About CopyBot, CopyRight, and SecondLife...

First, this is my 'Resident Answer' to the entire copybot issue. If that does not make it good for this forum, feel free to move/delete it. <shrugs> It's still on my news page at SLDrama.com ...

First, I want to say I know emotions are running high on this issue. It's positively sparking on the SL forums, and for once, Inside of SL itself! Yes, folks: This has actually become the primary topic of conversation brought up in-world.

I would first like to point out some things about myself, as to explain why I even feel I can post on this issue with any authority whatsoever: I have and extensive history in programming, computers, networking, and all things that these items touch on. Am I a master of these dark arts?
Not at all. I do have enough knowledge of them to make highly accurate educated guesses as to the nature of new technologies and to predict how some things tend to move.

Ok, the fact is, CopyBot is just the symptom of the problem, but not the problem itself. What LL and others who understand the technology know is this: You cannot make a technological solution to this problem.

Period.

Ever.

All of the talk about encryption and securing the data does absolutely no good, due to the fact that at some point, you have to be able to see the data/image/3dmodel in an understandable form.

Can you understand what I'm saying? You encrypt data to PREVENT people from seeing it at all, not to keep them from using it in ways you don't want. If you give them the ability, in any way, to decrypt the data, then they can find a way to copy it. It's fact. Ask the music and movie companies right now. The only way they've found to fight it is to sue anyone they catch, and that's not even making a scratch in the problem. Web ripping, image theft, IDEA theft, it's all a part of a larger culteral problem.

And what if SL does encrypt the data, and find a way to stop things like copybot for now? Well, let's do the math:

If we have 1,000,000 people (I know, I know, can it for now and let's just go with the number), and a portion of them have technical knowledge, then here is the truth:

It only takes one knowledgeable people to make a new copybot that breaks whatever encryption SL puts on their system.

Oh, but you say, if he's the only one, then it's not that big a problem, right?

Wrong.

When he does this, he's GOING TO SHARE IT. Before LL can fix the situation, thousands of people may have access to an easy tool to rip data from SL. SL can re-encrypt with a new system, but that's just a matter of cracking the new one again. You still have all the stolen data to contend with.

And about LL policing SL for content: Impossible, even now. If only 1/1000 people have problems each day, and each linden only spends an average of 15 minutes helping each one (the are really low estimates, it would be much worse), then you would need 30 lindens full time just to keep up. The reality is that they would have to research each case to make sure of who was right and wrong. So just figure 2 hours (average) per case. That would be more reasonable to make sure of content control. That also means 240 lindens employed per million people playing. That's a salary budget of 6-10 million a year, for middle class income. That's kind of harsh.

Anyway, this is the numbers as I see them. Feel free to punch holes in my math, as I'm a programmer, not a statistics expert. Either way, I'm not seeing a lot of solutions. That does not surprise me, as better minds than mine have been looking for one for decades now.

But the final call on it? Well, the music industry is still chugging away making profit. Movie companies are not out of business yet. And I still develop websites, though half my ideas have been stolen at some point or another. Perhaps, just perhaps, this is not the deathkneel that people feel it is. Perhaps, we just need to deal with it, and move on.

How?

I guess we'll just have to trust our customers, and that they'll make the right decisions. On average, it's worked out in the past quite profitably. Well see if that still works in the months to come.

Then again, what do I know. I'm just a Fool.

Trusting our customers isn't the issue. Trusting people who are genuine, honest, and buy our creations for their own use isn't an issue.

It's the lowlife, cheating parasites who just want everything for free that is the issue. Yes, it's not just a problem limited to Second Life but a problem of human nature for some.

There are good people, and bad people, wherever you look. I guess if Linden Lab won't do anything about the problem, then we just have to hope tht what happens to people who do get caught using copybot is enough of a deterrent to those who haven't yet.

Lewis

Well, let's think about some of your points:

Seeing 3D data - yes the screen has to display a perspective drawing of 3D data, however, unlike textures, there is no need at all for anything outside SL client to have any idea what the underlying primatives are. Your NVidia card doesn't know about tortured toruses, it works at a much lower level.
So in principle, it is not correct that the anything outside LL code needs to know about 3D data. The LL code is translating their encoding of the prims into a form the video driver can display.

