New Feature: Scripted Agent Estate Access Discussion

[Love Zhaoying]

1 hour ago, xDancingStarx said:

1 hour ago, Love Zhaoying said:

Any data that "Scripted Agents" send to external servers via llHttpRequest() can supposedly be "checked" by Linden Lab. Because the outbound HTTP calls must be going through LL's "proxy servers".

I sincerely hope that people have been using HTTPS and this of course in itself clarifies that nothing can be checked by proxy servers.

The LSL call "llHTTPRequest()" is processed by Linden Lab's software BEFORE it goes out via HTTPS.

Therefore, Linden Lab COULD if they want to, or if they need to, scan the outbound data before it hits their proxy servers, or on their servers before they create the outbound HTTPS request.

Man, I hate trying to explain things.  I just need to stop replying - it's nothing personal - believe me!  I just get frustrated trying to explain things that I "know" but am not "conversant" with (do not have the proper words for).

[Scylla Rhiadra]

5 minutes ago, Ceka Cianci said:

This was a concern of mine.. What is to stop someone just wanting data for outside reasons to get stats in this world with unregistered bot?  Someone could do it and not even need a presence or interest in this world other than information for say a college project or what ever reason really..

Maybe another world getting stats or just someone that wants to stay underground..  I think if we look at it as just users here as the only ones with bot armies, then we might be seeing only the trees and not the forest..

We'll find out soon enough if they stop showing up I guess..

Just guessing on maybe why there could be more is all..hehehe

 

Another concern that I've had ever since we learned about the existence of that really large and comprehensive database-that-I'm-not-sure-if-we-can-name-or-not-anymore is data security. Based on what was just visible on that web site early on, there is a lot of potentially sensitive information stored there.

It wouldn't the first time an SL-related database was hacked and released into the wild.

[xDancingStarx]

34 minutes ago, Rolig Loon said:

Right.  Thanks to the way the data are hashed and compressed, you can't undo the process.

Sorry but I can't leave it at this if there is different information out there. I have already posted a reference where it was said that hashing is considered pseudonymisation. Here is another one:

"Hashing functions are not reversible. Hashing performs a one-way transformation on a password, turning the password into another string, called the hashed password. “One-way” means that it is practically impossible to go the other way – to turn the hashed password back into the original password.Hashing functions are not reversible. Hashing performs a one-way transformation on a password, turning the password into another string, called the hashed password. “One-way” means that it is practically impossible to go the other way – to turn the hashed password back into the original password."

[...]
"Under the European General Data Protection Regulation (GDPR), hashed passwords are categorized as personal information."
https://healthcare.agio.com/newsroom/hashed-passwords-are-personal-information-under-u-s-law/

 

[Ceka Cianci]

24 minutes ago, Scylla Rhiadra said:

Another concern that I've had ever since we learned about the existence of that really large and comprehensive database-that-I'm-not-sure-if-we-can-name-or-not-anymore is data security. Based on what was just visible on that web site early on, there is a lot of potentially sensitive information stored there.

It wouldn't the first time an SL-related database was hacked and released into the wild.

Myself I wasn't too worried about that kind of stuff for myself..But I can understand people having concerns about their profiles and other information and things like that showing up there..

I stress when I say Myself, because I keep myself as far as inworld things separated from myself.. I have it to where i only speak in the moment about my real self..

I really worry about people that don't realize that profiles are something that you really have to be careful with what goes on them.. That plus the linking of someones RL to their SL..

I also worry about media on a prim and other things where you can be connected outside..

i worry about the official viewer having everything turned on by default and new users having to opt out and maybe not knowing that  for a good while or never..

Since RZ I always felt the need to keep those links cut, plus try to inform as many as i can about the holes that can link those together.. Especially with new users..

I worry about all those that walk through this world so sure footed..

I remember when I was newer and almost putting lots of RL things on my profile and also did a lot of sharing of RL things.. But since RZ and all i learned, I cut all ties and put up a wall..

So I really don't worry about them gathering my things, but I can understand  other people and their concerns.. Even though sometimes it may come off as I don't.. hehehe

 

 

 

Edited April 1, 2023 by Ceka Cianci

[Love Zhaoying]

21 minutes ago, Scylla Rhiadra said:

Another concern that I've had ever since we learned about the existence of that really large and comprehensive database-that-I'm-not-sure-if-we-can-name-or-not-anymore is data security. Based on what was just visible on that web site early on, there is a lot of potentially sensitive information stored there.

