Security and Second Life
Monday, October 9th, 2006 at 9:04 PM by: Robin LindenThis past weekend was very difficult, for Residents and also for Linden Lab. It is clearly as unacceptable to us, as it is to you, to have this destructive, malicious activity continue. Many of you have been asking today what Linden Lab will be doing to to prevent the attacks, to keep out the perpetrators, and to prosecute the individuals responsible for destabilizing the world.
We are taking a two pronged approach which we have initiated already. Specifically, we will:
Make it more difficult to attack with grey goo
There have been many suggestions regarding the regulation of scripting and we are in fact looking at technical options which will allow only ‘trusted’ Residents to fully utilize LSL across the grid. It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation. Other ideas are still being explored, and as part of that exploration we’ll be reviewing the many comments that came into the blog today. (Please forgive us if we don’t answer each one.)
Minimize the success of the attacks
The first steps we are taking will help us to lessen the impact of the attacks on the majority of Residents. Wednesday’s release contains the first round of code changes to begin the mitigation of the attacks. In addition, we’re reviewing all processes and documentation to make sure we handle any attack as efficiently as possible.
Finally, we will be meeting with Federal authorities tomorrow to share information we have to date on the attackers. It is not our intention to allow these people to destroy Second Life and everything that we have built together.
October 9th, 2006 at 9:12 PM
There have been many suggestions regarding the regulation of scripting and we are in fact looking at technical options which will allow only ‘trusted’ Residents to fully utilize LSL across the grid. It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation.
Do you accept burnt offerings?
October 9th, 2006 at 9:20 PM
If you are to implement a “Trusted” scripting system, I would hope that the INITIAL implementation would treat all existing users with clean accounts as trusted – even if all new basic accounts with no payment info were NOT classed as trusted. That way, no users would be deprived of abilities they had, and basic no-pay-info accounts would be the only ones penalized – those who are most likely to grief and who are least likely to require the full effects of LSL.
October 9th, 2006 at 9:39 PM
I disagree with the “All Clean” start. I would recommend a 2 month time period to become trusted. Use either a verisign or ID validation process. Face it. No matter what anyone says, they are YOUR servers. You can make whatever restrictions you want to keep the area safe. If people think the restrictions are an invasion of privacy, then don’t join. That is their choice to make. I see vendors leaving by the droves every day. People selling off the SL IP and moving on. Unfortunately we are driving off the people that have tried to make it a community and we are keeping the people who want to turn it into anarchy and lag.
IMHO
October 9th, 2006 at 9:42 PM
I, for one, believe that allowing “griefers” to operate is a mistake. It is my opinion that “Trusted” means accountable for ones actions. To be “Trusted” means you have the required information on file that allows punishment for whatever offenses are commited,
October 9th, 2006 at 9:48 PM
Lol, grandfather yourself into the elite?
I would suggest that the newbies or “not yet trusted” are permitted to create self-replicating objects in the Island Sandbox. I know that when I signed up here I was very interested in creating such things but also very scared of causing problems and was happy when I found a place where I could safely explore the possibilities.
October 9th, 2006 at 9:51 PM
Thank GOD. I’m glad you’re meeting with authorities, I’m glad you’re taking control of the scripting situation and I’m ESPECIALLY glad you’re willing to do something that seems a bit extreme to create a better environment for us all.
Thank you, guys. Though you frustrate me sometimes you always manage to come through.
October 9th, 2006 at 9:53 PM
I see why you’ve suggested that, Locke, and I agree that depriving existing users of the abilities they already had is something to avoid. I also feel for the (vast majority of) newbies who come into SL and just want to play around. I know I sure tucked myself into the scripting system as soon as I joined.
Here’s a devil’s advocate argument, though: what if the people who are doing these attacks have whole armies of alts laying dormant, waiting to be used in an attack? Wouldn’t that have been a logical action for them, if they thought their actions might cause LL to revoke the ability to register unverified accounts?
I wonder if there’s any way to solve that problem while still following your suggestion…
October 9th, 2006 at 10:07 PM
Has the duration on Temp on Rez items been reduced as part of the new measures? Many of my temp on rez teleporters are disappearing now almost a soon as they are rezzed by the controller.
October 9th, 2006 at 10:14 PM
If it’s intentional, wouldn’t it be black or red goo?
October 9th, 2006 at 10:17 PM
I’m also interested in hearing about how you would make Residents “trusted.” Could I submit my resume showing fifteen years of experience in the software industry, for instance, and gain “trusted” status that way?
October 9th, 2006 at 10:23 PM
Lexneva said:
“I wonder if there’s any way to solve that problem while still following your suggestion… ”
A temporary grandfather with full notice to everyone that they must take action to become trusted before a certain date might do it. Implement the flag and verification system but don’t enable the restrictions immediately.
October 9th, 2006 at 10:24 PM
I will refrain from blowing a gasket until I hear a definitions of “trusted account”.
I would however suggest that for not “trusted” accounts scripting ability be left in place just perhaps no uses of the rez and push calls in LSL.
But I really think “trusted account” must be defined and soon. Right now I see a witchhunt happening on the grid to “unverifieds”. Not being classed as “trusted” could be even worse.
October 9th, 2006 at 10:34 PM
Any ‘trust’ system can be abused.
October 9th, 2006 at 10:37 PM
Could you consider a community trust system ? Like having two or three “verified” members vouching for someone in order to have this “trust” label. Of course, the “trust” could be removed for punishable offences (rules breaking).
October 9th, 2006 at 10:40 PM
I know this will be flamed, but that’s ok. I’d rather LL err on the side of harshness and completely eliminate these attacks than err on the side of “fairness” and have these continue, as I’m sure they would. I believe they need to limit the usage of scripts to those individuals who have furnished a traceable identity. Yes, I know that traceable is not perfect but it’s the best they can do, barring unreasonable measures. The individuals who feel they are wronged can then petition LL for rights to those scripts. The scripts I’m referring to, are the scripts that are used to execute these attacks. I also believe that if a traceable avatar ever uses these scripts for harm, that they need to be permabanned with no right of appeal. Some of us actually are trying to make money on this grid, as well as have fun. These attacks are utter bullshit. If there was another “Second Life” available, I’d quit SL now and go there. You’ve been warned, LL.
October 9th, 2006 at 10:40 PM
Trust in the digital realm is a very complicated topic. In most situations “trust” involves some information about identity. This does not necessarily mean, that I have to know the physical adress of someone, but actually that is the easiest solution. All other systems are either hard to implement or easily gamed. Additionally you can never be sure, that someone who has become “trusted” because there never were any “incidents”, does not turn into a griefer at some later point.
PayPal for example goes to great length to verify your (physical) identy as soon as the volume of your transactions grows above a certain level. And that makes a lot of sense. Because there is money involved – like in a lot of Second Life situations, I would like to point out.
On the other hand, Linden Lab wants Second Life to be wide open to newcomers, who might not all like to give out RL identity. It is not easy to find a balance for this problem.
SUGGESTION: So why not restrict certain functionalities to residents with verified accounts SL-wide but still allow unverified accounts to use them in dedicated sandbox regions? And – as another resident has pointed out – umbrella-style grandfather clauses do not really make that much sense, when you are talking about security and trust.
October 9th, 2006 at 10:49 PM
Reason why free accounts MUST stay:
Free accounts are very very important. They boost the economy of SL greatly.
More customers for business people = good
More uploads = good.
More people doing business = good
More people trying this game = good
So that is why free accounts MUST stay.
I am currently on a free account as you may have guessed and I am considering paying for this game to get me a piece of land of my own. But I will never ever want free accounts to go.
They are good for SL economy and what is good for SL economy is good for MY economy.
Then a solution needs to be found for the attacks:
It’s not in allowing no free accounts, that would kill the economy (as axplained above)
It’s not in IP banning. This doesn’t work for 2 reasons:
1) There are very easy ways around IP bans.
2) People living in one house, businesses and schools could not participate with more then 1 account.
A conformation e-mail would be nice to take down unused accounts faster, but does nothing against attacks.
Making it impossible to rez things or to send a script from one object to another or a combination of the 2 isn’t a solution either. We need those functions.
There is only one thing that helps:
That is SL progamming itself: There needs to be a check on instances of the same object in a sim. Simply limit it to 10 (maybe a bit more).
Do this always or just by creation date and time.
I am assuming SL is planning something like this on wednesday.
I have currently been booted from a few area’s because I have ‘no payment info on file’. This is redicilous because the measure hasn’t got the desired effect at all. I can still rez my stuff there without problems.
People that want some protection should make their grounds ‘non-build’ except for group members.
DisQ Hern
October 9th, 2006 at 11:00 PM
I think it has been demonstrated that free accounts are a bad idea. But unfortunately I don’t think they’re going anywhere.
I like the idea of a trusted account system, but am curious as to the criteria.
October 9th, 2006 at 11:01 PM
DisQ Hern: I agree with you that free accounts must stay, and that this witchhunt is paranoid lunacy. However, I am in favour of returning the requirement for payment info. I have my payment info on file, despite the fact I’ve never used it. It would help create a traceable chain back to the creators of grief, and increasing the potential consequences for large-scale attacks.
If you’re over 18, it’s not hard to obtain a valid debit card and use that. Linden Labs have demonstrated, even in the event they did get hacked, that CC numbers are secured and isolated in accordance with law. So what’s stopping you?
Your self-replication prevention idea is nice, but it’s an issue of usage, implementation, lag, and many more factors… constantly running checks against every object would not be sim-friendly, and nor would imposing arbitrary limits. In fact, it’s a good way to break some of the more interesting games that can be generated from LSL.
October 9th, 2006 at 11:02 PM
Yes, any trusted system can be abused. Any technical system, at least. If you take a community trust system, you are responsible of your actions. You don’t have to answer to a software or to some far away Lindens, but to your own friends. If you lose their trust, then they uncheck a button. And if you have less than let’s say 3 vouchers left, you’re not labeled “trusted” anymore. You could also make it more efficient by allowing each paying resident to vouch for only 5 non-payment people, so they’d think about it before giving their vouch. Self-regulation of the community…
October 9th, 2006 at 11:05 PM
It seems that my comment didn’t post. I’m not suprised. Never mind…
October 9th, 2006 at 11:15 PM
“There have been many suggestions regarding the regulation of scripting and we are in fact looking at technical options which will allow only ‘trusted’ Residents to fully utilize LSL across the grid. It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation.”
What the definition is of a “trusted” resident doesn’t worry me so much, as the process on how to become one. As you yourself have pointed out in a earlier blog post, you still have to adjust to the increased amounth of Residents. And it worries that becoming a “Trusted” Resident could be a long process of waiting.
Have you considered outsourceing that process?
October 9th, 2006 at 11:18 PM
A good place to start might simply be turning off LSL scripting for new users who are not payment verified.
Use that as a stop gap measure for now, and then over the next few weeks think up ways to be more permissive (such as LSL scripting, but no rez, etc).
October 9th, 2006 at 11:22 PM
Ok here is my idea : let the community do the “trust” part. Give to any “payment info on file” resident the way to vouch for 5 people maximum. Now, someone who doesn’t have payment info can earn the “trust” of others. If someone has at least 3 “vouchers”, he’s labeled as “trusted”. But the “vouchers” can remove their “trust” (unchecking a box) if the person makes something wrong. And someone going lower than 3 “vouchers” wouldn’t have the “trust” feature enabled until they get 3 again. It should be a way to responsibilize the entire community about security.
October 9th, 2006 at 11:30 PM
I am encouraged by the idea of limiting LSL functions to “trusted” residents. I hope it ends up a positive thing for SL.
Thank you for the update Robin. Oh also for the blog access again.
October 9th, 2006 at 11:54 PM
I would like tp put forward and idea for a SL Community Policing Unit
Introduction –
In the wake of the massive attacks of October 8 there needs to be both an actual increase in anti griefer measures and more importantly as feeling within the community that some positive steps in regards to security are being taken.
Some current in world views of what should be done are:
Removing various Script Functions to reduce the ways that griefers can manipulate the system – Objection – this then detracts from legitimate residents SL experience.
Improve covert monitoring and detections systems as a warning system – Objection – there isa belife that no matter whats systens are installed griefers will find ways to evade them – for example since the introduction of No Push there has been an increase in Cage swarm and self rep. Griefing
Increase penalties for griefing – Objection – The higher the stakes the more the gamble and griefers are attention seekers who see a system as fallible.
Executive Summary
This proposal is a Second Life Community Policing Unit comprised of resident volunteers trained and equipped to handle a variety of situations with an agenda of supporting the community as a whole as well as responding promptly to suspected griefer activity and resident concerns.
Outline
Aim of SLCPU
* a quick low level response to griefing reports especially where Sims or grid may be in danger and to reduce griefing incidents in public places by maintaining a visible presence
*To take the pressure off Linden staff and the live Help and Mentor Teams by being trained to handle interpersonal conflict before it becomes abuse
*To provide another level of Liason in world with an emphasis on security and responsible behaviour
Some suggested abilitiesof SLPCU
*Disable scripts, builds and fly in Sims
*Freeze suspects grid wide
*File 3rd party AR’s in cases where the resident may be unwilling or unable to take action
*Confiscate items grid wide
Identification and Profileof SLPCU members
*Common Surname – special log on – that is to ensure that only members have that surname – relying on Groups is too easy to counterfeit
*Avatars to be open to be Logged into by Linden Liason staff to verify that the inventory etc is as per requirements
*Suggest that the force remains Voluntary with perhaps incentives like relief on Tier fees or membership fees for participants
*Accounts to have limited inventory and not be allowed to hold Linden Dollars
*Conversations from these accounts logged
* Uniform Avatar – non threatining – perhaps in a form that is neither anthro or Furr but rather a creative looking entity that would be difficult to copy and easily recognisable. Avatars should be phantom prim as a defence against attacks
Training of SLCPU Members
*Terms of Service – especially those sections that deal with in world offences
*Assessing whether the intervention is either necessary or wise
*Customer Service and Public relations
*Dealing with various types of weapons
* Negotiaing with and counselling griefers making them aware of their offence and possible consequences
Duties
*To be available at set roster to ensure adequate coverage
*To patrol known trouble spots – Sand Boxes and welcome areas acting as Public relations and tour guides etc in addition to security duties
*To be able to provide immediate response to any suspicious activity and secure areas where dangerous objects may have been rezzed
* Gather in world intelligence
* Support Land owners in enforcing rules for example no weapons, nudity (PG) langauge (PG)
*Act as a liason between Residents and Lindens on security issues
* Investigate AR’s on behalf of Lindens for things like inapproriate buildings and overhang of boundaries – and preparing reports for LL if the situation can not be resolved in world
* To teach griefed residents how to handle grifers and file lucid and complete AR’s
* Teach and promote the responsible use of weapons
*Promote the philosophy and cultural values of SL especially tolerance
Limitations:
* Powers are only to be used to secure a situtaion until a Linden can make them selves available.
* Laws of eveidence apply the word of a community policing member holds no more weight in an abuse report assessment than a standard resident
* Not allowed to accept gifts or gratuities even in their regular avatar which in any way could be interpreted as a conflict of interest
* Residents who hold such a position must declare all Alternative accounts to LL.
* No direct access to LL staff except a designated Liason and as is necessary in the course of duties – LL staff to be made aware that the SLCPU are residents not colleagues.
Outcomes:
* Reduction in the filing of Abuse reports by maintaining a visible presence
* Quicker response to suspected Grid attacks by being able to assess the spread of WAN griefer tools and isolate areas
* Higher retention of residents by providing a more secure and stable operating environment
Kitty Rich
October 9th, 2006 at 11:54 PM
I have to agree that canceling free accounts would be a bad idea. I myself am on the $8/mo plan, with 1536 m of land, which roughly ends up being somewhere around $15-$18 per mo. So I’m not just saying this because I’m a freebie. I’m saying this because the fact that this was free was what drew me to it in the first place. I signed up for a pay account once I realized how much SL had to offer. I’m guessing this is what a lot of people do. And although having CC info on file in case of problems is good, having it be required would drive away some people. I have a friend, for example who is paranoid of giving out her CC information to ANY service online. Not because she doesn’t trust Linden Labs, it’s just that whenever you type anything into a computer and send it across the internet the chance of someone picking up that information that shouldn’t have it is there. I personally think she worries too much but I know that there are tons of people just like her who will quit because they do not want to distribute CC information across the net, even to a trusted place and through what by all intents and purposes is a secure connection. ESPECIALLY if they don’t plan to actually buy anything with it. I really hope this Trusted Member thing works out because it seems like the right approach to the situation.
October 9th, 2006 at 11:59 PM
Locke Traveler said:
That’s a pretty US/Eu-centric statement there. The fact is that it’s not actually even possible for people in many other countries to obtain any of the payment methods that LL accepts. It’s not just a matter of laziness.
October 10th, 2006 at 12:05 AM
Militias (or SLCPU as you call them) are not a solution. Been in other communities, done that, they’re more a problem than anything else : give power to someone, they’ll abuse it. Instead, responsibilize all the users !
“They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
– Benjamin Franklin
October 10th, 2006 at 12:19 AM
I am extremely concerned about the concept of “trusted” accounts. It sounds both elitist and clique-y.
I beta tested SL back in spring 2003. I have owned land in SL since 2003 under various other avies. In the past month I have eliminated my SL land, as of today am no longer a premium account.
My little 100.00 a month is a mere drop in the bucket for SL. It’s not even worth the write off. However my word of mouth, my endorsment on my blogs and with friends, business associates, etc etc etc-I wonder how much that is worth? SL isn’t getting that any longer either.
I recently heard that 3% of the SL population owns land. If that 3% all got together and pro-rated their land payments, based on the grid status, I dare say the month loss of income would be 6 figures. Would LL would be as lackadaisical if it was their income being affected and not the residents?
October 10th, 2006 at 12:21 AM
Hold on now, it states that only trusted accounts will be able to fully use the scripting system. Everyone is complaining about how new users won’t be able to script, but it could just be a non-”trusted” user’s scripts containing any commands that could allow it to replicate would simply not compile. Say, certain commands can only be used by qualified users. Anyway, looking forward to what you come up with, and I hope it does not prevent new residents from being interested in learning scripting.
October 10th, 2006 at 12:24 AM
Thank you for that comment Lexneva.
I would like to add that I dont put my personal info up lightly on the internet.
As shown not so long ago, any system can be hacked and I like to limit the damage.
Especially if I am new to a game I will NOT put any personal info up in any way. That includes having a creditcard or not.’
If this game would require creditcard info to play it, I wouldn’t have joined in.
Kitty rich:
You are suggesting a ‘user managed’ game. Interesting. Lets go over your points:
*Disable scripts, builds and fly in Sims
I agree
*Freeze suspects grid wide
I agree
*File 3rd party AR’s in cases where the resident may be unwilling or unable to take action
WTF is an AR?
*Confiscate items grid wide
I agree
Identification and Profileof SLPCU members
*Common Surname – special log on – that is to ensure that only members have that surname – relying on Groups is too easy to counterfeit
huh?
*Avatars to be open to be Logged into by Linden Liason staff to verify that the inventory etc is as per requirements
I agree
*Suggest that the force remains Voluntary with perhaps incentives like relief on Tier fees or membership fees for participants
I agree
*Accounts to have limited inventory and not be allowed to hold Linden Dollars
That would totally reduce the gaming experience to 0. SO I disagree.
*Conversations from these accounts logged
I disagree. Because of privacy.
* Uniform Avatar – non threatining – perhaps in a form that is neither anthro or Furr but rather a creative looking entity that would be difficult to copy and easily recognisable. Avatars should be phantom prim as a defence against attacks
Why would the avater type do anything against attacks. It’s part of the game to be able to change your avater almost endlessly, it’s what LL advertises with. I disagree.
Thats it for now.
October 10th, 2006 at 12:26 AM
Having made my concerns regarding the lack of security on the platform, I recognize LL are taking steps to address those issues.
I am delighted they are taking action and do expect to find some inconveniences occuring for some users over the coming weks, as those measures bed down. Frustrating as that may be, I hope a viable solution can be found.
There are a myriad of solutions being suggested, maybe LL could discuss ideas with relevant groups of Inworld residents.
Not to create an ‘elite’ but to utilise the great experience within a highly skilled population. As an example, my knowledge of LSL is limited, it sounds sensible to me that self replication should be restricted, however, with my limited knowledge that could be barking up completely the wrong tree. There are however a good number of experienced and capable residents who can assist.
October 10th, 2006 at 1:01 AM
I like the idea of becoming a “trusted” resident in order to use certain scripting features, and I can think of several ways to do this that don’t involve having to submit personal info or payment details – because I understand that people in some countried cannot get debit/credit cards or Paypal, and some do not want to submit personal info from fear of identity theft, particularly in the wake of last month’s data theft.
Here are some more ideas of how avatars can get to be “Trusted” and I think it should be based on a combination of more than one of these things
On the amount of logged-in time. Say, for instance, once an avatar has been logged in for a certain amount of time (pulling an arbitary figure of 200 hours out of thin air here). It means that alts become Trusted when they have actively participated in SL for a while.
On the amount of Ratings they have received from other users (eg the ratings for Building, Appearance, Behaviour and Given that show on the profile). Maybe there needs to be a certain score in Behaviour, or in a combination of these, in order to become Trusted. But a caveat – do check to see who is paying for these ratings!
On the amount of money they have both earned and spent in-world. Whether the user is gaining money by making content, or by simply purchasing currency, its a sign that they’re actively participating in the community.
There are probably more, and I think the status of Trusted should require EITHER payment info on filt/ID verified by passport/driverslicence etc, OR a combination of several/all of these other methods. In other words you can always get immediate Trusted status by submitting your payment or ID details.
October 10th, 2006 at 1:06 AM
DisQ:
>*Conversations from these accounts logged
>I disagree. Because of privacy.
I Agree. Those would be special accounts, not for private playing, but for “work”. Other accounts(avatars) of person should not be logged.
October 10th, 2006 at 1:11 AM
I simply do not accept the argument that requiring users to provide reliable identification via a credit/debit card is either a security risk or somehow a hardship for those outside the EU/US.
Using a credit card online is no more risky than presenting it physically at a retailer or restaurant. Furthermore, in the majority of jurisdictions, the credit card companies are required by law to indemnify their cardholders against fraud (whether they tell you this explicitly or not).
The underlying issue is the same as in the real world, you cannot have a secure AND anonymous environment, something somewhere has to give. Vibrant economic development has been the cornerstone of growth in all societies. However there must be confidence in the stability and security of the society in the first place before it can begin to thrive.
Many here are quick to point out that this is no longer just a ‘game’. If this is the case, then you have to accept the need for a robust and reliable gatekeeper to protect your borders – even if this is just ensuring that you know who is coming in. Suggesting that you can hide behind a utopian ideal of a perfect and yet entirely liberal society is naive, if you genuinely believe that just like real life, SL can grow into more than just the sum of its parts.
October 10th, 2006 at 1:23 AM
Karl:
*On the amount of logged-in time. Say, for instance, once an avatar has been logged in for a certain amount of time (pulling an arbitary figure of 200 hours out of thin air here). It means that alts become Trusted when they have actively participated in SL for a while.
#I don’t participate too much in SL recently due to systained unstability. And when I first logged I immediately started to interest in scripting, because I’m programmer. Possibility for scripting was the best value of SL for me. If I couldn’t script from beginning, I wouldn’t play SL.
*On the amount of Ratings they have received from other users (eg the ratings for Building, Appearance, Behaviour and Given that show on the profile). Maybe there needs to be a certain score in Behaviour, or in a combination of these, in order to become Trusted. But a caveat – do check to see who is paying for these ratings!
#I still have 0 in all ratings, but I made some useful scripts. There are many other people like me, who like to experiment, are not bad, but do not have any ratings.
*On the amount of money they have both earned and spent in-world. Whether the user is gaining money by making content, or by simply purchasing currency, its a sign that they’re actively participating in the community.
#I think it’s your best idea, but it’s easy to make many transactions back and forth between two avatars you own, so it would be extremely easy for griefers to counter this rule.
*There are probably more, and I think the status of Trusted should require EITHER payment info on filt/ID verified by passport/driverslicence etc, OR a combination of several/all of these other methods. In other words you can always get immediate Trusted status by submitting your payment or ID details.
#You would need to account for every country id scheme. For example in Poland we have something called PESEL, it’s unique id of every person, something like (I believe) in US, but not everyone above 18 have drivers licence. In many other countries there are other means of identifying people, but how would you check this ident is valid in first place?
#Also Payment info requires credit card. In many countries it’s hard to have credit card.
I’m sorry I have to disappoint you I do not have better ideas than you, but your ideas are still not very good.
October 10th, 2006 at 1:26 AM
I applaude the quik decisive action and the willingness of the Lindens to begin steps to put more power into the hands of the legitimate willing and cooperative members of our Community. we have to realize that any new policy enforcing team will have many challenges and kinks to work out in the process but overall this will benifit our community and get the people that are dealing with players on a face to face basis more involved and in charge of where and who they are playing with.
any system that gives one group a higher power than another will find abuses and problems, ( did we just see this with prisoners in iraq ?) but as long as the people that are given the responsibility to do the task are also given the authority to do what they need to get it done and are held accountable to their actions, I am sure that it will be applicable to meeting our needs as SL gamers.
time to step up to the plate fellow SL players,… here is our chance to make a difference in the sl world as we know it. we do not want to see SL change overall, just be stabile and fun for everyone that is actually participating in the experience.
instead of pointing your finger, open your hand and help the world around you,.. in any small way you can thats what builds a community.
lets hope that LL and the authorities grab this griefer and that the procecution is swift and sever enough to make the news and make future attacks less attractive.
Kitty Rich, you have an amazingly well thought out and logical thought process started, I will vote for you in the next SL election.
October 10th, 2006 at 1:26 AM
I will absolutely never in any way agree with or support a resident force such as was proposed above.
particularly giving them the powers outlined.
No one is uncorruptible. And those powers can be badly abused. You may say well if the abuse them then they will be disciplined. But that does not help the poor victem of their abuse.
NON SL should never go there.
October 10th, 2006 at 1:27 AM
o.o
Trusted residents can run scripts only – thats going to be a nightmare. how are you going to allow new ‘untrusted’ residents to run any scripts at all, even ones that might be in objects they are given / purchase? And if you allow untrusted residents to run scripts created by another thats not going to do a damn thing.
The very last thing you want to give griefers is a good reason to have well thought out plans of attack.
The best solution IMO would be to embed a counter inside all prims, every prim that gets rezzed inherits the counter of its parent less 1 (or a power / fancy formula) and the parents value also decreases, when a prim has 0 ‘rez energy’ left, it simply cant rez any more objects. Add the option to kill to pass energy from one prim to its parent on its own death. Scripters will be forced to tidy up after themselves.
Machine guns still work, rez-foo will still work, grey goo is limited to a fixed amount.
As log as scripts can rez objects that in turn can run scripts you will always have the potential for grey goo, either intentional or by accident – its far to easy if your playing with AL for example to have a run away experiment. The ideal solution would be allow ppl to have runaway’s but have a safety in place that caps the total size.
Its not about stopping grey goo, its about making it more trouble than its worth.
October 10th, 2006 at 1:33 AM
First, hopefully the method to become “trusted” doesn’t involve a league of players who are already trusted and govern who can and who can’t be trusted, as I see that as a form to create such an elite party that wouldn’t be freely open to all.
