Jump to content
ArtemisCartensz

Collar with permanent RLV?

Recommended Posts

While it's possible the password is stored somewhere, there is no proof that's the case.  Certain people didn't like the concept and spread as many rumors as possible to get it destroyed.  Unfortunate, but sometimes that's the way it goes.  

 

I read above someone's comment that LL doesn't like the kinky people.  Unfortunately this is true.  WHen I started SL almost 8 years ago, you could go where you wanted, regardless of your appearance.  Now, many things may get you in trouble if you go to Moderate or General lands.  If they didn't want kids to see such (and they've seen worse elsewhere) they shouldn't have kept kiddy land for them.  

 

Reminds me of my sister (a year younger than I) who put sheets of typing paper over a jigsaw puzzle of a nude (Playboy?) my dad had gotten for Christmas and asssembled on a card table, back when I was about 16 or 17, because she didn't think my brother or I should be seeing such things.  There are prudes everywhere   And they spoile things for the rest of us.

 

 

Share this post


Link to post
Share on other sites


Idris Georgia wrote:

While it's possible the password is stored somewhere, there is no proof that's the case.  Certain people didn't like the concept and spread as many rumors as possible to get it destroyed.  Unfortunate, but sometimes that's the way it goes. 

 

I do believed a skilled programmer would be able to see if data was being sent to a Third Party.  You'd have to ask someone who knows more than me and who had looked at what was going on.

But I also see more trouble than just the possible password issue.  The TOS states that "you are responsible for keeping your account secure."  Because this system also changed the E Mail address to something the user did not have access to they were surrendering control of the account.  An edge case maybe, but still a case.

 


Idris Georgia wrote:

 

I read above someone's comment that LL doesn't like the kinky people.  Unfortunately this is true.  WHen I started SL almost 8 years ago, you could go where you wanted, regardless of your appearance.  Now, many things may get you in trouble if you go to Moderate or General lands.  If they didn't want kids to see such (and they've seen worse elsewhere) they shouldn't have kept kiddy land for them.  

 

Reminds me of my sister (a year younger than I) who put sheets of typing paper over a jigsaw puzzle of a nude (Playboy?) my dad had gotten for Christmas and asssembled on a card table, back when I was about 16 or 17, because she didn't think my brother or I should be seeing such things.  There are prudes everywhere   And they spoile things for the rest of us.

 

 

Oh, I'm sure there are prudes working for LL.  But as far as policy goes, when Ebbe was asked about Adult Content in Sansar his response was that as long as it was legal it will be a go.

But as far as current content in SL goes and the "Behind Closed Doors" policy LL has implemented goes if banning permanent RLV was a matter of LL being against kink, I can think of some things that LL could and would ban out right as a matter of policy such as voraphelia and rape play.  They could go as far as to outright ban RLV.  But they don't.

So as far as what I see the removal of this system was and is an account security issue, not a LL is against teh kink issue.

  • Like 1

Share this post


Link to post
Share on other sites

Don't worry. We've not turned into prudes overnight.

Yes, there were account security issues involved. Problems included account sharing ToS violations, insecure password handling, and interference with Linden-to-customer communications. The intention of the developer was fine, but what he wanted to accomplish isn't really compatible with the ToS and Second Life.

We understand and respect that many of you explore very personal interests on Second Life, including kinks. We don't want to discourage personal exploration or expression, so I asked the support team to attempt to handle these cases discretely. That meant reverting email addresses and sending password reset requests rather than requiring phone contact wherever possible. This is at variance with how cases might normally be handled.

If the email address rollback didn't work for you and you would like to avoid phone support for an account that was associated with this tool, please file a ticket with support indicating another email address that was recently associated with your account. Ask Support to use that for the password reset request. Again, this is only for accounts previously associated with this tool.

Share this post


Link to post
Share on other sites

By the by, if a scripter wanted to accomplish similar aims without a special client download or interference in account ownership, I think that's possible.

