The Thieves Motherload

One of the options in preferrences is a little checkbox to enable cryolife client detection. Not inworld and I can't remember where exactly, but I'd wager it's in the emerald tab somewhere.

I noticed - someone started a thread asking for someone who can programme bots to walk around predefined paths and say predefined things. At first I thought s/he'd seen my castle guards and wanted something similar, but then I realised that my guards were superceded some 18,000 years ago. I'm on the scrapheap now Is there a market in prehistoric bots these days?

I've seen it for myself now. My old, prehistoric bots are just little piles of dust now. At least I think that's what those little piles of dust are

wow kewl! words... a few things i should probably clarify up off the top:

1) my big mistake for including in my original posting, '... perhaps including a copy of an rl id like a driver's license...' I DIDN'T EDIT OUT ENOUGH WORDS from my original notes lol. for those who got too spooked by that...

TO CLARIFY: -i- certainly would -not- have to include a driver's license or some id like it - just rl name and address. again, just to emphasize... -I- would -NOT- include a copy of any rl id or anything else, other than name, address, and probably signature and whatever canned 'i affirm/confirm' legal verbiage the lab would likely fill in.

-just that depending on- : a) if the lab did this and b) depending on how they would -have- to go about setting up a proper legal process to do this, it -may have to- include some sort of copy of rl id. i dunno. ianal.

consider: some websites that center around different forms of 'deep privacy' - paypal, some very adult websites - ironically require more than the usual casual rl verification to access more than the very basic features. certainly more than signing up for a blog or other sites... so just to emphasize, that most other enterprises, however OS, broad-minded or also as groovy have certain restrictions for casual visitors. that serves two purposes: 1) of course, 'upward' drive for casual users to become more engaged and potentially going premium, but also 2) easy first-stage 'roadblock' for those who are not 'serious' or honest in their intentions for being there.

during the netgetn i myself have provided 'lots' of information to certain websites i trusted (foolishly or not) after a certain amount of time exploring them. and gosh, for a lot less fun in return... i would have gladly given out as much as i have in the past to the lab, in the trust that they keep it private, to enjoy the world they've allowed for. (and, i -have-, already, not only to the lab, but thanks apparently to 'discovery process', to the very thieves i combat. they at least know my rl name already, if not my rl address. i do not know a single one of their rl names. 30+ and counting...)

2) I AM NOT AFFILIATED WITH THE LAB, FICkle or anything like that lol!! I DO NOT SPEAK for them, and i do not pursue this idea for them (or against them, for that matter . NOR DO I SPEAK for any/all creators, or Step UP!, or any other affilation/organization/or person(s) around lol.

nor do i want to seem too already-predisposed to one way or the other; i am a content-creator though, so at times anymore, i might go 'going too far out" one direction, if i might not had gotten into commerce... so i dunno, think of my ideas and thoughts what you will. ain't too big to laugh at myself sometimes for taking things too seriously. i am, for the moment lol, pursuing the idea(s) like i'm tilting at windmills.

3) my big thanks to gwynneth llewelyn and tatero nino (if they're reading) for that i am taking their ball, and just running with the idea... their only premise ended with i think the 'no-transfer' idea... i brainstormed up the 'approval process' part myself. (my primary inspiration was the common 'confirm via email' mechanism anymore, but because that was just bouncing the 'gmail/anonymity' ball down the road, i thought that creating a snail analog of the process was what would work.) anyhow, do be sure to go read gwynneth's orig blog entry 'bout it at:
http://gwynethllewelyn.net/2009/09/25/step-up-for-content-creation-theft-awareness/

okay, we return to our original program, already in progress. plus it's got all this science behind it!



Brenda Connolly: 'I am a perfect example of that. The stuff sold in my store is all made by someone else for me.'

ah but if 'mostly exclusive' for your outlet, shouldn't each creator for you then probably have your group in their profile, mentioned in their prof info, linked in their picks/classifieds?? (and if they don't, they should!! - there should be plenty of evidence that each creator deals with and has a kosher relationship with you...



Qie Niangao: 'I really don't know. Those who were "not full citizens" would be so by choice. Indeed, that's the choice they've made *now*; changing it so that choice isn't a license to steal, scam, and grief with impunity doesn't seem that onerous a condition. I'm not entirely clear how it's better that the choice be removed altogether (although that would be fine with me, too).'

humm so here's a slightly further awkward idea then... what if all new anonymous 'residents' instead become 'visitors'?? to become a 'resident' and gain the privileges therewith requires the approval process. 're-tiering' free accounts to anonymous vs. non-anonymous, and allowing certain privileges for doing so.



