Are IP Address Trackers again being used in SL?

[Innula Zenovka]

---

Marcus Ansia wrote:

I really don't think LL have implimented a facility to enable IP Address banning.  It makes no sense as I've already proved.  It's only a matter of rebooting your Router/Modem to obtain a new IP Address. So if you are a griefer, you simply create another avatar and change IP Addresses before using it.

---

I'm afraid that "This is a stupid idea, so LL  would never adopt it" doesn't sound a completely waterproof argument to me.

In point of fact, it's not always simply a matter of rebooting your modem to obtain a new IP address.  In much of Europe it is, I agree, though not always in the UK (it's quite difficult to change your IP address with my ISP, Richard Branson's Virgin -- I investigated this while RedZone was going on).   Also, in the USA, as I understand it, IP addresses do tend to be a lot stickier than they are in Europe.

 

[Sling Trebuchet]

/me turns desk lamp to shine straight into Marcus' eyes

"It vould help if you vould anzver der qvestunz!!"

What *exactly and in detail* does your daughter see? For template see my example given in two separate posts above.
What *exacly and in detail* do you see?

What could be happening is an attempt by LL to make it more difficult for someone to come back in as an alt.
It's not foolproof, but it might help against casual griefing (defined as - troublemaking/drama as a knee-jerk response to getting ejected). Not everyone is aware of how to change their IP.
The logic would be: A banned avatar get banned or tries to TP into a sim from which they are banned. Log the avatar's IP at the time and prevent access to the sim by any avatar using that IP for x minutes.

If LL are doing an auto IP block, they have to strike a balance between stopping 'casual' griefing and blocking innocents. I would guess that if they are doing an IP block, it would timeout. The time  would be influenced by a guesstimate of how long it might take a random user to calm down.

It would be a balancing act between stopping a dramatic alt and impeding unrelated people who happened to be on the same IP and who also just happened to be trying to get into that sim immediately(-ish)  after a banned avatar had been there or tried to get in.

Note that only the banned avatar is banned by name.
It would be unsafe to assume that anyone using the same IP within x minutes was certainly an alt of the banned avatar. Therefore an IP ban by LL would not add the names of such avatars to a ban list. RedZone did seem to make that assumption and took 'same IP' as absolute evidence. It didn't even allow for x minutes. It seemed to have taken IP as absolute and permanent.

 

Hey! ATTENTION SL DROIDS!!!
How about changing the message  someone gets when they get ejected?

Instead of
"You hef bin banned/ejected/rejected/sh*t_on for bin a wery wery notty awatar"
how about
"Oh man, that sucks! But hey! Never you mind those people. Why not try these places {LMs listed} that could be waaaay better"
Break the cycle. Ya never know, it might help

 

PS: I am abjectly sorry if parts of the above has hurt the sensitivies of any ESLers. I promise not to do it again - much.

 

[Sling Trebuchet]

In general, Europeans (at least) who were mostly on DSL telephone lines could change their IP by restarting the modem or with a menu option on the modem-management web interface.
I understand that for people on cable - more common in the US - changing IP can be a BIG DEAL. The MAC address of the first device connected to the modem (like a router) has to be changed/spoofed. Then there has to be a cold boot of the modem - which might involve having to remove a backup battery.

I think the makers of RedZone were working on an assumption that everyone was on 'cable' restrictions.
LL would not be making that mistake at this stage.

[Innula Zenovka]

If you and I are both using DSL telephone line connections and find we share the same IP address, if I change my IP address by restarting my modem, does that automatically change yours?   We don't have anything to do with each other than that we live near each other and share the same ISP.

[Perrie Juran]

---

Sling Trebuchet wrote:

In general, Europeans (at least) who were mostly on DSL telephone lines could change their IP by restarting the modem or with a menu option on the modem-management web interface.

---

When I first got (I'm U.S.) DSL (ADSL) several years ago I could use either of those options.  Then they dropped it from the Modem Menu but turning off the modem for a few minutes usually did the trick.

Now the service I am on is VDSL and it takes leaving the Modem off for several hours before I might find I've been assigned a new IP.  5 or 10 minutes certainly does not do the trick. 

As far as cable goes I'm not sure.  The business I was working at needed a static IP for their security systems and had to pay extra for that to guarantee there would never be a change.

