Important info about selling sculpty products - be careful!

I recently realized that if you sell a sculpty product and it has Mod perms, your custom Sculpt Map is available for anyone to copy and rip off! What the hell? There should really be a way to hide your sculpt map even on a mod object. As of now I can screen grab it and upload my own sculpty map essentially stealing your work.

I'm putting this here hoping to get the building community aware of this unfortunate problem.

So, don't sell your sculpty products Mod!

Would be nice to have the ability to give customers the ability to scale an object but unable to mod it in any other way. Would really help when selling avatar accessories.

(and yes, I have a product where the user can change the size via a script, but on something with a heap of prims, this isn't the most desirable way to go)

Give your sculpt map texture an alpha channel, make it transparent. Then it won't be visible in the previewer. The alpha channel is ignored for the purposes of making a sculpty prim so it works just the same as usual. People have been doing this for quite a while now.

Well, I'm not sure how official this is, but based on JIRA comments by Phoenix Linden, I don't think anyone should consider any textures to be protected.

Apparently at least a significant part of LL and the SL community feels that textures, shapes, and anything else that is used by the client is pretty much unprotectable. I suppose that includes animations too, although I don't think there's a capture utility for it yet.

https://jira.secondlife.com/browse/VWR-1919

Personally I don't think this is a good policy, but it seems like that's the deal.

People have been sued over content stealing in SL. So I'd say its rather protectable..

and the alpha trick works fine, however, I'm not sure if a sculpt-map UUID shows up in the texture panel like normal textures. If it does then..eep...

Fundamentally if it can be displayed on your screen then it can be stolen. There is NO foolproof way to stop that, it is merely a matter of how much effort one wants to put into stealing the object/texture/whatever!

Alan Greenspan points out in his memoirs ("Turbulent Times" that the entire concept of IP needs to be rethought in the light of modern realities.

The present model i slargely based on real estate rights (in perpetuity), but the object of all IP laws is to increase the output of new ideas, not to protect "mouse ear" profits forever!

I am becoming convinced that most of the so called "piracy problem" is really due to our having the wrong model for our (worldwide) IP laws!

Time for another thread if anyone is interested ...

What about IP 2.0 or w/e its called? Hexadecimal IP addresses..thats..almost rethinking it..its to the stage of redesigning the visual and UI viewpoint I supose, but not the fundamentals...hmm...

And what I meant was the super fast way of getting normal textures, just bring up the texture console and be done. I don't see anything quite so easy for sculpties, unless they register thee as well. There is no 'sculpt console' for instance.

I am not sure how upgrading the routing of packets between your computer and Sl will affect the information sent in any way at all?

IP V2.0 (I think you mean 6 digit IP addresses which essentially expand the total number of IP addresses by several hundred million!)

Have I missed something here?

Don't confuse what you see using the LL viewer with the information that MUST be sent to your computer to generate a 3D image. A custom viewer is not all that hard to build, even without the help that LL has provided to the developer community!

Just because no one has been foolish enough to generate another "CopyBot" for script kiddies to cause trouble with does not make Second Life a secure system.

The barrier is entirely one of knowledge and competence, not of lack of capability.

Look at the 60 minutes report on the TJ Max thefts for example. The reporters only got about 10% of the facts, but even that is pretty scary.

yeppers, thats what i meant, I was under the impression that the IPs were 6 digit hexcodes though, maybe I'm wrong

I was saying that it was a start on reinventing the wheel, redefining IP to something more secure, a constantly, irreversibly encrypted stream of data woul be.. crackable. But we might someday get that anyway.

And I never said that it was actually safe, just that most people generally wouldnt go to the trouble to do it, especially considering how unique sculpties actually are. It would be rather easy to prove a sculptmap is identical, which..generally wouldnt happen with two seperate peoples' maps.

To go through all the trouble of making a new viewer just to get sculpties..that just seems like more trouble than it's worth.

It also seems to me that content creators in general feel a lot more secure than they are. I helped a guy with a script yesterday, and his neighbour-vendor in the mall showed up, and I noticed that his advertisements for his shirts were the exact textures, no mods, black background included... I warned him that this was extremely foolsih and he said if someone were to copy it, he would sue them, and that his friend is a lawyer.

Unfortunately, everyone has a lawyer friend.
And fortunately..if another CopyBot did break out..well..the original could only seal textures right?

Could anything ever actually steal more than that? It could record relative locations of objects but..you can measure on your own. It culd record sizes and cuts and twists..or you could just measure it..

SL will never be a secure place from thieves, just as the real world will never be. I personally think people should stop worrying about it.. its more likely your shop will do better if you have the capabiity of making great things rather than watching some doofus try to resell your objects once you've made a name for yourself already.

if you don't want your creations shared wihth all of SL, buy a sim, put up generic banlines, and build only in the very center, and never let your objects leave, and then you might have a slim chance of noone being able to copy it without TONS of work.

