[sldev] RE: Re: Re: Patch to Address Debit Permission Spoofing

Kamilion kamilion at gmail.com
Fri May 25 16:39:23 PDT 2007


Hm. I run a single-database networked vendor that carries many
products from many people.
Already, 50% of the people that get my vendor IM me to ask 'why is
this asking for debit permissions' when it's clearly stated in:

A: The documentation notecard that comes with it, at the very top, in
all caps, and repeated 3 times
B: When the vendor starts up, greets the new vendor owner, explains
itself, and asks for permissions

And after all that, AND handing out the script module that actually
handles the money mod/copy/transfer, most of them tell me directly
that they don't trust my vendor with debit permissions.

Plus, my vendor also emails my logs email account on my domain on
initial start up, which also records if the user accepted permissions
or not -- a full 75% of the new users of the vendor system do not
accept permissions... So in order to alter that, I had to adjust the
vendor to act as a catalog-only system when permissions haven't been
granted, and now I'm in the middle of writing a gift-certificate
system so the vendor is still a viable sales tool.
In order to attract anyone even using the system, I had to allow 10%
of every sale to stay with the vendor's owner (which means 90% of the
item cost is sent to the item's creator) just to stay afloat.


I support the red-colored dialog patch, but the autodeny kind of
scares me a little bit.
Still, I think it's a good idea, and has it's merits.

The main problem would be the classic "user = eye dee ten tee" (user =
1d10t) problem.
I'd estimate that close to 70% of the SL userbase either arn't
informed enough, or just don't care (more likely) enough to bother
with learning how/why/when to use these features/protections.

All this might do is slow down the problem, but that can be more than
enough in itself, much like LL's new age verification system. It can't
stop the problem, but it can mitigate it, and every little bit is
something.

At the very least, changing the debit permissions dialog to red would
have a very good impact, except for the people like my friends who
just rapidly click yes on every dialog because they can't be arsed to
read it.

-- Kamilion Schnook


More information about the SLDev mailing list