Friday, July 16, 2010

Copybot... Users going too far to defeat it

Warning:as with previous post, more bad grammar ahead.

This post isn't going to be about zf redzone as I think I covered it pretty well in my previous post, but really those who have their content copy botted, really should see my links to the IC3(FBI) and the FTC in my previous article, and should learn how to file a DMCA complaint with Linden Labs, while they don't give prompt action, it don't make you just as guilty as the person that is illegally copying and republishing your content with the permissions released.

A while back I was in a group chat with a group known as "Avatar Maker's Guild", and a user known as "KK Mode" said he had the solution to copybot, a Prim tool known to crash copybot clients. While it has the right objective in mind, to disrupt copybot viewers export capability, it is severely misguided, however I must tout while I do not endorse the solution it is a hell of a lot less corrupt on spying on people, reason I don't endorse the solution? it crashes copybot and the standard viewer all the same.

KK Mode when initiating the group chat said he had something you could link to your creations that would disrupt the export process of a copybot viewer and crash it, and was handing them out free, he then said he was giving out this tool for free for anyone to make use of and to protect their content with, I of course inquired about this tool in a private IM with him as not to spam the group chat, he said this object is set to an invalid material type and would crash any viewer acquiring the information on that specific prim since its not going to be the root prim and that makes it safe for use, I asked what about editing linked parts and he stated it was safe for people that edited their avatars cause there was no way to select it, and it was more than just invisible, I asked him if he would send me one and he did so, I then asked you know there are some people that modify their avatars and may unlink them to do stuff like remove the ears to mod the ears for ear twitch features, and gave him a number of possibilities about how this could disrupt service for a normal user and isn't exactly a safe tool, his response over my concern? he got his nasty attitude on about a lot of the concerns as I stated it could take linden labs a long time to fix something like this, and that it may only take a copybot creator a week to discover why its crashing their viewer, and less than an hour to patch such an issue do you really want to put something like this out there? and this lead to a full blown argument, if not for ToS section 8.3 which I uphold and preach in my previous post, community standards and other issues, I would post the chat log right here. but I cant, All I can do is talk about it as im not allowed to make a direct copy of the text, but anyhow, the conversation eventually lead to him saying something to the tune of, Modding your avatar is like modding your PC's hard drive by putting a screw driver through it and complaining to the manufacturer it don't work(ironically I later vented with my Secondlife sister Mira and which stated she was as yiff lounge and standing right next to him, and went on to describe that he had a Kani avatar with the all too common fox modification where as you add an aventity fox nose to the Prims in the Kani) , I muted him for being an idiot and filed an abuse report with Linden Labs describing the malware content as it also violates ToS 8.3 like redzone, just the section that says you shall not impede normal function of the viewer(in the AR I said I would hold onto the content up until a certain date for their investigation but would delete it after a certain date as I dont like to hold onto dangerous content):

from: http://secondlife.com/corporate/tos.php

"8.3 You agree that you will not post or transmit Content or code that may be harmful, impede other users' functionality, invade other users' privacy, or surreptitiously or negatively impact any system or network."

impeding functionality right there with that tool. I would like to see copybot defeated just as much as any other creator, I have my own business there which copybot negatively impacts, in the case of This and redzone, the ends do not justify the means, as both are harmful to the general userbase more so than just copybot users.

anyhow with this said both methods to defeating copybot are both crossing the line, and are easily defeated by copybot users, the method described above can be defeated with a minor recode of copybot to ignore that information field, or just simply not lookup the names for the addressed invalid material types, or just simply a Hex editor that locks all addresses defining prim types under that variable to Wood or a material of choice, redzone can be defeated as with any content someone would want to steal, its generally virally spread across the grid, all you need to do is find it in a location where its not protected by redzone, or simply turn off media.

If you are thinking of Implementing either method of to protect your content, as ive heard some user say, copybot users generally aren't too bright in coding their viewers, its just simply modifications to circumvent the permission system and oftentimes they circumvent the UUID system so they don't have to pay to re-upload textures from content their stealing which can give away who was the original creator with lesser known creators who have content stolen from them, however no doubt their bright enough to figure out a scanning system and stay clear of it(just as normal and copybot user would want to do alike) with this said, the method that does more to protect your stolen content is KK Modes method and Not zfire xues method, reviewing the method which he uses the excuse his associates or alts make, I think zfire xue just simply uses copybot in mind as an excuse to do what hes doing, while I do honestly think KK Mode created his method in an honest attempt to defeat copybot, However, I do think KK mode needs to reconsider his methods due to lack of situational consideration(as with said him using a modded avatar he didn't even consider his own situation in this), so in saying this, his method sticks with your content, redzone does not, kk mode while both methods violate the ToS, is not only the lesser criminal in this situation, but is also the greater defender while I do not endorse the method of either and strongly oppose both methods, my opposition to redzone is much greater,if your going to do something in violation of the ToS kk modes method does not come with a legal violation as well unlike redzone(or at least I haven't found any laws that outlaw it at this point), I condemn both methods, but I stress, if your going to put them to use, use KK Modes method, it does much more to protect your content, and a minor viewer crash is a lot less damaging to an individual than a major Privacy violation and is more likely to prevent your content from becoming copybotted.

