Jump to content

New Feature: Scripted Agent Estate Access Discussion


You are about to reply to a thread that has been inactive for 442 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Just now, M Peccable said:

 sending SL back into the dark ages by making you answer a question in a menu box that for each place you visit that has a security system or visitor tracker.

No thanks.

You mean like the pop-ups one almost always gets on web sites now advising you about their use of cookies, and asking you to opt in or out?

Yes please.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

2 minutes ago, bunboxmomo said:

From what I understand, they made efforts to try and reach out and explain this and resolve concerns, but past a certain point an assumption of threat acts as a filter to anything they tried to say.

Since you're such an expert on BB, can I take it you also understand that their decision to use a bunch of alts to get previous threads on this topic derailed and shut down made it extremely difficult to assume good faith on your their part?

Or is that purely the fault of everyone else assuming the worst when they come across an obvious sockpuppet?

  • Like 1
  • Haha 1
Link to comment
Share on other sites

Do I need to get explicit consent from my alts in order to track their online status?  I have an inworld device that emails me whenever any of my accounts log in.  I'd like to stay on the right side of the law (and the right side of morality) on that.

 

 

 

:SwingingFriends:

 

Sorry, sometimes all the serious stuff needs a laugh thrown in.

  • Like 3
  • Haha 2
Link to comment
Share on other sites

8 minutes ago, Scylla Rhiadra said:

I know of at least one bot-driven data collection operation that does exactly this -- and is transparent enough to say so on the project web page.

Under GDPR, encrypted personal data is still personal data.
So this isn't nesecarily an example of a workable solution.

GDPR cares more if data has been anonymised, as far as I'm aware.

  • Like 1
Link to comment
Share on other sites

4 minutes ago, Scylla Rhiadra said:

You mean like the pop-ups one almost always gets on web sites now advising you about their use of cookies, and asking you to opt in or out?

Yes please.

Hopefully you won't get what you wish for.

We will have to agree to disagree on this one. Those constant menu boxes (which you will constantly get since if you don't opt-in, it can't remember your choice like a web site does) would drive most people battier than bots do.

Edited by M Peccable
  • Like 1
Link to comment
Share on other sites

5 minutes ago, Sparkle Bunny said:

Since you're such an expert on BB, can I take it you also understand that their decision to use a bunch of alts to get previous threads on this topic derailed and shut down made it extremely difficult to assume good faith on your their part?

Or is that purely the fault of everyone else assuming the worst when they come across an obvious sockpuppet?

"Everyone I don't like is BonnieBots"
Oooooooooookay.

Inquisitor Sparkle out to expose me for techno-heresy of not having a problem with bot networks.
Spicy.

Edited by bunboxmomo
  • Like 2
  • Haha 1
Link to comment
Share on other sites

1 minute ago, M Peccable said:

sending SL back into the dark ages

This is really what can be at stake here. Many people here will know the limitations of LSL and how fun it is to work with. I would go this far and say that making it hard or impossible to offload work to servers outside of SL can be an even existential risk for SL. As a whole. Because it will make scripting and coding even less attractive than it already is, it will slow down innovations and business. Having services rely on LSL alone can really badly backfire.

  • Like 2
Link to comment
Share on other sites

21 minutes ago, bunboxmomo said:

I don't think it's fair to blame others for people's anxious concerns.

"This is new and scary and I don't like" while totally valid, is the responsibility of the person with that response, not the person who triggered it.

When I use the term anxious, I don't mean that in a put down sense, just as in the proper term of a triggered and sustained alarm response.

From what I understand, they made efforts to try and reach out and explain this and resolve concerns, but past a certain point an assumption of threat acts as a filter to anything they tried to say.

You are perfectly valid to have your opinions of them and their operation, but it's not fair to blame them for your own fears, discomfort and worries about it when that was fueled by speculation. That doesn't make your point invalid, its just dont displace that onto others.

I got into an argument with someone who sounded much like this on Twitter today. It sounds frankly rather condescending, to be honest. In that particular instance, when I explained what that particular web site (the one we still maybe can't name) was initially displaying -- information that circumvented LL's privacy controls, logged in status, last log-in (via the API), account level, etc. -- he actually agreed with me that it was egregious.

I am not about to speak for everyone who has spoken out on this subject, but I don't think the response to the publication of that kind of information on the open web was the product of irrational fear. I think the concerns were valid.

Yes, there are lots of legitimate uses for bots. Yes, they do invaluable service, sometimes.

But this particular little crisis was brought on by the abuse of the system. Look at that graphic about bot activity you yourself posted .Notice anything around February that might, just possibly, explain why people started to get upset?

graph-bot-activity-cohorts.png

  • Like 3
Link to comment
Share on other sites

2 minutes ago, Scylla Rhiadra said:

I got into an argument with someone who sounded much like this on Twitter today. It sounds frankly rather condescending, to be honest. In that particular instance, when I explained what that particular web site (the one we still maybe can't name) was initially displaying -- information that circumvented LL's privacy controls, logged in status, last log-in (via the API), account level, etc. -- he actually agreed with me that it was egregious.

I am not about to speak for everyone who has spoken out on this subject, but I don't think the response to the publication of that kind of information on the open web was the product of irrational fear. I think the concerns were valid.

Yes, there are lots of legitimate uses for bots. Yes, they do invaluable service, sometimes.

But this particular little crisis was brought on by the abuse of the system. Look at that graphic about bot activity you yourself posted .Notice anything around February that might, just possibly, explain why people started to get upset?

graph-bot-activity-cohorts.png

That might have actually been us, and I do still agree.