Encrypting the data is useless because it will eventually get cracked - There are two parts to this, first downloading the prim information from the server to the client, second, uploading the information back to the in-world copybot AV to recreate the objects. Both of these have to work so there are actually 2 places where things can be encrypted. The upload one is particularly interesting, because if you get it wrong, the server can notice that it's getting commands that are illegal and make note of it. There is no equivalent uploading done for music theft.

Also, unlike the case of music, LL controls 100% of all the players and updates their code on a regular basis. Sure, libSL could have a team of dedicated people reverse engineering each week's new encryption scheme each week, but why? All the existing copybot's sold would be worthless, so people would have to buy a new copy each week. If my suggestion for the server looking for bogus uploads were followed, it would also be a dangerous occupation, unless they were required to manually create all the prims by hand which I suspect would get old fast.

I also have 2 metacomments:

1. It's not necessary for LL to be perfect, just to give a reasonable attempt - Perfection is often the enemy of goodness.

2. Proof by assertion - e.g. anyone who doesn't agree with my statement is incompetent - is a very weak form of argument.

Even encryption of the upload, with regular changes, wouldn't be secure. There's a way in which a determined hacker could write a copybot that would work regardless of changes in the protocol. Obviously, I won't mention exactly what it is here, but it does exist.

The only really guaranteed way to accomplish protection would be for the server to send something other than the prim data to the client - something which could be used to render the prims, but which wouldn't be valid to submit as a build, and where it would be hard to calculate the prim settings from it. After all, that's the same protection we all face in-world - you can edit any object, and see each prim highlighted in blue, but you can't copy it if you don't have the skill to work out what prim settings result in that object, and a computer has a far harder time learning that skill than a human.

The problem with this is that the whole prim system was designed based on the idea that the server would send prims to the clients. That's the whole reason they're set the way they are - to minimise the traffic in the communication protocol. Changing this would be knocking out one of the fundamental cornerstones that SL was designed based on.

On the other hand, I can't quite agree with the original post. Music and video companies are still able to survive, but they've got too big differences. First, they can easily differentiate themselves. If you buy a CD from a big Virgin Megastore it's legal; if you buy it from a scruffy trader in an open market it's probably not legal. But in Second Life, the scruffy trader can build himself a Virgin Megastore, and ruin any attempt at that distinction. In fact, even more so: he can copy the Virgin Megastore!

Secondly, they can sue people more easily. If there's a single host, they can sue that host, through the ISP; if it's a filesharing network, everyone in the network is involved in redistribution. But on SL, getting the identities of the people involved is much harder, and because there's no distinctive connection between the copiers (the only link is that they were all connected to Second Life, but all the legal users were too). Any of them could have innocently picked up a copy of a legitimate item that was put out as a freebie by a pirate, and given that (as above) the person may have had no way of differentiating the expectations of an illegal and legal copy, it's unlikely they could be blamed.

Very well said, all should just start going out of the "we cant stop it, cause we cant stop it completely" thing. Monitoring "bogus uploads" like you said is it, what Linden Lab should AT LEAST TRY to do. Theft detection, not stopping the act of theft, but detect them and pursue them.

Steps to solving (or at least minimizing) the problem:

1) Force all unverified accounts to either become verified or be removed.
2) Enforce abuse by removing ALL accounts of a person who has abused these tools, griefed, etc. and not allowing new accounts.

It's that simple. It is not CopyBot, Griefers, LSL, etc. that is the issue. It is the issue that LL has made it so no one is accountable for their actions.

Now that DOES have a ring of truth to it. Problem is, they are wanting to use SL to make a browser/webserver like setting, which means the protocals are going to become open eventually. I'm not sure about how that's going to effect marketing in this medium, but It's going to make it harder, certainly.

