[Opensim-dev] Interrelated difficult problems related to asset portability

[Jani Pirkola]

Kyle,

Using the viewer to detect copies is an excellent idea! Anyone can hack his
or her version of the viewer, or even a group of users can use a hacked
viewer, but there will always be one who isn't.

I also agree that copy prevention will not work, ever. If I see (or hear) an
asset on my computer, I have  a copy of it already.

My personal vision of how this could be solved is to rely on people's own
attitudes towards theft. If I could use my viewer to check whether things I
see are stolen, e.g. I could see red marks on all avatar clothes that are
stolen, I would not use anything stolen on my own avatar, because people
would start to think me as a thief. (Oh look, that is the man who stole his
hat from that poor student girl)

How this could be achieved technically then? I suggest an object hash
server, where asset content hash value is stored along with the owner and
the license and permissions to use for those who bought it, for example.
When I upload some asset to some opensim server, then that opensim server
would calculcate the hash (and why not to use it as UUID as well to make
caching work better at client?) and send it to object hash server with
permissions from the viewer.

The object hash servers would be hosted by organizations we trust
(realXtend? LL? Verizon?), and they would have a network of trust in between
them. The object hash servers should of course also replicate data back and
forth to make sure that all the asset rights are correctly updated.

This does not need necessarily any modifications to the SL Viewer itself,
there could be a separate tool  (e.g. a copyrightbot as Diva suggested) to
make check on a place or avatar first and when the system comes widespread
enough, maybe it could be built in to SL Viewer as well.
realXtend viewer could support that from the beginning.

Also, Kyle's suggestion that the viewer reports abuse of copyrighted
material is easy to implement in this scenario. His point that even there
were a hacked client available without that copyrighted material detection,
there would always be someone with a non-hacked version can be used as vice
versa: Even if standard SL Viewer didn't have the copyright violation
reporting feature, always someone would be using a viewer which includes
that!

That kind of system could be done by OpenSim and it would be taken into use,
given that someone with enough trust takes the hosting of the first object
hash server.

Best regards,
Jani Pirkola
realXtend program manager

2008/5/27 Antti Ilomäki <antti.ilomaki at adminotech.com>:

