How Are Griefers Able to Spam Everyone On a Sim?

[Prokofy Neva]

So I have these griefer "bots" impersonating me again and people raising a rumpus thinking it's me, etc. -- perfect form of Kremlin Troll style griefing, eh? And you know I found the Russian language on these prims years ago...

But to get to the generics here:

I note several things about the reports that either the griefer itself makes or people scream at me as they are scolding me for "having a bot"

1. It's not a bot. Bots can't join groups on their own.

2. But how is it able to spam everyone at a concert a message? I realize some third-party illegal viewers and scripts can spoof names, can spam out things, but what sort of function enables one new alt (not a "bot" but just a person pretending to be a bot as a form of social engineering) to spam everyone on a sim a message? 

Wouldn't the Lindens NOT want to have that? Who would? I can't think when anyone would want it? After all, if you are the sim owner, and you need a global message, you can do that yourself on the island control panel?

The "bot" could of course sit and manually IM manually every single person with this nonsense, but that doesn't seem to be what it is doing. It seems to be able to hit quickly and spam everyone.

Or is THAT what is happening? Griefers have invaded the island owner's control panel and can do this now, like they can override bans on islands?

3. How is anyone able to gather all the calling cards -- not names, but calling cards -- of someone on a sim, or in a group, or at some location? 

Because I often get transcripts of calling-card conferences in connection with these fake "bot" attacks -- how are they able to do that?

Again, that's not normal. Why would the Lindens allow that? And more to the point, why can't they stop it?

One way is to add permissions for nonce group conversations like that using calling cards. But what I really want to know is how you can collect calling cards if no one

has actually befriended you? Which a day-old alt wouldn't be able to do in a group.

4. Is there an exploit of groups here? Because it seems to get in groups, get names of people, get calling cards from that group, then create another group-outside-of-a-group when it is ejected and banned and keep bothering people. How?

Remember the topic of this discussion: how to stop illegal exploits, griefers who respawn on alts and engage in abuses, etc.

The topic is not: a) your hatred of capitalism and your belief that I'm a greedy landlord b) your hatred of me as a non-tech person persisting in trying to right the wrongs of SL by raising technical issues; c) your belief that I "deserve" to be griefed because XYZ belief you have about me, capitalism, or anything.

 

Edited February 26, 2018 by Jagix Linden
Posting chatlogs

[Phil Deakins]

17 minutes ago, Prokofy Neva said:

2. But how is it able to spam everyone at a concert a message? I realize some third-party illegal viewers and scripts can spoof names, can spam out things, but what sort of function enables one new alt (not a "bot" but just a person pretending to be a bot as a form of social engineering) to spam everyone on a sim a message? 

It's extremely simple. There's an LSL function that can get the keys of all avatars in a sim - llGetAgentList - and another LSL function to send an IM to an avatar's key.

Edited February 22, 2018 by Phil Deakins

[Callum Meriman]

22 minutes ago, Prokofy Neva said:

1. It's not a bot. Bots can't join groups on their own.

Sure they can.

http://grimore.org/secondlife/scripted_agents/corrade/api/progressive/commands/join

[Prokofy Neva]

@Callum Meriman - that looks like the ability of a bot to issue invitations to others to join the group.

If it isn't, it looks like it is restricted to one group that the bot might join.

And it seems that there are important restrictions set up on this "Corrade"

http://grimore.org/secondlife/scripted_agents/corrade/api/progressive/permissions

But if your claim is true, that means every bot that ever enters a sim would have to scan for all available groups to join. It would always be doing that.

Filling up its 60 slots, then the owner might delete them (it can't itself choose) then it roams around randomly joining again?

I find that hard to believe. If this script added enables a bot to join a group, then what is stopping it from constantly looking for groups to join? I can't believe the Lindens would have calls like that on the server all the time.

Also keep in mind that these griefers aren't bots anyway. It's more a question of how either a real avatar or a scripted agent could go around joining so many groups.

This griefer selects groups to join where it can get maximum griefing -- large groups, groups of fans at concerts, rental groups, and so on.

