[sldev] Re: Texture Bugs
Argent Stonecutter
secret.argent at gmail.com
Thu Jan 25 14:18:48 PST 2007
> If SL ever expects to transition from a service to a platform, it
> will have to confront this problem sooner or later, because it
> doesn't just affect dynamic textures. Any peer-to-peer service
> that is likely to be implemented in the open source client (VoIP,
> file sharing, direct chat, and eventually users hosting their own
> sims) will have precisely these same issues.
The big difference is that all of these are voluntary, opt-in,
limited in scope, and require an explicit action from the user.
There's a huge difference between this and something that any yobbo
can make your PC connect to with no notice just because you happened
to pass within draw distance of a prim; involuntary, opt-out,
unlimited in scope, and happening in the normal course of events.
The only widely used services I can think of that share information
this promiscuously predate TCP/IP.
Establishing some unobtrusive and conservative limits on information
release through HTTP textures would be no more than tracking common
practice on the Internet as a whole. Consider:
* Java applets can only connect back to the site they were downloaded
from.
* Browsers not allowing third-party cookies.
* Mail clients not downloading images from external sites.
* Browsers not downloading images from external sites.
The first is universal. The second is now normal and on by default in
just about every current application. The third is common but not
normally on by default. The fourth is becoming common, but is
normally only turned on for specific sites. Significantly, the third
and the fourth are due to spyware and web-bug writers switching to
images from cookies due to the second making cookies less useful.
The point here is that existing software on the net, even where there
was previously no expectation of privacy, is moving more towards a
situation where information leaks like these are being blocked... and
they're being blocked because there are people actively targeting and
taking advantage of them.
> Update the ToS to mention that your IP is revealed in certain
> circumstances
That would describe the current situation. What we're talking about
here would be more like "Update the ToS to mention that by connecting
to SL you are making the IP address of your account public information."
More information about the SLDev
mailing list