Will I ever Get those Lindens Back??

[Arielle Simondsen]

well, it took almost 5 years but I got spammed, badly.  

I went over to  a shop I run that is next to a sandbox...

well there is always stuff there from people working on things and there were some cute skins/shapes and they were 19L and I thought I would get one cause I keep my eyes out for shapes and stuff for modeling that arent expensive.... well I am a stupid naive INFP. who is furious right now and just wants to cry.

 

I brought it home and rezzed it to try it and when I right clicked on it to open it, it suddenly started taking lindens and taking and taking til I had nothing left, and then it disappeared.

 

I reported them of course but I doubt I will ever get my lindens back. I cant see Linden giving it back to me. In retrospect I can see how stupid it was but at the moment I just thought someone had been creating and the avatars were cute and yeah I am extra stupid and extra extra mad at myself and upset. Why do I always think just because I would never screw anyone over that everyone else is like that too????  Why do I think that everyone in sl tries to make an honest and fair living????  omg I am really an idiot.

 

anyway, does anyone know if there is a chance to get my money back?  or is this just a really expensive lesson learned??  I am so mad at myself right now.  

[Miserlie]

Aww im so sorry dear. I know how hard people work for money sometimes. You most likely won't get them back at all. Unless the creator which i doubt actually made a mistake and refunds you. At least you learnt a lesson. Im sure you will get more lindens and you will forget about the ones you lost but remember the story. Never buy something inworld that isn't from a shop that you can actually teleport to and the owner at least has a group or some type of contact. And sometimes being a cheapstake can cost more than you actually atteneded it to.

[Drake1 Nightfire]

---

Arielle Simondsen wrote:

well, it took almost 5 years but I got spammed, badly.  

I went over to  a shop I run that is next to a sandbox...

well there is always stuff there from people working on things and there were some cute skins/shapes and they were 19L and I thought I would get one cause I keep my eyes out for shapes and stuff for modeling that arent expensive.... well I am a stupid naive INFP. who is furious right now and just wants to cry.

 

I brought it home and rezzed it to try it and when I right clicked on it to open it, it suddenly started taking lindens and taking and taking til I had nothing left, and then it disappeared.

 

I reported them of course but I doubt I will ever get my lindens back. I cant see Linden giving it back to me. In retrospect I can see how stupid it was but at the moment I just thought someone had been creating and the avatars were cute and yeah I am extra stupid and extra extra mad at myself and upset. Why do I always think just because I would never screw anyone over that everyone else is like that too????  Why do I think that everyone in sl tries to make an honest and fair living????  omg I am really an idiot.

 

anyway, does anyone know if there is a chance to get my money back?  or is this just a really expensive lesson learned??  I am so mad at myself right now.  

---

you have to give it permissions to take money from you... LL has always said not to allow things to take money from you unless you know the creator.

 

[Arielle Simondsen]

when I right clicked to open that came up and clicked without me intending to, it happened so fast!  and I am usually the most suspicious person!  HUGE lesson learned, the hard way.  thanks for the responses.

[Amethyst Jetaime]

IF your reported it fast enough and gave enough information and

IF LL acts quickly to track what happened and who ended up with the money (it could have passed to another avatar or two after it took it from you)

AND IF they have not cashed it out already

YOU MAY get it back, I've seen it happen

BUT don't count on it.

 

[Arielle Simondsen]

yeah I'm not holding my breath.  I did report it like a minute or two after it happened, but idk.  Thanks though!

[161488303349]

cant add much to what everyone else already said about what happened. you know already and you done the right thing by report it. so fingers crossed and hope maybe will work out ok

+

what happened tho is one of those things I always wonder about. the permissions

ok get a big warning yellow dialog. but

how come a onetime click grants the script permission to do multiple transactions and empty your account

seems to me that this is so wrong in all kinds of ways. from both design and security pov

like if click then it should only be able to do one transaction. if the script wants to do another transaction then must ask for permission again via yellow dialog

is nuts to me that this not the default/only behavior

is no use case in which a SL inworld shopper/buyer would ever have a need to grant permissions for multiple transactions to anything or anyone with a single click permission