And as to saying LL should not try to put forward effort, I never said that. I said the final math was that it 'could' not be stopped, not that LL 'should' not. I also have not dealt any 'Proof by assertion' claims. I am pointing out that groups with massive money, political power to have laws pushed through, and time to do so have failed to really slow down the illegal spread of copied media.

As to the situation, I'm in it with you. This latest attempt can't copy scripts, but at some point, somebody will figure out how to get past that as well (again).

Again, take what I'm saying with a grain of salt. This is what I see, not what everyone else may believe.

And as to LL not doing anything about it: They never said they were not going to do something about it. They in fact said, 'they're working on it'. I know they have a lot of frustration aimed at them right now, but the fact is, any real security is going to take who-knows how many changes to the SL code. None of us (but the SL coders) are really qualified to say how long that will take.

<sigh> Anyway, I guess the only thing we have to protect us is brandnaming to an avatar name right now. If the product does not have the name you trust on it in the creator slot, then...

Eh. I'm not even sure how many people look there. Anyway. I said I don't have a real solution. I mean it. I just know nobody has a tech solution that really works.

Unless you can encrypt and protect the data from asset server to the video/audio hardware (which is something TCPA wants to do), encryption or any obfuscation whatsoever is UTTERLY useless. It doesn't even raise the bar significantly. For the amount of effort put into making it happen, the RoI is of dubious value.

Look, the vast majority of residents aren't going to have the knowledge to make a CopyBot. Only a handful of them will be able to, and will actually do it. However, all it takes is for one in that group to give our their work and we're back at square one. Add godlike encryption or obfuscation to the mix, and you still don't change the number of people who can/will make a new CopyBot which gets around it, and they still will leak their work to the general public. What has changed? You've spent a LOT of effort (creating bugs and sapping performance) and for what net effect? Zilch. Nada. Nothing. Yes, your garden-variety user won't bother breaking it, but your garden-variety user is not the one who made CopyBot, either.

Last thing: CopyBot does not do ANYTHING you cannot do without it; it simply does it faster and more accurately. It doesn't break the permissions system, it gets around it the same way any resident can with time and patience by manually copying prims. Yes, it takes a trick or two to get the textures/anims/sounds, but it still can be done.

Bingo.

Give that man a sausage.

Only verified accounts are accountable for their actions. Everyone else is untraceable.

With the combined IQ, intelligence and education that Linden Lab possesses... why is this such a difficult concept for them to grasp?

Lewis

I couldn't agree more.

Unfortunately, every time a Linden is asked about such ideas, they categoricly refuse to support such options.

I would really like to see some numbers on what percentage of free, unverified, untracable accounts can be PROVEN to convert to paid-for, Information-on-file or Premium Accounts, for 1 week, 2 weeks, 1 month, and more than 1 month after making an untracable account. I'll bet it is a very small percentage, especially after the first 30 days. If they are willing and able to give LL their credit Card info later, to become "Payment Info on file", or Premium, why were they 'unable' to do it earlier. If it's just a matter of needing to be convinced LL is worth paying for, is insisting that they make up their mind within 30 days that bad?

Of the accounts that are still "No Payment Info on file", what percentage of them have an L$ balabce, and how did they get it, with no payment info? Transfer from an alt that has payment info on file? Well then, they can use that info to verify the untracable account as well, can't they? Frankly, if all they have as sources of income are the few things that one can do in LL with no initial skills and no money to pay for uploads, it's unlikely in the extreme that they can participate in a meaningful way in the SL econony.

I would say that they should insist that you have 30 days to either validate the unverified account, or lose it. Validating an unverified account should ALWAYS cost either the $9.95 USD fee for paid Basic, or a fee for Premium membership.

So, if some disadvantaged person from a non-US country, who somehow has access to a computer and network connection capable of playing SL but is yet incapable of coming up with an accepted means of payment wants to keep playing after 30 days? Well, they can just replace the cancelled account with a new one, and start from scratch, with zero L$ and no assets in inventory. If they have never bought any L$ in that month, it's not like they will be likely to loose much, now is it?

