| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (41)

Posted: Oct 21st 2009 2:22PM (Unverified) said

  • Half a heart
  • Report
Could we have a little sincerity and truth on this matter of encryption, please, and not pretend that people speaking foreign languages or fighting for freedom could be dinged by this.

That's the excuse I keep seeing the opensource extremists making on the forums, and it's fake.

Corporations that want to encrypt chat go behind a firewall. There are solutions for this now, they use them.

That's not what this email was directed at. This was directed at people on the main SL grid encrypting chat -- and also being associated with, or suspected of, or liable to commit criminal acts, most likely, otherwise it wouldn't have necessarily come to the attention of the Lab.

Given the RAMPANT criminality already involved in the third-party viewers, there's no stretch of the imagination here to see that encryption isn't for "corporate communications" but is more likely for illegal activity.

The people using encrypted chat are more likely to be motivated by the desire to conceal financial fraud or engage in illegal activities like child pornography than they are to use it for "corporate communications" -- if they are genuine corporations, they're not on the main grid, duh, they're on Nebraska.

That's why this entire discussion is so fake.

It's disconcerting that the platform provider has the ability to scan and save and exploit chat without any framework of law. I'm totally with you on that -- but you're a newcomer to this concern suddenly when it impacts your God-given right to indulge in any opensource extremism, and were Missing in Action when I would raise it as a human rights concern more generally.

It seems to me that the company has to retain the right to prevent crime just the way the U.S. government has to retain the right to prevent and pursue crime with national telephone and Internet systems. And that means there must be civil rights restrictions applied on this and judge's court orders sought and all the rest. The Lindens must have an analogy to that sort of protective regime. There can't be anarcho-techno-communistic extremes on this, saying that the partisans get to encrypt all their chat "just because they can".

No, there is no reason to hand the grid off to fraudsters and child predators in the name of human rights. You can protect civil rights but still have scanning when there is probable cause and with due process. And that means encryption should only be something done behind firewalls in agreements with LL for those specific corporate programs.

Posted: Oct 21st 2009 4:25PM (Unverified) said

  • 3 hearts
  • Report
To Prokofy: please stop conflating the abuse of encryption as the primary use of encryption. It seems to me that you're often apt to set off a series of hyperbolic statements that really don't seem to keep soundness in terms of the facts. Encryption is a good move in terms of LL as it also prevents people from lifting your password from your client if LL decides to include it in their system (not just chat). And trust me, in games like WoW encryption for certain accounts is worth it (they use a physical key mechanism that adds a layer of such encryption on the client login to prevent hackers from taking over an account).
Reply

Posted: Oct 21st 2009 4:17PM (Unverified) said

  • 3 hearts
  • Report
That's right Prok.. If a hammer can be used to bash your head in, hammers should be banned.

Anything can be, (and is being), used to commit some sort of crime somewhere in the world..virtual or real...right this minute. Balances must be set to protect not only from the crime, but from the enforcers of law. I can't believe you honestly feel that one instance of criminal behavior will be prevented by preventing encrypted IM's in SL I think you're just nosy. We are only talking about simple text being encrypted here..not trading porn pictures. I can certainly think of times when I would be happier if I felt LL were not reading what I thought of them at a given moment..^_^

Oh...and I have never heard the words "probable cause and due process" applied to any LL procedures before..but I suppose anything is possible....^_^

Posted: Oct 22nd 2009 10:14AM (Unverified) said

  • 2.5 hearts
  • Report
The part about encrypted chat is very odd; as Tateru says, there doesn't seem to be anything in the ToS forbidding it, unless it's some reallllllly liberal reading of 6.2, which basically says that the Lab can eavesdrop. Interpreting this as forbidding things that would prevent the Lab from eavesdropping would imho be a big stretch, though.

