Welcome to the Second Life Forums Archive

These forums are CLOSED. Please visit the new forums HERE

Encrypt data stored on computer by SL that could be used for nefarious purposes.

Aaron Levy
Medicated Lately?
Join date: 3 Jun 2004
Posts: 2,147
02-04-2006 06:35
SignPostMarv Martin... I love the fact that you posted the entire conversation you had with Adam Linden.

http://signpostmarv.wordpress.com/adam-linden-convo/

Since he said you could post it, I'll bring out some highlights...

From: someone
Adam Linden: well, heres the thing: keys arent illegal to have


From: someone
SignpostMarv Martin: funnily enough, the key out of my name.cache file didn’t work
SignpostMarv Martin: the one from the w-hat site did tho

Did you miss the part where the keys in name.cache are obfuscated?

From: someone
SignpostMarv Martin: is there nothing in the TOS that says that Linden Labs can shut them down pre-emptively ?
Adam Linden: shut down what? someone elses website?
SignpostMarv Martin: yeah
Adam Linden: how would we possibly do that?
SignpostMarv Martin: copyright infringement ?
SignpostMarv Martin: data protection ?
Adam Linden: i’ts allowed. in order to prevent the positive uses of the data in world, we must make it availble. if someone compiles it, there’s nothing we can do about it


And one of my favorite parts, where he asks if the keys in name.cache are covered by the DMCA:

From: someone
SignpostMarv Martin: isn’t there something in that DMCA for it ?
SignpostMarv Martin: i mean the data has been made available because the name.cache file isn’t encrypted


And as SignpostMarve goes on and on and on and one, wasting Adam's time, Adam says:

From: someone
Adam Linden: well, I think you’ve made your point, and you’ve heard my response, I cant address this all night


From: someone
SignpostMarv Martin: i’ve got mental imparements, u have to spell it out
SignpostMarv Martin: reading big blocks of text is hard for me
Adam Linden: I already have, and I need to go help others now
SignpostMarv Martin: eg archive
Adam Linden: have a good night signpost
SignpostMarv Martin: fine, i’ll get started
SignpostMarv Martin: ^saracasm^ thanks for ignoring my medical problems btw
Adam Linden: night!:)


The whole conversation is a must-read, really. I encourage everyone to go read it.

You're getting your panties in a bunch over SPAM. Actually, spam that hasn't even occured, and spam that so far, NO ONE has received, NO ONE has reported and NO ONE but you seems to care about.
Nargus Asturias
Registered User
Join date: 16 Sep 2005
Posts: 499
02-04-2006 09:10
From: Elberg Control
I could just as easily scrape the forums and collect the names of all the posters, and then generate md5 hashes for each name


You can generate Key from a Name?! Am I understand right? :O Could that functions be shared? Or it is kept secret in order to prevent misuse???
_____________________
Nargus Asturias, aka, StreamWarrior
Blue Eastern Water Dragon
Brown-skinned Utahraptor from an Old Time
Travis Bjornson
Registered User
Join date: 25 Sep 2005
Posts: 188
02-04-2006 09:30
From: someone
Are you all understanding the point yet ?

No. It doesn't matter where the data is sourced.
Introvert Petunia
over 2 billion posts
Join date: 11 Sep 2004
Posts: 2,065
02-04-2006 20:47
From: Nargus Asturias
You can generate Key from a Name?! Am I understand right? :O Could that functions be shared? Or it is kept secret in order to prevent misuse???
No, the llName2Key() function isn't provided because it would require looking through a 100,000+ row table that is indexed by key, not name. I would be a cool library function if it didn't take minutes to give an answer.

It is strictly efficiency, not to prevent abuse that doesn't exist nor ever has.
Nargus Asturias
Registered User
Join date: 16 Sep 2005
Posts: 499
02-04-2006 20:49
Mmm...so how people use that function today? like SLEx or SLB. Or they use their own copy of the database in their server?
_____________________
Nargus Asturias, aka, StreamWarrior
Blue Eastern Water Dragon
Brown-skinned Utahraptor from an Old Time
Introvert Petunia
over 2 billion posts
Join date: 11 Sep 2004
Posts: 2,065
02-04-2006 21:17
From: Nargus Asturias
Mmm...so how people use that function today? like SLEx or SLB. Or they use their own copy of the database in their server?
Yes, they use their own database for the inverse lookup.
Bird Raven
CrashBoomworks
Join date: 13 Dec 2004
Posts: 27
07-23-2006 20:34
From: Masakazu Kojima
About 16,000 (93%) of my keys are from my scanners for my map, not name.cache. They scan about twice a minute and only exist on W-Hat's plot in Baku. I have several other plots where I could collect keys far more aggressively, and I am sure I could convince quite a few people to wear a key collecting attachment for me.

