[Opensim-dev] Interrelated difficult problems related to asset portability
dr scofield
drscofield at xyzzyxyzzy.net
Tue May 27 05:15:05 UTC 2008
Sean Heavy wrote:
> +1 ! ! !
> We are a majority of at least 2, Kyle! :)
>
+1
> ~Sean H.
>
> Kyle Hamilton wrote:
>
>> You make some interesting points.
>>
>> From where to where would the authentication traffic run? What would
>> interpret it? What would make the policy decision to show it? What
>> would decide whether to follow the policy decision handed down from
>> on-high?
>>
>> What about assets with legitimate copyright confusion?
>>
>> What about attempted denial-of-service by hacking the authentication system?
>>
>> What if someone gets a leaked bitwise copy of an asset, uploads it to
>> and registers it with the authentication service, and prevents the
>> legitimate owner of the asset from registering it?
>>
>> What if some grid chooses, for these or other (perhaps more nefarious,
>> perhaps more practical -- such as overloading and very poor response)
>> reasons, not to run the authentication traffic?
>>
>> I must simply reiterate what I've said before... DRM simply does not
>> work. DRM relies on all parties except the end-user (you know, the
>> entity that everyone is most concerned about) cooperating to restrict
>> access. Independent VWs don't want to damage their users'
>> experiences, so they're unlikely to want to cooperate, and without
>> their cooperation there's no chance of implementing any kind of DRM
>> solution.
>>
>> DRM relies on "keeping secrets". The core secret is "the asset
>> content to be displayed". And, Benjamin Franklin put it best: "Three
>> may keep a secret, if two are dead." An authentication system would
>> simply offload the task of who makes the decision to keep the secret,
>> not do anything more to keep the secret in place.
>>
>> And if you want to rely on the viewer to run it? Someone's going to
>> hack the viewer to avoid authentication, and distribute their hacked
>> viewer.
>>
>> I've been trying to find a way to design a system that doesn't rely on
>> making bits harder to copy. I've been trying to find a way to design
>> a system that doesn't rely on some arbitrary third party making
>> decisions. I've been trying to find a way for evidence to be
>> collected that would be sufficient to satisfy the only
>> currently-authorized-by-law third party (the court system), and then
>> only in situations where it's been specifically asked to intervene.
>>
>> The entire VW community, and the entire Internet community, has been
>> designing things at odds with the current legal regime since its dawn.
>> We've seen the courts reach in and mandate things, and our tools have
>> been extremely unsuited to the task of compliance. I'd much prefer to
>> have a design on the table that satisfies all the compliance issues in
>> a way that is easily understood. I'd much prefer to have a design on
>> the table that stops viewing the end-user as an entity to be feared
>> solely because they can take what they're shown and change themselves
>> from 'end-user' to 'content presenter' without authorization of the
>> owner of the content they're presenting. I'd like to move away from
>> any attempt to mandate content handling, and instead cooperate with
>> the end-user to identify locations where unauthorized copies of
>> content are distributed from, and leverage those to reduce the content
>> misappropriation.
>>
>> This is why I want the viewer to be cooperative in a way that doesn't
>> damage the end-user's experience. I realize I'm in the minority...
>> but I'm sick of being treated like something less than a dignified
>> human being. I'm sick of being treated like a criminal. I'm sick of
>> my money going toward systems that prevent me from using what I've
>> licensed.
>>
>>
>> -Kyle H
>>
>
>
--
dr dirk husemann ---- math & computer science ---- ibm zurich research lab
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/
SL: drscofield at xyzzyxyzzy.net --------------------- http://xyzzyxyzzy.net/
More information about the Opensim-dev
mailing list