Start Verifying Viewers
tracked
Deadly Bunny
I realized that Second Life allows anyone to create a viewer, which is likely a contributing factor to the existence of copybot viewers and other potentially harmful viewers. I believe there should be a way to use the Second Life API to block unregistered viewers, requiring developers to provide real-life information when creating a viewer. This would help protect creators and users from hacks and other security threats.
Platforms like the Google Play Store and Apple App Store require developers to submit their information before their apps can be listed, ensuring a level of accountability. I previously sent a notecard to Spidey Linden in-world about addressing copybotters, but I think implementing a registration system for viewers is an additional and effective solution.
I also consulted with ChatGPT regarding whether this approach would slow down the system, and they confirmed it would not. I encourage you to consider this proposal to require viewer registration, helping to prevent unauthorized viewers from causing issues for everyone.
Log In
Kathrine Jansma
As long as you have an open source viewer, you cannot really lock down the API and "verify" things. Registration, especially with forced real life information will just kill a few TPVs.
The only reason this scheme seems to work (hint: it doesn't actually work...) for Apples and Googles Appstores is the walled garden ecosystem of Android and MacOS/iOS. They control the hardware, the operating system and a secure boot chain to some trust roots owned by Apple and Google.
Linden Labs has not even close to that level of control over the clients.
DRM basically only works in tightly controlled ecosystems that massively lockdown from hardware level to the operating system. Thats not how SL is setup.
Don't try to fix a legal problem with broken technical solutions.
Marty Mouse
While I fully support efforts to prevent unauthorized actions, security breaches, and misuse, I have significant concerns and must say disagree with this proposition because:
- it will make old viewers like lumiya or any with slow, stopped dev will cut,
- may stop legit people from login who have old computers they may just lost access,
- same as bot clients (this legal one), games avatars and other depends on login to second life also python bots for sending notices or in browser viewers/text clients stop working
- some linux one also are not in TPVD so will stop working.
- developers who is not able to put their legit viewers for many reasons will be not able to help
- indie developer will be not able to nice stuff in same reason TPVD
- its never ending battle what is no winners only lose..
- bad viewer is not need to copybot stuff at all using cache files in normal legit viewer as gpt can say too so what is the point
how it would be? A simple disaster, and not effective and not making things better case.
While I know point of person writing this proposition and i understand copybot stuff is not ok in many cases and problems with people losing accounts but for that is 2fa/ubi, sms authentication, email verification and stuff, what can be done via many ways even if viewer not support it like many now... can be done like discord so login declined until action confirm by email or in web authentication (example second life page).
Also i need to say second life webpage still not have any security system prevent login without like mentioned 2fa.
so in my opinion making aditional layer will only make mess, and i am not sure if do any good...
Please look at my point example if i make viewer i would have no chance to got in TPVD list, like i am basicaly noone, not a company or community as single one person i am cut out from idea and help SL...
Again it make Second Life more closed instead of make it fully open source.
SL was made to be for everyone, to be social, definitely not for making it close, separate from community instead of intgrate, make like family and work together, and open source... so no its not good proposition.
Summary sadly at the end that will not stop copybot because they are already two steps forward if they wish/need to, it will only kill small developers who still need avatar to make their products work like intend. Copybot will stay in that nothing will change but we will lose this good once.
seducedbyahsinn Resident
As much as we invest and abide by the rules secondlife sets, we are always at HIGH risk for fraud, theft, and bullying due to the lack of security. Our sense of security shouldn’t be compromised. This should be our safe space. Despite several efforts of bringing important matters to Secondlife’s attention, we are becoming more and more targeted. And that is not fair.
Darien Caldwell
Don't use a viewer you're not 100% sure about. LL provides a list of approved viewers on the wiki already: https://wiki.secondlife.com/wiki/Third_Party_Viewer_Directory
I think they do enough as it is.
Beatrice Voxel
While it is a never-ending battle between developers and scammers, I do think that Bunny's point is valid - the API for third-party viewers is wide open, and at the very least I would suggest issuing some kind of certificate FROM LL to bake into the viewer, which would then generate single-use keys from that specific cert to pass back to LL when logging in. It's pretty much an industry standard to ensure that a client connecting to a given service can say "Yeah you authorized me for this service connection". The one-shot keys also prevent packet sniffers from reusing a key out of turn.