Rock Vacirca: 'The Blue Mars model does bear some looking at though, in case it has a solution to this problem (or not). Blue Mars does not have any anonymous creators. It is not difficult to copy content from Blue Mars, in fact it is probably easier than in SL. You can copy an entire city (all builds and their textures, but minus the scripts, animations and sounds) with freely available software.

The tactics that Blue Mars are using though is quite different to SL. Blue Mars requires EVERY content creator to register with verifiable ID, including your name, address, age, Credit Card details etc (players who do not wish to give their RL info can still play, but not create). They then assume that by having that RL info on file (which they do verify) will deter people from re-uploading stolen content back into Blue Mars, as they will be clearly identified, clearly banned (not some anonymous avatar with a throw-away email address) and will be able to pass your details to any law-enforcement officials or court subpoenas that come knocking.

So, by shifting the focus away from trying to prevent copying, to trying to strongly deter that stolen content from being re-introduced, they feel this is a worthwhile tactic.'

actually this is perhaps the simpler, much more direct way there. but, there's the ol' 'false/stolen CC' prob to it. how do they verify? (you parenthetically say they do right? ... agree that's a much simpler way perhaps to it... but then there may be more 'openness' still to the sl model if it were to go with -just- rl name and address. (don't deny the name could be 'falsified', but would not be able to bear out an rl investigation pretty quickly.)

so actually what are the actual 'restrictions' model in bm (lol sorry) prior to content-creator verification?? what does a standard 'resident' or 'visitor's privileges amount to, in trade and monies? maybe what is proposed is 'the same thing, only different'... maybe in a good way, maybe bad... muse over it!




Argent Stonecutter: 'Not all of them, by any means. The only reason LL opened the floodgates for anonymous accounts was because they couldn't handle verifying people outside the USA... and these days people outside the USA are the majority of accounts.

If LL was capable of making it such that everyone COULD get verified, they wouldn't need the anonymous accounts in the first place.'

yes, but when you say 'verify', you mean age-verification; this is (at least the way i'm suggesting the process) a separate rl snailmail process. (probably a really really big b*tch of a process to start up; i wouldn't disagree... hummm but another crazy 'extension' idea. if the lab developed this kind of 'very simple but effective' legal verification of an rl address, if not their monicker, that might be a worthy 'spinoff' to cater to other services. i dunno, just talking out of the side of my brain now...)



Meade Paravane: '/me wonders about putting a throttle on the amount of stuff NPIOF newbies can transfer. Similar to the way that somebody using LindeX (TM R CC etc) can only gradually buy so many L$.. '

think i've heard that one before; it's a good reminder!! all suggestions are good to consider! thnk yw vr much for reminding me of it... noting it down...



(... skips over numerous posts regarding hating the idea of giving up copies of rl id; i hope my clarification back up top this message fixes the situation ...)

heck what about filing a change-of-address? new phone-book listing or something? heck applying for some part-time work again rl recently, i filled out a new form along with the usual taxwork... 'the homeland security are-you-a-real-citizen' form or somesuch. (wow, i feel safer already.)

blue mars (do they have a mac client?); emerald (lol alright, got sold on jiggly; sticking for its clothing/cyro-protection promises...)

chill chill, everyone!! nothing to get undies bunched up over. there is, as far as i know, -no- thought or feedback from the lab regarding specifically 'reassessing account privileges'. certainly not in the last roadmap; nothing in any entries i know of anywhere... so please play nice; this is all just a nice game of 'what if' lol. (but i do appreciate pro-active answers, even if they are critical/anti... just looking for substance...)



Katheryne Helendale: 'It is another thing entirely to submit photocopies of my personal records.'

oh!! i just feel so bad i ever left that in my op without clarifying... again see top of this message. i would very much rather it was cut, dry and simple - just rl name and address, probably with signature and form-verbiage. this should be completely legal for anyone in any country (at least that i can think i would want to deal with).



Katheryne Helendale: 'The real problem is, however: What is to stop me, or a content thief, from providing falsified information? Would the level of protection provided by this strategy be worth the potential risk to my personal information?'

you have to live where you say you live. you have to send a snail to the lab, and you have to provide an address for them to snail back a keycode to you to enter into your account page to verify. (my inspiration being the common-anymore-online practice of 'verify via email' procedure.)

i'd thought about it, and the 'spoofing' options for someone would at least be a) using with permission someone else's mailbox, which means under legal action, person living at that address can be questioned who they share their mailbox with, or b) someone willing to 'steal people's mail' to try to get their own, and risk getting caught and severely spanked on the spot by rl cops. or c) cracking the keycoding protection of the account, pretty top-level and incriminating via logs... probably more fun 'fill-in-the-blanks' to try...