 

  • Make a script that resides in an attachment and uses an llHTTPRequest() to check in with an object rezzed in world. The check-in request would include a shared secret, RLV detection status, and confirmation that the object is attached
  • The in-world object would periodically check whether an agent is logged in using llRequestAgentData. If it finds an agent logged in without receiving confirmation of the expected secret and status, it can notify appropriate parties.

If a user ultimately opts out, they don't lose the account but they wouldn't be able to escape detection either. Permanent records of "cheat" counts or other social measures could be used as further incentive, rather than account loss.

p.s. Is this the first time a Linden has weighed in on making adult toys, or did Cube beat me to the punch back in the day?

Share this post


Link to post
Share on other sites

Those systems already exist  ;)

An RLV attachment can be locked on your avatar so it cannot be taken off by any means when on a viewer with RLV enabled.

If you login on a viewer without RLV to "escape",  the RLV attachment will shout at you for being a cheat and IM the keyholder/s (owner/s) and inform them you did this.

Share this post


Link to post
Share on other sites

It's possible I'm missing something in my knowledge of RLV. But can't that be thwarted by logging into a region where scripts are disabled at the region level? That would halt even the scripts that use the llTakeControls() exception left in place for vehicles and AOs.

  • Like 1

Share this post


Link to post
Share on other sites

Yeah that's correct, you can cheat by doing that.

Well, you can cheat on Firestorm in that way.

Kitty just told me you can't use that cheat on Marine's RLV viewer though.  If you go to any region (or parcel) with scripts disabled, Marine's viewer totally locks you down so you can't do anything,  in case  you try to cheat.

But then of course it's just a case of relogging into a different viewer with RLV disabled to cheat anyway.

So yeah, not foolproof.

Share this post


Link to post
Share on other sites

I was really bothered that this was just shut off.  I understand the reasons and rules.  This was a big part of a power exchange relationship I have been in for sometime.  We've tried Marine's viewer.  Love Marine and her contribution to SL, but bad viewer.  Anyway,  Enough whining.  I'm just sad.

Share this post


Link to post
Share on other sites


Soft Linden wrote:

By the by, if a scripter wanted to accomplish similar aims without a special client download or interference in account ownership, I think that's possible.

 
  • Make a script that resides in an attachment and uses an llHTTPRequest() to check in with an object rezzed in world. The check-in request would include a shared secret, RLV detection status, and confirmation that the object is attached
  • The in-world object would periodically check whether an agent is logged in using llRequestAgentData. If it finds an agent logged in without receiving confirmation of the expected secret and status, it can notify appropriate parties.

If a user ultimately opts out, they don't lose the account but they wouldn't be able to escape detection either. Permanent records of "cheat" counts or other social measures could be used as further incentive, rather than account loss.

p.s. Is this the first time a Linden has weighed in on making adult toys, or did Cube beat me to the punch back in the day?

This bug may cause problems with using this method - it's still not fixed as far as I can tell.

SVC-6831 - llRequestAgentData with DATA_ONLINE parameter has a delay of up to 10 minutes in reporting offline status

Share this post


Link to post
Share on other sites


Soft Linden wrote:

By the by, if a scripter wanted to accomplish similar aims without a special client download or interference in account ownership, I think that's possible.

 
  • Make a script that resides in an attachment and uses an llHTTPRequest() to check in with an object rezzed in world. The check-in request would include a shared secret, RLV detection status, and confirmation that the object is attached
  • The in-world object would periodically check whether an agent is logged in using llRequestAgentData. If it finds an agent logged in without receiving confirmation of the expected secret and status, it can notify appropriate parties.

If a user ultimately opts out, they don't lose the account but they wouldn't be able to escape detection either. Permanent records of "cheat" counts or other social measures could be used as further incentive, rather than account loss.

p.s. Is this the first time a Linden has weighed in on making adult toys, or did Cube beat me to the punch back in the day?

