Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

Name2Key Database

FlipperPA Peregrine
Magically Delicious!
Join date: 14 Nov 2003
Posts: 3,703
05-21-2005 07:58
I'm also quite amused, because after being called in by a concerned resident, it sure looks to me like he's using the lion's share of server resources in his sim... far more than his land should allow, and creating much lag.

-Flip
_____________________
Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Tcoz Bach
Tyrell Victim
Join date: 10 Dec 2002
Posts: 973
05-21-2005 10:56
If either of these posts are about me, and they both appear to be, they are utter lies. And I'm reporting a certain resident that appears to be inclined to tell them.

Had I ever handed out a notecard with alt/liason info, I assure you I would have been banned long ago. A post with a suggestion tying an alt to a liason over a year ago was immediately removed, in spite of the fact the alt was well known to belong to the liason, and I never did anything like it again (I did not receive a warning fyi...in fact, I never, ever have, for anything). They do not tolerate this in any way.

My in world conduct is beyond reproach. I have never posted anything at all with an alt, I am not afraid to say what I mean, ever. And that's going on 3 years. How many of you can say the same? Please.

You want to see unfair share of sim resources, visit any club/porn joint. We're talking about bringing the rest of the sim completely to its knees, to the extent that you can barely move. I live in a sim that is 3/4 unpopulated, and 1/4 owned by a club. Well, guess what. 3/4 of the sim is useless when they get going, so much so that I can barely walk. What's fair about that?

None of my neighbors have ever, ever complained to me about it, other than to turn down some of the noise, which I did. Interesting that the first heavy scripter/builder to move in is the first to start complaining.

The Vorago has been running for well over a year. It was a Top Pick, one of the first, which means it was explicitly selected by LL as an example of what they like to see. It does get visitors, and they typically stay for a half hour or more, which is great dwell. It is the only long running, even moderately successful, self running PvP arena in the game. It runs flawlessly.

So take it to the Lindens. Harass me about it and get what you deserve.

Back to the point.

My avatar info is owned by LL, and paid for by me. It is created within SL, useful within SL, and that is where it should remain. Taking it outside of SL compromises my sense of security and privacy. It is a portion of my account info, and I decline to permit anybody to use it outside of SL. And I expect the company I pay for use of that information to respect that and enforce it.

Nobody has the right to use this info against my wishes, in any way, for any reason outside of SL. Particularly when it comes to publishing it on spam lists.

"Web based services, such as the shopping sites, need a way to be able to associate an account to an avatar (link) and the send items to that avatar."

That is entirely your perspective. SL does not "need" this at all. You do.

Interesting that Microsoft does not force people to join Passport with an "opt out" option. Even they know how wrong it is. And I have built enterprise Passport implementations, so I very much know what it does. The public service is exactly what is suggested here.

Web based services do not NEED it. It is good for the people that build the services. People are perfectly capable of ASKING for the service, not having it forced on them.
_____________________
** ...you want to do WHAT with that cube? **
Christopher Omega
Oxymoron
Join date: 28 Mar 2003
Posts: 1,828
05-30-2005 13:08
From: Tcoz Bach
Hell you can actually say, "MY SITE DECRYPTS SL SOFTWARE TO GET YOUR ACCOUNT NAME AND UNIQUE KEY", and LL won't do anything about it. Don't believe me? Visit bottomfeeder Ulrika's site.


I still don't understand how "decrypting" applies to extracting data from the name.cache file. name.cache is in a format that is completely human-readable:
From: someone

<key> <some number> <name>
<key> <some number> <name>

Example:
From: someone

1fe6ef27-9b60-7a97-8d0f-969424bd048f 1116106168 Nigel Linden
31d06e5b-ac26-70ff-b0ed-c319ecdf73df 1116106167 Jeff Linden

==Chris
Adam Zaius
Deus
Join date: 9 Jan 2004
Posts: 1,483
05-30-2005 13:55
<some number> is a unix timestamp.

The key has a very simple substitution encoding over the top (I wouldnt call it cryptography by any measure), which can be decoded just by looking at it.

