Track anyone, anywhere *Tech Demo*

http://www.commoncache.com/slmap.php


This is a working demonstration that I've developed that will tell you the location of players anywhere in the world.

In this demo map, a secondlife:// link is given so that you can teleport directly to my location. Anywhere I go in the world, refresh the map and it will update as well.

The tech behind this isn't very complicated. At this point I'm not going to say exactly how I did it until there's more community feedback, however any more experienced coder will quickly figure it out. Hell, it may have already been done, which obviates my demo. In which case, lemme know how late to the game I am and I'll go sulk somewhere.


There's a couple reasons I'm hesitant to put the code out. First, this is something I could definitely sell as a service/product, so I want to protect that IP investment for a little while. Second, there are some privacy issues that go with this.

Basically, it is possible to use this method to secretly track any player who is wearing an object that has this script attached, without their knowledge.

If you teleport to my location from the map demo, you'll see my Halo, which is my tracking object. However, you could easily embed this into any script and it would operate without the knowledge of the wearer.

On the plus side, there are likely some pretty easy ways to detect if your new shiny object you bought is gonna tell someone where you are, so its not all bad.

Anyway, I look forward to feedback (if any).

Geuis

There are more cunning ways of doing this without your victim having to wear anything. But I won't get into it.

M.

Yes there have been several AV trackers available. Most commonly embedded in collars for subs / Slaves. Most relied on IMs or E-Mails to transmit the location.

As for tying this into the map, I have an personal script application that isn't complete yet that does use the map API for some location information.

For a second there, I was impressed. Then I read that you are wearing an attachment. My response is... MEH.

If you managed to do this without the target being at all aware or opting in, it might be interesting.

The target does not need to be wearing anything at all. I have a script that hunts for the target specified - according to an optimising path algorithm - finds it, locks on, and hovers 2m above its head where it goes into a listen state and transmits all channel 0 dialog back to the owner. The object is currently opaque and visible as I don't intend to use it maliciously, but it could just as easily be made invisible for those who are more criminal at heart. Needless to say I won't release the code.

This method is using llHTTPRequest to make recurrent requests to a remote database. The database is recording the position of the owner of the object. This is information that is sent by llHTTPrequest in every request.

So, there have been previous methods to track avatars but I believe this is the first one that makes use of llHTTPrequest.

My demo here updates every 10 seconds, but can burst up to 1 second if need be.

The part of this that lets you track position without awareness is that you can embed the llHTTPrequest into a timer and since it never generates any activity other than a silent web request, the wearer of the object has no knowledge its running.

Currently my demo db doesn't track a history of movement, however its a very simple database addition to record permanently instead of simply updating the position record.

Yes, but can you find me if I'm in a private sim?

Where's your private sim, let me in, and I'll find out.

IM me in-world

Geuis, isn't there still an http_response firing?

The other problem with the target having to wear something, is that they have to be wearing it. If they return it to inventory, it stops functioning. Geuis, I think your solution would work really well in conjunction with mine - except, I suppose, that you wouldn't be able to make use of owner information. Feel free to IM me in world if you want a demo.

M.

Yeah, the http_response still fires. But it doesnt seem to make itself apparent unless you output something.

Not a map wide thing, but...

I was griefed in the sandbox yesterday by a couple of objects that tracked me all over the sim and spewed coloured lights in a big cloud above me making it impossible to work.

Just to let you scripting geniuses know, ... if I had been able to click on the thing and find out who the maker was they would have had an AR report against them regardless of whether it was an "experiment" or not, so be careful what you script.

One persons "cool tracker" is another person's griefing nightmare.

What Dianne said.

LL is working to improve the privacy features in SL, and while I don't see much of a threat from a scripted attachment that must voluntarily be worn (until someone sneaks it into gifts they give people without their knowledge), if there's a way to track someone without their knowledge on something other than the "Map" feature of their profile, it needs to be nerfed. Now.

I agree Dianne. That's why I think its important to put this stuff out in the open so we can discuss it and make people aware.

I also agree which is why my tracker is opaque and why I won't release it. I know I won't use it maliciously - I can't speak for anyone who might otherwise get hold of the code and use it unfavorably.

