Auto-Bans For Copybot Clients – SL Viewer Wars Escalate

by Alphaville Herald on 19/02/10 at 8:01 am

Skills Hak's client detection system & ban relay fights copybot-capable clients – Transylvania vampires warn against running griefer clients

by Pixeleen Mistral, National Affairs Desk

Taking Second Life anti-copying software as a service in a new direction, Skills Hak has released a client detection and ban relay system which Hak says "detects all known viewers with copybot/griefing functionality" with no false positives. Hak goes on to claim "So far there hasn't been a single reported false positive. You can trust
the system, the technique is not something that can be wrong, it detects harmful viewers with a success rate over 80%".

Hak 

Only L$700 to fight copybots on your land – for the first month

It is unclear from the sales literature at XStreet exactly how one might contest a ban by the system other than to appeal directly to Skills Hak, but Hak apparently is willing to discuss matters with those who feel slighted by his system. This certainly seems like an infinitely scalable approach to justice in the metaverse, assuming Hak prefers to spend his time in Second Life chatting with aggrieved griefers and copybot artists.

The system is currently being sold on XStreet where it currently ranks #10 in sales after reaching a peak rank of #4.

The Gemini Cybernetics CDS system has apparently sucessfully automated the compilation and sharing of banned Second Life residents among Hak's customer base. Accord to the XStreet ad, "In the first 3 beta weeks, the system detected over 1200 people with harmful clients in the few high-traffic test-regions."

Two obvious extensions to the product – automated estate bans and automated abuse reports are a planned for a future release. 

"As soon as an avatar connects to your region information is being
requested from a team of bots with special abilities, connected to a
database server off-sim. If detected and identified as harmful, the avatar is being teleported
home and banned from the parcel automatically. (Estatebans and
automated Abuse Reports are a planned feature..) Avatars will stay in
the database forever and treated as potentially harmful, even after
returning to a harmless viewer. It is a networked system so banlists
are shared automatically and users can benefit from each other. All the heavy-lifting and calculations are processed outside of the grid leaving CDS lag-free and secure.

Will this sort of zero tolerance justice improve life in the metaverse? Will the security of Skills Hak's ban database prove to be better than Banlink? The leadership in the Transylvania sims apparently think so, and have warned their community against using questionable Second Life viewers:

Group Notice From: Willow Raven

Be warned:  If you are using a Neillife or other viewer designed for
copybotting and enter Transylvania, Hercynia or Desolation, your avatar
will automatically be ejected and banned, not only from Trans but from
every SIM in SL that is equipped with the protector.  This copybot
protection service does not affect Emerald viewers, only illegal third
party viewers that were designed for the express purpose of
copybotting.Do NOT risk your status with the family  by wearing such a
viewer.
Transylvanian Royals

79 Responses to “Auto-Bans For Copybot Clients – SL Viewer Wars Escalate”

  1. VerNie

    Feb 22nd, 2010

    this is a pure fake. i can prove it. this guy sells that insiltico robot that gemini thingy. i bought one last november of 2009. when im wearing the robot suit/gear, it messes up with your viewer. only those who are using emerald can see it. my friend told me “why you using a cryo viewer?” i replied -nope i dont use cryo dude only sl standard one, i dont even have emerald. then he said ” dude your tag is flashing your using cryo, oh! wait it says now your using gemini, oh wait whats that?” he keeps saying this & i was just in the dark as he was & confused as ever. then we started to argue – more friends came and 3 of them saw same thing – but i insist no way not even posible im using those. then i took off that robot thing — my viewer went back to normal. i was shocked that its even posible to manipulate ones viewer. same reaction with my friends. imagine those who got who go wrongly reported for using a illegal one. then i sent a AR with screenshots and chat logs but no reply after that. i sent a notecard to that guy the creator. he accepted the notecard but never explain or anything. so this detection thingy – might be just manipulation that script he used before on his robot. THIS IS JUST PLAIN WRONG. (SORRY MY ENGLISH IS BAD I HOPE YOU GET MY POINT SOMEHOW)

  2. Jahar Aabye

    Feb 23rd, 2010

    Senban, please understand that I was simply stating that I did not think that this was a case of discrimination. I think of it more as a case of stupidity (granted, discrimination *is* a form of stupidity, but that’s another story entirely).

    In the end, communication between content creators (and communication from customers) who send in snapshots with the inspect window included, stuff like that, where DMCAs can be filed and the systems that are already in place and transparent, that’s the best way to handle these things. I know that the Herald has had a recent bad experience with DMCAs, but on the other hand, the DMCA process also allowed for a proper process for the Herald to get their stuff re-published. This is because things like the DMCA are spelled out in clearly written format with transparency and clearly defined actions that can be taken, with courts of law as the ultimate arbiter.

    It’s funny, I see people on that XStreet discussion page talk about how this system has already banned such and such number of people from their land (who they assume were using copybot viewers to copybot their stuff). On the other hand, they never actually were able to “stop” any content theft. On the other hand, when content creators or their loyal customers spot copybotted material and send evidence to the legitimate creator, it allows us to actually go after the copybotters. We can file DMCAs against the people using the copybotted material and against the copybotter. We can get the material removed from SL, and if necessary institute legal action against any large-scale copybotting operation (although we generally tend to see dumbass underage morons copybotting stuff because they can’t steal their parents’ credit card to buy the L$ to get the product in the first place…but then again, we have an RL business license and our stuff is fairly well-known, so you pretty much have to be a zitfaced moron teenager to think it was a smart idea to go copybotting it).

    Content creators who want to make money need to ignore the copybot mass hysteria, and focus on creating new products, updating the ones they already have, being proactive in hyping their products and getting their customers to join their official groups, where they can then send out group notices about new releases, etc.

