Jump to content

Innula Zenovka

Advisor
  • Posts

    10,132
  • Joined

  • Last visited

Everything posted by Innula Zenovka

  1. This change is needed because SL may already be breaking Belgian and German law (at least) by hosting gatcha machines, they'll probably be breaking British and Australian law both if they're still hosting them this time next year, and more and more jurisdictions are following suit. LL have to make this change if they want to avoid danger of prosecution in an increasing number of jurisdictions and they sooner they remove this risk, the better for everyone.
  2. Freedom to make, or not, the choice of whether to play the Gatcha machine in the first place. I have always chosen not to, because I don't like to waste my time trying to win the item(s) I want, so my range of choices will be greatly improved, since now I will be free to choose whether or not to buy whatever I want for whatever the creator considers a fair price, provided I think it worth paying, without wasting my time (more valuable to me than what I'd expect to pay as a market price for even the most expensive "rare" items when I can find them in the Marketplace).
  3. Speaking as a survivor of cancer, I have to dispute the word "literal" there but otherwise I agree 100%. I've never bought anything from Gatcha machines, since I take the attitude that, when I want to gamble online, I will do (I'm a Brit, so I can that legally if I feel like it) and when I want to buy virtual content in SL for my own purposes, that's what I want to do. When I want to create environments in SL I do not want waste my time -- which is considerably more valuable to me in many ways than simply L$ -- with loot boxes. I want to pay the creator a decent price for their creation in the first place, so we're both satisfied with the transaction, and then get on with both my second and first lives. From what I've heard from friends who make mesh, the pressure to produce new lines with which to stuff their Gatchas at each of the increasing number of fairs is gruelling, and I think this decision will be welcomed by many of them, too. For background on legal restrictions on Loot Boxes, the House of Commons Library has a good background report on the situation in the UK and elsewhere https://commonslibrary.parliament.uk/research-briefings/cbp-8498/ (tl;dr, they're already banned in several European jurisdictions, legislation banning them is currently being considered by the Australian senate, and the British government will be announcing its plans by the end of the year.)
  4. What else does the first sentence of the blog post mean?
  5. No one, I think, is telling you what you can and can't do, though they may be making it more inconvenient for you to buy particular machines online direct from the manufacturer. But why shouldn't government tell you that you can't run a high-end rig if so doing contributes to a public nuisance of the kind people living on the West Coast of America are already experiencing in the form of massive forest fires, droughts and unprecedently high temperatures, which are the effects on global heating and the climate crisis, which is caused by excess CO2 emissions, of which power generation is a major cause? There are two obvious solutions, reduce the need for power generation overall by building by retiring older machines and building more efficient models, and reduce the amount of CO2 emitted by generating power in the first place, by adopting more carbon-efficient energy sources. At the moment, people using inefficient rigs are simply freeloading, since they enjoy the benefits of the high end rig while leaving others to pick up its external costs of the damage their equipment inflicts on third parties.
  6. So you disagree with the minimum specs the authorities in CA and wherever else have set down. They presumably used one set of data and models to arrive at their conclusions and either you used a different dataset and different modelling or you used the same data and computer modelling, but for some reason come to different conclusions. What of it?
  7. As far as I can tell, though, the only people in danger of breaking the law are the computer manufacturers, who can't sell models in particular states that don't comply with those states' minimum standards for safety and energy efficiency. Same as any other product. Energy efficiency laws apply to computers too -- whodathunkit?
  8. Let's assume some people, apparently randomly and certainly unpredictably, sometimes experience what everyone would agree was ESP if only there was some way to confirm it. How would we ever know if that is, in fact, happening? I'm not asking for proof. I'm not even asking what such a proof would look like. I'm just asking what difference it makes if we do agree that there is such a thing as ESP ? OK, let's agree that some people sometimes experience genuine ESP, just as people win the lottery or score a hole in one at golf, or are dealt a royal flush at poker, but we'll still lack a way of distinguishing ESP from simple coincidence, so what difference does it make which it is?