Providing verification details before you can even log in for the first time is a requirement of World of Warcraft... they have 7.5 million paying members, so it's obviously not a problem to them. Why it is to people who want to play SL I have no idea.

Lewis

Frost has a lot of good points. I tend to see it that way too now, after having calmed down and rethinking the issue. However, Truffle is right about the primitive data. The client doesn't need it. I can see that sending mesh data would require a higher bandwidth, but I believe LL could compress the data, reduce the polygon count for the data transfer and have the client add polygons to smooth the mesh again (shouldn't be any slower than converting prim data to mesh).

The client receives a lot of information it simply doesn't need. For example, attachments cloned with CopyBot even include the correct attachment points (otherwise they'd be rezzed on one's hand, the default point). Is that really needed? All the client needs to know is the absolute position of the linkset, or a position relative to the avatar. It doesn't need to know if a collar is attached to spine or chest. The client also doesn't need which prims are linked. Someone who clones a large linkset should end up with a lot of single primitives.

Another point is the texture UUID. The CopyBot would be next to useless if it wasn't that easy to retrieve UUIDs. What does the client need it for? The owner of full perm textures should be able to see them, no one else. The client only needs the raw image data. Of course, you could modify the CopyBot to save the image data as a JPEG, re-upload it automatically and apply it with the right texture coordinates, but an upload costs L$10. The typical thief steals because he doesn't want to pay. LL could increase the upload fees based on file size, in addition. All that would be possible even without encryption.


Obfuscation worked fine for SL, for several years; until LL gave LibSL the permission to re-engineer the client, against their TOS. Someone might have done it anyway sooner or later, but that's just like saying we don't need laws, because sooner or later someone is going to break them. Laws (and the threat of punishment) keep the majority of people from commiting crimes. Of course you can only enforce rules as long as the threat of a ban really is a threat, which is not the case with the open account registration.


Because the free account registration is part of Philip's plan for world domination seriously, I fear we will have to live with everything that brings forward Philip's "mission" of establishing SL as a world wide 3D web standard. That includes an easy and unverified signup procedure, open source development by LibSL, and RL corporations using SL for product placement.

Perhaps "the mission" also includes possible theft, since that will attract a huge number of users. Think of it this way: how many people see no sense in playing SL if they have to pay for content with RL money? Let's give them the tools to copy content just as easy as MP3s or DVD movies, and they will sign up in droves In fact, the CopyBot is a great advertising for SL. The information goes out and many people realize that they now a) can sign up for free and unverified, b) can copy every look they want, d) can't effectively get banned and c) there's no effective age verification.

That's another point: kids on the web. Do you think LL is really against that? They're rather against the SL sex industry, which scares off many potential investors as well as users. Sure, it also draws a huge amount of customers. But SL's adult content may be in the way of the glorified metaverse. Think of a ww3Dw, a world wide 3D web; I believe it's meant to be a place for everyone, where granny Smith can meet her grandchildren. Lord Sullivan found an interesting statement by Cory on that matter (http://www.nzone.com/object/nzone_s..._interview.html):The Sims is a topselling product (considering the complete product line, not only the online game). SL is not. There's a market for The Sims, LL can serve that market; it has even more to offer and is for free. LL wants SL to grow. It would be understandable for LL to have an eye on the lucrative market of Electronic Art's player base, but this target group will likely not be interested in a giant red light district.

I happened to read a quote lately: "Publications like the New York Times ignore the rank, semen-stained underbelly of Second Life, perhaps because so much of it is unprintable." That pretty much sums up the public view of SL, and the adult nature of SL is the reason I'm here. Should it change I have no reason to stay. Both my business and my leisure activities are based on the adult nature of SL. I won't turn vibrators into plowshares or build cars for Nissan, and I won't hide behind thick prim walls to play with my sub, aware that I could get banned for cybering (should it ever come to that). But I can see that SL's "semen-stained underbelly" keeps RL companies as well as potential residents away. That LL obviously doesn't plan to keep SL an adult platform with absolute freedom shows me that they have don't mind to change the nature of SL completely in order to accomplish their goals. Now, potential residents are also deterred by the costs of content. Hm. Maybe I'm just paranoid, but the way LL handled the whole affair by first saying "it's not always illegal, there's something like fair use" - aside of knowing of the issue for days and only reacting as it was out in the public - well, it makes me think.