Please people, lets come up with a means to defeat this copybot system that does not violate the Lindens ToS, that is both Legal and Ethical.

If I worked for Linden Labs and developed their software I would probably create some software that works from the background and verifies that you are using a Linden Approved viewer, much like punkbuster, and verifies that the viewer, is running in an unmodified state, and that no unapproved applications outside the viewer were reading from it, that held a definition list much like an anti-virus to contain known viewers the background software would also acquire checksums on applications reading from the viewer, and verify those are running in an unmodified state if their known to the lindens, and submits checksums and definitions to the Lindens to identify unknown apps reading information and variables and so that these unknown applications can be disallowed, all viewers that don't verify properly are automatically and immediately disconnected, and also all viewers can have a closed source program that reads from them, collects various unspecified data used to verify whether the viewer is not and engages in encrypted communication with Linden servers whereas a new encryption system can be setup, of course this closed source program should be distributable and contain an API for working with so those who wish to make third party viewers can do so., of course no personally identifiable information of course. Hell even one of the third party viewer writers could start developement on this, submit their code to Linden Lab, and push in the Jira to get it Implemented in the regular viewer. the Only problem with this method suggested here? it takes time to do. but still no doubt it will be a goal completely worth working towards. also while absolutely disgusted with the technology behind it because it's a system that companies pay into to have their software developed and cause it can do what this background application I suggested would do quite readily without the need for additional software, there is always *shudders in disgust with it cause its really quite harmful to Open source and all that is good in computing*.... ... ... The disgusting evil, of coding your software, to work with the evils of the TPM(Trusted Platform Module) for those of you that dont know what this is, Its a hardware based system that enforces Copyright of software and other materials and verifies their running in a correct state, and can defeat viruses through the system, simply Its a chip on your motherboard that monitors your systems memory and watches over things when enabled, software can be compiled to only work if its present and enabled and it overviews a database of software(((which companies must pay to make an entry in which is harmful for opensource due to limited funding of some opensource projects and also harmful because a company can dispute the state of another program with it and close down another competing and free project that competes with a commercial project so you can see why I'm so disgusted with it as its a system of who registers first, totally backed by money, its also partially backed by Microsoft the leader in poorly designed operating systems that funded SCO's illegitimate lawsuit Where as some code contributed by SCO to the linux Kernal was claimed to be stolen but beside the point of this article, it just goes to show why im disgusted with TPM, but its nonetheless an option available to LL to defeat copybot))), this chip simply put can make sure your running a Linden Approved third party viewer or the Linden viewer itself, and can automatically close and shutdown unapproved viewers. as it Runs and performs its Operation at the hardware level, utilizes network to verify and discontinues failed verifications and runs over the OS level, a simple copybot user, would find such hardware extremely tough to defeat as it runs over a level which they have control of. Im against TPM though and think copybot could be controlled with the previous software method, and I have another reason I disagree with TPM, it would take a lot of users to upgrade to modern hardware that supports it in order to implement it so would require all secondlife users to use hardware that supports it, thus putting a lot of users out of luck. Simply Put, a piece of extra software that's freely downloadable and closed source that implements a verification system that's encrypted and simply verifies your client is in the state its supposed to be in and communicates with the Linden servers via encrypted means to keep its responses only predictable by Linden Servers, would be the best solution, if a response is invalid the user simply is disconnected by the Linden servers, this would probably even make it impossible to finish connecting if you were going to bot, while there are means of even defeating this method their method, it would force copybotters to do some work to achieve these means, thus then making them a lot more rare. which also in turns makes Linden Enforcement on DMCA issues more responsive, this can be defeated. but, everyone's going the wrong way, if your a talented programmer. Don't make spyware or malware, make a viewer and submit it to the Lindens, It could get implemented in their viewer and improve the experience for everyone without harming it and become a requirement of the system some day. All at the same, defeating copybot for the most part.

No comments:

Post a Comment