  9. While I may seem sceptical about 2FA, I wholly agree with this. What I don't know, however, I have no information with which to work, is whether 2FA is an urgently-needed solution to a widespread problem that urgently needs addressing or whether it's simply something it would be nice to have as an option, provided it was voluntary and would probably make a lot of users feel more comfortable. As an indication of how people feel, rather than because the two things may be connected (I have no idea if they are or not), which would people rather see fixed first Two Factor Authentication (optional) at log in Inworld Search Something else (mesh uploads always seem to need fixing one way or another, for example) I see 2FA as something nice to have if I wanted it, but it's not something to which I give much thought, though obviously I am also concerned about protecting both my L$ balance and my in-world reputation, such as it is, but I wondering whether others share my sense of priorities. Speaking personally, I can think of plenty of improvements and enhancements to the user's experience that I'd regard as more urgent than 2FA, but I'm very aware that my SL isn't much like other people's, because how many of us spend most of our time in SL writing scripts or hanging out with other content creators discussing how to do cool stuff? Because I am concerned about having my account hijacked, I early on took advice on how to avoid this -- don't reuse or share passwords, or use easily guessable ones, be aware of phishing techniques and so on -- and I have followed it ever since without giving it much more thought, because no one else has access to my computers, and all my passwords are generated and stored by LastPass, but maybe I'm in a minority here.
  10. You can move the toolbar buttons that open your inventory, camera floater, world map and so on, in most viewers, I think. Certainly I can add, remove and move them in the Official Viewer.
  11. Whenever I used to use the phone call option, which I had to before I got a decent smartphone, the call usually followed within a minute or so (at most) and lasted only a matter of seconds. But I agree. While it sounds as if LL might consider introducing 2FA at the point which you try to buy L$ in the viewer, or at least tightening up the security there, 2FA to get into SL is overkill, and fixing the wrong problem.
  12. So when you used it, the site remembered your card details and didn't ask you for any further confirmation (e.g. CVV number) the next time you used it, but simply asked you to re-enter your SL password? That's really insecure.
  13. If enough people assemble in an online forum from all over the world, then inevitably some of them will have suffered some sort of symptoms within a given period (how long?) after having the vaccine. If someone hangs around anti-vax forums and Facebook pages they will, therefore, soon find plenty of posts from people who've suffered some sort of illness or mishap within various arbitrary time scales that they attribute to the vaccine because that's a handy explanation, and it'll be easy for someone to come away convinced these vaccines are dreadful things because they apparently cause people to come down with such a wide variety of completely different symptoms within a few weeks being vaccinated -- no only did someone develop a fever, but someone else developed a painful rash, and someone else developed pneumonia and someone else broke their ankle and someone else's cat got run over, and clearly the vaccine is to blame.
  14. Usually there's a variety of options available -- besides SMS, I've been sent verification codes by email, automated landline call, and downloadable apps.
  15. Thanks. That leaves me wondering, then, how whoever broke into the account of the woman who posted on Reddit was able to buy $1,700US worth of L$ without knowing what her CVV was. There's part of the story missing, I'm sure, but the more I think about it, this woman's loss seems to represent a perfect storm of unsafe settings and careless behaviour, I'm afraid. Can someone who has recently bought L$ via Tilia please confirm what the steps are? If Tilia store your CVV number along with card number and expiry date, that sounds extremely dangerous and I'd be surprised if it's the case.
  16. I wonder how the thief was able to buy L$ with her card but whoever broke into Cristiano's friend's account was unsuccessful.
  17. That, I see, was a debit card attached to her bank account, which would necessarily be less secure than a credit card. I'm surprised that she didn't at least have to enter her CVV number manually, but it seems it's not for cards like that. So that's the difference between her and Cristiano's friend whose account was broken into but the thief couldn't get into Tilia. We don't know what happened in the end -- at the time of her final update, LL were being very helpful and it's unclear whether the $1700 actually left her account -- but I don't think this is a typical case by any means. Furthermore, and while I'm not trying to blame her for what happened to her, I think that If you go though the story, you'll see that she admits she was somewhat careless, to say the least, in her approach to account security. This is not a typical case, I think, and I don't think it's safe to base many general assumptions on it.