Business users do like the idea of encrypted chat. Not everything fits naturally behind the firewall. If I want to have a meeting with a potential customer in which I mostly show him public stuff, but might want to segue into more confidential negotiations if things go well, being able to do the demo in SL and go into encrypted IM for the confidential stuff might be very useful. Letting a customer inside the corporate firewall isn't something one does lightly. Corporates would also like encrypted voice for the same sort of reason. Beyond that going behind the firewall is probably the most natural thing, although there are some other interesting kinds of privacy that one might sometimes want to have while still being on the main Grid. I hope LL isn't going to unthinkingly forbid all of that...

Posted: Oct 22nd 2009 6:16AM (Unverified) said

  • Half a heart
  • Report
Number one, we're talking about Second Life here, and a highly criminalized opensource movement already marked by the wildest forms of griefing and content theft.

Number two, we're talking about *encryption of chat by third-party viewers* NOT of encryption in general by the platform provider, such as for passwords. Don't be ridiculous and move off topic to generalities that aren't invoked in this discussion on the forums whatosever.

There's no grounds whatsoever to accredit good will and lack of criminal intent to those with viewers that in fact are already rampantly involved in crime.

There's nothing hyperbolic about my statements here; they're based on documented field experience. Rather, the claims of this article are what are utopian, and your own non-credible defense of opensource intentions.

Posted: Oct 22nd 2009 6:30AM (Unverified) said

  • 2.5 hearts
  • Report
Prok-
Think, if someone wants to do something nefarious they do not need to talk about it. If you are using a copying tool you already know how to use, why do you need to communicate in SL about it?

I will play along for a moment and say they do though. "Oh, SL will not let us communicate privately? I guess we will use some outside tool that does then."

Meanwhile, customers are akin to noobs in some ways, they need to be treated with kid gloves. You want to make it easier for them, not harder. If they can hold a confidential conversation in the tool they are using at that moment they are more likely to stick around. If you tell them to do something else they might say "nah, I will go with another vendor".

I hope you are not on a jihad to ban all of emerald. If you are, a lot more people that did not already know you will be against you. Emerald is probably the most popular browser after the SL clients right now.
Reply

Posted: Oct 22nd 2009 6:30AM (Unverified) said

  • Half a heart
  • Report
These silly "hammer" people are showing up again.

In real life, you are now allowed to bash people over the head with a hammer. It's against the law. You don't have to ban hammers because you have the rule of law that makes it a crime to use a hammer to harm someone.

Not so hand-guns. Hand-guns *are* banned, especially in large crowded cities where they tend to accidently harm bystandards not even involved in a dispute. There it makes sense to ban the instrument for the crime as a form of harm reduction and mitigation of risk.

Everybody gets this in RL; nobody harangues the halls of Congress with screaming about liberating hand guns; even those "hand guns don't kill people; people kill people" recognize the need for LICENSING HAND GUNS and RESTRICTING THEIR USE.

Not so the opensource freaks who use the "hammer" and "hand-gun" analogies wilfully, obdurately and falsely over and over again, despite logic and common sense.

And here they go again, refusing to acknowledge that even gun advocates don't stop the LICENSING and RESTRICTION of handguns in RL. If hammers became a widespread weapon of choice for assault and murder, they'd be restricted, too.

In Second Life, it has been far too easy to come in and bash people over the head with third-party viewers. These are now being regulated because they are the vehicle for action against others.

Posted: Oct 22nd 2009 6:38AM (Unverified) said

  • 2.5 hearts
  • Report
None of the 2nd amendment people challenges registration/restriction? ROFLOL
Reply

Posted: Oct 22nd 2009 6:30AM (Unverified) said

  • Half a heart
  • Report
Dale's making up fake edgecases as usual.

Business people use Gmail and Googlechat and Twitter constantly, and don't demand the rigours of security and encryption that suddenly the script kiddies are demanding in SL. Fake.

Nobody demands to encrypt their phone calls when using AT&T; nobody demands constant use of PGB in normal business communications. Some people put disclaimers about interception, even.

LL indemnifies itself against third-party interception, but its right to eavesdrop does entail preventing the thwarting of that ability to eavesdrop.