    People who focus more on stopping copybots than on proper marketing (and of course, making good products) are simply not fit to be running a business. Sure, if you see your stuff copybotted, report it. If you think you see someone else’s stuff copybotted, take a snapshot with the inspect window included, and send the creator.

    But this goes beyond stupidity and into just poor business strategy. Welcome your customers with open arms (or in our case, loaded arms), make them feel like family, make your products as good as they can be, put out new products and update older ones regularly (and I’m guilty of not updating some of my stuff as fast as I should due to health problems). That’s good business. That’s the difference between being in business year after year, and being just another name people remember and wonder what happened to them…

  3. Gundel Gaukelei

    Feb 23rd, 2010

    @Nelson Jenkins
    “In fact, I DO have phone-home scripts in my products. They even have a variety of functions limited solely to me so I can delete things remotely or on-site, reset scripts, and request debugging reports of the scripts inside. They also check a database of known copybot users (and, admittedly, people that I despise) and even can be restricted from being used in sims that are copybot hubs. If something’s wrong, it immediately deletes/unwears itself. However, here’s a simple way to defeat it: no-script land. Rez or wear it in no-script land and nothing happens whatsoever; you’re free to fire up your copybot.”

    That’s exactly where you end up proceeding on that path: treating your customers as potential criminals – every single one of them. Wire tapping on them, invade their privacy in any possible way, fraudulently sell them products which lack certain properties but got others that are unexpected and unwanted by the customer and even steal stuff from them they paid you for. This all happened before – the music industry and others have gone through all of this BS. But in the end they pissed off former legitimate customers like me who just wanted to listen to that damn CD in their car audio – which didn’t work – or were stealing my time and made me angry because I don’t want to be confronted with lengthy “you copyright violators will end up in jail soon” ads preceding every single DVD I bought or rented because I’m not a criminal and I utterly refuse to tolerate dealing with me in such a way.

    I wouldn’t be too surprised if your legitimate customers would start looking into copyright infringing techniques for the sole purpose of using the stuff they paid for without all the fascist surveillance crap you’ve been kindly packing in there. To my eyes, a fully justified decision.

    Now, when I want to buy something (which I did in the past, look me up in secret Wiki, lol) or just hang out in Insilico, its under the risk of ending up as a false positive in someones DB forever – while the real copybot users would just get another alt and proceed their doing – viewer patches applied.

    The first thing I do now is, delete anything I bought from Gemini in my inventory. Who knows what spyware is hidden in those scripts.

    Maybe its about time to start a a database of places where collateral damage is considered a necessary evil…. no, !rly.

  4. Senban Babii

    Feb 23rd, 2010

    @Gundel Gaukelei

    “That’s exactly where you end up proceeding on that path: treating your customers as potential criminals – every single one of them. Wire tapping on them, invade their privacy in any possible way, fraudulently sell them products which lack certain properties but got others that are unexpected and unwanted by the customer and even steal stuff from them they paid you for.”

    This is exactly why I don’t support all these rants by content creators. They don’t all do it I know but there are increasing numbers of them who treat their customers as criminals by default.

    I simply don’t buy anything any more. I’ve gone from spending a considerable amount weekly to pennies monthly and if you take that and multiply it, content creators will be out of business soon unless they start treating their customers with a damn sight more respect. Personally I’d rather learn to simply create my own content and give copies away to people if they like something I created. It’s more fun, it’s more interesting than being someone else’s cash cow and it’s more in the spirit of Second Life (or rather how it used to be).

    The sooner SL has some kind of consumer association to protect us from unscrupulous business owners and content creators, the better. I’m not holding my breath though.

  5. Jahar Aabye

    Feb 23rd, 2010

    @ Gundel,

    (warning: the following is TL;DNR and contains a lot of useless pedantic info on scripting…I blame my meds)

    Most scripted products in SL have some form of “phone home” script in them…if for no other reason than to allow for the products to automatically update. Sometimes a creator needs to update a product to fix a serious bug, or other times simply to add extra functions (for example in our case, adding compatibility with new combat meters). It’s far easier to do this by having the device check for updates when worn than to use some sort of mass update list and send out updated copies to everyone all at once.

    In fact, I generally would not purchase a scripted object of any sort in SL unless it was copyable and came with automatic updates, simply due to the shaky nature of LSL scripting. Simulator/VM/Database/Asset errors can cause scripts to malfunction, sometimes permanently. Also, no code is ever 100% perfect, no matter how much beta-testing you perform, so there is often a need to send out an update to fix some minor bug that made it through beta testing.

    I’ll give you a minor example that my boss probably won’t mind me sharing. When I updated our MP7s (mostly a recompile to LSL and efficiency changes, but also a few new features), I accidentally used my code for the prim light and laser for the “normal” sized gun copy in the “large” sized copy as well. After all, the two models (which are sold together) are identical except for the anims, right? Except that the light and laser use prim-move…ooops. The embarassing result was that if you wore the “large” version of the guns (intended for SL oversized avatars), and turned the light on, it looked silly and the beam didn’t even appear to come from the flashlight at all. It was a quick fix, fortunately. And so people who had received the automatic update to v1.2, or people who had just recently purchased the gun after the update was released (since some of the new functionality was very popular) were automatically given an update to v1.2.1 upon wearing the gun, with the light issue fixed.

    So my point is that a “phone home” feature is not, in and of itself, a bad thing. Virtually all scripted objects in SL use it to allow for updating, because unlike Skills Hak, we recognize that no scripted system can ever be 100% perfect (and also because we like giving our customers new features to play around with). It’s not necessarily “fascist surveillance” crap. Just “am I the latest model? No? Then please send my owner the latest model.”