  18. This is why I want to know how widespread a problem there is with people breaking into other people's accounts. I want to know how often it happens, and how much money is, on average, at risk. I mean, how much do most of us keep in our accounts to lose? Few of us actually ever cash out at all, and certainly I generally cash out before I'm anywhere close to having more in my account than I can afford to lose. I suspect the dollar value actual amount of money stolen through fraudulent log-ins each year is pretty low, and the number of people affected similarly small, when considered as a proportion of total log-ins and the size of the SL economy, and that it's probably not a problem that's worth fixing (at least not before they've fixed half a dozen more pressing issues with the viewer). But I don't know, because I don't think it's possible to say for sure without seeing the figures. I'd need to know how much money is lost each year, by how many people, how much it would cost to have 2FA, how many fraudulent log ins that would prevent annually, and how much money that would save. LL are the only ones in who know what the figures are and are therefore the only ones in position to make an informed judgment. While obviously their judgement is hardly infallible, they clearly don't see it as a priority, and I can't say I ever give much thought to someone breaking into my account. Maybe I should be more worried, but even if the worst were to happen and my SL account were to be compromised, it would be very annoying and a gross intrusion of my privacy, but it wouldn't be anything like someone getting into my bank or credit card accounts. It might hurt a bit if my L$s were to vanish but it wouldn't be a major crisis.
  19. I don't think the issue is whether 2FA solutions are easy or difficult but who should require it and when -- LL when you log in with the viewer, or Tilia if you try to buy L$ . All I need to get into my accounts with Amazon or eBay are my account name and password, and then when I want to buy something they ask my card issuer to authorise the transaction. The issuer then confirms it's me -- whether because I've entered my CVV number or via 2FA -- and tells Amazon the transaction is authorised. Why should SL-Tilia do it differently -- that is, username and password to get into SL and then if I want to buy any L$ while I'm logged in, Tilia handle the verification with my credit card at that stage?
  20. What happens then? I've never needed to buy L$ since Tilia, certainly, but I imagine it's then like any other online transaction where you have an existing account. I don't see why TFA should be an issue before we get here, at least.
  21. However, any company will want to ask itself, I would have thought, before undertaking any project, what resources they'll need to code it, test it, and so on. They'll also want to consider whether they want to devote those resources to that or to something else. How great a nuisance is, in fact, created by the problem the project is supposed to resolve would, I think, be a major consideration in determining what priority to give it.
  22. I can't remember when last I bought L$ so I don't know what security is like since Tilia took over that side of things. What happens nowadays when you try to buy L$ inworld? I imagine if I were to try buy some with my card, then on top of LL's precautions I'd see a popup asking me to enter a code my bank has texted me, in the same way I do when I use Amazon or order a supermarket delivery, but that's my card (maybe all UK cards?) and I'm not sure what Tilia ask in addition to that (my mother's maiden name or something?). I used to have to re-enter my password to buy L$, I think, but I can't remember what else was involved.
  23. Would I really? What were the circumstances? Since LL's /Tilia's precautions were sufficient to protect Cris' friend's bank account in this case, they can't be identical. Maybe Tilia introduced additional security measures after the $1700 loss to which you refer, and that's the difference? The credit card I have on file with LL recently introduced TFA for online purchases (I think all UK card issuers did at the same time), so customers of my bank, at least, who use SL already have TFA protection at that level. I don't know know how widespread this kind of fraud is, but I'd have thought the problem will be best addressed by the card issuers and Tilia at the point someone tries to use their card/bank/PayPal account to buy L$ rather than when they try to log in.
  24. What money was lost here? That doesn't suggest to me that any money was ever at risk, since the precautions LL/Tilia are already sufficiently robust, or that they were in this case, to stop the intruder from accessing and misusing the friend's payment details, and that it was only the gacha items that were stolen (and I would hope LL were able to recover them for Cris' friend, since there's a record of who received them). What does it suggest to you?
  25. Generally I find it's a good idea first to have an idea of how big and how urgent a problem is before I start to consider how much time and resources to devote to fixing it, and what priority to give it. YMMV.
×
×
  • Create New...