Following Darkley’s post, I dug up Lonely Bluebird, a developer for the CDS, and threw some rumors I’d been hearing fly around at him for more information… because I was starting to believe the rumors as well.
[15:23] Tenshi Vielle: 1) How does this thing cache who to ban, and is it kept on a server anywhere? 2) Does it detect alts of the same operator?
[15:24] Lonely Bluebird: For number one, it stores the avatar name, their key, the viewer they were detected on, along with a timestamp and the region name. This is stored on a server yes.
[15:25] Lonely Bluebird: As for number two, there are ways to determine if certain accounts are alts of the same person, however this isn’t done by scanning any sort of files on their computer, and we’re certainly not storing user IP or MAC addresses or anything of that nature.
[15:26] Lonely Bluebird: Obviously I can’t go into detail about what is detected and how it is done, because that would be equivalent to telling Neil&Co how to slip by undetected.
[15:26] Tenshi Vielle: I can understand that.
[15:26] Lonely Bluebird: We don’t do any sort of tracking or banning based on alts though.
[15:26] Tenshi Vielle: What do you think of the residents that want to boycott shops that are running this service?
[15:27] Lonely Bluebird: I think that’s mostly due to the misinformation, there isn’t anything this device does that is in any way a violation of privacy, unless they consider the viewer they use to be private information.
[15:27] Lonely Bluebird: We feel that land owners should have a choice to block users who are known to use viewers that allow content theft.
[15:28] Lonely Bluebird: An update was just released that ensured that the automatic kicking and banning of avatars is turned off, when an avatar who is or has been previously detected on a “copybot” client is caught, the owner is notified by IM.
[15:29] Lonely Bluebird: They of course still have the option to re-enable the automatic banning if they wish to.
[15:31] Lonely Bluebird: I think the main thing that needs to be understood is that this is not a list of known thieves, we have no way to determine if any of these people have stolen anything or not, it’s just a list of people who have used certain clients known for their content theft capabilities.
[15:40] Tenshi Vielle: Any chance the Lindens might wake up and adopt this from you guys?
[15:44] Lonely Bluebird: It would be useless, when a client logs into the grid it sends them far more information than we can gather, they know exactly who the users of these clients are, it’s no secret to them.
[15:45] Lonely Bluebird: They are aware of how the system functions though, should they ever decide to offer it as a service to content creators or something, but given they actually have access to the sim’s data, they could design something even more effective than CDS.
[15:46] Tenshi Vielle: I see.
Read more at the CDS FAQ: http://gemini-cybernetics.net/CDS/faq/
Said on SLDEV mailing list:
From: k\o\w
To: opensource-dev@lists.secondlife.com
“The hashed MAC and id0 sent upon login is just a bonus. Linden collect much more sensitive data from your PC using the viewerstats cap, which includes unhashed MAC, id0, CPU serial, and a pretty thorough breakdown of all your PC specs. I can confirm that this has been used to track griefers and custom clients that spoof the login hashes to circumvent bans.”
LL knows more than people think. Always have. Always will.
I have no expectation of LL ever being serious about counterfeiting and shoplifting. A decade of history shows their ideology rather well. All the third part viewer policy crap appears to be intended for courtroom use and not much more. I’d love to be proven wrong.
Well now, don’t we all feel like our concerns have been addressed? /end sarcasm.
I believe content creators have a right to not have their work stolen. I also believe that this matter requires more strigent policing.
BUT, and it’s a huge BUT, I also believe Linden Labs is the ONLY body that has the right to police it… or a committee put into place by the population at large that everyone agrees to be policed by. Certainly not a couple of random people noone knows anything about, with a system noone knows anything about.
What people need to accept is that without Linden Labs working with the community to resolve this issue, systems like this are, at best, pointless and, at worst, a cruel moneymaking scheme focused on the more techinically unsavvy content creator.
Want to protect your store from content thieves? EDUCATE yourselves. HOW is it done? If you know how it is done you at least know what you’re fighting against. But I fear most people would rather just complain about it, rather than actually DO something to protect themselves.