    Also, most content creators do keep records of purchases, not necessarily for nefarious purposes, but simply because SL screws up sometimes, so you get people who buy a product from a vendor and it doesn’t get delivered. I don’t do customer service, so I can’t speak as to how records are checked and verified, but the basic idea is that if someone doesn’t receive their product, there needs to be a way to verify the purchase and then manually send them the product if necessary.

    Just because people like Skills and Kalel keep secret databases doesn’t meant that every merchant who has their products “phone home” or who keep sales records are nefarious or are collecting any personal info or treating their customers like criminals. Hell, you do realize that XStreet sends you an email when someone purchases one of your products, right, even if you’re not the merchant but are receiving a cut of the profits? And those of us with reasonable levels of intelligence recognize that we would never reveal that information to anyone outside the company. Even something as simple as a product purchase is private information between the buyer and seller.

    The difference is, there is an expectation that when you purchase a product from someone, you enter into a business relationship with them, you expect to receive the product and you expect that it will work and that bugs will be fixed in a timely manner. There’s some level of choice involved. What Skills is doing does not have that same level of consensual relationship between the people his system has been checking (70,000 residents, by one tally, of whom something like 1,700 were flagged as using illegal viewers, and who knows how many of those were false positives). People who purchase Skills products might be voluntarily entering into some sort of relationship or agreement with him, but those who were scanned by this system were not.

    Now, if all his system was doing was something as simple as the cryo-detection method, for example having a bot send an IM to someone to check for the stop_typing response or some such, then maybe it’s no worse than someone using a sim-scanning radar (although using a megaprim with llVolumeDetect() is just stupid)…but if Skills was actively scanning people’s PCs, as he claimed in one SLU post (possibly looking for the specific XML files used by illegal viewers), then that’s clearly crossing the line. When I enter a sim, I recognize that my presence in that sim might be detected by a scripted object, that I might be seen by people within draw distance, that my SL client is broadcasting my UUID and location to the entire simulator (has to, else how would I end up on the minimap?).

    But nobody consents to having their computer scanned by the sim owner or by some private company that refuses to release even the slightest details of their methods, and boldly asserts that there can be no false positives. Nobody consents to being placed on a blacklist that may cover a large swath of regions and for whom the current sole appellate authority is Skills herself.

    See, a land owner has the right to ban any individual they choose…but when they rely on someone like Skills to essentially tell them (or actually force them) to ban all of the individuals on the blacklist, regardless of what client they might be using at the moment…well that places a much bigger liability on Skills herself. Skills is now responsible for banning people from any region that uses this utility. Sure, Skills can try to fob it off and say it’s the fault of the people who used that client, or that the land owners knew that the system would automatically ban people, but it is still the system scripted and programmed by Skills that is doing the banning, and even if land-owners choose to give him that level of control over their banlists, the other residents who have been scanned by his device did not consent to be scanned in any way, shape, or form, and did not enter into any sort of business relationship with Skills.

    That’s the difference between scripted objects with harmless “phone home” scripts or keeping purchase records, which involves servicing customers who enter into a business relationship and expect (and deserve) to receive their products and support for their products on the one hand; and covertly scanning thousands of avatars and keeping some of their names in a secret database without their consent, a database that automatically gets added to the banlist on the land of anyone using the system.

    The problem lies not with ethical businesspeople who keep purchase records or have their items phone home for an update, it’s the people who forget that basic business ethics apply to SL as well as RL, and install these scanners without any informed consent. You will notice that in RL, if you walk into a store, there will often be some sort of sign noting that there are security cameras present, for example, or there may be prominent detectors at the door that will set off security alarms if someone walks out with an item that still has a special tag on it. Granted, these things are more to discourage dumbass kids than to deter serious thieves, but the basic concept of informed consent is still there, and it’s missing with this system.

    Perhaps Skills should make sure that everyone who enters one of these regions is informed that the region is protected by his system, not just the people who are ejected for using illegal viewers…and make it tell them at the time that they would be scanned, not telling them some time later.

    The whole thing reeks, and I hate that it now makes legitimate, ethical businesses that use basic customer service techniques look like they’re doing anything remotely similar to this sort of massive intrusion of privacy. I have always maintained that the best way to do business in SL is to do good business, to cultivate a loyal customer base, make good products, market them well, etc. Go after copybotters when you find them, but Skills system is just not good business practice because…UNLIKE the phone home scripts…it treats everyone as a potential criminal until they have been scanned. I have already had to tell one creator whose products I have purchased in the past, and to whom I have given scripting advice and whose products I have recommended to friends, that I will no longer be patronizing his store specifically because he uses this system and was active in allowing it to be used in his store during the undisclosed testing period.

  6. Wordfromthe Wise

    Feb 23rd, 2010

    can i haz a List ? lol

    There is currently an SQL database being assembled with the names of users who are using these clients and apparently many of them have been banned . Here is a link to the name list , just to show that its out there :

    http://209.85.229.132/search?q=cache:2tOCP9mcwU4J:pastebin.com/pastebin.php%3Fdl%3Dd4ac68943+insilico+copybot&cd=8&hl+en&ct=clnk&gl=uk&client=firefox-a

  7. Tux Winkler

    Feb 23rd, 2010

    This works then! I thought it ejected and banned users from the sim then notified the other sims using the device? How is it that Chanel Blokke can repeatedly visit sims? IDK if the log is real, but it is highly funny! If it is real then surely this is proof it doesn’t work on the identifiable viewers (of course it cannot detect a spoofed client!)

    I would hope the ban is from the sim, because LL shouldn’t ban for using a viewer (unless it contains the word life in it it would seem – thats another story though).

