[opensource-dev] FAQ posted for Third Party Viewer Policy

[Marine Kelley]

I had understood the same, but still am not reassured. To put it simply :

- Publishing my RL name and address is out of question. Ever.
- Listing the RLV in the Viewer Directory requires me to give my RL info to
LL, with the hopes it will stay private. Dare I say, the people maintaining
this list are NOT the people I trusted when I signed up to SL in the first
place. And dare I add, I had to sign up twice : once to go Premium, and
again to verify to Aristotle. Big issue number one here.
- The Viewer Directory "may" (which in my book means "eventually will")
require to publish the RL info of all participants on the page or be
dropped. Big issue number two here.
- Being listed in the Viewer Directory "may" (once again, same meaning to
me) become mandatory in order to connect to the Second Life grid. What makes
LL sure that a rogue viewer will not spoof the ID of a listed viewer in
order to be accepted upon connection ? Big issue number three here.

So, does that all mean that eventually the RLV will not be able to connect
to the Second Life grid at some point, unless it becomes a rogue viewer that
spoofs the identity of another listed one ? Or do I need to stop it all now
to avoid losing sleep ? Or do I need to pass the project on to someone who
accepts to have their data published ?

Besides, this Viewer Directory is meaningless. It does not stand for a list
of viewers that have been technically approved by LL, nor can it ever be.
Nothing keeps a viewer dev to go totally rogue and start stealing L$,
passwords and other info, and LL would have zilch to retaliate because the
RL data entered would have probably been false in the first place. And no,
LL does not have legally the right to officially verify someone's RL address
in some countries, for instance in France, where only legal institutions
have the right to do that, as Henri pointed out.

Sorry, but this Viewer Directory and all its implications have me greatly
worried. And the lack of assurance that it won't switch from "informational"
to "whitelist" at some point, with all the requirements going along with it,
is enough to make me want to drop it.

I vote for not using the Viewer Directory at all. It is useless because it
doesn't guarantee that its listed viewers are safe, and dangerous for the
future of Second Life because it is potentially going to breach privacy.

I'd like to remind people of my proposed solution, back when LL asked
everyone about how to set their third party viewer policy, a few months ago.
I had proposed to make it so that only viewers built on a LL-owned dedicated
machine would be accepted. Such binaries would be the result of the build of
committed sources, with the addition of a small code (unknown to the devs of
the viewer) that would transfer a hash to the grid upon connecting (and
possibly regularly afterward while online). The binaries would be hosted on
LL's website, along with the sources, and everyone would have been able to
consult the sources while being sure there would not be any difference
between these sources and the resulting binaries (with the exception of the
code I mentioned). Granted, this is an expensive solution, and potentially
difficult while testing (there has to be some temporary code for that
purpose, for instance a code that allows only 4 or 5 viewers using it at the
same time), but the only solution that formally guarantees that Build =
Source, and that the source can be reviewed, instead of testing every
viewer, which takes much longer.

No listing and no requirement is ever going to replace that.

Marine


On 28 February 2010 02:58, Soft Linden <soft at lindenlab.com> wrote:

> On Sat, Feb 27, 2010 at 5:27 AM, Marine Kelley <marinekelley at gmail.com>
> wrote:
> > I don't know much about it, but what about the data that most of us
> already
> > entered when signing up to SL ? LL should have these data stored
> somewhere,
> > why do we have to enter them all again ? If the data to be entered to
> sign
> > in to the viewer directory is not linked to it, what gives LL the
> certainty
> > that they are accurate, where are they stored, and what is the privacy
> > policy ? The TPV says "may be published", but there is no way to be
> sure...
> > And moreso, the FAQ says that listing in the directory might become
> > mandatory. With such vague terms it is impossible to comply to these
> > requirements, which are way too intrusive for a hobbyist.
> >
> > Sorry about this, it seems that publishing a Frequently Asked Questions
> page
> > brings even more questions ! It is always like this. lol.
>
> I'll ask to be certain, but I expect that if the viewer changed from
> opt-in identity disclosure to mandatory identity disclosure, every
> participant would be given the option to be listed or be dropped.
> Without a response, we would drop the listing. It would be totally
> unreasonable for us to just add the names one day.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/opensource-dev/attachments/20100228/c484e0fd/attachment.htm