[Sling Trebuchet]

We can't share an IP (simultaneously) if we are on separate lines. The IP is the nearest thing that the Net has to a physical address.
The way we would share an IP simultaneously is by being on the same network behind a modem (cable or DSL, etc).
we have separate internal IPs on the private internal network, but we share the public IP that is linked to the line/cable_modem that connects out internal network to the Internet via the ISP network.
That could happen in a business/ hotel/cafe/library/dorm/whatever that offers connections to a number of people but has a single connection to the Net. That connection changing its IP would change the public IP for everyone behind it.

An ISP either assigns a fixed IP to a line or serves one up from a poll of available IPs on demand.

If we were on the same ISP but on different lines, we might eventually be observed as having been on a certain public IP at different times if dynamic IP allocation gave the line/modem of one of us an IP that had been previously allocated to the line/modem of the other.

 

[Perrie Juran]

I know that using a service like http://whatismyipaddress.com/ shows the same IP for all computers in my home.

Now one thing I find interesting is that the so called "locaters" place my physical location about ten miles from my home.

[Sling Trebuchet]

All the devices in your home that work through your DSL/Cable/whatever will share the one same public IP address. That address is actually assigned to your modem, not directly to your device(s)

The router or modem/router deals with the internal (private) IPs used by each device. Traffic to and from your devices is tagged so that the router knows which internal address is involved.

"Locators" can only use a best guess at physical location based on information publicly supplied by the ISP. In some cases that only indicates a city or a regional centre.

In some cases the information available from the ISP can indicate a small area. That was one of the objections to the RedZone system.
A person who was aware of the level of accuracy of location by IP in their own case would know that another avatar tagged to them by RedZone would be in the same building/organisation/dorm if the IP was fixed.
In the case of dynamic IPs, the target would be in an area served by a certain range of the ISP's pool of IPs.
In such cases there was a real danger of RL stalking. Some social engineering to get the target to divulge something that seemed innocuous could provide clues as to the identity of the RL person behind the avatar known to come from a given area.

End users and victims of RedZone would only know that a common IP had been detected - as the system would have tagged people as alts of each other (correctly or incorrectly) based on IP.
Internal to the RedZone system, the actual IPs were known. That would allow a person with internal view to locate a RL person either generally or quite accurately, depending.

For cautious people

Always have media disabled in preferences by default. Enable it only for specific cases.

it is worth bearing in mind that if your viewer accesses content on a third-party server outside of the SL network, your IP is logged by the server hosting that content.
If someone inworld has access to the logs of those external servers, they could match you to an IP accessing the server. The matching is guesswork if there are a number of avatars accessing, RedZone got around this by recording all avatars in range of the device and all IPs accessing content that was tagged to that location. This was collected continuously and grid-wide by all RedZone devices in use. Eventually they got a Big Data effect of 'that IP is only accessed when that or those avatars are present'.

Matching is trivial if the number of possible avatars is very limited.
So - cautious people - if you get invited to somewhere by someone who could have control (as in view of logs) over the music/media servers for that location - and it's just two or a few present - don't enable your media. You can't hear/see beacause ...eh.. some SL/PC problem *sigh*.
It doen't need a 'system'. Someone moderately technical could do it entirely on their own as a one-off.

Don't every play media that is on an avatar attachment.

Also, curl up in a corner. Do not go out.
Alternatively go out and live like mad. Just be aware of the possibilities and set your own safety level.

 

 

 

[Marcus Ansia]

You may want to use that light yourself and shine it on my initial post which explained fully exactly what happened, 4th paragraph, last sentence.....

Surprise surprise, when she tried to teleport to (SITE NAME WITHELD TO CONFORM TO PRIVACY LAWS), she received a message saying she didn't have access to that location.  Not banned, just no access.

My daughter gets a pop up message saying.... 'You do not have access to this location'.

That's it, nothing more.

[Sling Trebuchet]

At last! (ish)

"She received a message" is NOT 'full exact'.

You did not specify that it was a pop-up message. Nor did you quote the text seen.
That was very important detail.
Only now do you specify pop-up and I strongly suspect that still you don't quote the full precise text.
Compare what you supplied v what I supplied earlier (twice) as a template.

 

/me turns the desk lamp again
"DONUTZ UND BLINIZ SCVEINHUNTZ!"

Here, for the third time is the standard of reporting that you should use to help people to help you.

Try TP to the sim ....... OLN Island.
I don't have access there. I just found it by trying remote sims on Map.

I saw...
- my window goes black
- I see the TP progress bar (with zero progress), and then immediately ....
- I get a pop-up message window:
------------------------------------------------------------------------
Teleport Failed.
Sorry, you do not have access to that teleport location
          ((Close))
-------------------------------------------------------------------------

What do you see when you try OLN Island?