Obviously the groups have to be open for it to join -- and that's another mystery, as some of these groups seem to require invitations, i.e. rental groups.

 

[Callum Meriman]

19 minutes ago, Prokofy Neva said:

@Callum Meriman - that looks like the ability of a bot to issue invitations to others to join the group.

 

Corrade uses the command invite to invite. Join is to join.

libsecondlife, which corrade descended from, exposes these calls, the griefer won't be using corrade, but will be using something descended from libsecondlife too.

It's trivial.

[Phil Deakins]

27 minutes ago, Prokofy Neva said:

Also keep in mind that these griefers aren't bots anyway.

How do you know?

[Prokofy Neva]

7 hours ago, Callum Meriman said:

Corrade uses the command invite to invite. Join is to join.

libsecondlife, which corrade descended from, exposes these calls, the griefer won't be using corrade, but will be using something descended from libsecondlife too.

It's trivial.

So, you're saying that it is not the Second Life Viewer, the official LL viewer, in conjunction with LSL that a) does this joining and entering of groups and b) does this act of spamming people on a sim, but the third-party libsecondlife or its spawns?

Or are you saying that Corrade is a third-party program that enables bots to function better in SL that Linden allows? It seems the latter. If that's the case, then the Lindens can review whether the Corrade people's enabling of bots to spam people on a sim by collecting their names and spewing spam to them may be something that should be deprecated/throttled/restricted/whatever.

If a third-party griefer viewer, not trivial, because then the Lindens should ban that viewer. And don't get started about how "it is impossible" to ban third-party griefer viewers. Of course it's possible. The Lindens can get even 20% success on this and make a dent. But they'd get more. The point is to have the political will, as they did in facing down Firestorm griefing madness in earlier days, and the rest will follow.

As for the howling that goes up when "creative scripters" are ever challenged (because the Lindens love having the rest of us endure the load test for these experiments, like the spam vehicles on all the roads), I shrug. Sooner or later the Lindens have to rein in their children if they want this platform to be used by business and non-profits.

As for "how do I know they are not bots" because...bots cannot collect friendship cards and make conference calls out of them.

If a bot can go on a sim and join any group that is open and spam in it, you'd still have to explain why it then adjusts its conversation, not as an AI would, but as a human.

It would be helpful to have a list of the functions that bots can perform through LSL, and what they can perform through third-party programming like Corrade (if that's how it is done) so we understand what hath God wrought here. God never thinks of what He wrought in Second Life because he's God. But we can question it because we are mortals affected by it.

Ask yourself if a bot can paste chat from a real-time conversation in a group to me, then offer me friendship requests, then offer me teleports, all forms of griefing. You might be able to show that a bot can be set to perform these functions. But perform all three, with varied conversation? I don't think so.

My guess is that these day-old alts, that don't even wait for the period that LL would have to approve them as scripted agents normally aren't bots, but just call themselves that as a social-engineering that works especially well now due to the Kremlin Trolls  issue in RL.

A feature of Russian bots is that some days they are bots and just spout scripted lines sometimes in hilariously bad English, but the accounts on Twitter can sometimes then be taken over by real humans who then engage in conversations in non-AI ways -- it's the combination of bot and human that works best (there's even a term for that I'm forgetting now).

So again, As for this: There's an LSL function that can get the keys of all avatars in a sim - llGetAgentList - and another LSL function to send an IM to an avatar's key -- given that this form of griefing isn't just common to me, but to many then there may be a way to throttle it, or for the owner of the sim to jam it, either using third-party tools or perhaps even a function the Lindens build into the browser. 

The point isn't just to say "oh, but bots can do that" -- my quest here is to find out the technical matters of what they can and can't do -- but to say "oh, since they can do this, why are we letting them?" No one needs agents to come in a sim and spout spam, whether racists insanities claiming to be "from me," or just some ordinary rentals or merchant spam. 

Of course, the problem with all this is the estate bans are broken and griefers keep exploiting this, something no one ever wants to talk about.

