Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

Name2Key Database

Ulrika Zugzwang
Magnanimous in Victory
Join date: 10 Jun 2004
Posts: 6,382
05-10-2005 00:01
I missed most of the heated debate concerning the public release of the name2key database, as I've been busy working on my other project. I wanted a chance to state why I chose to create this database, the steps I've taken to keep both sides of the debate happy, and to restart the discussion, since the original thread was locked.

Thanks to several anonymous contributors, the database has 13,754 cross-correlated key-name pairs. For those who also have key-name pairs, send them my way and I'll add them to the database for you anonymously.

I created this database for several reasons:
  1. Primarily, I feel that web-based SL retailers both large and small should have equal access to a public resource such as the name2key database. Without access to such a database (or preferably an LSL function) new-start SL web retailers are at a disadvantage, when competing with older more established web retailers.
  2. Eliminating the black market for name2key databases is a good thing. By legitimizing the database, we upgrade the method of collection from spying to donating.
  3. A legitimate database can provide a verifiable opt-out service. There are already half a dozen individuals, whose keys are set to "00000000-0000-0000-0000-000000000000" in the database.
  4. This process will lay the groundwork for a real llName2Key function. We'll shortly see, if the flood of predicted spam is real, if small web-based SL retailers benefit, and if the opt-out list will satisfy the critics. If so, we're on our way to an llName2Key function.

What do you think?

~Ulrika~
_____________________
Chik-chik-chika-ahh
Rathe Underthorn
Registered User
Join date: 14 May 2003
Posts: 383
05-10-2005 00:35
:rolleyes:
Kris Ritter
paradoxical embolism
Join date: 31 Oct 2003
Posts: 6,627
05-10-2005 00:40
:eek: :eek: :eek:

Get me off that key list! ruthless scammers might know I'm a resident of Second Life or something! :mad: :mad: :mad:

You are evil and you won't get away with your nefarious plans!




But seriously, I really don't care about Name2Key databases or people having my key, but I do think you're trying to stretch your reasoning a bit thin. Just do it and admit you're doing it. Stop trying to justify it with a bunch of crass excuses.

You might be eliminating a 'black market' - ie the potential for someone to sell on a list of keys (which I have seen no evidence of anyway. I have seen people charge for using a complete end to end Name2Key service on their own equipment, but thats another matter entirely), but you're creating a method by which the list is out there in the public domain for ever and busting the potential for scammers wide open, making it easier than ever before for someone who would misuse the information to have it in the first place to abuse.

You don't appear to be fussy about verifying your sources or how they came about them, and you're obviously happy for anonymous donors to pass on other people's keys without their consent, so I don't see how it moves anything beyond spying or legitimises the list in any way. A 'legitimate' list would credit the sources and how they got them, not invite anonymous donors to give away other peoples keys.

Nor is it in any way going to pave the way for a llName2Key function. How the hell is a big list of keys going to get us anywhere near a new LSL function? If it comes, I'm 100% sure it will have bugger all to do with you and this list. Mainly because there are already much more complete lists available and in regular use. But like the prim copier issues, your average joe doesn't know until someone stands up and screams about it.

Like I said, I couldn't give a shit. But don't dress it up fancy like you're doing everyone a big favor. Because you're really not.
Huns Valen
Don't PM me here.
Join date: 3 May 2003
Posts: 2,749
05-10-2005 04:32
I support the idea but there was talk in the other thread of people poisoning it with false keys.
FlipperPA Peregrine
Magically Delicious!
Join date: 14 Nov 2003
Posts: 3,703
05-10-2005 04:42
It'll be easy enough to build exception reports when duplicates come in to find mismatches, would be my guess... but a very good point, Huns.

If this paranoia runs the gamut to force sabotage, then the saboteurs will become much worse Internet bandits than any spammer I've ever run into. I hate spam, but its an annoying... intentionally corrupting data in a database is malicious hacking, something I find to be much more than an annoyance.

Regards,

-Flip
_____________________
Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Kris Ritter
paradoxical embolism
Join date: 31 Oct 2003
Posts: 6,627
05-10-2005 04:46
From: FlipperPA Peregrine
If this paranoia runs the gamut to force sabotage, then the saboteurs will become much worse Internet bandits than any spammer I've ever run into. I hate spam, but its an annoying... intentionally corrupting data in a database is malicious hacking, something I find to be much more than an annoyance.