No the original IP address which is still in use is 4 hex digits (192.168.1.1 for example), the new one is only gradually being introduced.



Actually that is available today with secure transmission protocols (e.g. https); even so the end user MUST be able to decrypt the information to use it! All any secure protocol protects from is a third part snooper (Hello to all my buddies at NSA )



Well the proof is that no one has done it - YET! However that certainly does not mean that no one will if there is enough profit in it!

Personally I run several "custom" viewers and text driven "bot controllers" just because that is my hobby - I have been a programmer for over 40 years now and like to play with the code.



That is exactly what I am addressing, the illusion of security is a very dangerous state!

In short, yes it is perfectly possible to write a "CopyBot" that would steal the entire creation, shapes, textures, prims, and sculpties! In fact just such an effort is under way in trying to produce some sort of backup for the notorious Second Life Inventory system.

As Miscrosoft can demonstrate, there is no way to prevent a backup from being used to produce many many copies of the original. The entire MS "activation" system merely makes thing a little more difficult! Personally I think it makes things more difficult for the MS customer than it does for the thieves.

Do a Google search on "Windows XP Borg Edition" for one of the more comprehensive examples of such "backups" BTW.



I agree, the fuss is far worse than the real threat, but the blind panic once someone demonstrates that the system is not totally secure is even more destructive! I still find sims that have some sort of "CopyBot" protection running. I suppose it makes someone feel better until it too proves to be ineffective.

If someone really is THAT paranoid about their work being stolen, then the work has no business being put up on a public system like Second Life! ANY of the 3d programs like Poser, 3D Max or Cinema 4d are much more capable than Second Life could ever be and are as private as you want to be.

I doubt if anyone is going to keep their computer in a locked vault with armed guards though ...

lol..I have guard gnomes =P They sit on my desk and..well...sit their and watch as someone steals my PC, then give a horrible eyewitness report..


With the encryption I meant that at present sure we have real-time, constant data encryption but.. I guess kinda a super encryption or something lol... iono... DataMan1001!!!

Could a bot steal scripts? That is one of the more wary objects since arguably more time goes into super complex scripts than buildings (This coming from a builder.. I admit, scripting is inherently more complex, though the finesse required may not be any more or less

So would a bot be able to copy a script, considering that they are executed server-side, and not client-side? Seems like to do that the bot would have to intercept outgoing data from a location it cant intercept without raising big flags at LL saying 'Danger Will Robinson!'

Prims, prim locations, etc, are all easily copied. Textures are easily copied as well, which makes it also inherently easy (though not as easy as normal textures) to steal sculpties.

Animations well.. that would take a lot of information I'd think.. it's be recording and parsing the location of all movable parts of an av for a given period of time which.. well..ouch..but still possible if you just parse the translation of the v limbs based on the original av position.

So scripts and animations are the two safest things that I can tell, scripts being by far safest.

And still...

I make 3d art, that's what I call it anyway, I'm a modeler of various types. SL may be limited but at the same time, because of its inherent simplicity it is one of the most powerful tools I've found for building right off the bat

Images aren't and can't feasibly be protected. The client asks for it and gets it. If Second Life is successful in the way Linden intends it to be, future viewers will just have right-click > Save As for images like our web browsers do. It's just a matter of time, and of whether SL is going to be the one that goes all the way.

Animations are pretty much just like images, clients ask and receive.

A client can't really steal scripts, it would be a permissions bug as scripts are entirely server-side except for when agents have permission to download them. Once the server-side simulator is open-source and you can take your inventory and attachments to a sim run outside of LL, people can worry about scripts being stolen, even altered/infected

the truth is, if you can get it on your computer, and I mean all of it, it's not secure... period.

because onces it there you can view it, manipulate it and tweak it do whatever you want... images, prim poperties, programs from the internet. you can copy, remove protections, and no amount of encryption is going to protect it because when it gets to the end, it has to be unecrypted to use it.

the only nominal protection is distributed applications that only expose certain features, but even then image theft is trivial, as is theft of any exposed feature (like prim properties which the viewr needs to render the object). there's hope in quantum encryption, but it's so far off on the horizon for comercial use as to barely be worth mention.

The problem with textures is they go into your graphics card memory and if you know how you can extract that memory so you can take any even alpha cloaked textures arnt safe .But thats the same with the real world anything can be copyed .If you do have something stolen you can submit a dmca and the copyed item will be removed from the ofenders account if you win the case.

http://secondlife.com/corporate/dmca.php

There are plans to actually use the alpha channel on sculpty maps so using it as a "copy protection" method just runs the risk of messing up all your sculpties in the future.