It wouldn't the first time an SL-related database was hacked and released into the wild.

In the spirit of, "not everyone on the other side of the argument is bad":

Most people are not aware that there are "good hackers" (often referred to as "white hat" hackers). (In addition, the term "hacker" originally just meant "programmer"..)

Anyway, there is a theory that: if a "white hat hacker" either "steals" our Second Life data "because they can" and to prove it is possible, AND if they alert Linden Lab to the method / exploit used, they are performing a "service". There are actually professionals in IT Security who are paid to do this.

Anyway, it is not outside the "realm of possibility" that some "white hat hackers" create Second Life bots, take data, and let Linden Lab know so that the security issues can be fixed/resolved.

One main difference is, that a "white hat hacker" would not actually publish the data (on a website, whether for free or for sale). Nor would they demand or ask any payment for revealing the method they used. (Unless they were hired to do this in the first place.)

I explain all this partly because, 1) we don't know what's going on with the bots, and 2) I've seen Forum posts where people did not know about and/or denied the existence of "good hackers".

[Love Zhaoying]

39 minutes ago, xDancingStarx said:

Sorry but I can't leave it at this if there is different information out there. I have already posted a reference where it was said that hashing is considered pseudonymisation. Here is another one:

"Hashing functions are not reversible. Hashing performs a one-way transformation on a password, turning the password into another string, called the hashed password. “One-way” means that it is practically impossible to go the other way – to turn the hashed password back into the original password.Hashing functions are not reversible. Hashing performs a one-way transformation on a password, turning the password into another string, called the hashed password. “One-way” means that it is practically impossible to go the other way – to turn the hashed password back into the original password."

[...]
"Under the European General Data Protection Regulation (GDPR), hashed passwords are categorized as personal information."
https://healthcare.agio.com/newsroom/hashed-passwords-are-personal-information-under-u-s-law/

 

We are not meaning the same thing by "hashing" here, as I explained. So, either you are right, or the terminology is preventing us from understanding each other.

[Silent Mistwalker]

46 minutes ago, Scylla Rhiadra said:

Another concern that I've had ever since we learned about the existence of that really large and comprehensive database-that-I'm-not-sure-if-we-can-name-or-not-anymore is data security. Based on what was just visible on that web site early on, there is a lot of potentially sensitive information stored there.

It wouldn't the first time an SL-related database was hacked and released into the wild.

If I'm not mistaken the RZ DB was hacked on three (or more) separate occasions. Each time it was released into the wild except for that last one I know about. It never got released because LL finally permanently banned the whole shebang.

I vaguely recall other DBs being hacked and released but RZ is the one that had the most impact on me so I remember it and the fear.

[Soft Linden]

1 hour ago, xDancingStarx said:

This is not true according to my knowledge and information, though.

"In comparison, in the context of the European GDPR, the Article 29 Working Party[6] considered hashing to be a technique for pseudonymization that “reduces the linkability of a dataset with the original identity of a data subject” and thus “is a useful security measure,” but is “not a method of anonymisation.”[7] In other words, from the perspective of the Article 29 Working Party, while hashing might be a useful security technique, it is not sufficient to convert personal data into deidentified data."

https://www.gtlaw-dataprivacydish.com/2021/03/what-is-hashing-and-does-it-help-avoid-the-obligations-imposed-by-the-new-privacy-regulations/

 

There's a trick that some sites use if they want to determine whether a given IP address is seen for the first time in a given sample period, but where they also want to preserve user anonymity:

1. Hash the IP address (could also be an agent ID in this case)

2. Keep only the last 3-4 hex digits of the hash for 4,096 or 65,536 possible values

If the truncated hash matches a previously stored hash, the site knows that the user *probably* visited, but they don't know for certain. There's the tiny possibility of a collision; a collision is when two different input values produce the same output value.

However, if a bad actor got a hold of the list of hashes, 3-4 hex digits doesn't begin to tell them the actual IP addresses. If we assume IPv4 with 4 billion values, even the 4-digit truncated hash points to an average of 65,536 possible IPs per truncated hash result.

If you apply this to something like a script that tallies unique visitors each day, if you hash the agent IDs and kept only 3 hex digits, the chances of collision would be very low for even a busy region, and each hash result would point to over 17,000 possible accounts. 4 hex digits would have a near zero error rate, and each hash result would still point to over 1,000 possible accounts.

[Sparkle Bunny]

15 hours ago, xDancingStarx said:

So you're saying that someone who wants to run a bot (who you are scared of may be a bad actor) and has to decide between a) not registering it and getting it potentially banned after x days and b) registering it to have the recent restrictions apply plus additionally to pay money for it is going to opt for 2)? And those people who opt for 2 they better think about what they do? I have a really hard time following that train of thought.

I'm saying that somebody who refuses to pay for scripted agent status would automatically be a bad actor. So anything that's a roaming bot without that status gets dealt with like any other griefer, along with all its alts. And yes, if you've paid for your bot of course you're going to use it more responsibly than someone rolling a dozen free alts a day (in part because the new restrictions will force you to.)

It's not a perfect solution by any means, but hey, it'd bring in a little bit of extra cash for the Lab and make it much easier for residents to distinguish between reputable users and random trolls.

[WereBeast Alpha]

For anyone who has it enabled this is my current traffic on my RP sim. Whereas before I was getting over 200 a day. Since enabling the bot traffic ban my traffic level has dropped. 

 

[Rolig Loon]

11 minutes ago, Soft Linden said:

There's a trick that some sites use if they want to determine whether a given IP address is seen for the first time in a given sample period, but where they also want to preserve user anonymity:

1. Hash the IP address (could also be an agent ID in this case)

2. Keep only the last 3-4 hex digits of the hash for 4,096 or 65,536 possible values

If the truncated hash matches a previously stored hash, the site knows that the user *probably* visited, but they don't know for certain. There's the tiny possibility of a collision; a collision is when two different input values produce the same output value.

Exactly.  And that's the way Becky Pippin formulated the problem and the way my own greeter is scripted.  It is not merely hashed.  The original UUID is truncated, so hashing is only applied to a 7-character string from the original UUID.  It's enough to create a final hashed string that has a very low probability of being non-unique (certainly low enough for use in a greeter) and cannot ever be reversed to determine the original UUID.  That's why in my posts here this morning I have said not merely "hashed" but "hashed and compressed".

Edited April 1, 2023 by Rolig Loon
Additional information

[Scylla Rhiadra]

3 minutes ago, WereBeast Alpha said:

For anyone who has it enabled this is my current traffic on my RP sim. Whereas before I was getting over 200 a day. Since enabling the bot traffic ban my traffic level has dropped. 

 

Wow. That's quite the difference!

[Love Zhaoying]

7 minutes ago, Soft Linden said:

There's a trick that some sites use if they want to determine whether a given IP address is seen for the first time in a given sample period, but where they also want to preserve user anonymity:

1. Hash the IP address (could also be an agent ID in this case)

2. Keep only the last 3-4 hex digits of the hash for 4,096 or 65,536 possible values

If the truncated hash matches a previously stored hash, the site knows that the user *probably* visited, but they don't know for certain. There's the tiny possibility of a collision; a collision is when two different input values produce the same output value.

However, if a bad actor got a hold of the list of hashes, 3-4 hex digits doesn't begin to tell them the actual IP addresses. If we assume IPv4 with 4 billion values, even the 4-digit truncated hash points to an average of 65,536 possible IPs per truncated hash result.

If you apply this to something like a script that tallies unique visitors each day, if you hash the agent IDs and kept only 3 hex digits, the chances of collision would be very low for even a busy region, and each hash result would point to over 17,000 possible accounts. 4 hex digits would have a near zero error rate, and each hash result would still point to over 1,000 possible accounts.

I think the question has come up: does doing this hash, and saving it externally, comply with the GDPR? I assume "yes",

[Love Zhaoying]

7 minutes ago, Sparkle Bunny said:

I'm saying that somebody who refuses to pay for scripted agent status would automatically be a bad actor. So anything that's a roaming bot without that status gets dealt with like any other griefer, along with all its alts. And yes, if you've paid for your bot of course you're going to use it more responsibly than someone rolling a dozen free alts a day (in part because the new restrictions will force you to.)

It's not a perfect solution by any means, but hey, it'd bring in a little bit of extra cash for the Lab and make it much easier for residents to distinguish between reputable users and random trolls.

It sounds better when you say it!!

[Love Zhaoying]

6 minutes ago, WereBeast Alpha said:

For anyone who has it enabled this is my current traffic on my RP sim. Whereas before I was getting over 200 a day. Since enabling the bot traffic ban my traffic level has dropped. 

