[sldev] VWR-2581 Ban lists visiable to everyone?

Soft soft at lindenlab.com
Wed Sep 26 18:03:24 PDT 2007


I'm going to differ on this one: My comfortable working model is that
the client should always, always be on the user's side in everything,
and that policy and privacy need to be considered as server side
operations only. Deviation from that model invites insecure design,
and misrepresents protections for the user.

Starring out the media URL on a parcel would invite a user to think
that he could put a private broadcast on his parcel, for example.
Parting from the above model gives him a false sense of security about
his stream and leads him to make bad decisions about what to stream.
The result of this has been that there are pay-to-enter movie parcels
all over SL which can be ripped off by flying over the access barrier
and reading the media URL. If it was clear the URL wasn't protected
because the parcel owner knew he could see everyone else's media URLs,
each would have added one-off IP restrictions instead.

Enforcing no-fly on the client instead of the server has lead to ways
of reaching areas that builders thought were secure, as another
example. When it was discovered that hacked god mode let people fly
upward, many people were upset. Parting from the above model lead to
making a bad decision about where to implement the no-fly feature.

On 9/26/07, SL - Farallon Greyskin <sl at phoca.com> wrote:
>
> That and the parcel media settings being visible are two things I would
> consider privacy violations myself though.And yeah even though that data is
> sent to the client, it really seems inappropriate to display it in the
> default client. (Media streams can cost money and they can so easily be
> stolen currently).
>
> But anyway, as long as is wasn't something in the RC or latest release
> build...
>
> Farallon
>
> ----- Original Message -----
> From: "Iridium Linden" <iridium at lindenlab.com>
> To: "Jason Giglio" <gigstaggart at gmail.com>
> Cc: "SL - Farallon Greyskin" <sl at phoca.com>; <sldev at lists.secondlife.com>
> Sent: Wednesday, September 26, 2007 1:26 PM
> Subject: Re: [sldev] VWR-2581 Ban lists visiable to everyone?
>
>
> > Ban lists in the client are visible to everyone. --Iridium
> >
> > Jason Giglio wrote:
> >> SL - Farallon Greyskin wrote:
> >>> Interesting. Most of the people that have said "it's always been that
> >>> way" have been on about a year or less...
> >>
> >> I've been on closer to 2 years, and it's been that way as long as I can
> >> remember.
> >>
> >> -Jason
> >> _______________________________________________
> >> Click here to unsubscribe or manage your list subscription:
> >> /index.html
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>


More information about the SLDev mailing list