...and another good argument for using a verified, reliable, uncontaminated, closed source instead. Like, say, Rathe's service :p

Oh wait. Right. We're doing this in protest at Rathe's service. I remember now. :rolleyes:
FlipperPA Peregrine
Magically Delicious!
Join date: 14 Nov 2003
Posts: 3,703
05-10-2005 05:07
Or I could just give you a dump of the ones I have and then I could... Give. Kris. All. My. Money. :-)
_____________________
Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Tcoz Bach
Tyrell Victim
Join date: 10 Dec 2002
Posts: 973
05-10-2005 05:33
The opt out service in no way is satisfactory. From what you indicate, a search for a given name will still produce the name, and a key of all 0's.

No presence in the database at all, of any kind, is what I demand of spam list builders such as yourself. This is no better than the principle of Gator or any other adware that forces you to "opt out". It forces itself on you against your wishes, and getting out of it is a nightmare.

"Opt out" services are well documented as often simply being validation or "list switch" warnings to the creator of these disgusting and invasive tools. Such FORCED visits also feed your hits. Even if it's one hit, you are forcing people to benefit you. Your "word" that this isn't the case holds no weight at all.

I am exploring every possible avenue to protest this, both within and outside of SL. I await LL's decision. If they permit it, I intend to recommend to several people that I have referred to SL that they cancel their accounts (and they will if I ask them to), and I myself will scale back to my "free forever" status. This will allow me to continue my objections in game without having to invest in a company that supports such dishonorable practices.

I will also make it as widely known by publishing on my website, and sending off to as many gaming sites and review magazines as I can find, that LL enables this by permitting users to collect information from their software binaries and files and publishing it to the world. After all, if they permit it, it's true.

A spammer can get a bullshit credit card (Capitol One will give you one pretty much just for signing a piece of paper), set up a 9.99 account, and spam every user in that list. With some care it will be very difficult to actually tie it to a user. The BS account will be banned, along with the credit card and IP of undoubtedly some Internet cafe somewhere.

You're not doing anybody any favors. You are entirely serving your own interests. All this "new vendor" garbage is just a weak and obvious attempt to build support. I also find it difficult to believe that new vendors only have this as an option. Vendors never had it before, they will continue to succeed without it.

The info was obtained within SL, it is the only place it can be obtained, that is where it was created, that is where it exists, that is where it should remain. Anything else compromises my sense of security within the environment.

If I, or anybody I know, reports one unsolicited marketing-based tell or message of any kind, we will do everything we can to bring this to as much light as possible.

In case I haven't made it clear, I completely oppose this practice. I do not pay LL to even allow the possibility of this. If they do, you will still have to hear it even though I own land and don't pay LL a dime.
_____________________
** ...you want to do WHAT with that cube? **
Kris Ritter
paradoxical embolism
Join date: 31 Oct 2003
Posts: 6,627
05-10-2005 05:41
From: FlipperPA Peregrine
Or I could just give you a dump of the ones I have


Nah. I already have in excess of 40,000 keys. I just don't shout about it :)
FlipperPA Peregrine
Magically Delicious!
Join date: 14 Nov 2003
Posts: 3,703
05-10-2005 06:23
From: Tcoz Bach
The opt out service in no way is satisfactory. From what you indicate, a search for a given name will still produce the name, and a key of all 0's.

No presence in the database at all, of any kind, is what I demand of spam list builders such as yourself. This is no better than the principle of Gator or any other adware that forces you to "opt out". It forces itself on you against your wishes, and getting out of it is a nightmare.


Demand all you wish. I don't see where a ToS violation is happening here. Its simply collecting publically available information. These are merely hashed equivalent of a primary key in a database. Are you familiar with how primary keys work? Got any database background? I don't mean that to sound demeaning, just an honest question. Most people don't know what a primary key is, and that's fine.

From: Tcoz Bach
I am exploring every possible avenue to protest this, both within and outside of SL. I await LL's decision. If they permit it, I intend to recommend to several people that I have referred to SL that they cancel their accounts (and they will if I ask them to), and I myself will scale back to my "free forever" status. This will allow me to continue my objections in game without having to invest in a company that supports such dishonorable practices.


I would recommend hanging out in the Welcome Area with signs. This always seems to do a lot of good. Trying to get people to scale back when 85% is on "free forever" status seems a bit futile, to be honest.

From: Tcoz Bach
I will also make it as widely known by publishing on my website, and sending off to as many gaming sites and review magazines as I can find, that LL enables this by permitting users to collect information from their software binaries and files and publishing it to the world. After all, if they permit it, it's true.

