Please obscure land streaming audio url . as with video

After some initial experimentation streaming music to my land, using Itunes and Nicecast (which worked a treat) I stopped doing it.

This was because I realised I was revealing my ip number to all and sundry.

Admirably, 1.6, after requests in forum, hides the media url from the unauthorised.

Please can we do the same for audio, then I'll start streaming again.

Yes, I know its not foolproof, but its still valuable.

Whoops, neglected to say - its not just a privacy issue - I pay for my up bandwidth by the Gigabyte, and I cant afford for other land parcels to be tuned in to it - costs me hard cash.

But your IP will still be visible if people look at their firewall logs or simply type 'netstat'.

You always pop up with this, jack. Trust me, very few people will know how.

My biggest concern is people just copying and pasting the url to their own parcel because they like the music, or when they are just passing by. (I've done it, haven't you?).

And then maybe saying - "oh look, maybe thats his own ip number - thats interesting" etc etc.

If a dedicated deliberate hacker/detective gets on your trail then I agree your identity is in danger anyway and you'd better hope your firewall is right too. But its not statistically likely to happen to you unless you make enemies.

Its the idly curious I'm concerned about, and bandwidth theft by the ordinary cut and paster. This is highly likely, unlike the other.

Just coz there are lockpicks doesnt mean we throw all our locks away.

Another analogy would be the locks on most front doors are completely useless but surprisingly effective.

I endorse this product and/or feature. And yes I know it won't stop smartasses or geeks, but it does stop casual bandwidth plunderers from stealing your private stream address without asking and using it. Which they do, cuz people suck.

Yes, very few will know how. And the ONLY ones who would actually pirate a fellow resident's stream WILL IN FACT, KNOW HOW.

All this does is lull people into a false sense of security.




Just so you know, if a hacker gets on your "trail" he's gonna hack one of your apps that you allow through your firewall so the firewall itself won't help. It's more of a logging system at that point.

I wouldn't call stream theives hackers either. The information is freely available to anyone who enters your parcel, even if you hide it in the client. It's feely available. And rightfully so, I have every right to see to which URL's 3rd party streaming libraries are connecting and decide if I like the looks of it before I enter. I guess people who are in SL for business trying to sell secure stream feeds get the shaft yet again. Why do I need to pay for it when LL spent money to block the URL.... So let's get naked.

In the business, its called the principle of security by obscurity.

Time and and time again proven to be uneffective, but sadly many rely on it.

Tito

ps. But I do agree on not making it as simple as cut and paste...

You may have a right to go LOOK at the stream to decide if you want to connect, sure. And I don't begrudge you that if you are on my parcel and my stream is up. But thats a whole different kettle of fish to taking my stream without permission and using it on your own land, possibly at cost to me.

And no, I don't believe its the case that 'ONLY ones who would actually pirate a fellow resident's stream WILL IN FACT, KNOW HOW', as I just said. Anyone who has EVER looked at the 'about land' dialogues will know how to put a URL in there. Not all of those will know it's wrong to 'steal' anothers, that people might be paying for the bandwidth/listeners or that you should ask first.

So to reiterate, I endorse this feature.

Picking a random number for llListen channel is security through obscurity. There is NO security being provided by this feature but some people will think they are safe and will see no need to purchase safe authentication systems.

Gah! *hits head against brick wall*

You're right. Lets not put it in any features ever because some people wont understand them.

The point of this suggestion (and the one about video, too, since you also derailed that one) is about simple MASKING at a basic UI level, not about some uber SECURITY request. No one in this thread or that one would appear to be under the illusion that this is intended to be any kind of security feature.

The point is that Hoochiehair BubbleHead of Club LaggyLag won't come cut n paste my URL from the UI. As the original poster said, which invalidates all the arguments to the contrary 'Yes, I know its not foolproof, but its still valuable.'. And it is.

What isn't useful though is when the usual know-it-alls coming to post that they can get round a feature suggestion, that it wont do xyz after all, despite the fact no one is actually suggesting it for that reason, and potentially putting off anyone who might want and be willing to endorse it further from doing so because you've derailed the thread and suggested it's something it's not, was never intended to be and is a useless suggestion.

No wonder people don't bother posting feature suggestions and just go straight to the Hotline now.

Anyhoo, since I've already made that point 3 times in 3 seperate posts now and am being conveniently ignored, I'll just say once again: I endorse this suggestion. And yes! I know the implications, limitations and why it's being suggested. So please, don't try and rescue me from my lack of understanding.

Edited to add: And yes, I think that right next to this checkbox that says 'MASK URL' it could be useful to say something like 'this does not provide any security against people using your URL' (and maybe 'but it was never intended to do so, despite what some people would have you believe' )

That's not the point. The point is people will think their IP's are secure when they are not. LL should make people aware of this. People also think the URL's to their streams are safe from theives and they are not.



I didn't derail anything Kris, I'm trying to keep people aware of what is actually going on. And I've read other posts you've made and you are constantly paranoid that people are doing things like "derailing" topics.



No, the point is Asswhat McGriefer will steal your bandwidth with his griefer friends and piss themselves laughing.



A feature that tricks users into thinking their IP and their bandwidth are safe is NOT valuable. A tiny percentage of the total user base somehow managed to carry enough clout *COUGH* *FIC* *COUGH* to get this problem added to SL.

This feature is the same as someone writing into [email]ideas@firefox.com[/email]

"Dear Firefox guy,

My friend put a link to my website on his page and anyone can copy/paste the URL and use it on their website. This is not allowed. Please hide the copy/paste feature.

Signed,
Super Koolio"



Way to send SL in the direction of the WWW. Way to focus on businesses in SL. *slow clap* I have a responsibility to know what servers I am connecting to and to do my own security checks on them to make sure they are not malicious.





Finally someone agrees that I know everything. I like you Kris.



Ok no prob, I'll move you to the bottom of the list.

I would think the opposite is more of a concern. If you publish to the web, then expect hitchikers. However, going over someone's land makes your own IP available to an unknown person. That to me is much more scarey.

Well, uhm, I think this is appropriate...



Right then. Anyway

This could be a good idea. Then again, I don't necessarily like the idea of having content forcibly sent over my speakers or played in video for me when I enter someone's parcel. Say, for example, that someone decides to show a movie I really don't want to see all over their plot, on every wall of every prim in their house. I wouldn't know that until I arrived on the plot... whereas for normal builds, I can at least get an idea that it's got something I really don't want to see before I get close enough to see it. Same goes for parcel streaming.

Now, I know that I don't really have a chance to see the URL of a stream before it tunes in... so this argument is probably pretty weak. It's early in the morning, but I bet if I thought hard, I could come up with another reason why it's not cool to be able to make a user hear/view a media URL that they can't inspect themselves. Security risks, perhaps?

Anyway, as was pointed out by Weedy, "If you publish to the web, then expect hitchikers." If you're very worried about bandwidth theft, you should be paying attention to how your stream is used. Watch your IP logs or at least pay attention to the number of users connected. If you're getting more traffic than you expect, change your stream's URL and update your plot(s). Basically, I'm advocating a diligence-based solution rather than a technical solution, because diligence on your part will always be more effective.

Oh, I also realized you might even consider limiting the number of users connected, or writing a script that detects how many people are on your plot and sends that number to your server so it knows about how many people to expect.

Yes, perhaps not an SL level, but on a server level. IP access control from your server is probably the best option. A friend needs access? Grant it from your server. It would be very difficult for SL to spoof or router streaming traffic.

Latest version of 1.6 has the audio url masked with asterisk in the same way as the media url. Thanks LL.