-Adam
_____________________
Co-Founder / Lead Developer
GigasSecondServer
Ushuaia Tokugawa
Nobody of Consequence
Join date: 22 Mar 2005
Posts: 268
05-30-2005 13:56
From: Christopher Omega

I still don't understand how "decrypting" applies to extracting data from the name.cache file. name.cache is in a format that is completely human-readable


The "key" portion that appears in the name.cache file is actually ciphered, so at most his claim of decryption is somewhat valid.
Ulrika Zugzwang
Magnanimous in Victory
Join date: 10 Jun 2004
Posts: 6,382
05-30-2005 14:10
From: Ushuaia Tokugawa
The "key" portion that appears in the name.cache file is actually ciphered, so at most his claim of decryption is somewhat valid.
I agree. It is weakly encrypted and a one-line snippet of code must be used to decrypt it.

Currently, the database has grown to over 40,000 entries. I have yet to publish it, as I need to verify some of the names. Hopefully by next weekend, I'll have it all online.

~Ulrika~
_____________________
Chik-chik-chika-ahh
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
OMG, enough already!
06-07-2005 14:54
Tcoz,

E-mail spam is always a potential problem, not just in SL. If you don't want to get spammed then don't setup an e-mail account (duh!) or sent the mail to an account you don't use (double duh!) or just get the hell off SL (have a nice life! *grin*), but whatever course you choose just stop your whining for god sake, because at this point we ALL know where you stand, and frankly none of us give a crap to hear it repeated constantly.

Bottom line: the data is public and the TOS are clear, as is the company policy on the matter - deal with it and get over it. If you don't like what is on the menu then go find another restaurant.

This message isn't meant to be hateful, but trust me, you are not bringing any more value to the conversation at this point. There is no violation of your privacy or security, and if you really were concerned about it you would have closed your account by now, so all your moaning is just a boatload of bs.
cell Neutra
That's L$50k please
Join date: 26 Sep 2004
Posts: 28
06-07-2005 18:08
name2key is not necessary, especially for retailers, as they get their customers key upon purchase, and can thus send them whatever they want with the key itself. So really, what you are doing has nothing to do with names, but simply keeping a database of keys.

Stupid is as Stupid does
Jillian Callahan
Rotary-winged Neko Girl
Join date: 24 Jun 2004
Posts: 3,766
06-07-2005 20:09
From: cell Neutra
name2key is not necessary, especially for retailers, as they get their customers key upon purchase, and can thus send them whatever they want with the key itself. So really, what you are doing has nothing to do with names, but simply keeping a database of keys.

Stupid is as Stupid does

I wanna have an automted gift delivery service! I NEED NAME2KEY!!!!!! AUUUGHHH!!!!!

*ahem*

Sorry. :D
_____________________
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-08-2005 10:41
I guess I am not seeing what the big deal is.

It seems there are two main issues: The fact the data is made available, which is a decision made by the game designers, and the fact people have decided to make use of that data. Since the data is available, arguing the ethics of how it should be used seems moot, as long as the usage does not violate the TOS. The game designers have decided that building and publishing a database does not violate the TOS. Now, if you don't like that idea, then it seems you have two alternatives to effectively address the issue. One can either contact the makers of the game and request a change to the TOS or to not have the data made available, or one can leave the game. Arguing how the data "should" be used based on "personal views" of ethics seems a waste of time, as such views cannot be imposed or enforced on other people. Last time I checked, this was still a free country.

The fact that the creator of the database has offered an "opt out" option should be commended, as it is not something that is required within the TOS.
Tcoz Bach
Tyrell Victim
Join date: 10 Dec 2002
Posts: 973
06-08-2005 13:39
So from what I can see, still not one thing stated, after all this time on this topic, for creating this database other than to spam people. Nobody "needs" it, that is a just a smokescreen, employed by companies like Gator (or former gator, their practice of list building and spamming got them such a bad rep they had to change their name) to basically get something that sounds superficially like it might justify it.

Because there is no other reason to create it. At best, it was not the purpose at it's origin. Sure, if you gave even me enough time, I'd think up of something that would probably stick. It wouldn't be easy though, and I'm sure it would have nothing to do with why anybody would actually use the list. It would be total BS.

And we still do not have real policy statements regarding the use of the LL owned, but apprently freely released, information.

Or their policy on using their software to compile these lists.

Or why they do not provide a name2key service of any kind.

Or why they don't have a problem with 40k account names, which are part of both your game login and website login, being gathered in one place.