Instead, I hope to see group management for trusted. Anotherwords, as a user I am able to specify which groups I want to trust and not allow someone to tell me who to trust.
Also, sim owner and land owners would be able to specify the default groups to trust for scripts to run on a parcel, but transactions would need to be further trusted on the user end also.
This would mean there isn’t just one single group of trusted scripters. Instead, there would be several groups. A land owner may trust some groups and not others, and a user may do likewise.
This way a user could script anything and have full access to all script features, yet its abilities to affect other agents or the sim are limited by trust.
@karl: Ratings are a good way. Payment info method is not acceptable.
@locke: As easy it is to get a CC, it is easy to get a fake CC and use it.
October 10th, 2006 at 1:36 AM
I really wonder whether banning people or limiting access is going to solve this problem.
Let’s see if I’ve got this right:
– People can make, give away, sell objects which can self-replicate.
– People who get the objects can’t see what scripts are inside them.
– A self-replicating object can bring down the whole grid.
– There are businesses making money in SL that they can convert to money in RL, so they (and the grid itself) are likely to become targets of extortion, like online gambling businesses do on the public internet. So people will be prepared to spend time and money getting the ability to make these attacks.
That means as long as a substantial number of people have the ability to make self-replicating objects, these attacks are going to continue. Stop the free accounts? Attackers will sign up for paid accounts, or hijack other people’s accounts. Require time spent in SL? Attackers will spend time in SL, or hijack the accounts of people who have.
Bottom line: The design of the SL platform is broken, and needs to be fixed. You need to limit how objects can self-replicate – even if that means breaking people’s existing scripts. Banning IP addresses, checking for payment, calling the FBI… All these things will buy you time, at best – and maybe not even that.
October 10th, 2006 at 1:45 AM
I have no problem with a select group of ‘trusted’ user playing a controlling role.
Those are called moderators and are found all over the net. Lindens would offcourse have full power over them to stop abuse.
There should be a fixed amount of moderators per users registered.
The counting idea of rezzed objects is very good. I like it. It’s similar to what I suggested.
Maybe you could even add a landowner option to buy more rez energy per day.
If the rez energy is exceeded the owner must get a message and the amount of energy ill not reset until the owner of the land repons in some way.
It’s a bit difficult with ‘holo’vendors. More people means more people rezzing objects. There needs to go a lot of thought in how to do this precisely but I think it would work.
October 10th, 2006 at 1:46 AM
I was a London policeman in a past life. What applied then in rl, applies here in sl. The best deterrent is the *certainty* of being caught. Make sure your detection systems are the best.
LL should publicise the sl terrorists’ names, publicise their crime, and their subsequent punishment at their court appearances. They should be hammered and seen to be so, every step of the way.
Zero tolerance is the only way.
I saw a three day suspension for a grid attack by someone. Really… that is simply suicidal to sl.
October 10th, 2006 at 1:52 AM
ninjafoong, your ideas intrique me and I would like to subscribe to your newsletter.
Ratings are a bad idea, anyone can get their griefer friends to rate them up, and there are good people with low ratings, especially since they cost money and don’t mean much, anymore. In addition, how can someone rate you on your scripting abilities when you can’t script? Catch-22.
I also don’t like the idea that you can buy your way to scripting, frankly. How much is enough? How much is too little? This sounds complicated. :/
Really, what other games or mmo’s don’t require personal info for a tryout? I wish they would bring back verification. Ah, well, must pump up those numbers…
October 10th, 2006 at 1:52 AM
If they only allow verfied accounts to use scripts then what about my friends who don’t have verfie accounts who know alot about scripting who help me build and design and mantain no laggy scripts :’( This would be a disataor for most of sl and the spirits of the residents
Don’t do this option please.
October 10th, 2006 at 2:10 AM
Thank you for your comments, Lexneva and DisQ Hern. I’m not great in english so I will basically copy DisQ’s comment:
I would like to add that I dont put my personal info up lightly on the internet. As shown not so long ago, any system can be hacked and I like to limit the damage. Especially if I am new to a game I will NOT put any personal info up in any way. That includes having a creditcard or not.’
If this game would require creditcard info to play it, I wouldn’t have joined in.
October 10th, 2006 at 2:17 AM
Folks, nice to see the positive, constructive comments in here (as opposed to all the wailing going on while the grid was in various stages of resurrection!)
Earlier, people seem amazed that hackers could get into a system and bring it to it’s knees – where had they been for the last 20 years? That’s what malevolent hackers do (“script kiddies” seems appropriate in this case). All that can be done is fix the problems they exploit and (this is the hard bit) try to anticipate their next move.
Ever since I have been exploring SL, I have been constantly wowed by the amazing things people have created. LL have created such a nice, seemingly simple platform, and so many people have followed in to create some truly spectacular content.
I was similarly amazed at the openness of the platform – that you can just go in there, and make stuff! Awesome! Of course the last 48 hours have shown there is a downside to that. It’s a hard balance to maintain but for me, LL seem to have struck a good balance. You can’t enable all this cool creation, and add a simple caveat “Only create good things”. Of course we must obey some rules, but be careful not to over-compensate for the sake of positive creative freedom.
Like many others have said, thanks LL for getting the show up and running after these concerted efforts to bring SL down. The perpetrators love the notoriety and they will try again!! It’s obvious how many people love SL so my hit prediction is the bad guys will lose out at the end of the day.
Peace!
October 10th, 2006 at 2:28 AM
Those “3 day suspensions” are not what the real replicator attackers are getting. The permanent bans are not showing on the police blotter. There was a blog post about this maybe a week ago, explaining this misconception.
One problem with the grey-goo thing is that, while we can set our parcels no build / no script, people can still rez things on other parcels and throw them onto ours, inventory offers still work from outside parcels and so on. If we could set our land to “no build / no prim crossing” a grey.goo attack would be stopped quickly by a wall of restricted parcels.
October 10th, 2006 at 2:28 AM
I think we pretty much established that blocking unverified accounts isn’t an option Tsu.
It would cut into SL (Linden) economy so it’s not wise in any way to use that.
October 10th, 2006 at 2:42 AM
I am on a “free” account, however I spend money in SL and therefore have information on file. I think it would be easy for the authorities to find thoes of us who purchase $L online, so I don’t think I’d lump thoes of us who by $L online in the same group as the “free” accounts that don’t.
“I will absolutely never in any way agree with or support a resident force such as was proposed above.”
I have to add my agreement with Darkness’s statement above. Power corupts, that is a sad fact of life. Control of these types of greifers must be possible via programing I would think but I’m not a programer so I might be in error.
Thank LL for your commitment to end this and your hard work. Its appriciated.
October 10th, 2006 at 2:49 AM
The concept of a trusted resident regarding scripting is a good idea and it follows on from a post I made in the Residents answers section. However I am of the view there may need to be a distinction between those who are trusted, and those who are both trusted AND able to generate code.
Looking at my acount balance in Linden dollars I am pretty sure Linden would trust me….as I have too much to loose if booted off.
However being blunt I have not a clue how to either script or use scripts, indeed the only script tool I personally use is a land edit tool (with great caution).
So perhaps a distinction between those who are trusted to use scripts grid wide and those who are trusted to create them might be a good idea.
Regards
John
PS. If the poster who said he was a London Policeman actually was what he said, he would understand that Linden might be constrained in terms of publicity until such time as legal convictions occur
October 10th, 2006 at 3:02 AM
Yes yes yes
Thank you Robin and thank you to to the rest of the Linden team for listening to the many concerns expressed by all of the residents of SL and for acknowledging that the problems will now be addressed properly in a way that is as fair to everyone as possible. This sounds like a very positive move that I for one am sure will go a long way towards making the events of the last few days a far less common occurence and will hopefully restore some stability back to SL for the future. Its great to hear that you are liasing with the authorities to bring as many of these idiots to account as possible and that wednesday’s update will contain more preventative measures. I’m sure most residents feel that a total end to unverified accounts would be unfair to the vast majority of well behaved new residents and most of us would not want that to happen. As i pointed out yesterday, we need and welcome new growth in sl but with it we need accountability too, some kind of system for gaining a trusted status for new residents seems to me the best and the most fair solution for the future of sl. Although no system is ever going to eliminate the problems completely this is a big step in te right direction, thank you .
Yes it will mean that there will be restrictions in place for new arrivals but this absurd notion that everyone has a’right’ to come to sl and what whatever they please has to stop. Think of it in a positive way folks, accountability for your actions and a system where you have to earn a trusted status in order to be given all the priviliges that sl has to offer will still allow for the needed future growth of sl without excluding peolple who for whatever reasons cannot or do not want to supply payment details and at the same time will better foster the idea of belonging in sl and that we all have a part to play however big or small we want that to be in building the community for future years. As my old Ma used to say, respect is not something you are given, it’s something you have to earn.
Am i blabbering on again? Too much caffiene doh!
October 10th, 2006 at 3:03 AM
Residents fall into three categories: No Payment Info on File, Payment Info on File, and Payment Info Used.
Customers only fall into one category: Payment Info Used.
It might be simplest to discard an overly-complex “trust” system for scripting in LSL and allow only customers to script and create scripted objects.
However, LL’s product menu is pretty limited: premium membership subscriptions, island set-up fees, tier fees, commissions and fees from Linden dollar sales on the LindeX, and sales of new Lindens by Supply Linden on the LindeX. Presently, the largest portion of revenue for LL is from tier fees (which are paid by premium members).
As a single currency transaction grosses only US$0.30 (thirty-cents) for LL it seems unlikely that this should be allowed to meet a minimum threshold for the ability to script.
Far better that this be limited to premium accounts as they’ve made it clear they have a stake in SL and that they’ve made a decision to put down roots within the community. This also creates an incentive for basic accounts to upgrade if they wish to script.
Presently, LL’s system of “open” registration has created havoc with your customers. Now would be a good time and consider: If by limiting scripting to Premium accounts only would this result in increasing the existing Premium account base? Would this also result in net increase in tier fee revenues?
It’s your bottom line to do with as you see fit. But ultimately, your bottom line is the result of your customers’ continued enjoyment, not their continued patience.
October 10th, 2006 at 3:23 AM
I totally agree with LL creating “trusted” accounts.
If this is a way to keep the things up and running – go ahead!
I’d also suggest that only “verified” Users get full access to SL.
Newbeis (not verified) may take a look at the world of SL but they should not
be allowed to mature content sites on SL – and they should be restricted to
special Sandboxes to try their experiments.
(To prevent minors beeing exposed to nudity – violence or even pornographic content)
It’s sad to say but I prefer the “old school” regulation that only “Payment Info used”
accounts get the “verified” status to prevent SL from further attacks.
And I don’t see why someone isn’t able to create a PayPal account or even a prepaid
Credit Card account. (Prepaid credit cards are available all over the world)
And if someone can’t afford that I’m not sure what’s wrong with the person.
There are only 2 possibilities for me:
1) It’s a minor and has no rights beeing on the Main Grid
2) It is someone who’s trying to hide his real identity to SL
And in both cases I would suggest that this person should look for some other place
to spend her/his time.
I now it sounds rough – but I’d rather accept stronger regulations than having continuous
attacks to the grid.
Thumbs up for full verified accounts.
October 10th, 2006 at 3:36 AM
And so Second Life loses its innocense.
October 10th, 2006 at 3:45 AM
“Customers only fall into one category: Payment Info Used.”
WRONG!!
Consider this:
People that play 100% free in this game do 3 things that make them an SL customer:
They sell products: and thus contributing to the SL community
They buy products: for example from people that DID pay for this game.
They upload stuff: and thus paying SL money for a service they provide.
All of these three point are good for SL economy.
And to repeat myself:
What is good for SL economy is good for MY economy.
Conclusion: keep the free accounts, just make the game work in such a way that ‘grey goo’ creation is impossible. Linden is going to try precisely that on wednesday I hope.
How do I get to that test grid? Can I try to create a ‘grey goo’ script there? To help SL get rid of them?
October 10th, 2006 at 3:49 AM
The two pronged defense is good, as far as it goes. But will not solve the problem.
1. making it more difficult to be in a position to disrupt (rights only after a while, or with verified ID) deters those who just want trouble (imagine teenagers with atomic bombs!). This reduces copycat attacks.
2. this does not stop those determined to disrupt for whatever reason (e.g. simply because you make it difficult etc.). For these you need to be able to (for serious offences) trace back the event to the causing person and then to the RL ID of the person and sue. There is overwhelming evidence that it is the feeling that one will get away with it (not be caught) that deters – not the extent of the punishment. If people *Feel* they are anonymous they will try it.
3. there should be an “911 number” for serious trouble to be reported (i.e. SL terrorism)
4. you need to get the SL citizens on side to help – you will not be able to prevent attacks otherwise. They should have Linden-type rights over their own land and be able to disable scripts, clean up unwanted objects easily etc. There should also be a conteact for suspicions to be reported.
5. You have to limit the SL world so that destruction is limited to areas or whatever. If you do not do this then a fanatic will sometime try it, regardless of the above.
You need all 5! Then you will be able to reduce the problem (it will never go away). You will not be able to “outthink” the hackers with clever programming (after all MS cant!).
October 10th, 2006 at 4:01 AM
Elex: It’s also important to understand another type of customer. For example, I have an alt account. It happens to be free because LL wanted me to go that route. I pay into that alt account from this one which is full Payment Info Used with tier. My alt can (and does) go shopping around all of SL. If that alt account wants more L$ I use Lindex on this main account to get some and pay it through to the alt, simple. So you see you can’t judge an avatar by its payment info.
October 10th, 2006 at 4:21 AM
[...] http://blog.secondlife.com/2006/10/09/security-and-second-life/#more-411 [...]
October 10th, 2006 at 4:30 AM
Right, i see a typical us tendency here. Some people of group X do bad things, so let’s pick on all people of group X. It is so with your stupid war on terrorism, and now this is imported into second life as well. I thought I had found a nice virtual place in second life, one i’ve been dreaming about when i was a kid even (always been very interested in VR). But now the xenofobia gets imported, I think i will skip.
October 10th, 2006 at 4:39 AM
I think there is a smart way to verify a non-griefer Account.
If LL logs data about a Citizens Activities (i hope they do)
its possible to see if a Person is a ‘good’ Member or not.
Take my Account as an Example : lots of time spent in SL,
lots of Chat, built stuff, wrote many Scripts, uploaded Textures,
Member of some Groups, visited many Places, filed a few AR’s,
sold Items, bought Items, collected Freebies, gave some Items away,
have some Friends, got not Reported for doing something wrong… and so on…
Do you see a Pattern here ? Data Mining would do that, i guess.
Now take Permissions away from me, because there is no
Payment Info on File ? Would be too simple.
LL has some good Software Developers, i think you can do
better than that, just use the Data that is available.
October 10th, 2006 at 4:40 AM
It is *NOT* always easy to get a credit card – perhaps it is in the States but not always so in other places. Or else, the card that we can get is not accepted … oh but a mobile … well that may well not apply either outside the US.
Know what would really stop this sort of thing? PEOPLE NOT BEING MORONS. Case closed, and impossible to make a reality.
The point about dormant alts is a valid one … how will these be purged out?
October 10th, 2006 at 4:42 AM
Boy I am not sure about some of you people….who sit there and worry about “trusted” taking your exsisting privilages away..
I personally think, and now don’t shoot me for this…but If LL does things right and I am hoping they will…
Will require a total reset across the board on you freebie people, meaning that any of you existing free account holders would have to before logging in again have to go through some sort of validation process to be able to get rights to script….and maybe even paying customers (meaning membership paying) should too…
Some serious security needs to be put into place and LL need not take any considerations or be easy in any fashion weather you are paying or an account…. the grid has been far far too unstable the past few months and it is affecting all of us including LL, if it was my company I would have never allowed for free accounts to have scripting to begin with plain and simple…
I understand that some free account people are legit content creators, but the excuse I don’t have a credit card or I don’t trust entering a credit card online…is no excuse for LL to give you the keys to the kingdom… I don’t use a credit card but I am a paying member… I pay by paypal…anyhow this is my humble opinion…piece and long life.
October 10th, 2006 at 4:44 AM
Payment Info and “honest” residents
My point of view about this is surely biased, because I’m on a free-account, so every restriction against residents without Payment Info on file would harm me. But the point of view of people that complain about free-account residents is biased as we…
October 10th, 2006 at 4:46 AM
Doesn’t it strike anyone over at LL that things are turning a little dystopian? Trusted users? I mean, you already have us visually seperated into classes, but now you’re planning on making bigger divisions. Bringing in the RL authorities says a bit, as well. I hate to say it, but I doubt they’ll be able to make SL safer. Does the Patriot Act apply in SL? Why didn’t you categorize this post as originating from the Minipax? Oh, I forgot, everything on the blog is from Minitrue.
October 10th, 2006 at 4:46 AM
Free Acounts=Good. They provide a influx of persons into SL and increase everything all around.
Unverified Accounts=Bad. No traceability (don’t hand me the IP or Hardware Hash bs. They don’t work and you’re a fool if you think they will.)
I agree that not everyone can have a CC or PayPal account. Payment information is an inadaquate validation process. There MUST be other means to verify accounts. Why can’t LL investigate these and help protect the community by taking the weapon of anomity away from griefers and DoS attackers?
For whatever verification system is used, LL only need do two things after;
1) That first Verified Account is free. No charge to join. This will continue to allow SL to have the influx of population desired by all, as well as to let the option remain for people to join and explore without worry of payment.
2) Each and every Alt Account after the first costs a one time 9.95$USD fee. Reasonng is tnat if you need an Alt Account you feel that SL is worth the extra effort. A griefer who is currently making an Alt just after being banned and comming back into SL will not do so if faced with a 9.95$USD fee. It would also reduce the amount of griefing as some won’t want to risk thier freebie account being banned.
I’d like to point out (since some will miss it and go ballistic over nothing) that the 9.95$USD fee for Alt Accounts is paid only once. It is not a monthly fee, simply a one time startup fee.
Free Accounts do not equate to Unverified Accounts. People need to stop looking at them as if they are the same and fix the problem at the root. The Teen Grid still requires verification. Why do you think all the griefers and DoS attacks happen here on the Main Grid?
~Jessy
October 10th, 2006 at 4:54 AM
*Or else, the card that we can get is not accepted … oh but a mobile … well that may well not apply either outside the US.
Yep, I had same problem. My card was not authorized yet for online transactions, and my mobile number doesn’t seem to work. I had to wait about week before I was able to register.
October 10th, 2006 at 4:57 AM
I’m an oldbie, so I can say without reservation that I agree with the ‘London Cop’ — whenever possible, publicize the trail of crime to punishment. If it is readily apparent that you’ll get caught, prosecuted and ‘outed’ to the community at large – it may act as a deterrent where common sense fails.
I don’t have a problem with ‘free’ account players, just the lack of information about offenders after they’ve been ‘processed’ through the LL system. The perception right now, to me anyway, is that you go and screw up the grid, fry an alt in the process, and then go and sign up again to plan your next ‘fun’ crashing activity.
October 10th, 2006 at 5:03 AM
right on : Jessica Elytis
But, I don’t think there is a real way to prevent multi-accounts as the system from what I seen already does that, but is easily bypassed by using another machine to register from and using a different email address… I know because I created an alternate account to logon as for when I didn’t want to be bothered while I build stuff..from all my friends….or just wanted to explore without being known..
I don’t think if it was a paying only system would prevent an influx of people, sure it would dwindle the numbers quite a bit…..but also don’t get me wrong I don’t feel a pay only system is the answer…
I mentioned this before in the forums and here
How I feel it should be fixed :
1) User signs up for an account, they get to explore build basic stuff (no scripting at all)
2) If user wishes to script, they sign up for a content creators ID, key, token or whatever you wish to call it….and info has to be validated in some fashion…to proove you are who you are… this will give you scripting capability and that ID must be placed in your scripts for the script to work otherwise the system will just not run it.
3) If you are a paying member you automatically get a content creators ID, because payment info can be tracked back to said user.
This is how it should be done…
October 10th, 2006 at 5:18 AM
I agree with Maxx. Right now it appears from an outsider’s perspective that the worst that can happen if you grief is that you lose a free alt. account. Considering how much US$ is reported changing hands daily these last few crimes have cost literally millions of dollars to SL customers. Catch one of these guys and post his trial and punishment everywhere you can. Get your buds at Popular Science to run a special on virtual terrorism and post the perpetrator’s picture behind cell bars. Scare the crap out the next basement dwelling bed wetter that is thinking about griefing.
October 10th, 2006 at 5:33 AM
Could you guys consider as a FACT that it’s NOT POSSIBLE for a lot of legitimate users to use LL payment-based verification? This subject turns as a troll
Take my example, i live in Belgium:
- Debit card in belgium are not useable for internet payments (at least with 99% of web sites requiring Visa or Mastercard)… I made another try right today, after reading people saying modern debit card can be used… It’s false, at least in my country
- I created a paypal account, but to use it with LL i have to specify a payment method. Provisioning paypal from Belgian bank account is not allowed… Once again, the only way to use my paypal account with LL would be to have a credit card
- Of course, as there are plenty of other payments solutions available here, credit cars are quite reserved to an “elite”. Those who have sifficient incomes to get such a credit
No matter how many success examples you have of getting verified without credit card, here it is SIMPLY NOT POSSIBLE. I am sure there are lot of other countries where it’s the case.
So please, don’t argue anymore that it’s so simple to use payment-based verification!
October 10th, 2006 at 5:37 AM
And now about the free accounts… I used a free accounts for months…
I have a business in SL:
- it carries a traffic over 8000 (when there are no grid-attack of course)… lot of customers are so-called free accounts too.
- there are 30 workers in this business, about 10 of them work here daily. most of them are so-called free accounts.
- 90% of the people i see in my club wear wonderfull clothes, magnificent hairs, have awesome tools and attachment… they bought it!
Can you still argue that free-account use SL without generating profit to LL and the community?
- while i found lot of interesting scripts in SL, i wrote and i am still writing my own ones to meet some requirements, and lot of people ask me to sell them, cause they do things other ones don’t.
- people and investors wanting to create their own business use my services to create customs solutions for them
Can you still argue that free-account are useless in term of knowledge?
And of course, as a lot of people said, would SL have been restricted to verified accounts, or would have been scripting or object creation restricted, i would never have made this business, nor would i have got the scripting experience i have now, and i share now with other residents.
These attacks are boring me as everyone. I loose money during 2 or 3 days after each attack. No need to explain how i am angry after this catastrophic week. But it’s sooooo easy to point the free accounts.
I am very happy that Linden Lab’s notice specify they are looking for more creative ways to define trusted users. So let them look in this way and stop repeating again and again the same old trolls!
SL is a wonderfull place and i love it.
Griefers are and deserves to be treated as terrorists.
I give a big warm hug to Linden Lab’s team, they had certainly a worst week than mine!
October 10th, 2006 at 5:43 AM
Taking away scripting from certain people undermines what SL stands for: total freedom of creation.
There is no good way to check if alts are beeing created or new accounts.
IP check don’t work for example because of households with more computers, companies or schools.
The solution comes from LL with SL internal programming.
An that is what LL i soind: Two thumbs up!!
October 10th, 2006 at 5:44 AM
Very good discussion here! I’m in agreement with limiting the use of llRezObject, llPushObject, and any other commands that can be used as weapons to non-trusted accounts.
DisQ, I’m honestly having trouble following your logic. Let’s not say “free” accounts – former free accounts still had to verify their information with a credit card, even though they were never billed. Unverified accounts, however, can’t accomplish the goals you’re talking about. Unless they’re purchasing from a third party source like SLEx or eBay (and I think we can all agree that’s a miniscule percentage), “No Payment Info on File” accounts won’t have L$. Why? Without payment information on file, how would they have purchased L$ from LindeX? There are two ways I can think of: panhandling (which I’ve seen a meteroic rise of lately) or camping chairs (which suck down server resources from people actually engaged in the virtual world).
So let’s now revisit your points:
>>> Free accounts are very very important. They boost the economy of SL greatly.
No, they really don’t. They create people who have no money and are after freebies (this is fine, however – I help with the GNUbie freebie store after all – but don’t try to say they’re boosting the economy). They also create a sub-class of people who using camping chairs and panhandle, both of which are ridiculous in a virtual world where your avatar doesn’t need food or shelter, and has an infinite supply of raw materials to build anything. There are plenty of legitimate reasons to have a free account: a group of students at a University studying, or a very casual user who just wants to browse, for example. However, without L$, they’re certainly not contributing to the economy. Now let’s revisit your points with this in mind:
>>> More customers for business people = good
They’re not customers if they don’t have money to spend.
>>> More uploads = good.
>>> More people doing business = good
How exactly do you upload or do business without L$?
>>> More people trying this game = good
This I’d almost agree with – but let’s phrase it like it should be, “More people in this virtual world = good”. People who treat SL like it’s “only a game” are part of the reason we’re in the current mess.
Just some food for thought.
Regards,
-Flip
October 10th, 2006 at 5:48 AM
There are times when LL should listen to residents of Second Life, and there are times when it should not. This is one of those times that it should not. I do not mean to suggest that there may not be good ideas floating around in the SL resident-ether, but any idea implemented from an open forum will immediately be susceptible to hacking–just by virtue of the fact that the security method is public knowledge.
I am also disturbed by the amount of support for vigilantism I’ve heard over the past several days–both from residents and by LL itself. Residents should not be able to confiscate items, suspend accounts (or AVs, for that matter), police known trouble spots, or participate in some sort of in-world security force–the potential for abuse is too great. The resmod program on the Forums was a complete and utter failure–it will fail even more spectacularly in world. In all honesty, if I were ever suspended in anyway by a resident volunteer whose only compensation was suspended tier fees or the like, I’d have a copy of the TOS and Community Standards documents to my lawyer within an hour.
I am also deeply troubled by the creation of a “Trust” based access system of security. I have been an SL resident for over 2 years now and have an absolutely clean record. I have run several very successful businesses in SL (though admittedly nothing as successful as Dreamland and the like), have been featured in several publications (most recently the Boston Phoenix) for my building and development skills, and have won several developer incentive awards (before that program went belly up)–so, I stand a good chance of shooting myself in the foot with my objection to a trust-based system. But I have to wonder if we really need an official FIC acknowledged and created by LL. While the current status of the FIC theory is generally that of any conspiracy theory (i.e., something of a joke), implementing a trust based system will lend it a great deal of creedence–especially if “certain people” automatically make “Trusted” levels before the rest of us. And let’s make no mistake about it–some will. From a simple business perspective, LL would be foolish not to automatically add a certain land baron and her Angels to the list automatically. I held my tongue on the introduction of payment information on profiles, but with the introduction of a “trust-based” security system, LL is no longer running the risk of creating a social class system in SL–it is now running the risk of creating a CASTE system.
If LSL is so potentially dangerous that only certain residents should be allowed to use it, then it seems to me that maybe the better solution is to make it less dangerous.
October 10th, 2006 at 5:52 AM
Yes, I agree with the London cop. BUT then, Linden Lab would have to roll back its ‘even your cat can sign up’ policy. With this type of limber security I think Bob Mueller to date has only allowed Phil Rosedale to send him an abuse report. If the FBI had been involved in investigating this and previous hackings of Second Life, I’m sure we’d all have seen a pic of an avi perpwalk on the main SL site…covered by ZDnet mag etc
)
The only reason LL implemented this lax signup policy was to quickly swell its ranks. High body counts in SL mean *possibly* more money as people switch to paying accounts or buy Lindens. But, at this point, the growing cult of the grid attack may have them rethinking this policy.
