[sldev] Re: Texture Bugs

Argent Stonecutter secret.argent at gmail.com
Thu Jan 25 14:18:48 PST 2007


> If SL ever expects to transition from a service to a platform, it  
> will have to confront this problem sooner or later, because it  
> doesn't just affect dynamic textures.  Any peer-to-peer service  
> that is likely to be implemented in the open source client (VoIP,  
> file sharing, direct chat, and eventually users hosting their own  
> sims) will have precisely these same issues.

The big difference is that all of these are voluntary, opt-in,  
limited in scope, and require an explicit action from the user.  
There's a huge difference between this and something that any yobbo  
can make your PC connect to with no notice just because you happened  
to pass within draw distance of a prim; involuntary, opt-out,  
unlimited in scope, and happening in the normal course of events.

The only widely used services I can think of that share information  
this promiscuously predate TCP/IP.

Establishing some unobtrusive and conservative limits on information  
release through HTTP textures would be no more than tracking common  
practice on the Internet as a whole. Consider:

* Java applets can only connect back to the site they were downloaded  
from.
* Browsers not allowing third-party cookies.
* Mail clients not downloading images from external sites.
* Browsers not downloading images from external sites.

The first is universal. The second is now normal and on by default in  
just about every current application. The third is common but not  
normally on by default. The fourth is becoming common, but is  
normally only turned on for specific sites. Significantly, the third  
and the fourth are due to spyware and web-bug writers switching to  
images from cookies due to the second making cookies less useful.

The point here is that existing software on the net, even where there  
was previously no expectation of privacy, is moving more towards a  
situation where information leaks like these are being blocked... and  
they're being blocked because there are people actively targeting and  
taking advantage of them.

> Update the ToS to mention that your IP is revealed in certain  
> circumstances

That would describe the current situation. What we're talking about  
here would be more like "Update the ToS to mention that by connecting  
to SL you are making the IP address of your account public information."


More information about the SLDev mailing list