Argent Stonecutter: 'WWhat "buried"? I would *absolutely*, if I were in Ruritania and couldn't get verified, set up a vendor to sell *my stuff* that would take the L$ and give people a download URL to download the XML-ZIP package of my product for them to upload to SL themselves. This would be totally legitimate, reasonable, and straight-up.

This has already happened. [apple/drm; hey you namedropped infocom!! kewl... hey i bought -only- legit copies of their stuff back then myself!! ] If the majority of the grid is unverified (which was Linden Labs claim, bck in 20006, that the majority of new users were from outside the US and could only get in because they opened the grid up to unverifieds) then whatever they have to do is going to become the norm.

To make this work, LL has to solve the verification problem, world wide. HAS TO. There is no alternative. And if they can do that: Option 3: don't let new unverifieds get accounts. That's the one that can work.'

well go run with it farther if ya want lol but i think option 3 is even more than necessary for me. however, regarding your first paragraph, maybe the restriction for 'visitors' now should be:

NO TRANSFER (to other users).
NO CASH-OUT (of one's Linden balance).

i've had that one down in my notes for awhile, but felt like that was too much to spring. (here, then this takes the place of 'driver's license'!! lol go for it. see what you think...)



okay well... just some late night thoughts to come back to and muse... see y'all soon, keep up the talk. thanks so much!! i appreciate the brainstorming!!

79 SMILEYCONS DELETED to post!! LOL!!

/me wonders if people realise no one is actually stopping anyone from talking about content theft.

Where do I say that? Age verification wasn't even on the horizon in June 2006. The issue was identity verification, and accountability, exactly as it is today. People brought up the same idea of making unverified accounts second class citizens back then, except it was that the 2nd class slobs wouldn't be allowed to run scripts (we were worried about griefer alts). It was a lousy idea then, and it's a lousy idea now.

If LL was able to solve that problem now, then they wouldn't need unverified accounts *at all* now any more than they would have needed them three years ago. If they had the ability to verify everyone, the way you want, then there's no reason to have anyone they can't verify in the game.

The difference in providing 'personal ID' to a place like the DMV, vs. a virtual world in which every keystroke is recorded, is well...hmm...let me think.

Now what would be the possible difference there?

And not for nothing, the DMV gets spoofed a lot - anyone who follows true crime can tell you that. If it can be, LL surely can be as well.

So what exactly is turning this place into 1984 meets Brazil meets Gattaca going to solve?

(Other than denying people a necessary thing - to virtual life - like anonymity and alternate choices in roleplay.)

Avatar Reality simply tell us that they verify (by getting confirmation that the Name/Address etc details match those the CC company have on file, perhaps?)

It is true, that someone could create an account with AR to access Blue Mars, using stolen ID, but once they had uploaded their first piece of stolen/copied content, they would be banned, and I somehow think that criminals have far better uses for stolen ID and Credit Cards than uploading some copied stuff into Blue Mars and having the real owner informed. They will have had to use that CC once at least anyway, see below.

In Blue Mars content creation is performed out-of-world, using 3D apps such as 3DSMax, Maya or the free Blender or Sketchup (and many more, the app chosen needs to be able to export in the 3D standard, Collada format). However, uploading content into Blue Mars is limited, in that only City Owners, Block Owners, Store owners and tenants of residencies can upload (in other words, only visitors cannot upload. All tenants can, which means their CC has already been debited at least once, for rent). All content uploaded into Blue Mars is registered.

Avatar Reality have stated quite clearly that they will take content copying/stealing very seriously, and will not be passive in this regard. A very different approach again to LL.

If you do not wish to rent either a store or a residence in Blue Mars you can still have your content sold in there, as many City, Block, and store Owners are planning to offer such a service to non-residents.

The economy in Blue Mars will be much like SL, with RL currency being used to purchase inworld currency (the BLU), and that will be exchangeable both in and out.

Rock

the title of this thread would be a great rock group name.

Dave Barry? Is it really you?

I keep reading it as "the thieves' motherboard".

Argent, I'm just not clear anymore what you're advocating as a solution. It's not as if LL can make universal verification possible by the investment of a few million US$s; there have been companies much larger than LL working in concert (more or less) on that problem for years without a perfect solution. Probably you've stated what you propose before, but I'm pretty sure I must be misremembering it.

