• 13Dec

    Every once in a while, some Second Life drama will erupt about a “client detection system” (CDS), a scripted product that supposedly protects your store from content rippers (aka “content thieves”) by banning users of untrusted viewer programs. There was such an episode last week, with a certain store using a certain CDS that wrongly banned a legitimate customer using a legitimate viewer. I won’t bother mentioning the name of the store or the CDS, because this post isn’t about that specific incident. This post is about every CDS, every store, and every viewer.

    (Full disclosure: the viewer in that particular case was the Imprudence Experimental, which I am involved with. But, users of other viewers have been wrongfully banned by similar systems in the past.)

    Simply put, a CDS does not provide any significant protection against content rippers. It is snake oil: a product created to commercially exploit store owners’ fear. If you have a CDS set up in your shop, you aren’t protecting your content, you’re just paying someone to invade your customers’ privacy, drive away legitimate customers, and blemish your reputation.

    Most people don’t understand how a CDS works, but believe that it might actually be able to stop content rippers. The purpose of this post is to explain how they function, why they are ineffective, and furthermore why they are harmful to your customers and bad for your business.

    How a CDS Works

    A typical CDS works by telling each visitor’s viewer that it should visit a certain web page using the viewer’s streaming media system (the code that shows movies and web pages on a prim). The web page is hosted on a site controlled by the CDS operator. Each visitor is sent to a unique web address, which allows the CDS to figure out which connection belongs to which visitor.

    Like nearly all web browsers, the viewer’s built-in browser is programmed to send its “user agent” to any website it connects to. The user agent is a chunk of text that includes information such as your operating system, the built-in browser type, the viewer UI skin you are using, and the name/channel of the viewer. For example, my user agent when using Imprudence 1.3 is the following:

    Mozilla/5.0 (X11; U; Linux i686; chrome://navigator/locale/navigator.properties; rv:1.8.1.21) Gecko/20090304 SecondLife/1.23.5.136262 (Imprudence; default skin)

    (You can visit whatsmyuseragent.com with any viewer or web browser to see your user agent.)

    Notice that the user agent text plainly states that I am using Imprudence. The CDS isn’t really doing any “detection”, just listening to what the viewer voluntarily tells it.

    A Waste of Money

    The method used by the CDS to “detect” the viewer has two important implications about its effectiveness:

    1. The viewer can be programmed to lie about its name. A malicious viewer can claim to be the official Second Life viewer or a trustworthy third-party viewer, and the CDS would be fooled.
    2. The CDS can only scan people who have streaming media enabled. Anyone can go to their viewer preferences and turn that feature off to evade “detection” (or to protect their privacy and avoid being harrassed by the CDS).

    Using a CDS is basically the equivalent of a RL store hiring a bouncer to frisk every customer and kick out anyone stupid enough to wear an “I ♥ shoplifting” shirt. Pretty rude to your customers, and a waste of money, right?

    Well, it gets worse.

    An Invasion of Customers’ Privacy

    Every time a CDS successfully “scans” one of your customers, the CDS operator can create a record in a database with the customer’s avatar name, the viewer they were using, their IP address, which store they visited, and when. Naturally, that means the CDS can track the SL shopping habits of your customers, since they will be scanned every time they enter any store using that brand of CDS.

    What’s more, unless your customer uses a web proxy (most people don’t), the IP address can be used to determine approximately where on Earth they live. And if multiple avatars show up with the same IP address within a short span of time, the operator can reasonably guess that they are logging in from the same home or office, and might even be alts of the same person.

    (Some CDS operators advertise the ability to detect and ban alts. But, this is unreliable and prone to false positives, since many internet providers recycle IP addresses. An internet provider might assign a certain address to a content ripper one day, then assign the same address to an innocent person the next day. Any CDS that bans offenders by IP address is potentially banning legitimate customers, too.)

    So as a store owner, you are helping the CDS operator to gather information about your customers, without your customers’ consent or any sort of privacy policy, purely for the CDS operator’s own use. Even more humiliating, you are actually paying the CDS operator for the privilege of letting them track your customers. And don’t forget that you are being scanned by the CDS, too. All this just to have the illusion of protection.

    What To Do About It

    If you are a store owner using a CDS, get rid of it. You have been swindled. The CDS is useless, invades your customer’s privacy, bans innocent people, and harms your reputation.

    I mentioned earlier that there was a specific instance of a CDS banning a customer using a legitimate viewer. It was a false positive; the CDS was configured to ban any viewer it didn’t recognize. When news broke out that the store owner was using a CDS, the store’s reputation took a hit. Even people who were not directly affected by the ban swore they would avoid the store as long as it used a CDS. Thankfully, the store owner removed it after being told what had happened. Lesson learned, hopefully.

