[sldev] Re: Texture Bugs

[Argent Stonecutter]

On Jan 25, 2007, at 10:38 AM, Jason Giglio wrote:
> Argent Stonecutter wrote:
>> The problem isn't IP addresses, it's using IP addresses to cross- 
>> reference information on accounts. The IP address is shared  
>> between all accounts belonging to the same person, so if you know  
>> the IP address of a large number of accounts you can identify  
>> which accounts are alts.
>
> So what? 64-128-27-131.static.twtelecom.net.  Big deal.  You  
> exposed yourself as soon as you hit reply.

If I were trying to keep my identity secret I wouldn't have been  
using the same handle I've used for over 20 years now. :)

> I also see you are using a Mac, and you use Apple Mail.  Oh no! I'm  
> going to correlate you now!

Indeed, if I were secretly Strife Onizuka you could figure that out.  
But if I were secretly Frontier Linden, you wouldn't know that from  
this list... or from any other out-of-game list... unless I posted as  
both sock-puppets in the same forum.

> So what?  If you have a popular enough web site, you can correlate  
> thousands of IPs to pseudonames.

But you can't do that for people who don't visit your website.

> Stop thinking of SL as a monolithic provider.

It's because I'm not thinking of SL as a monolithic provider that I'm  
concerned.

The techniques I'm talking about are the equivalent of allowing  
anyone on the Internet to see the IP address associated with any  
account on any service.

>   When you visit a build or wear a HUD, you are visiting content  
> under the creator's control.

Visiting a build is analogous to visiting a website, which is why I  
suggested that prims set to the land group not be subject to  
restrictions.

Wearing a HUD (or using any other scripted object you own) is like  
running a program. There's a word for software you run on your  
computer that surreptitiously sends tracking information back to the  
creator. It's called "spyware".

> There are more people on IRC each day than Secondlife.

What's that got to do with the problem I'm talking about? Look, I  
feel silly having to repeat it again, especially since it was right  
at the top of my message... and you even quoted it:

* The problem isn't revealing IP addresses per se, it's using IP  
addresses to cross-reference information on accounts.

* If you know the IP address of a large number of accounts you can  
identify which accounts are alts.

Let's add a few more points:

* There are a lot of people with legitimate reasons to keep the  
identity of their alts secret.

* The majority of these people are not sophisticated computer users.

* The majority of these people are not the extreme paranoids you're  
depicting them as, and are not going to expect that keeping their  
alts secret will require extreme measures.

IRC isn't second life. There are multiple IRC networks, there is only  
one "Second Life" network. IRC servers don't hand out warnings about  
sharing personally identifiable information, they don't have a  
"privacy policy" or otherwise establish any expectation of privacy,  
and they don't sanction users for revealing personal information.

Similarly, Usenet and Email aren't Second Life. Usenet and Email  
don't have a privacy policy, and have not created an expectation of  
privacy. There are multiple providers of Usenet and Email services,  
there is only one provider of Second Life. While Usenet is broadcast,  
Email is point-to-point, and so it's possible to use email without  
broadcasting the relationship between your addresses to everyone in  
the email net. It's easy to set up Usenet sites that are not  
connected to Usenet proper at all, only Linden Labs can set up a  
"Teen Grid" or other private grid.

And now, the kicker:

* A lot of the people I'm talking about are big customers, or who  
have the potential of producing really bad press for SL if they get  
stung by the kinds of exploits I'm talking about.

* If Linden Labs doesn't establish a reasonable set of constraints on  
these facilities right from the start, they're going to end up *more*  
restricted and awkward to use in the long term.

First of all... Usenet and IRC and mailing lists can be extremely  
hostile environments, and they give hostile people all kinds of tools  
that Second Life keeps from them. There are stalkers on Usenet and  
mailing lists who see no problem with attacking people's jobs over a  
disagreement. I've run into a couple... one of whom apparently didn't  
know that mail to the abuse address where I worked came to me :),  
another who was apparently surprised when I got upset at him when he  
bragged that he'd managed to get a "kook" fired. There are people on  
IRC who have no more qualms about hosing you off the net with flood  
attacks from botnets than some asshole in SL would have about  
dropping a C4 on you.

And right now, when the absolutely worst thing someone can do to your  
character on SL is to cause you less than a minute's inconvenience,  
and when Linden Labs has repeatedly hobbled the tools available to us  
to try and keep even *that* from happening, there are people calling  
for even stronger restrictions on those tools.

Give stalkers a hook to attack people who thought they were  
reasonably secure, and give griefers a way to project attacks outside  
SL, or give people a way to project grudges against people outside SL  
into the game... and watch out for the backlash.

> It's more than a "useful feature", it's a feature that could  
> revolutionize interactive content in Second Life.  It's at least as  
> important as llHTTPRequest, if not more.

I'm a little confused, because I don't think I'm missing that point.  
In the message you just replied to I agreed with someone who was  
objecting to a *genuinely* obtrusive and annoying scheme that making  
it hard for people to use this feature was a bad idea.