Real life business entities currently arriving in Second Life need a bit more stabilty. The Linden Lab suggestion about placing yet another obtrusive label on customers: ‘Trusted’ OR ‘those not trusted, ie, smarter than the techs at Linden Lab’ is a great idea. But the intelligence quotient of the SL population would plummet:)
Respectfully,
Margot Abattoir
October 10th, 2006 at 5:53 AM
Lets see what the term “trusted” turns out to be.
I’m hoping that it will be an objective rating, perhaps obtainable by reaching a certain level points, i.e. – verified payment account gives “X” points, completing a LL sponsered course gives “Y” points, account age gives more points, and so on. Once a fixed number is reached, then scripting could be authorized.
On the other hand, a subjective rating will lead to abuse either by favoritism or cries of favoritism.
Any such system would of course only reduce the amount of griefing and be part of a larger comprehensive plan. A combination of a scripting authorization, tech limitations, and better tools for residents would allow LL to focus their resource on policing the truly malicious individuals.
Another cute idea I saw on a different site may help here somewhat too. A change to TOS whereby users agree that if an account is banned, they agree to pay the sum of $50,000 to register a new account unless LL gives express permission otherwise. While probably uncollectable for the most part, it would make imposing fines on banned griefers a little easier and deter at least a few of them.
October 10th, 2006 at 5:59 AM
People forget that the game’s biggest asset is the stuff people build (this is by design–read the articles about the philosphy of the game), and that can be done without paying. So, cash input should not be the total measure of trust.
But payment info on file is more likely to make someone accountable, so payment info is a measure (but not a complete measure) of trust, even if actual money transfer never happens.
That said, payment info that is actually used is more likely to be current and correct, and hence even more trustworthy.
October 10th, 2006 at 6:00 AM
DisQ Hern: Whilst I applaud a fairly new resident getting so involved with community debate as you appear to be, I would point out that in order for the Lindens to be able adequately keep track of ‘comments feedback’ and maybe take onboard suggestions, unnecessary posts in threads such as this should be kept to a minimum and maybe a more thorough knowledge of SL basics would help to avoid some of these.
Still, I remember what it was like to feel a bit lost so I thought I’d clear up a couple of your points….
*File 3rd party AR’s in cases where the resident may be unwilling or unable to take action
WTF is an AR? ………An AR is an abuse report, the primary tool for residents to report abuse of themselves or their accounts by other residents. and phantom prim avatars would protect against physical griefing attacks such as caging and orbiting because the Avatar would appear to not be physically ‘there’ to these attacks and untouchable…
——————————————————————————————————
*Common Surname – special log on – that is to ensure that only members have that surname – relying on Groups is too easy to counterfeit
huh?
*Accounts to have limited inventory and not be allowed to hold Linden Dollars
That would totally reduce the gaming experience to 0. SO I disagree.
*Conversations from these accounts logged
I disagree. Because of privacy.
* Uniform Avatar – non threatining – perhaps in a form that is neither anthro or Furr but rather a creative looking entity that would be difficult to copy and easily recognisable. Avatars should be phantom prim as a defence against attacks
*Why would the avater type do anything against attacks. It’s part of the game to be able to change your avater almost endlessly, it’s what LL advertises with. I disagree.
The above points are linked. I think you may have mis-understood the basic concept of Kitty’s post (and I agree with most of her idea’s wholeheartedly). I don’t think she was suggesting that people give up their second life experience and covert their usual avatars into SL police, more that they volunteer to operate ALT accounts with these characteristics on a rota basis. Thus, if her idea were implemented then the above points would be VITAL. Conversation logging and Inventory checking to maintain transparency and impartiality, deflecting any accusations of corruption or favouritsim. And the accounts would never be used for ‘fun’ purposes, so any points regarding ‘reducing the gaming experience’ are missing the point. Even if people had to ONLY operate as a SL cop then it would be their choice….no-one would be forced.
I think it’s a FANTASTIC idea and totally in keeping with the idea of a user-run world. Of course, vetting would have to be incredibly strict for those taking up positions with that level of power and responsibility….
DisQ Hern; As to your very insistant post that you’ve repeated on multiple threads as to how unverified free accounts are VITAL to the SL economy and how it would collapse if they weren’t around….how did the grid cope before they existed? how exactly do they contribute to the economy? Unless they have extremely well payed in-world jobs or have some fairly hefty building/scripting skills (in which case how do they EXTRACT money without payment info), what do they actually contribute in terms of $US? …..and people, I hope I am coming across as reasonable as several of my good friends are unverified and I have nothing against the status in general beyond the possibilities for abuse.
And Lindens, if you are reading this…this is one more user who supports the idea of ‘trusted’ users fully…trust has to be earnt or at least secured…its not just a right.
October 10th, 2006 at 6:05 AM
Is Metaverse Neutrality Dead at Linden Lab?
Linden Lab, makers of the virtual world of Second Life, have been having a hell of a time over the last several weeks defending against the metaversal version of denial-of-service attacks: When users add objects to the Grid that are able to replicate t…
October 10th, 2006 at 6:05 AM
Make everybody a Linden. Lindens are good people and never do anything naughty. When was the last time you saw a Linden launch an attack on the grid?
“You shall all be assimilated.” – Sweet boy
October 10th, 2006 at 6:11 AM
Two Words:
Hitler Youth
October 10th, 2006 at 6:21 AM
Two words:
Godwin’s Law
October 10th, 2006 at 6:25 AM
A couple things:
1st. I have a “verified account” because I used my cell to register. But, that means “no payment info on file”.
2nd. I am an approved Instructor, rent land where I teach. (which means I have a “clean” record, am of a certain age, and have demonstrated a level of understanding of Second Life with regards to scripting, building, land, etc)
It sounds like many of the options being suggested would ruin my experience in Second Life for a number of reasons. I rely on “newbies” so I can teach, which is something I absolutely enjoy doing. I choose not to have payment info on file because so far, I have accomplished everything I’ve ever wanted to do, by earning and spending L$. I do not hold a premium account, because the only right offered to them is land ownership (which I can rent for much less, with mostly the same abilities).
I know I’m not offering a better solution, because I don’t have one yet. But just because you’re on a free account, doesn’t mean you’re not an important citizen of SL. Please keep that in mind, when you propose solution.
-Ipenda Keynes ^.^
October 10th, 2006 at 6:30 AM
I just started out in SL like a month or so ago, and although it leaves me feeling somewhat put out in the cold, I think some substantial efforts needs to be made regarding more attacks. I guess a trust system may be the key to preventing that, albeit some people will not like it very much.
I certainly won’t, but hey, what can you do….right?
October 10th, 2006 at 6:31 AM
In regards to jpitts 5:03 am post, which I quote:
“3) If you are a paying member you automatically get a content creators ID, because payment info can be tracked back to said user.”
This may not be a valid assumption. It’s a big world, with different rules in different places.
I would modify it to say:
If the payment method, and local privacy and criminal laws, allows tracing back to a
user, and penalizing them for causing trouble, then they can get a content creators ID
It does no good to be able to trace back to a user in a country where hacking computers
is not a crime, or where hacking US computers is not prosecutable locally.
—————————
Re the topic of “not everyone has access to credit/debit cards”:
I would suggest that almost everyone who plays Second Life has a broadband account,
so mailing/faxing a copy of a billing statement along with an email address connected to
that account to send a verification email to would serve. A copy of photo ID would
work too.
To those poor souls who have to access Second Life from a free public terminal, such
as in a library or cafe with wifi access, and have no credit card, broadband account, or
photo ID, sorry. You are indistinguishable from a hacker up to trouble who wants
to remain hidden. Perhaps we can come up with a method for someone who _does_
have traceable identity to vouch for you.
October 10th, 2006 at 6:31 AM
Why not break up the LSL into Tiers, organized by functionality and risk, each of which are accessible when an avatar reaches a certain age. An avatar a few days old is probably going to be spending most of his/her/its time exploring and learning the system, writing scripts right way is going to be within the realm of the very few (i’ve been here for almost 2 months, and barely done any script writing, and I’m a software engineer.) Those that do would probably pick with simple things, like object and texture rotation. Very harmless stuff.
Particulearly dangerous library functions, such as those which allow the self replication of teleportation of objects, should be a “privilaged tier” that are made available to only those who can demonstrate a need (ie, going to create or run a vendor shop) and have provided verifyable proof of identity.
I’d propose the following tiers of functionality:
0 – No access, you’ve been naughty and got your LSL access suspended
1 – Novice access, you can access basic LSL functions that do not perform any changes to the environment (such as math libraries) and manipulation of the object that contains the script (such as script and object rotate)
2 – Journeyman access, pretty much access to everything that doesn’t fall under the Master access
3 – Master access, these functions are of the sort that only a few will need and should be accessed by only those who are trusted not to abuse it. This would include teleportation and object creation/replication. Verifyable payment info/real life identity should be a requirement for this tier. Maybe even warranting the Lindens to speak on the phone directly with the requestor.
New avatars start at one, and graduate to 2 after, say, 45 days. If the character is a verified alt of an existing character (which means $10 was spent, so verified RL identity information is available) that 45 day waiting period can be waved.
3 should be an access level that has to be requested. The requestor should have a number of scripts and projects to demonstrate his/her skills at LSL, and provide a reason why that access level should be granted.
In addition, I’d propose the following protection mechanism for scripts:
1) No one can compile a script that contains functions requiring a higher LSL tier then he/she has access to.
2) No one can modify a script that someone else wrote unless its modify bit is set (existing infrastructure, so no change)
3) Introduce a viewable bit, so a script that is marked unmodifyable can still be viewed if the author wishes. The case for this are for those who want to inspect the code of scripts from other people before executing them. Currently, if modify=false, you cannot look at the code.
4) Introduce an executer privilage bit. This would have the following values:
EQUAL_PRIV – Only an avatar with the LSL-access level to write the script can execute it. I.e., if an avatar wishes to execute a program that contains a tier-2 LSL function, they have to be tier-2 or greater to execute it.
GRANT_PRIV – This allows a person with lower LSL-access to execute the script. This way, scripts that have a valid reason to replicate objects, such as vendors, can be used by everybody.
GRANT_PRIV_MIN – Allows a script to be used by equal or lower LSL-access avatars, but with the ability to specify a floor. For example, this could allow people to create scripts which could be executed by everyone except those who got spanked down to tier-0.
Other tiers could be created, such as those that limit edit/execution rights to individuals or groups, like land access.
Likewise, land can be configured to limit the highest tier script that may be allowed to execute. This can be done on an individual property basis, or estate wide (with overrides granted to individual properties on a case by case basis).
The executor bit comes into play with regards to tracking and maintaining that people are responsible for their code. If a griefer intent on doing a grid attack creates a char, they’re not going to be able to compile a script that does the self-replication crap. They’re going to have to rely on a script that was written and compiled by a guy with tier-3 access. So when the Lindens swoop in to stop the attack, they can look at the offending script, see who wrote it, and feed them to the FBI.
With the above system, script code is controlled by the author, who can also be held responsible for his/her code as well. It also does not compromise everybody else’s ability to write scripts, as access to the final tier is available to all who can demonstrate scripting proficiency and a need to have access to few powerful, but potentially dangerous functions.
Well, gotta head into work now, but that’s my half hour’s thoughts on the subject.
October 10th, 2006 at 6:35 AM
It appears the simplest solution for activating full scripting rights might be the exchange of an application (including SASE, if possible) and enabling passkey via snailmail.
This would allow LL to build a database of “trusted” addresses, each of which could theoretically be traceable if the Lab decided to make a public example of some randomly-selected or unusually pernicious griefer. IT would also likely cap the number of times a dedicated individual could game the system for a scripting key, since even griefers have to run out of relatives and friends (or invest in a new PO Box) at some point.
I think the very idea of having to provide a traceable RW address would be enough hint of potential negative consequences to put just a little fear in a potential griefer’s heart
- Ethan
October 10th, 2006 at 6:44 AM
I would suggest you also focus on using the collective observations of your community in game in new ways to help fight griefers. Much like some of the spam infrastructures that figure out what is spam based on the number of unique reports of a mail as spam, you could give us tools to make identifying and reporting griefers much easier.
One thing that I would love to see is a chat channel that identifies who is running what scripts and who has rezzed what objects in my area. We need more accountability for our actions here and if I could open a “Object History” window and scroll up to see [Bob Smith: Rezzed "Suitcase Nuke"] and had a quick button to abuse report him right there it would be a lot easier than trying to spot the guy dropping the bomb and TPing away.
October 10th, 2006 at 6:53 AM
(Repost, didn’t see my message, not sure if this forum is moderated or not. Moderators, please delete if dup)
Why not break up the LSL into Tiers, organized by functionality and risk, each of which are accessible when an avatar reaches a certain age. An avatar a few days old is probably going to be spending most of his/her/its time exploring and learning the system, writing scripts right way is going to be within the realm of the very few (i’ve been here for almost 2 months, and barely done any script writing, and I’m a software engineer.) Those that do would probably pick with simple things, like object and texture rotation. Very harmless stuff.
Particulearly dangerous library functions, such as those which allow the self replication of teleportation of objects, should be a “privilaged tier” that are made available to only those who can demonstrate a need (ie, going to create or run a vendor shop) and have provided verifyable proof of identity.
I’d propose the following tiers of functionality:
0 – No access, you’ve been naughty and got your LSL access suspended
1 – Novice access, you can access basic LSL functions that do not perform any changes to the environment (such as math libraries) and manipulation of the object that contains the script (such as script and object rotate)
2 – Journeyman access, pretty much access to everything that doesn’t fall under the Master access
3 – Master access, these functions are of the sort that only a few will need and should be accessed by only those who are trusted not to abuse it. This would include teleportation and object creation/replication. Verifyable payment info/real life identity should be a requirement for this tier. Maybe even warranting the Lindens to speak on the phone directly with the requestor.
New avatars start at one, and graduate to 2 after, say, 45 days. If the character is a verified alt of an existing character (which means $10 was spent, so verified RL identity information is available) that 45 day waiting period can be waved.
3 should be an access level that has to be requested. The requestor should have a number of scripts and projects to demonstrate his/her skills at LSL, and provide a reason why that access level should be granted.
In addition, I’d propose the following protection mechanism for scripts:
1) No one can compile a script that contains functions requiring a higher LSL tier then he/she has access to.
2) No one can modify a script that someone else wrote unless its modify bit is set (existing infrastructure, so no change)
3) Introduce a viewable bit, so a script that is marked unmodifyable can still be viewed if the author wishes. The case for this are for those who want to inspect the code of scripts from other people before executing them. Currently, if modify=false, you cannot look at the code.
4) Introduce an executer privilage bit. This would have the following values:
EQUAL_PRIV – Only an avatar with the LSL-access level to write the script can execute it. I.e., if an avatar wishes to execute a program that contains a tier-2 LSL function, they have to be tier-2 or greater to execute it.
GRANT_PRIV – This allows a person with lower LSL-access to execute the script. This way, scripts that have a valid reason to replicate objects, such as vendors, can be used by everybody.
GRANT_PRIV_MIN – Allows a script to be used by equal or lower LSL-access avatars, but with the ability to specify a floor. For example, this could allow people to create scripts which could be executed by everyone except those who got spanked down to tier-0.
Other tiers could be created, such as those that limit edit/execution rights to individuals or groups, like land access.
Likewise, land can be configured to limit the highest tier script that may be allowed to execute. This can be done on an individual property basis, or estate wide (with overrides granted to individual properties on a case by case basis).
The executor bit comes into play with regards to tracking and maintaining that people are responsible for their code. If a griefer intent on doing a grid attack creates a char, they’re not going to be able to compile a script that does the self-replication crap. They’re going to have to rely on a script that was written and compiled by a guy with tier-3 access. So when the Lindens swoop in to stop the attack, they can look at the offending script, see who wrote it, and feed them to the FBI.
With the above system, script code is controlled by the author, who can also be held responsible for his/her code as well. It also does not compromise everybody else’s ability to write scripts, as access to the final tier is available to all who can demonstrate scripting proficiency and a need to have access to few powerful, but potentially dangerous functions.
Well, gotta head into work now, but that’s my half hour’s thoughts on the subject.
October 10th, 2006 at 6:58 AM
Kamael Xevious Says:
“I am also disturbed by the amount of support for vigilantism I’ve heard over the past several days–both from residents and by LL itself. Residents should not be able to confiscate items, suspend accounts (or AVs, for that matter), police known trouble spots, or participate in some sort of in-world security force–the potential for abuse is too great. The resmod program on the Forums was a complete and utter failure–it will fail even more spectacularly in world. In all honesty, if I were ever suspended in anyway by a resident volunteer whose only compensation was suspended tier fees or the like, I’d have a copy of the TOS and Community Standards documents to my lawyer within an hour.”
I wouldn’t hold my breath waiting for Linden Labs to annoint any particular group over any other with particular powers to directly affect the account status or inventory of any other user. Linden Labs has a contractual responsibility to their customers as well as their shareholders to keep some basic controls over the in-world economy. To imply that they would contemplate such a thing is just fear-mongering.
That aside, Linden Labs is setting forward the idea that, to some degree, we be allowed to regulate ourselves. It is certainly possible for large groups of people to band together to say what is and is not permissible behavior, and to enforce it by agreeing (via a trusted peer system) to ban the chronically anti-social and abusive. This is what the Lindens have noted is already happening in-world, and they condone social systems of this kind.
While I agree with this approach myself, and am working on building such a system, I must agree with you at least on one point: no one group can be allowed the right to decide the fate of any other person or persons within the Second Life environment.
That’s too much power for any citizen group to have – I feel confident that the Lindens agree with this assessment and will never ever grant that kind of power any group that isn’t composed completely of Linden employees. They have shareholders to answer to.
Therefore, I say to all you would-be police and security groups who fancy yourselves candidates for the bequest of that kind of power: “Dream on, because it’s NEVER EVER going to happen.”
October 10th, 2006 at 6:59 AM
maybe it’s time that you realized that you have to take drastic measures. I’m talking along the lines of coming up with a plan to fix the code so that this can’t happen again, and shutting the world down until you get it fixed. There are an ENDLESS supply of jerks in the world and as long as you have even the SLIGHTEST possibility of screwing up the system built into the the system, the system WILL be screwed up. As things stand right now, you might as well put a big red button that crashes the world on everyone’s hud. You can ask them all not to press it until you are blue in the face, but someone inevitably will.
October 10th, 2006 at 7:03 AM
To Kamael Xevious
‘Hitler Youth’…hmmm. Is that implying that Linden Labs is the same sort of entity as the Third Reich? Because for someone who has had such a successful career in second life and seems to love it as I do that doesn’t seem to gel. The impression that I support from Kitty’s post is that of a (small) group of residents with a large amount of trust invested in them, very strict guidelines within which to operate and LARGE amounts of accountability and oversight. If people can be succesfully vetted to work with children as in the teen grid, why is it such a monstrous concept for people equally ‘cleared’ as trustworthy and with good accountability should they run rampant be such a monstrous concept?
Neither of us was proposing gangs of god-like vigilantes running back and forth accross the grid banning people here, axing legitimate scripts there and stopping for a few sinister salutes to each other in passing….just more of a linden sponsored street presence of the kind that Linden Labs cannot afford with fully paid members of staff (in real world terms). In a world where pretty much 100% of the ‘content’ was user created, users having a greater role in protecting their community from unprovoked and pathetic attacks. Just like the live helpers and mentors…people who give up their own time for limited recompense…I mean come on, if you read and consider Kitties post carefully, point by point, if those kinds of controls were implimented Linden Labs could EASILY moniter their activities and investigate any complaints against THEM far more easily and successfully than it can against armies of griefers, freeing them up for the more important work of improving the code…….
October 10th, 2006 at 7:03 AM
Jenny:
So we are talking about actual virtual police? I have no problem with that. But it must be looked at carfully regarding what power they get.
Sorry if I don’t know all the shorts to certain concepts yet (Like AR).
I also apoligize if I have unnescecarely repeated myself. I could explain how and why that is, but to make a long story short, another online game I also play(ed) has made me post like that too get my point across.
I never say that SL economy doesn’t cope without the free accounts. I do say that with them it grows much bigger and better.
Then about how to extract money from SL with a free account:
I do it this way:
I sell items in SL (through people I have made deals with like Textures R Us a few malls, builders and scripters)
I sell L$’s on the SLexchange(and products too)
Put the US$ over to my PayPal
And write that over to my own bankaccount.
In this process the only place my real name is know on the internet is with PayPal, an organisation I have learned to trust.
I cannot say the same for SL yet because I have not been here very long. Altough I have absolutely no reason to doubt them at this time. I am just very carefull with personal data over the internet.
And that last thing is another reason why free accounts must be alowed.
You all talk about trusting the players, but it also goes the other way. Players need to learn to trust LL as well. This takes time on both sides.
So I may be persuaded to agree on some form of restriction for a short period of time. But ones again this needs to be looked at very closely. If we can agree on this, then I am more then willing to discuss the details of that restriction.
And about my commitment to this game, there are 2 reasons for that:
1) If I do something I do it good.
2) I am in this game to make money, not loose it. (So yes, I would benefit from less attacks as much as (almost) anyone else).
DisQ Hern
October 10th, 2006 at 7:07 AM
I am all for a “trusted resident” system for scripting. How ever I would hope that all clients that are as of right now in good standing will be classed as “trusted” Also people with payment info should have automatic “trusted” Class untill such time that they give (us) you (LL) to think otherwise.
October 10th, 2006 at 7:18 AM
The simpler solution is for Linden Labs to just get competent security specialists to fix the exploitabilicious grid and stop adding new features or frivilous enhancements until the core service gets stablized. ;p
I don’t have the most confidence in LL’s IT and basic technology solutions (for example, it just recently occurred to them (only after being hacked!) that they should maybe keep player login data separate from their source and even more recently they discovered the customer service blog could stay live if only it was hosted away from their hacktastic game world). You don’t need to be in IT to recognize those concepts in the planning phase of a project like SL, rather than only noticing the problems after hacks, service outages, and a slew of frustrated customers turn up. Instead of appealing to the players to just be nice and trustworthy they need to step up to their obligations to ensure that no individual player has the ABILITY to screw us all over and cause such an enormous problem that the whole grid and hundreds of thousands of players get shut down. Why would LL give any one of us that much power in a shared world? The answer: they didn’t mean to. It’s an oversight, in a line of similar oversights, which suggests they need to get their ducks in a row before the baton is passed to us.
LL has itself to blame, not its customers on a lot of these issues. And yet they are so quick to blame the players and hope the US authorities will step in and punish the players who only took advantage of their flawed system. Yes, that sounds harsh but I really love SL and am a business owner here. I want a stable platform that will thrive, and after being in-world 2.5 years I feel like I have a right to complain occassionally. ;p
Policy to limit player privs and punish inconsiderate players IS needed, but the ultimate responsibility for making SL into a stable business-class service lies with LL not solely with the player base. The underlying technology and decisions for managing security risks are not “marketing decisions” (ie you can’t say “SL is about unlimited player freedom so lets not risk turning away x% of potential players with lame but sensible rules”). Especially if the lack of lame rules is making it impossible for people to login much less be even remotely creative. There is more to running a successful online service than just cramming as many customers as you can into the system. If the system breaks and can’t handle the load (and I mean that in the social sense as well as the logistical one), then all those new extra people are not a benefit but a detriment to the entire system.
You can only claim that free unverified accounts are good for the economy and good for SL if their NET result is positive, financially and socially for LL and residents. What good does it do your SL business if there are 200k more free subscribers next month but we are all booted and the grid is shut down every other day, and while we are in-world our time is less enjoyable from griefing, attacks in progress, and a bunch of new policy changes limiting resident rights to do the things that make SL so cool in the first place (scripting is a core “play” element that separates SL from other online worlds, maybe even THE core mechanic that makes it compelling to many of us).
For everyone who has been in SL more than a year, can you honestly say the grid is a better place now that the unverified accounts are around? And as for international sales, not everything online is appropriate for sale/use in every region. If you don’t have any way to at least attempt to verify your identity online (we use payment info in the US and many other nations), then SL isn’t ready for you yet. It will take some time for SL to be localized in both content AND policy to every nation on earth so people need to be patient if they aren’t in the areas where you can reasonably acquire a verified account. This isn’t an attack on people with unverified accounts but a reminder that businesses need to set priorities. You can’t have every single person on earth as your customer BECAUSE some customers cost more to get and keep. If unverified accounts are costing LL and all SL residents this much trouble and lost time, eventually they will have to go.
Do the economic benefits of free unverified accounts REALLY outstrip the losses we face with grid outages, etc.? Or are the recent security problems not directly related to unverified accounts? Who even knows and why isn’t LL monitoring this more closely? They introduced unverified accounts knowing it carried some risk of letting people do destructive things more easily and moer anonymously than before, so you’d think there was a system of metrics to track the impact of that risky decision… is the gamble paying off? Sign ups are way up, sure, but that’s not the only factor they need to worry about.
LL can’t effectively police their world or get outside authorities involved unless they know who the hell is using the service. And even when they know that, some people will still make choices to grief or abuse exploits. But I feel like harsh, restrictive policy should come into the picture THEN and deal with the individuals who just made the poor choices, rather than institute these self-deluding pre-emptive blanket policies to establish trust or some nonsense over the rest of the SL residents who’ve never attacked the grid or griefed or done anything to warrant further inconvenience. At best its a band-aid, at worst it just gives hackers and griefers more of a challenge, increasing the thrills, bragging rights, and fun of screwing with SL.
Just had to vent. I cashed a $1k check today for an SL project I was supposed to start coding yesterday but couldn’t login due to the grid being down again, so I’m a lot less patient than usual. ;p
October 10th, 2006 at 7:20 AM
If you’re going to go the “trusted” route for giving an account access to scripting or other functionality, please AUTOMATE THE PROCESS. I’m a software developer in RL. The freedom to create shared content is what drew me to SL. If I’d had to wait in a queue for who knows how long to be reviewed I would have left the week I arrived.
Personally, I think the ratings idea stinks. Why should I be expected to go around kissing butt with strangers when I could be creating?
More seriously, griefers have friends too. Same for time inworld – all that’ll do is leave a lot of computers running overnight and create a market for accounts with X hours logged.
If you’re after accountability, go with payment info or other verifiable ties to the real world. SL will lose the benefits of some good talent, but it may be worth the cost.
If you’re focused on accessability, block specific functionality and have well communicated processes for gaining “trust.” I don’t mean the usual “we have a page somewhere talking about this.” Instead of overwhelming the in-world helpers, set it up so that trying to use llRezObject() generates an error message like “You don’t currently have accesss to this functionality. If you want it, see X.”
October 10th, 2006 at 7:24 AM
I agree 100% with Jessica Elytis’ post.
To summarize my points of agreement:
Free Acounts are indeed good. This is not a problem at all.
Unverified Accounts are indeed a very bad. They have nothing at all to do with discrimination or a creation of an underclass. Plain and simple … if you do not want to be in a “perceived” underclass … verify yourself! Unverified Accounts are a poorly thought out business decision. There is no reason whatsoever why anyone should be allowed to operate all of the powerful tools within SL in total anonymity. Scripting should be a privilige NOT a right!