But I am still saying while I understand people's fears about it, its not fair to displace that onto other people.
I'm not saying that as a putdown or dismissal of those concerns, I'm saying its important to recognise they are one's own concerns, instead of vilifying people for it.

Essentially it isn't fair to asume ill intent and prescribe malice onto a third party, to justify a concern. The concern doesn't need to be justified, it is already valid without having to do that to a person.

Edited by bunboxmomo
  • Like 2
Link to comment
Share on other sites

5 minutes ago, bunboxmomo said:

Under GDPR, encrypted personal data is still personal data.
So this isn't nesecarily an example of a workable solution.

GDPR cares more if data has been anonymised, as far as I'm aware.

This site in particular was only using UUIDs to ensure they weren't replicating results -- which was an instance of what Quistess had mentioned. The UUIDs weren't associated with any data, as such.

Link to comment
Share on other sites

1 minute ago, bunboxmomo said:

"Everyone I don't like is BonnieBots"
Oooooooooookay.

So, you just happen to express yourself in a way that's identical to the gang you're defending and showed up on this thread out of nowhere entirely by chance.

Oooooooookay.

  • Like 2
Link to comment
Share on other sites

1 minute ago, Sparkle Bunny said:

So, you just happen to express yourself in a way that's identical to the gang you're defending and showed up on this thread out of nowhere entirely by chance.

Oooooooookay.

Sparkle, this is a thread announcing a significant change to decades old policy and operation of Scripted agents in Second Life, and I'm a scripter.

Yes of course I came out of nowhere, this is the first time I've actually been interested enough in the topic to actually read the forums.

Don't assume ill intent like that, come on.

  • Like 2
Link to comment
Share on other sites

15 minutes ago, M Peccable said:

Neither is an acceptable answer without losing a lot of capabilities (scripts don't store large amounts of data very well), drastically increasing server load, and/or sending SL back into the dark ages by making you answer a question in a menu box that for each place you visit that has a security system or visitor tracker.

No thanks.

Linkset Data now lets you store 64K, soon to be 128K per object. Not everyone needs to store megabytes of memory.

  • Like 1
Link to comment
Share on other sites

1 minute ago, bunboxmomo said:

That might have actually been us, and I do still agree.

But I am still saying while I understand people's fears about it, its not fair to displace that onto other people.
I'm not saying that as a putdown or dismissal of those concerns, I'm saying its important to recognise they are one's own concerns, instead of vilifying people for it.

No, ours was a separate and shorter (if somewhat similar) exchange.

We can agree, I'm sure, that neither name-calling or an irrational hatred all things bot is called for or rational. But I'll say again -- this was brought on by a particularly egregious misuse of them: if you really want to lay blame, lay it there.

I never really thought that BB was "malicious" or dangerous. But I do think that their methods might have been applied by those who were. And that's why what came down yesterday from LL is so important: not because it deals with that one particular site (which is pretty tame now), but to prevent worse from subsequently following its lead.

  • Like 3
Link to comment
Share on other sites

3 minutes ago, Sparkle Bunny said:

So, you just happen to express yourself in a way that's identical to the gang you're defending and showed up on this thread out of nowhere entirely by chance.

Oooooooookay.

Sparkle, I know this resident from Twitter, and I can confirm that they are not associated with BB. (Unless they've been hiding it very well!)

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

28 minutes ago, M Peccable said:

I would like to know more about how implied consent works, but it seems that if the type of explicit consent required to avoid all of this can be put in the TOS that everyone has to agree to, then it would clear up a lot of ambiguity and risk.

You imply that explicit consent would give data rights to third parties..unless I misunderstand. That would not fly. Only LL itself (who needs the data to do business with me) should get explicit consent via the TOS. If there is "publicly available data" involved, sure - that's implicit. 

Edited by Love Zhaoying
  • Like 1
Link to comment
Share on other sites

16 minutes ago, M Peccable said:

(scripts don't store large amounts of data very well)

That's true, but now with LSD a scripted object can hold at least 2500 UUIDs.  If they're hashed, you can push that number. Currently, the limit is 64KiB, but if LL lifts the capacity to 128KiB, that means you should be able to store at least 5000 UUIDs locally in persistent storage.  And, of course, you could stack up a mess of prims to make the in-world equivalent of a server bank. All of this reduces the need to shove some classes of survey data off world at all.

  • Like 4
Link to comment
Share on other sites

1 minute ago, Love Zhaoying said:

You imply that explicit consent would give data rights to third parties..unless I misunderstand. That would not fly. Only to LL itself (who needs the data to do business with me) should get explicit consent via the TOS. 

No, not third parties. You are giving consent to the objects and activities inside SL that may record your user name and UUID in order to allow SL to offer the best experience possible. Then also make it clear that it is only the name and UUID they are consenting to, not their RL information.

Link to comment
Share on other sites

1 minute ago, Love Zhaoying said:

The biggest thing I've learned from this thread, is how much people misunderstand the privacy issues and concerns.

I hope that they will be inspired to learn more about the topics, socialize the information with others, and use what they learn in their products. 

I'm certainly am going to be taking Soft's advice about a disclaimer on phone home or data transmit functions. I think that's actually a good policy. None of my scripts do that in production stage, but my pre-release public alphas and public betas of stuff does, but I already add a disclaimer for those.

It was the headers on httprequest that was the "uh-oh" for me.

Edited by bunboxmomo
  • Like 1
  • Thanks 1
Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 442 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...