[opensource-dev] [POLICY] Configurable HTTP user-agent string

Ricky kf6kjg at gmail.com
Wed May 5 23:23:59 PDT 2010


How can that be a source of correlation, unless you are using a viewer
that has a userbase of one (yourself and your alts)?

Even so, the suggestion is on the floor that the transmitted useragent
string be readily spoofable across all methods of gathering the info.
In this way we can allow legit uses of the information in a
easy-to-get way, via new LSL functionality, and we allow for privacy
for those who are interested by allowing them to spoof said string.  A
win-win in my book. :)

Yes, spoofing the useragent string is a pre/co-requisite for the LSL
functionality.  It's also a much faster thing to implement, as it is
entirely client-side.

Ricky
Cron Stardust

On Wed, May 5, 2010 at 8:28 PM, Argent Stonecutter
<secret.argent at gmail.com> wrote:
> On 2010-05-05, at 18:39, Tigro Spottystripes wrote:
>> How so?
>
> The SL client is not a browser, and currently provides a stronger
> privacy firewall than a browser. This is important, because unlike a
> browser connection when you are logged in to SL you're broadcasting a
> strong non-repudiable identity token.
>
> That is, if I visit Google Groups and then I visit the SL blog, there
> is no token carried between Google and the SL blog that is passed  out
> to the readers of Google Groups and the readers of the blog. When I
> visit Luskwood and whatever the newest version of Satyr or Woodbury
> turns out to be, my UUID goes with me. If I visit Luskwood as Argent
> Stonecutter, and Grieferzone as Obscure Nomdeplume, I don't want Loser
> Hax knowing they're the same person. I can turn off voice and media
> and keep them from getting any information that way, but if I start
> broadcasting stuff that carries any kind of detailed user-agent- or
> computer-specific info through LSL, that's bad.
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/OpenSource-Dev
> Please read the policies before posting to keep unmoderated posting privileges
>


More information about the opensource-dev mailing list