Anyway, I have realized that I'll never be able to foresee their steps, that changes made are often against the interests of the current customer base and that no protest can keep LL from trying to achieve their goals at any price, even if some resident groups leave because they can't afford to stay or see no reason to stay anymore. Getting upset is only bad for my stomach ulcer, as I learned during the last days. So I will just sit back, try to stay calm and enjoy it while it lasts. I know now that the bad news just keep coming, because LL never reaches the point where they would have an insight and say: ok, the system works and is attractive for our target group, now let's just keep it running and keep the customers happy.

The client also runs animations. It has to animate the attachments moving in place when the appropriate part of the avatar moves, which means it needs to know where they're attached.



The client needs to know which prims are linked for llTargetOmega to work properly, amongst some other things.



The client uses a UUID for its cache.. if just the raw texture was sent, then it'd have to send the same texture over and over again for every surface nearby that used it, because it would have no way of telling the client "just use again the one I already sent you here". Well, it could have a way of doing that if it gave out texture IDs individually to every client, but that would take up a lot of space on the server, and they already lag a lot as you may have noticed

Repealing open registration has nothing to do with the copybot, or anything else of any signicance for that matter, but I do have to give some of you credit for fighting a lost cause.

Maybe, though, you could give it a rest? Many of us have had enough.

Well, tell ya what, Susie. Make some content, wait until someone on an unverified account makes copies of it, sells it, makes off with the cash, and then when you file your DMCA complaint and try to take them to court over it, the true magic of being unverified comes to light: YOU CANNOT TRACE THEM.

Basically, use of the DMCA against unverifieds is useless, because there is no tie to a real person there. Banning them is just as useless, since they can come right back with another alt, then another, then another, then another.... et cetera ad nauseum.

I know you support the unverified policy; you're a more-than-vocal proponent of it. That's fine. I am on the other side of the fence. Regardless, there are some issues concerning it which cannot be resolved in favor of the policy. This is one of those things.

It's unfortunate, but it is the truth; no amount of hand-wringing, gnashing of teeth, or sticking one's head in the sand is going to change it.

At least with payment system verification, you have the handle on a real, live person, so if they go bad on you, you CAN take them to court, or ban them and have them stay banned.

I agree with Foolish on this and I too have a programing background. Unlike Foolish, I have done extensive research into the formats that SL uses. How did I do this research? I hacked the client cache. I did my research in the early months of 2005, long before anyone was pulling apart the client to break permissions; LibSL was only in the minds of a few people at that time. The findings of my research have never been released, with the exception being my notes on LSL. I reported most of my research results to LL. I struck up a dialog about permission; It scared me. When companies are presented with research detailing their weaknesses, they have three options: A) do nothing, B) address them, C) sue the pants off the researcher. To paraphrase what LL said, they chose A. Their argument was, if we fix this, there are many other ways they can steal the asset; why bother? I have come to agree with them on this. I was only talking with them about cache security. I didn't believe they would do nothing, and they said they weren't going to address it. So I assumed I would be the first against the wall when the revolution came. I stopped my research and promised not to release it. This was 18 months ago.

As it turns out, LL has shown itself to be quite honorable. They said taking legal action wasn't the way they do business, and they have stuck to that. For that I am sorry I misjudged them (though if I had to make the choice again, i wouldn't change it).

So when it comes to the technical aspects, I am qualified. I am white hat. If my research had shown up, it would be more then just objects and textures being stolen (avatars too). If I were black hat, i would have made CopyBot much more insidious and harder to detect. On this topic I will not continue lest CopyBot adopts those techniques.

