Second Life Forums Archive - What about detection of Bots

Feras Nolan

Registered User

Join date: 30 Mar 2006

Posts: 141

11-17-2006 00:02

I always hear from people "LL can't you then stop this Copybot", and the answer is always "No there is no way to stop it". Fine, but, if there would be a detection system server side for botting and other abnormal activities client side, that would actually help find perhaps not all, but quite a good number of the abusers, to have copies removed and accounts banned, and would give then content creators some security back. Like it works in a lot of online games out there that have hack/cheat detection.

I cant think that there isnt a way to watch on clients activity and see if it may be a bot.

Already the fact that there is the need for now to log in with the bot and the own account in the same Sim in order to steal things, is a good start point for detection. Two clients, same IP.

LL owns the database and it is the database informations flow to the client that is abused to get copies, and is the database that gets the input from the bot to make new items, so you own it, you should try to protect it.

You cant seriously think that content creators can find stolen items inworld, there can be one million copies around but all in inventories not rezzed.

If you avoid completely the arm race with abusers, its like releasing a software that has no security but works with real money. IF you want that, then do so, but you have then the onus to tell in your web sites and TOS text, that you do "recognizes Residents' right to retain full intellectual property protection for the digital content they create in Second Life", but that there is no working system from your side to fight theft.

Either fight against theft or warn new and old users that you arent fighting it. Otherwise you are doing deceptive advertising.

Robin Linden

Linden Lifer

Join date: 25 Nov 2002

Posts: 1,224

11-18-2006 14:13

I'm not seeing a question here, but the discussion regarding different ways to deal with bots might be an interesting one for the tech board.

_____________________

Szegey Oxberger

Registered User

Join date: 3 Feb 2006

Posts: 25

11-18-2006 14:36

From: Feras Nolan

Two clients, same IP.

You could start with that, but I think you'll find many avatars with identical IPs. Internet Cafes, friends sharing a connection ...

Kyrah Abattoir

cruelty delight

Join date: 4 Jun 2004

Posts: 2,786

11-18-2006 16:45

how many time is it needed to say that there are NO technical solution to solve this

_____________________

tired of XStreetSL? try those!
apez http://tinyurl.com/yfm9d5b
metalife http://tinyurl.com/yzm3yvw
metaverse exchange http://tinyurl.com/yzh7j4a
slapt http://tinyurl.com/yfqah9u

Feras Nolan

Registered User

Join date: 30 Mar 2006

Posts: 141

11-19-2006 01:06

From: Kyrah Abattoir

how many time is it needed to say that there are NO technical solution to solve this

Are you qualified to say this?

_____________________

Kyrah Abattoir

cruelty delight

Join date: 4 Jun 2004

Posts: 2,786

11-19-2006 05:28

trust me i have enough understanding of client/server systems to state this.

_____________________

tired of XStreetSL? try those!
apez http://tinyurl.com/yfm9d5b
metalife http://tinyurl.com/yzm3yvw
metaverse exchange http://tinyurl.com/yzh7j4a
slapt http://tinyurl.com/yfqah9u

Gwaland Golem

Registered User

Join date: 1 Nov 2005

Posts: 9

11-19-2006 05:55

From: Kyrah Abattoir

trust me i have enough understanding of client/server systems to state this.

Bah. There are always solutions. Just not ones people tend to like.

Require a doubley encrypted key with a randomly generated challenge and response for the official client otherwise the log in is tagged as a bot.

This allows the bot to be monitored but still allowed legitimate use of libsl which the lindens want to support.

Kalel Venkman

Citizen

Join date: 10 Mar 2006

Posts: 587

11-19-2006 15:36

From: Gwaland Golem

Bah. There are always solutions. Just not ones people tend to like.

Require a doubley encrypted key with a randomly generated challenge and response for the official client otherwise the log in is tagged as a bot.

This allows the bot to be monitored but still allowed legitimate use of libsl which the lindens want to support.

Until somebody figures out how to code the challenge response for the LIBSL client, which would take about a day.

Yes, there are always solutions. But none of them can withstand the onslaught of thousands of bored programmers. It is better to fight battles you can win instead of tilting at windmills.

Jopsy Pendragon

Perpetual Outsider

Join date: 15 Jan 2004

Posts: 1,906

11-19-2006 15:46

From: Gwaland Golem

Bah. There are always solutions. Just not ones people tend to like.

Because most solutions people come up usually introduce problems that will affect legitimate users.

pub/private keys, double encryption... Anything done by the client can be reproduced in LibSL later, or more likely, sooner.

Feras Nolan

Registered User

Join date: 30 Mar 2006

Posts: 141

11-20-2006 01:00

Ok then, lets just remove unverifieds.

_____________________

Jopsy Pendragon

Perpetual Outsider

Join date: 15 Jan 2004

Posts: 1,906

11-20-2006 01:19

From: Feras Nolan

Ok then, lets just remove unverifieds.

I'm not betting on that happening anytime soon.

Strife Onizuka

Moonchild

Join date: 3 Mar 2004

Posts: 5,887

11-20-2006 05:13

I vouch for Kyrah Abattoir being qualified to make those statements.

