GLIntercept Detection Plug-in for SL

Napster did more damage to respect for copyright than anything before it. It basically eviscerated the music industry's business model. It can easily be argued that they should have seen it coming and been more proactive in coming up with a new model, but that, in a sense, is simply a blame the victim kind of argument. When something becomes so easy to do, and it becomes commonplace, people have a much easier time justifying it to themselves, and as a result the number of people doing it expands exponentially. That's a dynamic not taken into account by those who make the claim that security through obscurity never works. They're right, but why hasten its demise?

I like to think that the majority of people are honest, and in a way they are, but p2p networks didn't become so huge because people turned dishonest en masse. What happened instead is that people's perceptions of what constitutes theft and what doesn't changed in direct proportion to how easy it became to steal without consequences, and how widespread the knowledge of that became. Anyone who believes SL isn't headed down the same road is dreaming.

ohh oops misread your last sentencen a shrug.

If you include the music industry's thugs the RIAA then I would agree that they totally mishandled it not only by not having a business model but also by suing their customers who just happened to be kids, teens, college students, and senior citizens all of which people empathsize with more than a bunch of hired goons in suits (lawyers).

Unfortunately LL has never dealt with educating people about the morals and such of SL in regards to content nor have they done a good job technically of having a good system to deal with such things, a purely technical solution is doomed to failure same with a purely social solution (there will always be bad apples) however since LL is in the best position to fix this problem instead of leaving it up to resident run IP campaigns (that are great but not as effective as action by LL) and they refuse to act there's not a huge amount us as residents can do.

Unfortunately there are still many people who are looking at the purely technological approach as can be seen by the number of JIRA issues asking to cripple the client in various way or the way certain serverside actions are handled that would have irreversable harm on legitimate usages and of course it's those same people who think that not mentioning names like copybot and slintercept will make them go away so they can go back to a time when content theft was limited to an ex partner who you gave perms to running off with you're store's prims.

GLI is a tool. Just like a hammer or knife it can be used to for good or bad. There are legitimate uses for GLI so I dojn't think it should blocked. As a beginning content creator I too am concerned about theft but as a programmer I know it can't be coded out. I would hate to see LL spend all their time in a coding arms race thant can never be won.

Just my L$0.02
S

Couldn't put it better myself, I didn't really think of it becoming an arms race but if LL tries it will become one and one that they cannot win in the long run especially without sacrificing priority for work on stability and other important issues.

Oh just like a Gun end can be used as a hammer right.......( just point it at someone you dont like and hit the nail)

I'll try not to read too much into it but that analogy doesn't really follow, a gun's legitimate use is to shoot and injure or kill, a hammer can be used to injure or kill but when used properly it doesn't whereas a gun used properly will do exactly that.

I think using a loaded gun as a hammer would be dangerous.

There are nail guns that use .22 caliber shells to 'shoot' nails out. Maybe *that* is what is meant...

<bad pun> A good way to get nailed </bad pun>

Well to some it does and why not? I not going agaisted what you said by saying it. But to some that is their purpose..........
Don`t forget its related to the topic matter here. Not any other purpose.

Guns are not allowed in Japan I don`t like them.

It's not even a UUID issue at all. This one works by pulling data straight from video texture memory... something LL cant do a thing about.



I was the first one to mention "security through obscurity" in this thread, and it wasn't meant to be taken in the classic IT tech mentality.

My mention of that phrase in this case specifically meant "content security is BETTER served by NOT making a flashing neon sign out of the specifics HERE." It's exactly like leaving your keys in your car in a really, really bad neighborhood. Doesn't mean your car wont get stolen. It means if you remove the obvious temptation, the easy means to that end, it makes it a little more difficult for someone who's only CONSIDERING theft to move from thought to action.

Not mentioning names for an easy search, or posting links to it obviously wont stop a serious resourceful thief, we all know that. It CAN, however, help to deter that small percentage of lazy users that don't know about it already, and who WOULD use it wrongly if you make it painfully easy for them here.

I strongly disagree with those who think that the OP's idea (of making the client fail if GLI is present) is useless because the client can be modified.

Locks are devices to keep honest people honest. A device like the OP's suggestion would be a lot like a common lock. Meaningless to the few who know how to compile SL from open source. Meaningless to those who band together in groups of thieves and share "lock picking" tools. However, it does raise the bar pretty significantly.

GLI is *so* easy to use, very little effort and technical ability required.

- You don't need to download, modify, and compile SL client (good luck for the nontechnical to do that!)
- You don't need to search for a modified client, download it, and run it trusting that the band of theives who posted it didn't include a trojan horse to corrupt your machine

No, the OP's mechanism would not affect the committed and savvy thieves among us. But it would stop the casual theif looking for low-hanging fruit. Like a Master combination lock, easy for anyone with a little knowledge to open pretty quickly, but keeping most people out.

Certainly "security through obscurity" is a fallacy when discussing cryptographic methods. But that's not the subject here, except to a those few with very high value content. I agree that those with very high value content wouldn't get sufficient security from the OP's suggestion. It's not sufficient, but that doen't mean it's worthless.

I feel that it would indeed reduce theft. Just as the easy trick to copy textures should be disabled (and has been, or so it seems last I checked).

Raising the bar may not be enough, but it's definitely a good thing.

Even using The Tool That Must Not Be Named isn't trivial. It grabs EVERY texture, including baked textures, system textures, intermediate textures and user interfacing textures, so sorting through them is a pain. And then, the content has to be re-uploaded to SL, which costs L$10 - that might not sound like much, but it can build up, especially for NPF avatars who don't make anything.

I think the issue is more about people who are running whole businesses reselling content. Some of them even own islands for heaven's sake. For those people recompiling SL won't be that much of an effort as long as they can do it for free (which they can with VS Express).

When testing it (in an area where the only items within draw distance were my own using my own textures) I noticed that too, even a couple of seconds loading is enough to create more than enough images to break the windows folder browser because you end up with thousands and thousands of images and the only really usable ones are real textures 256x256 or higher

Good post Lear, and some good points. The "casual thief/low hanging fruit" analogy was right on.
The issue I was thinking about wasn't so much that the client can be modified, it's that this debugger tool can be modified much easier. LL runs the risk of getting into an arms race they cant win, and constant mandatory updates to the viewer if they do that (kiss het grid bye bye). Not to mention that this tool isn't the only one that can do this stuff, it's just the most visible atm.

Good points Dana. My thinking on this plugin was that once a threat was added to the list it would be handled forever. New threats will be brought forward by the community I'm sure and I can't imagine it would take much for LL to add a few signatures a month.

I don't want to see LL devote massive amounts of core resources towards this issue, but it would be nice to see them do at least something.

Think about the aveage script kiddy who would steal from SL using the "tools". They are going to go for the most obvious, the most easily found exploits. When those obvious ones simply do not work with SL then they will be forced to actually think, which instantly reduces the pool of potential thieves and eventually the hassle of theft will drive them away.

It's not a war that LL can always win, but if they tried they could win most of the battles without much work at all.