Well, as long as I've been on the Forums I can not remember a Linden weighing in on adult issues.  But then again it's an extremely rare thing, like almost non existent, that a Linden weighs in on anything here outside of the Commerce and Technology sub forums.

But for the record, not all of us who use RLV use it for "adult" activities but rather for certain functions it provides.   For instance, the ability to hide 'hover text' on our screens.  Or being able to teleport using 'keyboard commands.'  I have my most frequented locations loaded into a scripted object I wear.  All I have to do is type a few letters on my key board and I'm on my way.  If there is a way to accomplish these things without RLV I have never found them.

Thank you for taking the time to post.  This is not the first time though a subject has come up that having a Linden respond could have saved a lot of debate and FUD.

Share this post


Link to post
Share on other sites


CatoNineTails Skytower wrote:

What then if someone's old linden account email is no longer active or accessible to them. Whast then can they do to salvage an account that they have had for years?

They are salvaging. I lost a 9 years old account. Of course older accounts are more easly subject to loosing track of their email, having those mailboxes not active anymore and so on,

And all this not due to xtremerlv but due to this stupid massive (not needed and not requested) password reset they did, People damaged by this were not doing anything bad or against the rules, but still get punished. Nobody lost account due to extremerlv we did due to this LL stupid action (they could have at least gave a warning before doing it).  

Yes, you can open a ticket to  LL support, but is like talking with an answering machine: they keep repeating you have to check your mailbox.

 

Share this post


Link to post
Share on other sites

The Wiki seems to suggest that there's a procedure for people who've forgotten their email address:


If you request a password change or reset, you should receive an email to the address with which you originally registered your Second Life account. If you don't receive the automated email (perhaps because the account's email address on record has also been changed), submit a support ticket through the Solution Finder using the Special Questions — Basic account or Guest Login ticket type.

I've never had to use it, since I set up a special, easily memorable, gmail account specially for SL as soon as I decided I wanted to continue with SL, but isn't this a case of when they ask you name someone on your friends list with a particular last name?    

I am assured, by the way, by a Linden whom I asked (and who would know the answer to this, because of her role at LL) that the question means "name someone on your friends list with the last name XXX," so if they say "Name someone with the last name 'Resident'"  it means "Name anyone  on your list with that last name" rather than "Try to guess who we have in mind."

On a more general note, while I don't intend to sound unsympathetic to the problems people have been caused, I have to wonder why they expected LL to tolerate a system whereby a complete stranger sets people's passwords and email addresses for them.    That's the first thing that happens when your account is compromised, after all, and I don't see how LL, or people who used Xtreme RLV, come to that,  can be expected to differentiate between someone assisting in a bona fide exercise in power exchange and a phisher playing a long game to gain control of dozens of other people's accounts.

 

  • Like 1

Share this post


Link to post
Share on other sites


Innula Zenovka wrote:

That's the first thing that happens when your account is compromised, after all, and I don't see how LL, or people who used Xtreme RLV, come to that,  can be expected to differentiate between someone assisting in a bona fide exercise in power exchange and a phisher playing a long game to gain control of dozens of other people's accounts.

 

Tes, except that extremeRLV system does nothing of what you say; no stranger changing your password, no access to account or account information sharing, not a chance to "gain control" of people's account.

But the point is not if LL should tolelrate or not tollerate extremeRLV system. The point is how they handled the issues when they decided there was an issue: massive unrequested retroactive account reset; against users that was doing nothing bad or against hte rules.

Peoples here are not losing their accounts due to extremeRLV, we're losing our accounts due to this poor decision (massive password reset).

For istance, my case:

I wanted to test extremeRLV so i decide to test it using alts: Got Avatar A shackling Avatar B, did my tests, then after few hours released it and restored Avatar B to the previous situation, trashed extremeRLV demo and and used it normally, not a  problem, everything was cool.