Cory, at the town hall (and he's the guy that writes the part of the game that makes this possible) states your key can be used to spam you. But don't do it. I tend to take his word on the matter over anybody's. And, it jibes with what I've tested and proven.

It's probably the only honest, straightforward answer I've heard from LL on the matter at all.

LL#1: LL will take action against spamming.

So they imply it's possible. But will fight it. That's good.

LL#2: A "temporary key" discarded after a few hours, is assigned to these communications..so your account can't be attacked.

Well, I submit several hours is enough, and the point is, if you have an account, and somebody's key, you can spam them. It is THAT simple. I have tried it, seen it work, validated that it is that simple. It is. Any contradiction is just an attempt to make you believe it's not possible.

Spam is not necessarily 40k emails at once. It can be nicely spaced, automated at random but not signficantly close, intervals. So, say I get "free gifts". That is spam. I report it. And I damn well expect the user to be suspended or banned.

What will happen to the user? On the first attempt? The second? What is the policy? If the sender says, "I sent three mails today. I could do the same exact thing in world by dragging the objects onto Avatar X's profile. So it's not spam", how do they reconcile that?

On top of that, LL says you are ALLOWED to publish the info. However, what, exactly may you not use if for? Spam? Please be more precise. What constitutes spam in SL?

Will LL ever suggest that you go to this resident's website and opt out? Or, will they be responsible for ensuring you are opted out (say you got onto the send gift system by accident somehow, like SOMEBODY SUBMITTED YOUR NAME from the name.cache file...)

Anyway, I still do not have direct answers to any of my direct questions. Nor clarifications on their positions regarding the use of the their software or in-world info externally.

If they go with this, they should state it up front. Any and all of your in-game info may be collected and distributed by anybody, for any purpose. It's the truth, and something people likely want to be aware of. Once given the info, let them decide whether or not they perceive risk, then choose to proceed, or not.

If they, or you, think it will hurt their marketing, that should be telling them, or you, something.
_____________________
** ...you want to do WHAT with that cube? **
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-08-2005 14:17
I think some people are missing the point. The key information is available only through a call to a Linden Lab function - without that function call these keys could not be collected. Therefore, it is Linden Lab who makes the keys available for people to use. How people choose to use that information is up to them, and they do not need to justify how they use it to anyone else.

Anyone with a credit card can get on SL for a nominal one-time fee and collect this information themselves, so the notion that SL is some private community is a complete misnomer. Therefore, the information you think belongs to you in fact does not belong to you at all; thus it is public information, free to collect and distribute as people see fit, as long as the TOS are not violated.

As for the game maker's lack of response, I think, Tcoz, you are in fact getting their response, which is that they don't want to play 20 questions and try to make blanket statements that may not apply in all situations. They make the information available without trying to police and micro-manage how it is used unless they feel it is clearly being abused. What constitutes abuse? Well, that is something that is hard to define, but I am sure they will warn those they feel abuse the information, and suspend or ban those who persist after ample warning. If they tried to detail every instance that is allowed or not allowed, that would certainly work against them, because someone would do something not on the list and then claim it was okay because it was not specifically called out as being a violation.

You always have the option to leave SL if the policies regarding the management of such information does not suit you. It's really that simple.
Ushuaia Tokugawa
Nobody of Consequence
Join date: 22 Mar 2005
Posts: 268
06-08-2005 16:15
While I do have some issues with the implementation of Ulrika's Name2Key database/service, I think that the issue of spam is the least of it's problems.

Obviously, it's logistically possible to IM spam through an object using llInstantMessage to a list of UUIDs.

I suppose at this point we can only assume that the Lindens will always put a swift stop to spamming no matter what scale it is on. I have faith in the Lindens and hearby give them my vote of confidence on this matter.

If you don't share my confidence in the Lindens perhaps it's time to prove them incapable of enforcing their policies? Maybe then the arguments against Ulrika's database with regards to spamming would be more powerful.
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-09-2005 10:34
I still don't see that it's an issue with the database. Anyone can create a database to spam with, and in fact they don't even need a database, because they get the UUIDs directly via Linden's fuinction call on the fly. Who cares that data that is available to all residents of SL via a simple function call is packaged in a database? The issue isn't the data being available in a database. The issue is that Linden provides a function call to get that data in the first place.
Tcoz Bach
Tyrell Victim
Join date: 10 Dec 2002
Posts: 973
06-10-2005 05:38
Mistaken.

