For the last few months, a number of third party Second Life viewers have come onto the scene purporting to enable Copybot-like features and other controversial practices. Some viewers have an explicitly nefarious purpose; last August, for example, one of them apparently enabled phishing, and was represented as the project of a leading metaverse developer (who actually had nothing to do with it.) After months of these reports, Linden community manager Cyn Linden has posted a statement on the official blog, announcing the future creation of a third party viewer registry, so Residents can keep better tabs on kosher viewers. (This follows an August announcement of a future content creator registry, launched for similar reasons.) Of more immediate relief to Residents concerned about dubious third part viewers in circulation now is this word from Cyn:
[Some] third party viewers also contain functionality that is being used to copy content without the right to do so, facilitate griefing, enable phishing, collect user data without clear disclosure of such practices, and distribute software that contains harmful elements... Residents who use third party viewers with the functionality described above to violate out [sic] Terms of Service or Community Standards, will be warned and then suspended from the service.
They're talking the talk. Now let's see them walk the walk.
Posted by: Arcadia Codesmith | Tuesday, October 20, 2009 at 11:32 AM
To be clear, the block post states (and I paraphrase) residents caught 'using the features" of a browser that breaks TOS will receive a "warning" first then a "suspension". No mention of a ban.
I like the idea of a registry. But that only tells you who the "good ones" are. It doesn't prevent the 'naughty' ones from connecting into the grid and they are just 'another viewer' unless the Lab finds a way to actually identify them.
What the Lab really needs to do is find a way that legitimate creators and 'merchants' can authenticate their stuff. Like a Better Business Bureau or something.
So that when you enter a point of sale, you can somehow verify that the items for sale are created by the owner of that sales prim (or vendor or whatever).
The whole "copybot" issue can be handled pretty quickly if there is a way to prevent the public reselling of 'stolen' products. (As for private trading, etc.: those people were never going to be paying customers to begin with, so it's really no loss, no gain either way.)
Welp, there be my 2-Linden-Dollars worth. :)
Posted by: Ari Blackthorne | Tuesday, October 20, 2009 at 11:38 AM
I wonder how the third party viewer registry will work. I suppose LL could verify compiled third-party viewers (for a fee?) and digitally sign them? Or maybe they'll write a new application for users to download that will verify the checksum of third-party viewers downloaded with those in the tpv registry? Or something else...?
I'm not sure how else they could stop legitimately registered viewers being patched.
Posted by: Retro Reanimator | Tuesday, October 20, 2009 at 12:14 PM
"What the Lab really needs to do is find a way that legitimate creators and 'merchants' can authenticate their stuff. Like a Better Business Bureau or something."
Would LL have to do that? Seems like an opportunity to me.
Posted by: Jura Shepherd | Tuesday, October 20, 2009 at 02:42 PM
@Jura ""Would LL have to do that? Seems like an opportunity to me."
Actually, yes. Becuase otherwise it's just another resident concoction that has no authenticity to it. If LL did something, then it's authentic and all would know that it's not "in the hands" of any one person, but rather the Grid-Gods.
It's like all the stories of sims being closed and people losing the virtual land thay have leased and losing paid money in the proces. The fact of the matter is the best landord in SL is Governor Linden - because LL will not yank your land from under your feet unless you really do neglect paying your fees (and for a week or two, to boot.
That's the difference.
Posted by: Ari Blackthorne™ | Tuesday, October 20, 2009 at 03:27 PM
Dedric Mauriac had the right idea when he suggested 3rd party viewers have to be verified and issued a key to work. If they viewer goes out of compliance, revoke the key.
It works for operating systems (well - those issued by questionable yet dominant software companies), so why not for software that connects to the grid?
But yeah, this is stupid because it stops no one from writing any client to connect. They do the damage, and they might get banned, but the client still exists. It just isn't on an approved list.
Toothless.
Posted by: radar | Tuesday, October 20, 2009 at 06:56 PM
@Ari Blackthorne
yeah, it would just be the banking scenario all over again. "Trust usssssssssss...."
Posted by: radar | Tuesday, October 20, 2009 at 06:57 PM
Re: Registration, Certifed Developers, Distribution & Resellers
Disclaimer: I am NOT a professional programmer. I'm a business guy 1st and a geek 2nd. These observations/suggestions may be technically challenging and likely fly in the face of at least one Open Source convention. My uber-geek friends have learned to tolerate my for-profit sales & marketing focus, I ask you to do the same.
Registration
As a number of people have pointed out, requiring each viewer to be registered would be a administrative and productivity nightmare for viewer developers and as such, a innovation killer. Why doesn't LL register developers instead!?
