Third Party Viewer Policy coming soon

Uhh, I don't connect using the same IP every day, if I am lucky. All I have to do to get a vastly different IP from their rather large-ish address pools is to sneeze hard (aka, power cycle my router, or log into it via web browser and click the "Reconnect" button). <.<

Granted, not everyone has as easy a time changing their IPs, but most of the ones I or my friends/family/customers have been on, cable or DSL, it has been pretty easy to do. Almost no ISPs of any size use retained leases.

This is where even ineffective locks help because the more rules you can prove they broke, regardless of how easy they were to break the more legal clout if you have to charge them. And they can't try return legal action for banning them on the premise they did nothing wrong because LL allow any viewer to connect.

If you have a broken door/window lock to show the cops thenit certainly makes a break & entry charge a lot easier to stick, there's also the possibility that inconvienences like having to break a lock might cause the theif to leave fingerprints or other evidence at the scene too identifying them.

I'm not sure how greylisting and honeypots could be applied to connecting to the grid with an evil viewer using someone else's RN.

Greylisting is decent for spam (though it has issues of turning into bounce-spam). Honeypots are good for when someone is searching around for an open system, but that's not the case here. They're only targeting SL.

The honeypots are in the registration database. If they're cycling through all the IDs, they'll hit the ones you put up as bait. You block the IPs that show up using those IDs.

What about people in places outside the jurisdiction of such laws?

Yes, I already pointed out that plan won't help.

Well, I wasn't talking about them using a comprehensive dictionary provided by LL, but simply sucking the RNs out of currently-available viewers (ones that are available for the public to download and use) and making their own list of "legitimate" viewers. How would honeypots help against that?

Viewer A is legitimate and identifies itself as "Viewer A".
Viewer B is malicious and identifies itself as "Viewer A".

You're proposing to IP/perma ban anyone using Viewer B for pretending to be Viewer A if I understood it?

Which leaves the original problem: telling Viewer B apart from Viewer A.

Why wounldn't it help to some degree?
I haven't tried fully but I have no doubt if I wanted to I could spend a day learning how to compile a viewer and then find a way to spoof it to pretend to be another viewer.

But if I had to somehow regularly get a copy of the login file from LL, RealXtend, Nickolaz or the Emerald viewer developers, I suspect that would be a lot harder for me to acheive. and hence you would keep lower skilled people like me completely out of the race.

If I decided I really wanted to develop a viewer I would simply submit all my RL details to LL and register as a developer. There's also the possibility you wouldn't need that login to connect to the beta grid or a standalone so interested people could have a play with compiling viewers or just doing features for others to include.

That's not the problem. The problem is having a big enough stick to hit people who distribute ripped content with. Once you catch them doing that, you do traffic analysis (this can be automated) to see where they did it.

The guys who run cracks and cheats aren't the guys who create them. The guy who digs out the key and installs it in his ripper is installing a screen door next to the one you're trying to lock.

The legal line angle is something they should have been taking from the beginning; the first act being to reverse the "unverified accounts" floodgates of 6/6/6. Free, yes. Unverified, no.



Is it possible to separate them? Yes. Would it effectively prevent making an SL connectible viewer without it? No. If there are compiled viewers out there connecting to the SL grid, they have all the information in them needed to connect, and anyone with a modest amount of Reverse Engineering experience can extract/recover the necessary information to make their own viewer connect as that viewer.

Would it raise the bar enough to matter? or, better yet, would it do more of what Argent's suggestions are based on and set up "legal traps" for people to get caught when they violate the rules? Possibly. However, its "effectiveness" is still in doubt because legal issues themselves aren't much of a deterrent to a lot of people, unless enforcement is severe and regular. Think in terms of speed laws. Enforcement is frequent, and can be severe, yet people still speed all the time, some even dangerously so.