You can come into SL and build, chat, party and partake in all that SL has to offer. If you want to script, you must verify yourself. Plain and simple.
There are many means to verify accounts, so that is not excuse. It could be as simple as contacting SL after opening an account and providing some/any type of satisfactory verification to SL about yourself.
I also agree with Jessica that first the first unverified accounts be free, but that each and every alt account after the first incur a one time USD fee of $9.95$USD. If you want to “try out” SL for free, one account should be sufficient to accomplish this objective.
Finally, it strikes me as odd that many of these unverified members cite the main reason that they would like to remain unverified is because they dont want to provide LL with their information for fear of SL’s databases being hacked. Yet they claim that the verified/unverified membership is creating a “elitist/underclass” population.
I would argue that those that wish to remain anonymous are the “elitist” class themselves since they are the ones that want the privilege to remain anonymous, while the rest of us verified peons sacrifice our information for the sake of maintaining an accountable and healthy SL.
October 10th, 2006 at 7:26 AM
Trusted account: 30 day restriction from account creation on push and rez calls
Accountability: attack requiring intervention by Lindens to resolve should = perma ban and legal prosecution
October 10th, 2006 at 7:29 AM
I’m glad to see that these attacks are being acknowledged and that something is at least proposed in response to it. Though it seems that we have been promised similar things before.
October 10th, 2006 at 7:32 AM
If “Trusted” means that Payment info for identity verification is required then I’m OK with that.That alone should be enough to track down scrip mallicious perps.
I am new to SL and I am just begining to use scripting and object building aspect of the game. I have bought $L to further those interests. If by pollicy change I am to be uninvited to the ranks of those who can script my objects then SL will have lost me as a customer.
October 10th, 2006 at 7:36 AM
I’ve only been playing for a few days,but having read this entire thread, I’ve come to the conclusion that you all know what LL should do: NOTHING!
One CHOOSES to not have his cc data stored, so LL should wrap its entire user base around that proposition and not use financials as a verification system. That’s a silly contention.
One thinks it’s “US/UK-centric” to require even a debit card, so LL should wrap it’s other 800k customers around that fact and not use financials because he can’t get a card for verification. They don’t have banks who ever heard of debit cards/paypal outside the US/UK? That’s a preposterous contention.
One thinks that policing ourselves is equivalent to the “Hitler Youth” so LL shouldn’t do that either. That’s a goofy contention.
Several use free accounts only, so of course all 800k residents should be wrapped around that and free accounts shouldn’t be locked down. That’s a ludicrous contention.
And in the end, nothing should be done because it will inconvenience 1 or 2 people. It’s all about the “me” concept. It’s all about ME to a lot of the posters here and what makes SL better and protects the residents who PAY for it isn’t even on the radar. They don’t CARE about SL, only about themselves.
If SL is to have ANY kind of security, some people are going to be inconvenienced. There’s no other way to put it.
In other words nothing should be done.
let the flames begin.
October 10th, 2006 at 7:40 AM
QUOTE: “On the amount of logged-in time. Say, for instance, once an avatar has been logged in for a certain amount of time (pulling an arbitary figure of 200 hours out of thin air here). It means that alts become Trusted when they have actively participated in SL for a while.”
Disagree. I can have 200 hours racked up in less than two weeks with a camper.
QUOTE: “On the amount of Ratings they have received from other users (eg the ratings for Building, Appearance, Behaviour and Given that show on the profile). Maybe there needs to be a certain score in Behaviour, or in a combination of these, in order to become Trusted. But a caveat – do check to see who is paying for these ratings!”
Disagree. We will have a return to the rating circle jerk parties when you got an incentive bonus to your stipend for ratings and effectively render the rating system worthless once again.
QUOTE: “On the amount of money they have both earned and spent in-world. Whether the user is gaining money by making content, or by simply purchasing currency, its a sign that they’re actively participating in the community.”
Disagree: One can make a shill account that holds the cash for a griefer group. The shill then passes out the cash to a person, and he/she passes it back. This will continue for a time, effectively gaming your system and earning a free ride into “trusted”
QUOTE: “There are probably more, and I think the status of Trusted should require EITHER payment info on filt/ID verified by passport/driverslicence etc, OR a combination of several/all of these other methods. In other words you can always get immediate Trusted status by submitting your payment or ID details. ”
Agree: Payment info on file, or other identification on file is the safest way to go. Alternatvely, a “home e-mail” verification could also be required for “trusted access”. “Home e-mail” being non web-based (gmail, hotmail, excite, etc), provided by the user’s ISP.
October 10th, 2006 at 7:44 AM
Kamael said “but any idea implemented from an open forum will immediately be susceptible to hacking–just by virtue of the fact that the security method is public knowledge.”
If a security method relies on being secret to work, then it’s already very flawed. Security must withstand the light of day to be considered secure. This is why all accepted encryption algorithms are open source. No one can trust a security method that hasn’t been widely discussed in public.
October 10th, 2006 at 7:52 AM
The concept of “trusted” accounts could be a good one, once the meaning is defined. There are some pretty complex challenges to be met there, and I hope LL won’t rush into a solution, like they are prone to doing with updates. It could just end up being one huge CF (military term, for those who don’t understand…I will NOT elaborate) if it is not well thought-out.
I still support the idea of unverified accounts being restricted right from the start. Short of fully implementing verification again, this is the only way I see of limiting the griefing problem. Allow unverified accounts to script in sandbox areas only. Period.
I understand the disparity between payment systems, and what LL can and cannot accept as payment info from the international community. This needs to be addressed yesterday to allow the most people possible to participate and become verified. Removing verification from the system to allow SL to become more “global” was a shortcut, lazy solution, and it has wreaked havoc on a community that was on a very positive trend. No…not because it opened SL to the international community, but because it created an easy path for griefers to create unlimted alts with the sole purpose of exploiting the system.
Now, on the other side of the equation, people who have the means to become verified, but refuse to provide the information, have no argument. Provide your information or don’t…your choice. But to expect to have full access to a system when you’re not willing to provide a minimal means of personal accountability? Boo-hoo. Get over your sense of entitlement.
As far as other suggestions for improving things in SL, dormant accounts need to be dealt with. I have not seen any information from the Lindens as to how they currently handle these, or if they do at all. I would recommend that an account dormant for more than 30 days needs to be deactivated. In order to become active again, it needs to be verfied via a response e-mail or some other method. At 60 days, dormant accounts should be removed from the system.
With regard to abuse report results, LL has a “minimal info” policy right now. I think at the very least, the person who filed the report should have access to more detailed information, including what actions were taken against the individual.
Anyone who is found guilty through the abuse process of griefing through scripting should have their scripting abilities suspended for a period at least twice as long and the number of days they are suspended from the system. Also, in looking through the SL blotter page, punishment for griefing seems very inconsistent with other offenses. There needs to be a consistent system of punishment for griefing actions. Perhaps providing more information on the offenses will give insight as to why some actions taken seem disproportionate.
October 10th, 2006 at 7:55 AM
Quote”You don’t need to be in IT to recognize those concepts in the planning phase of a project like SL.” Hmm Kinda falls inline with what I said Monday LL is in over their head. They seem to be shooting from the hip here. Some of these things that they are talking about should have already been in place a long time ago. And YES! damn it if you want to script you need to have payment info (verified). Thats how it is. If you are really into SL and want to script you should be willing to do that!!!
October 10th, 2006 at 7:59 AM
I realize Linden Lab is doing everything possible to combat these attacks. I think it would also be effective to have residents who have suffered substantial business and even property losses due to these attacks and have been systematically griefed in relationship to these attacks to be able to also file testimony with the FBI to add to the case.
I also want to state here for the record that I personally, and my group Ravenglass Rentals is NOT responsible for these attacks. While there are objects circulating with my name as creator and/or owner, and being returned by the thousands to my lost and found now, utterly paralyzing my inventory, I assure you I am definitely not launching these attacks. From every interaction I’ve had with Lindens on this issue, I’ve found that they understand this perfectly well.
I am receiving numerous angry hate letters now and denunciations on the Abuse Report mechanism, but I assure you that I am completely unrelated to these attacks, and that the griefers have seized copyable objects deeded to a group to perpetrate the grid crashes and dissemination of ugly particles through scripts.
Some people have called on me to close my group to new membership due to the exploitation of the group objects; however, since the attacks continued even after the groups were closed for 3 days, I can’t justify it as a solution, when the problem is obviously a grid-wide problem, where other people’s objects have also been seized and used.
I can also say that from all the information I’ve gathered on the pattern of these attacks, which have been clearly launched by the same groups over and over, that in fact many of them have verified payment accounts, and merely use new alts once banned. The problem isn’t unverified accounts per se; it’s that the idea of having IP identification and computer “hashmarks” to identify even new alts clearly isn’t working.
I also oppose any resident police forces or vigilantism; for better or worse, Linden Lab has to be responsible in an accountable way for investigations and application of justice. Resident policing is not accountable to the public.
Prokofy Neva
October 10th, 2006 at 7:59 AM
QUOTE: “There are probably more, and I think the status of Trusted should require EITHER payment info on filt/ID verified by passport/driverslicence etc, OR a combination of several/all of these other methods. In other words you can always get immediate Trusted status by submitting your payment or ID details. ”
QUOTE QUOTE:Agree: Payment info on file, or other identification on file is the safest way to go. Alternatvely, a “home e-mail” verification could also be required for “trusted access”. “Home e-mail” being non web-based (gmail, hotmail, excite, etc), provided by the user’s ISP.
I agree too, I have always felt it was LL’s biggest mistake was to open the doors to non-paying members..sure it gave a influx in the SL econemy and I am sure there are quite a few legit free members out there who do just that contribute to the econemy…but I had always felt that the only benifit you get for a paying account is the right to own land and free L$ per week a joke….there has to be more thus offsetting the lack of free members…
Give you an example of a good business decission, Napster a few months back made the descision to do a free service..but this service has limits you can only listen to 5 songs
So I am in agreement with the idea of having free accounts but very limited access, such as no scripts, it really shouldn’t matter to LL if one can’t put their real identity down on the so called electronic paper…for whatever reason weather you are to chicken or just can’t for whatever reason…LL is in the business of making money not worrying about people who can’t or don’t want to identify themselves…..
October 10th, 2006 at 8:02 AM
Prok: how do you feel about the scripting proposal, btw?
October 10th, 2006 at 8:05 AM
Dear Lindens,
Myself & many other residents feel that it’s time to close off the alts & close off the free accounts it has done nothing but cause problems. I’m here almost a year and in the past 2 months i’ve spent a lot of time off line because of these attachs. I put a lot of USD into SL and i’m tired of not being able to get in because some fool with a free account & many alts decides it would be fun to disrupt the entire grid.
Thank you
Messy Bessie
October 10th, 2006 at 8:10 AM
“what if the people who are doing these attacks have whole armies of alts laying dormant, waiting to be used in an attack? Wouldn’t that have been a logical action for them, if they thought their actions might cause LL to revoke the ability to register unverified accounts?”
If free accounts go unused, especially if they were created and show no activity after the first minutes, it would be reasonable to consider them untrusted until they have been ACTIVELY used for X amount of time.
Any free account that has been used to explore SL, attend classes, and recieves money from multiple sources is unlikely to be a griefer’s dormant alt. It would be possible to do all that just to get a
October 10th, 2006 at 8:11 AM
What is it with all these free loaders? “It must be free! It must be free!” Also, the idea that you have to have free accounts for SL to survive or even thrive is ludicrous. Just look at WoW. It is the largest MMRPG out there and not only do you have to pay but you have to pay monthly subscription.
Even it it’s free there MUST be some kind of verification put in place. I am new to SL and I started with a free account. I would have been happy to provide payment information at the time I started my trial. Why? Because I have nothing to hide! What are all you people that don’t want LL to have your information hiding from? You want to be able to have full control over their product with the capability to make and destroy their world with no accountability. How does that make any sense?
People who are not willing to provide some form of solid identification should NOT have all of the same rights as someone who does provide identification. SL is starting an entire virtual welfare state. “Give me, give me, give me!” but don’t ask me to do anything in return!
October 10th, 2006 at 8:13 AM
There probably should be a clear line between allowed to run scripts, and the ability to write scripts with specific functions. Denying the ability to run scripts is just ludicrous, denying the ability to use certain functions is a controlled environment.
Due to the variety of people who use SL, it would make sense to have multiple access channels. Remember how SL flourished when the payment info was removed. Sure lots of alts, but it also diversified SL with a large influx of people which is a good thing. There is a very narrow world view of some people that verification is the only way, and although maybe the easiest way, it is not necessarily the best option for a community such as this.
Paying/Verified Account = Trusted
Maybe not totally trustworthy, sure it is possible that someone could steal a credit card, then create an account, however the number of people who would do this would be much less than current free accounts with full script permissions.
Account Age = Semi-Trusted -> full trust
Sure, some may wait x amount of time for their greifer account to ‘come of age’ then use it to grief, so provide more scripting functions, or access to specific ones based on age, not ‘hours played’. Hours played is a silly concept, not all people can afford to spend all their time here, and others could just camp with a de-idler to reach those hours. Still others want to begin scripting immediately, because its their interest so let them, but with controls.
And I’m sure there are others ways, scripting credits(unlimited for pay accounts tho *evil eye*), etc.
Anything requiring a Linden review for someone to be given access to scripting is a bad idea also. It is already obvious that the Lindens are very busy people, look at the return time on ARs and bug reports, add scripting rights requests and who knows what else and those times grow longer and longer.
Policing systems is a joke and to suggest such shows a lack of experience with groups and people in SL. It would not take long before it becomes corrupt and people start running into problems because at one point they ‘ticked off so and so, and now “he’ll get his”‘ We all know drama and politics are deeply rooted here anytime a group or commitee forms, this could end nothing but badly. As it is you can already AR people with unsubstantiated complaints.
October 10th, 2006 at 8:18 AM
“what if the people who are doing these attacks have whole armies of alts laying dormant, waiting to be used in an attack? Wouldn’t that have been a logical action for them, if they thought their actions might cause LL to revoke the ability to register unverified accounts?”
If free accounts go unused, especially if they were created and show no activity after the first minutes, it would be reasonable to consider them untrusted until they have been ACTIVELY used for X amount of time.
Any free account that has been used to explore SL, attend classes, and recieves money from multiple sources is unlikely to be a griefer’s dormant alt because it takes time and these people are into immediate gratification.
Yes you could camp and rack up hours, but you would need to be running multiple alts on multiple computers or multiple sessions … and it would show that the AVI has been parked immobile, not out doing things.
October 10th, 2006 at 8:19 AM
Some good suggestions to be found, but in the end I’m just glad this call will be made by LL.
Although I was sceptical when they removed the validation process, theres no denying the unverified accounts bring more business to SL, I have been building and scripting for a years time and I see people with no payment info come in buy stuff, I also know a good few that are pure creative souls who build there hearts out and try learn LSL for learnings sake.
No matter how frustrated I have been with LL at times, I never doubted that they try keep SL free for *anyone* to create, and that your limitation should only be your imagination. That made them
earn my respect, and well enforcing some of the rules proposed here would be going in the complete opposite direction and benefit only some groups of people, while revoking rights from alot, and in 99% of the cases – unjustly.
I learned my way to code with LSL, I’m getting descent at it now I spose, but saw long ago its not really hard to abuse. I like the idea where the script carry a token identifying the creator in some way better than the idea of reducing the capabilities of LSL.
We don’t need limiting the possibilities, we need *more* possibilities so that SL can expand and thrive with new content and new options, any ‘game’ has a lifetime, and if SL doesn’t evolve, it will eventually die.
It’s true that its not THAT hard getting hold of CC info to make a fake account, but grid attacks was pretty much a rarity back when I started and everyone had to provide CC info.
I don’t really see much of a problem with LL demanding to have personal information on you when granting you power to create scripts, compare SL to any MMO out there and you will find that you are getting pretty much completely for free anyway. They had my personal info for over a year, and if they want my phone number in addition I’d give it to them and tell em to gimme a call sometime
For people that are so anxious about providing CC info, these major name MMO’s (well lets call it a mmo for simplicity) live cause of people trusting them to give them that info and paying them, abusing that would mean shooting yourself in the kneecap. You already connect your computer to their servers once a day and provide them your IP/hostname etc, if they really wanted to do anything bogus thats all they would need.
As for ability to create – unverified accounts could still build, which is where most people start out anyway.
As for creating a ‘caste’ system, its really pretty simple. ‘This person paid’, ‘this person is here for free.’ Its just technical facts and any land I control will anyway be open to ANYONE except the ones that prove themselves an exception to his rule.
Theres plenty of people in SL that wish to single out a group they don’t want on their land, or just plain want to shut everyone else out, and I don’t really think the payment info matters that much to these people…
If you needed to provide info to write scripts, and the scripts could identify the creator, or the last person that modified it, it would make things alot harder for people just trying to just ruin it for everyone.
October 10th, 2006 at 8:44 AM
> Scripting should be a privilige NOT a right!
That’s really a good idea.
Also, scripting should be restricted to white avatars only.
October 10th, 2006 at 8:56 AM
While it is highly likely, perhaps even true, that any system can be defeated, it would seem to me that limiting the risk that someone will try to cause such grief would make sense. Who would be the most likely candidate for writing malicious script? I would suggest it would be someone highly skilled in scripting/programming who can gain access to a system without identifying themselves and not “traceable”. The vast majority of SL citizens, paid or free, are not “scripters”. The rights and priviledges, geeze, just the plain convienience of being able to participate as a citizen of the SL world are being usurped by a few cowards with malicious intent.
2 seemingly “do_able” steps would greatly limit the risks.
- Deny Scripting (or the most dangerous functions) to anyone who is unwilling or unable to identify themselves to SL’s satifaction. I’m sure SL can set up alterative methods for satisfying themselves the person can be held accountable for their activities. (Isn’t that what the Trusted issue is all about?)
- Make any script “traceable”. Make finding out “who done it” (or at least made it possible) easy. Makes sense to me.
Solutions more global than that seem like a bit of “overkill”.
October 10th, 2006 at 8:58 AM
In consideration of reading all the past comments in this blog i see alot of people asking what else can be done and is there ways to stop the persons involved in the grid attacks answer to your problems is yes there is a way and linden lab officials know this and i know for a fact it is possible to be done ok so your all proberblly wondering what it is i am trying to get at here the fact im pointing out here is as listed.
1) i run my own web server on my home pc in the cases of attacks on the server there is a thing called banning an ip address but yes your all proberblly thinking yeah but they can change that anyway ( but and i strongly say this and point this out ) there is no way they can change there isps ip it has to be done by there service provider and every service provider states in there terms and conditions that people found using there software or services to maliciously attack other intranet sites or hack systems are abusing there terms of service and effectivly will be removed and there service to the net suspended
2) The isp provider of each capable internet is responsable for the ip adress of known connections of there customers linden labs should retain a right to telephone these customers connection isps and report the persons ip address and have that persons service suspended and pending investigations with the law enforcment officials
3) I know for a fact that linden labs can ban ips for good in sl as they did it with my own ip address before for none payment reasons because i was late paying my land tier which i will not go into but i find this inapropriate to seperate individuals and say they are trusted and this person isnt and that person is or a maybe its like taking candy from a child and making them upset you have to see this from your customers side also because at the end of the day its the customers that you have gained thats making this world and linden labs revolve in the first place
4) I my self am a paying resident i upgraded my account and pay good money for this game which lately has become so abusive towards me and that much drama and trouble and malicious attacks on me in world and out of world that i was seriously considering leaving second life for that very reason but at the end of the day this is what those malicious persons want so therefor i vote for the fact that the persons ip addresses should be banned for good and yes linden labs thats aimed at you to pull out the true facts and knowladge that you are able to do this because each persons ip is logged when they log in in the old days hacking was not meant as a intruding way to hack into systems it was a term used for programers that programed games for the msdos systems and stuff like that but now a days the term hacker is abused by malicious stupidity of ppl hacking into telnet ports and protocols of other systems
5) Linden labs should make a system that checks the persons ip address against there actuall server ip so when they ban there ip address of there computer it bans that actuall users isp to stop them accessing the in world game there are many possibilitys to solve this problem other than making the citizens of sl suffer because of malicious outbursts of a hand full of residents that think there better than anyone else and think “oh yeah hang on theres a loop hole in sls server lets take down there grid for the fun of it and to gain access to the peoples accounts” well a message to those hackers wake up and smell the morning coffee if ya wana hack things get a job in game designing and hack the bugs not peoples accounts or sls servers
I have spoke my peace i will leave it at that now and hope that linden labs will look into the possibilitys that they can ban the persons isps
October 10th, 2006 at 8:59 AM
Why not let the community regulate itself ? Let’s say that to be “trusted” someone with no-payment info has to get 3 “sponsors” who do have payment-info. And that each person with payment info has a total of 5 possible sponsorships to give. This responsibilizes all. If a “trusted” makes a bannable offense, of course he’s banned…But if he starts to be less trustful, his sponsors might remove their sponsorship and he is not “trusted” anymore.
I prefer this to the creation of a SL police which would (i saw that from experience in other communities) give power to pompous bullies and generate more trouble than anything else.
“Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety” – Benjamin Franklin
October 10th, 2006 at 9:00 AM
Thank you for this very informative post. Thank all of you for the hard work you do in preventing the end of the world. (of Second Life).
October 10th, 2006 at 9:00 AM
you ppl have got to be kidding me. this was probably done as a “lets see what happens” situation. I doubt Binladen was behind the infamous “grey goo attack of ‘06″. If you have nothing better to do than scream and yell about something as mundane as a little problem like this I hate to see what happens when your cat pees on the carpet. No, I do not, and probably will not play (yes, Play) second life, but I do play other MMORPG games with a lot of time invested, but I dont’ get so irate when someone brings the server down due to an exploit or problem. This situation is also going to be a common place occurance in the future when you mix real life monetary systems with virtual environments. There is no way you can make anything hacker/xploit proof. Humans made the security, humans can break the security. I followed this article and read it because I was interested in joining SL and see what it was all about. Now, I don’t think you’ll be seeing my silly toon any time soon.
October 10th, 2006 at 9:01 AM
Lotte Twilight and Jessica Elytis have got me fully covered.
October 10th, 2006 at 9:02 AM
Locke Traveler said:
“If you’re over 18, it’s not hard to obtain a valid debit card and use that.”
Lexneva said:
“That’s a pretty US/Eu-centric statement there. The fact is that it’s not actually even possible for people in many other countries to obtain any of the payment methods that LL accepts. It’s not just a matter of laziness. ”
Even some of us in the US are categorically opposed to credit cards. We have valid ID, we have bank accounts, Pay Pal accounts, but do not participate in the debt bondage system. I would be happy to disclose drivers license or state ID numbers to verify my identification. If a persons Pay Pal account is a verified account, that means its been tied to an established bank account, and likewise, that person is trusted as well by those institutions. So there should be other avenues other than CC numbers for people to become trusted users. IMHO its too easy to commit credit card fraud today anyways, it shouldn’t be relied on by anybody seeking to confirm a users identity. The griefer problem existed before there were unverified users, specifically because of the ease of CC fraud.
October 10th, 2006 at 9:04 AM
I hope that LL will consider very carefully any changes to the scripting to restrict things. I would certainly like to see these attacks stop or much more easily and automatically contained.
I use the rez object function to make my builds easier to do. And, it’s important to my ability to more easily create content that others will/may enjoy. And, I read the lsl wiki site and particularly read the part about self-replicating objects to make sure that I didn’t create a script that caused problems. And that was all as a newbie. (I did/do have a premium account.)
For some of the “trusted” methods above. I’ve helped several people, talk with a few good friends, given things away, and have 0 ratings. And, I’m not really interested in spending time getting ratings when I could be building. I spend a lot of time online, but it’s still limited to the amount of time I need to work on my projects.
October 10th, 2006 at 9:08 AM
There is much conversation back and forth about account verification and secuity. Now I am a layman, and don’t understand the underworking of technology, but even I think that more can be done.
I am not one to complain, but the amount of griefing is getting completely out of hand.
Where the infrastructure is different than other MMOGs, my feeling is that Linden is on a mission to grab popularity( see quote “Cory Ondrejka, the chief technology officer at “Second Life” publisher Linden Lab, bet a symbolic quarter that his virtual world would within two years have more users than the wildly popular online game “World of Warcraft.” )
Here is a company on a mission without adequate ifrastructure in place to handle doing everything possible to gain users.
I feel that if this game is to grow and become as popular as other huge games, verification is necessary in order to control griefing and hacking of the very system put in place to allow creativity.
If credit card information is not used, the mobile telephone number or valid email address should be (by valid I mean not a free email address. In addition, I am petitioning the staff at Linden to:
a. Not update the game with any new features until the infrastructure has been changed to prevent the griefing and hacking that is taking place. SL has been almost consistantly under attack now since Sunday. On top of that, every update in the last two months has caused even more bugs in the system, providing the average player with even more aggravation.
b. Until the infrastructure is changed, require verification of credit card, cell phone number, or valid email address.
c. Require all unverified accounts to provide verification within 24 hours and ban from use until some type of verification is provided.
I wonder if any Linden will even read this. Do they really care?
October 10th, 2006 at 9:12 AM
In regard to DisQ Hern’s comment:
==
People that play 100% free in this game do 3 things that make them an SL customer:
They sell products: and thus contributing to the SL community
They buy products: for example from people that DID pay for this game.
They upload stuff: and thus paying SL money for a service they provide.
All of these three point are good for SL economy.
==
The Linden dollars sloshing around through people selling and buying things actually don’t make Linden Lab any money until the aforementioned Linden dollars are sold on the LindeX. LL takes a percentage of the transaction from the seller and charges the buyer US$0.30-cents for the transaction. Though 30-cents is 30-cents it would take 30 such buying transactions to equal the revenue generated by a single monthly Premium account and 650 such transactions to equal the revenue generated by the monthly tier from a single private island.
Linden Lab makes no revenue when a texture, animation, or sound file is uploaded. The L$10 fee is essentially “destroyed.” This is why things like upload fees are referred to as “sinks” as they take Linden dollars out of the SL economy and prevent it from overheating.
Yes, Linden dollars can be thought of as a commodity (they can be bought and sold in the real world for hard currency) however the internal economy of SL (which can be thought of as a closed loop fractional economy) matters not one whit when it ceases to exist.
October 10th, 2006 at 9:15 AM
Is something wrong again? I can’t change, TP, chat, IM, contact live help etc right now. Stuck on the grid. Again
October 10th, 2006 at 9:22 AM
Because of that ’sink’ the LindeX can keep the L$ where it is. Without it, there would be more money in the world and the Linden dollar would be worth less.
Every time someone does any transaction inside SL LL makes money too. Not directly maybe, but indirectly for sure.
People that sell get more money to do stuff and upload more stuff and even buy more land if they want to. This is why the SL economy is absolutely linked to the ‘real’ economy.
Not directly, but indirectly.
If SL economy ceases to exist I wouldn’t want to have to pay everyone that gets ‘hurt’ by it, to some degree, 1US$ because then I would get very poor very fast.
October 10th, 2006 at 9:27 AM
[...] It appears that Linden Labs has gotten Hardcore as evidenced in there post here. I looked at the comments that were posted and several people had some valid points. I wanted to comment but decided to post my comments here. [...]
