Messages In Second Life Can Be Seen By 3rd-Parties In Travel

[Sassy Romano]

About the correct application for the job Darrius, I agree with you but my point was to demonstrate to Prok that right now, with the currently supplied LL viewer, Second Life can be used as an end to end transport of encrypted messages that LL CANNOT intercept.

A demonstration exercise.

As for keyloggers (software), they're handy if people use keys for text when the text entry mechanism runs in a security domain accessible to the keylogging code plus they need to get it onto the device in the first place.

Sure there are other methods such as handy USB cables/hubs that you thought you were buying from Amazon but were in fact intercepted in the supply chain and substituted for a nice one with "extra bits" but now we're into the realm of being a threat actor of very significant interest and resource being deployed against.  The object is to not become that threat actor of interest in the first place and sending an email saying "here's my secret key" (attachment) would be the wrong way of doing it.

Point remains, SL can be used as a  transport for data inaccessible to LL and Prok is living in a fantasy world in believing that it cannot be done and should be prevented because it's pretty much near on impossible.

[Darrius Gothly]

---

Sassy Romano wrote:

...[snip]...

... and should be prevented because it's pretty much near on impossible.

---

Any data that can come out of a machine can be made to come out other places too. It's the basic nature of the beast. Computers have zero ability to stop and go "Heyyy . waitasecondhere ... you're not the one I was supposed to give this to!" They do precisely what they're told .. end of story.

As with any data processing system, phones and the secure apps that run on them are just as prone and just as vulnerable to diversion attacks .. as long as you know what to do once that data comes flying out.

So you just need a way to put your code on someone else's machine (phone, computer, car, refrigerator, washing machine, etc.) and a way to deal with the data you capture.

But having said all that, expecting any communications channel to be free from other data outlets is just plain fantasy and wishful thinking. I don't even have to get near you, near Prok, or near anyone else in order to pick off their data stream and use it however I wish.

Maybe you've hit the nail on the head Sassy. Maybe that's why Prok is so hellbent against Geeks like me. I better go back and re-read her last few years worth of private text messages to find out, huh? (giggles)

[irihapeti]

---

Darrius Gothly wrote:

---

Heyyy . waitasecondhere

---

if can wait another second I will say some more stuff (:

+

sometimes i think that bc computer, then we kinda forget how crypto actual works

is whole generations of people now who are pretty good coders and are good at math and can read/write research papers and design/implement algos. And these are all they see

like they go: I can do that. The math this, the math that, my skills this and that. Therefore

+

the people who wrote TrueCrypt for example. Was a quite noble and altrusitic effort. To help the people protect their stuff

is a clever product used by zillions of people, and the devs are great coders for sure and they got into it after they think this and think that. Not only about their coding skills but also their desire to do some altruistic thing

then as they got into it deeper and further they came to see hmmm! Now that we understand a lot more about this crypto stuff them ummm!

the TrueCrypt devs have since abandoned their works and have also told people not to use it

it actual cant do what the devs thought could be done - real time encryption safely and securely under all conditions. Or be made to do it even. No matter how well coded or mathematically robust the algo designs, as they once thought when they started. Is the under all conditions that is the hard part

is the same the Tor network. If use it to hide your porns from your Mum or Dad then ok. Best not to bet your life on it tho

+

how crypto actual works. Example:

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

[Darrius Gothly]

---

irihapeti wrote:

+

how crypto actual works. Example:

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

---

It means "the spare door key is under the doormat" or "Hitler's body is buried in Argentina" or "Boxers, not briefs".

And my NEXT crypto product .. will be named "Argle". Do I owe you commissions? *grin*

[Sassy Romano]

---

irihapeti wrote:

---

the TrueCrypt devs have since abandoned their works and have also told people not to use it

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

---

TrueCrypt never had a code review to accredit it for government grade so nothing more to say there.

Your second point though is completely valid and illustrates another flaw in the reasoning by Prok.  Communicating in clear text is even harder to decipher and guess what Prok, the standard LL viewer allows this.  Horror!!!  What to do about IM's in SL.. BAN THEM ALL I SAY.

(even though the example was encoding not enciphering but that's splitting hairs )

 

[Darrius Gothly]

Man ... there are days when I wish the world was such a simple "Black/White" place as you see Prok. So many of the decisions that haunt my sleepless nights would be dispatched with rapidity and a clear conscience.

Encryption? BAD!

Forced enslavement of Geeks? GOOD!

Doing anything you don't like? BAD!

Blindly accepting your ill-conceived notions? GOOD!

Yeah, life would be SO much simpler if I could just see every situation in such starkly colored shades.

Encryption has many valid and needful uses. It's not just your bank that needs it. What about your health records? What about private discussions between people that cannot be face to face? There are facets of my life that are private to me and I wish not to share with anyone else.

