QwiQ

Well you "learn" or you leave I guess, and the ones who leave take with them fresh insight and voices and what's left is an echo chamber reverberating with the same old prejudices and "opinion". Unless you like taking pics of course, there's always room for some more pretty pictures to look at 🙂

Hi Scylla, Well listen, I mean first thing is that LL are almost definitely "collecting" the data in that it will be stored somewhere on their backend. It'd be quite a wasted asset, and certainly they'd be in a minority of companies these days, if they didn't anonymise at least some of it and leverage it as a resource either internally or externally. As for the relevance of my post in the context of this thread; in a strict sense you're right of course. However it felt like almost everything that had to be said had already been said many, many, many times.. so I thought I'd take the opportunity to maybe expand the scope a little and thus prompt some more interesting dialogue - which it has done a wee bit thanks to you, Rowan and a few others 🙂 The reason I suppose I'm jumping in on this whole white knight thing, is that while the OP may be "trolling", he may also be not. He may just be someone who is particularly risk averse and genuinely "wondering". I understand that the old hands of these forums feel they can sniff out a troll at a 100 yards, and by virtue of being judged a troll he deserves whatever judgement and treatment is handed down.. Apparently for the most part, what it's deemed he deserves is at best very ill informed (almost puerile) passive aggression, and at worst what would normally constitute pretty bad bullying from the usual suspects. To be honest, I'm an adult who knows what he's getting into here and the responses I get are all pretty predictable and factored in before I hit the submit button. Yeah it's a forum yada yada and there are worse out there, but there are also much better ones.. maybe we could try to be one of those 🙂 To be honest, even as someone who prides themselves on their use of language, your use of words like "trolls" and "dragons" seem unnecessarily combative in this context. Maybe given the very, very small number of people who actually use these boards we could all just be people - people who agree with other, or disagree, or frustrate or annoy - but people nevertheless. Anyway, I've added what I perceived (rightly or wrongly) to be some well intentioned information, so I'll leave it at that.

OK, I have no idea why the world seems to want me to get all "white knight-ish" on Mr Paulsian's behalf, but here we go again - third time's a charm and all that 🙂 We all exist on a continuum of sensitivity to security and privacy concerns. Paulsian "appears" to be on one end, and others here are on the other end. I've no issue with that, everyone is different. As a software vendor though, it would make sense for LL to cater for as wide a segment of the continuum as possible, but again, they'll do what they do. At the end of the day though, this is less a personal privacy issue than a data collection and analytics issue. If social media and digital marketing has taught as anything over the past decade, it's that attention = money. You might not care who looks up your skirt, or who focusses on the jiggle physics in your blouse, or the excellent ink stencilled so prettily on your much, much too overdeveloped biceps; but someone will care and someone will be able to make cold hard cash out of that tracking data. If LL isn't seeing the recent interest in virtual reality as an opportunity to leverage all the (anonymised) data points they've collected over the past 18 years then .. well we can all stand to attention and salute their "ethics" as the good old SS SL sinks below the waves. So yep you're definitely giving away all this valuable data, every time you look at something, TP somewhere, invoke any interaction between yourselves and/or the platform. As it stands at the moment your feelings on whether that data is made available to you in your viewer is pretty much irrelevant. On an individual level though, there are a few areas where what you accept now will be a tricky little genie to stuff back in the bottle later. These carry across things like. Privacy - the security and privacy provided by any platform will become much more import as we immerse ourselves more deeply. So yeah you should probably be a bit more interested in how likely the LL viewer is to be carrying malware, whether LL's use of subdomains vs subdirectories presents a DNS vulnerability, where your camera tracking data goes when you sleep. Future Digital Justice - let's say an assault takes place in some seedy SL nightclub and there is a means to report and seek justice for that assault, then where you were and where your cam was focussed at any one time might identify you as a witness and/or suspect. Future Digital Governance - depending on what jurisdiction you reside under - where you are seen to have your eyeballs pointed, and for how long at any one time, might be very telling. All sounds a bit crazy right? And yeah I get that some here might say: "this is SL man, my avatar's age is older than your kid, I know what LL has done, is doing, will do, is capable of doing - I'm best friends with a Linden and I attend all the user group meetings FFS!"; Sometimes though it's wise to just step back from the blanket assertions, take a different perspective, imagine a world where there's such a thing as doubt 🙂 Because, in my opinion (as strange white knight extraordinaire) the only reason you might be able to disregard all of this is because SL is tiny, the population demographic is a commercial irrelevance at the enterprise level, and thus the size and the value of your data set is too small to warrant anyone's attention. Anyway, as usual, this is just well meaning advice.. you go out and think whatever the fork you want to think 🙂

I think we're ok Doris, the highlight words "my" and "is" are the ones carried forward.

Yep, watched this too; really nail-biting to be honest. Could have been 30 years to design and build, 10 minutes to mess up a really expensive bit of origami 🙂 Anyway, all looks done now, so lots of amazing things to look at and think about soon!

Yeah I know Arduenn, I'm just erring on the side of trying to be nice for now. I do know some people are very paranoid/scared about online risks so was trying to help (and taking a lot of heat in the process I might add 😀) My troll-o-meter isn't far off yours, but maybe if we answer informatively and accurately (as much as we can anyway), any poor souls who rock up looking in his threads for advice will actually get it.