To Bleuhazenfurfle's points, it doesn't do much for any malware installed to be man-in-the-middle vectors. But there's a way to curtail people 'packing up' their own versions of ViewerXYZ from source and impersonating a known good viewer: Given that the number of 3PV's are fairly low, it would not be difficult to issue certs to specific teams. This means that the 3PV teams would NOT be allowed to fork their certs along with their code (on pain of losing the cert if it gets into the wild) and anyone wanting to do their own compile of, say, Alchemy, would have to ask LL for a cert as Yet Another Alchemy Clone.
Think of it as contractors being signed in at a worksite. Yes, once on that site they can do nefarious things, but they're logged as having legit business there, when, for whom, and under what authorization level. If something does happen, it's easier to zero in on the culprit and also crack down on the nimrod that gave them access.
I don't think we can (or should) go to the level that some game platforms are using, basically putting in anti-cheat rootkits that are as invasive as any malware, specifically to look for and flag anything ELSE that might be running alongside the game. But some kind of simple "yes this is a Firestorm viewer, here's a valid key from the LL-Firestorm cert" handoff should be do-able without too much hassle beyond setting up a top-level cert and cert store. I'm pretty sure LL already has these for their secured websites, and spawning some viewer certs off of that shouldn't be a huge deal.
Kathrine Jansma
How does embedding a certificate help?
If the code runs on my machine, i can hook the binary with a debugger and do whatever i want. No limits. I could just copy the certificate the moment it is used and use it for my own copy. Anyone that can build a copybot viewer can do that hack too.
The only way to prevent that is some hardware based dongle or TPM module requirement, an OS that enforces it and hardware that locks out its owners (aka secure boot/measured boot). Like Android & iOS.
Beatrice Voxel
Kathrine Jansma You don't embed a cert, so much as use a given cert to jump start your keygen for your viewer. Hacking the binary only gives you the keygen, but not the seed used to start it. The keys are time-limited or one-use (think of RSA tokens or other 2FA challenges) so that sniffing a key or catching them with a debugger just gets you a key that long expired.
You WOULD need that cert to compile your build, this is why you don't fork the cert with the build code - instead someone wanting to fork has to ask for it, submit their name, reasons for wanting it, all of that. Any viewer compiled without the cert wouldn't work (the keygen routine would generate garbage).
It wouldn't stop a dedicated hacker, but the upside is a bit of a paper trail on where they got the code in the first place (and which TPV team needs to up their game wrt vetting who gets their code).
(and yes, this is the scheme that was used with AT&T's IPTV platform - rotating keys on every channel, every asset, such that even reverse-engineering a set top box wouldn't get you viewable content... because if you didn't have an account AND a valid box, you didn't get the key to unlock what you wanted to watch. The time it would take to brute force a key using cutting edge equipment was still much longer than the expiry period. Key management was the biggest hurdle to the entire platform, with entire databases dedicated to key storage, and extremely tight NTP standards between all of the servers AND the set-tops. I'm sometimes amazed that it worked... and it was catastrophic when it didn't. The issue with SL is, most of the content is not controlled by LL and they have no control over user's hardware, so the incentive to put a robust key-driven authn/authz system in place is close to nil.)
Zy Butcher
I don’t really think this is a problem at all, and actually puts more barriers on developers that quite honestly, keep this platform alive.
Spidey Linden
tracked
Issue tracked. We have no estimate when it may be implemented. Please see future updates here.
Ansariel Hiller
Spidey Linden You are either 6 months late or early with this April fools' joke!
Cloud Python
"I also consulted with ChatGPT"
You mean the thing that tells you to put shoe polish in a sandwich... ?
Deadly Bunny
Cloud Python I get where you’re coming from, but let’s focus on the real issue at hand rather than on ChatGPT. It can offer helpful insights, but the main goal is to find effective solutions for stopping unregistered viewers in Second Life. That’s what really matters for the community.
Ansariel Hiller
Deadly Bunny Indeed! Let's focus on the actual copyright issues like SL creators using trademarked items for their product and selling TVs with movie libraries. We really need to crack down on people selling those items without having the content properly licensed!
Deadly Bunny
Ansariel Hiller Let’s stay on topic, not shift to unrelated issues like bashing PBR in profiles.
Cloud Python
Deadly Bunny If you wanna focus on the real issue, I'll tell you you don't need a TPV to do any of that, the Official viewer can be used to do that, which makes this whole request moot, it coming from a place of ignorance after all.