Jump to content
Red2Blaze

Is SL chat now secure from 3rd party?

Recommended Posts

So I found this post back from 2015: 

Seeing that now I am in a public internet area (study) I got some what scared on that, they have a study filed for "hacking" and stuff so I fear someone may be looking over the network, and make things a little akwared for me later on :/

So wanted to ask if anyone knows if this was ever "fixed" or something, or is my IM and chat yet completely exposed to 3rd party's?

 

Share this post


Link to post
Share on other sites
38 minutes ago, Red2Blaze said:

So I found this post back from 2015: 

Seeing that now I am in a public internet area (study) I got some what scared on that, they have a study filed for "hacking" and stuff so I fear someone may be looking over the network, and make things a little akwared for me later on :/

So wanted to ask if anyone knows if this was ever "fixed" or something, or is my IM and chat yet completely exposed to 3rd party's?

 

If you're on public Wi-Fi or network, seeing your SL chat is the least of your worries. If they can see that, they can likely browse your system folders, I would imagine.

Edited by Alyona Su
  • Like 1
  • Haha 1

Share this post


Link to post
Share on other sites
4 minutes ago, Alyona Su said:

If you're on public Wi-Fi or network, seeing your SL chat is the least of your worries. If they can see that, they can likely browse your system folders, I would imagine.

Not from my understanding

Point is Second Life sends are chats on the network as text, when we talk on here on the forums for example the little lock up in the address of the site area means that its secure so when its sent from my PC to the servers, and then to you, its all secured and encrypted so someone on my network cant really see it they see some mambo jambo they need to find a way to read making it really hard for them

But when its sent as test anyone on the network can "grab it" from it and read it, as its not encrypted they don't have to do any work on it or anything they can just go out and read it (you can see someone showing that on the second page of the post I linked)

Beside that I think it may even be possible for them to change the text messages so they can maybe even send stuff like we said them, or make it look like someone sent us something they did not but that is only a guess on my side of things

Share this post


Link to post
Share on other sites

Yes and no.

Yes, if you have some sort of malware or a hacker on your network, they can certainly spy on your network activities, or on a public network such as starbucks WiFi. Anyone can use wireshark to see network communications if they have promiscuous mode enabled on the modem. However they are much more interested in banking details than Second Life conversations.

No, officially, only Linden Lab is able to see conversations and even then, it is a very few Lindens who have signed a special agreement who are allowed to investigate such conversations. Don't worry, they don't spy on you for fun. Only for abuse report reasons.

Edited by Chaser Zaks
  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
49 minutes ago, Red2Blaze said:

So I found this post back from 2015: 

Seeing that now I am in a public internet area (study) I got some what scared on that, they have a study filed for "hacking" and stuff so I fear someone may be looking over the network, and make things a little akwared for me later on :/

So wanted to ask if anyone knows if this was ever "fixed" or something, or is my IM and chat yet completely exposed to 3rd party's?

 

 

LOL

Don't sext over sl in a public area then.

  • Haha 2

Share this post


Link to post
Share on other sites
5 minutes ago, Chaser Zaks said:

Yes and no.

Yes, if you have some sort of malware or a hacker on your network, they can certainly spy on your network activities, or on a public network such as starbucks WiFi. Anyone can use wireshark to see network communications if they have promiscuous mode enabled on the modem. However they are much more interested in banking details than Second Life conversations.

No, officially, only Linden Lab is able to see conversations and even then, it is a very few Lindens who have signed a special agreement who are allowed to investigate such conversations. Don't worry, they don't spy on you for fun. Only for abuse report reasons.

I am aware they can be more interested in that, and I don't fear that much that type of stuff, yet all the same I prefer it if SL will do what seem to be pretty logical and secure the chats from client to server

And like I said my reason is that where I am at is a University, part of it is guys doing "Cyber" stuff... so I do find it likely they will be looking around just for the fun of it

And if my name comes up there...

I don't think its a huge work or anything on Linden side to do it, and I think its something that should be there what ever the case is, there is no real reason not to do it

But beside that i mostly wonder if something changed from 2015 or not

And from your message do I need to understand then that means nothing changed yet? :/

3 minutes ago, purrrkitten said:

 

LOL

Don't sext over sl in a public area then.

I try to keep my RP realistic, as in what is possible in the frame of the world is possible in my RP, and can happen

So at times sexting is out of my control

 

Besides.... even with out sexting that is one reason for me, i honestly prefer my chats even more IM's to remain private :D

 

Share this post


Link to post
Share on other sites
1 minute ago, Red2Blaze said:

I try to keep my RP realistic, as in what is possible in the frame of the world is possible in my RP, and can happen

So at times sexting is out of my control

 

Besides.... even with out sexting that is one reason for me, i honestly prefer my chats even more IM's to remain private :D

 

Well if you're worried about your school monitoring what you're doing and reading your sexts, don't sext at school.

