[Opensim-dev] Interrelated difficult problems related to asset portability

[Antti Ilomäki]

Kyle H: "From where to where would the authentication traffic run?  What would
interpret it?  What would make the policy decision to show it?  What
would decide whether to follow the policy decision handed down from
on-high?"

Note that I'm by no means a data security expert and I'll gladly leave technical questions to someone else. That's one of the reasons I'm so interested in discussing these things in public.

Anyway, There would be two separate parties making the policy decisions: the server and the client. In this scheme knowledge on assets to be downloaded would probably have to pass through servers, because the server administrators would probably want to influence what their visitors see. Then the client would have some controls to restrict display of assets if the user (or more likely his parents) wants to. Like you (and I think me too) said, the client is easy to hack and trying to add strict protection schemes there would probably prove fruitless. The authentication traffic would most likely run between the world servers and authentication stuff servers, but also to the client. I'm not the person to design the details, however, hopefully someone can come up with good ideas.

"What about assets with legitimate copyright confusion?"

Can you be more specific?

"What about attempted denial-of-service by hacking the authentication system?"

DoS attacks are a potential problem for any network service, do you see potential problems specifically for the authentication of inventory assets?

"What if someone gets a leaked bitwise copy of an asset, uploads it to
and registers it with the authentication service, and prevents the
legitimate owner of the asset from registering it?"

Getting bitwise copies of an asset can't really be prevented or even made very difficult AFAIK. That's why I'm more interested in controlling their visibility over the net. If someone got a pirate bitwise copy somewhere on the net it's likely that the original object would already be registered in the authentication service and re-registering the same asset would likely fail. An interesting question is the building phase when the objects aren't finished yet, but if there's enough interest there's probably a workaround for that as well. Perhaps something like version history for objects or so on, I don't know. Note that especially professional content creation can be done behind protective walls and the object can be registered on authentication lists before it ever appears in the public virtual web.

"What if some grid chooses, for these or other (perhaps more nefarious,
perhaps more practical -- such as overloading and very poor response)
reasons, not to run the authentication traffic?"

Well there's really quite little anyone can do about it - pretty much the only thing would be to make the authentication as lightweight and seamless as possible so that there would be no technical reasons to turn it off. Some sites would of course still turn it off, but the really important thing is to have all or at least a vast majority of the most popular sites to utilize the protection scheme. The reason they might actually want to do it is their somewhat probable involvement in item trading or (virtual) money transactions in general. Content creation business and virtual world (and other services) subscription business are interconnected; more people means there's a bigger market for content, which in turn means more interesting stuff to see and do for the users, which in turn means there will be more users.

"I must simply reiterate what I've said before... DRM simply does not
work.  DRM relies on all parties except the end-user (you know, the
entity that everyone is most concerned about) cooperating to restrict
access.  Independent VWs don't want to damage their users'
experiences, so they're unlikely to want to cooperate, and without
their cooperation there's no chance of implementing any kind of DRM
solution."

In my opinion the record and games industries, for example, are going the wrong way by trying to charge you money for a product that is inferior to what you get for free if you resort to piracy. The best way to entice customers to pay for their music is to make purchases extremely simple and offer extra service such as automatic backup system in addition to the actual files being as easy to use as a pirated mp3.

The difference between the virtual assets and music, for example, is at least two-fold. First of all, virtual assets are almost exclusively used over the internet. This gives options for determining copying and access wirghts on the fly. Secondly, Virtual worlds ARE the digital content and creating systems that can be used to set rules and bring a level of security not only for the assets but also site owners and users, would probably have a positive effect on the business as a whole.


"DRM relies on "keeping secrets".  The core secret is "the asset
content to be displayed".  And, Benjamin Franklin put it best: "Three
may keep a secret, if two are dead."  An authentication system would
simply offload the task of who makes the decision to keep the secret,
not do anything more to keep the secret in place."