    If you are a consumer, protect your privacy. Turn off streaming media and audio when you don’t need it, especially when you are shopping or exploring. It’s not enough to press the “Stop” button, you must disable it in your preferences. Here’s how:

    • In old-style viewers (Second Life 1.23, Imprudence, Phoenix, etc.):
      1. Open the Preferences window (Ctrl-P), and select the “Audio & Video” tab.
      2. Look for a checkbox labelled “Play streaming media when available” (or similar wording), and make sure it is unchecked.
        Screenshot of checkboxes
      3. Below that may be a checkbox labelled “Automatically play media”. Make sure it is unchecked, too.
      4. Press the “OK” button to save your preferences.
    • In new-style viewers (SL Viewer 2, Kirstens, etc.):
      1. Open the Preferences window (Ctrl-P), and select the “Sound & Media” tab.
      2. Look for a volume slider labelled “Media”. Next to that will be a checkbox labelled “Enabled”. Make sure it is unchecked.
        Screenshot of checkbox
      3. A little bit below that is a checkbox labelled “Allow Media to auto-play”. Make sure it is unchecked, too.
        Screenshot of checkbox
      4. Press the “OK” button to save your preferences.

    Conclusion

    There are simply no reasons to use a CDS, and plenty of reasons not to. They cost money, they don’t work, they violate your customers’ privacy, they ban innocent people, and damage your reputation when your customers find out you use one.

    I understand that content ripping is a serious issue. If you have had your products ripped, you likely feel hurt and violated. But turning around and violating your customers is not the solution.


    Posted by Jacek Antonelli @ 4:58 pm

28 Responses

WP_Cloudy
  • Fang Roffo Says:

    Fantastic post jjacek, I’ve long argued against the effectiveness/privacy issues with CDS systems. They merely scavenge private information about clients and use that to make broad sweeping assumptions about residents that are wrong as often as they are right (IMHO). These systems can’t protect content as someone banned by a CDS can still stand on the adjacent parcel and ‘see’ content across the border anyway, add to that the suggestion that they are %100 reliable (as purported by some CDS vendors) and I think its an obvious recipe for disaster. Merchants, please take heed, these systems only really succeed in alienating customers and creating bad feelings, they don’t protect anything. I’m sorry to say they are a swindle preying on merchants fears.

  • Harper Beresford Says:

    Amen!

  • Ivey Deschanel Says:

    Fantastic post. I will definitely be sharing this. It’s always been my opinion that these systems were a scheme that preyed on the fear and anger of store owners only to backfire on the store and punish the innocent. I’d rather take the risk than insult and possibly damage honest paying customers. Thank you so much for condensing everything into one page for me to share.

  • Wolf Baginski Says:

    I’ve also see some other interesting claims made about CDS systems. The cost of the CDS unit to put in the store, and the number of customers claimed, adds up to tens of thousands of real dollars. (That was a CDS system being sold in the Marketplace. The author seemed to have programmed in eject/ban processes which would be seen as griefing in many circumstances.)

    Incidentally, I’m wondering if the Teen Grid merge is going to trigger another bout of CDS hype. I’ve seen apparently unrelated blog posts on Teen Grid history which are mentioning large-scale use of known content-theft software.

  • Peter Stindberg Says:

    Wasn’t it that the initial CDS – as a spin-off of the Emerald viewer – used additional bots in-world to do challenge-response queries on known channels to refine detection more?

    As an additional information: in my country the building of such a tracking database correlated with names and IP address would clearly be a punishable violation of privacy laws.

  • Opensource Obscure Says:

    For what is worth, I back/confirm what this article explains.

    Thanks Jacek for taking the time and writing about this issue in such a simple, detailed and precise way.

  • Alpha Says:

    you um, forgot to mention that the Gemini CDS doesn NOT store IPs nor match alts.. so your point is moot.

  • Chestnut Rau Says:

    Not that it matters at this point, but CDS was only related to Emerald because Skills Hax is the creator of CDS and she was a member of the Emerald Dev team. The CDS project was completely separate from the Emerald Viewer.

  • sirhc deSantis Says:

    Now this is timely, I’ve had a lot of people asking me recently about these things and ‘do they work/are they worth it’ and my response has been ‘I’m not sure but I wouldn’t feel comfortable recommending one’ based on a little bit of analysis I carried out. Now my misgivings have a concrete foundation. Thanks Jacek (and thanks Dwell on it for the link).