[Love Zhaoying]

Why are you stuck on whether or not it is bots? Aren’t you more concerned with ending the griefing? I’m sure someone will answer your technical questions, but it starts to look like “how can I do this too” since you want all the technical details!

[Prokofy Neva]

I don't think it's bots, because I don't think the Lindens casually let day-old accounts have scripted agent status. They've deleted every single one of these "bots" that appeared in recent months, there are dozens of them. 

It's useful to read the Linden policy on bots, which is a bar on your account page -- you are asked to voluntarily supply this information but I don't know if there is a consequence if you don't. But do note that "there are a few ways" that bots are used that might lead to disciplinary action:

'Scripted Agent' is our term to describe a Second Life account that is operated by a program rather than by a real person. These are often called 'Bots' by residents and are automated avatars that perform specific tasks inworld, generally without any human intervention. There are Bots that manage Land tasks and Bots that model clothing in stores.

If you know that a Second Life account is to be used in this way, as a 'Scripted Agent' or Bot, then we ask that you identify it as such here.

There are a few ways that Bots can be used that are considered a violation of Second Life's Terms of Service (see this article for more details). Identifying this account as a bot allows us to improve the Second Life experience for all Residents (for example, by improving Search results). Failure to identify an account as a Bot could result in disciplinary action if the Bot is then found to be negatively impacting our service or otherwise causing problems.

	Scripted Agent Status	Change
Current Status:	The avatar associated with this account is identified as being controlled by a human. Please select "change" to self-identify your avatar as a scripted agent (sometimes referred to as a "bot").

[Qie Niangao]

I'm not sure how much of this is just terminology. The griefers are almost certainly using some bot program, and those perform both programmed actions and regular user-controlled actions similar to a viewer (although typically not including a graphical world view). The bot can do anything a viewer can do, but much faster under program control. It's possible for the bot program to interact with in-world LSL scripts, similar to the way the Firestorm viewer uses its "LSL bridge", but that's rare.

Griefer bots can appear indistinguishable from a third-party viewer, except by behavior (such as issuing too many group invitations or teleport requests, etc., too quickly). That is, they can "hide" their bot status until they commit their griefing, at which point they'll be banned and need to create a new account, maybe at a different spoofed IP address, and start all over again. (The "scripted agent" status is really how legitimate bots can exclude themselves from traffic calculations, thus avoiding a ban for scamming Search.)

Also, I don't think a "calling-card conference" really relies on calling-cards; that's just a way normal users can interact with graphical viewers to specify which avatars get added to the conference. (It used to be possible to convert a calling-card to the calling-card of any avatar; I'm not sure that still works after they nerfed calling-cards in Viewer 2, but again I don't think a bot would use any of that to set up a conference.)

[Lucia Nightfire]

Said list of people can be reused for every future account created as it is stored on their computer.

This allows idiots to create conference calls with people even in unbordered regions they've never been to or cannot even access during that account's logged in session.

[animats]

21 hours ago, Phil Deakins said:

It's extremely simple. There's an LSL function that can get the keys of all avatars in a sim - llGetAgentList - and another LSL function to send an IM to an avatar's key.

That's throttled, but the throttle level is high: "All object IM's are throttled at a maximum of 2500 per 30mins, per owner, per region in a rolling window. this includes IM's sent after the throttle is in place". Maybe that level should be much lower. Or there should be also be a limit of the number of unique destinations per minute.

New avatars might start out with a limit of maybe 3 destinations in 30 seconds, and that increases with avatar age and/or paid account. It should decrease with the number of people who block that sender.

[bigmoe Whitfield]

we got popped by a bot pretending to be prok lastnight.  dual conference call.   muted and ar'd it.

[Phil Deakins]

6 hours ago, Qie Niangao said:

It's possible for the bot program to interact with in-world LSL scripts,

I've written several bot systems over the years, the newest one being just a few months ago, and they were all hybrids in that they each required both LSL and an external programme based on OpenMV, with the LSL part being the controller.