 

Are you OK / happy with that traffic drop, or did the increased traffic help draw non-bots to your RP region?

[WereBeast Alpha]

1 minute ago, Love Zhaoying said:

Are you OK / happy with that traffic drop, or did the increased traffic help draw non-bots to your RP region?

I am happy with it because I now know those visiting were not real people its hard to determine because I do get some people who explore the sim and ask me questions. I have been getting visitors before with people coming around. 

Edited April 1, 2023 by WereBeast Alpha
added info

[Jennifer Boyle]

On 3/30/2023 at 11:52 PM, Scylla Rhiadra said:

This is such a very odd perspective, Jennifer.

Why do you say "few"?

Look at this thread. Or at the, what, ten or so previous ones on the subject of bots. The number of residents who are concerned and/or mad about bots is much larger than those defending them. On Twitter, the number of those complaining about bots and who are now vocally cheering these changes, outnumbers those who think the status quo was better by a factor of probably 10 to 1.

Being more numerous doesn't make those of us who had objections to the data scraping and bot proliferation "right," but it really does make pretty nonsensical your suggestion that a "few" are ruining it all for the "many." Where are the voices of this apparently mythical "community at large," this "silent majority"? I hear a few of them here, a few on Twitter -- but it's not the volume of those opposed to them that is drowning them out, it's the sheer numbers.

I also don't understand why you need to characterize people's concerns as "whining." You can surely disagree with people without reductively dismissing those concerns as mere "whining," even if you don't think they have any merit.

I don't think it's "whining" to want to have control over who gets to enter your land. In any other context, we -- and I'm sure you -- would take issue with the suggestion that landowners should be compelled to have visitors they don't want. Why are bots special exceptions to the "my land, my rules" approach that is almost axiomatic here?

Nor do I think being concerned about who has access to our data, for manipulation, aggregation, analysis, and publication off-grid, unreasonable.

Your enjoyment of lists of "popular attachments" or "busy regions" doesn't trump literally everyone else's right to restrict access to their land, and to their data.

The number of people who have commented in the forums is miniscule compared with number of people who use SL. As I type this, there are 45,307 residents logged on. What proportion of them have voiced concerns, let alone objections? Generally, people who are upset about something tend to be more vocal than people who don't care, and I think that that is the case here. It is at least arguable that the vast majority of SL users, who are busy enjoying their virtual lives instead of posting here, don't care what information is collected about their avatars or what is done with it. Why don't they? Because avatars are not real; they are fictional characters. Would I be concerned if information about account owners, who are actual human beings, were being collected and published by a third party? You bet I would, because account owners are real human beings.

[Ceka Cianci]

12 minutes ago, WereBeast Alpha said:

For anyone who has it enabled this is my current traffic on my RP sim. Whereas before I was getting over 200 a day. Since enabling the bot traffic ban my traffic level has dropped. 

 

 

[Soft Linden]

11 minutes ago, Love Zhaoying said:

I think the question has come up: does doing this hash, and saving it externally, comply with the GDPR? I assume "yes",

 

 

Since we're talking about global privacy laws and not Linden ToS, you'd need to consult with a privacy attorney to get a definitive yes. Sadly, that's the nature of most laws. It's easy to find out if you're in violation, but hard to get certainty about being in the clear. The people who spend a decade learning every edge case and caveat want compensation for that.

Certainly, nobody at Linden Lab would flag it as a poor practice, though. That level of attention to user privacy is commendable.

[Soft Linden]

29 minutes ago, WereBeast Alpha said:

For anyone who has it enabled this is my current traffic on my RP sim. Whereas before I was getting over 200 a day. Since enabling the bot traffic ban my traffic level has dropped. 

 

 

You're sure it's not a coincidence? Scripted agents aren't supposed to contribute to traffic.

Or are people not TPing in because they don't see someone on the map, where they saw a bot or two as green dots before?

[Ceka Cianci]

I looked at my traffic, which i have a linden home.. My traffic say's 555.

I'm wondering if that's for the whole sim rather than just my lot?

I mean it could be possible because the space ships are there today and people flying over and hovering and looking at them.. But I wouldn't think that would be my daily traffic..