I don’t think a a committee is a good idea at all. There are to many idiots around holding grudges with personal greivences. IF there was a committee, it would have to be people from all different areas, that do not know each other. I still don’t think it’s a good idea though, there are to many people who would use it for personal bullshit.
Maybe committee was the wrong word, perhaps something more like a government, where the members are voted in by the general ‘public’. It’s all pie in the sky of course, it’d never happen and it’d never work. But I sure as hell didn’t agree to people I don’t know collecting information about me when I agreed to SL’s ToS.
@Amira
- Land owners have every right to ‘police’ their land within the limits of the TOS. I dont recall issuing bans for whatever reason is against that.
- No one knows anything about that system? How about the fact that it does catch a lot of people who thought they were safe parading around with theft viewers? How about the fact that it causes a lot of turmoil, fear and screaming in the black hat hackers community and brings the awareness about the issue to a whole new level?
Granted, it won’t be that easy ‘educating’ yourself about the malicious viewers by using them anymore. Besides it now being against LL’s policies to do so, there are dozens of YouTube videos showing how its done. Point and click, export, import. How would any store owner benefit from trying that first hand? Using tools that thiefes don’t like actually is what you suggest: Doing something to protect yourself rather than just complaining.
I am certain a lot of ARs have been made in the week since the CDS is out and LL must have looked into that. So far, it is still available and Skill’s account is still there, go figure.
I completely agree that land owners have the right to ban people as they like from their land. As you’ll have read my issues were that very little was known about the product, or about the information gathered about the people it encounters. I am suspicious about anything like this that hasn’t received wide testing with published data to back up claims.
Your second point is suggesting the ends justifies the means? Sorry, I disagree wholeheartedly. The world would be a scary place if we all were of the opinion that how we achieved something desirable wasn’t important, just that it got done. I quote ‘ the fact that it causes a lot of turmoil, fear and screaming in the black hat hackers community’; really? Well, I have to admit I am ignorant about what ‘black hat hackers’ are and I don’t know any hackers personally but I do know someone who has worked previously on Emerald and their reaction swerved between mirth and empathy for the people who have been fooled into paying for this ‘tool’.
I grant you that visitors to this site maybe have a higher than standard knowledge about content theft methods, but whether you accept it or not the majority of people ARE ignorant when it comes to the (admittedly small and ultimately pointless) ways they can protect themselves. You can continue believing ignorance is bliss if you like, I believe knowledge is power. I am not suggesting people USE these tools, as you say yourself there are plenty of videos on the web that show what is done.
Your last point made me smile. Yep CDS is still out there, and, I want to point out, I am not in THEORY opposed to it being so. I, for one, would just like to see data from a neutral source a) PROVING it works and b) DETAILING what information it gathers about the people it encounters. We don’t need to see how it works in all its detail but we do need to ask questions. Ignorance leads to fear and suspicion and ignorance is not a state I’ve ever been comfortable in, go figure.
Oh this is funny, guess what? Skills is on the Emerald Dev team. As well as being one of the people behind Onyx… what is Onyx you may ask? Apparently it is a full blown copy & export and grieving viewer. And, oh surprise of surprises, Onyx does not appear to be on the list of viewers CDS detects. If this information is correct…. well, wow, hypocritical much?
To clarify my post above,
-We KNOW Skills Hax is an Emerald developer
-We KNOW that Onyx was created by people who were/are on the Emerald dev team
-We KNOW that Onyx is not on the blacklist of viewers
-We do NOT know if he was personally involved with Onyx, but it is fairly reasonable to surmise so, and I would go so far as to say that it is impossible for him to not, at the very least, KNOW about Onyx… so if he knows about it, why isn’t it blacklisted?
Protecting your pals abilities to ‘copybot’ but condemning everyone else? Classy, real classy.
@Amira Footman – Please explain in detail exactly how you know onyx is not on the so-called “blacklist”.
Well I for one am waiting and waiting for Amira to come up with/head up whatever committee, to solve this problem. She can tell us what is wrong with the current method so surly can make something better. The next time I see a copy botter on my sim I am going to calmly tell them” hey I am educated I know how you do that, I know what I am fighting against” and they will stop. Thanks Amira, for what seems like an effective solution.