If that's the template of what your daughter sees when she is refused access to the sim that you were banned from , then it seems that the banning/blocking is being enforced by standard SL features.

You now say that  she gets a pop-up 'You do not have access to this location'. You say that's it, nothing more.
Are you absolutely sure that she does not also see "Teleport failed" ?
What is the text on any buttons in the message box? Single or multiple buttons?
Does that message box pop up near immediately after the progress bar appears - and with no progress indicated?

 

I can't find any lsl call that would produce such  pop-up messages remotely.
If a scripted device were to communicate to you remotely, it would use llInstantMessage(), which would appear in your main chat.

[Marcus Ansia]

This initial incident took place 4 weeks ago.  Attempts were then made over a period of a few days in the first week only, depending on my daughters availablity, because unlike many others, I don't see fit to create an alternative account.

No recent attempts to teleport there by myself or my daughter have since been made because neither of us have the slightest interest in returning to that location.  That being said, each time we had tried (unsuccessfully) in that first week we each saw or screens go the staturory black as though a teleport was in progress, a boxed message then appeared in the center of our screens, black background with white text.  Mine said ... 'You are banned from entering this region'.  Hers said.... 'You do not have access to this location'.  There were no progress bars, because each time it happened vitually instantaneously.

Yesterday, my daughter was able to come to my home, so I asked her to again attempt to tp there.  She was able to with no problem.  I then attempted to teleport there and this time I arrived...... No Messages.

I can only now assume that whatever device, code, script etc was being used at the time, has either now been changed or withdrawn.

How exactly it was coded or scripted I really have no interest in.  What did interest me was why I had been banned (which I still have no explanation or apology for) in the first place and the fact that my IP Address MUST have been utilised in the process for my daughter to also have been prevented from entering the region immediately after my own attempts after I changed my IP Address.

If, you can prove to me that IP Addresses were not being used to be able to do this then all well and good, but if not and it is still the only possible explanation, wether it be a scripted device the owner was using, or some code change LL has made (which I am still not convinced of), then I believe that each person has the right to know this so we all have the informed choice as to wether we then wish to enter a specific region, or not.

 

[Sling Trebuchet]

The answer to

Are IP Address Trackers again being used in SL?

seems to be "Not in this case at any rate".

You were both getting SL system messages related to access - and before the TP process proper could get underway - - just as I reported for my attempt to TP into some random place where I did not have access - because the place was not on public access.

It seems that LL impose an IP ban ( of whatever duration ) for a ( certain type of ) location. This seems to be imposed when a banned avatar tries to TP in - and most probably also when that avatar is banned in the first place.
It seems that the place used an Estate ban - which would explain why your name was not to be seen in the parcel ban list.

My own tests in my (group-owned) small mainland parcel did not replicate this. However, the server code I was testing against is different to that running on a private sim/estate.

 

 

 

[Innula Zenovka]

I agree.   The the fact it's system messages being sent as soon as the tp is initiated is very hard to explain other than on the assumption it's LL imposing the IP ban.   I know how RedZone and similar devices work (not that it's any great secret) and the messages, and sequences of events, described here are nothing like what I'd expect to see with any of the IP trackers that I know how to make.

[Marcus Ansia]

Seems to be not?.... But not conclusive either way!

Which still means it's possible that an IP Address Tracker was being used by the owner and not perhaps a LL implemented code change.

It would be very useful if an 'official' LL representative could confirm or deny if they have made such a change in the code.

[Marcus Ansia]

I've often found that just because I don't know how something works, or I am unable to make something myself, it doesn't necessarily mean that someone else doesn't know and can't make it.

 

So, Linden Labs, do you know how this was/is being done and is it something 'YOU' have implemented or not?  I wonder if they will answer???

[Freya Mokusei]

Sorry for the late entry to the thread, research is hard to collate.

These symptoms have been occurring with some frequency since the server code was patched to 'improve effectiveness of estate bans' in version 13.01.25.269523. Further details were difficult to find at the time, but my assumption was that LL were experimenting with IP bans again. Since then, as I say, occurances of alt-account bans have increased (will attempt to add sources to this statement).

Their previous attempts were at the login level, and caused too many false positives. This being at the estate level should be less intrusive, but I'm willing to bet that it's no more accurate. NAT has increased on both public and private networks due to the depletion of IPv4 addresses - this might only get worse for some users.

[Marcus Ansia]

You say you know how to make IP Trackers?   May I ask why you would want to?

[Freya Mokusei]

---

Marcus Ansia wrote:

You say you know how to make IP Trackers?   May I ask why you would want to?

