theif application on the lose

Problem is... What can the Lindens do? They don't technically own the content, as such.
They have always asserted we own what we create... Which means that they can help protect it, but the ultimate responsibility to protect our content is our own. Which is impossible to do.

In 2D space (aka the web) I create a picture and put it up on a site, then anyone can copy and keep that picture. So I disable right click > save picture on my website. Now user B can just screen scrape the desktop, and still get a copy of the picture. I disable screen scraping (how?) a talented User B grabs the backbuffer of the video card...

Data can always be copied, the only effective way to prevent that, is at the hardware level. But we all dislike big buisness DRM and Microsofts Trusted Computing initative don't we...

This is not a solution to lost inventory. If it ONLY worked on what was in a person's inventory, fine. This STEALS other peoples work. IF CopyBot was made to ONLY effect what is already in a person's inventory, then that would be different.

What it does is STEAL content from SL. Not backup.

So no, that "backup archive" idea is not vaild. Doing so is also something LL never intended. As malicious scripts/programs could also be uploaded in such a way. Data from outside was never meant to be introduced into SL through unmetered channels.

~Jessy

Not very easy for the majority of users buying it right now on SLEX.

That is the typical poor excuse of apologists for this kind of crap.

Do you think it will be easier to deal with all the resulting problems that this object will create? Wouldn't it be easier to deal with the accounts that are selling this object?

This code has two purposes as I now see it.

1) To allow copying of any prim... BAD

2) To be the core data parser for a rendering engine in a 3rd Party Client ... Good?


Looking at the recent screenshots of the 3rd Party Client, the one thing which was missing was a data parser. Every prim that was comming to the client was being displayed as a cube. They had no way to recreate the prims being sent by the server.

This was obviously one hell of a hurdle, when they cracked it, they were very pleased with themselves, the test bed for the parser was CopyBot, and it was leaked. It was not the smartest move, but what is done is done. The next time I expect to see this, is when they guts of it are in their Client, rendering Prim data correctly.

I think LibSL have just overcome a major hurdle in creating their 3rd Party Client.
Thats what this, in my opinion, is really about...

All well and good. One can just as easily argue that one can not ban guns, because someone can always buy them or steal them somewhere. That does not mean that one should not act against an idiot giving away free guns and ammo on the side of the schoolyard. It does not mean that someone who uses that gun to kill someone should not be charged with murder. It does not mean that we should not charge someone with a crime if they use a gun to commit a crime.

LL CAN and SHOULD ban anyone who distributes this hack, or who uses it to STEAL content, for the same reason that someone distributing firearms and ammo at a schoolyard should be locked up. They are enabling people who would not on their own be able to commit a crime to readily do so.

We can not prevent people from making hacks. Granted. But we CAN punish them for distributing or using those hacks to harm SL and violate IP rights and STEAL merchandise!

This decision to rely on passive inaction by LL is just like their stand on account verification. Just because some people can evade or could not use their authentication attempts, they threw up their hands and gave up on authentication entirely. I wonder if they also took all the doors and windows off their San Francisco offices, because some people have trouble using doorknobs, and some people can pick the locks and can get in even if they lock a door. So "just allow open access to anyone" is their solution? How long after such an irresponsible decision would it be before there was nothing of value left inside the LL offices?

It would only take one person, having made the change, to post it on SLEx. In fact it seems likely that's what happened.

I can't honestly believe that SLEx haven't removed it yet, but if it's true that the one on SLEx is actually a trojan, maybe it won't be removed (poetic justice?)

We were always going to have to deal with this problem at sometime... sometime is today and the next few weeks. Its not like this was never going to happen.

Now we, AND Linden Labs, are going to have to get smart, and work out how we can not only fix this, but also live with the parts which cannot be fixed. I think Linden Labs want to trade stamp your work, they have stated this in their Blog. Frankly its a brilliant idea, and about the most workable solution. But we know, and they know its not a total fix.

It's not a trojan. Content creators are lying in order to get people not to buy it. Check secondcitizen.com where they admit it there.

You can't have been this blind for the use people will put such an application to, if you create an application that can take full permission copies of virtually anything. If LL would know a secure way to implement a backup function, they would have done so long ago.

The first thought of the LibSL team must have been: how do I check the item permissions and item ownership? When they found out that this wasn't possible (if they ever bothered at all), they introduced it as a fun application to copy other people's avatars, already stealing content while demonstrating the abilities of their tool. I can't believe Lindens watched this and didn't stop it right away. I mean, let me get this straight... it's demonstrated inworld, content is copied off other people's avatars with full perms, and you still didn't realized that you made the same mistake as Nobel? Come on. I don't believe this.