Edited February 23, 2018 by Phil Deakins

[Phil Deakins]

8 hours ago, Prokofy Neva said:

I don't think it's bots, because I don't think the Lindens casually let day-old accounts have scripted agent status.

A bot doesn't need to be registered as a scripted agent. It's only when a bot spends significant time on land that's set to show in search that it needs to be registered.

To the best of my knowledge, there is no time restriction on registering an account as a scripted agent, but you can know for certain by creating a new account and immediately registering it as a scripted agent.

[Prokofy Neva]

20 hours ago, bigmoe Whitfield said:

we got popped by a bot pretending to be prok lastnight.  dual conference call.   muted and ar'd it.

What is a "dual conference call"? And thanks for ARing *the bot* instead of harassing me.

One thing that numerous people harassing me as bot-victims do is spam me as if they think I need to "see how it feels".

So they send me 100s of landmarks to creepy sex sims. Or they send me bunches of notecards. Or they send me bunches of spam messages.

Edited February 24, 2018 by Prokofy Neva

[Prokofy Neva]

On 2/22/2018 at 9:53 PM, Qie Niangao said:

I'm not sure how much of this is just terminology. The griefers are almost certainly using some bot program, and those perform both programmed actions and regular user-controlled actions similar to a viewer (although typically not including a graphical world view). The bot can do anything a viewer can do, but much faster under program control. It's possible for the bot program to interact with in-world LSL scripts, similar to the way the Firestorm viewer uses its "LSL bridge", but that's rare.

Griefer bots can appear indistinguishable from a third-party viewer, except by behavior (such as issuing too many group invitations or teleport requests, etc., too quickly). That is, they can "hide" their bot status until they commit their griefing, at which point they'll be banned and need to create a new account, maybe at a different spoofed IP address, and start all over again. (The "scripted agent" status is really how legitimate bots can exclude themselves from traffic calculations, thus avoiding a ban for scamming Search.)

Also, I don't think a "calling-card conference" really relies on calling-cards; that's just a way normal users can interact with graphical viewers to specify which avatars get added to the conference. (It used to be possible to convert a calling-card to the calling-card of any avatar; I'm not sure that still works after they nerfed calling-cards in Viewer 2, but again I don't think a bot would use any of that to set up a conference.)

1. Yes, we've established this about the "calling cards". Oh, silly me for living in the past when only calling cards were used, the latest griefers who can "see the script under the cover" now do this. But...say...can you tell me again the GOOD USE CASE for having this ability to spam everyone on a sim without a calling card. I'll wait!

2. If you study all the chat and activities of this bot (on my blog or I will send you) you'll quickly see they really aren't a bot -- or at least they are a bot/human combo.

Example: how would you program a bot to "only once" send a teleport invitation, "Join me in...."

If you were a good user of bots and you needed to do that, let's say on an RP sim or something, your bot would *keep doing that*. It wouldn't do it once. Pro-tip. It wouldn't do it only to known griefer sims and sandboxes LOL.

Sure, maybe you can set a bot to do that once, set it inworld to do that. But then...why? 

[Qie Niangao]

8 hours ago, Prokofy Neva said:

7. A Linden said something a bit cryptic to me about how the ability to conference-call a group of people (on a sim, or by names gathered from a group or just randomly) was "always under the cover". At least I think that was what he means. And what that "under the cover" means *I think* is that you could always see the code for it somewhere on the open-source viewer code. Hey, one more reason not to opensource the viewer in my view but the Lindens have their share-bear ideologies as we know.

They love the fact that people grab code under the cover; remember they even liked the fact that people reversed-engineered their viewer when it was illegal to do so (!).

Again, I may not have understood this under-the-cover jazz so enlighten me. But of course I could point out that most people don't look under the cover. Furthermore, most techs who even know how to code or even know LSL don't go looking for ways they can grab things out of the viewer and then exploit them in some way. Let me add a further refined category: even THE MAJORITY of those in that third category don't do so *so as to grief others*. That means a tiny group exploit "under the cover code" or "more visible code" for that matter and THAT becomes the reason LL "does nothing" -- "because it's a tiny group". You would think they'd apply their all/nothing logic of 99/100 they apply so wrongfully to so many organic situations HERE TOO and say "even that tiny amount is unacceptable, by God, we're going to crush it!" But...they don't. One of the maddening thing about machine-thinkers is that they are selective in their machine-thinking.