Blanking granting of the right to encrypt chat utterly thwarts the ability of LL to manage the diverse and complex grid which is already the site of significant amounts of crime.

IF it persisted in allowing an encrypted part of the Internet, sooner or later, RL authorities will come calling to stop this.

Posted: Oct 22nd 2009 6:42AM (Unverified) said

  • 2 hearts
  • Report
"IF it persisted in allowing an encrypted part of the Internet, sooner or later, RL authorities will come calling to stop this."

Under what law?
Reply

Posted: Oct 22nd 2009 10:14AM (Unverified) said

  • 2 hearts
  • Report
These aren't fake edge cases, these are real edge cases that have come up in actual business uses of virtual worlds. Businesses do use Twitter and gmail all the time, but they do not use them for communications that require encryption-grade privacy. For that, they use channels that provide end-to-end encryption.

We know from experience that what happens when you forbid encryption on a channel is:

() you may catch a few additional clueless criminals

() the non-clueless criminals either encrypt anyway, or switch to a different channel, and

() your staff abuses their access to the unencrypted traffic to stalk ex-spouses, steal private information, and so on.

"IF it persisted in allowing an encrypted part of the Internet, sooner or later, RL authorities will come calling to stop this."

No. Encryption is used all over the Internet, in email and IM and IP phones and general file and data transmission. Various RL authorities wish it were not true, and have made some small attempts to (for instance) get backdoors into some of the more popular encryption schemes, but that's as far as it goes. The "encrypted part of the Internet" is the whole thing: any channel can carry encrypted traffic if the people at the endpoints want it to.
Reply

Posted: Oct 22nd 2009 6:33AM (Unverified) said

  • Half a heart
  • Report
Kara, people who don't want to have their chat bugged by the Lindens go on Skype. Duh?

Encrypting chat on SL means thwarting the ability of the Lindens to prevent and prosecute crime on the grid. I'm not for doing that. There is far too much crime. This would give a pass to many criminals.

I won't have to be on a jihad to ban Emerald : )

Emerald itself will not comply with this Lindens' new requests, and discredit itself.

Then the fakery around its "masses of supporters" will be revealed as false.

I don't buy that Emerald is "the most popular". What I see is a lot of hype, lying, and thuggery to discourage critics.

Posted: Oct 22nd 2009 6:45AM (Unverified) said

  • 3 hearts
  • Report
"I don't buy that Emerald is "the most popular". What I see is a lot of hype, lying, and thuggery to discourage critics."

Emerald has a feature to show who is using what client around you. Walk around the grid and you will be surprised at how many other emerald users are there.
Reply

Posted: Oct 22nd 2009 7:33AM (Unverified) said

  • 3 hearts
  • Report
BTW, Emerald is not just popular for encrypted communications (hard as it is for you to believe, I do not use the feature) but it is certainly one of them amongst people that have been asking for it. Some of the reasons you will hear if you ask people though:

* a lot of guys will answer with 2 words "breast physics"
* umm, I am getting about a high fps right now with a store near me?
* more attachment pts/clothing layers
* ability to run a script outside of the SL servers (why add to lag?)
* area search for an item (useful to find things on your land)
* a 'worn items' tab
* IRC integration
* ability to use 'always fly' (yes, I know how to do it with the official client, but is not a sticky option)
* clothing layer protection (why would ppl build that n if they were pro-copying?)
* cryolife detection (ditto)
* default object size/properties for building

A lot of other features too, but basically the emerald developers give users what we have been asking for, fix bugs fast, and give us new toys we had never even DREAMED of asking LL for.
Reply

Posted: Oct 22nd 2009 5:20PM (Unverified) said

  • 2.5 hearts
  • Report
almost forgot: client. side. AO. (less lag AND frees an attachment point)
Reply

Posted: Oct 22nd 2009 7:57AM (Unverified) said

  • Half a heart
  • Report
>I hope you are not on a jihad to ban all of emerald. If you are, a lot more people that did not already know you will be against you. Emerald is probably the most popular browser after the SL clients right now.

