Jump to content

Ingame browser

CO19

By CO19,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 4413 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

CO19

CO19

Posted
Posted

If I started a website external from sl and somebody was browsing my website from within sl using the ingame browser.

Would it be it possible to find information about the avatar browsing, for example: their name?

Thanks,

:D

Link to comment
Share on other sites
Darkie Minotaur

Darkie Minotaur

Posted
Posted

If it were, it would be against the ToS. 

And as far as the browsers and the browser information is concerned, it's not really true that you can detect which browser is using - all you can see is what browser information people decide (intentionally or not) to have sent to the webserver. Many rowsers even let you set that.

Link to comment
Share on other sites
CO19

CO19

Posted
  • Author
Posted

Thanks for your reply.
I am starting a sl fansite where each account on the fansite has a corresponding account on sl.
The issue here is that anybody could register an account on my fansite and claim to be a certain person in sl, so I need a way of verifying each avatar that signs up to my fansite.

I was hoping to use the ingame browser for account creation, so when a resident wants to join my fansite, they do so from within sl. And their account name (and maybe some other information) is automatically detected for them.

If it is not possible to get the information this way could you think of any other way I could verifng each avatars identity?

 Once again, thanks for your reply; I certainly wouldnt want to break the ToS.

Link to comment
Share on other sites
Darkie Minotaur

Darkie Minotaur

Posted
Posted

There are several ways. One way would be that you do the actual signing up in SL through a 'terminal' using the http features of LSL you could do the signing up in SL.

Another way would be, that they sign up on your website, but have to verify their identity inworld. 

And I'm sure other will come up with even better ideas.

 

ETA

If on sign up on the website people would be required to leave their key, you could at least check whether that's a valid key or not

Link to comment
Share on other sites
PeterCanessa Oh

PeterCanessa Oh

Posted
Posted

When someone touches something you know their avatar's name and UUID.  At that time tell them a random temporary password.  Send the name, UUID and temporary password to your web site.

Your web site creates the account with the temporary password.  When the person logs in first time they use this password and are immediately directed to the change-password screen.

Link to comment
Share on other sites
Darkie Minotaur

Darkie Minotaur

Posted
Posted

You can make it all fully automatic and pretty fast. - You could e.g. it this way:

  1. user registers on your website
  2. at the end of the registration, you give the user a SLURL to go to
  3. at this inworld location, there is a terminal, which the user touches and types in their username or a code they hve gotten at the end of the web-registration - the terminal sends that information straight to your website - user is verified 
Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted

outtaspace wrote:

Darkie, why do you say it would be against TOS to collect username on an external website?

I think Darkie is referring to the notorious IP snooping violations a little over a year ago that resulted in a widely publicized banning of RedZone and the guy responsible --- or maybe to the equally notorious case of the Emerald viewer, which was banned a year before that.  The relevant portion of the Community Standards (referenced un the TOS) says "Residents are entitled to a reasonable level of privacy with regard to their Second Life experience. Sharing personal information about your fellow Residents without their consent -- including gender, religion, age, marital status, race, sexual preference, alternate account names, and real-world location beyond what is provided by them in their Resident profile -- is not allowed."  It's one thing to ask people to sign up for membership in a group and ask them to give information voluntarily.  It's something entirely different to scrape it from their login without their knowledge.  I'm NOT saying that's what the OP is doing.  I'm just answering your question about where the pitfalls may lie.

Link to comment
Share on other sites
Darkie Minotaur

Darkie Minotaur

Posted
Posted

Thank you for answering that for me - it's exactely what I had in mind - the havok that RedZone caused.

Now, after the OP stated hisor her intentions, the ways Peter and I suggested certainly do not offend against the ToS - the users can freely decide to give the information or not.

Link to comment
Share on other sites
Rival Destiny

Rival Destiny

Posted
Posted

I think there are 2 different questions here.  One is against TOS the other isn't.

The first one, grabbing an sl users name via internal browser to an external website without their knowledge - against TOS.

 

CO19 wrote:

If I started a website external from sl and somebody was browsing my website from within sl using the ingame browser.

Would it be it possible to find information about the avatar browsing, for example: their name?

Thanks,

:D


The second, which is totally different inquiry than the first, Avatars knowingly registering for a website. 

CO19 wrote:

If I started a website external from sl and somebody was browsing my website from within sl using the ingame browser.

Would it be it possible to find information about the avatar browsing, for example: their name?

Thanks,

:D

 

 

Link to comment
Share on other sites
outtaspace

outtaspace

Posted
Posted

i ask because i am building a HUD that will automatically create an account for the extneral website and to backup the HUD data in a DB. To access the website i was going to create an auto-login which passes their username and password direct to the login.

All i could find on this was in the privacy policy..

Further, you agree and understand that Linden Lab does not control and is not responsible for information, privacy or security practices concerning data that you provide to, or that may otherwise be collected by, Second Life users other than Linden Lab.  For instance, some services operated by Second Life users may provide content that is accessed through and located on third party (non-Linden Lab) servers that may log IP addresses.

Link to comment
Share on other sites
Darkie Minotaur

Darkie Minotaur

Posted
Posted

Let people know that you are passing their data to an outworld server and store it there - then you should be safe.

Logging IPs is something very different from logging names - and the more so, if you don't tell people that you are doing it. An IP is not very easily traced to a person. In the country I life in, at least, it requires a court's decision to get the name of a person that used a certain IP address at a given time.

Link to comment
Share on other sites
Rolig Loon

Rolig Loon

Posted
Posted

@ outtaspace: Yeah, that section of the TOS you quoted is just LL's own indemnification clause.  All it's saying is that THEY are not responsible if someone else violates your privacy.  It's not saying that they give other people the right to do it.

The thing that got RedZone and Emerald in big time trouble was connecting bits of information (avatar name and IP address -- and thus, potentially, RL identity) and making it public.  That's a violation of the bit that I quoted earlier, so that's what you have to watch out for.  Personally, I value my own privacy so highly that I am very cautious about asking anyone else about theirs, so I avoid even coming close to that line.  I don't ask who anyone I meet in SL might be in RL, and I don't care.  But that's just me. 

Again, though, I think that asking people to register voluntarily to participate in a service is fine, so the direction that Darkie and others are suggesting here ought to be no problem.

Link to comment
Share on other sites
outtaspace

outtaspace

Posted
Posted

Thanks for all your responses..

ok so if i put in a dialog saying 'You must have an account on our website to be able to play, your SL username will be stored in our DB' then accept or deny buttons.. that will give them the option

Do you think this is ok?

Link to comment
Share on other sites
PeterCanessa Oh

PeterCanessa Oh

Posted
Posted

Don't check IPs are unique, it's just too unreliable.  There are many students, for instance, who log-in through their college's connections and all appear to have the same IP (false positives).  This is why so many people have been wrongly-banned from sims, events and even SL.  You certainly don't want to bother storing IPs.  Not only is it against the TOS but many people will be given a new address by their ISP every time they start their router/modem anyway so appear to not be genuine (false negatives).

Before you ask - no, there is no reliable way to check.  You might want to try cookies.  At least then you can be fairly sure not to get false positives, although there isn't much you can do to avoid false negatives.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 4413 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...