I appreciate the contrition, but no one is sporting a "can't do it" attitude. If anything, it is a "can't do it THIS way", or "SHOULDN'T do it THIS way, because" attitude. You're not being annoying, but mischaracterizing others' arguments as being something they aren't isn't helping make your case.



..and no one is suggesting anyone, let alone LL, stop trying. No one here wants to support the pirates. No one wants to support IP infringement. The point is that the considerations are a lot greater than even this small group of people in this puny little virtual world CAN muse over. This argument/discussion is not in any way unique to Second Life or even virtual worlds in general.

Well maybe we could start with really simple stuff like Viewer A reports back to the server it's exe size is 18852kb in size as registered by the creator.

Viewer B pretending to be Viewer A reports back it's size as 19384kb. "Houston we have a problem"

Of course a determined theif could muck around and delete some code to get it down to size, but that's more work for them and they are limited in the features they could add.
The, I suppose they might delete big features like shadow code and then add padding files of text or something. But no one said we couldn't make it harder for them, by any small degree, it certainly wouldn't make things any harder for legit developers.

Maybe this is too simple, there's probably a better way, the important thing is a "how can it be done" atitude rather than a "can't be done"

The difference is at the moment you don't need the guys who rip the keys out at all, because none of the screen doors or house doors have locks. They are only equiped with "do not come in and steal my stuff" signs.

Yeah, but you don't need a viewer RN system to do that.

Would it help? I suppose anything they could do along the lines of identifying illicit activities and individuals would help them to track it down, much the same as us asking for more object metadata to do the same would help us help them track it down.

The issue is that I don't want to be a registered viewer maker and have all my users knocked offline because some bastard decided to forge my viewer's ID and go on a copying spree. Which, knowing LL, would be the result.

Ultimately, we keep coming back to the real crux of the problem: LL has to improve itself and its handling of the issues via policy, meta-information, training, and enforcement, both proactive AND reactive.

Technology can assist with that, but it won't solve it by itself.

The other problem is identifying exactly who to hit with the stick and whether the stick can actually reach them in some villiage in middle of Heckoslvania.
No one approach will solve the problem, multiple approaches are needed so the criminals have to jump through multiple hoops to acheive their goals and break as many legal rules as possible to do so.

Or they could add a routine that lies when queried about the file size.

Linden Lab might be better served actually enforcing TOS violations by content thieves than trying clever viewer tricks.

Answer these three questions:
1) How much do you weigh in RL?
2) Are you telling me the truth?
3) How can I be sure?



Do you have to add or remove pounds to/from your body in order for you to lie to me that your weight is anything other than what it really is? If you can't answer question #3 above in a believable way, how can you expect this kind of scheme to work?



No, it simply "doesn't work".

Free lesson about Client/Server security:

Rule #1: The Client is in the hands of the infidels. NEVER trust the Client.

No.. You're still missing it..

The thief just has to look at whatever viewer A is reporting and parrot it. How does the server tell the difference between something that's measuring its size and something that's just spouting some number?

Assuming they had a current uncompiled copy of the login file stolen from a developer, but I suspect there are other encryption ways of doing this too, none of them perfect but if you could keep lower level people even 50% out of the fake viewer creation loop, it would be certainly better than the current free for all.

Relying 100% on just TOS and the legal system to protect you is like saying "I don't need locks on my car because the court system and moral values will prevent it being stolen"

You need the guys who build the rippers. They're the same people. They're installing the same screen door.

It only takes one person to crack the code and distrubite a new BadViewer and you're back to keeping 0% out..

edit: in cased you missed it, that's what Cory was talking about. The neverending arms race that doesn't end up helping..

So everyone capable of compiling a viewer would have the skills to do this? I don't think so.

/me sighs.

Do all the Emerald users have to compile Emerald?

You still don't get it, Tegg...

Viewer B would just report whatever the correct answer is and the login server doesn't have the slightest idea that something is amiss and there is no possible way for you to hide what the correct answer would be because it's stored right there (be it in code form or data) on your own computer.