Jump to content
  • 0
StephanSwitch

Adding another Login function

Question

Greetings everryone!

I'm in need of some help understanding if a modification of a viewer is allowed or not.

What I want to do is this:

I take an existing viewer and add another login function.
The user can still login with username / password combo just as usual.

If there's a special password file, the viewer takes the hashed password from there and uses it for the login mechanic.
That's the only change to the viewer.

Am I allowed to do this and distribute the viewer?
 

Regards, Steph

 

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 4

I'm not a part of the governance or legal team, so I can't give guidance on what unconventional means may be allowed. I can tell you some things that caused a problem with XtremRLV, however.

A user must not share SL login credentials with a third party. XtremRLV had users send a "key" to the XtremRLV owner to end lockout, and this revealed the user's cleartext password to the XtremRLV operator. The user and the operator both violated the ToS here.

A user's email address has to be up to date and under the sole control of the SL account owner. XtremRLV changed the user's email address in order to thwart password resets. This rendered the user unreachable. This placed users in violation of the ToS.

A user must be able to log into our support and billing sites with the use of a standard web browser. XtremRLV's obfuscated password caused a problem here, making use of the XtremRLV tool a violation of the ToS.

A user must not be prevented from using the regular SL viewer without any external dependencies. This is often necessary for troubleshooting, such as inventory recovery issues. Again here, use of the XtremRLV tool violated the ToS.

 

I fully appreciate some users' desire to experiment with the experience of a deep power exchange in Second Life. But there are very real legal and business obstacles that simply prevent us from allowing users to be partially locked out of their accounts without fundamental changes to the Second Life service. I don't believe that you can do what you intend without some or all of the above being a problem once again.

I would instead encourage you to focus on ways of detecting the breach of RLV limitations. Scripts in in-world objects can detect when users are online. Scripts in attachments can detect whether they are attached to an avatar with RLV enabled. Script these in-world objects to expect "check-in" communication from the attached objects whenever a user is online. If attachments fail to check in or check in with a warning about RLV being disabled then you will have a clear signal that cheating has occurred. This should be enough to help with enforcement. You could probably even standardize this and build a market around the in-world objects and the collar plugins that work with them. You would be able to build on this with no viewer changes whatsoever.

  • Like 1
  • Thanks 6

Share this post


Link to post
Share on other sites
  • 1
2 hours ago, StephanSwitch said:

Obviously, the aim is to hide the password, so the user can't login with the default SL Viewer

According to Soft, this would violate the TOS...

On 4/3/2018 at 8:57 PM, Soft Linden said:

A user must not be prevented from using the regular SL viewer without any external dependencies. This is often necessary for troubleshooting, such as inventory recovery issues. Again here, use of the XtremRLV tool violated the ToS.

Do you have the viewer changes & the Tampermonkey script up on Github yet?
Maybe Soft or another Linden can take a look at it & advise you on whether it would violate the TOS or not.

Also remember if you are planning to distribute your fork of the RestrainedLoveViewer , you will need to rebrand it.

 

  • Like 2

Share this post


Link to post
Share on other sites
  • 0

Read https://secondlife.com/corporate/tpv.php  .  If you have any questions, I suggest asking your attorney and Linden Lab directly.  Do not rely on any advice that you may get from other residents, even among the experienced volunteers here.  We are not lawyers.

Share this post


Link to post
Share on other sites
  • 0

Rolig is correct (as usual).  But I'm curious...what is it that you are attempting to accomplish, Stephan?  If this is intended to make the login process more secure, that's great.  But how is it more secure than just leaving "remember my password" unchecked?

Share this post


Link to post
Share on other sites
  • 0
27 minutes ago, Lindal Kidd said:

Rolig is correct (as usual).  But I'm curious...what is it that you are attempting to accomplish, Stephan?  If this is intended to make the login process more secure, that's great.  But how is it more secure than just leaving "remember my password" unchecked?

In my opinion, checking “remember my password” does essentially what the OP suggests!

Share this post


Link to post
Share on other sites
  • 0
57 minutes ago, Love Zhaoying said:

In my opinion, checking “remember my password” does essentially what the OP suggests!

I will do this with some sites, but never ever for the SL viewer.  It makes it way too easy for anyone else using your computer to get access to your account.

Share this post


Link to post
Share on other sites
  • 0
9 minutes ago, Whirly Fizzle said:

I guess this is the reason?
https://my.secondlife.com/stephanswitch/picks/9930015e-0219-2d0c-b079-9b95e2c8cb97

You should check with Linden Lab.
The XtremRLV debacle ended up with the banhammer being swung & LL making a blog post:

 

The excellent Whirly Fizzle Figgers It Out Again.  I remember that "XtremRLV" now.  For those of you reading this and wondering:

  • RLV is a legitimate third party viewer.  Its purpose is to allow you to delegate a lot of control over your Second Life experience to another person.  While using RLV, another person can teleport you to them, restrict your IMs, restrict what you see, dress or undress you, animate your avatar, and many other things.  It is used mainly for BDSM roleplay.
  • RLV functions are contained in many other popular third party viewers, like Firestorm.  They are not part of the standard Linden Lab viewer.
  • For some people, RLV wasn't enough, because a person could disable it simply by changing their user preferences and then re-logging.  So, a clever person created "XtremRLV", which basically allowed you to surrender control to another person irrevocably

In case anyone is wondering, in my view doing this is a Very Dumb Idea.

  • Like 3
  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0

Thanks for all your answers!

First I have to point out, that the only change to the viewer (that's under TOS of Linden) is reading a password from a special file, so I think this is correct:

On 3.4.2018 at 7:14 PM, Love Zhaoying said:

In my opinion, checking “remember my password” does essentially what the OP suggests!

 

Obviously, the aim is to hide the password, so the user can't login with the default SL Viewer right away, but still, no deal with the viewer itself.

On 3.4.2018 at 8:13 PM, Whirly Fizzle said:

I guess this is the reason?
https://my.secondlife.com/stephanswitch/picks/9930015e-0219-2d0c-b079-9b95e2c8cb97

You should check with Linden Lab.
The XtremRLV debacle ended up with the banhammer being swung & LL making a blog post:

 

Regarding this comment and the password trouble I wanna do it like this (Remember, nothing to do with the viewer, its a second step and can be done manually or with a javascript):

The actual password will be encrypted, and split into two parts, data and key.
Restoring the key is no problem, it just needs the two pieces of data.
The user will be free to choose what to do with those two pieces.
If the user decides to hold both parts, there's no problem at all I think.

 

To summarize:
The viewer will not do any changes ever to the user's account.

 

 

Share this post


Link to post
Share on other sites
  • 0

Stephan, I don't think it matters that you aren't making a change to "the viewer itself".  You are proposing to use a third party tool to restrict, control, or transfer a person's ability to access their SL account.  LL has already clearly said that this is contrary to their policy.  Don't do it, man.  Invent a Zombie Apocalypse version of Bloodlines instead.  That way you will only have thousands of residents annoyed with you.  Your proposal would anger the LL gods, a much more perilous situation.

  • Like 4

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×