> Kyle H: "From where to where would the authentication traffic run?  What
> would
> interpret it?  What would make the policy decision to show it?  What
> would decide whether to follow the policy decision handed down from
> on-high?"
>
> Note that I'm by no means a data security expert and I'll gladly leave
> technical questions to someone else. That's one of the reasons I'm so
> interested in discussing these things in public.
>
> Anyway, There would be two separate parties making the policy decisions:
> the server and the client. In this scheme knowledge on assets to be
> downloaded would probably have to pass through servers, because the server
> administrators would probably want to influence what their visitors see.
> Then the client would have some controls to restrict display of assets if
> the user (or more likely his parents) wants to. Like you (and I think me
> too) said, the client is easy to hack and trying to add strict protection
> schemes there would probably prove fruitless. The authentication traffic
> would most likely run between the world servers and authentication stuff
> servers, but also to the client. I'm not the person to design the details,
> however, hopefully someone can come up with good ideas.
>
> "What about assets with legitimate copyright confusion?"
>
> Can you be more specific?
>
> "What about attempted denial-of-service by hacking the authentication
> system?"
>
> DoS attacks are a potential problem for any network service, do you see
> potential problems specifically for the authentication of inventory assets?
>
> "What if someone gets a leaked bitwise copy of an asset, uploads it to
> and registers it with the authentication service, and prevents the
> legitimate owner of the asset from registering it?"
>
> Getting bitwise copies of an asset can't really be prevented or even made
> very difficult AFAIK. That's why I'm more interested in controlling their
> visibility over the net. If someone got a pirate bitwise copy somewhere on
> the net it's likely that the original object would already be registered in
> the authentication service and re-registering the same asset would likely
> fail. An interesting question is the building phase when the objects aren't
> finished yet, but if there's enough interest there's probably a workaround
> for that as well. Perhaps something like version history for objects or so
> on, I don't know. Note that especially professional content creation can be
> done behind protective walls and the object can be registered on
> authentication lists before it ever appears in the public virtual web.
>
> "What if some grid chooses, for these or other (perhaps more nefarious,
> perhaps more practical -- such as overloading and very poor response)
> reasons, not to run the authentication traffic?"
>
> Well there's really quite little anyone can do about it - pretty much the
> only thing would be to make the authentication as lightweight and seamless
> as possible so that there would be no technical reasons to turn it off. Some
> sites would of course still turn it off, but the really important thing is
> to have all or at least a vast majority of the most popular sites to utilize
> the protection scheme. The reason they might actually want to do it is their
> somewhat probable involvement in item trading or (virtual) money
> transactions in general. Content creation business and virtual world (and
> other services) subscription business are interconnected; more people means
> there's a bigger market for content, which in turn means more interesting
> stuff to see and do for the users, which in turn means there will be more
> users.
>
> "I must simply reiterate what I've said before... DRM simply does not
> work.  DRM relies on all parties except the end-user (you know, the
> entity that everyone is most concerned about) cooperating to restrict
> access.  Independent VWs don't want to damage their users'
> experiences, so they're unlikely to want to cooperate, and without
> their cooperation there's no chance of implementing any kind of DRM
> solution."
>
> In my opinion the record and games industries, for example, are going the
> wrong way by trying to charge you money for a product that is inferior to
> what you get for free if you resort to piracy. The best way to entice
> customers to pay for their music is to make purchases extremely simple and
> offer extra service such as automatic backup system in addition to the
> actual files being as easy to use as a pirated mp3.
>
> The difference between the virtual assets and music, for example, is at
> least two-fold. First of all, virtual assets are almost exclusively used
> over the internet. This gives options for determining copying and access
> wirghts on the fly. Secondly, Virtual worlds ARE the digital content and
> creating systems that can be used to set rules and bring a level of security
> not only for the assets but also site owners and users, would probably have
> a positive effect on the business as a whole.
>
>
> "DRM relies on "keeping secrets".  The core secret is "the asset
> content to be displayed".  And, Benjamin Franklin put it best: "Three
> may keep a secret, if two are dead."  An authentication system would
> simply offload the task of who makes the decision to keep the secret,
> not do anything more to keep the secret in place."
>
> Well it depends. If the future of the virtual web would actually involve
> something like the system I described there would be little need for
> secrets. The thing you would have to do to use pirated goods would be to
> hack a server and insert your ID on the authorized users' list for the
> specific object. If the security of the server was any good, that would be
> quite a bit more complex than downloading an mp3 through bit torrent or
> something similiar.
>
> Another hurdle for the pirates might be a check in the Official 3D Internet
> browser (the realXtend one, naturally) that would prevent any transactions
> in a zone that doesn't have content protection on. There's actually need for
> some kind of a security system anyway, similiar to web certificates and so
> on, to create a level of security for the entire experience AND communicate
> it to the users, so that they feel confident enough to make purchases and
> let the virtual content business flourish.
>
> In fact one of the good things about virtual reality is the fact that when
> the user is logged in, he/she most likely has some kind of a payment system
> ready to go, be it LindeX, PayPal or whatever. Ths would completely remove
> the hurdle of digging out your credit card and giving personal info to some
> site on the net to be able to pay for the goods. This would, of course,
> remove one hurdle from the legitimate customer's road to enjoying the
> purchase, making legitimate goods more competitive with the pirated stuff.
>
> Although probably not the most decisive issue for legitimate customers, but
> not having t ofeel stupid for paying something most others are using for
> free is sort of a service as well. The really important thing is making sure
> that the content creation business is a huge success and there's plenty of
> exciting stuff for everyone to enjoy. Ensuring that will be important for
> the success of the virtual reality, especially in the near future and if
> this DRM scheme can help, it's worth considering.
>
> "And if you want to rely on the viewer to run it?  Someone's going to
> hack the viewer to avoid authentication, and distribute their hacked
> viewer."
>
> Well I wouldn't want to rely on the viewer doing anything the user doesn't
> want to. The integration of DRM features to the viewer would probably be in
> the form of parental locks and such.
>
> "I've been trying to find a way to design a system that doesn't rely on
> making bits harder to copy.  I've been trying to find a way to design
> a system that doesn't rely on some arbitrary third party making
> decisions.  I've been trying to find a way for evidence to be
> collected that would be sufficient to satisfy the only
> currently-authorized-by-law third party (the court system), and then
> only in situations where it's been specifically asked to intervene."
>
> Sounds interesting. The thing to remember is that there probably never will
> be a foolproof system, we're always talking about percentages. Personally I
> don't think making bits harder to copy would raise the percentage of
> legitimate customers very much, but I don't have any statistics here and who
> knows, maybe the entertainment industry earns a couple of bucks by using
> copy protections systems?
>
> Court system and virtual worlds is an interesting issue. One of the
> problems with copyright stuff and global networks is the difficulty of
> across the borders -co-operation and lack of internationally useful laws.
> But that's a huge issue in itself, althoug han important one, laws can bring
> about an atmosphere of trust and security, which is usually good for
> business.
>
> "The entire VW community, and the entire Internet community, has been
> designing things at odds with the current legal regime since its dawn.
> We've seen the courts reach in and mandate things, and our tools have
> been extremely unsuited to the task of compliance.  I'd much prefer to
> have a design on the table that satisfies all the compliance issues in
> a way that is easily understood.  I'd much prefer to have a design on
> the table that stops viewing the end-user as an entity to be feared
> solely because they can take what they're shown and change themselves
> from 'end-user' to 'content presenter' without authorization of the
> owner of the content they're presenting.  I'd like to move away from
> any attempt to mandate content handling, and instead cooperate with
> the end-user to identify locations where unauthorized copies of
> content are distributed from, and leverage those to reduce the content
> misappropriation."
>
> One of the problems with virtual worlds is that they're difficult to
> understand for the parties that handle legislation and hold political power.
> So far we've seen pretty negative press from a couple of cases, and that's a
> problem for the young industry. Virtual worlds haven't been established as a
> necessity for life and business like the Internet, and are thus a much
> easier target for fishing concerned parents' votes for the next election.
> Again, if we want the industry to blossom in the near future, we have to
> consider all sorts of issues and hopefully solve them in a way that suits
> everyone. Or at least someone.
>
> "This is why I want the viewer to be cooperative in a way that doesn't
> damage the end-user's experience.  I realize I'm in the minority...
> but I'm sick of being treated like something less than a dignified
> human being.  I'm sick of being treated like a criminal.  I'm sick of
> my money going toward systems that prevent me from using what I've
> licensed."
>
> I don't disagree.
>
>
> Antti Ilomäki
> antti.ilomaki at adminotech.com
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at lists.berlios.de
> https://lists.berlios.de/mailman/listinfo/opensim-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://opensimulator.org/pipermail/opensim-dev/attachments/20080527/6a32058b/attachment-0001.html>