    12:55:29 Neillife User detected in Luck Inc: Chanel Blokke
    12:58:53 Neillife User detected in Luck Inc: Chanel Blokke
    13:35:28 Neillife User detected in Luck Inc: Chanel Blokke
    14:17:16 Neillife User detected in Luck Inc: Chanel Blokke
    14:36:34 Neillife User detected in Luck Inc: Chanel Blokke
    19:34:13 Neillife User detected in Magika Land: Chanel Blokke
    23:15:09 Neillife User detected in Magika Land: Chanel Blokke
    01:26:25 Neillife User detected in Luck Inc: Chanel Blokke
    02:03:37 Neillife User detected in Luck Inc: Chanel Blokke
    02:03:39 Neillife User detected in Luck Inc: Chanel Blokke
    04:42:30 Neillife User detected in Magika Land: Chanel Blokke
    04:42:36 Neillife User detected in Magika Land: Chanel Blokke
    06:22:22 Neillife User detected in INSILICO: Chanel Blokke
    06:22:29 Neillife User detected in INSILICO: Chanel Blokke

  8. WTF?

    Feb 23rd, 2010

    @Nelson

    “In fact, I DO have phone-home scripts in my products. They even have a variety of functions limited solely to me so I can delete things remotely or on-site, reset scripts, ”
    Can I have the name of your store so that I know not to shop there? A script that you can use to remotely delete items bought from you? What kind of business are you running? If i buy something from a store, it is mine, you have no business coming around after the fact deleting something that was bought from you. How about a system that detects dishonest business people like Nelson so we know not to buy from him. Deletes objects after you sell them, what a moron. This reminds me of Black ops weapons threatening to disable weapons bought from them if someone reports a person using their weapons for griefing. At least Black ops informs their customers of this so that a person knows to go do business else where and not risk someone getting in a hissy fit for losing in combat and having their weapons taken away or disabled because some sore loser decided to report them.

  9. Anonymous

    Feb 23rd, 2010

    Well now thank you guys! You’ve just completely eroded any confidence I had left in Linden, Second Life, or the users of Second Life.

    I just took a look at my hair, shoes, and bracelet only to find that each has at least one script per prim for fuck knows what reason, and my hair has something in it called “phone-home”. I have no idea what these scripts do, some may be innocent and for all I know that “phone-home” thing is pinging some off-world database and relaying my fucking chat.

    My account is set to delete next month and I’m not coming back until all you sickos who think its okay to spy and collect shit on me are fucking gone!

  10. Jahar Aabye

    Feb 24th, 2010

    @WTF,

    Perhaps you should actually know what you’re typing about before you speak about specific companies. We have, to date, had to disable ONE user’s gun that I know of due to massive griefing that was bad enough that the land owner had to contact Grey personally. That would have had to have been some time in 2006 or so, incidentally. We’ve disabled a few others that were obtained through fraudulent means, but that’s it. Out of thousands sold. Nobody has every had their weapon taken away or disabled because of a sore loser reporting them for beating them in combat…especially considering how many people have had their asses kicked by people using our guns. So kindly shut the fuck up about things you know nothing about, and stop defaming a company that actually creates content and engages in ethical business practices.

    Like I said, almost every single scripted item in SL uses a “phone home” script to check for updates. If we didn’t do that, we would not be able to keep our products compatible with the up-to-date 3rd party APIs that we use (like the CCS roleplaying system) or add new features or fix bugs, and the same is true for most other scripted content in SL. If one of our products breaks or isn’t working correctly, we fix it, period. If you legitimately purchase one of our weapons, you will receive it, it will not be de-activated. The only real situation I could foresee where that might happen would be if we find that there’s some massive bug in the product where it could crash a sim or something, then yeah, we’d probably issue an immediate automatic update for everyone and de-activate the older versions. That’s never happened, thank G_d, but I’m just pointing out a hypothetical situation that any content creator has to consider.

    So like I said, be careful how you describe events you don’t know jack shit about, because it’s insulting and defaming to a large group of people who put a lot of hard work into creating content, and we don’t de-activate that content illegitimately.

    And even if that were to happen, unlike Skills, we have a large team of customer service reps who will gladly look into the situation and try to resolve it. We don’t make money if people can’t use our products, we make money when people use our products, love them, and come back and purchase more.

  11. Bonnie

    Feb 24th, 2010

    Amazing that we can even move at all in SL with all these phone home, deactivate/delete (aka stealing scripts), update,and every other script running in a sim using up the resources. It is not a surprise that LL has decided to limit script usage.

    Personally I think it is up to Linden labs to delete or punish a griefer and not a business owner doing what would be like a thief crawling in a persons window at night and stealing a product from their customers.

  12. Nelson Jenkins

    Feb 24th, 2010

    @ Gundel Gaukelei

    “That’s exactly where you end up proceeding on that path: treating your customers as potential criminals – every single one of them. Wire tapping on them, invade their privacy in any possible way, fraudulently sell them products which lack certain properties but got others that are unexpected and unwanted by the customer and even steal stuff from them they paid you for.”

    Well, on my personal blog (part of the company website) I posted the details to this system and actually have offered it to a personal friend of mine, who has willingly adopted it to fit his own products using his own database and has had no complaints so far. I’ve notified the group and the news stream twice about its release (a few months ago). I have only used the backdoor delete function once, on a friend’s fire alarm system that couldn’t be shut off because he was out of town and the local fire department did not set up their access list yet. My original intention was to be able to remotely or locally reset any or all scripts within the product, but then after considering the self-delete function, I decided to throw it in just in case I needed it (and, obviously, I have).

    If you’re talking about the blacklist part, however, it doesn’t affect you, so what do you care? There’s no more than 100 names on the list (many of which are disposable alts). I’m notified whenever someone rezzes a product that self-deletes because of the owner being blacklisted. It hasn’t happened more than 10 times to my recollection. I offered support to work out the problem in most cases (reminder – names are added manually, not detected using some wild-ass script like this Cybernetics crap).