Each developer should be registered using both a Real ID and credit card info. In exchange for registration, developers would be issued key credentials, allowing them to compile a viewer or interactive tool that would be allowed to authenticate to the grid.
Certified Developers
Many registered developers create viewers and tools for their own personal enjoyment (hobby). Others do so for the specific intent of distributing them. A "Certified Developer" credential by LL, would let consumers know the person/organization in possession of the credential was a reputable source for custom viewer/client programming. Building confidence and trust from the developer to the user/customer is essential.
Distribution & Resellers
Those who want to distribute custom viewers should also be registered. To sell items in-world or on any linked commerce site such as Meta-Life, a seller should be required to register using the same verification of 1st-life credentials and credit card that are required for a "Certified Developer."
Custom Viewers and VARs
Custom viewers and VARs (Value Added Resellers) are a natural combination. Rather than looking at custom viewers as a threat, LL should encourage VARs to produce unique solutions for as many vertical markets as possible. Ideally these solutions could be either private labeled or co-branded with LL, with an XStreetSL application library section to promote them!
I have blogged and commented on multiple occasions over the past two years, about the need for LL to develop a Value Added Resellers (VARs) program. VARs have historically been the innovation partners who introduce and customize software platforms, provide training and support end users in their adoption of new technology.
Although Enterprise implementations of Second Life make for big press and potentially large individual accounts with corresponding monthly revenues, the potential within the SMB market is hundreds of times greater. I hope this flurry of interest / concern over custom viewers and the discussion of viewer registration, light a fire under the Business Development and "Partner" group in LL and we see a new, robust and strategic Certified Developer / VAR program emerge!
Posted by: Valiant Westland | Tuesday, October 20, 2009 at 09:48 PM
Cyn Linden wrote in a blog post, “ In the past we have been happy to allow development to proceed on all viewer projects, but recently some functionality has been developed that is at odds with our Community Standards and Terms of Service. Some of this functionality includes the ability to encrypt chat, copy content in violation of the creator’s intent, and collect user data without clear disclosure. To help our residents and viewer developers, we are creating a viewer registry that will allow developers to register viewers with us that comply with our guidelines and Terms of Service. Viewers that do not comply may not be registered.”
How LL will ever keep up with reviewing the explosion of alternate viewers and new features is a mystery. Nor will the registry stop viewers like Neil and Cryo from spoofing their identity. Nor will it stop pirates from using proxies ahead of the viewer like the OpenGL debugger.
Gwyneth Llewelyn in one of her blog posts goes over some of the problems of protecting content and what might be done. In her and others opinion it is not so much the theft, which is almost impossible to defend against, but the ability to redistribute the content that is the problem. The suggestion is to only allow registered (RL ID) residents to free-transfer or sell content. A good read and probably the only workable solution I’ve heard.
…and what is the problem with chat encryption?
Posted by: Nalates Urriah | Wednesday, October 21, 2009 at 12:03 PM
A registry of trusted 3rd party viewers is a good idea. However, it will not stop modified viewers from connecting to the grid because there is no reliable way to identify them. It will not stop the copybots.
Some content theft does not even require viewer modification. For example, it's perfectly possible to write a program to extract textures from the standard viewer's cache. It's like extracting YouTube videos from a browser cache.
People have to understand that content protection in SL is an illusion. Content in SL is like content on a website. There is no protection.
Posted by: Masami Kuramoto | Thursday, October 22, 2009 at 12:16 AM
hmm.............as i have used most viewers in secondlife legit and non legit...i have seen many things you could only dream of seeing..clients started almost 2 years ago...and they only killed freeuploads and notecard asset id injections(full perming contents.huds..scripts anything) not that i would use these functions for anything else apart from evaluation recently..thing is what is stopping someone makin a legit viewer but having a plug in system built in eg.....file.......load...load a dll file eg.spam or import ect..and drop a xml file into the required folder for it to show up......they is never gonna be any way for ll to stop anything... anything a viewer can do a proxy can do or a bot can do ...all this is is linden labs Stealing other peoples work.....like import xml files.....lindens said it wouldnt ever be possible.....Anything is possible belive me when i say i have seen it this is my 2 cents that is all do not hate the player hate the game people......... ps 99% of content in sl is ripped off from real life brands....so how is it theft when they didnt make it in the first place ....
Posted by: DeathLinden | Thursday, November 05, 2009 at 09:35 PM
Those are super cute. I like you on Facebook.
Posted by: Shop Hermes Kelly | Thursday, December 29, 2011 at 05:28 AM