It'd be a complete and utter waste of time to encrypt name.cache any more than it already is. The keys I already have won't go away. You can't stop anyone from collecting more. If you are really worried about people having your key, or other peoples' keys, you should try to start a good discussion on the issue, and push LL to change their policy on public key databases, or better yet, to develop decent IM/inventory privacy controls. Wasting their time developing a very minor hurdle that many people would enjoy subverting just for the challenge will not change anything. I value my account far more than I value opening my database to the public, and if I was told to take it down I would do it in a heartbeat.

I spent a long time thinking about it before I made my database public. In the end I came to a conclusion similar to the developers of Tor: bad people can already do bad things. My database does not affect a spammer's ability to be a spammer. If someone wanted to send millions of IMs or crash the grid they do not need my database to do it. On the other hand, there are legitimate uses for a key database, and not everybody has the energy or skills to create one themselves. Why should key databases be restricted to people who are willing to break rules, and why should people have to duplicate the effort of everyone else before them if they just want to send their customers an updated product without spending hours on it?

Linden's position has always seemed to be the same: good people shouldn't be punished just because bad people will do bad things. The bad people should be punished for doing bad things. It has its flaws, but in general I think this position has worked well for them. With Ulrika's database before mine, tens of thousands of keys have been available for quite some time. The spam apocalypse has yet to occur.


Just felt like re-posting that... due to everyone ironically critizing that, leaving a question or prompt which, haha!, is answered fully in the quote above. As quoted above: You can't stop anyone from collecting more. I have 17,000 on my computer. I may just give it to w-hat. Indeed I while, just because you say I shouldn't be able to...
Usagi Musashi
UM ™®
Join date: 24 Oct 2004
Posts: 6,083
07-28-2006 23:08
they should outlaw these keysites......or protect people better.
_____________________
Never Quote People that have no idea what they refering to..It give them a false feeling the need for attention...
Draco18s Majestic
Registered User
Join date: 19 Sep 2005
Posts: 2,744
07-28-2006 23:14
From: Introvert Petunia
Yes, they use their own database for the inverse lookup.


And probably have it alphabetized by name--first and last.
Nargus Asturias
Registered User
Join date: 16 Sep 2005
Posts: 499
07-29-2006 01:06
It seem some people still don't understand key is NOT a secret, and will never be. It's needed for lots of things and SL won't work without it. (well, maybe i'm abit over too, but *shrug*) Without key database, SLEx and SLB can't open, as well as all sensors and security balls, etcetc. *shrug* I can collect them myself if I want. It's pretty easy.
_____________________
Nargus Asturias, aka, StreamWarrior
Blue Eastern Water Dragon
Brown-skinned Utahraptor from an Old Time
Vehementi Nacon
Priest of Chaos
Join date: 19 Feb 2006
Posts: 10
07-29-2006 02:23
heh ... SLB and SLX may need it but there is no reason for you to have it. Frankly if anythign it's a waste of server space on your part.
Kyrah Abattoir
cruelty delight
Join date: 4 Jun 2004
Posts: 2,786
07-29-2006 02:30
From: Vehementi Nacon
heh ... SLB and SLX may need it but there is no reason for you to have it. Frankly if anythign it's a waste of server space on your part.


it's not a waste if you have a use of them
_____________________

tired of XStreetSL? try those!
apez http://tinyurl.com/yfm9d5b
metalife http://tinyurl.com/yzm3yvw
metaverse exchange http://tinyurl.com/yzh7j4a
slapt http://tinyurl.com/yfqah9u
Adriana Caligari
Registered User
Join date: 21 Apr 2005
Posts: 458
07-29-2006 03:03
To the OP

Do you have your name in a telephone book ?

Do have a number outside of your house ?
( possibly with a name on the bell ? )

Or do you encrypt all of that
( or ask the government to do it for you ? )

Whats the difference between me collecting house numbers, names etc and cross referencing them against public records ( phone books, census, etc etc ) and using that to spam you, and collecting them in-world ?


Avatar keys are public knowledge by the very fact that any member of the public can see them - whether they are regarded by the public as public knowledge is a different matter.

The fact that Linden have already intimated that an llName2Key function is a distinct possibility implies that they know this and have no plans to stop key farming.

Encrypting the name cache would just force someone who wanted the keys to un-encrypt it, and would be ineffective with people like myself and others who do not use the name cache.
( I use my name2key database for product updates by the way )


Whilst keys are publicly visible there is no way of stopping the public looking at ( or gathering ) them.
_____________________
Maker of quality Gadgets
Caligari Designs Store
Usagi Musashi
UM ™®
Join date: 24 Oct 2004
Posts: 6,083
07-29-2006 03:22
From: Adriana Caligari
Whilst keys are publicly visible there is no way of stopping the public looking at ( or gathering ) them.