After some days they decided to reset everyone and they  did retroactively since I wasn't using extremeRLV anymore, and my avatar was gone. Nobody was doing anything bad or against the rule, there was no account compromission and nobody asked any reset.

Then you may dislike people enjoyng such kind of kinky devices, personal preferences. However I hope you will never find with your avatar gone cause of some retroactive reset cause in the past you used some item thart now is considerated an issue. 

 

 

 

Share this post


Link to post
Share on other sites

You mistake my point, I think.

Unless I misunderstand it, the XtremRLV launcher resets your password and email address, which it stores, so you can log in only via that launcher. The person who makes the launcher, who is not, I think, personally known to many of the people who use this device, says that he doesn't know what password and email address his launcher generates for you, and he has no way of retrieving them for his own use. Being of a trusting nature, you believe him.

That's fine, and you are probably right to believe him. However, I can quite see why LL were not prepared to allow a situation in which products like this were distributed, whether by the imaginatively-named epar restam or by some future, and less scrupulous, competitor. It was a large-scale account-theft simply waiting to happen.

You've been around as long as I have, so you must remember how everyone trusted Emerald's devs until news of their "shenanigans" got out, and you can't be unaware of all the phishing attempts that are continually going on.

I'm sorry to learn that you're having trouble resetting your password (though I have to say that I'm surprised someone with a 9-year-old account wouldn't make sure they knew what email LL had on file for them, precisely because the email address is important if your account is ever compromised).  

However, as I said, at least according to the wiki, LL do seem to envisage circumstances in which people need to change their passwords to recover their account but don't remember the email address they gave LL, and have a procedure for resolving such situations.

Share this post


Link to post
Share on other sites


Innula Zenovka wrote:

You mistake my point, I think.

Unless I misunderstand it, the XtremRLV launcher resets your password and email address, which it stores, so you can log in only via that launcher. The person who makes the launcher, who is not, I think, personally known to many of the people who use this device, says that he doesn't know what password and email address his launcher generates for you, and he has no way of retrieving them for his own use. Being of a trusting nature, you believe him.

That's fine, and you are probably right to believe him. However, I can quite see why LL were not prepared to allow a situation in which products like this were distributed, whether by the imaginatively-named epar restam or by some future, and less scrupulous, competitor. It was a large-scale account-theft simply waiting to happen.

You've been around as long as I have, so you must remember how everyone trusted Emerald's devs until news of their "shenanigans" got out, and you can't be unaware of all the phishing attempts that are continually going on.

I'm sorry to learn that you're having trouble resetting your password (though I have to say that I'm surprised someone with a 9-year-old account wouldn't make sure they knew what email LL had on file for them, precisely because the email address is important if your account is ever compromised).  

However, as I said, at least according to the wiki, LL do seem to envisage circumstances in which people need to change their passwords to recover their account but don't remember the email address they gave LL, and have a procedure for resolving such situations.

We need to go back to what Soft Linden had to say. 

"Yes, there were account security issues involved. Problems included account sharing ToS violations, insecure password handling, and interference with Linden-to-customer communications. The intention of the developer was fine, but what he wanted to accomplish isn't really compatible with the ToS and Second Life."

Certainly there have been times when it has appeared the Lab had jumped the gun but from what Soft said I don't think this is the case.  The Lab would certainly be in the position to see and know exactly waht was going on.

Is there a better way the Lab could have handled it?  Advanced notice to all the users of the system?  Maybe, though how would the Lab be able to notify people if the E Mail address on file had been changed to something the user no longer had access to.  Private message?  The logistics of that not withstanding, what if the user had private message restricted via RLV?  So I can see why the Lab had a problem with this.