Does that mean it should be enabled? No, not if the Lindens don't know how to stop that "tiny group" (maybe not so tiny) that griefs. CAN they stop it? Well, I'm told they are trying to do this. I don't understand why it didn't occur to them "right away" or why "thinking" takes so long but again: tell me the use case where spamming everybody on a sim with an instant conference call not made with friendship calls is an urgently needed and widespread use case. Go ahead, I'll wait.

I think "under the cover" here means much the same as you're interpreting it, but possibly to split hairs: the "cover" of Calling Cards was always merely cosmetic. A Calling Card was never more than a kind of short-hand token for identifying another user, stored in our inventory for handy reference. (That's distinct from Friends, who come with Calling Cards but also have a bunch of permissions properties that affect "presence" notifications, options to edit one another's objects, and all that jazz.) So Calling Cards made a handy way for a user to set up a conference, but only because it was easier for the user than remembering a list of avatar keys to type-in by hand; for a bot, it's easier to jump straight to those avatar keys than to futz around with Calling Cards in inventory.

You're no doubt aware, but apparently I'm fond of hearing myself type, so: bots were around long before the viewer was open sourced. It would have been easier to develop a bot framework with the viewer source to reference, but instead they relied on viewer messaging. That's not to say the viewer was anywhere near ready to open source when they did it (or arguably even now), but a lot of vulnerabilities were already exposed to watchers of that messaging, and the Lab was already engaged in perpetual whack-a-mole against exploits of those vulnerabilities.

So, knowing that conferences can be used as a griefing vector (and understanding that Calling Cards were always merely cosmetic shorthand), shouldn't the Lab do something to constrain the creation and abuse of conferences? Yeah, probably, but there's a practical consideration here, too:

How many accounts are being targeted with this griefing? and (to be cruelly frank) if this specific vector is somehow patched, how much will it matter to the level of griefing those particular accounts will suffer? That is, will it immediately be replaced by another, equally damaging form of griefing that targets exactly the same victims?

If the Lab is tackling this now, that's great, and it's good for all the rest of us who won't be pulled into conferences as ammunition in these griefing attacks.

Why it never occurred to them that this would become a problem, if I were a Linden I'd plead the Zuckerberg/Goldman defense: "What, me worry?"

[Prokofy Neva]

No, Qie. Milk. You had to buy milk, not eggs. MILK.

You haven't supplied the actual use case that is valid for this use of calling cards.

BTW there are no calling cards outside of friendship. You can't get a calling card in your inventory without a friendship action. That you can then add deeper perms for SOME friends doesn't mean that there are "non-friend calling cards".

Don't confuse the ability of bots or actual people with avatars to scoop up NAMES on a sim as distinct from using calling cards in inventory with thinking there are "calling cards outside friendship". There aren't.

That is, I totally understand why you want to do this because you think the code is the same and the bots can see through it like they see through money trees.

The Lindens should contemplate how they have eroded the concept of friendship which was really a good thing.

I'm not at all persuaded that these griefers are actual bots and that's because I remain more curious and demand more facts than many of the scientists here. 

I don't know where you get this idea that this is "only about me" as I'm merely publicizing it as a generic issue and seeking remedies to griefing from it.

Many people hate this and complain about it to those who do it. I get it done to me often WITHOUT griefers involved just by clueless heedless idiots with clubs or whatever. It's like the idiots who conference you on FB, same genre.

The ANNOYANCE of being in conferences that is not griefing is a big issue, you just don't see it because you are preoccupied with other things. If you polled most people in world they'd tell you they hate it and want to stop it, even if they get some use out of it.

The Lindens finally fixed groups to make it possible to keep them open but ban beggers, spammers, and griefers.

And they need to look at this, too, and not "for my sake" because it's an obvious nuisance.