I have said, over and over, that I am aware LL owns all the info. That's the point.

I WANT LL to say that they release the information to all users and that they are not responsible for how it is used. Exactly as you say. But they will not. Gee whiz I wonder why.

I would also like a clear statement regarding using their software files to compile and distribute information. IE, you are allowed to do it. The name.cache file IS a portion of their software. And in three years I never heard anybody say that the intended use of it is to build lists of account names and user keys. Since it's obviously allowed, what other portions of the software can I glean info from?

If they're going to allow this, they should implement master accounts. As most companies do.

LL has never, in three years, shown that they are capable of dealing effectively and permanently with a griefer, particularly ones with the resources to run several accounts (which is very common). Any statement to the contrary ignores a great deal of information.

SL IS a private community. Privately owned, available only to paying customers. You can be banned or removed for any reason at all, even no reason, and all your account holdings wiped out. You can not be banned or removed from Times Square for no reason, because it is a true public place. You have a right to be there. As has been said by many that contradict me, you have no rights in SL. Zero. There is no "public" right at all.

The fact that your info can be removed from the world, used by anybody for any reason, and LL takes no accountability for it, should be known to incoming users. It is the truth, and is honest. Informing users of this only after they have paid is just plain sneaky.

LL could very well be compelled to tell users this up front. I'm still looking into that. Whether or not you think it's risky, those lists contain 2/3 of 40k login credentials, both the for game and this website. And when you hack the website, you now have that users account info. That's right, last four credit card digits, and so on. A master account would solve this, since if you got caught publishing master account info (which would be pretty much impossible to get), you would obviously be banned. NO PORTION OF ANOTHER PERSONS ACCOUNT INFO should be obtainable in game or by manipulating the SL software files. That just makes sense. I have had this conversation with our resident security expert (I mean RL at work) and he agreed that not implementing a secure password alg (which SL has not) and making 2/3 of your account info as easy to get as opening up a text file and/or using Find in game, rates low on the "good thinking" scale. Not everybody that joins SL is password or account cred savvy, but SL, and many in these forums, seem to believe that everybody that is not is just stupid or careless.

And STILL there is no obvious need for these lists. It's all just smokescreen Gator-esque BS. People are just biding their time until they can figure out how to get around the TOS or begin the practice in such a way as to make it very difficult to "prove". And they will eventually.
_____________________
** ...you want to do WHAT with that cube? **
FlipperPA Peregrine
Magically Delicious!
Join date: 14 Nov 2003
Posts: 3,703
06-10-2005 07:37
blah blah blah sigh.
_____________________
Peregrine Salon: www.PeregrineSalon.com - my consulting company
Second Blogger: www.SecondBlogger.com - free, fully integrated Second Life blogging for all avatars!
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-10-2005 11:34
From: Tcoz Bach
Mistaken.


Oh really?? Because YOU say so?? I guess I missed the memo appointing you ultimate authority in this matter. Can you please forward that again? Thanks :)

From: Tcoz Bach
I have said, over and over, that I am aware LL owns all the info. That's the point.


Yes, we know what you have said, over and over. I might add you missed a few "over and over" instances in there. :)

From: Tcoz Bach
I WANT LL to say that they release the information to all users and that they are not responsible for how it is used. Exactly as you say. But they will not. Gee whiz I wonder why.


Um, maybe they feel they don't have to justify their actions to you - seems they didn't get the memo either that you were in charge *grin*. By the way, it's good to "WANT" things. :)

From: Tcoz Bach
I would also like a clear statement regarding using their software files to compile and distribute information. IE, you are allowed to do it. The name.cache file IS a portion of their software. And in three years I never heard anybody say that the intended use of it is to build lists of account names and user keys. Since it's obviously allowed, what other portions of the software can I glean info from?


The issue seems clear to me from a legal standpoint, whatever is not disallowed by default is allowed. So, don't expect them to tell you every instance where you cannot do something. No one can conceive all the possible ways something might be used - crystal balls only work in SL. Speaking of crystal balls.... :)

From: Tcoz Bach
If they're going to allow this, they should implement master accounts. As most companies do.


I'm sure they will get right on that, because the authority has spoken, but again, you need to be sure to forward that memo first. ;)

From: Tcoz Bach
LL has never, in three years, shown that they are capable of dealing effectively and permanently with a griefer, particularly ones with the resources to run several accounts (which is very common). Any statement to the contrary ignores a great deal of information.