+

there is a use case. but it have nothing to do with buyers at all. the use case for single click permission is when I want to pay multiple amounts to multiple other people as part of some promotion or giveaway. I am the owner of the object in this case

 

  

[Sassy Romano]

---

16 wrote:

ok get a big warning yellow dialog. but

how come a onetime click grants the script permission to do multiple transactions and empty your account

seems to me that this is so wrong in all kinds of ways. from both design and security pov

like if click then it should only be able to do one transaction. if the script wants to do another transaction then must ask for permission again via yellow dialog

is nuts to me that this not the default/only behavior

is no use case in which a SL inworld shopper/buyer would ever have a need to grant permissions for multiple transactions to anything or anyone with a single click permission

 

  

---

Because one such use case is every single affiliate vendor out there.  If permissions had to be granted per L$ event, then if you had one of my affiliate vendors and you weren't logged in and at your sim able to give permissions to the vendor, your customer would not be able to purchase the item.

However, that's not to say that there shouldn't be an ability to set a L$ threshold per day.  That's exactly what we do with our vendors that auto refund duplicate purchases.  Just in case something went wrong, someone constantly bashing away attempting to buy the same thing over and over gets refunded but there's a daily cap where after this the behaviour halts and asks them to contact us.

It is what it is today for L$ transactions but that's not to say that it couldn't be beefed up with "Grant permission:-"  Always/Daily Cap/One time.

Genuine creators would have no problem using the options responsibly.

Anyway, forget it, it won't happen.  LL write this off as a user error.

[161488303349]

yes ok. can see what you saying

just so i can know what i am talking about next time this comes up. I got some questions (:

but first I just say that i only know a little bit about commission vendors like you have/use. I try explain my understanding. an be free to jump on me if i understand it wrong (:

+

ok then. say

i make stuff and i want to allow shopkeepers/retailers to sell my stuff in their shop on a markup basis. i am the wholesaler

i want to make a vendor object that the retailer can put in their shop. i will manage the vendor for them. bc

- i want to be able to change out the stuff so it remain fresh content

- i want to avoid the hassle/problems of copy+trans perms that come with giving stuff to them direct

- i want to get paid directly when a sale is made. and so do the shopkeeper. like we each get our piece and not have any wait til the end of the month and hope

so something nice and easy for every one. the wholesaler. the shopkeeper and the customers. with all the sec and stuff like that

+

so i make a vendor with a money script in it and i make a web update thingy to refresh the vendor content periodic. change prices etc

when a customer of the shopkeeper/retailer click the vendor/object then it ask them to pay the amount. they do and get the stuff. so all good

for this to work then the money script needs to manage a money account. so need a one time permission grant for the reason you mention to manage the account. or it not going to work at all in any kinda practical solution. like you say

if is payment splitting then the customer payment has to go into an account and then some amount is auto withdrawn/debit and paid into another account. my account as the wholesaler. and their account as the retailer. in one order or other

+

the questions part

if the onetime permission request to manage an account was restricted to owner of the object containing the money script then how would that affect your vendor and others made the same way?

what i am not sure about is who is the owner of the vendor object in the shop at this time? the wholesaler or the retailer. but do it matter?

if the shopkeeper owns the vendor/object but the script is operated thru my wholesaler http control of it then it would be ok this?

like owner-only can grant a script a one time permission to manage their own account. non-owner have to approve each debit permission request

like would it matter then whose account the customer payment goes into initially?

 

[Drake1 Nightfire]

LL doesnt care even if its not user error.. I bought a bundle off the MP to give as a rezzday gift. $8000L for a rare breedable horse bundle. What did i get? an empty box. I reported it and filed a ticket on the MP.. i was told that it is a resident to resident dispute and they would do nothing about it. I even ARed the person for fraud. the next day their shop was empty.  Lesson learned, do not buy limited quantity things on the MP.