    I don’t wiretap – this would, first of all, cause massive lag. Every single product listening on channel 0 for all chat, then IMing it to me? No thanks. Second of all, you assume I have the need to listen to people talking in SL – you can also just walk up close and stand on the other side of the wall if it’s really that important. For me, I’ve got other things to do than act like the super-spy of the grid.

    My products aren’t “lacking” anything that was advertised with them. I don’t know where you came up with that assumption (maybe from your ass?).

    They don’t come with extra “spy” features like you claim – this script is also vital to updating, etc. and in 99% of customer experiences it only does that. If you’re lucky to be one of the 1%, then you’ve shown to me beyond a reasonable doubt beforehand that you are a significant threat to my company. I suppose you refuse to install home security systems as well?

    Again, I provide a full refund for those whose blacklist status can’t be worked out (simply out of the generosity of my heart).

    Finally, let me make this abundantly clear – my company policy, which is easily available by clicking a button on the vendor, states all of these terms. Nobody has complained to me about it yet.

    “I wouldn’t be too surprised if your legitimate customers would start looking into copyright infringing techniques for the sole purpose of using the stuff they paid for without all the fascist surveillance crap you’ve been kindly packing in there. To my eyes, a fully justified decision.”

    Go take your meds and wait a few hours before coming back, please. By the way, you know that operating system you’re running? It’s got more “fascist surveillance crap” than my products ever will.

    @ Senban Babii

    I like to think of myself as a reasonably transparent person. Most of my daily activities are relayed into SL to my friends and those around me. I even build most of my products right in my stores, which provides excellent customer feedback during the scripting process. My most recent invention, a second-generation product, has been almost entirely designed by customer input. People just swarm around the store when I’m there and ask if such and such a feature will be in it. If I didn’t think of it, in it goes.

    As such, I have been asked about the blacklist script several times. Most questions can be easily answered and, once more, nobody has effectively complained about it. As of this product, I’m considering removing it simply because the product communicates with other products solely using my off-world server, which happens to be its main feature. If someone happened to copybot it, they would have to script their own PHP script, pay for hosting fees, etc. (which, I assume, is far above your head) because all communications are encrypted and vital data (object names, owner names, rolling update and communications security codes, etc.) is included with each and every transmission, which would give away any hints of the “address” being occupied by a copybotted product. If the “address” is noted to be used by a copybotted product, I can always block it.

    I do understand, however, that some companies are very secretive – for me, I post updates to the group and news feeds as much as possible since my company is only comprised of but two scripters and we don’t exactly make big money off of the operation (yet). However, some big businesses simply don’t care about the customer and they’re in it to make money. Me? I don’t really care. I just spend time scripting things to waste time and charge up my general scripting skills in case, god forbid, I ever need to fall back on a job as a code optimizer.

    @ Jahar Aabye

    Have you ever played a Punkbuster-enabled game? Or even a VAC-protected game? I don’t have any qualms with VAC (because, for the most part, it’s passive and solid) but Punkbuster is just a pain in the ass.

    Let me explain: it demands to be updated every time you join a server (which can take up to 15 minutes just sitting there waiting for the damned thing to download), you can’t refute bans, and bans are always permanent MAC bans. I was unfortunate enough to experience a false positive and was instantly banned with no manual check and nobody would listen to my rebuttal. As it turns out, this was a time period when Windows 7 was in early beta. Apparently Punkbuster didn’t play well with Windows 7 and had blatantly assumed that one of its services was shut down by a rogue program to avoid detection. Even nowadays you have to go through a topsy-turvy mish-mash of wild settings and fixes just to get Punkbuster to work on your Windows 7 box… and they’re STILL refusing to support Windows 7, even though new games (BF2:BC2, anyone?) are actively using the service! I didn’t even remember I was banned until I downloaded the beta (along with pre-ordering the game) and discovered my laptop was banned! (Fortunately, the laptop fried itself and I’ve got a shiny new desktop in the mail. Interestingly, I pulled out some money from SL to cover the cost of shipping and rush service.)

    @ WTF?

    You could just look in SL and check my Picks tab instead of being an immature asshole about the whole ordeal.

    Now that that’s off my chest, let me point out the company policy available through all vendors (even affiliate vendors!) that clearly states that 1.) purchasing any product is automatic legal consent to the company policy and 2.) products can be self-deleted or self-detached if the purchaser poses a threat to the integrity of the company. However, all situations that can’t be sorted out result in a full refund simply to avoid any legal issues. One more time, and I hope this will be the last: we reserve the right to refuse service to anyone and everyone at any time for any or no reason at all, as does every single business in the United States.

    @ Anonymous

    HALP TEH INTARNET SPIES R WATCHING MEEEEEE!

    @ Bonnie

    It doesn’t use any resources until it is clicked by me (then it opens a dialog box and listens for 30 seconds, then removes the listen after an option is clicked or it times out). If you want to complain about resources being used up, ask Skills if you can see his bot farm.

  13. bubba

    Feb 27th, 2010

    There are a few things that bother me about this.

    The seller’s back ground and reputation. Interesting thing i found through search. Skills takes the ‘once a copybotters, always a copybotter’ approach, does that mean she still is to?

    http://www.hangars-liquides.com/hl-simulator/

    Her gemini system is aimed to thwart the casual users of copybot viewers, but apparently if this article and quotes are true, she not only copied for her own use, but also for profit by reselling copybotted objects, which is far worse.

    The FAQ claims no other information is taken, besides your UUID and name? How are they finding alts names then? Shes already been banned for copy theft, is identity theft next, because all that im reading so far, and ive read many forum posts, is that the automated system somehow hacks into your app_data folder to get those alts names.

    Does this happen only on avatars the system deems bad, or anyone that passes through the system? 100% safe and reliable? I’m sure JLU thought their files were safe. What happens when someone publishes that list? I have alts i dont want my partner, my family, my friends or business partners to find.