A spammer can get a bullshit credit card (Capitol One will give you one pretty much just for signing a piece of paper), set up a 9.99 account, and spam every user in that list. With some care it will be very difficult to actually tie it to a user. The BS account will be banned, along with the credit card and IP of undoubtedly some Internet cafe somewhere.


Your level of hysteria when a single spam incident hasn't happened amazes me. You also failed to respond to my case study; when I had a script handing out a new feature (the SLBoutique wallet) to all 400 or so users as well as a notecard (800+ total items sent) through a script, I was IM'd by a Linden before it had even completed! This seems like more than enough monitoring for my tastes, and I'm about as anti-spam as you can get. What say you?

Regards,

-Flip
_____________________
Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Newfie Pendragon
Crusty and proud of it
Join date: 19 Dec 2003
Posts: 1,025
05-10-2005 07:04
From: Ulrika Zugzwang
  • A legitimate database can provide a verifiable opt-out service.


  • There's no such thing as a legitimate opt-out service. The only service that is considered even slightly ethical is opt-in. Here is a link to a site that describes the fallacy of opt-out. Admittedly, it is written from the context of email spam, but I doubt anyone has written anything about virtual world IM spam. The logic still applies just as readily. (Edit: Second link, directly comparing opt-in and opt-out)


    Personally, I am waiting for the Lindens to make a decision on this one. While dissemination of UUID information in-world is essential, uncontrolled public-to-the-world sites like this go far beyond the scope of how public these id's should be. Hopefully the Lindens will eventually make a decision to control where and how these UUID's can be used.

    In the meantime Ulrika, take my ID off your list.



    - Newfie Pendragon
    _____________________
    Zapoteth Zaius
    Is back
    Join date: 14 Feb 2004
    Posts: 5,634
    05-10-2005 07:13
    I wonder if someone can educate me..

    I don't see the big deal about being able to get hold of keys, but people wanting to opt out should be able to.. Altho I'm no completely sure what there worried about.

    All I can see people would be able to do is repeatedly IM you with spam, which they can do now, although with less ease, and if its reported supposedly it should be cleaned up quickly..

    Has anyone actually recieved any spam from someone having their key?

    Zap
    _____________________
    I have the right to remain silent. Anything I say will be misquoted and used against me.
    ---------------
    Zapoteth Designs, Temotu (100,50)
    ---------------
    Kris Ritter
    paradoxical embolism
    Join date: 31 Oct 2003
    Posts: 6,627
    05-10-2005 07:21
    From: Zapoteth Zaius
    Has anyone actually recieved any spam from someone having their key?


    No. But that was before the defenders of the faith decided to make the lists totally public. It's akin to saying 'well, a few spammers have this comprehensive mailing list, which gives them an advantage over other spammers, so if we give it to EVERYONE...'.

    I assure you that NOW someone will use it to the detriment of the people on it. And with a bit of luck, they'll get a ban, and everyone will know where they stand.

    Then there are those of us who have always had this information and have always treated it with the respect it deserves, as opposed to those who just acquired it with the intention of offering it up for any idiot to abuse.

    There is a lot of difference between creating a tool or end to end service, such as Rathe, Jsecure and others have done, and throwing an unsolicited list of keys out into the public domain. It just seems some people dont realise that.
    Merwan Marker
    Booring...
    Join date: 28 Jan 2004
    Posts: 4,706
    05-10-2005 07:25
    From: FlipperPA Peregrine
    Or I could just give you a dump of the ones I have and then I could... Give. Kris. All. My. Money. :-)

    Wait, I thought you were giving me all your money?

    :confused: :eek: :confused: :eek:
    _____________________
    Don't Worry, Be Happy - Meher Baba
    Kris Ritter
    paradoxical embolism
    Join date: 31 Oct 2003
    Posts: 6,627
    05-10-2005 07:26
    From: Merwan Marker
    Wait, I thought you were giving me all your money?

    :confused: :eek: :confused: :eek:


    Shaddap. You're my alt anyway. It'll all get to the same place in the end.
    Noel Marlowe
    Victim of Occam's Razor
    Join date: 18 Apr 2005
    Posts: 275
    05-10-2005 07:28
    If I copied my key over every other person's key in database, would I get all the monies?
    Kris Ritter
    paradoxical embolism
    Join date: 31 Oct 2003
    Posts: 6,627
    05-10-2005 07:30
    From: Noel Marlowe
    If I copied my key over every other person's key in database, would I get all the monies?