I have demonstrated my bot to all my friends to try to encourage them to use IM conversation exclusively, given that it is possible for someone to send a remotely deployed invisiblt tracking bug to listen in on their channel 0 conversations.

There is a problem with the argument that says this sort of thing should be stopped, however. Unfortunately, by establishing a means to eliminate the possibility of developing this technology, I fear it would limit the development of other exciting and yet above-board technology too. And even then, the innovative developers out there will find some other exploit anyway, all the while further and further limiting what can be done in the positive realm of development.

Furthermore, there are so many ways that a device like this could be built, that it would be very difficult to pin them down without scrapping fundamental elements of scripted SL. I could write a script that could detect my infiltrating tracker-bug, but that's because I know where to look.

It's a difficult problem.

But you *said* you were going to *sell* the tech.

Please be consistent.

- C

Huh?

If I sell this feature, it will be as a service and carefully controlled. Not just a script people can use for nefarious purposes, at least by me.

'fraid I have to rain on your parade also, although your device is better than the original in this thread. Your bug would never be able to follow me. It will lose me as soon as I TP outside of it's sensor range. Now if you grey-goo the grid with seekers you might find me again, but then you'll have other problems.

OK, so you just want to snoop on my lovely cyber-time. So there are three cases:

1. you know where I am because you have my card
   
2. you know where I am because you saw me
   
3. you don't know where I am
   

In case 1, I *think* you can get coords from the map to feed into your seeker, so you don'tt have to come within sensor range. Either way, if I find your drone before it loses me due to a teleport, I'm going to tear up your card so you reduce to case 2. In case 2, my personal scanner will pick you up and eventually I will know you as an obsessive stalker. And case 3, well...good luck. the grid is a lot bigger than you think, and there's a lot of dead spaces your drone can't search. I'm almost tempted to offer a prize for someone who *can* find an AV that is anywhere on the grid under the conditions of case 3 - using a fixed number of mobile objects (if you can't do it with three, you probably can't do it with any fixed number) find a named AV (or keyed if you prefer) and track it for an hour, say.

Now if the target is aware of the possibility of a stalker drone, they can start to run active object scans, but that will cause a lot of unpleasant noise for them. If they know the identity of the stalker (available in both cases 1 & 2), they can cut down the noise by checking object ownership in their scans. In any case most non-newbies end up having many of their most intimate conversations in IM anyway, if only because friendships transcend the immediate spatial limitations of the grid.

So what is the *actual* security risk? Almost zero. Go ahead and publish Your search algorithm might actually be interesting.

- C

I'd also be interested in seeing what a hovering tracker does about finding someone who is on an island - not connected to the mainland, or is in a no-script area - or, better, when they walk onto such an area while being tracked, or, even more fun - if they go somewhere that is flagged as private - such as a non-visible sim.

If anyone ever does sell these things, you'd better make them copy/no-transfer, as if I ever see one tracking me over _my_ land, I'd probably be using delete not return

All of these being the reasons why I think that if I offered my challenge, I would never need to worry about losing the money. Doing anything deeply autonomous or non-local with scripted objects is a recipe for disaster, as cool as it might be to contemplate.

- C

The factors mentioned above would indeed foil the operation of the tracker - namely, teleporting, private sims, no-scripting areas, islands and conversing entirely in IMs. My algorithm will hunt on contiguous territory, obviously without crossing dead-space ocean.

Still, while this makes it easy to escape the bots, most people aren't really thinking about them which makes them vulnerable.

I'm well aware that the script I wrote isn't rocket science - the whole point of the exercise was to prove to myself how easy it was to achieve - and in doing so, raise awareness with my friends. Some of them knew about similar devices, others were intrigued and concerned. But all of them, I believe, take the implied privacy issue more seriously now that they've seen it in action.

Perhaps I should create a messenger bot to hunt people down and preach the virtues of speaking in IMs before self destructing. But no one likes to be preached to or bothered by self-indulgent espionage-witness bubble bots, so I won't.

I wonder, in regards to getting through privacy fences can WarpPos be used? Still possible to get away from a tracking bot through teleport though.

WarpPos can't leave something inside a privacy fence, but it can go through it.