October 10th, 2006 at 9:35 AM
While I have little doubt that someone with my history and knoweldge of Second Life and its systems would be granted Trusted Access, I worry about this quite a lot.
The restrictions neccesary to prevent this sort of attack would choke the creativity of Second Life’s residents quite a bit. One of the greatest things about Second Life is watching new players and experienced builders creating wonderful and crazy things, even when they explode or malfunction. I chose the location of my home next to the Cordova sandbox just for that reason.
Unfortunately I don’t have any other suggestions to prevent these sorts of attacks. In Second Life we were given the freedom to attack and try to destroy it. Untill now we’ve always restrained ourselves, and mischeif was caught and controlled by the Lindens without too much trouble.
I’m worried about what’s going to happen now.
October 10th, 2006 at 9:37 AM
I’ve seen many “solutions” to the griefer problems. Some logical, some not. I think, for the most part, LL is handling it well already. The only area I see that they’ve failed (miserably) is in grid attacks getting the griefer a 3-day ban. That is woefully inadequate. If someone attacks the grid, that should earn the griefer a month off for the first offense. Second offense should result in a life-time ban for anyone using that email or payment info. No hesitation. No questions asked. Someone in your household attacks the grid? You and they are gone.
October 10th, 2006 at 9:43 AM
due to the combination of my headache with the huge number of coments here I am not able to read them all, but I still feel like expressing my opnion
I think limitingabilities on a per user basis from the start isn’t such a good idea, I think it would be best if there were some sort of system that would hold those atacks before they have the chance to affect the grid significantly.
soemthing I can’t see why it couldn’t be implemented would be having the grey goo fence work gridwide, and not just on a per sim basis, and improve its ability to detect those kind of activities, something like havign each sim monitor the objects affecting its performance, and reporting those infromations in a way the whole grid can knwo about it, checiking objectxs with similar signature (not only that family thing, but stuff like object parameters, and creator, in case more than a few sims detect similar objects behaving in a “agressive” way, all objects matching those objecst enough would be incrementally crippled, starting with things like scripting throtling, throtling of specifi functions that are related with the atacks (like object rez, give inventory, physical commands etc), thru turning scripts and physics completyly off, to finally reaching the point the objects would be deleted and the owner would recieve some sort of warning about that kind of thing (a text both talking about how bad it is to intentionally do stuff like that, and how to not cooperate with it, refusing presents from unknown people an dobjects as wellnot rezzing those kind of things)
antoher sugestion I have is to add a third field to iten’s properties, “last modifyied by”, which would list the name of the avatar that was the last one to modify the item, that info would probably be quite usefull in tracking who was the responsible for the atack (and would alos help with reducing the fectivity of having inocent people help in the atack by starting a new “familly” of objects, since that info should also be used in determining if the object is has the same origin as objects elsewhere (this kind of info should be avaiable to all servers in the grud)
instead of atacking people, give them the freedom to create anything, while still controling what stuff can do, so people can make their winking teleporter while still hevign the grid being able to defend it self, limit scripting functions to levels in which people woudl stil be able to use those functions for legit purposes, while still protecting the grid from sutff that can hurt it.
have the servers be able to analise and throttle objects that are affecting its performance significantly, and have them share that information with th grid so other servers will be warned about those objects
summing it up, I tihnk it woudl be better improve the detection and prevention abilities of the grey goo fence instead of cripling users that are not necessarilly guilty.
October 10th, 2006 at 9:53 AM
Quoth FlipperPA:
“No Payment Info on File” accounts won’t have L$. Why? Without payment information on file, how would they have purchased L$ from LindeX? There are two ways I can think of: panhandling (which I’ve seen a meteroic rise of lately) or camping chairs (which suck down server resources from people actually engaged in the virtual world).
Actually, it’s entirely possible to get L$ without spending a dime, either by providing services (security, bartending, DJing, building, scripting, escorting, etc.), or by winning things in contests (there are free trivia games awarding cash and prizes daily, for example).
My take is that the problem has nothing to do with allowing users to join without payment information, or allowing people to script without being trusted. It’s that the grid can’t stand up to what people in-game can throw at it. This is not primarily a social issue; it’s a technical one.
In my ideal universe, the Lindens would take the grid down for a week, putting all subscription / tier / etc. fees on hold, and somehow arranging for time not to pass in-game to account for rent and stuff. There would be an intense coding montage, with upbeat rock music, during which time the grid would be rebuilt to be faster, stronger, more stable, and able to withstand attacks. The montage would fade out, the grid would reopen, and there would be much rejoicing.
But then Hollywood has trained me to believe a montage can do anything.
October 10th, 2006 at 9:56 AM
Finally someone I can agree with.
Let me sum your comment up Samantha:
This is not primarily a social issue; it’s a technical one.
I couldn’t agree more.
October 10th, 2006 at 10:02 AM
WOOT for the Lind0rz and FBI
will we have Scully and Mulder looking for proofs in the grid? lol
“Mulder, look, this Furry looks suspicious…. Mulder! Stop playing with your Xcite!”
and WOOT for trusted system, lets hope it helps
October 10th, 2006 at 10:02 AM
Here how I see this:
#1- People B*tch, Moan, and Complain that LL needs to fix things.
#2- LL makes a post saying they need to fix things, and are doing so.
#3- People make guesses as to how things will be fixed.
#4- People B*tch, Moan and Complain about their own guesses…
Can’t we just let them do their jobs now?
-Mal
October 10th, 2006 at 10:03 AM
You can do anything with a montage, can’t you?
I know many newbies, unlike myself, who don’t have paid accounts. However, does me having paid account make me trustworthy, or just trackable. My account just went paid about two weeks ago.
Some immature griefer isn’t going to think about being caught because payment info is on file. He/She/It is going to think about griefing! It’s so easy to get payment info via identity theft, and use an IP that doesn’t trace back to you to lauch your griefing, if you want to.
The trick is to catch the griefers, and to learn from it, and make the grid better, and go on. Don’t blame it on a class of people. Blame the yoo-hoos actually doing this.
Not all newbies stay with free accounts, nor are all free accounts bad. I think SL is a better place with those of us that started out free around.
Now, let’s get the griefers!
October 10th, 2006 at 10:07 AM
Haven’t read the responses.
Just want to say, I like all these plans, including the “trusted residents” plan.
coco
October 10th, 2006 at 10:13 AM
Quote from the newsletter:
The abuse team has instituted many new practices to catch abusive alts more quickly. While we don’t want to give away our methods, we can say that there are several techniques in place for linking anonymous alts to real life information. We’ve also made policy changes. Before open registration, all Residents were allowed a small number of suspensions before being put on hold or banned. Now, we are much stricter.
Anonymous accounts and their alts are held at the first sign of trouble, and they are not released until the user provides real life information. This has caused a dramatic decrease in the number of repeat offenders.
———-
This policy makes no sense at all – please explain to me what you have in place to stop the offender from just making another free account??? Otherwise this policy is worthless.
Thanks,
Maldoror Damone
October 10th, 2006 at 10:14 AM
P.S. This is assuming I would get trusted status, of course.
If it’s just going to be another thing for Lindens to game (pardon me, but that is how it seems), by removing abilities from players as a punishment – such as not letting anyone with a forum warning be trusted to script (just as no one with a forum warning can be in any helper group ever) – then I remove my support for this idea entirely.
If it were to be used that way, I would quit SL. This makes only the second thing I have ever said would make me quit SL (charging to rez prims being the other, lol).
coco
October 10th, 2006 at 10:26 AM
I think the best approach would be to start with the simplest methods and work your way up, causing the least disruption for the greatest impact.
For example, require a particular type of permission to be able to create a new script or edit an old one. Once that is done, default it to OFF for everyone and implement a very easy way for people to get the permission turned ON. For example, asking for it.
It becomes a matter then, of reviewing that person’s request, their length of time in game, any identifiable alts, any RL verifications available, and history of abuse reports.
A 1 day old account with no RL verification, three AR’s against them and no identifiable alts requesting a scripting perm might seem a little suspicious. A 1 year old account with many original (legitimate) scripts in their inventory and no AR’s against them would likely not seem suspicious.
After the initial flood of requests as the system is implemented, I believe it would taper off to a very reasonable and easy to manage level. The majority of accounts have no use for the ability to create or edit scripts, I think and would likely not even notice the change.
This would not entirely solve the problem, but I believe that it would very much slow it down, and as the griefers were weeded out of the script-permissions pool the community would stabilize with almost no disruption to the game or the average player.
It would be inconvenient for scripters such as myself during the first few weeks as the request for permissions were processed, but personally I am willing to accept that inconvenience for a chance to work peacefully in a sandbox without griefers attacking me with scripted objects every time they get bored.
October 10th, 2006 at 10:27 AM
(Pham Neutra: SUGGESTION: So why not restrict certain functionalities to residents with verified accounts SL-wide but still allow unverified accounts to use them in dedicated sandbox regions? And – as another resident has pointed out – umbrella-style grandfather clauses do not really make that much sense, when you are talking about security and trust.)
The problem with this is what is to prevent anyone from making some cool looking new thing (that has a malicious script inside it), set it to copy/no modify/transfer and leaving it in the sandbox for some poor sap out dumpster diving in the sandbox for freebies from picking it up and laying it down elsewhere outside the region. Sorry, not to fond of this idea.
I do think that Freebie accounts without information should not be considered as trusted, but can earn it by providing some form of documentation as to who they are. But regardless, all new accounts should go through a probation period that they are not charged for. So let’s say that I sign up for the 12 month premium package, and get charged the $72. I would get 14 months, before the next billing. The first 2 months being the probation period. Alt accounts that belong to already verified and trusted accounts would not need to go through this process, they would be considered trusted right away, based on the trust level of of the primary. Trust levels of the primary as well as any Alts would vary dependant on actions by either throughout their lives in SL through abuse reports as well as the rating system. Just my thoughts.
October 10th, 2006 at 10:35 AM
A couple of things spring to mind at this point–but I keep coming back to _Snowcrash_. While I fully favor the sort of Internet advanced in the book as a technological advance, I have serious problems with the social structure of the Metaverse. While the Lindens frequently point to the book as the inspiration for SL, I’m pretty sure they mean _inspiration_ and in no way mean to suggest that they wish to _imitate_ it. (At least I hope like hell that’s what they mean.) That said:
1) As Second Life is constructed now, resident run police groups without LL support and oversight would be vigilantism. With that support, they would be a huge drain on company resources. Unless things have recently changed (and they may have), neither the Live Help nor the Mentor groups receive training in their activities from Linden Labs. If current groups cannot be trained, there is no reason to think that future groups will be either. Besides, point me to a Linden with enough know-how in training police groups to actually not botch the job and create a group of overzealous security officers. Further, if we are going to have a resident run police force, then we need a resident run government to control them. SL is not a democracy–and whatever its future, democracy is a ways off. Without a democratic (or at least representative) form of in-world government to control the police force, any police force will be corporate run… If you don’t have a problem with that, then I would suggest reading (or rereading) _Snowcrash_. It’s NOT a utopian novel.
2) “Trusted” vs. “Untrusted (or whatever)” levels of access to LSL impresses me as a very, very bad idea. Am I really the only veteran of the Erisian Wars on the IRC in SL? Am I really the only person in SL who GOT the point of _Snowcrash_? In both cases, elite users vs. average users were a central feature–and in neither case was the result a happy one. (Well, we did get the EFNet up and running, but at what cost? I know for a fact that I wasn’t the only EFnet warrior whose harddrive ended up getting wiped several times.)
3) This whole thing about verification of accounts using credit cards strikes me as a red herring from the get-go. LL says it wants to open SL to users overseas who don’t have access to credit cards. Residents are screaming that the current increase in grid attacks are the result of unverified users (usually assumed to be underaged players who delight in destruction) running amok in the world. Utter nonsense on both fronts.
The current attacks are less the result of kiddies with nothing better to do than they are the result of a revenge based hatred of SL. While verification might slow down the attacks, it won’t stop them. These are people who will stop at nothing to bring the grid to its knees until they’re satisfied that they’ve made their point.
As for overseas access to credit cards–well, there’s a wonderful invention called a GAME CARD. Maybe LL should start selling them on its website–at least that way they’d have a real world address tied to the purchasing account. (And yes, that could be faked too–so add mail fraud charges to the griefer’s crimes.) NO system is 100% secure and no system is 100% perfect. I don’t believe for a second that LL thinks their solutions will do more than stem the tide, but neither should they dismiss out of hand the effect that authenticating accounts will have. Just because CCs don’t eliminate the griefing problem is NO REASON to throw the idea out.
4) Linden Labs is currently reacting very well to the grid attacks. But reactive management styles don’t work for long. It’s time for LL to get proactive and take steps beyond merely closing up holes in its defenses. I get the sense that LL knows that. They are, afterall, currently reviewing their corporate organizational structure and practices to see how they can better scale them–more than ANYTHING else, ramping up from a 10,000 user Mom and Pop to a 1,000,000 user professional corporation will alleviate (though never eliminate) the problems. LL is on it. They’re working it out. We can advance all the suggestions for police forces, verification procedures, LSL access restrictions, gun-licensing, etc. we want, but LL needs to scale up its ability to handle a grid with over a million users. At the rate things are going, they’ve got about 6 weeks to do it.
I–for one–honestly believe the solution lies in the LL office, not in world, not in security systems, not in verification systems, but in having a company structure and employee base where employees have the tools, methods, and numbers (where are we at now? Something like 1 Linden for every 7500 accounts? Yeeeeeeee!) to accomplish their jobs and to keep the SL world secure as possible. I wish them luck and will support them in _that_ effort completely.
October 10th, 2006 at 10:42 AM
Face it folks. They know their own system better than you do. They know what is best for everyone much better than you do. They will come up with a solution that makes everyone but the griefers happy, because making their customers unhappy is obviously not what they want. You’ll find out what their methods of creating trust are eventually.
October 10th, 2006 at 10:45 AM
The real issue is, the core software it is totally unstable. LL needs to learn how to write better code that prevents these issues, there will always be idiots. Just make the software better so that they are caught and kicked before it becomes a gridwide issue. I love SL, but I won’t continue to pay for a broken program. They need a rewrite, not another patch. I would rather have a stable platform, than any more bells and whistles. We don’t need an elete corps of anyone. We need better software, with built in security from the people who would shut us down. Every time they give us a patch, they break something else, I won’t pay to debug their software. They pay people to do that, if they can’t do it right, then hire someone else that can. I pay too much for Tier as it is and feel we should all be reimbursed for your theft of out time.
I wrote software for many years, and would never have been allowed to release such a buggy product. Shame on LL the fault is totally on your shoulders. Shut it down and fix it, because you have no future if it can’t protect itself.
That would be a inconvenience to all, and a monitary loss to many, but we are all inconvenienced NOW, and many are loosing money anyhow, every time this happens. It happens far too much.
Tigey Honey
October 10th, 2006 at 10:58 AM
Well after offering my two or three cents…and seeing what others post..and how clueless some are and some aren’t
I’ve come to the exciting conclusion that this comment thread is about as useless as tits on a bull..and is going nowhere…. I trust LL will make some good descisions for both the community and the future groth of LL and SL as a business… to do otherwise would just spell doom for SL, especially if we have more two day outages like this last one…
People need to realize that all this is still bleeding edge technology and that its going through some obvious growing pains…and I am sure it is going to get worst before it gets better…
October 10th, 2006 at 10:59 AM
1) I am in favor of Free Accounts with unlimited access, and limited life and ability.
2) I am in favor of free accounts having NO ACCESS to the main grid.
3) I am not in favor of those with free accounts having access to the main grid.
4) I propose a ‘taster’ grid, with a short life and things created having a short life, including objects, scripts and account names.
5) If there has to be a form of Verification, I propose that it is done by a limited private company so that there can never be issues relating to content, procedure, mainteance or methodologies relating to the creation, construction or control of Second Life Grids or users.
Kizzie.
October 10th, 2006 at 11:05 AM
Will “untrusted” members be able to rezz and use scripted objects or just not able to write scripts? If they can rezz and use scripted objects, I don’t see how this will solve anything. What’s to stop them from having a “trusted” account and an army of “untrusted/unverified” alts. not connected at all to their “trusted” account. In a case like that the “trusted account” can just transfer the scripted item to their alt and whamo….griefer attack again.
However if untrusted members cannot rez/use scripted items, will they be able to buy anything since most vendors are scripted? Will they be able to use scripted attractions such as roller coasters, water slides,etc? Will they be able to use a poseball? will they be able to use a camping chair(hmmm…camping chair elimination?)? Will they be able to us an AI?
If these things are restricted to untrusted members what is there for them to do in SL? Why not just require verification of some type for all members?
October 10th, 2006 at 11:11 AM
Firstly I have done nothing wrong, but I might end up losing some fuctionality. Thats bad, however you want to look at it……….what exactly is trusted?
Got a shop, make things, no abuse reports of any kind…..is that trusted enough?
You ae now running the risk of creating a further tier in game, some people can, some people cant. And why? Becuase A minority of people cause a problem.
The solution has been said Sooo many times its getting silly. Punish……..pubish fairly but punish, let people know who you have punished and how, none of this silly slapped wrist and told not to do it again, get with the bannings, they will lose interest before you do (or should), write a back end that can selectively wipe these objects out when they are running amok, Im sure you can be more inventive than the trouble makers……and not just “take something away” to stop this
October 10th, 2006 at 11:13 AM
“People need to realize that all this is still bleeding edge technology and that its going through some obvious growing pains…and I am sure it is going to get worst before it gets better… ”
ABSOLUTELY! Well said, jpitts.
Frankly, I fully anticipate that another attack in the next couple of weeks will shut down the grid for more than an “inconvenient” period. I can’t say with any certainty who behind these attacks, but I have my suspicions (as do many others, if I’m reading between the lines correctly)–and the griefer(s) in question will not stop their attacks until LL is financially ruined or the FBI comes knocking on the door. I’m certain the FBI will show up before LL suffers any real fiscal loss; I only hope they show up before _I_ go under.
October 10th, 2006 at 11:14 AM
Without being a Scripteror a SL wizard, I can only say these things happen everywhere within the virtual world. Things are very difficult to control when you have people from everywhere with different intentions.
All I can say to the Lindens is to protect your investment and our bank accounts (which are already quite hit by high monthly fees, land tiers, etc – please remember thi is NOT real world).
The last thing I want is to wake up one day and find the money gone from my account only because I wanted to navigate in a virtual (and very slow) world.
My advice is to invest on digital security without disturbing your resident’s day-to-day lives.
Joselo
October 10th, 2006 at 11:15 AM
LL needs to restrict access to certain scripts to ONLY “identity-verified” avatars. Unfair yes but at least most of us will enjoy less griefers.
October 10th, 2006 at 11:24 AM
Yes Steve M, thats a more acceptable way of approaching it. Full access on varification, lets get one thing clear, varification dosnt actually mean you are having to pay to try any of this out. It simply says This is who I am and I’m over a certain age. (or my parents consent to allow me to join in). If 99% of the scripts were available to non varified I think I could live with that.
October 10th, 2006 at 11:29 AM
Here’s a horrible suggestion, but one I can only think of to help deal with the crisis as is. Rather than restrict the new accounts, add a fee for those who want to do more complex scripting in Second Life. Maybe like an additional $2 to $5 a month more. Those who don’t pay a fee will be able to script, but may not have access to more advanced commands of LSL.
It is a HORRIBLE suggestion though, but that resolves both problems of keeping SL open to those legit unidentified persons, AND allows those to script simple, basic items, while having a “trusted” group of scripters.
October 10th, 2006 at 11:32 AM
A commentary post on this idea of “Trust” from someone whose SL livelihood depends on the ability to create and sell the scripts that perform much of the actions we’re talking about here.
I believe it’s not so much trusting the avatar Executing the script, as much as certifying and trusting the Author of the script.
http://poetryfountain.blogspot.com/2006/10/trusted-status-one-option.html
And thank you, Lindens, for taking action. As I state at the end of my post, I’m willing to go through some pains and will accept having “less magickal powers” for a while if necessary to keep the grid up- as long as I have a clear path to being able to build and sell my Wonderful Toys again soon.
October 10th, 2006 at 11:39 AM
“1) I am in favor of Free Accounts with unlimited access, and limited life and ability.
2) I am in favor of free accounts having NO ACCESS to the main grid.
3) I am not in favor of those with free accounts having access to the main grid.
4) I propose a ‘taster’ grid, with a short life and things created having a short life, including objects, scripts and account names.
”
Kizzie, probably the best ideas I’ve heard in several days of reading these blog posts. If LL can build a teen grid, they can surely build a free account grid and isolate the main grid to paying and verified customers.
Presto
October 10th, 2006 at 11:40 AM
If your in-world scripting is so prone to exploitation that, *without hacking the servers or clients*, people can, using that scripting, launch an attack so serious as to shut down the grid, and all that you can do in response is stop all but a limited number of people using your scripting features (or some of them) at all, then there is something drastically, drastically wrong with your basic design.
October 10th, 2006 at 11:42 AM
The problem must be solved by developing automatic maintenence tools:
Something makes the sim going down? Create an altert and slow it automatically down until further examined or stopped.
Getting kinda homeland security or second class users is nasty and inappropriate. And at least: It will not help.
Identified am I beside that, when I _personally_ have shown my passport. Wo of those crying for restriction has done that?
October 10th, 2006 at 11:50 AM
Banning IP addresses as I’ve seen proposed above, is NOT the solution. It may seem logical, but I’ve seen the problem with that first-hand elsewhere online, in a chat room (which SL becomes when they have to disable scripting and monetary transactions grid-wide like they did after Sunday’s attack, what we had left was really little more than a glorified chat room with pretty graphics).
Here’s the problem with banning IP addresses. Every address is a unique set of four numbers, such as 203.1.62.83, right? If you have a griefer with say, that exact address, and you ban it, then what? That final number is not necessarily always going to be the same for that computer. So you have to cut it down to only three, and ban 203.1.62.* instead. But then there are some ISP’s that are so large, that to be using say Verizon, you may not even always have that same third number. So to effectively ban this computer rather than the individual account, you now have to ban 203.1.*.*
Now here’s the problem. If Joe Griefer gets himself banned, and you happen to be unfortunate enough to use the same ISP as Joe Griefer, guess what? You’re banned too, automatically. Why? Because you have an IP address that starts with 203.1
Under this system, it won’t be long at all before nobody can log in, griefer or not. That won’t solve it.
Another issue I’ve run into, many of this gray goo that’s been getting unleashed into the system often, relies on using scripts, right? As a landowner, I do in fact have the right to disable scripting on the land I have purchased, if I choose to. I can also choose to only allow people within the group I have deeded the land to, run scripts. However, I have not done this. Why? I have friends who I am renting plots to, who do not belong to this group, and do to the nature of said group, have no business being admitted into it. But, they can and do use such things as animation overrides, radar, chimeras to dance with, etc. These all rely on scripts to be able to function. It is not fair to them for me to force them to turn these things off just because I’m worried about someone else’s malicious object getting onto our land.
That’s what is good about SL, is the number of opportunities we have to express ourselves. There needs to be some way I can allow them to continue to use such items that actually enhance their SL experience (and sometimes mine, such as if we have a big dance party out on the lawn like the one that suddenly happened by chance when I did my first DJ show), but still keep these malicious objects from using our property as a base from which they can do their own thing. That would help immensely, I’m just not sure how we can achieve that goal.
October 10th, 2006 at 12:09 PM
It seems to me that another approach would be that every operating script contain a simple identity code compiled into it which is unique to the scripter, this could be a single line of code that must reside in the any new script in order for that script to run. This code could be queried by LL at any point when the script is being run to find out who the scripter is. Since the scripts are all handled by the servers, any scripter’s id could be verified and any scripter or script disabled before it is run if necessary.
Detections systems could be developed with spam and grief signatures that will disable code if it falls into certain “halt” patterns. Those individuals who are developing real LSL applications that require violating typical halt patterns can petition to do so and receive special permission codes to do this. this would limit the number of persons who have the ability to make scripts that can bring down the grid and would minimize the number of persons who need to get this permission. The verification could be done on “save and compile” so that certain commands would not compile without this verification. This would minimize the queries to the server when the script runs.
I have been in SL for three months and the scripting is the most fascinating of all the oportunities. For most of what I am doing, I cannot envision a great need for self-replicating anything. Perhaps with this identity veirification, scripters who need this ability can register specifically for this privilige and be given specific permission to use this functionality. This would leave scripting open for all, and allow those who think they need this to be held more responsible for its use.
Another possibility, (though I have no idea how it would be done in LSL) is to have a limit on the number of generations an object can self replicate. When an object is rezzed by another object it inherits a numeric “gene” representing its generation number. When the Generation exceeds a specific level, it simply will not replicate. Again for those who need this ability, a simple application for permission to override this is granted. Instead of the generational number, a unique user id is tagged to the object granting a generational override and identifying the scripter uniquely. This puts the responsibility for this kind of use on those who need it and is traceable, leaving 98% of the community without any penalty for experimenting with scripts, one of the treasures of SL. Valradica
The verification could be done on “save and compile” so that any individual
October 10th, 2006 at 12:22 PM
From a network security point of view in the RL the key is never 1 item, it is layers. When you build a network that has public access you start at the edge and work in.
Outside Router with access lists preventing certain traffic
Firewall DMZ
Inside Router
Anti-Virus Software
Anti-Spam Software
The solution for LL is going to be the same thing. First let me say that limited access and trusted accounts area fantastic solution and a great first step. This stops the malicious quick griefer attacks. The thing to remember is that a lot of these attacks are being done by free accounts, however probably not the development! My guess is that you have people who are developing this with their regular AV, and then grabbing a free account, and away you go. How do you get around the original creator, very easy, once the scripts works, copy it to a text editor on your computer, log in as the new AV and done. With the trusted/limited access accounts this stops that from happening. The person is going to have to spend time.
Next on the list is going to be better fencing between sims to prevent grey goo from crossing the sims, or prevent it at all.
Updates are going to be critical, and accurate, bad patches open new exploits.
Last us, the member base, we need to make sure that we are doing things to help, like turing of scripting by others if its not needed on our land.
This will go away, but there will be many small things that will make that happen, no one big fix.
James
October 10th, 2006 at 12:26 PM
[...] Incidentally, yes, I have noticed the possibility of Restrictions regarding Scripting for certain Members of Society that have been proposed, and whilst I have been commenting on the matter on certain Aethernet Forums I consider that it would be somewhat premature to make a definitive statement, seeing as how the announcement was of such a speculative nature. Idle speculation is the Devil’s Playground. If firmer proposals are made I will certainly be making my feelings known. Incidentally it is interesting to see that the Linden “Blog” is at First Place in the rankings of its current publisher, wordpress.com. Apparently there are many curious residents out there demanding immediate information, and good luck to them, say I! [...]
October 10th, 2006 at 12:43 PM
A possible solution for verifying identity without any sort of payment method would be to give your physical, real world address. Then LL could snail mail a code to you to type into the website.
It would be kind of slow, but if this “trusted” scheme is just to allow access to the exploitable aspects of LSL such as auto rezzing and pushing, people could probably wait a couple of weeks and have lots of fun exploring and learning to script before they run up against a barrier where they really want to do something and can’t yet.