I completely agree Theresa, I think I already covered the whole "possible" vs "probable" question in the other thread. I guess I'm just raising the red flag that it is a very well known risk, it can be done, it has been done. At the end of the day consensus of opinion here seems to be we're safe from the bogeyman "more by good luck than good management" (as my old gran used to say). . If we're all happy with that, then fair enough 😀

You mean this Cryptojacking **** which is so ridiculously made up that almost every single major anti malware vendor is now addressing the risk in their products (even Microsoft Defender bless it)? But yeah I get your point, the LL viewer is open source after all, once you publish your code in a public repository you're golden - you've got to be a crazy person to take all this malware malarky seriously 😀 I've tried to contribute to this topic on another thread, which you can follow up on if you like. If you don't like.. then that's ok too 😀

Hey Paulsian, I'm going to assume this is a genuine question rather than anything else, and just answer it as best I know how. Basically there are two main ways of doing this sort of thing. Subdomains (subdomain.mydomain.com) Subdirectories (mydomain.com/subdirectory) There are various ideas around what's deemed "good practice" in determining which to use. Mostly it boils down to pick a lane and then be consistent. The idea of it being related to what server anything is hosted on is a wee bit anachronistic especially in the age of cloud hosting and serverless infrastructures (regardless what Wikipedia might say). Given your other threads though, I'm supposing (and hoping naively 😀) that this again a genuine query driven by questions of security and online safety. Basically there are potential risks associated with the use of subdomains, if you're not careful with your DNS config then you might have an issue with what's called a Subdomain Takeover, but really as long as LL know what they're doing it should all be fine. There are some moot pros and cons around SEO but I'm guessing you're not too bothered about that. I'm not sure if you're trolling or not with your threads, so I'm going to continue contributing as best I can. In any event I'm not sure what the difference is between your prolific thread creation and the really really numerous avatar beautification ones. There's seriously one for shoulder closeups... 😀

Hello People, I can see this thread has gone a bit off track, and I can see my initial post attracted quite a lot of ridicule, worryingly even from someone involved with one of the TPVs. Really I'm back just from the perspective of someone who wants to help and maybe give some hard won advice which you can sneer at and ignore if you want. All I can say is it comes from a genuinely good place - take it or leave it 🙂 Ok, so first thing is I (sort) of agree that the risks of any secretive embedded payload coming on purpose from LL are as close to zero as is worth thinking about - we do trust the guys. The idea however that the LL viewer being open source somehow provides assurance that it could never deliver malware to your systems, isn't correct at all. Whether anyone here wants to accept it or not, there is a whole raft of dependencies, workflow and processes which deliver the compiled viewer to your system. the code repo is only part of that process. Just off the top of my head we have the following The code repo The Software Bill of Materials The DevOps pipeline The Dev/Build/Distribution environments The wider Software Supply Chain As you can see then, the public code repo in itself, while reassuring, guarantees diddly in the grand scheme of things. And by the way, any vendor who says they don't bother with any of that stuff (manual or automated) because it's "overkill" or "not warranted" really should earn your distrust. Even if they say they do it and they can definitely guarantee 100% malware free - run a mile because they're pretty deluded if nothing else.. So as you can see, there are lots and lots of potential vulnerability points between the code repo and the executable which rocks up on your system. These types of vulnerability are exploited every day by very clever but naughty people and examples are easily referenced by a straightforward google search. So really, while well intentioned, the following assurances should be treated with a pinch of salt. THE LL VIEWER IS 100% NOT DOING XYZ! (apparently the caps and exclamations carry some weight here). Yeah mate, I pulled the repo, compiled that bad boy and it worked fine (lots wrong with this - did your build env = the LL build env, when did you, and what constitutes "fine") I'm a super coder mate, anyone worth their salt can read the code repo and easily identify shenanigans. To be fair, I'd be very surprised (I mean drop off my chair surprised) if anyone from LL would publicly go on record with quite the same level of guarantee as you guys. In fact the ToS explicitly says otherwise. "Linden Lab does not ensure continuous, error-free, secure or virus-free operation of the Service, the Software, the Websites, the Servers, or your Account" Anyway, do what you want to do, trust who you want to trust. But maybe, just in case I'm not a complete lunatic worthy of derision, take some precautions yourself and more importantly guide new users safely into our little world 🙂

Absolute tosh...on so many levels. Anyway, I've tried to help the OP a wee bit, so I'll bow out of this now.

Really enjoyed what I can only describe as a tragicomedy. Could be viewed as a satire on so many modern day issues. Perhaps even on how we choose to trivialise and divert attention from the 100% certainty of our own individual mortality.

Hi Paulsian, I've no idea why you get such a rough ride on these forums when asking pretty legitimate questions about online safety concerns. You do seem incredibly risk averse however, so let's chat through a few things. On your question, Is it "possible" that a trojanized version of the LL or TPV viewer might deliver malware to your infrastructure? The answer is of course a resounding yes. Anyone who laughs in your face on this question really doesn't know what they're talking about. Even when specifically talking about the "possibility" of crypto mining malware being delivered, the answer again is of course yes it's "possible". "Cryptojacking" malware is actually a very legitimate "possible" risk. So this all sounds a bit scary, but thankfully there is a very clear distinction between what's "possible" and what's "probable". Your job as a responsible and risk averse online traveller is to reduce the "probability of the possible" to as close to zero as you can. There are lots of things you can do, and my advice (and I get the irony 🙂) is not to get any advice from anyone on this forum. Instead head to resources like https://staysafeonline.org/ and https://www.ncsc.gov.uk/ and have a mooch around. Good Luck!

Phoebe's cat is smelly.

Thank you Lindal, I didn't know you were involved with COU! Yep, there's so much more I could say about the place, and a whole raft of people who spent time tutoring, guiding and just chatting. I also second the Builders Brewery; again just lots of genuine and helpful people willing to give up their time to help a noob stick one prim on top of another 🙂