LL's open support of theft only shows me that there's some plan behind it, everything will be done to get SL millions of users and attract even more well-known companies. Content creators were only needed during the initial phase; now we have enough content to attract every average John and Jane. They will only come and stay if they can play for free, of course; but those millions of users are badly needed, to support the dream of the glorious world-wide 3D web. First the account registration is "open-sourced", now the content too. Everyone can join for free, everyone can copy any of those shiny avatars with all their bling for free, LL does their best to advertize this nifty tool and make sure everyone uses it without remorse to attract another million users and more companies, until the 3D web that no one really needs is forced into existence. I guess I understood my temporary role as a content creator now.

1. Not quite. The internet also works by securing certain data that should not be freely copied. Or may I have your password & credit card number now to save me the bother of just copying it right of teh interwebs ?

2. You're merely stating a general principle. As it stands, SL is a proprietry platform that like any other CAN be secured to AN EXTENT. It's not 100% uncrackable but that's not the point. Even the use of GLIntercept could be detected and SL shut down in its presence let alone methods available to deal with Copybot. SL CAN be made REASONABLY SECURE for MOST USERS. Copybot allows anyone to freely copy objects in world and for both you & Linden Lab to offer this kind of lame generalised excuse is disgraceful.

Exactly. You can buy crack cocaine if you really want it, but you won't find it in walmart lol.

Haha. Like we care.

REMEMBER FOLKS, YOU ARE ENTERING YOUR PASSWORD INTO SOFTWARE CREATED BY IDIOTS LIKE THIS. ARE YOU REALLY, REALLY SURE YOU WANT TO DO THAT ? I'D BE WORRIED ABOUT MY OWN CONTENT, LINDEN BALANCE AND CREDIT CARD IF I WERE YOU.

You just openly named your enemy, do you realize that? Content creators. You're on one side of the fence, we're on the other. Please tell us, why does your perfectly harmless tool ask for people's account data and passwords?

Interesting, as I thought LL were looking into way to trademark content, so at least it is possible to determine that it was copied? Leastways according to the blog they are.
Thats not passive inaction.

40 people (LL) are not going to and cannot deal with the fallout from this. Its too big. Governments with 10's thousands of people have problems with dealing with copyright theft.

Linden Labs knows this, I kinda think, they hop we will work with them, many hands make light work, n all that.

But right now it sucks, we know it sucks, they know it sucks. LibSL dropped the ball. They know that, cause they pulled the code from their source control site. Cats outta the bag now though. Time to go into fire fighting mode...

If there are content creators reading this who have falsely claimed that the copy on SLEx is a trojan, I can only advise them to withdraw these statements as soon as possible. These statements could be enough for distributing the tool to claim innocence on the defense that "I thought it was a trojan made to trap thieves and distributed it on that basis". It also may mean it stays in distribution for longer, as people believe that they are doing good by distributing it, setting a trap for content thieves.

It wouldn't create any assets at all, the copy would get saved locally. If it has to reupload something to make a copy, it can just as well save that data locally and reupload as needed.

If you argue that it can be used to create infinite copies instead of merely replacing something that was lost, you're right, it can, but that doesn't mean everyone or even most will use it for that if it were possible.
I can start accusing every private sim owner of stealing, after all, what's to stop anyone from rezzing their entire inventory, leaving it out for a few days, taking it back and asking for a rollback? Instant and perfect copies complete with scripts, far better than anything this copybot seems to be able to create.

If you read *anything* about what you're bashing, you'd know it uses an alternate account as the bot. In order for it to log you in as the bot, it needs your password. That's why the notecard suggests making a NEW alt to use.

The CC data is still freely copied though... Its encrypted, and passed as directly to the server possible, however that data IS NOT secure, and it is being freely copied.
If it is intercepted on the way to the CC server, and the intercepter has the encryption key, POOF they have your CC details.

Reason it does'nt happen is that its very hard to do, and the 13 internet Root Servers have armed guards... (least the UK Root does...)

?? It doesn't do that ??



Oh they do Kitty. LL are very careful to ensure that people aren't trying to use sim roll backs in an exploitive manner. The last time I had to have a sim rollback it was the first thing that they checked in to.

Again, this is not about what is possible, this is about what is accptable.

LL have stated in the private islands documentation that this is a violation of the TOS and they will actively persue residents using this method to gain free content so no, you can't.

If its open source, then hopefully it could be designed to reproduce original permissions. As far as I'm aware it's a work in progress.

While copybot itself is obviously open to abuse, it would hopefully develop into a set of tools with legitimate uses.