BTW, I love how the thuggery keeps spawning and growing and growing. but that's all good because it discredits this illegitimate enterprise.

If I criticize Emerald, people are going to "get me".

They will be "against me". Like some tribal warfare.

Very indicative of the mindset around these thugs.

Posted: Oct 22nd 2009 8:43AM (Unverified) said

  • 2.5 hearts
  • Report
Prokofy most of the things you talk of you don't even fully understand.. I use Emerald and it is a very good viewer that complies with the TOS fully. You are very attention seeking and I wish not to read any more of your senseless attacking thuggery drivel... No more discrediting this legitimate enterprise.

Posted: Oct 22nd 2009 10:21AM (Unverified) said

  • 2.5 hearts
  • Report
The encrypted-IM part (which I hope will quietly be removed from the criteria) aside, though, I think it's a very good thing that the Lab is publishing requirements for third-party viewers. In the JIRA discussion about whether or not it's possible to ban certain viewers, I said that the most important thing the Lab can do is say what things a viewer should and shouldn't allow, and communicate that message clearly. They can't do a 100% job of keeping people from logging in with a naughty viewer, but they can do a very good job of making it hard to produce and publicize one.

Really the only thing I can think of that a viewer should definitely not do is allow saving copies of stuff that the viewer has to have to do its job, but the perms don't permit you to otherwise copy. Anything else "malicious" that a viewer can do should be made impossible at the server side. I can think of a few fuzzy cases (griefing tools built into the viewer that ran right along the edge of what it's feasible to prevent server-side, say), but in general security should be server-side wherever possible. (When was the last time you saw a website that tried to control which browser you use to access it?0

Posted: Oct 22nd 2009 10:44AM (Unverified) said

  • Half a heart
  • Report
Um, businesses using Twitter can't expect that the main open Twitter available to the public is going to provide encryption services for them, that's ridiculous. They don't expect that from Facebook or any other service. They'd have to get a behind-the-firewall solution customized for that special need.

By the same token, they can't expect Linden Lab to supply encryption capacities for them, either, nor to refrain from punishing those who put this in against their policies, because they need to manage the grid. Public interest and their need to manage the grid properly does trump your rapacious business needs, sorry.

And in fact most grown-up businesses understand that. You don't see any official representative of IBM or Dell or Sony coming here and demanding that Linden Lab supply them instantly with encryption rights on the main grid.

It's only extremists and idealists who are speaking -- as they tell us -- in their personal capacity with these demands. They have no actual official business backing.

>Businesses do use Twitter and gmail all the time, but they do not use them for communications that require encryption-grade privacy. For that, they use channels that provide end-to-end encryption.

By saying this, you've in fact handily proved my point that in fact they don't use these public platforms with any expectation for encryption, thereby justifying what I just said. Duh.

As for needing to lecture me about encryption, no, once again, read what I said. This discussion about encryption isn't a generic discussion about encryption, in which you arrogantly and snottily get to indulge in your knowier-than-thou statements about encryption around the Internet -- about which I happen to know, and know likely more than the average person.

What I'm talking about is the subject of the Linden blog, which has THIS CONTEXT:

o third-party viewers, already associated with criminal acts
o Lindens finally getting up and saying "no" because encryption is being used by third-party viewers *already associated with griefing and copyright theft*. Hello!

Knock it off, Dale. You merely show up at every thread where I appear in order to engage in trolling and harassment, your game was exposed years ago.

Posted: Oct 24th 2009 3:07PM (Unverified) said

  • 2 hearts
  • Report
There are a LOT of twitter clients out there. Are you saying one of them would be banned if it sent a tweet that was encrypted? Third party clients (be it for SL, twitter, or IRC) are not asking the SERVER for the service, it is being done on their end. Data is data to the server.
Reply

Featured Stories

Perfect Ten: My World of Warcraft launch memories

Posted on Oct 25th 2014 12:00PM

WRUP: WildStar's sadface

Posted on Oct 25th 2014 10:00AM

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW