Jump to content

Trojan Horse?

LoneWolfiNTj

By LoneWolfiNTj,
in LSL Scripting

 Share
You are about to reply to a thread that has been inactive for 971 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

LoneWolfiNTj

LoneWolfiNTj

Posted
Posted

I was in a shop in Sansara today looking at clothes, etc, in CasperVends, when I was startled to see the following:

image.thumb.png.86235e5f1857d78076cf80e63c70e880.png

I've been in Second Life for about 8 years, so my Inventory is cluttered with dozens of "freebies" and "gifts" and "objects of unknown origin", with Vishnu knows what scripts embedded in them (I've never thought to investigate... until now). Which brings up several questions to my mind:

  1. Is it possible for LSL scripts in objects in Inventory to be actively running? Or can scripts actively run only when they're rezzed or attached?
  2. Is it possible for an object in Second Life to do that things claimed in that ad?
  3. How can I best protect myself against malicious scripts in objects in my possession?

 

Link to comment
Share on other sites
LoneWolfiNTj

LoneWolfiNTj

Posted
  • Author
Posted (edited)
14 minutes ago, sandi Mexicola said:

Scripts can only run when they are rezzed or attached.

Looks to me like most, or all, of the things claimed in the add are possible, as long as the "target" is wearing an item with that script in it.  

Ok, then I suppose I only have to worry about items I'm carrying around with me attached to my avatar. And I only carry a limited amount of stuff: My avatar itself (shape, skin, hair, eyes), the clothing I'm wearing, a hat, a necklace, 2 HUDs, and a radio. So if those are not infected with trojan horses, then I presume I should be safe.

I'm going to be a bit more vigilant from now on regarding carrying objects with scripts, esp no-mod scripts from 3rd parties, after seeing that startling ad.

Edited by LoneWolfiNTj
form -> from
  • Like 1
Link to comment
Share on other sites
Quistess Alpha

Quistess Alpha

Posted
Posted
Quote

Remote Monitoring

Remotely monitoring inworld conversations (text or voice chat) without the knowledge or consent of all parties involved is a violation of the Terms of Service. If you feel recording a conversation is necessary, post a clearly-visible sign in the recording location so that all Residents who enter can see it.

http://wiki.secondlife.com/wiki/Linden_Lab_Official:Residents'_privacy_rights

  • Like 1
  • Thanks 4
Link to comment
Share on other sites
bobsknief Orsini

bobsknief Orsini

Posted
Posted

In regards to chat, only local chat. IM's cant be monitored.
Easiest way to check is probably just check the name and creator of the script in your object.
If you generally buy or get your stuff from stores its extremely unlikely that it contains a Trojan (why should it). When someone sends you something directly the probability starts.
 

  • Like 1
Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted
3 hours ago, bobsknief Orsini said:

If you generally buy or get your stuff from stores its extremely unlikely that it contains a Trojan (why should it).

Because sooner or later some manufacturers are going to want to try and emulate the Google method of monitoring what you say to try and predict what you'll buy.

 

  • Like 1
Link to comment
Share on other sites
Xiija

Xiija

Posted
Posted

i'm guessing some items you get have a piece of code that sends your UUID to

an offworld DB, and adds you to an inworld mailing list etc ... hmmm i always wondered why i get

spam offers from people i never met lol.

  • Like 1
Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted
37 minutes ago, Xiija said:

i'm guessing some items you get have a piece of code that sends your UUID to

an offworld DB, and adds you to an inworld mailing list etc ... hmmm i always wondered why i get

spam offers from people i never met lol.

You don't suspect some of the <3-month old bots popping into parcels for 20 second might also be harvesting UUIDS of avatars present?

Link to comment
Share on other sites
Coffee Pancake

Coffee Pancake

Posted
Posted
4 hours ago, Profaitchikenz Haiku said:

Because sooner or later some manufacturers are going to want to try and emulate the Google method of monitoring what you say to try and predict what you'll buy.

Please connect the dots between an SL dress hearing local chat, predicting what I'm going to buy, and then actually profiting from that information.

3 minutes ago, Profaitchikenz Haiku said:

You don't suspect some of the <3-month old bots popping into parcels for 20 second might also be harvesting UUIDS of avatars present?

To what end?