[Arielle Simondsen]

Drake, thats really awful.  I have lost money on market too, mainly from buying things that ended up not working as described and then not getting responses from the seller.  I sell some breedable bundles, I'm sorry you got ripped off that way.  a couple of months ago someone was on there selling vendors that basically do what the one I ran into in world do to me, you rez, click and all your money goes poof and you are powerless to stop it.  Oddly enough I singlehandedly managed to get that guy off market and hopefully not too many people got scammed.  funny then that it should happen to me in world with someone else.  I wonder if its some sort of reverse karma.  lol  do a good deed and then get screwed yourself.

 

oh well.  and yeah it was just one click and that box came up, acted as if I had clicked it and took everything I had.  I've had a couple of small sales so am not at 0 anymore, but still.  I am not a rich seller in sl, just make enough and sometimes not even that to pay my rent and feed the handful of horses I have, so yeah it sucks to lose the money I made on items I worked hard to create and wait for them to sell, and my stuff is all pretty low priced, so that people can afford it (clothes, privacy screens and horse bundles mostly)... I try to be nice in rl and I try to be nice in sl, and I'm very protective of people getting screwed in either place and then it happens to me.  ha ha!!!  well, I havent got my lindens back so they are gone, just hope to make enough sales in time to make up for what I lost.

[Qie Niangao]

---

if the onetime permission request to manage an account was restricted to owner of the object containing the money script then how would that affect your vendor and others made the same way?

what i am not sure about is who is the owner of the vendor object in the shop at this time? the wholesaler or the retailer. but do it matter?

if the shopkeeper owns the vendor/object but the script is operated thru my wholesaler http control of it then it would be ok this?

like owner-only can grant a script a one time permission to manage their own account. non-owner have to approve each debit permission request

like would it matter then whose account the customer payment goes into initially?

 

---

As it works now, only the object owner can grant PERMISSION_DEBIT, money is always in some individual resident account, and money paid to an object always goes immediately to the owner of the object. An affiliate vendor script is (conventionally) owned by the retail shopkeeper and distributes the wholesaler's share using llGiveMoney (old-school, but still common) or llTransferLindenDollars.

The alternative would be for the shopkeeper to permit the wholesaler to rez their own vendors in the shop so the money first goes to the wholesaler's account. This requires the shopkeeper to trust the wholesaler's script to split as promised*, and the wholesaler has to invest the effort of rezzing the vendor at the shopkeeper's site, knowing that the shopkeeper may return it from their land at any time. Usually, shopkeepers instead just rent out market stalls, but I see advantages to splitting proceeds instead of transacting rent. I wonder why it's not more common.

*In fact, in the usual case of shopkeeper-owned affiliate vendors, the shopkeeper must trust the wholesaler's black box vending script to split as promised -- and moreover, must trust it not to instead siphon off the shopkeeper's entire L$ balance. This is why one should always use an impoverished alt as the owner of affiliate vendors, and have a script that periodically transfers all that alt's L$s to a "banker" account for safekeeping. (This reveals a well-known trick by which a shopkeeper alt can stiff the wholesaler, although there are ways for the affiliate vendor script to minimize this risk.)

[Arielle Simondsen]

The object I bought did *not* say it was a vendor, it looked just like a regular boxed object to me.  I rezzed it and right clicked to open and the permissions thing came right up as I clicked and that was it, I could have blinked and missed it it happened so fast.   Thats a scary thing, not knowing something is a vendor until you click and then you are just stuck at that point.

[161488303349]

---

Qie Niangao wrote:

---

if the onetime permission request to manage an account was restricted to owner of the object containing the money script then how would that affect your vendor and others made the same way?

what i am not sure about is who is the owner of the vendor object in the shop at this time? the wholesaler or the retailer. but do it matter?

if the shopkeeper owns the vendor/object but the script is operated thru my wholesaler http control of it then it would be ok this?

like owner-only can grant a script a one time permission to manage their own account. non-owner have to approve each debit permission request

like would it matter then whose account the customer payment goes into initially?

 

---

As it works now, only the object owner can grant PERMISSION_DEBIT, money is

always

in some individual resident account, and money paid to an object always goes immediately to the owner of the object. An affiliate vendor script is (conventionally) owned by the retail shopkeeper and distributes the wholesaler's share using llGiveMoney (old-school, but still common) or llTransferLindenDollars.