October 10th, 2006 at 12:45 PM
“People need to realize that all this is still bleeding edge technology and that its going through some obvious growing pains…and I am sure it is going to get worst before it gets better… ”
I believe that’s called beta software and I am not paying monthly fees to rent server space on beta software. If LL wants to charge players, they need to deliver reasonable service up-time. If they need a “bleeding edge grid” to build on before they roll changes on the paying customer server, fine, but you can’t have your customers on your staging/testing servers. At least not for 3 years, lol.
And to people saying this thread is a waste of time/going nowhere. You miss the point of the comments here. LL needs to know how absoultely terrible their service has been lately. I have only posted like 3 times on the linden blog EVER and it’s usually been positive and supportive but my patience wears thin lately and I don’t like the LL attitude. Their job pages brag about how smart everyone there is and how they only hire the smarties… I’d like to be able to SEE how smart they are from the quality of the SL service. Smarts are like sex appeal or humor, if you have to tell people you’ve got them, you don’t. ;p
Anyone joining SL in the past 4 weeks would think the inmates are running the asylum. Techie uber users will put up with this but everyday people will think it’s a hassle and just move on. The problem with getting 200k people in and having the new experience be this bad is how 200k people will stalk off and tell everyone they know how crappy SL is and the bad PR is exponential from there. And the kicker? Maybe a couple hundred of those 200k will actually read the blog here and maybe a few dozen will take the time to POST. In short, the unhappiest LL residents aren’t here complaining, they already ditched the game. They are gone. We are still here being patient and we need to post on the blog so LL knows we are here but we are not content and we support them but we want solutions that work.
LL IS full of smart people. SL is bleeding edge. But smarts and innovation don’t mean jack if it doesn’t work. I can go a whole year in SL without more innovation from LL (player innovation is where it’s at anyways) but I can’t go a whole year without them pulling their app from the bleeding edge back onto solid footing. A company can be on the edge, it’s called R&D. Customers can’t be on the edge, cuz they fall off.
October 10th, 2006 at 12:46 PM
Yes, Nexeus Fatale, that is a horrible idea. = )
October 10th, 2006 at 12:48 PM
Sorry DisQ, but I just don’t see the freeloaders, er, freebie accounts providing that much into the economy. I’ve stood around my stores and pulled up profiles on both lookers and buyers. Lookers its about 70% folks with payment used/on file, 30% no info. When it comes down to BUYING, its 95% payment used/on file players (aka, pre-freebie accounts).
So, while they are not good at buying, they ARE good at sucking down bandwidth, lag the asset server, and now copping an attitude when folks talk of restricing their programming abilities. All while paying NOTHING to LL. A great display of chutzpah if you ask me.
Am I willing to lose 5% sales to keep the grid up? You can bet your tail I am! I lose a HELL of a lot more sales in one grid attack / grid locked to Lindens than I would from cancelling of the ‘boost our numbers to the magic million’ freebie account program. And as far as those that won’t give info, tough….your paranoia does NOT outweigh the rights of PAYING customers who HAVE given info to get the product (access to SL) that we are paying for. Remember, WE are paying…YOU are not, so how LL changes affect you is of no interest to me (and I would dare say a lot of other paying customers).
Note, if it were up to me, LL would not only cancel the free registration, but purge freebie accounts in an effort to remove the griefer and untraceable griefer alts. But at least LL is trying, and I am glad to see that.
October 10th, 2006 at 12:48 PM
Martini: “Im sure you can be more inventive than the trouble makers……and not just “take something away” to stop this ”
I don’t think they can. Whoever is doing this is obviously smarter than them or thinking in ways they cant. This is exactly why I say LL needs to hire an “ethical hacker/griefer” to be inventive for them and help to identify all the problems, exploits, and griefing types of things with the system before new versions are released.
October 10th, 2006 at 12:57 PM
No, Musicteacher….our problem is WITH hackers/griefers. From a societal viewpoint it is wrong to reward antisocials for being antisocial…it just breeds more of them. LL Hiring one would be tantamount to saying to the others ‘Keep it up boys, you might get a cushy gig like this if you’re a bit enogh a-hole’. ANY company that hires an ‘ethical hacker’ (an oxymoron if I ever heard one) merely encourages others down that path…
LL is pursuing the right course of action, calling in the Feds. However, they need to go the rest of the way and have a working identification system, then keep calling the feds when attacked and providing information from the identification system to them. With the current system, its get account, grief, throwaway, get new account, grief… It should be, get account, grief, get suspended AND visited by the FBI. The first one has no disincentives…the latter does.
October 10th, 2006 at 1:15 PM
Bravo Lotte Twilight. I am not interested in spending real US $ to fall off of the bleeding edge.
I will also add that I am a noob and for the first week, tons of people gave me money…I had no payment information on file (now I do). Now I had been considering moving to the premium membership but with literally 12+ hours of downtime over the last few days, that’s not happening until LL gets itself together.
October 10th, 2006 at 1:20 PM
Since you’re such a big fan of the Feds and how they do things, here’s a question for ya? Who taught the feds how to catch guys doing bank fraud? A THIEF! Yes, that watermark on your check is courtesy of a very bright felon who, to work off some time, taught the feds everything they didn’t know about bank fraud.
Hackers who go legit are the same. Yeah, they were bad guys once, but their skills are invaluable. I say hire them, but do like the FBI did, and leave them handcuffed to their workstations.
October 10th, 2006 at 1:44 PM
Nigel, there is nothing to be learned from the grey goo attackers. These aren’t complicated scripts to write.
It can be done in a handful of lines of code.
October 10th, 2006 at 1:47 PM
“To be “Trusted” means you have the required information on file that allows punishment for whatever offenses are commited,”
… and be stolen by crooks during the next big database breakin. Yes, we like that idea lots, we do.
October 10th, 2006 at 1:47 PM
I’m all for security, believe me I hate griefers as much as anyone…but when it comes to being “trusted”, I have only one thing to say:
I’ve been a member of SL for over a year. SL has always been free to have all features except land ownership. If I have to start paying in order to script my objects, animators, etc, I’m going to be extremely angry and dissapointed.
Find a way to list folk as “trusted” without making them pay to be so.
October 10th, 2006 at 1:50 PM
To require acceptance and enforcement by a private group of residents (whether you call this vigilantism, ratings, getting recommendations, or avoiding blackmarks) would have a suffocating effect on second life. You create a group of gatekeepers, but then who polices the gatekeepers. After an initial salutary effect, I see such well intentioned systems evolving into politics, coalitions, majorities, minorities, and eventually the corruption derived from allowing people to exert decisive power over each other. This is simply what people do.
And this is a game, after all. (People who have met me will laugh cause I usually say just the opposite.) Most of the people are here to have nice time, meet people, have a taste of melodrama, play benignly with the fascinating technical aspects of the world, and perhaps make a little money. This is not life and death. We are not making collective decisions about levying taxs, educating our children, managing health care, choosing a foreign policy, and, of course, the REAL issues such as dealing with our local zoning board. (smiles)
I have enough of the real world political problem in my first life. I do not desire politics to embed itself into my second life. I prefer to 2nd live in a world governed by a benign despotism. I wish for policy and enforcement be the work of Linden Labs, not the residents themselves. Furthermore, this is a for-profit (fine with me) corporation creating a place where people may play and perform limited analogues to work (making money being another amazing aspect of SL). Any form of resident decision making is going to be similar to the Florentine Medici allowing a popular vote on trade route allocations.
Perhaps VRs will evolve into a genuine social communities with legislatures, executives, courts, civil rights, and a civilly controlled police power. But these are all interrelated things and there are issues that must be solved first. For example (to point to another issue in this thread), if you want to try a civil (resident based) enforcement system, then you are going to have to solve, at least partially, the verification, trust and accountability problems. You may not like getting a traffic ticket in real life, but the policeman or policewoman is a known and accountable person. This makes everything regarding your civil rights possible.
Great comments by all, especially given the irksome nature of griefing.
Thank you, Linden Labs, for second life.
October 10th, 2006 at 1:51 PM
After thinking about this all morning I guess I will wade into the fray here. I am a paid member and also a new scripter. My thoughts on this are that at the very least LL should have given a barebones outline of what they are CONSIDERING as the criteria for being a trusted scripter. It would save a lot of speculation and then would be open for refinement. But being as they didn’t I could see where being verified may not even come into play here. Maybe some sort of test to show BASIC knowledge in scripting and a sandbox or two where non trusted can go and try out thier scripts. It it isn’t already there then should be simple enough to insert a key into each script showing who the creator was.
A key + script creator would come in handy for a couple of reasons. In case of an all out attack then just disable that key’s scripts. But it could also be used for another reason. I have seen some wonderful examples of scripts, some mediocre, and some that are just plain horrible with infintie loops that kill sims. One of those horrible ones I bought from SLBoutique, a poorly scripted temp on rezzer. If the rezzed object was deleted it went into an infinite loop spewing out a new object every .01 seconds continuosly. Fortunately I always have debug open when trying out a new script and saw what it was doing and killed it. I wonder how many left it running????? In cases like that then LL could send an inquiry/warning to the creator spelling out the problem. But I have previously stated that we also need better tools to see how our scripts are actually performing. Hopefully LL will give thought to doing that also.
Who knows maybe different classes of scripters? I hope not thou, I am not the best scripter in the world but I am getting better and fast. I would have hated to have been limited in what I could or could not script. Actually the first item I created for myself was a simple, rock steady temp on rezzer that used very little server impact. I don’t use it much but I shouldn’t have been stopped from making it. As far as I am concerned that piss poor script had a much better knowledge of scripting at the time then I had and yet mine was better. Should he have been trusted and me not???? Spawn and Swarm have thier uses in scripting and are actually easier to understand and grasp then rotations, link messages, and many other facets of scripting. SO per my POV please do not make different classes. Have either trusted or not.
SL is an ongoing learning experience for all of us. Let me continue to learn and contribute. And now a final note. People can and do have money even though they have an unverified account. It doesn’t take very much creativity to get to the point of being able to sell creations or offer services.
October 10th, 2006 at 2:03 PM
I have been in SL now for about 3 months and think that the open scripting is one of the gems of SL. It makes the whole world interesting and active and would like to see it stay free and experimental.
On the other hand, with the projects I have done, I have yet to need the ability for self-replication of anything using scripts. Instead of trying to register everyone as a person who is allowed to script, why not only register those who need to do scripts that are self replicating, or are self replicating beyond a certain threshold. Replicated objects might contain a “generation” gene that after so many generations can no longer replicate and a registered key would be required to override this. 98% of the users would never need this ability and if they do, they might require special registration to do so.
The key would be tracable and spam and griefing profiles could be developed so that the system sees “patterns” from these profiles and automatically shuts them down. If a person needs to do something that violates one of these patterns, they would need to get a key to do so. The key would be part of the compile so that a bonafide registered user who passes off a script to an alt-avi, would still have their name attached to the code, which could be traced. The verification of the ability to do this could be done at “compile and save” time to minimize the tax on the servers at run time.
It seems to me that with some clever hooks in LSL, scripts could be limited without having to inflict any penalty on the casual user. Experienced, reliable users would have additional and traceable privileges, engendering the desired responsibility for the privilege.
October 10th, 2006 at 2:16 PM
This has nothing to do with *FREE* accounts, which always exsited. This has to do with *VERIFIED* accounts, which were the norm until a few months ago.
Now some people are acting as if it’s their god given right to access SL without being verified, even though that policy is only a *few months old*.
No verification, no scripting, imho. No other major mmo opens it’s doors to the public without some verification of identity, and payment, aside from a free trial. And even with a trial you have to cough up personal info. And they aren’t giving you the tools to take down their servers when you walk through the door!
October 10th, 2006 at 2:30 PM
Adding to my above comment, why not just disallow the LSL that can harm the grid to those who are unverified? Then people who are trying SL out can play around with scripting, without giving anyone with a hotmaill account the tools to take down the grid.
October 10th, 2006 at 2:55 PM
step 1
Dissallow script editing/creation in anyway to unverifieds. (or just dissallow unverifieds from the main grid. really easy, though it wont give you the big boner number of almost 1 million residents! (which we all laugh about))
step 2
Drink tea.
I allways found it a perfect example of LL’s ways that you can get in the game free and use it 100%, but you have(had) to register on some 3rd party site to post to this blog. More worried about perception of the game then what is going on inside it.
October 10th, 2006 at 3:36 PM
Just noticed new Sandboxes being implemented and had an idea. Why not just allow unverified accounts to script within these Sandbox type sim/enviroment. Thus keeping a higher security protocol/scanning on said sims. Once they leave these Sandboxes they lose the ability to run those scripts.
To even go a step furthers no script created by unverified accounts should be capable of being run on the main/general grid they can only be ran within designated sandbox sim.
These suggestions will still allow unverified accounts to enjoy and learn all about SL without the ability do anything that will adversly affect the main grid.
October 10th, 2006 at 3:39 PM
The problem is, these people use stolen accounts (oh, like, say, mine). While Second Life’s account security remains poor, any sweeping enforcement efforts will result in bannings of innocent customers.
Fix your support first, learn to do proper investigations and THEN maybe you’ll have a chance of stopping this.
October 10th, 2006 at 3:44 PM
[quote]If you are to implement a “Trusted” scripting system, I would hope that the INITIAL implementation would treat all existing users with clean accounts as trusted – even if all new basic accounts with no payment info were NOT classed as trusted. That way, no users would be deprived of abilities they had, and basic no-pay-info accounts would be the only ones penalized – those who are most likely to grief and who are least likely to require the full effects of LSL. [/quote]
Excuse me but a linden said in a earlier blog that there are more attacks caused by “Payment Info on file” accounts than the other way around.
October 10th, 2006 at 3:57 PM
“It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation.”
That’s a great idea. Trusted residents could be determined in so many ways! I was initially in the camp that providing payment info would be the easiest way to determine whether someone coudl script or not, but I don’t feel good about forcing residents to give up personal info at that level to be in SL. Part of the joy of SL is the feeling of it being “another world” and it would be great if in this new world you are building, we could prove ourselves through community rather than by the oppressive structures of capitalist society.
Trusted residents could be vetted by group members who own land, etc. They could have been on grid for a certain period of time, created a certain number of unscripted builds, or any number of other ways… Great idea.
Thanks guys.
October 10th, 2006 at 4:27 PM
There were a great deal of errors today. For instance, I happen to have bought a number of scripted items from several vendors (Amethyst/Sensations, for instance). When I tried to use some of them, they gave an error message: that the item was “illegal” (counterfeit). What was happening? Simply, the “Settings” notecard wouldn’t load. I asked the vendor for a new one and, bless her heart, she gave it to me. The item was modifiable, mind you. So, I opened up the content tab, deleted the old one and… wasn’t allowed to put in the new one, because the item, although it was MODIFIABLE, acted on THIS instance only as a non-modify. What’s wrong with this picture?
Also, Io Zeno is right. To hear unverifieds bitch and moan about their god-given right to go all over the place anonymously is preposterous and insulting to my intelligence. Either axe non-verified accounts or disallow them from creating scripts. And please, PLEASE, PLEASE, don’t start the “ooh, i’m a poor unverified but i’m very talented and create stuff”. So what? I know countless others who are verified and incredibly talented – and have had enough of this griefer ballyhoo.
October 10th, 2006 at 4:28 PM
please also see my Scripting Tips forum thread “a quality proposal” at
http://forums.secondlife.com/showthread.php?t=142183
for some ideas i’m working on to improve the quality and safety of all scripts at SL.
thanks.
October 10th, 2006 at 4:54 PM
@jpitts: That still relies on false security… they payment info.
Just because someone is able to pay or does pay doesn’t mean you can trust them more than someone that doesn’t pay or does not pay.
Look at it this way. I have enough L$ to buy a premium account, so why can’t I use the L$ to buy that account or even that one time setup fee? I’m having a delimma! =)
Why does it have to be verification by CC or payment info? We need verification without payment info. It can be done.
Um…
I propose that coders that want to be unlimited send their application to LL.
October 10th, 2006 at 4:55 PM
@lotka: Only verified accounts can read that since it is on the forums.
October 10th, 2006 at 5:35 PM
brava LL! but you guys are running behind times. after what 3-4 years, you guys now decide to implement a ‘ trusted system’?! come on… this is bollocks and will not work. i said it before and say it again – to run a game/ virtual world halfway smoothly – you need to fire the “dev intern”and hire someone who knows how to put security and safety measures into your game/ world/ grid..whatever. what/ who will qualify as a ” trusted member”? someone who has a good credit buero rating, someone that offers you a criminal background check, someone that has is a pimp/ ageplay citizen – yet makes SL a good chunk of money? wth? what defines ” trusted member”?!
all i am going to say over and over again, make this game available as a buyable software as any other rpg/ mmorg out there, with a monthly fee, and the ones that don’t like it – can go on yahoo and play ” go fishin “! allow 1 or 2 avatars per account, put the grids into several ” world/ regions, such as ” mature play, scripters world, business world and on and on.
but cut the nonsense with these free accounts, license the software per pc/ ip, have ingame csr’s, available who monitor the griefing and grid attacks.
that would involve money – but 6 mill WOW players are a proof that IT can work! you want a a business, SL… then you have to invest to keep your customer base happy, or you may will fall one day under the same gamers bash category as ” john smedley ” from SOE!
October 10th, 2006 at 6:02 PM
[...] Security and Second Life Discussion [...]
October 10th, 2006 at 7:18 PM
I started and still have my main Av on a free account, however that free account has payment information on file. It’s free,but I am trackable and accountable. I for one have seen the Sl experience decline in quality dramatically after June 6th,2006, and amnot happy. I understand that in the rest of the world Credit cards are not common or universal, nor are banks that are connected wo the inernet. But there has to be some sort of traceable Verification.
1.) All accounts must be verified. If one has privacy concerns,, then don’t join. This does not mean payment info, but it has to be somethng that can allow the Lindens to turn off their service and match name to an account. If you don’t trust the Lindens with RL info, then the lindens don’t have to trust you with their servers.
2,) Script usage by Info or payment tier. anyone can “use” scripts and scripted objects but only Werified users can write them, and only Premium user can use higher functions such as replicaing functions and/or push functions. If allaccounts areverified, then maybe pay to play for script authorship.
3.) Public publication of identities SL not RL of purged or suspended members. Th Forrmer London Cop has a good idea. If we are going to talk about issues of trust, we need to see the penalties of untrustworthiness occuring.
4.) One has to rememerthe differences between Griefers and hackers. Griefers willharass in person usually in groups using a disposeable one shot account, They are not a well organized experience, but more of Teenaged gang or Wolfpack fighting amongst themselves by performing greater and more outrageous stunts to prove dominance within the group, And like gangs they hate their rivals more than other residents. Hackers are those that attackfrom the shadows, exploiting the system,. Their moties are similar, in that they crave bragging rights, but they tend to work alone, preferring to create technical exploits to show their prowess against the grid rather than make furries cry. Both will use the disposeable accounts. Grifers are a misery wth a face, hackers are damaging the very economy in SL.
Some of the above posts lead me to the following. No grandfathering. It is likely that their are a number of free alt accounts lying dormant, especially those from before Black September, and as such verification is neccessary before access to jigher levelscripting can be done.
Vigilantism is allready in effect in a few of the often targetted furry sims, they made it work. It’s very much a militia in spirit. With PUSH disabled they are more like traditional contract security guards in that they observe and report (and freeze and take pictures of), rather than shoot, but many have estate control powers as well to amend the ban list and change access categories.
The anonymity on the Police Blotter is misguided, and that the names and penalties should be spelled oput, not RL names mind you (unless they are CONVICTED of hacking by Local or federal courts), Sure itmay stignmatize some folks for youthful indiscretions, but, if they are youth they shouldn’t be onthe main grid inthe first place, amd second would harsh penalties for immaturity be bad?
And finally, Utopianism suck for everyone except the top dreamer. This isn’t Utopia.before June 6th it worked better, butwe have the situation we have now, and finally it looks like the Lindens have seen the problem. ut utopian ideas arenot going to work, especially with SL’s possible corporate partners looking on carefully at how this is resolved. Ifor one am very resentful at the economic down time I suffer even when scripts are shut down, because SL without scripts is just a chat room with pretty graphics.
Karl
October 10th, 2006 at 7:40 PM
“Also, Io Zeno is right. To hear unverifieds bitch and moan about their god-given right to go all over the place anonymously is preposterous and insulting to my intelligence. Either axe non-verified accounts or disallow them from creating scripts. And please, PLEASE, PLEASE, don’t start the “ooh, i’m a poor unverified but i’m very talented and create stuff”. So what? I know countless others who are verified and incredibly talented – and have had enough of this griefer ballyhoo.”
Boy this is beginning to sound an awful lot like the illegal alien arguments going on in the U.S. right now….hmmm….
October 10th, 2006 at 9:02 PM
I don’t know which is worse this unimaginative solution or the fear based response that thinks its ok. So the people who are in Second Life now are going to sell out everyone to come, well how nice. Quite the social network.
“(not all payment oriented)”, there’s some coded speak for you, is this the beginning of paying for levels of ability and access?
It is possible that some metaverse solution will become some aspect of a future internet user experience but this solution is just further evidence that Second Life will not be that platform. Think about it, would the internet community ever tolerate a hands-tied-behind-their-back proposition like this one?
Maybe they should try the solution suggested by Mark Wallace at 3pointD.com or some other answer that punishes the few and not the many.
October 10th, 2006 at 9:04 PM
Well, we must take collective steps to counter it.
October 11th, 2006 at 12:14 AM
First, where I am coming from on this:
I’m a pretty new (about a week) player, and I do NOT have payment information on file. And I think I did my first script – or more precisely, copied & modified a script – on my third day. Maybe my fourth.
In first life I’m a programmer, and involved in some databases that have highly confidential information such as bank-account and credit-card numbers. I’ve seriously looked at some of these issues for several years now.
Now, my thoughts:
It is highly desirable that a script be traceable back to its author. There are limits though – if I copy and paste the text of a script (which I have done), there is no reliable way to preserve the identity of the original author. (What if I copy and paste sections from two scripts, by different authors, into a single script?)
In the context of enforcement action on an account that is – or has – an alt, the base account and ALL alts should be notified. And, potentially, subject to discipline.
I have absolutely no objection to the thought that my ability (as a user with no traceable information on file, or otherwise insufficiently trusted) to use certain script commands, well suited to grey goo and other such nastiness, should be tightly restricted or simply blocked. This should apply to any script or object that I own regardless of who created it, or any script or object I created no matter who currently owns it. Yes, this is a violation of perfect liberty, but perfection is something that tends not to work well with humans.
Security of the traceable information should not be a difficult issue. SL has to be able to write it, determine if it exists, and initiate first-life financial transactions, but simply does not need the information itself. The information can (should) be in a separate database on a separate box which is the only box that knows how to actually send financial transactions to the bank, with SL having only the authority to run a handful of procedures. There can be other means – outside of SL – for Linden staff to read the existing data.
October 11th, 2006 at 12:18 AM
This “trusted” thing has me kinda worried…who gets to utimately decide whos trusted and whos not? Yes the unvarified accounts should not have access to anything that can damages SL, if only for the reason they are unaccountable for their actions, there is no way LL can find out for sure who they are to report them to the authorities. However and this is a big HOWEVER, some of us have had suspensions for piddly reasons, such as not having a host at an event..and i do not think that this constitutes not having a trusted statis. I own alot of land in SL and pay BIG bucks, id best be able to have full rights as a player, my info is all on file, they can find me..and they are fully aware of who i am and where i live. Just hope we can call LL “trusted” enuff to keep that info off the streets…laffin, but just sayin, if i trust you LL, you need to trust me..if not just let me know…im sure i can spend this monthly tier elsewhere.
October 11th, 2006 at 12:37 AM
Im quiet new to SL and learning everyday Scripts are a challange to me basic ones im learning to do now, and building im getting good at with some great ideas, so restricting Scripts i dont think will bother me much and yes i am a full premiere member, but if Linden Labs has account info on all those that enter SL and those who open accounts then tracking these criminals that has spoilt the fun i was having over the weekend is paramount important if an example of Zero tollerance is implemented then a warning will be clear to anyone else contemplating this kind of irrisponsible action, How Many SL accounts who make L$ in SL have lost alot this weekend those who try to have a honest life here?
You get criminals where ever online game / universe you go into but in order to stay one jump ahead of them you need to employ an ex hacker Linden who knows the tricks and can counter any criminal attack in the world of SL.
This is my opinion and yes i am a noob in SL but not when it comes to online universes
October 11th, 2006 at 12:39 AM
Australian player here, and one of those dirty low-down unverifieds to boot.
I have a CC which I very rarely use, and usually have it scanned in front of me. I don’t use it to make overseas purchases via the net, and whilst I used to categorise this as paranoia on my part, I don’t think its entirely unreasonable having seen LL’s security compromised in the very recent past. Its not just fear of being hacked either – there are simple administrative goof-ups which can prove very difficult/costly to resolve when you’re in a wildly different time-zone and telephoning the company concerned is problematic.
I have spent hours trying to find alternate payement arrangements, without success. So I’d be very grateful if people don’t immediately reply with “get a prepaid CC and use that” (and so on on) unless you’ve seen one for sale in Australia (I haven’t), and know that its accepted by LL.
The irony of the current situation for me, is that I actually want to give LL money and they won’t take it.
If I want to play WoW I walk into my local game shop, purchase a game-credit card, and I’m away. If I want to play almost any of the other “big-name” MMO’s (Dark Age of Camelot, Everquest (I and II), Eve, D&D Online, UO, etc) I can pay cash to get a Western Union money-order, then head over to http://paybycash.com/options/available_merchants.php. So, to the people above who ask “how many other MMO’s can you play without offering ID?” my answer is: almost all of them. 
I can certainly see that ID is one way to deter hackers. But I’d argue that another way to move people like me from the “potential suspect” to “probably good citizen” category would be to let me pay via PayByCash or equivalent – you may not know who I am, but you’d have a “cash bond” as it were. And since I usually pay for a annual subscription in MMO’s, it’d be quite a decent bond.
October 11th, 2006 at 1:22 AM
QUOTE:3) Introduce a viewable bit, so a script that is marked unmodifyable can still be viewed if the author wishes. The case for this are for those who want to inspect the code of scripts from other people before executing them. Currently, if modify=false, you cannot look at the code.
While a good idea on the surface, that would defeat the purpose of the no-modify. You could then copy-paste the script into another page and do with it as you please, and if you couldn’t conduct a direct copy-paste, you could still copy it by hand one way or another.
On another note:
Everyone that’s suggesting IP Bans: Shut-up! They do not work well. You can move to another location for another ip, and if the greifers are using cyber-cafes and the like as I suspect a decent number are, that’s easy. They also hold the potential and likelyhood to block legitimate users if subnet bans were used, which are likely. I’m a network engineer, so I know what I’m talking about here.
October 11th, 2006 at 2:58 AM
you know i have heard from many people that linden has plans to restrict building and scripting to paying members.which troubles me.for the soul reason for everyone in my builder group except two ppl are non-paying members.not only that but if you take building and scripting away from the non-paying members.along with myself being a non-paying member this deeply troubles me.if you do this you will ether.