 

  • Like 1
Link to comment
Share on other sites
bobsknief Orsini

bobsknief Orsini

Posted
Posted
4 hours ago, Profaitchikenz Haiku said:

Because sooner or later some manufacturers are going to want to try and emulate the Google method of monitoring what you say to try and predict what you'll buy.

 

Possible but still extremely unlikely. Its a lot easier and more cost effective to just buy some advertisement on social media platforms that already do this.

Link to comment
Share on other sites
LoneWolfiNTj

LoneWolfiNTj

Posted
  • Author
Posted
11 hours ago, Quistess Alpha said:

Remotely monitoring inworld conversations (text or voice chat) without the knowledge or consent of all parties involved is a violation of the Terms of Service.

Ah, well, in that case that "Grid tracker" product being sold by "RS, MS & Co, LLC" located at Bear(36, 29, 106) in southern Sansara, is illegal. I went back there, right-clicked the vending machine, selected "Report", and filed a report on it. Hopefully something will be done.

Link to comment
Share on other sites
Clarity Toxx

Clarity Toxx

Posted
Posted (edited)
On 10/3/2021 at 8:09 AM, Profaitchikenz Haiku said:

You don't suspect some of the <3-month old bots popping into parcels for 20 second might also be harvesting UUIDS of avatars present?

They're gathering a heck of a lot more than that, but even so, I consider them harmless in my sim as I imagine the worst they can do with the data is compiling market statistics on things like how many people are using which meshbody, or perhaps more accurate / interesting traffic statistics for virtual real estate purposes. Or maybe something much more nefarious! I have no idea.

That said, on the topic of this thread, funnily enough I came across these products just this morning - I don't think it's against TOS to sell them, but to any that would use them, i'd say good luck defending it. LL seems to be pretty cut and dry about chat logging.

Edited by Clarity Toxx
Link to comment
Share on other sites
Profaitchikenz Haiku

Profaitchikenz Haiku

Posted
Posted
6 minutes ago, Clarity Toxx said:

imagine the worst they can do with the data is compiling market statistics on things like how many people are using which meshbody,

This is probably what they're doing. Wulfie posted a script a few months back that could list all attachments on an avatar, and in the time I see then arrive to departure there's plenty of time for them to do this. Knowing who's wearing what is the sort of information clothiers could find useful, why make versions fo your clothes for xyz if only 5% of the population wear that body? Similarly, you could compile a list of which clothes are available for which bodies could then lead to metrics showing whats popularr on such and such a body but not around for another type of body, so there's an opportunity...

Link to comment
Share on other sites
Ardy Lay

Ardy Lay

Posted
Posted
52 minutes ago, Profaitchikenz Haiku said:

This is probably what they're doing. Wulfie posted a script a few months back that could list all attachments on an avatar, and in the time I see then arrive to departure there's plenty of time for them to do this. Knowing who's wearing what is the sort of information clothiers could find useful, why make versions fo your clothes for xyz if only 5% of the population wear that body? Similarly, you could compile a list of which clothes are available for which bodies could then lead to metrics showing whats popularr on such and such a body but not around for another type of body, so there's an opportunity...

Is this part of why creators do not allow us to rename their products after we purchase them?

  • Like 1
Link to comment
Share on other sites
Lucia Nightfire

Lucia Nightfire

Posted
Posted
1 hour ago, Ardy Lay said:

Is this part of why creators do not allow us to rename their products after we purchase them?

No, that is just a facet of no-mod in general, which creators use to cite everything under the sun from protecting artistic expression to deterring heavy work load on CSR's having to deal with people that break their content.

Personification, though, is a common thing in the mod community and it does obfuscate what product someone is wearing, which could hinder someone's efforts in finding said product, especially if they don't bother asking the wearer what they're wearing nor whom/where they got it from.

Link to comment
Share on other sites
Lucia Nightfire

Lucia Nightfire

Posted
Posted
1 hour ago, Profaitchikenz Haiku said:

I suppose I could try this as a conversation starter - "Hello, where do you get your underwear from ?" might be a step up from "How R U ?"

I actually had a friend once that would intentionally obfuscate the names of EVERYTHING they wore in hopes that it would prevent someone else from wanting to create the same outfit.

I've encountered, far more times than I can count, people who've titled their attachments with their name in possessive format ("Lucy's Head") and those who've retitled things are part of a cosplay or themed outfit.

All of these things are not uncommon in the mod community.

Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 971 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...