Well, considering accounts are credit card driven and people can have multiple credit cards, I'm not quite sure how they might permanently ban a determined griefer. Perhaps, you have the magic solution? :)

From: Tcoz Bach
SL IS a private community. Privately owned, available only to paying customers. You can be banned or removed for any reason at all, even no reason, and all your account holdings wiped out. You can not be banned or removed from Times Square for no reason, because it is a true public place. You have a right to be there. As has been said by many that contradict me, you have no rights in SL. Zero. There is no "public" right at all.


Ah yes, a private community where anyone can get in with access to a credit card. People contradict you?? I wonder if public floggings are still in fashion - whip those rebels!! *chuckle* On a side note, I don't think nudists are allowed and have a right to be in Times Square, but maybe I am wrong. I'll investigate and get back to you. :)

From: Tcoz Bach
The fact that your info can be removed from the world, used by anybody for any reason, and LL takes no accountability for it, should be known to incoming users. It is the truth, and is honest. Informing users of this only after they have paid is just plain sneaky.


My info? Let's see, it's a key that is useless outside of SL - those bastards!! How dare they make my useless SL information available to the outside world! My god, they may even take my key and bit flip some of the bits - oh the humanity! :) And yes, it is sneaky. I wager it's a conspiracy by the government - shhhhh. :)

From: Tcoz Bach
LL could very well be compelled to tell users this up front. I'm still looking into that. Whether or not you think it's risky, those lists contain 2/3 of 40k login credentials, both the for game and this website. And when you hack the website, you now have that users account info. That's right, last four credit card digits, and so on. A master account would solve this, since if you got caught publishing master account info (which would be pretty much impossible to get), you would obviously be banned. NO PORTION OF ANOTHER PERSONS ACCOUNT INFO should be obtainable in game or by manipulating the SL software files. That just makes sense. I have had this conversation with our resident security expert (I mean RL at work) and he agreed that not implementing a secure password alg (which SL has not) and making 2/3 of your account info as easy to get as opening up a text file and/or using Find in game, rates low on the "good thinking" scale. Not everybody that joins SL is password or account cred savvy, but SL, and many in these forums, seem to believe that everybody that is not is just stupid or careless.


Omg, they can get the secret to the nuclear launch codes!! Don't tell anyone, but it's the last 4 digits of my credit card!! We are all doomed, rl and SL both!! Side note, I do security work for the govt. (no lie), and trust me, breaking into the site doesn't require access to a key database. As for passwords, many people are stupid in creating passwords, and good luck saving those people from themselves. Too much other blah blah blah to respond to. :P

From: Tcoz Bach
And STILL there is no obvious need for these lists. It's all just smokescreen Gator-esque BS. People are just biding their time until they can figure out how to get around the TOS or begin the practice in such a way as to make it very difficult to "prove". And they will eventually.


Ah yes, the conspiracy theory raises it's ugly sneaky head again here. *chuckle* Oh, and I keep forgetting to consult you regarding what I need for my scripts...makes mental note to work on that in the future. :)

Well, seems I have amply defended my position with overwhelming facts and logic. Even I am impressed with the ironclad and bedazzling way I have rebutted such amazingly strong arguments from such an authority (still waiting on that memo though *wink*). Seems there is nothing left to do but seal this post with a beer. :)

P.S. I know my victory as having the longest post in this thread will be short lived, but I shall relish in the moment for as long as it lasts....I figure I have at least 2 hours until the next novel hits the shelves. :)
cell Neutra
That's L$50k please
Join date: 26 Sep 2004
Posts: 28
06-16-2005 15:19
why is this still being debated? lol. I think it's funny so I'll add another message :P

Once again, no point in starting with the name of the person. All you need is the key, and any means of gathering a person's data will give you that key.

As for the rest of the debate I thikn most of you have confused yourselves. Solicitation/SPAM is illegal in all cases. This is just one means of it. If you honestly believe you have a legitimate reason to be sending ppl something (message, "gift", nekkid pics, etc..) =P, you are mistaken if you use a list of random names/keys. If you want to be legit, send your "stuff" to a list compiled by informed recipients who actually wish to receive such "stuff". Otherwise, it's the definition of illegal solicitation.