A)lose a lot of players and then SL will get a bad name
or
B)it pisses some of them off so much that they hack a paying account make a self-replicating object and go V for Vendeta on your asses.
but hey it is your guys choice
October 11th, 2006 at 3:50 AM
@loki: From the post: “It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation.”
…so, payment info is still not a priority over all.
October 11th, 2006 at 3:51 AM
As anyone who checks will note, there are now many more unverified accounts than verified. When I joined SL it had 170,000 members – now 873,000. But I remember griefer attacks when I first came into the game… They have always been a part of the SL ‘experience.’ I would be surprised if any action by LL in a virtual world could completely eliminate the challenge to those disposed to attacking and attempting to bring down this world. And although my goal is to bring beauty and wonder to SL – I can understand both sides. I do not believe that eliminating ‘free’ accounts will stop these attacks. I know paid accounts that have the knowledge of how to crash the grid. In fact – the most dangerous people I know – have been here the longest. Those with the greatest skills of scripting and building may become enemies of the game – from frustration and bitterness – or even boredom.
Surely LL knows what this is doing to game play. I have decided to stop building for now. Although I planned – and MAY still buy 200 sims for my vision of SL – I will stop when my current islands are finished. If LL wants people who can build 200 islands to do so – they will have to control the griefer attacks and stop the constant disruptions. Otherwise my empire building is over – and my 13 sims may be up for sale. My dream of making this a profitable venture is fading – like so much grey goo.
I believe scripts should be tightly controlled. Perhaps all scripts need to be approved and implemented by LL. I hate bureaucracy – and levels of it will slow development. But I have lost MANY hours of limited game time cleaning up! Three hours this weekend alone. If my game becomes clean-up and repair – I am out of here. My mall shops lose sales and customers and I still have to charge rent? If LL is down – all accounts SHOULD be credited. And those of us with multiple sims and dozens of businesses should be compensated even greater. We lose when LL is caught napping. Simply making sure all scripts that RUN have a bit of LL activation code attached could solve a complex problem.
Implementing this plan – like MOST – it a nightmare.
And sadly – since griefer attacks of all sorts are increasing – limiting the abilities of newbies to create objects and execute codes seems reasonable. I do not think they are the sole source of the problems – but some may involved. I do not understand why LL can not identify the computers of every member to prevent multiple accounts for people suspected of being trouble makers. Even people with multiple ALTs have the same IP address… I know other Internet sites that control usage this way…
I do not believe LL is sitting on its ‘butt’ watching and doing nothing. The Lindens I know are caring and concerned people – working hard to solve the many problems we all disdain. I do think a ‘time-out’ is in order. Implementing better and more precise controls – and limiting all new unverified accounts for a few months – tighter control of executables and more are needed. I have not given up on SL – but have become much more cautious of continuing my investments here – something LL should want to foster! Free accounts and – dare I mention – paid accounts that have no interest in building and creating need different rules and abilities. Why SHOULD people with NO property have the same potential abilities as those who create and build? How many out there CAN spend several hundred thousand dollars in world – even if they wanted to? And shouldn’t those who can – those who create this place – have more abilities that those who are just watching it all unfold?
October 11th, 2006 at 3:57 AM
I agree with Elex Dusk’s first and second comments.
Linden Lab is a business first and foremost and the bulk of Linden Lab’s revenue comes from land tiers. Land tiers are paid monthly by residents. I personally pay US$195 a month to the REAL LIFE company Linden Lab as well as my yearly fee of US$75. I have no inworld business and no inworld income – I just love Secondlife and am willing to pay US$2,415 a year for it.
Everyone paying REAL LIFE dollars to Linden Lab every month for land tiers will not continue to do so if this problem is not fixed. It’s extreme, but if enough paying residents leave – Linden Lab will fold. No more free accounts, no accounts for any one!
Good public relations are very important for any REAL LIFE business like Linden Lab and closing free accounts would be bad for LL’s reputation. I don’t have the answer, but I do think restricting scripting to paid accounts is a good idea and will boost Linden Labs REAL LIFE profits, as serious people in business in Secondlife will find the minimum dollars to join. Which can only by good for all residents as it will ensure more resources for a better Secondlife for all.
This will sound harsh, but Secondlife is not a free-for-all, it’s not there to provide entertainment to those that can’t afford to pay for it. I love it’s diversity, I love that it has many people from around the world. However – that said – it is a business and no business can afford to operate as a charity.
October 11th, 2006 at 4:00 AM
Silly Barry is an account I made up to see how easy it was to make a ” greifer” account.
None of the details I gave was correct.. ( can a Linden please clean up by wiping this account ).
Interestingly, when the pass word change was required the validation code was sent to the false E-Mail address I gave.. I could not recive it.. and so was unable to change my password.. and can no longer use the account.
This experiance leads me to think any registration should include a verification being sent, as the E-Mail address given would have to be valid..
I would like to see a change pass word done deliberatly NOW for all users as this would put on hold all acount whare a false E-Mail has been given.. any account whare the pass word is not changed in say 3 months can probably be safly binned.
With valid E-Mail addreses for accounts, tracking down and banning greifers should be easier.. At least a greifer will have to go to the trouble of opening a throw away E-Mail account wich I would hope SL could then trace to a real computer before he can set up a greifing account.
If a Linden can tell whare this comes from I will belive that free accounts are not as anonamouse as they seem.. drop me a line.
Regards Silly Barry ??
October 11th, 2006 at 4:10 AM
Response to: Cale Vinson
I am Australian and I have an account based on an Australian credit union account DEBIT VISA. No credit card. Not a prepaid credit card and if it was stolen, won’t accept transactions past the account balance amount which can be kept at AU$10. Any manual transactions are covered by the credit union’s insurance and are not the responsibility of the account holder.
Secondlife has accepted this card. IM me inworld if you have problems opening an account with this type of account and I will tell you which one it is. They will open you an account with AU$10 deposit.
Cheers
Alex
October 11th, 2006 at 4:13 AM
[...] The latest news on the issue is by Robin Harper, vice president of Linden Lab, creators of Second Life, where she explains their measures to be taken against further attacks. The first one is to meet up with Federal authorities in order to hand over evidence on the attackers and discuss the further process. Another mechanism according to her is the installment of a trust system in which only trusted users are allowed to fully utilize the Second Life scripting language LSL. No further information is yet given on how this trust system might work (except that it will not adding credit cards back to registration but instead it is based on credit card verification but not only) and also no info on how the scripting language will be restricted. Additionally the upcoming release of Second Life which is going to be deployed today is said to also address grid attack issues in respect to more easily identifying and stopping them. [...]
October 11th, 2006 at 4:49 AM
I think many of us would like to see some sort of outline of what characteristics will entitle and AV to “trusted” scripting status. At least for the initial group of existing AVs. I realise the whole thing is a work in progress but some sense of who would be considered trusted and who not would I think allay many fears.
While we are on the topic of “trusted”/”un-trusted”…
I strongly suggest you pick a different set of words to describe these groups. There is already on heck of a whitchhunt going on against unverified in world. “Trusted”/”Un-trusted” really sounds like it is a judgement call on the AV in its entirety and not just about scripting priveledges. I think you may really be intending something like “Scripting Enabled”/”Limited Scripting”/”No Scripting”
In addition I would suggest that this distinction not be visible to the general public but only to the av in question. The discrimination and nastiness is getting ugly out there lets not add more fuel to an already raging fire.
October 11th, 2006 at 4:51 AM
It makes me sad to see all this chomping at the bit for finding ways to repress people in the name of order.
I have no real problem with the idea of trust, my problem is with this being imposed on me from on high (or worse, from pitchfork wielding mobs).
Look to the future, look to the dream of a massively distributed open source global whatever that SL wants to become. How can this happen with some monolithic single entity playing eeny meeny with who gets to do what?
The answer seems pretty simple to me. Give me the ability to trust who I want in my spaces (land, sim). We already have push restriction for nongroup people on our parcels. Give us scripted rez/particle/pay/give inventory restriction, whatever- come up with a page full of tick boxes if you have to of scripting functions we can choose to allow or not, to non land-group people. But make it *my* choice as a “site” manager, don’t impose mob rule on how I let people operate on the space I lease (my land/sim I pay tier on).
Top tip- default scripting restrictions to “on”
Maybe some people will have to change their land groups to closed membership, ok that’s inconvenient, it’s not abhorent. Just please don’t fall for all this knee jerk reactionary drama. I’ve met some really cool people who have no payment info, some of them made cool stuff.
If you want SL to grow, you can’t be so parochial.
October 11th, 2006 at 6:56 AM
In case anyone is reading this still, I would just like to address the comments by FlipperPA. I found them quite hurtful and uneducated.
“Unverified accounts, however, can’t accomplish the goals you’re talking about. Unless they’re purchasing from a third party source like SLEx or eBay (and I think we can all agree that’s a miniscule percentage), “No Payment Info on File” accounts won’t have L$. Why? Without payment information on file, how would they have purchased L$ from LindeX? There are two ways I can think of: panhandling (which I’ve seen a meteroic rise of lately) or camping chairs”
Did you forget the little build menu?
To say that the only ways to make money in SL are to buy it through LindeX, panhandle, or use camping chairs is irresponsible and horribly arrogant. I’m an unverified account who runs my own content creation business, and I’ve made quite a bit from it, and I continue to be unverified to show people like FlipperPA that their classism is unfounded. I not only spend L$ inworld, but run a business and teach others the techniques to get ahead, and somehow it is impossible for me to add anything to the economy?
I’m not going to talk about how much you sound like a proponent of Jim Crow Laws, because if it’s not clear to you already, it never will be. We’re all people. I accept you as a person with the same rights as me, even if you’re a horribly stupid arrogant prick, so maybe you can lighten up on the crusade against unverifieds.
October 11th, 2006 at 7:04 AM
It makes me sad to see all this chomping at the bit for finding ways to repress people in the name of order.
I have no real problem with the idea of trust, my problem is with this being imposed on me from on high (or worse, from pitchfork wielding mobs).
Look to the future, look to the dream of a massively distributed open source global whatever that SL wants to become. How can this happen with some monolithic single entity playing eeny meeny with who gets to do what?
The answer seems pretty simple to me. Give me the ability to trust who I want in my spaces (land, sim). We already have push restriction for nongroup people on our parcels. Give us scripted rez/particle/pay/give inventory restriction, whatever- come up with a page full of tick boxes if you have to of scripting functions we can choose to allow or not, to non land-group people. But make it *my* choice as a “site” manager, don’t impose mob rule on how I let people operate on the space I lease (my land/sim I pay tier on).
Top tip- default scripting restrictions to “on”
Maybe some people will have to change their land groups to closed membership, ok that’s inconvenient, it’s not abhorent. Just please don’t fall for all this knee jerk reactionary drama. I’ve met some really cool people who have no payment info, some of them made cool stuff.
If you want SL to grow, I don’t think you can be so parochial.
October 11th, 2006 at 7:28 AM
I think everyone is making this too hard or I am just not familier with the game enough.
1. Apply for scripting rights….either payment on file or not. If a person wants to script, LL can verify via mail if necessary and the user just has to wait a few extra days to get their accounts verified. Or they can use CC information if they wish and they must attend a “saftey class” of some sort once their application is approved within a certain time frame or their scripting rights is removed.
2. Each area is allowed to turn off scripts if they so choose…so list sandboxes or make sandboxes/sims that allow approved scripters the ability to build and use. Some area’s will keep it on and others will not….nothing different then what is currently available.
3. No more allowing scripted items to be copied unless your the maker and in a sandbox which allows scripting ability.
Not all of us care to be scripters, we just like to use the items that are scripted that we buy..and most of that stuff is non-copy anyway (think Shoes!). If we change our minds and want to learn to script, we can apply for the rights to do so.
Seems like an easy solution but like I said; I might not be familier enough with the game.
October 11th, 2006 at 7:35 AM
I completely support the restricting of LSL to verified accounts. ‘Those who have something to loose’ is probably a fairly accurate definition of ‘trusted’.
People have mentioned the unfairness of those limits, but how fair is it when people who have nothing to lose and use a throw away account, are allowed to interrrupt the fun and business of the other 99.9% of the players?
In a perfect world we could be fair and equal, in the real world we have to be practical.
October 11th, 2006 at 7:57 AM
Problem is not the griefers creating these objects, probably they have 1 verified account and are transfering the scripted object to their unverified accounts for griefing purposes. So then their verified account gets banned because it is the “owner” of the object well they already transfered the objects to who knows how many unverified accounts….You’d have to turn off the ability of unverifieds to even rez scripted objects for this to be effective!
October 11th, 2006 at 8:17 AM
Regarding the problem of self replicating automata, would this modification be useful?
1) all prims have a property called generation level (GL).
a land owner sets the MGL
2) GL cannot be editted by avatars or scripts.
3) the GL of the prims of an object is set to the maximum GL of its prims when they are linked.
4) objects in avatar and prim inventories have an undefined GL
5) when an avatar rezzes (create, copy from inventory, shiftcopy) prims, their GL is set to 1.
6) when a script rezzes prims, their GL is set to one plus the GL of the prim containing the
rezzing script
7) a land area has a property called maximum generation level (MGL).
9) if a prim has a GL equal to the land area MLG, the scripts of that prim cannot rez objects.
10) a reasonable MGL would be 2 or 3.
A prim script could still rez an unlimited number of prims, however, growth rates would be linear and restricted by script delays. With this modification, there would be a limit on exponential growth caused by prim scripts rezzing prims and adding scripts, which then rez prims that add scripts, ….
In the VR domain, Desdemona prefers technical solutions to technical problems. (smiles)
Regarding other topics….
Regarding for the ‘trust’ issue, please bear in mind that this is one of the core real life issues: “Who do you trust?” Opinions vary in society about whom to trust and how to establish trust. The negative property of trust is that in practice it is closely associated with a high level of predictability. We tend to trust people who do not surprise us. This connection is the basis of the irresolvable disagreement expressed in this thread regarding ‘trust’ versus ‘creativity’.
As for trust in second life, VRs solutions regarding trust are limited by the Internet’s problems regarding trust. One cannot push SL ahead of the Internet curve on this issue. One has to rely on established, predictable (trusted?, smiles again) Internet solutions.
October 11th, 2006 at 8:19 AM
Why does an “8″ (eight) followed by “)” (left parenthesis) turn into a smiley? (giggles)
October 11th, 2006 at 8:22 AM
[...] Recently Second Life has been suffering from “destructive, malicious activity”. Read the blogpost about it here at the Second Life blog: Security and Second Life. If they want to make a model of the real world, there should be tough Scarfaces and criminals right? Your world, your imagination right? Or maybe not? A remark by Michael just came back to me: Did you already start the career as Second Life bum? « Presentation: Guy Debord – Theory of the Dérive | [...]
October 11th, 2006 at 8:28 AM
In real life, evolution is a fact. In the spiritual realm, evolution is the goal. As a soul reaches cognition, the process of developing wisdom and attaining higher understanding is why we are all alive. To assend to Avatar/Bodhisatva status is a long disciplined process and a tremendous responsibility.
Attaining “Trusted” status should be the goal of each individual in this world. However, there are those whose souls are incapable of achieving trust in their real lives bring their psychosis to this open world seeking to damage it. It is inherent in those with God status to maintain those “griefers” in a more contained status. Discipline is key to earning “Trust.”
To those of you involved in policy, please consult the Dali Lama. He is joyous and wise.
I am new here. Yet, the experiences I have witnessed exhalt me. I am so happy this is an open society. I am willing to remain in a lower status until I pass a series of tests that allow me to rise in status and trust. I do not wish to trusted by the fact I have paid money into the system. If that’s the case I’ll buy a congressman. In this world, I seek to develop my spriitual, problem solving, social, entraprenurial, and personal skills. I shall not ask more than I can earn.
I ask the same of everyone.
October 11th, 2006 at 8:32 AM
Can we please get it right. The issue is NOT free accounts. The issue is identity or age verification. Big difference.
October 11th, 2006 at 8:32 AM
There is only one viable form of “Trusted Account”. Someone who has provided verified ID that can really be traced back to the real life person who provided it. Payment info has nothing to do with it. If they can, in a reasonable period of time, provide valid ID and become ‘trusted’, they can play in SL. If not, then show them the damned door, and cancel their account.
SL needs to make the Real Life person who owns each and every account personally accountable for their actions. The ONLY way to do that is to deny access to any person who will not provide verified proof of identity. NOT some stupid credit card! NOT “did they pay us money or not?”. But rather requiring each person to provide a postal address and/or e-mail address that WORKS, and some acceptable standard of proof that LL knows who the person is on the other end of the keyboard, and can track them down if needed. Only then can they actually punish people for misbehaving on the grid. Only then can they keep the children off the adult grid. The main grid must NOT have any accounts that LL does not KNOW who the real life account owner is! If Linden Lab can’t figure out how to ensure that, then they need to hire a third-party company that can.
October 11th, 2006 at 9:40 AM
I’m starting to have a little faith in LL again after this blog post. Im thrilled to see something is going to be done. I don’t script (as of yet) but I do like finding and implementing the useful scripts on the forums from time to time. I would like to be able to continue doing that.
The suggestion of Lyndyn’s regarding restricting certain types of script functions to trusted accounts is a good one (I think anyway). Is there anything in, say, a basic script for a radio tuner or dance sphere that could be used maliciously? Im THINKING there isn’t but since I dont script I cant know for sure. Those of you knowing more than I could probably enlighten us on that…can commands or functions be broken down in terms of which ones cannot be used maliciously at all, those that only can be used for no good, perhaps those that can be malicious only when used in conjuntion with another function?
I would (somewhat) gladly give up my ability to use freebie scripts if necessay to keep these attacks down to a minimum or even eradicate them all together. I could always pay a “trusted” to script or copy freebie scripts for me. I see some potential for our SL scriptors to make some decent money if this idea is implemented. W00t for you guys(and girls). Its always been my observation (even if limited) that scriptors arent held in as high regard as content creators and I think we’ve all seen recently, when scripts have been disabled, just how vital these scriptors are to the SL environment.
October 11th, 2006 at 9:45 AM
Question: What is SL?
Answer: It is a Service Product.
Granted, it is a product whose identity is that of a Virtual World/Play land/Sandbox, but at the end of the day it is a product. As such, what rights does a customer have and what realistic expectations should he/she have? Answering that question is very Very VERY problematical for any MMO-type product (dealing with gold farmers in Wow; the SWG NGE fiasco; etc.) The answer varies from person to person.
Thus I propose a concept that is analogous to Countries/States in RL: the “Server-State” concept: different in-world areas/servers that have different security/restrictions. Those with higher security/restrictions are given priority by LL for service, updates, combating griefers, etc. Those with lower security are given lower priority. And, as in RL, you have to follow the rules of the State you are currently in.
Thus people get what they pay for: Want a business in SL that will be up 99% of the time? Build it in a Server-State where you need a verified account, trusted developer status, etc. (Just don’t have/want/demand the ability to do what-ever you want). Want a virtual playground where you can build anything, run Anything, do ANYTHING? Spend your time in a Server-State where you can join for free, have no verification etc. (Just don’t have/want/demand the expectation of server reliability).
LL would benefit by taking such an approach because it can balance resources to fight grifieng on the one hand (restrictive Server-States) with the freedom for users on the other (non-restrictive Server-States)
In Summary: In light of the Lindens condoning social systems and our inherent need to establish societies whenever we congregate, I submit that a One-Size-Fits-All solution is NOT going to work.
October 11th, 2006 at 9:53 AM
I submit to you, this idea.
We have, instead of anything anyone here has suggested
An option any user who owns land can click
“Grey-Goo attack Protocall”
WHAM, scripts gone, object-creation is gone, an active scanner goes out to look for known grey-goo scritps, and automatically deletes the objects that are. Another scanner waits for replication, and sends in a report to a LL Server database which corrospondes with other pacel reports, and finds the object and creator along with word-of-mouth reports, and then, a Linden with god powers brings up THE menu. Yes, THE menu. The menu to end all menus. With one button: REMOVE USER
BAM again, all objects made by that user, in the entire grid, is DELETED
INSTANTLY
NO
FUSS
INSTANTLY!!!!!
A grey-goo attack would be stopped in its tracks. Instantly. Long before any grid-downage.
Another passive sensor could automatically turn on when a sim starts lagging down and has a object creation that is really high. Folks, its quite simple, and the damage would be quite minimal.
October 11th, 2006 at 9:59 AM
I don’t think anyone is implying that “free” accounts are a problem, the lack of having to provide any type of identifying info is the problem. Previously you could play for free but you had to put a CC# on file. If they would just return to having to provide identifying info for everyone, that can be verified by LL it would do a lot to solve the problem. Hard to believe they don’t have at least some form of age identification considering the amount of mature content on the grid.
October 11th, 2006 at 10:03 AM
Well, this is probably the most informations I’ve seen in regards to LL actually doing something about these attacks, ever. The responses in here have opened my eyes to a few things that I;ve complained about in other parts of the forums myself, and have shown me the error of my ways in a lot of comments I’ve made.
The trusted v non trusted / CC / payment info on file stuff is a real bag of worms that are going to be incredibly difficult for LL and the community at large to unravel until a decent solution is achieved. I applaud the efforts being made.
Probably the most niggling thing I find about all of this is the lack of information coming out of LL in regards to the issues and problems. I’ve managed large IT sites in various countries around the world, and everywhere I go I adopt a policy of “be seen to be doing something, to the detriment of actually doing something”. What this means is, if you can work solidly on something and get it fixed in 2 hours, or you can post updates to the customer every 15 minutes and take 4 hours….then take 4 hours and keep the customer informed. The customers perception that you ARE doing something enormously outweighs the benifit, in every single instance, of expediting recovery. If the customer THINKS and (assumingly) SEES something being done, they are far less critical than if they sit in the dark wondering if anything is happening. 2 hours in the dark is a helluva long time compared to 4 hours in the light, however artificial that light may be.
Anyway. Good luck with finding a solution here LL.
October 11th, 2006 at 10:16 AM
My 2 cents, from an oldschool VR programmer. 10 years ago or more back on the old muck/MUs we had this same issue… who to allow access to the internal programming languages of the world. And I came from a VERY busy text world that had its share of “lamers” as they were known back then. The solution that worked for us was that eventually 3 levels of programmers were created. Level 1 – novice – only access to functions that could not do much harm. Level 2 – Standard – after proving they know what they were doing in level 1 they were given access to all but the most dangerous functions. Level 3 – Access to all functions, including ones that could violate privacy issues if misused – again after becoming known/trusted to the general muck staff.
Now I am not saying that this will all scale here. We had 200-300 folks on in a night… obviously the size of SL wont directly support this leveling system without a great deal of manpower of Lindens to review and check various things people write. I simply toss this out as one way it was done in the past on an active VR world, and if bits and pieces fall into place here, then there ya go.
I do agree though that the most dangerous LSL functions should at least be reserved to folks with verifiable RL info on file at Linden.
October 11th, 2006 at 10:19 AM
Think global. I would have a verified account if I could, but can’t because I can’t get one with PayPal because they don’t accept my French debit card.
It is not easy to get CCs in all countries of the world. Don’t lock out over 95% of the world’s population…
October 11th, 2006 at 10:30 AM
Question: What is SL?
Answer: It is a Service Product.
Granted, it is a product whose identity is that of a Virtual World/Play land/Sandbox, but at the end of the day it is a product. As such, what rights does a customer have and what realistic expectations should he/she have? Answering that question is very Very VERY problematical for any MMO-type product (dealing with gold farmers in WoW; the SWG NGE fiasco; etc.) I submit that a One-Size-Fits-All solution is NOT going to work.
In light of the Lindens condoning social systems and our inherent need to establish societies whenever we congregate, I propose a concept that is analogous to Countries/States in RL: the “Server-State” concept: different in-world areas/servers that have different security/restrictions. Those with higher security/restrictions are given priority by LL for service, updates, combating griefers, etc. Those with lower security are given lower priority. And, as in RL, you have to follow the rules of the State you are currently in.
Thus people get what they pay for/want: Want a business in SL that will be up 99% of the time? Build it in a Server-State where you need a verified account, trusted developer status to add content, etc. (Just don’t have/want/demand the ability to do what-ever-you-want). Want a virtual playground where you can build anything, run Anything, do ANYTHING? Spend your time in a Server-State where you can join for free, need no verification to add content etc. (Just don’t have/want/demand the expectation of server reliability).
LL would benefit by taking such an approach because it then can balance resources to fight grifieng on the one hand (restrictive Server-States get priority) with the freedom for users on the other (non-restrictive Server-States get priority)
October 11th, 2006 at 10:37 AM
OMG – A police force???? A volunteer one at that? Ever had your car ticketed by your local Senior Patrol. Get real.
Community verfication?? You will have to start paying for the privalage, watch how fast that would happen. If you aren’t a member of our group we can’t verify you, oh and group membership is L$1000.
It is simple, verify the people using the system. IWe know who you are. You grief, you’re gone. You don’t come back. Simple.
I am not in any way advocating the termination of “free” accounts. I agree that they help build SL. I think many are confused and using the wrong definition. You can be free and still verified. “Not Verfied” means LL does not have a clue who you are. That needs to cease immediately.
A bank account works nicely as the banks verify the individual. Then a few cents deposit by SL and the amount of deposit verifed by the newbie shows they have access to the account. Viola, LL knows who you are.
And for those few who can not even get a bank account to use for verification, I am sorry, but there are a lot of things in life you don’t get to do because of circumstances. If you don’t have broadband or a decent computer, you can’t play either. You don’t want to play by the rule, don’t play. Can’t sell on ebay or have a business PayPal account either if you won’t let them know who you are.
It was tried, it failed. No more unverified accounts. It probably won’t stop the most dedicated of griefers, or those ready to quit anyway, but I would bet it would go a long way to lessoning it.
October 11th, 2006 at 10:38 AM
Iron Perth Says:
October 9th, 2006 at 11:18 pm
A good place to start might simply be turning off LSL scripting for new users who are not payment verified. Use that as a stop gap measure for now, and then over the next few weeks think up ways to be more permissive (such as LSL scripting, but no rez, etc).
I agree whole-heartedly. I am a merchant also, and to bring RL business into SL is a difficult thing at this time. “Trust” is aquired through payment verification. Accountability then becomes factored into the situation. Sure, some one can steal a CC and login, but they already have security in place to prevent fraud (the 45 day limitation), and the amount of illegal CCs used would be NOTHING compared to the free accounts being able to fully script. As someone else said, give free accounts a dedicated sandbox, so if errant scripts are run, they can at least be contained and rectified. Let’s close these holes, and revitalize our communities
October 11th, 2006 at 10:51 AM
I’d find the kind of solution to this issue that is on par with the world you created. It is very innovative and I’m sure came from an inspiration and an intense desire to see the net actually do what we were told it would be able to do. You guys overcame issues that other developers always worked around. The biggest hurdle for you will always be security because of what you allow us to do, but you guys want this as much as we do. I’d rather see a solution to the greiver/hacking attacks that is as intuitive and enlightened as the inspiration that drove Second Life. Find this, and you’ll likely find a very elegant solution to one of the nets most annoying and expensive pitfalls.
