Collecting information about your computer?

Hardware Identification
The Privacy Policy now points out that if you install Second Life software we'll be collecting information about your computer. The point here is to allow us to verify a unique identity and therefore better contain griefing by multiple accounts from one system. This information will not be available to non-Linden employees, and will only be available to Linden employees in an encrypted ("hashed" format.



I dont see the problem on this...... on client installation, it creates a unique id code, which when you log in, informs the Lindens say an account logging from machine jbo6778tgyr6857ddyugv or whatever is involved in greifing....
so, that person gets banned, and other accounts emenating from that machine will be blocked.
I can't see persistant griefers buying a new pc for each griefing escapade they want to carry out.
Same i assume would go for a machine w a minor account on the main grid, or an adult on the teen.


This rocks.

LL could announce that they're sending all of us a free toaster and some people would still invent a reason to freak out about it.

I don't have a problem with them collecting info about my PC. I do have a problem with them desplaying info about if i put a credit card or bank info in for public to see. That is not good at all.

I could use a new toaster. And I would be most appreciative if LL sent me one.

Haven't you got your toaster yet chip?
Its a beauty, 4 slots, variable width, and 1950s style chrome finish.

And please allow me to point out something:

If you have the technical knowledge, you have steal data from people any day of the week. If a true 'cracker jack' hacker decides he wants to know who you are, where you bank, how to get your money...

They will get it. Period.

So sorry to make you feel uncomfortable, but think on this:

You can be mugged at any time. So why are most people never mugged?

Numbers. Millions and billions of potential victims. Far less muggers. The distance between these numbers get's even wider when considering the number of technically trained people who really care about you at all.

If a person wants credit card data, he's going to hack ALL of LL and take a chunk of the CC data. The displayed info will not mean a thing, since they work on the basis of stealing vast stores of such data and using it.

It's just not the way it works, people.

Just to clarify:

Hardware hashes do NOT store anything in them that anyone has to worry about. So, privacy advocates should have far less fear about them than about LL having your payment details on-file. If they do a hardware hash the way it is done with most other identification systems, there is absolutely NO information that anyone, including LL, can glean from it.

Here's a simplistic description of how it works:

1) The client requests the MAC addresses from one or more of your network interfaces, most likely your main one, which is usually an Ethernet card.
2) It requests the Volume Serial Number of one or more of your hard drives. The VSN is generated when your drive was formatted and the operating system installed.
3) It may also request other "hardware" serial numbers or data (which is most often supplied by the registry).

All of these pieces of data are taken as numbers, regardless of whether or not the information is readable as text. Then, the client "hashes" the numbers together into a fixed-size number that is usually fairly large so as to make it highly probable that it is unique. The most basic form of hashing is just adding or multiplying the numbers together, but any simple or complex combinatorial function (like MD5 or SHA-1/2) can be used.

For example (these numbers are not representative for the purposes of illustration; in reality, the numbers are MUCH bigger, but much harder to exemplify):

MAC address = 17
VSN of C: = 42
Memory size = 6

If we use a multiply as our hashing function, then we end up with:

Hash = 17 x 42 x 6 = 4284

Even with an operation as simple as a multiply, you can see that there is little info that can be gleaned from the resultant hash value. As you can see, there is no concern over privacy issues here. The only question becomes one of whether or not the selection of input data to the hashing function is resistant to being changed or spoofed. If any one of the pieces of data is changed even in the slightest, then it can radically change the final hash value, and therefore render its use as an identification tool completely moot.

That is the real issue, since there are very few (if any) pieces of information of this kind which cannot be altered or spoofed with ease. It amounts to providing a false sense of security, which is often worse than not having it at all.

that does make alot of sense explaned that way

You gotta toaster? OMGFIC! (Feted In Crumbs)

Yes, but you are missing the point. It doesn't take a whole lot of effort or knowledge to foil hardware hash algorithms. Seriously. Considering the amount of time it will be from account creation to banishment, the small extra step of running a spoofer program in the few minutes after getting banned and before creating your next freebie account is not even a bump-in-the-carpet deterrent to any griefer with any small amount of determination.