Have a nice day =D

cell Neutra
Rayve Mendicant
Pushing The Limits
Vortex Saito
Quintzee Creator
Join date: 10 Sep 2004
Posts: 73
06-16-2005 17:47
From: Tcoz Bach
Mistaken.

I have said, over and over, that I am aware LL owns all the info. That's the point.

I WANT LL to say that they release the information to all users and that they are not responsible for how it is used. Exactly as you say. But they will not. Gee whiz I wonder why.

I would also like a clear statement regarding using their software files to compile and distribute information. IE, you are allowed to do it. The name.cache file IS a portion of their software. And in three years I never heard anybody say that the intended use of it is to build lists of account names and user keys. Since it's obviously allowed, what other portions of the software can I glean info from?

If they're ..... snip


Paranoid paranoid
_____________________
I don't care I am a lemming, I am NOT going !!!!

secondlife://puea/54/15
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-17-2005 09:45
From: cell Neutra
As for the rest of the debate I thikn most of you have confused yourselves. Solicitation/SPAM is illegal in all cases. This is just one means of it. If you honestly believe you have a legitimate reason to be sending ppl something (message, "gift", nekkid pics, etc..) =P, you are mistaken if you use a list of random names/keys. If you want to be legit, send your "stuff" to a list compiled by informed recipients who actually wish to receive such "stuff". Otherwise, it's the definition of illegal solicitation.


I could not agree more with Vortex.

As for confusion, it seem to exist here too. The issue is not about the legalities of spam, it's about the legalities and perceived ethics of publishing keys. How the keys are used is a completely separate issue. The implied assumption you are making is that these keys are to be used for e-mail or free gift spam. While some people may do that, we cannot assume that is the only reason to use keys. I have a reason myself for using them, and it has nothing to do with spam of any kind. I have no desire to send anyone anything (e-mail, free gifts, invitations, etc.) or break into anyone's account, but I do have a valid use for these keys, only because the way the language is setup forces me to use keys and do a translation. While it's completely idiotic to have to use keys for my application, I am stuck with the limitations of the language. Trust me, the last thing I want to have to do is go to a webpage to get the data that should be available in the game.

By the way, not that it's relavent, but the legalities of unsolicited e-mail have yet to be ironed out, and even when they are, good luck enforcing such laws.
Tcoz Bach
Tyrell Victim
Join date: 10 Dec 2002
Posts: 973
06-17-2005 13:33
http://apnews.myway.com/article/20050409/D89BI7SO0.html

Nine years good bye.

These sort of societal phenomena have a way of rubber banding...we go to one extreme, then the other, in diminishing orders of magnitude until the balance is struck.

Since there are opposite extremes, people tend to become aggressively polarized on the issue, particularly because there is very little precedent to make either camp's point. A great deal of it boils down to interpretation of right and wrong, and that's a tough case to make.

But these people are beginning to go to jail. Yes, this is an unusual extreme, but then again, so is nine years in prison. Eventually, there will be less stringent penalties applied to less extreme violations, and information that you pay for the use of, and/or own, will be protected from people that simply want to grab any information that's lying around and use it for any purpose they see fit, regardless of the user and/or owner's concerns. I also find LL's practice of not clearly informing users of this use of their information to be at best elusive, at worst illegal.

I find it interesting that most people that tend to side on the "do as you will with anybody's general info" view makes their point with the fact that keys and such seemingly irrelevant data can't be used to steal money from you.

So enjoy it while it lasts I suppose, those of you who choose to buy into this. But I'm convinced it will change.
_____________________
** ...you want to do WHAT with that cube? **
Sargus Kraken
Registered User
Join date: 27 Feb 2005
Posts: 109
06-17-2005 15:19
The problem is that some wish to group data collection with data usage, and then claim because data can be collected the only possible usage is for an "illegal" activity, and that these keys contain some sort of special data that must be protected. By that logic, no one should be allowed to keep an address book because they might use it to spam people. The telephone book should probably be outlawed as well, because it contains people's addresses and phone numbers - far more information than is contained in a virtual game key (i.e., fictitious AV name). The argument is preposterous and not based in any sense of reasoning.