---

Tracking IP is the basic necessity of Web Browsing. Webservers are computers, computers talk to each other using special addresses - otherwise the information you request could end up anywhere. IP tracking is a basic function of all websites, services and data transactions.

It's impossible to operate online and not 'know how to make' IP trackers. Everything to do with developing online systems requires them. They have many purposes such as authority testing/access limitation, visitor identification/geolocation and debugging, maintenance or routing diagnostics. You can go even further with nearby information; backtracing attack profiles or for cyber-defence, browser profiling/performance analytics and traffic measurement/unique visitor counting.

Like every other tool that mankind has invented, they're not evil, ~99.9% of IP information is not mis-used. People using them for the purposes of suppression or control is not limited to Second Life (but it is particularly effective). This effectiveness is what leads people to continue using them - Second Life has a primarily low-tech userbase [since 2008], snake oil sells well and hysteria travels fast, users are defensive and rarely understand how IP information can be misleading. The typically obscured nature of IP within Second Life increases this effectiveness by providing a level of 'secret knowledge' that appears to have value and is rarely defended against.

[Innula Zenovka]

Possibly so, but unless there's a whole section of the LSL section of the wiki I've missed, there's no way for a script to discover your new IP address when you attempt to tp but are blocked because your UUID is on the region ban list, and then to translate that into a temporary ban for your daughter while she's using that IP address.    Which is what you've described.

[Innula Zenovka]

---

Marcus Ansia wrote:

You say you know how to make IP Trackers?   May I ask why you would want to?

---

Because I'm a scripter, I read jiras, and whenever I come across a scripted object I've not encountered before, I automatically start trying to work out roughly how it's made -- not because because I necessarily want to make one, but because I'm interested in scripting. 

At the time of the RedZone affair, there was, in fact, a lot of discussion about how he was detecting IP Addresses because people were trying to think about how best to stop him.   In fact, if you were following some of the more technical discussions here, at SLU and in a couple of blogs, you'd have seen several sample scripts people made to demonstrate what he must have been doing (essentially, exploiting a loophole that had first been reported in the jira by one of the Lindens).

[Marcus Ansia]

Could it be possible there is another loophole that has been discovered and now needs to be closed?

[Marcus Ansia]

If this is a LL implemented code change, then I have no problem whatsoever with them obtaining any information through the use of IP Tracking.  I have already provided them with my full Name, Address and email whne I signed up to using SL.

If, on the other hand, it is a 3rd party sim owner having the same ability to track and obtain personal information about me, such as my real world location from my IP Address, then that is something I do have an issue with.

I have previously explained at the very beginning of thispost, how the person in question wanted me to go to his website and then enter my email address to submit a ticket on this case?  So, if he had (and I say if) my IP Address and potentially my location, he also then wanted my email address too?

[Innula Zenovka]

---

Marcus Ansia wrote:

Could it be possible there is another loophole that has been discovered and now needs to be closed?

---

I don't see how.   There's only a couple of LSL functions that ask your viewer for your IP address, in order to deliver content -- typically streaming music -- direct to your computer.   They need you to be on the same sim as the script.  If you're not in the same sim, they can't see you and don't know anything about you.

From your descriptions of what you and your daughter saw when attempting to TP to the sim, it is clear that everything was happening well before you left the start sim, let alone after you arrived at the destination sim, so none of these functions would be applicable.

 

[Sling Trebuchet]

"If, on the other hand, it is a 3rd party sim owner having the same ability to track and obtain personal information about me, such as my real world location from my IP Address, then that is something I do have an issue with."

Other than LL servers acting as automatic proxy for all third-party-served music and video, there is no way to stop someone discovering  the IP that is connecting you to SL. As long as they have access to the server logs/scripting, they can see IPs.
That would impose a considerable load on LL servers - and a bottleneck on everyone.
They could reduce the load by not proxying for big names like YouTube, etc.

If the knowledge that your IP could be learnt is a problem for you, you could
1) use a VPN ( which is going to cost you something for anything supporting SL-level bandwidth ) to mask your actual IP or
2) disable all music, media and/or use your viewer preferences to deny its requests to access servers that you can't trust.

 

[Sling Trebuchet]

Add to that:

If someone gets you to view a URL in your browser (in-viewer or external browser)  and they have access to that server, they can discover your IP by matching accesses to happeningss inside SL.
Generically, this is the same as them using land/avatar music/media.

For the very cautious, it would be best to live in a SL that is *entirely* served by SL servers.