    I dont copboy, yet i dont spend alot either, if i knew what sims employ this system, i wont be visiting them. Magika and insulico will never get my little bit of business.

    Im all for stopping the copybotters….but the chance of a false positive, my alts revealed, the developers reputation………find another way to deal with copybotters besides hacking into my files content theif!!

  14. anondesigner

    Mar 12th, 2010

    Its a great device, It works amazingly well, highly strung customers can get all het-up if they want but the truth is the only people getting really, truly pissed about this are the copybotters. The problem has been left undealt with by LL and has gotten too big, only creators who have repeatedly had their work stolen (every well-known creator on the grid) know how bad it is- if youre not one of those then you have no idea what its like, and getting so worked up over designers taking defensive measures makes you slightly weird & paranoid, at the very least severely lacking in empathy. Saying this is a poor way to treat customers when the detector doesnt affect real customers?
    Its a poor way to treat a shop owner going to their shop on a copybot client! And designers wouldnt HAVE to take measures if copybotters hadnt forced them to, so get angry at the copybotters not the designers, because theyre pissed that they have to do this too.
    LL should have implemented something like this into the viewer but they havent, so thankyou Skills for standing up. That article on him copybotting If its true, its from 2 years ago! Id say hes lived and learned.
    Anyway the detector doesnt give alt names and was passed by LL before release so go figure.

  15. [...] Hak is claiming significant success for the Gemini Cybernetics CDS anti-copybot system, and recently told the Herald "we looked up the number of uniquely flagged [...]

  16. The Man

    Mar 24th, 2010

    Well I have been in SL since the begining. It was a fun community of people that enjoyed a game that was fun and wonderfully open learning experience. It was what ever you wanted it to be. In the years that followed it has become a liberal cestpool of big brother and closed scripts and dollar driven crap. Bring back what made SL great…open learning experience and fun place to share knowledge with friends and people from all over the world. It has become a glorified hooker barn full of people wanting to take your linden only. If they would take the money out of it it would return to the old days. Half or more of the textures in Sl were stolen from the real world. When did these creators get paid? This idea of taking pixils and selling them for rl cash is the root of most evil in SL. I know…. don’t start where is the incentive for these people creating new products…the love of the game and skills we all learned through open sharing. Come on people where is the Love. Stop Gemini in their tracks. They are miss leading people with there UUID and Name only. If it were honest why not just warn people…these viewers are not supported on these sims give them 15 seconds to leave and be done with it. If there is a ban list it should have a system in place to review the ban before distribution to other sims. Hell this is second life lets have a court system and trials for our avs. No bot can identify a thief simply by the browser they are trying or tinkering with. There will always be a way to copy content. SL roots come from hackers and those that have to know how things work. Reverse engineering people’s works were exciting and lead to better scripts and more meaningful play. You cant copy scripts and that is what makes or breaks a product in Sl except for mayby skins and you can take those without copybot if you want them. Of those identified on these list how many have been proved to have coppied and distributed items? How many of these hard core have already circumvented the ban…I bet all given a few weeks will be back new AV, new way around it and for what? So someone can keep their secrets a little longer….make a little more money….kill the game a little more….take the last breath of life from the sails to leave the empty shell…and after all that is all these things get is the shell.

  17. headzup

    Mar 24th, 2010

    They say that if you delete all your cookies and turn off media the CDS system wont work as it uses urls and cookies , how long before they make a client that makes it an useless sytem. If they arent doing this already…there is always someone 1 step ahead.

  18. Muziekfreak1980 miles

    Mar 28th, 2010

    Kindah cool how ppl are trying to figure out how the system works. Then the comeup with the wildest ideas, and offcourse are so defensive about the system itself “It steals my content” “and the should ban this entire system” ectra.

    Funny..it sells like a hotdog stand in the afternoon. I think nothing more needs to be added to it. It sells, and it does it’s job, and even if it collects data. Big companies (say Gothic catz) and such use it aswell. Then you have ppl “im not going to any sim that uses the CDS”

    Well good!!..like those companies care about you lol. So funny to read this all. Although i agree with some you folks, and yes maybe it uses your “personal” information to detect.

    So what? Scared the gonna hack your system for what? To steal minesweeper of your hd ahaahahah. What person with the right mind i playing Second Life with a computer that even contains important data?!

    Just wondering you know…how smart is that.

  19. Jumpman Lane

    Mar 28th, 2010

    Musty you dutchfeak, I bet you wonder a LOT of weird things, but AMERICANS value thier right to privacy. one doesnt compromise on principle or they’ll find they are collaborating with evil. Much like the dutch and well the french. Nations with a sad history of collaboration. We call that cowardice where I’m from.

  20. Terminus Est

    Apr 16th, 2010

    (From another thread, for information)

    While the existence of this device or its use by land owners may not constitute a breach of the ToS and CS, the database and autoban facility, together with the non-transparent appeal process may render those responsible for its creation, development and management vulnerable to charges of abuse. The system of tracking which viewer is in use by an AV entering a sim and ejecting said AV is not in question. It is the recording of the AV name in a database and the autoban feature which may contravene LL’s rules.

    Consider if person “X” has been detected using a malicious viewer and is (rightly) ejected from a private sim, as this viewer is capable of griefing and.or copybot. So far, no complaint. The land owner exercised fair and reasonable rights, and perhaps even a “duty of care” towards people using his sim.

    But person “X” then abandons the malicious viewer and, using a bona fide viewer, enters another sim protected by CDS. The presence of person “X” on the database triggers their immediate autobanning from this second sim despite there being no threat of griefing or copybotting. The owner is exercising his rights to this power, afforded by Gemini through CDS.