A solution to what, identity verification? My point here is the same as yours. Linden Lab is no better able to provide identification services now than they were in 2006. Any proposal requiring verification has to deal with that. If there are a significant number of people in SL who can not transfer content within SL that will (a) fundamentally change the nature of SL for the worse, and (b) create an incentive for people to start transferring content, routinely AND LEGITIMATELY, outside SL.

There are approaches that can help. I have proposed a number of them in the past... from being more proactive when someone tells them about permission exploits, and specific instances of violations, through improving the transaction audit trail in SL so they can automatically blacklist "every object created by $user that has been owned by $crook".

For cases where content is actually ripped and recreated they should be able to blacklist it fairly quickly after a report even without that kind of auditing.

The problem really doesn't seem to me to be a matter of technical difficulty asmuch as a lack of will.

/me looks at the checklist:
* don't live in the US - check
* signed up when payment info was required - check
* had no problems with registration - check

Maybe if you're living on the north pole it might be difficult to get things like a bank account and/or a credit card but that's just not the case for the majority of the population of international countries that are in SL. Nor was it true in 2006.

Leaving the odd exception aside people who don't verify do so because they *don't want* to verify, not because they can't.

Don't expect me to prove what Linden Lab told us. Identity verification on a large scale was too hard for them. Whether they are correct or they simply don't have the will to solve the problem, the result is the same.

The 'Lawful Presence' part should mean 'that I live in Colorado legally'. How does a 10-yr old passport in any way prove that I legitimately should get a Colorado drivers license? I could live in another state now for all they know. Apparently they don't really care about that part anymore.

The biggest down I see for LL, is what RL business is going to want to come to SL if it has been determined by the courts that LL does not have any responsible for the virtual goods?

Simple..the Corporates will wave big money in front of LL and demand they become responsible, or at least come up with some sort of real vetting system. LL will of course do as their masters wish, and content creation will be locked down to where only "Approved" people will have that privilege. The corps will dictate who makes what in SL.

It's possible that LL believed (and still does) that SL would turn out completely different from the way it has.

If you look at the web then no company is not going to have an online presence simply because even a child can use a site ripper to copy everything it put out online. It also wouldn't even matter if someone did or not, and certainly noone is ever going to yell at their ISP for allowing it to happen.

If SL had turned out to be the virtual world/3D equivalent of the www then we probably wouldn't be worrying about content theft all that much: someone can copybot the forum cartel hangout but other than the principle of the thing, who would really care and would it do any kind of damage? The hangout is what it is because of its community and in a primarily community or service driven environment the thing that matters most isn't something that can be copied.

As a completely wild guess the ability to sell passes to your land fits the community/service driven model as well and that may be why we have it in the first place. Allowing people without payment information to sign up also makes perfect sense in that model because you're not expecting those users to ever turn into customers, but they will go visit your customer's parcels/sims and that keeps them happy and they keep coughing up $295/month for a fancy 3D website.

But instead SL evolved into something that's primarily content-driven with the vast majority of peoples relying on the sales of inherently copiable goods rather than something more intangible. And they still may not be able to figure out how to deal with it; or they may not want to deal with it and blindly keep ignoring the issues since for what they have in mind a content-driven SL isn't important anyway.

?? RL businesses are not coming to SL to trade in virtual goods. They are coming to hold meetings and train people. The corporations will do so on sims with public access turned off and a very limited group with build permissions; schools will continue to agitate for a safer grid - IP is really not their issue either; even Ivy League schools nowadays are putting course materials online with almost unlimited public access.

I think from the viewpoint of most RL corporations, the materials they put in SL will be treated the same as those they have everywhere else on the web. If they plan a meeting where truly confidential 3D materials are shared, many will prefer to do so on a server they themselves host, within their firewalls.

3D stuff that corporations put out for general access will be protected by TM and copyright, and corporations will resign themselves to a certain amount of misuse, as on the web. LL already has in place policies similar to those of other service providers, so no big deal from the corporate POV.

The people being hurt by content theft are inworld businesses in the entertainment market segment. That is why LL turns a cold shoulder - I think THEY think there will always be more where those came from.

You should read or reread the Zindra discussion threads - a lot of people do not have a credit card, can't get one, and/or live in a place where giving the sort of info LL asked for with Aristotle is illegal.

QFT

That's the argument; until you ask someone to actually name a country where it's impossible to get a bank account and/or credit card and that has a signficant percentage of SL residents.

Yeah, I keep doing a doubletake with the title, too. I think it's the misspelling that's throwing me off.

It's spelled "motherlode"... "motherload" suggests something waaaaay entirely different!

Then Linden Lab should have no objection to requiring verification from all users.

But they do.

You're confusing what they can potentially do with what they have the will to do.