More to the point, they first go onto the local hard drive of each individual client machine, so they are accessible from there any time before they are pushed out by newer data or the cache is cleared. Moreover, the UUID keys of each texture stored in the cache are *very* easily retrievable, making them usable by any LSL function to which a texture key can be passed (functions which do not take into account permissions *at all*)

BTW, earlier in the thread there seemed to be some confusion over the term "IP." When Karen Palen initially brought it up, she was referring to "Intellectual Property." Others seemed to think she was referring to "Internet Protocol" and took it from there.

OOOOPS! Deanna, you are quite correct and I really missed that!

Apologies to everyone, I did wonder where the reference came from and just did not think it was my error!

At least no one died this time ...

ok yeah..oops on the IP.. stupid me

I'm more nerd than uhh..legal..councel? anyway, so i jump to internet protocol!

Sorry!

I'm not sure this is all quite that hopeless, at least to make theft much more difficult. I agree that images are pretty much a lost cause since they are a displayed by the video card, although some protections would probably help.

Sculpty textures, animations, and shapes however do not have to be processed by open source client code, so they can be encrypted. Of course, the encryption could be cracked which seems to make this pretty useless, except that, unlike a DVD player's code, the SL client is always online, has only a single content source, and is updated regularly. The encryption could be changed on each update or more often and would be like a forced cache clearing. Actually, in principle, each client could be using a different encryption since there is no requirement for moving client contents from one client to another, making selling hacked clients impossible.

That wouldn't stop it being repeatedly cracked, but would require repeated effort and time. The value of things in SL isn't like a library of DVD's, so people would tire of this pretty quickly.

UUID based texture theft would be really easy to fix since it is an LSL hack and runs on the servers. Just allow UUID resources to be protected with a code similar to loading scripts into another prim. If the script is legitimate, it just unlocks the UUID's with the code once, and then can use them at will. A hacker who stole the UUID of course has no way to know what the code is, so can't use it. Put in a delay for incorrect code attempts and log them to discourage cracking attempts.

Should we BOTH go around with a bag over our head from shame then? LOL

I think I started it, so Ill wear two

WOW.

I think you are correct that there are numerous ways to make stealing content harder, but the greater Internet shows that where there is enough demand someone will break absolutely anything!

"Any lock that one man can build, another man can break".

To put it another way, it is futile to expect technology to fix a legal problem!

I tend to agree with Alan Greenspan who pointed to the software piracy problem as evidence that our Intellectual Property laws are inadequate.

Personally I think that the US DMCA has created more problems than it solved.

However the only "law" in Second Life is Linden Research (formerly Linden Labs), and they do not choose to enforce any copyright or any other civil laws for that matter.

Until that happens then I think you will continue to see pirated "goods" sold throughout Second Life.

I sell boxes of sculpties including both prims and textures full permissions on all. Rework, remodel, refarb, resell, the only thing I ask is that people not resell them as-is. So I guess I'm not too worried.

Until the DMCA was passed that was a "Judicial Doctrine" known as "fair use" - if you buy a book then you can use it, read it as often as you want, even copy it for your own use!

Just don't resell it!

The DMCA eliminated that and essentially outlawed anything but a single reading of a book!

As far as I am aware that has never been tried in court (the notorious P2P "file sharing" hasn't even been tested yet!), but the text of the law does read that way.

Of course Microsoft will be HAPPY to sell you a new copy of Windows every time you upgrade the RAM in your computer ...

How would you turn a sculpty texture (or a shape for that matter) into actual geometry without the client being able to decode the texture? Even if it was possible for sculpty textures, the client still gets the UUID of the sculptmap.

A video card has no concept of animations, or even of the difference between an avie and a box, it's all just a bunch of polygons to be drawn when it gets to the video card.

If you drag a texture over onto a prim, the client simply sends over the UUID of the texture to be applied and the sim mindlessly applies that texture to the face/prim(s). You'd also likely break all of the legitimate scripts that currently do use UUIDs of textures that weren't distributed along with the script.

The short answer is that you would not use LSL, but pay some one in India to write a C# program for you!

The long answer is that you would "rebuild" the unknowns parts from inferences provided to the"client side" 3D engine.

Since quad 3Gb P4 class processors are already available and 8X/16X pretty close for very reasonable prices, it is reasonable to assume that "decrypting" the shape of the actual "prim" is something that you could pay SW engineer in india/China/wherever about $200 to get working.

In short "security by obscurity" is even less of a barrier than it was 30 years ago when it was first discredited.

A professor of the U of Chicago (I think) published an "position paper" on tracking $20 bills. It seems that if I give you 100 $20 bills then record their numbers every time they enter a bank, I can reconstruct ALL of your movements and purchases with about a 98% accuracy!

This was published over 20 years ago!

Cameras on freeways monitored by FBI/MI5/KGB/??? is really only the bare "tip of the iceberg".