 

lol

 

That's what this is really about.

  • Haha 1

Share this post


Link to post
Share on other sites
Just now, Red2Blaze said:

I am aware they can be more interested in that, and I don't fear that much that type of stuff, yet all the same I prefer it if SL will do what seem to be pretty logical and secure the chats from client to server

And like I said my reason is that where I am at is a University, part of it is guys doing "Cyber" stuff... so I do find it likely they will be looking around just for the fun of it

And if my name comes up there...

I don't think its a huge work or anything on Linden side to do it, and I think its something that should be there what ever the case is, there is no real reason not to do it

But beside that i mostly wonder if something changed from 2015 or not

And from your message do I need to understand then that means nothing changed yet? :/

I try to keep my RP realistic, as in what is possible in the frame of the world is possible in my RP, and can happen

So at times sexting is out of my control

 

Besides.... even with out sexting that is one reason for me, i honestly prefer my chats even more IM's to remain private :D

 

If you are worried about people spying on you at a university, you can always use VPN.

This will encrypt network traffic even though SL's network traffic is unencrypted(Aside from login which contains the password hash, that's encrypted!).

  • Thanks 1

Share this post


Link to post
Share on other sites
6 minutes ago, purrrkitten said:

 

Well if you're worried about your school monitoring what you're doing and reading your sexts, don't sext at school.

 

lol

 

That's what this is really about.

Not completely, its mostly about simply not wanting something that is suppose to be private to be unprivate

Beside that its not the university I fear :D

6 minutes ago, Chaser Zaks said:

If you are worried about people spying on you at a university, you can always use VPN.

This will encrypt network traffic even though SL's network traffic is unencrypted(Aside from login which contains the password hash, that's encrypted!).

mmm... ya that is an option I was thinking about, but that means slow network on top of the slow network i got and that also means I need to pay every mouth....

Share this post


Link to post
Share on other sites
27 minutes ago, Red2Blaze said:

Point is Second Life sends are chats on the network as text,

I understand the "network sniffing" thing - sure, plain text. But they can catch everything else, too. My point is if they are able to sniff your connection then chances are they have ways to at least *try* cracking into you. My comment was a simplified rhetorical word of caution, that's all; my point being SL chat ain't all that unless you're chatting your bank account passwords and stuff in it. :)

  • Like 2

Share this post


Link to post
Share on other sites
10 minutes ago, Alyona Su said:

I understand the "network sniffing" thing - sure, plain text. But they can catch everything else, too. My point is if they are able to sniff your connection then chances are they have ways to at least *try* cracking into you. My comment was a simplified rhetorical word of caution, that's all; my point being SL chat ain't all that unless you're chatting your bank account passwords and stuff in it. :)

But I don’t want anyone sniffing my pixel sx!

  • Haha 1

Share this post


Link to post
Share on other sites
28 minutes ago, Alyona Su said:

I understand the "network sniffing" thing - sure, plain text. But they can catch everything else, too. My point is if they are able to sniff your connection then chances are they have ways to at least *try* cracking into you. My comment was a simplified rhetorical word of caution, that's all; my point being SL chat ain't all that unless you're chatting your bank account passwords and stuff in it. :)

Well sure then can try, but this is my main way to have internet now so stuck with it, and on any case il have that danger, but its better if what can be secure and should be secure will be secured

17 minutes ago, Love Zhaoying said:

But I don’t want anyone sniffing my pixel sx!

I don't think they cant have your pixel sx, only your text in it

So if you do it silently they cant hear it, and I don't think they can see it

Share this post


Link to post
Share on other sites

@Red2Blaze You know, I am curious: when has LL ever said or written that anything in SL is supposed to be "secure"? Serious question, not trying to be snarky. Because as this subject percolates in my mind it kind of nags me that I can't think of any statement from anyone at LL saying (much less promising) that anything in SL or connection to SL is secure in any way in term of user privacy, other than their own policies.

And then I was thinking, perhaps LL chats *are* secure from user to user inside SL (it all happens inside their system, right?) - BUT, even if it is secure, unless your network connection is encrypted (between your computer and your router) then anything that is secure is still in the open as if goes from your computer to your router and vice-versa. I always understood that's how the sniffing thing works.

I suppose it's just a long way to say that I don't believe anyone has a reasonable expectation of "privacy" when using SL. LL can look at everything you say and do any time. :)

And for anyone: this comment is really just me thinking aloud and throwing it up (BARF!) as food for thought. (Iknow: EEEW!)

  • Thanks 1

Share this post


Link to post
Share on other sites
40 minutes ago, Alyona Su said:

And for anyone: this comment is really just me thinking aloud and throwing it up (BARF!) as food for thought. (Iknow: EEEW!)