The alternative would be for the shopkeeper to permit the wholesaler to rez their own vendors in the shop so the money first goes to the wholesaler's account. This requires the shopkeeper to trust the wholesaler's script to split as promised*, and the wholesaler has to invest the effort of rezzing the vendor at the shopkeeper's site, knowing that the shopkeeper may return it from their land at any time. Usually, shopkeepers instead just rent out market stalls, but I see advantages to splitting proceeds instead of transacting rent. I wonder why it's not more common.

*In fact, in the usual case of shopkeeper-owned affiliate vendors, the shopkeeper must trust the wholesaler's black box vending script to split as promised -- and moreover, must trust it not to instead siphon off the shopkeeper's entire L$ balance. This is why one should always use an impoverished alt as the owner of affiliate vendors, and have a script that periodically transfers all that alt's L$s to a "banker" account for safekeeping. (This reveals a well-known trick by which a shopkeeper alt can stiff the wholesaler, although there are ways for the affiliate vendor script to minimize this risk.)

---

thanks (:  makes things way more clear for me now. i get a bit confused when i read the OP

so what happens is.

person finds this vendor inworld. it say buy this stuff for this much money (or free even). so do that and get a box. person now owner of a box. the manage your money account script inside this box. not in the inworld vendor

so rez the box. like you do to open it

then the script in the box says need debit permissions. and bc is their box (like they now the owner) then system allows onetime grant permission to manage their own money account

+

where i get confused was i read OP as: they click this inworld vendor and it take all their money. i not understand how you can click a inworld vendor as a customer and it can take all your money

so wasn't another person-owned scripted vendor that take the money. was another scripted vendor inside the shop vendor which was given. which now belongs to you. so from design pov it didn't take/steal the money. it distributed/gave money

+

is still pretty sucky that can get scammed this way. but can see now how from design pov it is as securely designed/implemented as best it can be

 

 

 

[Perrie Juran]

---

16 wrote:

---

Qie Niangao wrote:

---

if the onetime permission request to manage an account was restricted to owner of the object containing the money script then how would that affect your vendor and others made the same way?

what i am not sure about is who is the owner of the vendor object in the shop at this time? the wholesaler or the retailer. but do it matter?

if the shopkeeper owns the vendor/object but the script is operated thru my wholesaler http control of it then it would be ok this?

like owner-only can grant a script a one time permission to manage their own account. non-owner have to approve each debit permission request

like would it matter then whose account the customer payment goes into initially?

 

---

As it works now, only the object owner can grant PERMISSION_DEBIT, money is

always

in some individual resident account, and money paid to an object always goes immediately to the owner of the object. An affiliate vendor script is (conventionally) owned by the retail shopkeeper and distributes the wholesaler's share using llGiveMoney (old-school, but still common) or llTransferLindenDollars.

The alternative would be for the shopkeeper to permit the wholesaler to rez their own vendors in the shop so the money first goes to the wholesaler's account. This requires the shopkeeper to trust the wholesaler's script to split as promised*, and the wholesaler has to invest the effort of rezzing the vendor at the shopkeeper's site, knowing that the shopkeeper may return it from their land at any time. Usually, shopkeepers instead just rent out market stalls, but I see advantages to splitting proceeds instead of transacting rent. I wonder why it's not more common.

*In fact, in the usual case of shopkeeper-owned affiliate vendors, the shopkeeper must trust the wholesaler's black box vending script to split as promised -- and moreover, must trust it not to instead siphon off the shopkeeper's entire L$ balance. This is why one should always use an impoverished alt as the owner of affiliate vendors, and have a script that periodically transfers all that alt's L$s to a "banker" account for safekeeping. (This reveals a well-known trick by which a shopkeeper alt can stiff the wholesaler, although there are ways for the affiliate vendor script to minimize this risk.)