October 11th, 2006 at 11:04 AM
again people when are you going to realize it doesn’t matter if a person is paying a monthy fee
it has do with the scripting
to some people $8 or $9 amonth is not alot of money if someone want to mess up the grid they will do it free or not
they need to make set of rules so its harder for someone to mess up the grid
everybody should not be able to script for one not everybody knows what there doing and if you make them wait unil they been a member for a period of time and requird classes who ever want to attack the grid is not really wan to go throught all that but if a person who really wants to script will
in real life you can’t do anything you want without some type of training
1. they should make people who want to script have a scrpit account with a id number
2 if a person is new to second life they have to wait 3monthss before they can become a scriptor
3. thers should also requrie to take a class on scripiting so they know what there doing
4 . disable the scripting option have it ony for verfied scriptors
October 11th, 2006 at 11:41 AM
Hey wait a minute, you better as hell not be planning to not let accounts with no payment info used not be able to build. That’s absolutely not fair especially when one does not trust the linden labs system with sensitive info being that it was hacked into recently (it’s all over the net now). I am here for purely artistic reasons and art should never be taken from the people.
I was about to write a positive article inviting the members of a popular well known art community to join this site, especially 3D artists. Please don’t give me a reason to not submit that article. I will certainly be very sad and disappointed.
October 11th, 2006 at 11:45 AM
Everyone, please bear in mind that it is the ability to RUN a dangerous script that needs to be limited to trusted people, not the ability to MAKE the scripts!
The average member of a street gang couldn’t create a gun or ammunition from raw materials to save their life, but any of them can pick a gun up and use it to terrorize the neighborhood. It’s the same with crasher scripts. The account that actually fires it off is almost always a disposable, unverified alt – or some unsuspecting dupe that is trusting enough to rez an unknown object that suddenly appeared in their inventory, or which said it was a ‘free gift’. Meanwhile the one who coded that bomb is using another account, and laughing at the attempts to track down an alt that he’s already decided he will never use again.
If it’s OK to require people to somehow prove that they are ‘trusted’ to run scripts – and frankly, without scripts, a majority of Second Life is USELESS – then why not simply return to validated identification of all account holders? The best form of trust is LL actually knowing who the account belongs to.
Make ALL SL users provide a validated e-mail address and postal address, plus one other form of valid ID – a credit card, paypal, a photocopy of their passport, an Adult Check member ID number… And give them 90 days to come up with that, or terminate the account. Make the ‘valid ID’ part broad enough to encompass our overseas players, and get off the stupid idea that a credit card or PayPal is thge only possible ID verification. An e-mail sent to their on-file e-mail address that requires a reply to a specific URL, with an embedded ID code, can verify e-mail addresses. A mailed letter with an authentication code can validate a postal address. It isn’t rocket science, folks. It’s e-Business 101.
October 11th, 2006 at 12:01 PM
Assumed that Linden Lab is working on the technologies to make such attacks harder to do, easier to spot and faster to clean up and resulting in maybe here and there a downtime (but of course not the amount like last week) like 30 mins. Would that be a problem?
For me it wouldn’t be and I’d rather have that then any restrictions on anything. We all know that attacks will happen nevertheless anyway so my goal would be to keep as many possibilities for everybody as possible.
Besides it’s not really a security but a stability issue here. So it’s not even the case that peope can steal stuff or anybody get’s hurt.
October 11th, 2006 at 12:11 PM
There are many griefers on the Internet itself, so why isn’t there a verification system to even be on the Internet? There are many reasons – one, is that the internet is only designed to transfer data – not verify people even if that data contains means for verification.
Same way with SL. The core of SL does not verify people. It is a databank of assest. Those assest could contain data to allow use to verify people.
Some here want to put the cart before the horse and make it a priority to verify before the use of assest. The use of the assest is what should remain free, which a verification prerequisite would prevent.
Help this view helps.
October 11th, 2006 at 12:35 PM
Kitty Rich Says:
…….
Outline
Aim of SLCPU
* a quick low level response to griefing reports especially where Sims or grid may be in danger and to reduce griefing incidents in public places by maintaining a visible presence
#If people see volunteers like this around it would perhaps ease the minds of others just by the sight of them.
*To take the pressure off Linden staff and the live Help and Mentor Teams by being trained to handle interpersonal conflict before it becomes abuse
#This would be very helpful to the Lindens as they are usually swamped with all sorts of other stuff, namely patches, bug-fixes and maintaining the grids stability.
*To provide another level of Liason in world with an emphasis on security and responsible behaviour
#*points to above #comment
Some suggested abilitiesof SLPCU
*Disable scripts, builds and fly in Sims
#Don’t see why fly is too important here, mebby to keep the perp from running away?
*Freeze suspects grid wide
#this would probally be too intensive to use, being able to map the suspect without friend status may be a viable option.
*File 3rd party AR’s in cases where the resident may be unwilling or unable to take action
#A question lies here, why would the resident be unwilling to file a AR or unable to take action?
*Confiscate items grid wide
#This could be very badly abused…. however, take copy of certain items and a return function no matter where your at could work better. (inventory would be flushed like every logoff to prevent abuse as well as inventory transfers disabled on these “special” accounts to prevent theft)
Identification and Profileof SLPCU members
*Common Surname – special log on – that is to ensure that only members have that surname – relying on Groups is too easy to counterfeit
#This I can agree with, just like the Staff at Linden Labs has “Linden” on the end of thier name the Security team should have something to the same effect.
*Avatars to be open to be Logged into by Linden Liason staff to verify that the inventory etc is as per requirements
#This would take time that LL needs to build patches, bug fixes, etc. to just check inventory on what could be perhaps a couple hundred accounts. Again I would have to say like every login flush the inventory and replace it with the usual outfit, equipment and what-not.
*Suggest that the force remains Voluntary with perhaps incentives like relief on Tier fees or membership fees for participants
#Incentives and such like that can cause a few problems with people just wanting to sign up just to get a break on how much they owe LL and not do anything in return.
*Accounts to have limited inventory and not be allowed to hold Linden Dollars
*Conversations from these accounts logged
#I fully agree, mostly to keep the Volunteers in line and such and for evidence at a later time.
* Uniform Avatar – non threatining – perhaps in a form that is neither anthro or Furr but rather a creative looking entity that would be difficult to copy and easily recognisable. Avatars should be phantom prim as a defence against attacks
#instead of one, a few might be good, to keep the diversity of the users but still have a look of a tightly bound group dedicated to helping residents.
Training of SLCPU Members
*Terms of Service – especially those sections that deal with in world offences
#yup
*Assessing whether the intervention is either necessary or wise
#yup yup
*Customer Service and Public relations
#definately need this
*Dealing with various types of weapons
#I can name almost every type of weapon out there, most of the freebies anyway but I try to keep updated on what every weapon looks like and what it can do as well as its name. Most griefer attacks are done with the freebie weapons mostly because I highly doubt some person is going to cough up 1.75 grand in linden for Dual Black Widows just to grief a couple clubs only to perhaps get banned a week later.
So basically if you know the tools, you know how to defeat them.
* Negotiaing with and counselling griefers making them aware of their offence and possible consequences
#Some Griefers have no remorse, i.e. the Grey goo problem we have been having recently. There is no Negotating with people like that.
Duties
*To be available at set roster to ensure adequate coverage
#Gotta remember, sometimes RL can butt into a persons SL and completely screw the roster up, if they show, good, if they don’t hope somebody else can pick up the slack.
*To patrol known trouble spots – Sand Boxes and welcome areas acting as Public relations and tour guides etc in addition to security duties
#Technically LL already has Greeters and such but I hardly see any of them around the welcome areas, This might help a bit in a few places but not by much.
*To be able to provide immediate response to any suspicious activity and secure areas where dangerous objects may have been rezzed
#Again, the ability to map anybody in-game would come into play here for quick response. Get a name and boom your standing behind him going, “Hello there, is there a problem?”
* Gather in world intelligence
#don’t see what good this is, you see somebody shooting another, and It doesnt belong… what more do you need?
* Support Land owners in enforcing rules for example no weapons, nudity (PG) langauge (PG)
#LL Again has thier hands full with this but I think this should count for profiles as well seeing how peoples profiles Have to remain PG even if they don’t go to PG areas.
*Act as a liason between Residents and Lindens on security issues
#Technically I would see this security force as a kind of replacement for the lindens in terms of security, the Lindens only needing called in if it is a real bad situation that needs handled.
* Investigate AR’s on behalf of Lindens for things like inapproriate buildings and overhang of boundaries – and preparing reports for LL if the situation can not be resolved in world
#Perhaps a pre-formatted notecard thats used and sent to a specific account thats under LL’s Control for reports and such for LL. Anything that can’t be resolved In-world is not the problem of Linden Labs but the problem of the users.
* To teach griefed residents how to handle grifers and file lucid and complete AR’s
#this would be very handy, I have seen first hand the AR’s that have been filed completely missing data and such leaving nothing to follow up except a name, a screenshot and a category.
* Teach and promote the responsible use of weapons
#as long as they don’t shoot me while I’m teaching them I’m cool with it.
*Promote the philosophy and cultural values of SL especially tolerance
#tolerance… touchy subject for some, we have our furres, our Goreans, Our BDSM, other stuff I won’t get into for a PG site… So technically to promote the philosophy and cultural values of SL one would have to be tolerant themselves.
Limitations:
* Powers are only to be used to secure a situtaion until a Linden can make them selves available.
#this would work with the logging thing, every menu selection, teleport, chat should all be logged to make sure none of the volunteers abuse thier abilities in any way.
* Laws of eveidence apply the word of a community policing member holds no more weight in an abuse report assessment than a standard resident
#Evidence is everything, without any evidence cept thier “word” wouldn’t hold up in a Real Life courtroom and it won’t hold up here either. Needing Evidence always, like a copy of the object (read above comments) Screenshots, chat logs… yadda yadda…
* Not allowed to accept gifts or gratuities even in their regular avatar which in any way could be interpreted as a conflict of interest
#for these accounts I belive that anything directly given to the Security officer should be discarded as well as the Linden balance frozen to prevent any incoming funds. perhaps the pay goes through then gets refunded by the system to the giver with a message like, “This volunteer is not permitted to take any form of gratuity except for your thanks. But thank you anyway for the guesture”
* Residents who hold such a position must declare all Alternative accounts to LL.
#Technically as well Any Alternative accounts are supposed to be paid for, yah only get your first one free but nobody follows that rule >.
October 11th, 2006 at 12:36 PM
Part 2….uggh.
>.
October 11th, 2006 at 12:38 PM
Ok, apparently I broke the poor wittle blog with me face character… go fig, probally some scripting blocker or something. Anyway, the continuation of it without the face… *checks for more*
But with the comments above this wouldn’t even be necessary if it wasnt for the fact that I know with something like this LL would want to Check EVERY alt for CSR’s and AR’s to make sure they have been good. (I know I probally have a few AR’s against me but hell, I was just doin my job. pretty much what you posted Kitty, playin the security freak… heh.
* No direct access to LL staff except a designated Liason and as is necessary in the course of duties – LL staff to be made aware that the SLCPU are residents not colleagues.
#Makes sense to me.
Outcomes:
* Reduction in the filing of Abuse reports by maintaining a visible presence
#yup
* Quicker response to suspected Grid attacks by being able to assess the spread of WAN griefer tools and isolate areas
#yup yup
* Higher retention of residents by providing a more secure and stable operating environment
#not to mention Chicks dig the uniform *grins* j/k But this would help out big time with LL and the stress these griefers have been causing EVERYBODY in SL.
Kitty Rich I applaud you for your efforts and your idea. It’s brilliant and insightful even if it does have a few holes. But no idea is perfect. and nither is mine… heh.
October 11th, 2006 at 1:18 PM
taotakashi Says: Besides it’s not really a security but a stability issue here. So it’s not even the case that peope can steal stuff or anybody get’s hurt.
==========
Pardon me?
Destroying no-copy content that we paid money for is still destroying valuable goods, which we have to pay real money to replace. Stealing copies of in-world merchandise by hacking permissions, or stealing funds from people who attempt to use a vending system in-world, or stealing L$ by hacking account passwords or tricking people into paying for goods that never get delivered is still *stealing*. The L$ can still be converted to real US dollars, and many players have a hefty balance of L$ in-world, which a griefer could attempt to steal and convert to real money. And for those of us running businesses within SL, *any* time that the grid is down, that is lost income directly taken from our profits. When the grid is down, people are locked out of our stores, and we can’t do work in-world.
People DO get hurt, and people DO commit actual criminal acts with these griefer attacks.
Maybe for *you* it’s merely an inconvenience if you can’t get on line, or if you lose things from your inventory that you paid good money for. For those of us who have made a serious investment of time and money and effort, these griefing attacks represent a real and tangible financial loss. It IS theft – plain and simple.
October 11th, 2006 at 1:43 PM
What an awesome world Linden has created! It would be a shame to introduce a politics of policing to solve the recent problems: I have seen too many IRC networks fall apart due to trust and permission issues. I agree with the previous writers who have said ‘fix the environment, not the people. The best suggestion above to date is:
[ ninjafoong ] : “The best solution IMO would be to embed a counter inside all prims, every prim that gets rezzed inherits the counter of its parent less 1 (or a power / fancy formula) and the parents value also decreases, when a prim has 0 ‘rez energy’ left, it simply cant rez any more objects. Add the option to kill to pass energy from one prim to its parent on its own death. Scripters will be forced to tidy up after themselves. ”
If this reduces the spectacularity of particle fireworks, so be it. Or perhaps grant a ‘license’ to “trusted” fireworks (particle)/weapon/fractal developers to raise the ‘rez energy’ limit for their creations… but please don’t impose a ‘trust’ system on all users. Remember the lessons from IRC… any sufficiently malicious person will get around any social restriction. The solution to this problem lies in the software.
October 11th, 2006 at 2:11 PM
SL for a few years and I can work with the terrain, build a decent house if I so see fit and play all day with shaping my avatar and your’s too if you’d like me to create a new look and send it too you, but oh dear Lord in heaven above do not let me make scripts! I don’t know the first thing about them and you know what?… I don’t care know! LOL!
What a mess, but I suppose there must be some type of satisfaction out of it. I realize a lot enjoy creating the scripts that makes our SL so enjoyable and I thank each and every one of you for your contribution on the giving end of the full effectiveness our eyes behold from your minds. Never the less, there are some others or some person that their way to attain pleasure in their life and well…….I will just be quite ‘folds hands’. (tap tap tap…goes my finger nails, grumbles to self….”ticked me off my play ground being shut down because of this goo-who not able to goo-off any other way!”)
October 11th, 2006 at 2:40 PM
I’ve been in SL for a few years now and I can work with the terrain, build a decent house, if I so see fit and play all day with shaping my avatar and your’s too if you’d like me to create a new look and send it too you, but oh dear Lord in heaven above do not let me make scripts! I don’t know the first thing about them and you know what?… I don’t care know! LOL!
What a mess, but I suppose there must be some type of satisfaction out of it. I realize a lot enjoy creating the scripts that makes our SL so enjoyable and I thank each and every one of you for your contribution on the giving end of the full effectiveness our eyes behold from your minds. Never the less, there are some others or some person that their way to attain pleasure in their life and well…….I will just be quite ‘folds hands’. (tap tap tap…goes my finger nails, grumbles to self….”ticked me off my play ground being shut down because of this goo-who not able to goo-off any other way!”)
October 11th, 2006 at 3:43 PM
I was mainly referring to the grid attacks with self-replicating objects. Sorry if I didn’t make that clear enough but I thought this post was mostly about these recent attacks which were not about stealing but denial of service.
All hacking and tricking people into something is also not going to be addressable (at least only partly) by restricting the scripting language.
And I am also not saying that people doing offenses should not be punished. Yes, they should be.
And I know that it is stopping business when the grid is down and that’s why I said that it should be up again in the case of an attack as fast as possible.
My main point is that I do not want such events to lead to more and more restrictions. If that is happening than those attackers have reached their goal.
October 12th, 2006 at 12:30 AM
Wheres the blog to tell the truth about SL?
After a week on SL I’m going back to text chat for my online experience. Despite the hype on The Economist about in-world commerce, my experience mostly meeting teenagers with bigger biceps than personality. My search for intelligent chat usually ended in a zone full of tiresome avatars have pixilated sex with each other. Lads…grow up and realise you’re all having virtual sex with each other…eeew.
October 12th, 2006 at 2:45 AM
As the Public Sandbox owner, with scripting and pushing enabled there, I definitely like the idea.
It seems clear that the Second Life Abuse Team will never have the manpower to handle all incidents.
Punishing SL griefers will be indeed most effective if this process has an automated system in place
You could include an additional hidden negative rating in the processes and combine it to the ‘Behavior’, and ‘Given’ one in order to rate an elaborate trusted level. The actual trusted level of the person rating negatively could also influence the ratio of the negative rating along with a payment oriented factor as well as the SL age of the griefer’s account. And as residents level goes down you could automate incremental disciplinary actions possibly combined with fines and penalties such as LSL restrictions.
That way each resident would have an actual trackable criminal record as a tool of dissuasion…
October 12th, 2006 at 3:54 AM
I hope this gets through…
Short thoughts:
Give me, as a land owner and sim manager the option to tick/untick specific “problem” LSL stuff on a group/nongroup basis. Just like push restriction. Or fix “allow scripts” for group deeded land in the short term so we can set this and not have our stuff break because we grouped our land.
Default these new script options (give inventory, rez, pay etc) to “restricted” and leave it like that on protected parcels. If someone wants to open their parcel to the full range of scripts, they can do that and it only affects their sim at worst. You can’t evolve SL into a world wide thing by being monolithic and parochial about people in it, or bowing to baying mobs. Just give us the tools to manage our spaces to fix problems ourselves.
October 12th, 2006 at 4:25 AM
I hope this gets through… I am really struggling to get a comment to show on here
Short thoughts:
Give me, as a land owner and sim manager the option to tick/untick specific “problem” LSL stuff on a group/nongroup basis. Just like push restriction. Or fix “allow scripts” for group deeded land in the short term so we can set this and not have our stuff break because we grouped our land.
Default these new script options (give inventory, rez, pay etc) to “restricted” and leave it like that on protected parcels. If someone wants to open their parcel to the full range of scripts, they can do that and it only affects their sim at worst. You can’t evolve SL into a world wide thing by being monolithic and parochial about people in it, or bowing to baying mobs. Just give us the tools to manage our spaces to fix problems ourselves.
October 12th, 2006 at 12:55 PM
Here’s a thought: Make people put their e-mail address when they sign up, and don’t let them in until they go to that address and confirm it’s real.
I really don’t think that is too much to ask of people. Everyone else does it.
coco
October 13th, 2006 at 12:24 AM
You know, I was thinking about this in bed and had to get up and come over to here and say this.
There have been forum threads describing how to tell if someone is a griefer or not. The biggest problem with griefers is that banning or some kind of community response does not affect them; they care little about their characters and will be very happy to just create another one. The people that would be hurt the most would be the “upstanding citizens”, which are here to play the game and have sunk a lot of time and effort into creating a character that is not easily replaced.
The trust system should be based on similar criteria (if you can somehow codify this). You are trusted as much as the amount of time that you place into developing a character in the system. If this were an MMORPG we could say “you are trusted if you are above experience level 30″ or something.
The point here is not to filter people out based on whether they have a credit card or have paid for a license or something. The point is to base it on how much they value their character. They may still throw up grey goo occasionally, but they would have lost a great deal more with their banning.
October 13th, 2006 at 6:39 AM
Reply to Max:
Happy to have an intelligent conversation any time – look me up in world.
October 13th, 2006 at 8:24 AM
Downside of the timed approach is that you cannot completely dive into all the aspects of Second Life. You will have to wait. It is then to be seen if people will have the patience to wait that long.
IMHO the downside of this is that it creates classes of residents and such things are not part of my dream of a new world. Also it would mostly hit the nice userbase and not the griefers as there’s always some way around such things for them.
I also would prefer to wait a bit to see how many attacks are really happening and if not technical means can be put in place which do not limit the freedom of all or part of the resident base. I agree we had a bad week but I’d rather not conclude from this week to the rest of all times.
And when we start to limit our freedom (or those of new members) because of these incidents then it is very much likely that it will be done again at the next one. And thus Second Life will become more and more limited.
I’d see this as success for the attackers and I’d rather not see this happen.
And it we take Real Life as example then even the success of measures already in place does not mean that not new ones are called for. If for instance we get hold of some people by having lots of cameras then people say “see, it helped, let’s get even more” and if it did not work then they say “See, we just don’t have enough”.
)
(in Second Life though we already have completely Big Brother coverage anyway
So I’d suggest to wait a little until the dust has settled and then think again about whether we actually need more restrictions and only if there’s a very strong yes then we should think about what the best tools for this would be.
Freedom++ !
October 13th, 2006 at 10:34 AM
Anyone involved in computer security (or any kind of security) knows there is no *one* step that can taken to combat exploits. It is multi-measured policies that reduce the liklihood of attack that are most effective. The fact that it is easier to access the SL grid than it is most web based forums (or to even post on the SL blog), is a major hole just waiting to be exploited. And it has. Repeatedly. Would the LL IT team say we are not going to harden our servers from outside attacks because that would not “magically” make all attackers disappear? Of course not.
Also, I have trouble with the mantra/rationale about opening up SL to these people all over the world who don’t have/can’t get credit cards…. Well, what about the people all over the world without sufficient hardware capability to run SL? I’m very sure they could contribute to the SL experience also. But you know what, *they* are excluded. Should LL make SL less taxing so you can run it on some celeron or 3 year old laptop? SL is *not* going to be available for everybody.
October 13th, 2006 at 7:37 PM
Haven’t read this whole thread, was busy today but just wanted to add some thoughts on limiting untrusted users. Would it be possible that since basic accounts can’t own land that certain functions such as llRezObject, etc only be allowed in attachments or in sandboxes? That would severely limit the scope of the damage done by these individuals and still allow basic users to build and play games and such.
October 13th, 2006 at 11:02 PM
>“People need to realize that all this is still bleeding edge technology and that its going through some obvious growing pains…and I am sure it is going to get worst before it gets better… ”
October 14th, 2006 at 7:38 AM
Those willing to give up their rights for security deserve neither…
October 14th, 2006 at 9:30 AM
“There have been many suggestions regarding the regulation of scripting and we are in fact looking at technical options which will allow only ‘trusted’ Residents to fully utilize LSL across the grid. It is planned that “Trusted” Residents will be clearly defined, and there will be processes in place (not all payment oriented) to become “trusted” if your account currently falls outside of that designation.”
If I couldn’t script, within the trial period of my first account, I wouldn’t be in SL: the freedom to script is what makes SL distinct from every other virtual world. Unless the definition of “trusted users” is broad enough to let someone script while still “trying out” SL you’re going to alienate the people you most want to attract.
And it won’t solve the problem. Right from the very first day of “open enrollment” you had griefers using one throwaway account after another to harass people simply by following them around, pushing them by running into them, and running annoying sounds (none of which requires scripting), and generating a fresh account every time their victims banned the one they were using.
The problem isn’t scripting. The problem is open enrollment.
October 14th, 2006 at 10:48 AM
“People need to realize that all this is still bleeding edge technology and that its going through some obvious growing pains…and I am sure it is going to get worst before it gets better… ”
I hate to be the negative voice here, but this is not “bleeding (sic?) edge technology”. Havoc 1 is about 3 versions out of date and massive multi-user societies are not new. I’ve heard this claim for almost 2 years.. so that claim is at least 2 years old. In the computer industry, that is a long time. I will be the first to admit that SL is somewhat unique in concept and design. But leading edge? Nah. The basic concepts and technology have been around a long time… long enough for it to have been implemented better than it has been.
It is good that LL is finally paying attention to security issues. What’s a shame is that it took them this long to do so, and that they’ve been hit so many times by the SAME method before finally deciding to put a stop to it. Other companies would have had a hole like “grey goo” patched two years ago… and in 24 hours flat. What’s almost humorous (if not so sad) is that LL’s solution to grey goo appears to be exactly the solution that I and other programmers recommended to them well over a year ago… but were told by both LL and groupie-trolls that such solutions were impractical and could not be implemented.
Someone above made a very valid comment regarding merchants are leaving SL by the droves. Others (like me) are simply losing all interest in expending additional money and energy in promoting LL or SL. For almost two years I’ve been a very enthusiastic SL user (sure I’ve stood toe-to-toe with LL a few times, but always with the best intrests of LL and SL at heart)… but now it’s to the point I just don’t give a rat’s hiney. It’s a shame that a system with such potential has been set up without user moderation or intervention by the host company, that it is so full of bugs, that its customer database was compromised and that thousands and thousands of dollars have been lost in a security leak that should have been stopped up long ago.
If LL always tried their best and was really interested in the welfare of its customers, people would back the company to the gills. But it’s hard to be sympathetic when LL has shown such a lack of sympathy for the needs and welfare of its customers. The constantly-altered TOS and self-serving company policies not only often ignore the good of its clients– but are actually against the good of its clients. So when something happens like the things mentioned all through this blog– how tolerant are customers likely to be? I would have to believe less tolerant with every additional security breach, with each messed up update, each excessive downtime.
When avid customers get to the point they’re ready to search for other forms of entertainment– or even leave SL out of sheer frustration and/or anger, it might be long overdue for the company to re-examine its core policies. If they don’t… they can be assured future competition will.
Even in my most critical moments I’ve always been pro-LL. After witnessing recent developments and LL attitudes… that’s a claim I can no longer honestly make.
October 17th, 2006 at 5:20 PM
[...] That said, I continue to root for the LL crew, and am pleased to see their membership numbers grow, and interesting tie-ins like the announcement that Duran Duran would be playing a 2L concert through their avatars. Yet its not hard to follow-up by saying that things are going poorly in Second Life right now. Very poorly. The external attacks which compromised user accounts last month has been followed by a series of (apparently unrelated) in-game denial of service attacks which are forcing LL to consider changing some of the basic game structure. This is one of those times when I reallllly hate being right. Security shouldn’t generally be the first thing you think about when you’re trying to bring great new features to market, but if you wait too long to think about it, you will suffer. And who, besides a furry, should ever have to suffer? « Phishing Attacks Targeted At Games On The Rise [...]
October 18th, 2006 at 7:55 PM
I had made a post in the SL forums explaining why unverified accounts should finally be axed. It’s right here:
http://forums.secondlife.com/showthread.php?p=1311561#post1311561
December 24th, 2006 at 9:36 AM
[...] As other people underlined, I would not play Second Life if I should pay for it. I wouldn’t even have joined in, if I should have put my personal information on the web – that’s dangerous for privacy. Also, it’s not actually even possible for people in many countries to obtain any of the payment methods that LL accepts. [...]
January 2nd, 2007 at 12:04 PM
Personnally, I signed up for SL recently. Shortly after, I bought some land and built a small house with some other various objects. Now there shoulden’t be a “trust” program, I suggest maybe a script monitoring program or just make a manditory update that, when you try to save a script, it must! be verified through the SL modirators or scanned. to save and compile a script its checked “from you guys at SL home”… I woulden’t mind and neither would any other true SL resident.
February 1st, 2007 at 11:16 PM
hi, i don’t know where post my comment, so i post here.
i have troubles with a person in SL, his name is “Maestro Polanski”, he threatened me and he chevy me, please could you do something to help me?
April 7th, 2007 at 9:20 PM
Rewally wonders if this is possible? And what doesnt this example stopping people that are on LLabs personal HATE list…..Or Lindens putting people that are inocent of dont anything wrong? This is not a answr but a example of waht is wrong with llabs.