Two words: chat logs.

  • Confused 1

Share this post


Link to post
Share on other sites
43 minutes ago, Alyona Su said:

I don't believe anyone has a reasonable expectation of "privacy" when using SL

Nothing on the internet is ever truly secure.  Just like real world locks, any encryption is just there to make it inconvenient for people to steal your stuff.  Every lock can be broken; some easier than others.  It's the same with digital locks.

  • Like 1

Share this post


Link to post
Share on other sites
32 minutes ago, Alyona Su said:

@Red2Blaze You know, I am curious: when has LL ever said or written that anything in SL is supposed to be "secure"? Serious question, not trying to be snarky. Because as this subject percolates in my mind it kind of nags me that I can't think of any statement from anyone at LL saying (much less promising) that anything in SL or connection to SL is secure in any way in term of user privacy, other than their own policies.

And then I was thinking, perhaps LL chats *are* secure from user to user inside SL (it all happens inside their system, right?) - BUT, even if it is secure, unless your network connection is encrypted (between your computer and your router) then anything that is secure is still in the open as if goes from your computer to your router and vice-versa. I always understood that's how the sniffing thing works.

I suppose it's just a long way to say that I don't believe anyone has a reasonable expectation of "privacy" when using SL. LL can look at everything you say and do any time. :)

And for anyone: this comment is really just me thinking aloud and throwing it up (BARF!) as food for thought. (Iknow: EEEW!)

Well I think this some what show it:

http://wiki.secondlife.com/wiki/Linden_Lab_Official:Technical_overview_of_Second_Life_security

 

From what I heard Linden Lab don't allow the sharing of IM messages with out both sides consent (beside where its necessary like in case of scams) as in for example I am not allowed to just copy an IM I had with someone and post it

Yet they leave it open for anyone to sniff it

 

I am sure someone else here can give better then me knowledge about it but from what I understand someone can always sniff the data, even if its secure, thing is if its secure with the the key they will have some hard time reading it, like you will have when trying to pass a door

On the other hand when the door is simply open... its a lot easier for someone to get in

 

Over all I think on the same network its easier to sniff but its not like no one cant sniff stuff also outside of of the area you are in, even on the internet on its way

Over all I do think that most SL residents just assume that IM is secure, I did not even think that it will simply be open to read till I just by chance found that post and was honestly surprised

 

It may be something small but I believe privacy should just be a thing even more when we talking about what I think is very little work and very little cost on there side to run it

4 minutes ago, Love Zhaoying said:

Two words: chat logs.

I personally do not understand how that related to what was quoted XD

1 minute ago, Bitsy Buccaneer said:

Sex, however and wherever it happens, should NEVER be out of your control.

I guess I don't really mean completely out of my control, but in a way it is, as its in the end safe, nothing too bad can happen I think that cant be reversed in a virtual world

Share this post


Link to post
Share on other sites
1 minute ago, Rhonda Huntress said:

Nothing on the internet is ever truly secure.  Just like real world locks, any encryption is just there to make it inconvenient for people to steal your stuff.  Every lock can be broken; some easier than others.  It's the same with digital locks.

Guess that mean my idea was close to what is there XD

Honestly put this comment mostly to say LOVE that animation on the avatar picture ?

  • Thanks 1

Share this post


Link to post
Share on other sites

Yeah, regarding the sharing of chat logs and IMs ... Linden Lab's policies are only enforceable within Second Life and their web services (such as this forum) - they cannot truly apply their policies anywhere else. 

  • Like 2

Share this post


Link to post
Share on other sites
3 hours ago, Red2Blaze said:

So wanted to ask if anyone knows if this was ever "fixed" or something, or is my IM and chat yet completely exposed to 3rd party's?

It's my understanding that chat is still unencrypted UDP and able to be seen by everyone who can tap into a router between you and the Lab. This includes at a minimum: the Chinese, the Russians, Mossad, and the all of the Five Eye Countries.

Edited by Callum Meriman
  • Like 1
  • Sad 1

Share this post


Link to post
Share on other sites

Excellent. I can now plausibly deny anything I've ever said in SL!

"I didn't call you that. Someone intercepted my text and replaced my words!"

  • Haha 3

Share this post


Link to post
Share on other sites
3 minutes ago, Bree Giffen said:

Excellent. I can now absolutely admit everything I've ever said in SL!

"Yes, I did call you that. So what about it!?"

 

Works here, too.

  • Haha 3

Share this post


Link to post
Share on other sites
1 hour ago, Rhonda Huntress said:

I know a UDP joke.
You might not get it and I really won't care.

That is a 5 Linden dollars penalty fine into the bad nerd joke fund. ;)

 

  • Thanks 1
  • Confused 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...