[Opensim-dev] Interrelated difficult problems related to asset portability

Tue May 27 05:15:05 UTC 2008

Sean Heavy wrote:
> +1 ! ! !
> We are a majority of at least 2, Kyle! :)
>   
+1
> ~Sean H.
>
> Kyle Hamilton wrote:
>   
>> You make some interesting points.
>>
>> From where to where would the authentication traffic run?  What would
>> interpret it?  What would make the policy decision to show it?  What
>> would decide whether to follow the policy decision handed down from
>> on-high?
>>
>> What about assets with legitimate copyright confusion?
>>
>> What about attempted denial-of-service by hacking the authentication system?
>>
>> What if someone gets a leaked bitwise copy of an asset, uploads it to
>> and registers it with the authentication service, and prevents the
>> legitimate owner of the asset from registering it?
>>
>> What if some grid chooses, for these or other (perhaps more nefarious,
>> perhaps more practical -- such as overloading and very poor response)
>> reasons, not to run the authentication traffic?
>>
>> I must simply reiterate what I've said before... DRM simply does not
>> work.  DRM relies on all parties except the end-user (you know, the
>> entity that everyone is most concerned about) cooperating to restrict
>> access.  Independent VWs don't want to damage their users'
>> experiences, so they're unlikely to want to cooperate, and without
>> their cooperation there's no chance of implementing any kind of DRM
>> solution.
>>
>> DRM relies on "keeping secrets".  The core secret is "the asset
>> content to be displayed".  And, Benjamin Franklin put it best: "Three
>> may keep a secret, if two are dead."  An authentication system would
>> simply offload the task of who makes the decision to keep the secret,
>> not do anything more to keep the secret in place.
>>
>> And if you want to rely on the viewer to run it?  Someone's going to
>> hack the viewer to avoid authentication, and distribute their hacked
>> viewer.
>>
>> I've been trying to find a way to design a system that doesn't rely on
>> making bits harder to copy.  I've been trying to find a way to design
>> a system that doesn't rely on some arbitrary third party making
>> decisions.  I've been trying to find a way for evidence to be
>> collected that would be sufficient to satisfy the only
>> currently-authorized-by-law third party (the court system), and then
>> only in situations where it's been specifically asked to intervene.
>>
>> The entire VW community, and the entire Internet community, has been
>> designing things at odds with the current legal regime since its dawn.
>>  We've seen the courts reach in and mandate things, and our tools have
>> been extremely unsuited to the task of compliance.  I'd much prefer to
>> have a design on the table that satisfies all the compliance issues in
>> a way that is easily understood.  I'd much prefer to have a design on
>> the table that stops viewing the end-user as an entity to be feared
>> solely because they can take what they're shown and change themselves
>> from 'end-user' to 'content presenter' without authorization of the
>> owner of the content they're presenting.  I'd like to move away from
>> any attempt to mandate content handling, and instead cooperate with
>> the end-user to identify locations where unauthorized copies of
>> content are distributed from, and leverage those to reduce the content
>> misappropriation.
>>
>> This is why I want the viewer to be cooperative in a way that doesn't
>> damage the end-user's experience.  I realize I'm in the minority...
>> but I'm sick of being treated like something less than a dignified
>> human being.  I'm sick of being treated like a criminal.  I'm sick of
>> my money going toward systems that prevent me from using what I've
>> licensed.
>>
>>
>> -Kyle H
>>     
>
>   


-- 
dr dirk husemann ---- math & computer science ---- ibm zurich research lab
RL: hud at zurich.ibm.com - +41 44 724 8573 - http://www.zurich.ibm.com/~hud/ 
SL: drscofield at xyzzyxyzzy.net --------------------- http://xyzzyxyzzy.net/