[Scylla Rhiadra]

27 minutes ago, Jennifer Boyle said:

The number of people who have commented in the forums is miniscule compared with number of people who use SL. As I type this, there are 45,307 residents logged on. What proportion of them have voiced concerns, let alone objections? Generally, people who are upset about something tend to be more vocal than people who don't care, and I think that that is the case here. It is at least arguable that the vast majority of SL users, who are busy enjoying their virtual lives instead of posting here, don't care what information is collected about their avatars or what is done with it. Why don't they? Because avatars are not real; they are fictional characters. Would I be concerned if information about account owners, who are actual human beings, were being collected and published by a third party? You bet I would, because account owners are real human beings.

While it is true that the forums are a relatively small and probably unrepresentative sampling of the SL community as a whole, the furor against bots in recent months has by no means been confined to here. It's in-world, where there have been notecards circulating, and actual groups dedicated to banning bots created. It's on social media -- quite markedly on SL Twitter and SL Facebook, and even on Flickr. You could see it too within the creative and business community, which opted out almost en masse from having their MP takings published online -- I think I heard that some 40% of the merchants there had opted out at one point, and the gaps in their rankings, where store names had been redacted, was very noticeable.

Possibly even more to the point, however, the abuse of bots for data collection and other things represented a serious concern regardless of how many residents knew or cared about it. LL recognized that policies needed to be reviewed and tightened proactively to prevent major issues in the future -- and that's what they've done.

To suggest that LL has undertaken all of this work because of the "whining" of an unrepresentative small sampling of people on the forums is silly, and doesn't give them enough credit.

On another note, I'm sorry to hear that you don't think that I'm a "real person." Or perhaps I should be more sorry for those with whom you interact.

I have spent more than 14 years in SL, making friends, some of them very close friends or, in the past, even lovers. I have integrated myself into communities here, and created others. I possess a wealth of experiences and memories here that I can assure you are very real, and very very meaningful. I don't RP myself here: I am most emphatically not a fictional character, however you may view yourself.

And for that reason, protecting my privacy and my reputation here matters a very great deal to me. I do understand that there are some who treat their own avatars as mere cyphers or throw-aways, and who perhaps interact with others as though there were little more than NPCs. I think you'll find that those are the exceptions in SL: most of us care about our lives and our identities here too.

[Love Zhaoying]

1 minute ago, Scylla Rhiadra said:

While it is true that the forums are a relatively small and probably unrepresentative sampling of the SL community as a whole,

We are tiny, but we are mighty! Rawr!

 

[EliseAnne85]

8 minutes ago, Scylla Rhiadra said:

I have integrated myself into communities here, and created others. I possess a wealth of experiences and memories here that I can assure you are very real, and very very meaningful

Yep, me too.  SL is an extension of me, a real person, even though I am a child-like domestic cat in SL.  My best friend in SL is also a domestic child-like cat in SL.  She sent me the picture below.  The picture is saying come down the road of SL with me.  *tears up*  There are parts of our real being we are sharing here in SL.  What I share with her offline in any other social media or website should be up to us.  

[Prokofy Neva]

2 hours ago, Scylla Rhiadra said:

Another concern that I've had ever since we learned about the existence of that really large and comprehensive database-that-I'm-not-sure-if-we-can-name-or-not-anymore is data security. Based on what was just visible on that web site early on, there is a lot of potentially sensitive information stored there.

It wouldn't the first time an SL-related database was hacked and released into the wild.

I think it's important to note that in 20 years, SL itself has not been hacked significantly. There has been data that resident griefer groups or rather anti-griefer groups collected which fell into "the Wrong Hands," as one hacker group was called, but it was not a hack of LL.  I recall only one time there was some kind of hack that didn't get user data. I think that's an impressive record and tribute to both very skilled programmers who have come from the top companies of the world to work for the experimental Lab and also a tribute to a very early commitment by founder Philip Rosedale and his colleagues not to collect and exploit user data. If you are pitched an ad for something while flying around SL it's because a user is spamming you, not the Lab.

Even so, there's something afoot here I don't fully understand with these latest scandals involving first a technolibertarian approach (allowing everything because it's "creative"), then a technocommunist approach (banning everything in a blanket manner with prescriptive language).

I guess it's helpful to remember that unless you yourself link your RL and SL data (or, as I have found, more rarely, you have enemies who are really persistent and obsessive about gathering clues left online to link them), your privacy as an avatar will not be outed nor your identity as a RL person exploited for financial gain.

And that's more than you can say about Facebook, Google, Twitter -- all the big dogs. 

Edited April 1, 2023 by Prokofy Neva