It's hard for the regs on the forums to understand this as they don't log in, don't have activities or friends inworld, and don't experience it. Lindens don't either.

If you want I'll include you in the next stupid one that comes along and you can see what it's like.

Edited February 24, 2018 by Prokofy Neva

[Theresa Tennyson]

29 minutes ago, Prokofy Neva said:

No, Qie. Milk. You had to buy milk, not eggs. MILK.

You haven't supplied the actual use case that is valid for this use of calling cards.

BTW there are no calling cards outside of friendship. You can't get a calling card in your inventory without a friendship action. That you can then add deeper perms for SOME friends doesn't mean that there are "non-friend calling cards".

 

Nope. You can - someone can give you a calling card without being your "friend". I know this is "1/0" thinking, or, as some people consider it, "reality" as opposed to "fantasy."

The ANNOYANCE of being in conferences that is not griefing is a big issue, you just don't see it because you are preoccupied with other things. If you polled most people in world they'd tell you they hate it and want to stop it, even if they get some use out of it.

Or they'd tell you that they use Firestorm's ability to automatically ignore conference chats from non-friends.

 

 

[Qie Niangao]

23 minutes ago, Prokofy Neva said:

BTW there are no calling cards outside of friendship. You can't get a calling card in your inventory without a friendship action. That you can then add deeper perms for SOME friends doesn't mean that there are "non-friend calling cards".

That's incorrect. You've been around long enough that you probably have Calling Cards in your own inventory that don't appear on your Friends list -- I certainly do. But those are harder to come by now than they used to be back when passing out Calling Cards distinct from requesting Friendship was built-in to the viewer. It's still possible to obtain non-Friend calling cards by inventory transfer. (For example, I can embed my own calling card in a Notecard and distribute that to folks and they can copy those into inventory as a regular Calling Card without becoming my Friend.)

Your point is valid about others besides you being targets of Conference abuse. I shouldn't have cast it as such a specific problem, that was wrong.

[Cully Andel]

I've received more than one of these messages where they claim to be you. It was a conference im rather than me being on the same sim. I don't have you or them on my friends list but this is becoming more and more common. I just mute people who do this but I'v often wondered how they do it. 

[Whirly Fizzle]

13 hours ago, Prokofy Neva said:

7. A Linden said something a bit cryptic to me about how the ability to conference-call a group of people (on a sim, or by names gathered from a group or just randomly) was "always under the cover". At least I think that was what he means. And what that "under the cover" means *I think* is that you could always see the code for it somewhere on the open-source viewer code. Hey, one more reason not to opensource the viewer in my view but the Lindens have their share-bear ideologies as we know.

It's not even "under the cover" in the LL viewer since the "improved" CHUI chat feature was added.
The ease of which you can spam conference chats since CHUI has been complained about several times.

Also note you don't need calling cards to do it.

Edited February 24, 2018 by Whirly Fizzle

[bigmoe Whitfield]

13 hours ago, Prokofy Neva said:

What is a "dual conference call"? And thanks for ARing *the bot* instead of harassing me.

One thing that numerous people harassing me as bot-victims do is spam me as if they think I need to "see how it feels".

So they send me 100s of landmarks to creepy sex sims. Or they send me bunches of notecards. Or they send me bunches of spam messages.

opened 2 conferences.  sorry, I could of explained better and I've been around 11 years come this march prok, I can tell when it's not you by now.

[Whirly Fizzle]

4 hours ago, Prokofy Neva said:

BTW there are no calling cards outside of friendship. You can't get a calling card in your inventory without a friendship action. That you can then add deeper perms for SOME friends doesn't mean that there are "non-friend calling cards".

You can create a Calling Card in your inventory for anyone you like, in the LL viewer, Firestorm or any other viewer.

Copy a calling card - your own or any other.
Right click the copied calling card -> Properties.
In the Description box, paste in the target avatar's key/UUID
Voila, now you have a copy of their calling card.

This is NOT a bug - it's just the way that calling cards work - they are rather odd assets.