[opensource-dev] Viewer blacklist to replace the TPV directory ?

[Tigro Spottystripes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Discrete, in both ways you can have viewers that the users think can be
trusted, but actually shouldn't

On 29/4/2010 15:04, Discrete Dreamscape wrote:
> A list of trusted entities is virtually always more robust and reliable
> than a list of untrusted ones.
> 
> Weigh the two possibilities that would occur and their consequences,
> given that the user is making assumptions, as you say:
> - User believes viewers ON the whitelist are the ONLY ones that can be used
> - User believes viewers NOT on the blacklist can ALL be used
> 
> The latter is clearly not a situation that benefits users in any way.
> 
> Discrete
> 
> On Thu, Apr 29, 2010 at 1:59 PM, Henri Beauchamp <sldev at free.fr
> <mailto:sldev at free.fr>> wrote:
> 
>     On Thu, 29 Apr 2010 05:40:15 -0700 (PDT), Nicky Perian wrote:
> 
>     > +1
>     > A blacklist would just give potential bad actors a menu and
>     > template to use for more bad viewers that could be modified and get
>     > past the login screens.
> 
>     What you must understand is that the TPV policy is in no way a mean
>     to prevent pirates from connecting to SL with hacked viewers (or
>     through hacked proxies)...
>     All what pirates have to do is to make sure these viewers impersonate
>     an official (Linden) one (which is done very simply) and then they can
>     pursue their illegal activity without even being spotted...
> 
>     The TPV policy might give some better ground to LL to sue such pirates
>     when they are lucky enough to spot and trace one, but the true aim of
>     the TPV is to set acceptable standards for non-hacked viewers as well
>     as to provide their user with some minimum confidence that such viewers
>     will not try to steal their private data or put them into troubles.
> 
>     As such, the blacklist would provide a much better service to the users
>     by clearly identifying viewers which are *known* to be not compliant.
> 
>     With the current directory, you only got a *partial* list of *possibly*
>     compliant viewers (without any guarantee from LL) and know nothing at
>     all about non-listed viewers.
> 
>     Henri.
>     _______________________________________________
>     Policies and (un)subscribe information available here:
>     http://wiki.secondlife.com/wiki/OpenSource-Dev
>     Please read the policies before posting to keep unmoderated posting
>     privileges
> 
> 
> 
> 
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEAREKAAYFAkvZ5A4ACgkQ8ZFfSrFHsmXOBQCfcpptZyKU+Tr1uv+FsJVUj04s
6c8AmPF6F2bQpBxhVHCTLY4yrcC38sM=
=Cbvj
-----END PGP SIGNATURE-----