    But…has person “X” (who is now acting in a manner compliant with ToS and CS) subsequently been Assaulted by the “creating or using scripted objects (CDS) which singularly or persistently target another Resident in a manner which prevents their enjoyment of Second Life”? And are they being Harassed because communicating the database holding their details is “likely to cause annoyance or alarm”? And does the CDS database and autoban facility “inhibit another Resident’s ability to enjoy Second Life” which constitutes Disturbing the Peace?

    Furthermore, is the transmission of the database itself a breach of 8.2.iv., i.e. “harmful, threatening or harassing, defamatory, libelous, false, inaccurate, misleading, or invades another person’s privacy”?

    Finally, if person “X” is now using a standard viewer such as LL’s own or one from their TPV Directory (which does not include Emerald), does the database and autoban feature of CDS breach 8.3.iv. by impeding or interfering with “other users’ normal use of the Service;”?

    If the answer to any of the above questions is Yes, then who is at fault – Skills Hak alone, as the creator? Skills Hak and her colleages (Ash Qin, LukaStar Mattercaster, Cinndreia Messmer, GEMINIbot Inventor & Lonely Bluebird)? All of these and the land owner who exercised autoban without just cause?

    All of this can be simply and swiftly remedied if Gemini abandons the database and removes the autoban feature from CDS. This in no way will dilute the effectiveness of their product, whose aim is to detect the presence of malicious browsers and giving the land owner a means to protect against griefing and copybotting. Auto ejecting without the shared database is all that is required to achieve the desired result. Anything beyond this is excessive and disproportionate.

    However, if Gemini neglects to amend CDS after fair warning, they leave themselves liable to abuse complaints on the above grounds.

  21. JuanFra

    May 11th, 2010

    (En otro foro anglófono me han borrado el mensaje sin explicación alguna. La única norma que rompe mi mensaje es decir la verdad –que debe de ser considerado algo muy grave y peligroso, por lo visto–. Esto me ha decidido a informar de su existencia a varios medios, así como a publicarlo en otros medios de Internet por si acaso, para que todo el mundo conozca esta realidad cuanto antes. Además, lo amplío más cada vez que me sea borrado, pero siempre en el siguiente foro.)

    Hay una explicacion muchísimo mas sencilla sobre cómo funciona el CDS. Si aplicamos la navaja de Occam seguro que muchos estarán de acuerdo en que es la más probable:

    La mayoría de los visores con funciones ilegales han sido hechos por el mismo equipo de hackers aparentando ser distintas personas (incluso peleadas entre ellas, para dar más veracidad al engaño). Estos hackers venden sus visores ilegales trucados y con dichos visores, además de sacar el dinero a la gente en la venta, sin que ellos lo sepan les toman sus datos de nombre de avatar y password al conectarse (es extremadamente fácil de hacer y todos recordarán la cantidad de comentarios que se han leído en los foros acerca de que al conectarse siempre fallaban la primera vez con cada avatar nuevo, misteriosamente) :) Estos datos van directamente a la base de datos que hoy se usa en el Gemini CDS, junto con el nombre del visor utilizado y alguna que otra información más.

    Después este mismo equipo finge haber inventado un gran sistema de detección de visores ilegales (como el CDS) y cobra dinero también por utilizarlo, así como cobra dinero por quitar de esa base de datos los nombres de quienes lo paguen (sin hacerlo público, claro). Por cierto, en esa base de datos hay mucha gente que jamás ha usado un visor ilegal, pero que ha sido incluída ahí por Skills Hak para perjudicarlos por ser competidores peligrosos o gente de la que se quería vengar; como no tiene que demostrar nada puede hacerlo cuando le venga en gana. Es decir, es todo un negocio pensado así ya de antemano desde el principio. Un negocio que LL debería abortar ahora mismo si es que no tiene nada que ver con dicho negocio.

    De ese modo es fácil comprender por qué y cómo los nombres están en esa base de datos y por qué puede saberse de antemano cuáles son todos los alters utilizados por la misma persona y por qué esa persona queda baneada automáticamente a través de cualquiera de sus nombres de avatar, aunque ya no utilice nunca más alguno de los visores ilegales por los cuales averiguaron sus datos.

    Los expertos en estos temas aquí sabrán que lo que he dicho es muchísimo más fácil y simple de hacer que cualquier sistema de diálogo HTTP interno mediante scripts hacia el parcel multimedia :)

    Por cierto, he podido comprobar que una de las cosas para las que sí que funciona realmente el CDS es para enmascarar cualquier labor de copia ilegal que Skills Hak quiera realizar con su script en el terreno de quien lo instale (y tambien con bots no necesariamente en el mismo terreno) :) El aparato permite copiar libremente al disco duro de Skills Hak y sus secuaces (Ash Qin, LukaStar Mattercaster, Cinndreia Messmer, GEMINIbot Inventor, Lonely Bluebird, Fractured Crystal) todo lo que se halle en el terreno que lo tenga instalado, constantemente. Incluso cualquier cosa que se ponga después. Además, también permite que algunos visores ilegales fabricados por ella puedan conectarse a ese terreno sin ser detectados ni por LL. ¡Menudo negocio han hecho los dueños de tiendas dejándose engañar por hackers! :-D DD Les está bien empleado por creer ciegamente en algo que jamás les han mostrado ni demostrado y que encima perjudica a sus clientes actuales y a todos sus clientes potenciales.

  22. Jayd3n

    May 26th, 2010

    This Device uses illegal methods of detection, and does not ask a user consent before any scanning is required.

    Also Detection of their ways of detecting is simple, Disabling Media allows bypass from that method, Disabling Voice disables voice IP tracking, and client detection Via that method. Not Clicking objects disables that method fo detection…

    After this if anyone was smart enough to actually get your client to send information, using an analyzing program you can easily find out where the data was sent by your client, ect. And block out their system via your PC Host file, in which you can easily make a new account, and reguardless of if they had your info it would be unable to detect you now, and your free to copybot anything you please.

