Jump to content

Spying and Security?


Recommended Posts

So I was told recently that it is possible for someone to read our personal IMs. At first I thought it was “bull” but then they explained that all chat is on channels like a CB and all they have to do is find the channel my IM is taking place on and they can read it. Does anyone know if this is true?

  • Haha 4
Link to comment
Share on other sites

No, IM's do not work that way and it is not true.

LL do have access to your IMs but nobody else in Second Life does by listening to channels.

That's the basics of it. However absolutely nothing in Second Life is encrypted and your messages (normal channels or IM) are sent in cleartext, anyone snooping on your internet traffic can read them and if there's packet capturing happening on an ISP or state level (very common these days) every single thing you say has the potential to be analyzed and even stored if the rumours in some countries are to be believed, it's completely feasible. It's not something the average person can do however.

 

 

Edited by AmeliaJ08
  • Like 4
  • Confused 1
Link to comment
Share on other sites

7 hours ago, Paul Hexem said:

Can't be done.

And if it can, the people that can do it have banks to hack and governments to extort, they don't care about you.

A lot of things are hacked through social engineering and what better way then to tap into somebody's IM's in the hope that they'll see a clue that might help with hacking into something more lucrative.

Link to comment
Share on other sites

Improbable, but more possible than you might think.

SL Chat is unencrypted. It is sent over the wires in plain text.

Your IP is not directly broadcast but can be socially engineered out of you. (View this media on a prim, listen to that DJ...), although performing such a man in the middle takes a motivated individual who's willing to put a lot of effort into this.

Your govt/ISP have easy access to the conversations due to lack of encryption and they are controlling the infrastructure. You can VPN out to another part of the world, it'll just mean a different govt/ISP will see the unencrypted data.

 

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

2 hours ago, Arielle Popstar said:

A lot of things are hacked through social engineering and what better way then to tap into somebody's IM's in the hope that they'll see a clue that might help with hacking into something more lucrative.

You're reaching. 

2 hours ago, Extrude Ragu said:

although performing such a man in the middle takes a motivated individual who's willing to put a lot of effort into this.

"Possible" like getting struck by lightning while bitten by a shark in a swimming pool is possible.

Link to comment
Share on other sites

9 hours ago, Paul Hexem said:

Can't be done.

And if it can, the people that can do it have banks to hack and governments to extort, they don't care about you.

They'll never get me lucky charms!

  • Like 1
Link to comment
Share on other sites

7 minutes ago, Paul Hexem said:

You're reaching. 

"Possible" like getting struck by lightning while bitten by a shark in a swimming pool is possible.

And you're minimizing. Even if it is not a hacker in the middle attack, there is also the possibility, however remote, of the IM logs being AI'ed for potential passwords etc. Lets hope they are kept very secure until they are deleted. 

there-are-two-types-of-companies-in-the-

  • Haha 1
Link to comment
Share on other sites

Why not just go all the way? There’s nothing truly private on the internet.
One of my friends won’t learn how to use a throwaway CC number so she can get her groceries delivered either.

But she’s always complaining about the grocery store. 🙄

IMG_8114.jpeg

  • Like 1
Link to comment
Share on other sites

On 6/30/2024 at 1:01 PM, AmeliaJ08 said:

No, IM's do not work that way and it is not true.

LL do have access to your IMs but nobody else in Second Life does by listening to channels.

That's the basics of it. However absolutely nothing in Second Life is encrypted and your messages (normal channels or IM) are sent in cleartext, anyone snooping on your internet traffic can read them and if there's packet capturing happening on an ISP or state level (very common these days) every single thing you say has the potential to be analyzed and even stored if the rumours in some countries are to be believed, it's completely feasible. It's not something the average person can do however.

 

 

They can if you wear something RLV and give permissions

  • Haha 2
  • Confused 1
Link to comment
Share on other sites

Posted (edited)
18 minutes ago, Liaa Nova said:

They can if you wear something RLV and give permissions

RLV cannot read IM chat.  That would be against the ToS.  It can block your IMs.  It can relay LOCAL chat, however.  I believe it only relays one side of the Local chat.

Edited by Rowan Amore
  • Like 6
Link to comment
Share on other sites

Posted (edited)

Just take a moment to think through what it would take to accomplish this.

You send an IM  >>>>>>>>>>>>>>>>>>>It goes to SL's Chat Servers. >>>>>>>>>>>>>>The Chat Servers send it to the recipient.

A: They would have needed to find a way to sniff your connection to the Servers or perhaps tricked you into installing a key stroke logger.

B: They would have needed to hack into the Chat Servers and then find your chat on them among the thousands of chats that are happening every second.

C :  They would need to be sniffing the recipients connection to the Servers.

As Paul pointed out, any one with that kind of ability isn't going to be wasting their time on you.

It probably would do people good to review the technical overview of security in SL

https://wiki.secondlife.com/wiki/Linden_Lab_Official:Technical_overview_of_Second_Life_security

And once WebRTC goes live that page will need updating. Something that LL is planning that Vivox does not do is hide your IP when making a peer to peer (p2p) call.

Edited by Perrie Juran
shpelling
  • Like 1
Link to comment
Share on other sites

3 hours ago, Liaa Nova said:

They can if you wear something RLV and give permissions

This is false.

It can block IMs from going through, but not read them.

3 hours ago, Rowan Amore said:

RLV cannot read IM chat.  That would be against the ToS.  It can block your IMs.  It can relay LOCAL chat, however.  I believe it only relays one side of the Local chat.

Any script can relay local, not just RLV. And it can relay all local. RLV collars might have a function to listen to their wearer, but that's a self imposed limit.

  • Like 2
Link to comment
Share on other sites

1 hour ago, Paul Hexem said:

This is false.

It can block IMs from going through, but not read them.

Any script can relay local, not just RLV. And it can relay all local. RLV collars might have a function to listen to their wearer, but that's a self imposed limit.

AFAIK, you must have consent to relay local chat which is why the RLV collar only relays the wearer's side of local.

Link to comment
Share on other sites

Just now, Rowan Amore said:

AFAIK, you must have consent to relay local chat which is why the RLV collar only relays the wearer's side of local.

Yeah, I was talking only about the technical side- the rules are, like so many in SL, fast and loose at best.

Link to comment
Share on other sites

ok....gif.88568bf73fc2debf9c1baa289943d9dc.gif

 

@Ricky40 Please don't be this gullible, mkay? If a security breach like this would even be possible LL would have fixed it already. You can't just let some random weirdo inworld tell you that, and you actually believing it. You said they explained it. Life tip coming up, pay attention. Explaining does not mean just saying something. Explaining something means showing how something works. This rando inworld just told you "it's on channels" and you ran with it without having any proof of that.

Please do better. You can't be gullible and be on the internet. That is a dangerous combination. ;) 

  • Like 1
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...