do
We don't inject into games, don't automate gameplay, don't farm competitive ranks, don't resell accounts, and don't idle in ways designed to manipulate VAC-secured competitive matchmaking. Hour boosting changes one number on your profile - the one that was always going to grow if you'd left your PC on, which is exactly what we replace.
Safety FAQ
Has anyone ever been VAC banned for idling hours?
There are no documented cases of VAC bans for hour idling in over a decade of the practice - including years of Valve's own TF2 item-drop idling era. VAC bans require cheat software detected in a VAC-secured game process; idling never starts the game process.
Does idling violate the Steam Subscriber Agreement?
Hour idling sits in a gray area: the SSA prohibits things like cheating and commercial exploitation, and doesn't explicitly address playtime idling. Valve has tolerated idling tools (including open-source ones with millions of users) for many years. We're transparent about this rather than pretending it's officially endorsed - it isn't, and anyone claiming otherwise is lying to you.
Can other players or server admins tell my hours are idled?
No. Steam displays a single playtime total per game with no breakdown of how it accumulated. There is no API that distinguishes idle time from play time.
Is my Steam account itself safe with you?
We never store your password - only a refresh token encrypted with AES-256-GCM under a per-user derived key. Steam Guard remains fully active on your account. You can revoke our session at any time from Steam's own security page, instantly.
What about games with kernel anti-cheat like Ricochet or Vanguard-style systems?
Kernel anti-cheats inspect the machine running the game. During idling no machine runs the game - there's no process, no memory, no drivers to inspect. The account is simply flagged in-game at the Steam network level.
Related reading: how the service works technically, what data we store, and our terms.