@Truth – a good reporter never gives away their sources ;o) Seriously though, the information does come from a 3rd party, I’ve not seen anything on paper, so if Skills presents us with data or something to prove Onyx is on the blacklist, I will humbly grovel for forgiveness at his feet. Considering Skills has been suspended for copybotting himself in the past (which he admitted, at the time it happened, and only escaped a permanent ban when the affected party apparently withdrew their complaint) I think it is understandable to want proof of the claims he is making. Just type “Skills Hax” into Google.
This new system is trying to ensure people who are content thieves are ‘ousted’ as much as possible from the community, and, in essence, tries to get their account (and alts) permanently banned. Is someone who has been caught copybotting in the past really in the position to be taking the moral high ground? At the risk of repeating myself, I am not against CDS as a concept, I just believe that there are some serious questions that need to be answered. Peoples’ money is theirs to do with as they wish, if this product offers what they want, it’s certainly no skin off my nose.
@Colleen – I’ve already stated several times, on this post and on others, that without a huge change in LL’s attitude towards content theft there is very little the community can do to stop it. But knowing how modern content theives work CAN help you make it less desirable, for example, using textures on your display items with sample, or demo watermarks would make stealing that sofa pretty undesirable. I’m not saying I have the solution, far from it. What I AM saying is sticking our heads in the sand won’t solve anything.
@amira:
http://modularsystems.sl/index.php?option=com_myblog&show=ms-onyx.html&Itemid=1
http://onyx.modularsystems.sl/
Whatever – I’m not shopping at any store that runs such a system. Maybe due to misinformation – but let’s not forget that the one putting fuel into the fire was the creator who deliberately spread rumours, for whatever reason – but mostly due to several content creators clearly stating that they’d value their copyright much higher than any privacy rights. I don’t wish anyone that they’d ever be a victim of content theft… but please, get your perspective straight.
Magika was already on my boycott list, TonkTastic is new, Truth and the neighbouring NotSoBad, La Galleria as well as several other places. After all, it’s my choice whom I’m willing to give my $$$.
Or can I still get onto that list of automatically banned avatars, just to spare me the hassle of keeping an eye out for those tools?
I will give a few details on how CDS currently works.
Client Detection System works by accessing Media files and attempting to make your viewer Play a media Stream. This happens whenever Your SL Client is set to play media. There are a few other methods of detection as well, But I will not be disclosing those, and I have removed all detectable Legal functions from all my viewers, and re compiled, along with other various spoofing, for my own protection.
When it Requests data, it gets the Following.
The Skin your client is using, Your Operating System, verson numbers ect.
When Skills Hak Specifies a viewer as a copybot, or bad viewer, it then bans the person, from any and every simulator using it, without any evidence, or the public knowing the truth, or anything about it. This leaves the system open to many Methods of abuse by Skills Hak, or their team.
There is also no way to appeal, There is, but it is all in the hands of skills hak, there is no balance of power, no democracy in the matter.
—–
Emerald/Onyx Project. What we think is up.
There are all these rumors going around about SecondLife, are residents safe, Should Emerald be on the approved list? I Honestly do not think so. Here is why.
#1 Skills Hak Developed CDS to get a hand on the copybots, but really to give him a good reputation, and put him into power, He is also a emerald developer.
#2 JCool Inveter of VLife Quit making copybots and now works with the emerald team, Can he be trusted not to steal users passwords, and copybot himself.
#3 Onyx Client. This client is private, and Violates Linden Lab New TOS April 30th which restricts these type of viewers. There are all kinds of onyx bots under the people search of sl, OnyxMonitor. It is insane, and when you combine all three of these together, you find that there is a big conspiracy for grid takeover to put onyx/emerald in charge of everything and everyone, or do some serious damages.
————–
The fair way to use a ban system, is to put the Estate Owners in charge of restricting all Clients including emerald, ect off their estates, along with preset warnings to leave, ect. Depending on their settings, not networked.
————–
I think skills haks system/CDS should be removed from SL By Lidnen Lab, it is annoying, and not a system that should be allowed.