[Opensim-dev] Accessing textures via HTTP [bayes]

Tommi Laukkanen tommi.s.e.laukkanen at gmail.com
Wed Mar 18 19:00:23 UTC 2009 

My professional opinion is that it is a wild goose chase to try to
protect assets. The unfortunate reality is that when opensimulator
becomes widely adopted there will be open clients and anyone can go
and use them to get someone elses assets. There is just no way to
protect yourself against it. World wide web recognizes this and works
well.

We can put our heads in the bush but it does not change the reality.
Sorry to be so blunt about it but someone has to say it.

We should not put all things in the same security category either.
Some security things can be handled both in theory and reality and
some can not be. This is a situation where you have given the user
assets inside a container which he has all the keys for. I would not
say that we should lock the container because the user is too lazy to
unlock it.

Security through obscurity is not a good solution either (using j2k).

Any asset protection measures can be countered simple action:

A) Download a hacked client and use it.

** This applies to water marked and signed content as well. Once
client can view it, it can also store it and manipulate it.

As it is so easy there will be clients which do this. Why would anyone
choose restricted client if you can have one which works in open
fashion and provides you access to every asset? This just is a thing
we can not control. It is outside our sphere of influence.

Asset protection measures will just make our lives harder and not of
those who want to steal assets. These measures will make development
harder, adoption slower, cause bugs and above all waste our design
focus.

Only solution I can think of is to have some kind of network of
content registeries which will keep track of authorized content and
who has right to use it like Kyle suggested. Then majority of clients
should respect the registeries. There are two problems though. Can we
make such system work in global scale? Wont someone just branch and
make open OpenSim and clients?

Go for simple solution if complex ones do not give you real benefit.

- Tommi

More information about the Opensim-dev mailing list