  • Mera Kranfel Says:

    Great post! Thanks a lot =)

  • Shug Maitland Says:

    @Alpha; So you/they say. The data is available to them and there is no way for ME to know they are not compiling it.

    Very good post!!!

  • Kansas Says:

    What the Gemini CDS did was to collect viewer IDs for some months before they released it to the public. Back then the copybotters were stupid enough to put the names of their fraudulent crap inside the agent ID. Therefore the CDS can still catch avatars, even after, because they of course do data mining on a grand scale. Actually, this system has been by-passed a long time ago even if they still catch collected avatar names and some idiots. Potentially, they also used media exploits in earlier days to grow the database. Users of this system pay monthly fee for a obsolete system that’s growing in information value by violating LL’s privacy policy. I’m confident that the Emerald viewer was a part of it. Making money out of it became one big goal at the end.

    Still wonder.. why is LL looking away? Why was one condition by LL that Skills Hak had to leave the Emerald project?

  • Marie Ravencrow Says:

    Great post and great information. Thanks.

  • ohaosihe Says:

    @Alpha: CDS source code was obtained which showed that the system stored IP addresses, and logs were leaked that showed that it could correlate alt accounts.

  • Lance Corrimal Says:

    from tateru nino’s blog:

    A few questions to ask store owners running a CDS

    * Are you compliant with EU Directive 95/46/EC (and it’s relevant particular implementations, eg: The Data Privacy Act)?
    * How can you be contacted by people wishing to exercise their rights under those directives and acts?
    * Alternatively, have you maintained annual certification under the International Safe Harbour Privacy Principles that would exempt you and your CDS from the above?

  • Lance Corrimal Says:

    hum… correlating alts by looking at IP adresses… would that make my wife my alt because we’re behind the same NAT router in RL?

  • Henri Beauchamp Says:

    Note that you do not even need an external webserver to recover the IP and user agent viewer string from any person visiting your parcel: a simple and single script can do it. I personally do it (for the viewer user agent part) to encourage people still using v1.23.5 of Snowglobe viewers to migrate to v1/SG based TPVs, but I also made it so that the IM sent to them explains how they can evade such detection scripts.

  • Σλπα Says:
  • Σλπα Says:

    CDS does NOT store or even rely on IPs for alt matching as IPs are just horribly unreliable. You would end up banning whole companies, families, houses, villages, universites. Redzone does though and even advertizes it.

  • Consumer Says:

    I have a question. There is a another system called Redzone, I have a friend with a shop who uses it. When I told him that all I need do is disable media and it wont detect me, he told me this is untrue. he asked the creator of redzone and he said, if that was how the system worked it would be useless. They swear redzone does not work from media. So I turned mine off and went back to my friends shop he said it still detected me and listed my alts, how can this be? Is it only the cds system that works via media?

  • Henri Beauchamp Says:

    @Consumer

    Other systems may also use the streaming music (since it makes your computer to connect to a streaming sever where your IP and user agent is is logged), so to avoid being detected you should disable this as well.

  • Claro Laval Says:

    An other question ti Henri and/or jjacek: How ’bout that “http Get Textures”? Does this tell anything to such a system?

  • Henri Beauchamp Says:

    @Claro

    Not in SL, since the textures are stored on Amazon S3′s servers.

  • Consumer Says:

    hi again, my friend and I have been testing redzone and it still scans and picks up all data with all media, streaming music, even voice disabled. Is there any way to stop this thing scaning me, I really don’t like the idea of it and it concerns me where it’s getting it’s infomation from. How does this system work?

  • Claro Laval Says:

    And of course CDS or ReZone do not have acces to these Amazon servers, right? Or do they? Thanks you Henry!

  • Consumer & Store owner Says:

    I have one of these in my store , my partner had purchased .I have come across
    having to decide whether or not his list of alts is really him , and a bit blown away by the results of his alts . How much should i believe in this ?

  • Doctor Blauvelt Says:

    Redzone collects IP addresses and correlates those with avatar names. I have been the victim of it, as it decided some pple in the same office were my alts. And since someone had it in for me (reasons related to ‘personal’ SL relationships aka SL divorce etc.), a few people got accused of being me.

    Unfortunately, some SL residents relying on that information are not sufficiently technical to understand the underlying principle, and ‘swear’ that all those residents are my alt, cuz Redzone tells them so.

    I have given up. I list the alts I have in my profile now (use them for a variety of reasons such as property groups & testing), and shrug at anybody being stupid enough to believe Redzone.

    Doc

  • umba assa Says:

    nice to see this little way of protection against copybotter is going killed by this post.