    LOL! you could try. But you'd prolly also get 13000+ spams to come to Club Laggy Lags Hot Momma Hoochie Bling Competition :p
    Beau Perkins
    Second Life Resident.
    Join date: 25 Dec 2003
    Posts: 1,061
    05-10-2005 07:36
    Ulrika, I have no solid opinion on the list itself, but I had a hard time finding your name on it. Is your own on there?
    _____________________
    Tcoz Bach
    Tyrell Victim
    Join date: 10 Dec 2002
    Posts: 973
    05-10-2005 07:53
    There apparently needs to be clarification around the abuse of the word "public" here.

    SL is privately owned by LL. We are private individuals that subscribe to this privately owned service. The information within it is owned by LL.

    "Public" is a term of convenience used by LL to mean, "it is readily available WITHIN the SL world".

    It does not mean that you can go to the local town hall in your county and obtain the info. It does not mean that you have the right to move the info from within this closed, privately owned community, and display anywhere you wish, for anybody to use or abuse, in any environment.

    I pay LL to house that info. Not you. And I expect LL to respect my desire for security in the broadest sense and refuse to allow this information to even possibly be abused in this fashion. I expect them to take preventative measures immediately, not by reacting to individual cases which will just be worked around and reborn in infinite new ways, as spammers have proved can and will be done over and over again.

    If it starts, it will never end. It will be impossible for LL to stop.

    SL is not a public environment. It is a private and closed community. That is where the info is created, stored, owned, and shared. NOT on the public, non-SL related, internet.

    And as has been stated here, opt-out is often just as big a scam as the list itself. What right do you have to opt me in against my wishes in the first place? It is a disgrace.

    This is not about the fear of receiving a spam mail. It is about setting a precedent that this sort of thing is entirely unacceptable and LL will not enable the possibility of it in any way. LL has the opportunity to say, "the security of our residents is paramount, in all forms. No information owned by LL and generated by our privately owned community may be compiled and marketed in any way outside of the SL environment.", and not just pay it lipservice by saying, "we will aggressively pursue spammers". Hotmail says the same thing. Spammers laugh because it is futile. And no, there is no RL info related to a hotmail address unless you put it there. But the practice is still disgusting and illegal. And by publishing my key, you have effectively published, for all the world outside of the privately owned LL community to see, my SL email address.

    And the people who I have referred to SL will indeed quit, since it will either be that, or they will suddenly no longer receive contract work from me. That is my perogative. We will explore other environments and technologies where we in no way have to worry about this sort of thing. I am that vehement about this.

    Why can't you just create a list for people that WANT to be on it, to submit their own info?

    Because it wouldn't gather a significant number of resident's info. It would fail. And you know that, as all such list generators do. Which is why you refuse to do the right thing. So the only alternative to get what you want is this bottomfeeding, invasive abuse of your status as a resident of SL.
    _____________________
    ** ...you want to do WHAT with that cube? **
    Merwan Marker
    Booring...
    Join date: 28 Jan 2004
    Posts: 4,706
    05-10-2005 07:55
    From: Beau Perkins
    Ulrika, I have no solid opinion on the list itself, but I had a hard time finding your name on it. Is your own on there?

    I noticed that a few days ago also Beau.
    I also asked to be removed, but in fainess to Ulrika, I may have asked in the wrong area of her web page.
    Ulrika, please post instructions here how to message you to be removed from your list.
    Thanks.

    :cool:
    _____________________
    Don't Worry, Be Happy - Meher Baba
    FlipperPA Peregrine
    Magically Delicious!
    Join date: 14 Nov 2003
    Posts: 3,703
    05-10-2005 07:59
    From: someone

    You also failed to respond to my case study; when I had a script handing out a new feature (the SLBoutique wallet) to all 400 or so users as well as a notecard (800+ total items sent) through a script, I was IM'd by a Linden before it had even completed! This seems like more than enough monitoring for my tastes, and I'm about as anti-spam as you can get. What say you?


    Still waiting for your two cents, amig0!

    And to clarify... this was an item/notecard with instructions sent to the approximately 400 people who had signed up for accounts with our service when the new feature was introduced.