Even you have whined for more privacy. Divulging such things as your RL identity can (and does) qualify as private information not meant to be shared with anyone ... except someone you purposely give it to.

And THAT is the real purpose of Encryption: To ensure the recipients of your message are only those you intend and only readable by them. With encryption, you are sure that you are in control. And control .. I'm gonna guess that's something you DESPERATELY demand and cling to. (Or are you saying you want to cede your control over to someone else?)

But as you correctly point out, there are situations that rise above the basic rights of privacy, that step across the boundaries and impact the rights and lives of innocent others. Should we demand the removal of all encryption just to prevent those situations? Should we entrust the keys to our locks to the Government in hopes that whatever body sits in the chair will also be 100% above reproach and will not ever divulge our secrets? I'm not comfy with that either.

To me, it's a massive gray area that needs serious conversation, a full understanding of what can and does happen, and lots and LOTS of voices speaking their mind and making known their desires.

Or .. we could just let you run it .. and be assured you'd rip encryption from OUR hands because we might be Terrorists. But of course YOU would still have it because you're 100% honest and right every time.

*cough*

[Dresden]

---

Prokofy Neva wrote:

Phoenix was not allowed to be a third-party browser precisely because they advocated encryption that LL couldn't access which they would need to do to run this platform.

---

There's so much wrong with this sentence that it's laughable.

1.  Phoenix isn't a browser... it's a viewer.

2.  It was never "not allowed to be a third-party" viewer... by definition, any viewer not created by LL is a third-party viewer.  And, if you meant that it wasn't allowed on LL's list of approved viewers, you'd be wrong about that as well.

3.  The Phoenix Team never "advocated encryption that LL couldn't access".  OTR (Off The Record) was simply carried over with Emerald code.

While working on the first version of Firestorm, they took a survey about which potential problematic (meaning, drama-inducing) pieces of code users wished to carry over from Phoenix and OTR was one of the features they asked about.  Users did indeed vote for it to be included, so they said they would... eventually.  Ultimately, it proved rather time consuming and they ended up putting it on the back burner, apparently indefinitely.

In the last comment made to the Firestorm OTR Jira (link), Tolya wrote...

---

OTR is not trivial to get right. In particular, enabling secure key exchange without requiring either an external server, doing the exchange where LL (or Dante Tucker's unethical sim owner on OpenSim) can get to the keys, or exposing a user's IP address to the other user, is a nontrivial problem. Phoenix

got it wrong

. I've been given to understand that OTR on SL was cracked within hours of its first appearance.

Doing secure communication wrong is worse than no secure communication at all: it instills a false sense of security while exposing your communications to those from who you wish to keep them secret.

I know Cinder's been working on this for quite a long time. I'm confident she understands the issues involved and how to handle things properly. I'm not going to comment on why she's no longer on the team; that's not relevant to this JIRA - or, indeed, any JIRA.

Once a working,

secure

OTR implementation exists, then you can rest assured that it will be added to Firestorm. We're not proud at all. We'll happily incorporate others' code (with their permission, of course), if it's good code and works as intended.

But with that said...if you don't trust your communications channel, maybe you shouldn't' be using it?

---

And this was posted over a year ago, so you can rest assured that no one will be conducting any unseen, "criminal" activity over IM in SL any time soon.

...Dres

 

[Dresden]

---

Sassy Romano wrote:

Some TPV's used to have end to end encryption but LL banned it as the LL viewer didn't have it and thus it didn't meet the shared experience.

---

This is not so.  I don't believe it was ever banned, but if it was, it wouldn't have been because of shared experience.  Shared experience is about users seeing things the same way in the "world", not in the viewer.

...Dres

[irihapeti]

---

Darrius Gothly wrote:

---

irihapeti wrote:

+

how crypto actual works. Example:

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

---

It means "the spare door key is under the doormat" or "Hitler's body is buried in Argentina" or "Boxers, not briefs".

And my NEXT crypto product .. will be named "Argle". Do I owe you commissions? *grin*

---

sorry!! you had your 3 goes

oh ok then. I give you another go. I give you a clue as well

"the dove coos as the crow hops"

+

ps

sorry you cant have that name. Is the name of a sheep i think. Or maybe a woolly jumper

(:

[irihapeti]

yes. What Tolya said

was broken, was always broken, and will always be broken. Unless independent P2P channel (or some independent webservice channel like Sassy mention) is enabled to pass the start secret bypassing the SL channel altogether

if are going to do this then is no point in sending anything over the SL channel anyways. Might as well just transmit the messages over the independent channel. [ If the objective is to hide what is being said from LL ]

eta [ ]

[Darrius Gothly]

It either means you've been reading Thoreau again, or you've found a Froodle. But since Google doesn't have any overlap for those two phrases .. and I'm a very lazy old man .. that's the best answer I'm hunting down. *grin* (If Uncle Google doesn't know it, it's not worth knowing!)