Well there are always people trying to becute and hacking or tring to be a smart butt with those things. Fact is some people tracking other and pointing out fact about them in god mode does not always mean its correct anyways.....But emailing is a danger.
SignpostMarv Martin
Registered User
Join date: 8 Oct 2005
Posts: 68
07-29-2006 04:33
Since this thread has been resurrected for some reason, I thought I'd better say something.

I've changed my mind since I first made the post (I mentioned it somewhere on my blog a while ago).

Encrypting the the data stored on a computer by SL that could be used for nefarious purposes is absolutely pointless. DRM does not work, it has never worked, and it never will. (The fact that it isn't technically DRM is irrelevant).

It's about as counter-productive as re-writing the client so OGLE doesn't work with SL any more.

I do still think that LL should close down the 3rd-party caches and open up their own name2key database, since one of the problems with using a 3rd-party cache is one of trust. You can't trust a 3rd-party database to be accurate. It'd be a waste of time to have to check if(llKey2Name(name2key(the_name)) == the_name)

I'm not suggesting making it a function or anything, just hurry up and get the resident search option into the SL.com search engine so the results can be parsed from there (the profile images).
Udo Tuxing
Registered User
Join date: 17 Oct 2006
Posts: 5
07-19-2007 13:58
With recent changes in SL storing keys for the public can be bad:

Scenario:

Someone wants his online times not to be known by anyone and creates a alt.
The name of the alt is no secret, but the key should be. So he enables "Make my online status only available to my friends." and turns it off even for his friends.

Now:

With the key someone can feed a online indicator script and keep track of your online times.

So it makes sense to keep keys private in some cases.


So basically: Key databases are bad for privacy and its just wrong to say "There is no reason to worry about somebody else having your key."
There can be reasons to worry about that.
Caroline Ra
Carpe Iugulum
Join date: 20 Dec 2006
Posts: 400
07-19-2007 14:13
I wish I knew WTF you were talking about
_____________________
The secret of life is honesty and fair dealing. If you can fake that, you've got it made.
Kitty Barnett
Registered User
Join date: 10 May 2006
Posts: 5,586
07-19-2007 14:16
From: Udo Tuxing
So basically: Key databases are bad for privacy and its just wrong to say "There is no reason to worry about somebody else having your key."
There can be reasons to worry about that.
This thread stems from a pre-bot era. We currently have bots cataloguing every item you have rezzed in world, as well as a public database of all the parcels you own across the grid.

The privacy of your avie key is the last thing you should be worrying about.
RobbyRacoon Olmstead
Red warrior is hungry!
Join date: 20 Sep 2006
Posts: 1,821
07-19-2007 14:18
From: Caroline Ra
I wish I knew WTF you were talking about


Manufacturing another reason why public keys, which are absolutely necessary to the proper function of Second Life, is a bad idea.

Probably just wanted a reason to necropost!


.
_____________________
RobbyRacoon Olmstead
Red warrior is hungry!
Join date: 20 Sep 2006
Posts: 1,821
07-19-2007 14:20
From: Udo Tuxing
Someone wants his online times not to be known by anyone and creates a alt.
The name of the alt is no secret, but the key should be.


It is absolutely necessary to the function of Second Life that keys be public.

If you wish to not have anyone know when you are online, don't tell them who your alt is :)

.
_____________________
Kyrah Abattoir
cruelty delight
Join date: 4 Jun 2004
Posts: 2,786
07-19-2007 15:10
They index it by name :p
_____________________

tired of XStreetSL? try those!
apez http://tinyurl.com/yfm9d5b
metalife http://tinyurl.com/yzm3yvw
metaverse exchange http://tinyurl.com/yzh7j4a
slapt http://tinyurl.com/yfqah9u
Usagi Musashi
UM ™®
Join date: 24 Oct 2004
Posts: 6,083
07-19-2007 18:01
First why was this old thread brought out of the linden trash can?
second as the viewer gets open source more and more, this is what we are headed for.
I don`t know why people need to know how long a person plays on sl. Infact the lenght of time a person plays should be logged by LLABS themselfs and exposed in a status for everyone to see. Intersting status i surely would review.


Usagi
Jen Creeley
Registered User
Join date: 21 Oct 2006
Posts: 5
11-15-2007 11:46
I find this whole discussion very humorous.
FACT: Keys are public
Get over it. Did you get spammed? did someone send you thousands of messages? is your email inbox full of crap from llSendEmail? oh none of that happened? that is a suprise... i mean here is this huge database of keys... and... and... none of this has happened? omg! :P lol
Darien Caldwell
Registered User
Join date: 12 Oct 2006
Posts: 3,127
11-15-2007 12:12
Yes, if you notice, this post is closing in on two years old. Back from the dead again! lol
_____________________
Kokoro Fasching
Pixie Dust and Sugar
Join date: 23 Dec 2005
Posts: 949
11-15-2007 12:26
As long as there is one AV left in the world, the key thread will not die!

http://img230.imageshack.us/img230/2826/thereisnohopeforthisthrgs8.jpg
1 2 3