Well it depends. If the future of the virtual web would actually involve something like the system I described there would be little need for secrets. The thing you would have to do to use pirated goods would be to hack a server and insert your ID on the authorized users' list for the specific object. If the security of the server was any good, that would be quite a bit more complex than downloading an mp3 through bit torrent or something similiar.

Another hurdle for the pirates might be a check in the Official 3D Internet browser (the realXtend one, naturally) that would prevent any transactions in a zone that doesn't have content protection on. There's actually need for some kind of a security system anyway, similiar to web certificates and so on, to create a level of security for the entire experience AND communicate it to the users, so that they feel confident enough to make purchases and let the virtual content business flourish.

In fact one of the good things about virtual reality is the fact that when the user is logged in, he/she most likely has some kind of a payment system ready to go, be it LindeX, PayPal or whatever. Ths would completely remove the hurdle of digging out your credit card and giving personal info to some site on the net to be able to pay for the goods. This would, of course, remove one hurdle from the legitimate customer's road to enjoying the purchase, making legitimate goods more competitive with the pirated stuff.

Although probably not the most decisive issue for legitimate customers, but not having t ofeel stupid for paying something most others are using for free is sort of a service as well. The really important thing is making sure that the content creation business is a huge success and there's plenty of exciting stuff for everyone to enjoy. Ensuring that will be important for the success of the virtual reality, especially in the near future and if this DRM scheme can help, it's worth considering.

"And if you want to rely on the viewer to run it?  Someone's going to
hack the viewer to avoid authentication, and distribute their hacked
viewer."

Well I wouldn't want to rely on the viewer doing anything the user doesn't want to. The integration of DRM features to the viewer would probably be in the form of parental locks and such.

"I've been trying to find a way to design a system that doesn't rely on
making bits harder to copy.  I've been trying to find a way to design
a system that doesn't rely on some arbitrary third party making
decisions.  I've been trying to find a way for evidence to be
collected that would be sufficient to satisfy the only
currently-authorized-by-law third party (the court system), and then
only in situations where it's been specifically asked to intervene."

Sounds interesting. The thing to remember is that there probably never will be a foolproof system, we're always talking about percentages. Personally I don't think making bits harder to copy would raise the percentage of legitimate customers very much, but I don't have any statistics here and who knows, maybe the entertainment industry earns a couple of bucks by using copy protections systems?

Court system and virtual worlds is an interesting issue. One of the problems with copyright stuff and global networks is the difficulty of across the borders -co-operation and lack of internationally useful laws. But that's a huge issue in itself, althoug han important one, laws can bring about an atmosphere of trust and security, which is usually good for business.

"The entire VW community, and the entire Internet community, has been
designing things at odds with the current legal regime since its dawn.
We've seen the courts reach in and mandate things, and our tools have
been extremely unsuited to the task of compliance.  I'd much prefer to
have a design on the table that satisfies all the compliance issues in
a way that is easily understood.  I'd much prefer to have a design on
the table that stops viewing the end-user as an entity to be feared
solely because they can take what they're shown and change themselves
from 'end-user' to 'content presenter' without authorization of the
owner of the content they're presenting.  I'd like to move away from
any attempt to mandate content handling, and instead cooperate with
the end-user to identify locations where unauthorized copies of
content are distributed from, and leverage those to reduce the content
misappropriation."

One of the problems with virtual worlds is that they're difficult to understand for the parties that handle legislation and hold political power. So far we've seen pretty negative press from a couple of cases, and that's a problem for the young industry. Virtual worlds haven't been established as a necessity for life and business like the Internet, and are thus a much easier target for fishing concerned parents' votes for the next election. Again, if we want the industry to blossom in the near future, we have to consider all sorts of issues and hopefully solve them in a way that suits everyone. Or at least someone.

"This is why I want the viewer to be cooperative in a way that doesn't
damage the end-user's experience.  I realize I'm in the minority...
but I'm sick of being treated like something less than a dignified
human being.  I'm sick of being treated like a criminal.  I'm sick of
my money going toward systems that prevent me from using what I've
licensed."

I don't disagree.


Antti Ilomäki
antti.ilomaki at adminotech.com