    Regards,

    -Flip
    _____________________
    Peregrine Salon: www.PeregrineSalon.com - my consulting company
    Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
    Kris Ritter
    paradoxical embolism
    Join date: 31 Oct 2003
    Posts: 6,627
    05-10-2005 08:01
    From: FlipperPA Peregrine
    And to clarify... this was an item/notecard with instructions sent to the approximately 400 people who had signed up for accounts with our service when the new feature was introduced.


    Flip, that doesnt mean a damned thing. We've had threads from people on here this last week from people complaining about receiving information from a service they actively chose to sign up for. :p

    *stabs Flipper with a pitchfork*
    Tcoz Bach
    Tyrell Victim
    Join date: 10 Dec 2002
    Posts: 973
    05-10-2005 08:08
    The difference is, if you are being honest, that THEY SIGNED UP FOR IT. It was not forced on them.

    If 400 people did indeed sign up for it, then I don't even see why LL would have a problem with it. Well then again, they have no way of knowing those people actually did sign up for it, short of contacting all 400 people.

    So I can see why they took issue, and shut you down...amigo. Because they have no way of knowing that everybody was a willing participant.

    Using that list, you can get a great deal of people's RL info, whether or not you are a member of SL. I looked up a whole bunch of you. So, this list has given me the means to identify a number of you without having to log in or speak to anybody in SL at all. I could ask anybody at all to do it. Whether or not it can be done elsewhere or by other means is irrelevant. The fact is, this contributes to the problem, and if LL forbid this practice, it wouldn't even be possible unless somebody openly broke the rules, in which case, you could be minimally banned, and in extremes, prosecuted. As you should be.
    _____________________
    ** ...you want to do WHAT with that cube? **
    David Valentino
    Nicely Wicked
    Join date: 1 Jan 2004
    Posts: 2,941
    05-10-2005 08:19
    Remove me from all lists in exsistance! I wish to become invisible to everyone, including all govermental bodies and financial organizations.

    Only then will I be free to put my plans for wolrd domination into motion...
    _____________________
    David Lamoreaux

    Owner - Perilous Pleasures and Extreme Erotica Gallery
    Ulrika Zugzwang
    Magnanimous in Victory
    Join date: 10 Jun 2004
    Posts: 6,382
    05-10-2005 09:50
    From: Beau Perkins
    Ulrika, I have no solid opinion on the list itself, but I had a hard time finding your name on it. Is your own on there?
    Why yes it is. You just have to search for "Ulrika".

    I wanted to follow up on a few questions:

    Validation
    All the keys in the database are statistically validated through cross-correlation methods. Because I have a vendor system, I was able to create an initial trusted database of a few thousand keys. As "name.cache" files came in, I used a cross-correlation technique (checking between files) to assign a confidence level to each file and each entry in a given file. In the end, it was very easy to toss out the bogus entries. Currently, every single file of the 50 or so submitted correlates with every other file with no inconsistencies.

    What's good about cross-correlation is that it provides a quick way to statistically validate high-frequency keys, which are likely to be the most useful. That is, high-frequency keys, which are of more use to an online retailer, are better validated than low-frequency keys, which are of less use to an online retailer.

    The final step would be to do a true validation, using llKey2Name to lookup every entry in SL. I'll leave that as an exercise to someone with a little more time than myself.

    Opt Out
    This system provides a method of opting out. A name is still entered into the database but with the true key string replaced by zeros. It is important to include the name, as it serves to let those who also collect keys know, that that person is not missing from the database rather they don't want to be in the database.

    Motivation
    I've been wanting to create this database since the great SLEX boycott of '05. I'm an advocate of ethical business practices and feel strongly that a company should not profit based solely on the control of an infrastructure. The release of these keys is my way facilitating the entry of other business into the market. From my first post:
    1. Primarily, I feel that web-based SL retailers both large and small should have equal access to a public resource such as the name2key database. Without access to such a database (or preferably an LSL function) new-start SL web retailers are at a disadvantage, when competing with older more established web retailers.
    2. Eliminating the black market for name2key databases is a good thing. By legitimizing the database, we upgrade the method of collection from spying to donating.
    3. A legitimate database can provide a verifiable opt-out service. There are already half a dozen individuals, whose keys are set to "00000000-0000-0000-0000-000000000000" in the database.
    4. This process will lay the groundwork for a real llName2Key function. We'll shortly see, if the flood of predicted spam is real, if small web-based SL retailers benefit, and if the opt-out list will satisfy the critics. If so, we're on our way to an llName2Key function.


    ~Ulrika~
    _____________________
    Chik-chik-chika-ahh
    1 2 3 4 5 6 7