Systems like PunkBuster work better because they have active programs cosntantly watching your computer for cheats, hacks, spoofs, etc, yet they are only partially effective at stopping abuse, cheating, and griefing.

I refuse to participate in such a crass display of muffin discrimination!

I refuse to be tricked into making jokes about oral sex.

Aha! See? This new policy is already having unintended adverse effects.

Your verified status has nothing to do with the hardware profile, they are two completely different concepts for two different purposes. The only time your hardware profile comes into play is if you are banned - it is one of the methods they are using to prevent access to SL. The verification status has to do with whether or not there billing info on your account - you changing hardware has no bearing on that.

Yep, I understand that now. Thanks for the clarification.

I do not have any real issue with the mapping of a Game Client Install to a Number, if that is really all they are doing. Collecting certain Machine info is the norm in most software you use today, only the degree of what is collected is a point of contention.
I saw Microsoft mentioned in an earlier post; theirs is much more invasive than what LL is proposing.

System configuration changes are the real question to this new LL plan.
Will simple upgrades or hardware changes lock you out if only one or two of the polled items changed, or will the profile update?
How dynamic will this mapping process be?
If it does update where will it be stored, the asset servers and databases have issues all of the time now.
Is the polling now going to lag the internal network during high login times?
Will this polling system be active all the time upon boot (like many copy protection systems can be) or will it be a run once and only submit info to LL after a change?
When the game client is uninstalled will this polling system be uninstalled as well?
Many types of Copy Protection and Polling software require separate uninstallation after the main software is removed.

Has LL actually tested this to make sure it only runs when it is supposed to and checked it for compatibility issues with other software? I mean let’s be real, LL isn’t exactly the best at making things right the first time or the second, third, fourth, etc….

If it works as intended (though how it is intended to work still seems to be a bit in the gray area) it would be a good first step into curbing grievers, which is certainly new territory for LL.


The Profile additions would be laughable if they were not serious about implementing these changes. I have to question the mentality behind a decision like that.
Society as a whole proves discrimination on several levels takes almost nothing to initiate, why would you provide the first spark to bring that BS to the game in a LL approved manner?
Of course this may just be a way to get people to use LindenX. Imagine that a decision guided by greed.
Beyond those two points this Profile change serves absolutely no purpose beyond making some people undesirables.

I do not understand what some of you at LL are thinking when you green light development of moronic ideas like these? That is a question I would like to see you answer.

AHEM, Mag do you not realize that your bank has your SSN, birthday and ALL your various account and credit card numbers in there database and many and I mean many bank employees take that home and most of the time it isnt encrypted. So I ask you this do you not trust your bank, would you post a negative remark on your banks website?

.

Most likely they already have that information included in the account.

I know for a fact Battlefield 2 uses hardware ID & there are people playing at work & at home on the same account using 2 different computers, so it should be fine.

lol what about us that use multiple computers? i at home have 4 computers, and my laptop that can all run sl plus when i'm too lazy to bring my laptop to a friends place and i want to login to sl for a brief moment i use there pc...how good you think that will look when on a near daily basis its a different pc logging in i soo hope they accuse me of hacking...would be fun to laugh in there face as i'm blasting them on the phone

This has been addressed 4 or 5 times in the thread already. The client is free to download. you can install and run it on as many machines as you want.

The ONLY use of the hash key is to identify and ban the machine from which someone is griefing.

It's not use to authenticate your account or anything.

Wendel

I'm not seeing what the complaint is about the 3 classes. I bet that if new players in the third class are nice, polite, and act like true newbies, most long term players won't have a bit of doubt about making them feel welcome.

Of course, new third class players who are a day old, expensive skins, shapes, flex hair and AO who claim to know nothing about SL may not be given the same courtesy. But that's just my hunch. .

Holy crap. How many channels does that thing get?

This is like being at work with people telling me they won't give me their password as then I can change their password and then not accepting that I can not only change their password without knowing what it is, I can blacklist them so they can never ever darken our door again if they misbehave ... meh ... meh ... unique identifier, encrypted ... meh meh meh ... griefers getting fried? yes yes yes!