About the SL object format. SL objects are *small* a prim description is only a few hundred bytes. SL uses parametric mesh, move over, to decrease the bandwidth requirements of the parametric mesh, they equations are built into the client; they also strip any default values, further decreasing the bandwidth. Parametric mesh are the optimal format for streaming mesh. The only way LL could make their format better would be to compress them. Going to a non-parametric mesh system for streaming would result in mess sizes ballooning up at least 10 fold; and that is taking into account the best compression possible. This may not sound like a lot, but it would result in objects loading 10 times slower. Lag would be much more noticeable. This solution is impractical.

What CopyBot does in it's current incarnation, is automate the build tools. There isn't any way to protect against this as what ever technique the client would use with the build tools, then CopyBot would adopt. The people who built CopyBot have experience disassembling the client. Don't underestimate them.

Even with TCPA (better known as Trusted Computing), it wouldn't stop people from stealing assets in the way that CopyBot does. CopyBot doesn't steal the asset, it just duplicates it (cloning). Users have been cloning objects, by hand, for years. It takes a bit of practice but it's not difficult.

In both worlds, nothing is secure. Just because it hasn't happened yet doesn't mean it can't be done or that it won't be done. You can either cower in the corner, paralyzed by paranoia; or you can go out into the world with the understanding that it is out of your control.

No matter what it may seem, every castle is built of sand.

I have to agree on unverified accounts: bad idea.

Strife, the difference betwene what you did and What LL + LibSl have done is you didn't spread your discoveries all over the internet. LL knew about the vulnerabilities of the system (even if you hadn't told them, they would have had to been idiots not to know it could be done) and still helped a bunch of hackers reverse engineer SL.

It's the difference between knowing your front door lock can be picked, and knowing every person on the street has a skeleton key that will open your door.

If the LibSl project had not been publicly pushing their findings copybot would be a tool known only to one or two people, who need to be somewhat cautious in it's use to keep it secret. That's a risk, but it's a reasonable risk. LibSl's ultimate goal is a full featured open-source client that understands everything in SL, and therefore can steal anything in SL that the client knows about in some way. LL was very shortsighted in allowing LibSL permission to do their work, and is even more shortsighted know for standing by them instead of shutting them down.

My only thought on that one.... This world (rl and SL) needs alot more fools!

..for the rest of your posting... EXCELLENT! Thanks alot!

There are so many people posting ridiculous rants along the lines of stringing the creators of LibSL by their thumbs, when all they've done is point out the vulnerabilities of the system that were there all along. Security through obscurity is not security, and there are doubtless other programmer/hacker types out there who do not wear white hats who are in SL exploiting it even as we write these notes (though perhaps not today, considering the grid is down again).

The truth of the matter is that those who complain about texture theft or prim theft being a practical possibility and want ID stamps of some sort on every single scrap of content have either no idea that what they're thinking of is simply impossible because the system cannot store this information through the various permutations required to get it to the client's displays intact, or understand the basic processes but have no concept of what a tremendous computational requirement it would place on the already overloaded asset servers. Most of these "fixes" would render SL unusable, or place so many constraints on people trying to build content that little or no content would actually be created.

So thanks for your post, it was really a breath of fresh air.

Unverified accounts are clearly part of LL's long term plan. If they want to be more like the web where hosts pay and visitors are free... I just don't see any amount of ranting ever changing their mind.

I have no problem with unverified accounts, I like the fact that the doors are open to anyone curious and interested in trying out SecondLife. I believe it is the single most effective thing LL has done to recruit residents that end up becoming paying customers.

HOWEVER... I could see a point to restricting the uploading of textures(etc) to just verified residents. Or limiting the ability to compile scripts to verified. Either of which might help somewhat.

The problem is that they're not like the web. The biggest investment in the normal "web like" mechanism of doing business is the content provided by the customers... running servers for people can be amazingly cheap if you don't make any guarantees, and it's simple. The web model drives the services provided by an ISP towards the lowest common denominator. Linden Labs operates more like an online services company, they own all the servers, they control the access of all the customers, and they have a much more manpower-intensive job than even the classiest "managed hosting" service... *and* their job inevitably scales poorly as the number of end-users increases, because they have taken on responsibility for policing those users.