_____________________

Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river.
- Cyril Connolly

Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence.
- James Nachtwey

What about detection of Bots
Feras Nolan Registered User Join date: 30 Mar 2006 Posts: 141	11-17-2006 00:02 I always hear from people "LL can't you then stop this Copybot", and the answer is always "No there is no way to stop it". Fine, but, if there would be a detection system server side for botting and other abnormal activities client side, that would actually help find perhaps not all, but quite a good number of the abusers, to have copies removed and accounts banned, and would give then content creators some security back. Like it works in a lot of online games out there that have hack/cheat detection. I cant think that there isnt a way to watch on clients activity and see if it may be a bot. Already the fact that there is the need for now to log in with the bot and the own account in the same Sim in order to steal things, is a good start point for detection. Two clients, same IP. LL owns the database and it is the database informations flow to the client that is abused to get copies, and is the database that gets the input from the bot to make new items, so you own it, you should try to protect it. You cant seriously think that content creators can find stolen items inworld, there can be one million copies around but all in inventories not rezzed. If you avoid completely the arm race with abusers, its like releasing a software that has no security but works with real money. IF you want that, then do so, but you have then the onus to tell in your web sites and TOS text, that you do "recognizes Residents' right to retain full intellectual property protection for the digital content they create in Second Life", but that there is no working system from your side to fight theft. Either fight against theft or warn new and old users that you arent fighting it. Otherwise you are doing deceptive advertising.
Robin Linden Linden Lifer Join date: 25 Nov 2002 Posts: 1,224	11-18-2006 14:13 I'm not seeing a question here, but the discussion regarding different ways to deal with bots might be an interesting one for the tech board. _____________________
Szegey Oxberger Registered User Join date: 3 Feb 2006 Posts: 25	11-18-2006 14:36 From: Feras Nolan Two clients, same IP. You could start with that, but I think you'll find many avatars with identical IPs. Internet Cafes, friends sharing a connection ...
Kyrah Abattoir cruelty delight Join date: 4 Jun 2004 Posts: 2,786	11-18-2006 16:45 how many time is it needed to say that there are NO technical solution to solve this _____________________ tired of XStreetSL? try those! apez http://tinyurl.com/yfm9d5b metalife http://tinyurl.com/yzm3yvw metaverse exchange http://tinyurl.com/yzh7j4a slapt http://tinyurl.com/yfqah9u
Feras Nolan Registered User Join date: 30 Mar 2006 Posts: 141	11-19-2006 01:06 From: Kyrah Abattoir how many time is it needed to say that there are NO technical solution to solve this Are you qualified to say this? _____________________
Kyrah Abattoir cruelty delight Join date: 4 Jun 2004 Posts: 2,786	11-19-2006 05:28 trust me i have enough understanding of client/server systems to state this. _____________________ tired of XStreetSL? try those! apez http://tinyurl.com/yfm9d5b metalife http://tinyurl.com/yzm3yvw metaverse exchange http://tinyurl.com/yzh7j4a slapt http://tinyurl.com/yfqah9u
Gwaland Golem Registered User Join date: 1 Nov 2005 Posts: 9	11-19-2006 05:55 From: Kyrah Abattoir trust me i have enough understanding of client/server systems to state this. Bah. There are always solutions. Just not ones people tend to like. Require a doubley encrypted key with a randomly generated challenge and response for the official client otherwise the log in is tagged as a bot. This allows the bot to be monitored but still allowed legitimate use of libsl which the lindens want to support.
Kalel Venkman Citizen Join date: 10 Mar 2006 Posts: 587	11-19-2006 15:36 From: Gwaland Golem Bah. There are always solutions. Just not ones people tend to like. Require a doubley encrypted key with a randomly generated challenge and response for the official client otherwise the log in is tagged as a bot. This allows the bot to be monitored but still allowed legitimate use of libsl which the lindens want to support. Until somebody figures out how to code the challenge response for the LIBSL client, which would take about a day. Yes, there are always solutions. But none of them can withstand the onslaught of thousands of bored programmers. It is better to fight battles you can win instead of tilting at windmills.
Jopsy Pendragon Perpetual Outsider Join date: 15 Jan 2004 Posts: 1,906	11-19-2006 15:46 From: Gwaland Golem Bah. There are always solutions. Just not ones people tend to like. Because most solutions people come up usually introduce problems that will affect legitimate users. pub/private keys, double encryption... Anything done by the client can be reproduced in LibSL later, or more likely, sooner.
Feras Nolan Registered User Join date: 30 Mar 2006 Posts: 141	11-20-2006 01:00 Ok then, lets just remove unverifieds. _____________________
Jopsy Pendragon Perpetual Outsider Join date: 15 Jan 2004 Posts: 1,906	11-20-2006 01:19 From: Feras Nolan Ok then, lets just remove unverifieds. I'm not betting on that happening anytime soon.
Strife Onizuka Moonchild Join date: 3 Mar 2004 Posts: 5,887	11-20-2006 05:13 I vouch for Kyrah Abattoir being qualified to make those statements. _____________________ Truth is a river that is always splitting up into arms that reunite. Islanded between the arms, the inhabitants argue for a lifetime as to which is the main river. - Cyril Connolly Without the political will to find common ground, the continual friction of tactic and counter tactic, only creates suspicion and hatred and vengeance, and perpetuates the cycle of violence. - James Nachtwey

Welcome to the Second Life Forums Archive

What about detection of Bots