Share this post


Link to post
Share on other sites

Very interesting discussion on many levels. My thoughts about staying in control of your own account is in conflict with my kinky desire of being truly helpless. I would like to suggest the following functionality that  I am quite certain could be added to a viewer:

  • An extreme version of RLV could be activated and your access to own account would be denied (including password recovery via email). A safeword option must be included an allow you access to your own account, but only after a certain time period (like 100 days). The 100 day timer would only run from when you activated the safeword option.
  • The viewer recognize your usual password, but logs you in with a random password you do not know.
  • Some of us like to give control to other people and they could be given the "power" to release you when they choose to do so.
  • More options and details could be added and with a proper encyption it would be almost impossible to hack.

I would not have disclosed any account information to anyone else. And my acces to my own account is only "postponed". A realtively small risk on a personal level. What do others think?

 

happy helpless me

 

 

Share this post


Link to post
Share on other sites


Innula Zenovka wrote:

 

You've been around as long as I have, so you must remember how everyone trusted Emerald's devs until news of their "shenanigans" got out, and you can't be unaware of all the phishing attempts that are continually going on.

I don't see how you can do such a comparation, the Emerald case was a totaly different case, there's nothing like that now. Nor technically nor in the way rthe case is handled. Not even close.

And I don't remember users getting their account locked by LL for using Emerald Viewer.

I don't know if you're only trolling or simply talking whithout having any clue or trying to understand things.

 

 

Share this post


Link to post
Share on other sites


Andy Aura wrote:


Innula Zenovka wrote:

 

You've been around as long as I have, so you must remember how everyone trusted Emerald's devs until news of their "shenanigans" got out, and you can't be unaware of all the phishing attempts that are continually going on.

I don't see how you can do such a comparation, the Emerald case was a totaly different case, there's nothing like that now. Nor technically nor in the way rthe case is handled. Not even close.

And I don't remember users getting their account locked by LL for using Emerald Viewer.

I don't know if you're only trolling or simply talking whithout having any clue or trying to understand things.

 

 

Anyone who uses XtremeRLV is trusting the scripter who developed it not to exploit their trust to gain access to their account via the launcher.    He says he has no record of your password and email, and doubtless he's telling the truth, but how does anyone (including LL) know?   And how does anyone, including LL, know that anyone else who makes a similar device is similarly to be trusted?

The point of comparison with Emerald is that everyone (including me) trusted the Emerald devs not to exploit the access their computers that the viewer gave them, until that trust proved misplaced.

LL say, very wisely, that you shouldn't give your log-in details to anyone, not even your best friend or your partner.   When you use XtremeRLV you are exposing your log-in details to someone who you've not even met and who, I would think, you have less reason to trust than you have to trust a close friend.      

Doubtless he won't abuse that trust, but it's hardly surprising that LL aren't prepared to allow you to take take the risk, since it exposes them to the risk of having to deal with the consequences of hundreds of users having their accounts stolen if that trust is misplaced.

The point of comparison is people trusted Lonely Bluebird and Fractured Crystal not to abuse the trust people placed in them as Emerald devs, and Lonely and Fractured demonstrated how easily that trust can be abused.  LL seem understandably reluctant to take the risk again of allowing residents to use tools that may expose their log-in credentials to third parties, and I can't say I blame them.

  • Like 1

Share this post


Link to post
Share on other sites


Innula Zenovka wrote:


Andy Aura wrote:


Innula Zenovka wrote:

 

You've been around as long as I have, so you must remember how everyone trusted Emerald's devs until news of their "shenanigans" got out, and you can't be unaware of all the phishing attempts that are continually going on.

I don't see how you can do such a comparation, the Emerald case was a totaly different case, there's nothing like that now. Nor technically nor in the way rthe case is handled. Not even close.

And I don't remember users getting their account locked by LL for using Emerald Viewer.

I don't know if you're only trolling or simply talking whithout having any clue or trying to understand things.

 

 

Anyone who uses XtremeRLV is trusting the scripter who developed it not to exploit their trust to gain access to their account via the launcher.    He says he has no record of your password and email, and
doubtless
he's telling the truth, but how does anyone (including LL) know?   And how does anyone, including LL, know that anyone else who makes a similar device is similarly to be trusted?