    Therefore this system is not 100%, nor will it ever be. The evidence against Skills Hak, and the whole Emerald Team with their working with JCool410 is overwhelming right now.

    Only dumb people who are unskilled would not know how to bypass such systems, but We are educating more and more people on methods of how to bypass CDS, and any other systems like it inside SL, and outside. I am not responsible for their actions, what ever they are, I am only Educating people, due to their abuse in world who do not wish to have their info shared…

  23. It's Unfixable

    May 26th, 2010

    @Jayd3n: What exactly is it that makes its detection method illegal? Just to play devil’s advocate here.

    It uses a long-standing property of LSL to do it, performs the actual calculations on third party servers Linden Lab doesn’t control, and Linden Lab themselves washes their hands of responsibility for third party security systems used in SL, so it’s not a ToS violation either.

    So what part of this is illegal?

    And if it’s not illegal, then what’s all this “evidence” talk about? It looks like Woodbury just trying to misdirect public attention away from themselves from where I stand.

  24. Terminus Est

    Jun 10th, 2010

    @ It’s Unfixable

    You raise an important question regarding whether the detection method of CDS is illegal. And that also depends upon the jurisdictions which may apply. LL assumes that it is principally bound by the laws of California but is also subject to the Federal laws of the United States. Through various treaties, American companies are also potentially liable for any contraventions of the laws of other countries, for example in the proper use and protection of data provided by European sources for international travellers. Equally, LL has registered offices in other nations and will be subject to the laws that apply in these countries.

    So too are the SL account holders who operate systems such as CDS, irrespective of their personal location. If data is stored, accessed or transacted through other countries, local laws may apply. For example, rumours that Mr Ashley Stone (Ash Qin) is hosting the CDS database on a server in his family home, mirrored on server space used by Modular Systems in Germany, could bring him within the scope of both the Office of the Information Commissioner and the Bundesbeauftragter für den Datenschutz, as both countries are member states of the EU and comply with its Data Protection Directive.

    As regards the potential “illegality” within LL’s own ToS and CS, there are apparent contradictions in the company’s own limitations of liability that would potentially render these valueless if challenged in the real world. I am referring specifically to its Privacy Policy in the section called Information Displayed to or Collected By Other Users, and which states “Further, you agree and understand that Linden Lab does not control and is not responsible for information, privacy or security practices concerning data that you provide to, or that may otherwise be collected by, Second Life users other than Linden Lab. For instance, some services operated by Second Life users may provide content that is accessed through and located on third party (non-Linden Lab) servers that may log IP addresses.”

    However, the above seems to run counter to its own ToS 8.3(i) – for the in-world components of CDS can be defined as “computer programming routines” that “may harm the…interests or rights of other users, or that may harvest or collect any data or personal information about other users without their consent”.

    Therefore the matter of CDS being legal or illegal is unclear and untested. You used the expression “Linden Lab themselves washes their hands of responsibility for third party security systems used in SL” in your post and I wonder if you have any quotable sources from Linden Lab staff you might share with us?

    T.E.

  25. PN-Oldfag

    Jul 15th, 2010

    It doesn’t really matter, nothing can stand up to SL Popular!

  26. It's Unfixable

    Jul 15th, 2010

    It’s here: http://secondlife.com/corporate/privacy.php?lang=en-US#privacy3

    This section shows that Linden Lab warns the user that there are people gathering information via the scriptable methods available in SL and using for their own purposes, and that Linden Lab isn’t responsible for any of that, pretty much exactly those words.

    This means that they consider CDS and RedZone and (the former) BanLink and the W-Hat name-to-key database and the JLUfags database(s) and anything resembling these to be outside their control or jurisdiction.

  27. It's Unfixable

    Jul 15th, 2010

    However, Linden Lab does provide all the tools that make these possible, so it looks like they’re giving these a nudge-nudge-wink-wink and that’s all they’re going to do or say about it. We relied on this attitude by LL to make our grid crashers and other weapons, because obviously LL didn’t care if we did, or they wouldn’t have given us the tools to do it in the first place.

  28. sarah

    Oct 12th, 2010

    What skills hak has done to second life is appaling, I read the copybot forums all the time and let me tell you this, They are about a month or two ahead of this stuff, there is 4 or 5 new viewers out in just the last 5 months. I don’t copy stuff as i have paid for everything i have, Yet i still don’t quite get how i can spend 5$ on hair and not be able to keep it when secondlife is gone and everyone has moved to os grid. Your buisness practices are flawed from the very foundation. Second life is the only place where you can spend 1000$ and expect it to mean nothing eventually. We laugh at this stuff every day suuuuuuu don’t assume we are pulling are hair out, Your dmca missles are meaningless to those with no lives and no money, I have met a few six figure people who are and develop copybots, And CDS was the biggest fail scince fail failed, i could reference a youtube video where a botter copied a gemini bot and rezed it at emerald point spamming cds fails “the work of yours truly”. Please oh please keep up the bawling and stuff XD it motivates us and i get to laugh at your frustrations over not being a successful facist 3rd world dictator in a video game. Well its been fun but i need to get back to greifering emerald point. And for our next trick insilico will be copied and rezzed on opensim……oh wait we already did that!!!!!!!! duuuuuurp

  29. Datamynd

    Dec 15th, 2011

    I don’t understand why everyone is bitching. Its really simple. Don’t use a copy bot viewer. Done. Look how easy that was. A three minute download, a five minute install, and now you have nothing to worry about. Besides, if you aren’t using a copy bot viewer, the system won’t record your info, and bans based on username, not IP or MAC address. Its a simple region ban to boot.

Leave a Reply