Encrypt Server Communications
tracked
Thornotter Resident
Add encryption to all client-to-server communications.
For example, by AES encrypting the UDP packets using a data key sent over the TCP login channel.
If this isn't feasible in the short term, move any messages that potentially have highly sensitive communications, such as chat and IM messages, to TCP.
Failing that, provide a UI warning before users log in using open wifi networks. There is an extremely high risk of real world harm to people who fail to realize the implications of logging in over an open network - consider a scenario where a user logs into SL using an open college wifi network, someone sniffs the network traffic, then passes around private messages about their sexuality or another highly personal topic. I highly recommend that the SL team do an internal risk assessment or threat modelling exercise as a double check. Potentially scary stuff.
Log In
RestrainedRaptor Resident
I can't believe this is still not in progress.
Shamefully, the only reason LL upgraded the L$ payment part of the SL client is because payment processing regulations
required
them to do so by law.Nyx Onyx
I do think we could have end to end encryption while still having it possible for LL to handle Abuse Reports by residents if the messages aren't only encrypted but also signed. The logs on the receiving end can include the signature information, the logs on the LL server side can also hold information similar to what telecommunication companies have: who, when, where. This also makes it possible to use text file logs on the viewer side where today they could be manipulated and therefore not trusted.
Spidey Linden
tracked
Issue tracked. We have no estimate when it may be implemented. Please see future updates here.
Oni Ludwig
Spidey Linden This is outrageous! Just to clarify, the request is not asking for "end-to-end encryption," which would prevent Linden Labs from inspecting chats. We are merely asking to prevent random strangers from having acecss to your private chats, just because it was transmitted through their WiFi router or network service! In the year 2024, literally /every/ chat app provides this basic protection by encrypting communications with the server. Just like how all major websites use HTTPS to avoid snooping.
What is especially bad, is that the Second Life game design distinguishes between public/nearby chat versus "private" conversations. Inside the game, private chats are only readable by the other person. Given this design, a typical customer would reasonably expect that it really is private -- nobody can read it except the other person and maybe some IT engineer at Linden Lab. BECAUSE THAT IS HOW ALL OTHER APPS WORK. But they are being misled -- actually all sorts of random people on the internet can read your chats, by using free tools for "sniffing" network traffic. How can this not be a high priority to fix?? It is an outrageous privacy situation, if not an actual security vulnerability.
DaniSkunk Resident
end to end encryption only will work if LL holds the keys for decryption.
Thornotter Resident
DaniSkunk Resident I don't think it needs to be end-to-end between both chat participants. The minimum would be encrypting client-to-server communications, similar to HTTPS.
VriSeriphim Resident
I remember, years ago, one of the third party viewers having an option to use the "Off The Record" encryption protocol for private messages. Unfortunately, this seems to have been abandoned.
(I do use Mozilla's VPN service, which uses WireGuard, so protects all my Internet traffic, not just FireFox. While not a real alternative, it does prevent snooping on WiFi traffic.)
Jeremy Duport
VriSeriphim Resident That'd be emerald, phoenix and firestorm's predecessor. We removed OTR because of pressure (the do it or we blacklist you kind) from the g team, the LL moderation people at the time. They didn't want users to have in-band communication they couldn't read. Decent enough reasons - plain text logs are an important tool for report resolution, and it's their platform.
Private conversations are better had with dedicated solutions anyway. Telegram, Signal, Matrix, etc are all far more battle tested.
Extrude Ragu
Yeah it's hard to beleive that SL chat is being sent in plain text, this really ought to be secured properly. Residents most likely don't realise what information they're leaking all over the Web. I certainly didn't.
Woolfyy Resident
Extrude Ragu as, demoed by a friend, there are non official viewers where you can compromise an avatar as far as you are in the same sim i-e totally taking control of it (not just chat) ....
Crush Cutie
Just so we're clear. Without the technical fluff, this means :
Chat and instant message text are being sent over the network in plain text.
In 2024.