Facts:
1) Data gathering is not the same as data usage (i.e, a name database does not equal spam).
2) Knowing a character's fictitious name, by itself, does not grant a person access rights to the account of another person.
3) Names can be gathered in many ways, such as by looking at the SL screen or even in this forum.
4) There is nothing magical about an AV's key. It's a unique identifier that just makes object handling simple.
5) The only additional data available from the AV's key is the AV's name (i.e., it's an information pairing of unique object identifier to avatar name).
6) These keys are not hidden from the SL community, as a simple LL call can be used to retrieve such keys.
7) You don't "own" this information and you don't "pay for the use" of it either. It is information that is freely available to ALL people in the game.
8) Free trial accounts still exist, so anyone can gain access to SL.

Argument:
1) This is indisputable: data collection by definition is not data usage. Owning a steak knife does not mean I am going to stab my neighbor with it. Granted, the data "could" be used to spam, but only from inside SL. "Could" and "would" are not the same, at least not the last time I checked in the dictionary.
2) In almost all user based authentication situations, the lowest common denominator becomes the password. If one is too stupid to realize they should protect their password, they are too stupid to own a credit card. And even if an account were to be hacked, only the last 4 digits of the credit card are available. That leaves 12 other digits to determine. Well, most bank card pins are only 4 digits, so good luck getting those 12 digits.
3) You argue that the character's name is half of the account information needed to get into an account. I won't argue with that, but that is a totally separate issue, since AV names are easily retrieved in numerous ways (LL calls, screen view, names cache, etc.). To me, the issue would be to make your account login name separate from your AV name and map it in the backend database. Oh, well, too late for that I guess.
4&5) So, what do you gain from the key/name pairing? Well, if you have one, you can gain the other. Aside from that, no other information can be gathered from the key.
6) The keys are freely available by design in the language, and as mentioned before contain nothing by themselves that allows an account to be breached or to spam from the outside.
7) The only issue I see here is whether there is a problem with data that is freely available inside the game to be allowed outside the game. Well, if the data is freely available inside the game, what difference does it make if it is available outside the game? I have tried to send myself e-mail from outside using my key and it doesn't work. And as mentioned before, it can't be used to crack an account without the password for the account.
8) Free trial accounts mean basically anyone can get on SL and gather information.

Summary:
So, the argument is that someone either inside or outside the game can use these keys to spam, send gifts, or crack accounts.
1) You can't spam accounts from the outside SL using keys - I tried to myself and it doesn't work.
2) You could spam from inside SL, but that would be dealt with swiftly, and for as long as the game has been around this has not been an issue, attesting to the fact the model works.
3) The outside world maybe has a little more information regarding your account for cracking purposes, but for the cost of a free trial (that would be FREE) one can get an account on SL and collect this information themselves for cracking purposes.

Could account protection be better? Sure, but that would now require going back through thousands of users to give them some other piece of authentication data that is different from their AV's name. I don't see this as a likely scenario.

So, what is the message we get here? First off, protect your password. Gee, sounds like good common sense. Second, don't spam people or you may get in trouble. Again, common sense. This all seems pretty simple to me.

What I see is a few people trying to cloud simple facts by making assumptions and implications that the data is somehow sensitive and/or protected, has special value, contains critical information, will be used only for illegal purposes, etc. Sorry, but the paranoia is not supported by the facts or logical arguments. Could the data be used in a bad way? Anything can be used in a bad way. I could use a piece of paper to try to paper cut my neighbor to death, but how realistic is it? But to be safe, we better outlaw paper! Use some common sense - jeez.
Ulrika Zugzwang
Magnanimous in Victory
Join date: 10 Jun 2004
Posts: 6,382
06-29-2005 21:02
After a one-month delay due to travel and work on my other projects, I have finally incorporated a new batch of names into the database. There are now over 41,000 name-key pairs!

I am also still maintaining the opt-out database (see instructions on the site) and will have an automated in-world mechanism to opt out shortly.

~Ulrika~
_____________________
Chik-chik-chika-ahh
Kris Ritter
paradoxical embolism
Join date: 31 Oct 2003
Posts: 6,627
12-01-2005 00:46
:confused:
Ulrika Zugzwang
Magnanimous in Victory
Join date: 10 Jun 2004
Posts: 6,382
06-09-2006 10:05
FYI. The name2key database has hit 60,000 entries.

~Ulrika~
_____________________
Chik-chik-chika-ahh
1 2 3 4 5 6 7