More on using a MAC address for hardware ID

Some more thoughts on using a MAC address for hardware ID.

It appears, from what some people have posted, that the new SL client sends a hashed version of the MAC address of the system that the SL client is running on back to Linden Labs, as an identifying point. For now, I will have to assume it does not.

Very well. That does circumvent one easy way of spoofing the MAC address as hardware ID, as it overcomes the issue of trying to passively sense the MAC address from LL's end, and detecting the household router or a proxy application instead.

But it still allows someone to swap out their network card as a means of changing their MAC address.

So, it seems to me, they need to consider two factors:

If an account is banished by LL, then while that banishment is in effect, ALL MAC addreses that a user attempts to log on from with a banished account should get locked out. At the same time, any locked out systems should remain locked out to all other accounts, unless LL specificly allows an override. (For example to let mom and dad back on after their teenager screws up big time). And if other accounts are used from a locked out system, they ought to get tagged for investigation, and preferably auto-locked.

But there remains another hole. The actual creation of a new account need have nothing to do with the SL client software. That is most often done with a web browser, and could be done from a completely different system. And those accounts could be used anywhere. (Even back on the banned player's system, if banning his system doesn't also lock out all other users of that hardware.)

So, what is to prevent banned player "Joe Griefer" from walking to a friend's house, creating one or more new, unverified and untracable alts, and continuing to make mayhem?

What's to prevent him from slipping a new network card in his home system (the one you banned by MAC Address), and continuing to make trouble with other alts?

Nothing, as far as I can see.

I don't know if the new client manages to detect and send anything else, like a CPU board serial number, but hopefully it does. If it does, then perhaps your servers could detect that a system has all the other characteristics of the banned system, except for the MAC address changing, and will be able to act accordingly and assume they swapped out the network card.

Hi Ceera, glad you asked!

This is a really relevant issue:



I'll clarify that MAC address is *one* of the means we use to identify an account. However, it's not the only method (common IP is also used)--and more are being developed. I can't go into details about it, I'm afraid, but we do currently utilize a combination. You're right in describing a possible means of circumvention, but like the old analogy of many styles of locks on a door, each one takes time and energy to break through.

More suggestions, for ongoing developments, are of course always welcome.

Furthermore, there's the social factor; one should not be surprised by griefers that come back and say explicitly that to a friend, out in the open: "hey bud itz me, [insert name here]. LINDEN TRIED TO BANN ME AND IM BAAAACK!" No matter how many technological tricks are used, simple and clear evidence.

There are often other identifying social spots too. Sometimes friends turn their "griefer pals" in, because hey, if I'm paying for SL and my computer got locked out because a "friend" of mine was being a jerk on it, I'm not letting him near anymore!

We have many Liaisons on the frontline who've brought up these very issues involving actual cases, and hate "revolving door" griefing because it takes time and energy away from our honest, ethical, well-behaved Residents, of which there are many. They've been making many helpful suggestions in turn that will find their way into the future as things continue.