As for "Argle": Bah! Humbug! (And I think you might mean "argyle")

[irihapeti]

---

Darrius Gothly wrote:

As for "Argle": Bah! Humbug! (And I think you might mean "argyle")

---

there is this sheep right and is in the meadow and is looking at this long long longgg line of empty posts

and it goes: Yyyy YYYYYY Yyyyyyyyyyyy!!!

and the little lamb goes: Mum! we been on yless for a long time now

and the mother sheep goes: Thats not funny dear

and the little lamb goes: sorry! Mum

then the little lamb looks at the other little lamb and they both go: yeyeyeyyeyeyeyyeeye (:

 

[Sassy Romano]

Dres, you are correct.  I had re-aquainted myself with the JIRA you posted some time before you posted it but it remains the case that LL did not ban the feature, that was just fantasy from Prok.

[Dresden]

---

Sassy Romano wrote:

Dres, you are correct.  I had re-aquainted myself with the JIRA you posted some time before you posted it but it remains the case that LL did not ban the feature,

that was just fantasy from Prok

.

---

Which usually goes without saying.

...Dres

[Madelaine McMasters]

---

irihapeti wrote:

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

---

It means "the spare door key is under the doormat" or "Hitler's body is buried in Argentina" or "Boxers, not briefs".

And my NEXT crypto product .. will be named "Argle". Do I owe you commissions? *grin*

---

sorry!! you had your 3 goes

oh ok then. I give you another go. I give you a clue as well

"the dove coos as the crow hops"

+

ps

sorry you cant have that name. Is the name of a sheep i think. Or maybe a woolly jumper

(:

---

I don't know exactly what it all means, but I am now wondering if you live in an aviary, or at least outdoors.

 

[Perrie Juran]

On a side note while we are discussing crptogrophy, Neal Stephenson, who wrote 'Snow Crash', which Phillip Rosedale said was a big inspiration for Second Life, also wrote a novel, 'Cryptonomicon,'  which incorporates cryptography in a big way into its plot.

It's quite a read.  

[AlexLovesHearts]

I hope you are right Karen. I too used a packet sniffer to check this out, otherwise I would have no base for my claims other than that notice in the KB article.

Perhaps it is because I am using an outdated LL viewer released in April, 2015. But chat is indeed un-encrypted in my viewer.



Thanks for testing it out in the newest viewer! Give my thanks to your daughter as well! ^^

[irihapeti]

---

Madelaine McMasters wrote:

---

irihapeti wrote:

"the lark sings in the meadow"

what does this mean ?

is no need really to argle garble this text. Having computer to argle garble it, dont change what crypto actual is

---

It means "the spare door key is under the doormat" or "Hitler's body is buried in Argentina" or "Boxers, not briefs".

And my NEXT crypto product .. will be named "Argle". Do I owe you commissions? *grin*

---

sorry!! you had your 3 goes

oh ok then. I give you another go. I give you a clue as well

"the dove coos as the crow hops"

+

ps

sorry you cant have that name. Is the name of a sheep i think. Or maybe a woolly jumper

(:

---

I don't know exactly what it all means, but I am now wondering if you live in an aviary, or at least outdoors.

 

---

is more a confirmation that when viewing the form of a crypto secure message, the content/meaning of the message is no more or less distinguishable from any other content/meaning

is generally the definition of random applied in this field. No more or less

+

a plus of grammar-ish encoding sets is that they also have potential to misdirect

like if the hunters can be fooled then they might end up chasing a birdwatcher in the rain and cold of bleak wind swept marshes, instead of chasing a guy in flash clothes and even flasher cars in places like Monaco

(:

[KarenMichelle Lane]

---

AlexLovesHearts wrote:

I hope you are right Karen. I too used a packet sniffer to check this out, otherwise I would have no base for my claims other than that notice in the KB article.

 

Perhaps it is because I am using an outdated LL viewer released in April, 2015. But chat is indeed un-encrypted in my viewer.

 

 

Thanks for testing it out in the newest viewer! Give my thanks to your daughter as well! ^^

---

I see that......I'll redo our test on my new Windows 10 Pro install and the latest build of the LL SL viewer.

 

[SirLeighBastard]

---

irihapeti wrote

is the same the Tor network. If use it to hide your porns from your Mum or Dad then ok. Best not to bet your life on it tho

---

I am happy to; the American authorities pretended they had cracked it to break The SIlk Road, but it was actually down to pretty simple traffic analysis from GCHQ after the idiot posted "How do I hide my drug dealing from the police" on an open forum.

***call me when you think LL would have a chance of detecting TOR users

[SirLeighBastard]

---

irihapeti wrote:

sorry you cant have that name. Is the name of a sheep i think. Or maybe a

woolly jumper

---

You are thinking of the hybrid offspring of a kangaroo and a sheep.

***Call it a kabaalamb and make it sound mysterious