The point of comparison with Emerald is that everyone (including me) trusted the Emerald devs not to exploit the access their computers that the viewer gave them, until that trust proved misplaced.

LL say, very wisely, that you shouldn't give your log-in details to anyone, not even your best friend or your partner.   When you use XtremeRLV you are exposing your log-in details to someone who you've not even met and who, I would think, you have less reason to trust than you have to trust a close friend.      

Doubtless
he won't abuse that trust, but it's hardly surprising that LL aren't prepared to allow you to take take the risk, since it exposes them to the risk of having to deal with the consequences of hundreds of users having their accounts stolen if that trust is misplaced.

The point of comparison is people trusted Lonely Bluebird and Fractured Crystal not to abuse the trust people placed in them as Emerald devs, and Lonely and Fractured demonstrated how easily that trust can be abused.  LL seem understandably reluctant to take the risk again of allowing residents to use tools that may expose their log-in credentials to third parties, and I can't say I blame them.

 

You may be using "doubtless" here as a means of taking the edge off your argument. I don't think it's necessary. I'd have doubt about any service that required my username and password, even if that was the only way to offer the service. I'd simply decline to use it. And it's not a matter of trusting the service's intent, you've also got to trust their competence.

It seems Andy is confusing technical and legal. The ToS is a contract between LL and residents, you have to agree to it to enter SL. Handing over your account to someone else violates the ToS. I'm sure it's done all the time, but that doesn't change the legality. I don't imagine there's a court around that would see it otherwise. To pretend otherwise won't help.

Share this post


Link to post
Share on other sites


XtremRLV2 was - until 03.21.2017 - available. In XtremRLV2 you have needed to earn the right to shackle your account for a longer period. There was no unlimited version anymore.


II also have an understanding problem

The RLV launcher or the RLV launcher for Firestorm - both on sourceforge - are not criticized. Here I have the name and the password to an unknown and give a "bin file" with which I sign up. I hope that this stranger does not mischief and only the e-mail and the password changes.

For extremeRLV, a program executes the changes. The data should be stored within an object in my inventory - the flashing "tag" that I carry on the upper arm.

Why this is not safe is not clear to me - maybe someone can help me there.


And I also violate the ToS when I use a password manager? I do not recall single PW's

For me, however, the extremeRLV2 was too expensive - 200 L $ for each charging.

I hope there is soon a cheap version with which LL agrees.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, mellissa28 said:

Why this is not safe is not clear to me - maybe someone can help me there

OK ...
Send me your password. I promise I wont steal every linden you have and all the money your credit card on file can hold.  I'll just change it to something else for a little while.

 

  • Like 4
  • Haha 1

Share this post


Link to post
Share on other sites
May be that it is due to my bad english.

The option with the two launchers I consider unsafe, because I must pass my data.

The use of ExtremRLV I think for sure
, because
- the key is generated in world,
- the data is changed during my logins
- and I copy a key to log into an external program - technically nothing else as a password manager but I do not see the password .
 
Everything else with network sniffs, keylogging, etc. can also happen with a normal login.
 
The question is merely, I trust a program or a stranger.
And I'm aware of what I'm doing. When I read the chat history in the groups, I am not sure that they know what they are doing.
  • Like 1

Share this post


Link to post
Share on other sites

I would like to try the xtremrlv V2, unfortunately I was once again too late to be taken as Force Beautie.


If there is a next version, I volunteer as a test rabbit available.

Share this post


Link to post
Share on other sites

You forget people could always just use an alt with a new account and just give up that old account. there is no perm rlv on sl and never really will be either. there is no way to stop anyone from just making a new account and starting over fresh if they wanted to. so it is not possislbe to make rlv inescapable ever in the sense that some are wanting and never will be. and giving up an account and starting fresh is not that hard to do for many people.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...