---

thanks (:  makes things way more clear for me now. i get a bit confused when i read the OP

so what happens is.

person finds this vendor inworld. it say buy this stuff for this much money (or free even). so do that and get a box. person now owner of a box. the manage your money account script inside this box. not in the inworld vendor

so rez the box. like you do to open it

then the script in the box says need debit permissions. and bc is their box (like they now the owner) then system allows onetime grant permission to manage their own money account

+

where i get confused was i read OP as: they click this inworld vendor and it take all their money. i not understand how you can click a inworld vendor as a customer and it can take all your money

so wasn't another person-owned scripted vendor that take the money. was another scripted vendor inside the shop vendor which was given. which now belongs to you. so from design pov it didn't take/steal the money. it distributed/gave money

+

is still pretty sucky that can get scammed this way. but can see now how from design pov it is as securely designed/implemented as best it can be

 

 

 

---

Even if they added a second, "Are you really sure you want to this?" dialogue, someone would still cllick through.  Though asking a second time might stop the hasty accidental click.

[Arielle Simondsen]

as I said it *wasn't* labeled as a vendor, I bought what appeared to be a skin/shape.  It was NOT a vendor as far as I know but when I clicked on it to open, a vendor like script popped up and began taking all my money.

[Sephina Frostbite]

Thanks for the warning suga!

[Knutz Scorpio]

---

Arielle Simondsen wrote:

as I said it *wasn't* labeled as a vendor, I bought what appeared to be a skin/shape.  It was NOT a vendor as far as I know but when I clicked on it to open, a vendor like script popped up and began taking all my money.

---

Probably not many of us find it surprising when someone finds and exploits a loophole in something LL set up, disheartening but not surprising.  Lesson that can be taken from this is be VERY careful who you buy from and don't keep too much L$ on your primary avatar, transfer the extra to an alt and use that alt for nothing else.

[Melita Magic]

Sorry to hear that happened to you.

Did you grant it a debit? A yellow box would pop up. Never say yes unless you are extremely sure who is asking and you trust them.

Those occasions would usually only be a reputable games merchant, etc. (I personally do not think it should ever be necessary in SL.)

[Melita Magic]

---

Drake1 Nightfire wrote:

LL doesnt care even if its not user error.. I bought a bundle off the MP to give as a rezzday gift. $8000L for a rare breedable horse bundle. What did i get? an empty box. I reported it and filed a ticket on the MP.. i was told that it is a resident to resident dispute and they would do nothing about it. I even ARed the person for fraud. the next day their shop was empty.  Lesson learned, do not buy limited quantity things on the MP.

---

Yes, I bought a couple of rare breedable things and got common ones...the person gave me a long spiel about why it was my fault. Their description did not describe the ones they sent to me. I sent them proof of purchase, in the end they gave me a refund when I sent them back the nests. It seemed like a gray area, they were hoping most people would let it slide I think.

 

[Melita Magic]

---

Arielle Simondsen wrote:

as I said it *wasn't* labeled as a vendor, I bought what appeared to be a skin/shape.  It was NOT a vendor as far as I know but when I clicked on it to open, a vendor like script popped up and began taking all my money.

---

I am not a scripter but maybe one can speak to this.

Did you left click the box? That is 'touch' and can I think trigger any script inside (malicious ones in some cases) but if you right click and choose OPEN to open a box instead, I don't think that can trigger a script in the box.

I usually try to right click and choose OPEN on a box by habit, although I hadn't consciously thought to avoid this type of thing.

I did once click a random box as a newbie, I think it said 'freebies' on it, not sure now; and it popped up a yellow 'grant debit' option. It is really sickening but it happens. 

Anything that seems like a good deal could be a trap by some scammer.

 

[Qie Niangao]

---

Did you left click the box? 

 

---

Although that touch event could be a trigger (and right-clicking and choosing "Open" could not), the request for PERMISSION_DEBIT doesn't really need an external trigger. As a protection, this particular permission can only be granted by the owner; that's a good thing, but it means that the script doesn't need any help identifying who to ask permission: it's always going to ask its owner.

Of course, it does need to be rezzed for the script to even run, so it's not going to ask permission while it's just sitting dormant in inventory. Very often, however, such scripts ask permission immediately upon being rezzed. I mean, even legitimate affiliate vendors, splitting tipjars, and the like also usually do that immediately simply because there's nothing useful they can do until they've got that permission.

[Melita Magic]

Oh! Yikes. Didn't know that. Thanks!