Every once in a while, some Second Life drama will erupt about a “client detection system” (CDS), a scripted product that supposedly protects your store from content rippers (aka “content thieves”) by banning users of untrusted viewer programs. There was such an episode last week, with a certain store using a certain CDS that wrongly banned a legitimate customer using a legitimate viewer. I won’t bother mentioning the name of the store or the CDS, because this post isn’t about that specific incident. This post is about every CDS, every store, and every viewer.
(Full disclosure: the viewer in that particular case was the Imprudence Experimental, which I am involved with. But, users of other viewers have been wrongfully banned by similar systems in the past.)
Simply put, a CDS does not provide any significant protection against content rippers. It is snake oil: a product created to commercially exploit store owners’ fear. If you have a CDS set up in your shop, you aren’t protecting your content, you’re just paying someone to invade your customers’ privacy, drive away legitimate customers, and blemish your reputation.
Most people don’t understand how a CDS works, but believe that it might actually be able to stop content rippers. The purpose of this post is to explain how they function, why they are ineffective, and furthermore why they are harmful to your customers and bad for your business.
How a CDS Works
A typical CDS works by telling each visitor’s viewer that it should visit a certain web page using the viewer’s streaming media system (the code that shows movies and web pages on a prim). The web page is hosted on a site controlled by the CDS operator. Each visitor is sent to a unique web address, which allows the CDS to figure out which connection belongs to which visitor.
Like nearly all web browsers, the viewer’s built-in browser is programmed to send its “user agent” to any website it connects to. The user agent is a chunk of text that includes information such as your operating system, the built-in browser type, the viewer UI skin you are using, and the name/channel of the viewer. For example, my user agent when using Imprudence 1.3 is the following:
Mozilla/5.0 (X11; U; Linux i686; chrome://navigator/locale/navigator.properties; rv:22.214.171.124) Gecko/20090304 SecondLife/126.96.36.199262 (Imprudence; default skin)
(You can visit whatsmyuseragent.com with any viewer or web browser to see your user agent.)
Notice that the user agent text plainly states that I am using Imprudence. The CDS isn’t really doing any “detection”, just listening to what the viewer voluntarily tells it.
A Waste of Money
The method used by the CDS to “detect” the viewer has two important implications about its effectiveness:
- The viewer can be programmed to lie about its name. A malicious viewer can claim to be the official Second Life viewer or a trustworthy third-party viewer, and the CDS would be fooled.
- The CDS can only scan people who have streaming media enabled. Anyone can go to their viewer preferences and turn that feature off to evade “detection” (or to protect their privacy and avoid being harrassed by the CDS).
Using a CDS is basically the equivalent of a RL store hiring a bouncer to frisk every customer and kick out anyone stupid enough to wear an “I ♥ shoplifting” shirt. Pretty rude to your customers, and a waste of money, right?
Well, it gets worse.
An Invasion of Customers’ Privacy
Every time a CDS successfully “scans” one of your customers, the CDS operator can create a record in a database with the customer’s avatar name, the viewer they were using, their IP address, which store they visited, and when. Naturally, that means the CDS can track the SL shopping habits of your customers, since they will be scanned every time they enter any store using that brand of CDS.
What’s more, unless your customer uses a web proxy (most people don’t), the IP address can be used to determine approximately where on Earth they live. And if multiple avatars show up with the same IP address within a short span of time, the operator can reasonably guess that they are logging in from the same home or office, and might even be alts of the same person.
(Some CDS operators advertise the ability to detect and ban alts. But, this is unreliable and prone to false positives, since many internet providers recycle IP addresses. An internet provider might assign a certain address to a content ripper one day, then assign the same address to an innocent person the next day. Any CDS that bans offenders by IP address is potentially banning legitimate customers, too.)
What To Do About It
If you are a store owner using a CDS, get rid of it. You have been swindled. The CDS is useless, invades your customer’s privacy, bans innocent people, and harms your reputation.
I mentioned earlier that there was a specific instance of a CDS banning a customer using a legitimate viewer. It was a false positive; the CDS was configured to ban any viewer it didn’t recognize. When news broke out that the store owner was using a CDS, the store’s reputation took a hit. Even people who were not directly affected by the ban swore they would avoid the store as long as it used a CDS. Thankfully, the store owner removed it after being told what had happened. Lesson learned, hopefully.
If you are a consumer, protect your privacy. Turn off streaming media and audio when you don’t need it, especially when you are shopping or exploring. It’s not enough to press the “Stop” button, you must disable it in your preferences. Here’s how:
- In old-style viewers (Second Life 1.23, Imprudence, Phoenix, etc.):
- Open the Preferences window (Ctrl-P), and select the “Audio & Video” tab.
- Look for a checkbox labelled “Play streaming media when available” (or similar wording), and make sure it is unchecked.
- Below that may be a checkbox labelled “Automatically play media”. Make sure it is unchecked, too.
- Press the “OK” button to save your preferences.
- In new-style viewers (SL Viewer 2, Kirstens, etc.):
- Open the Preferences window (Ctrl-P), and select the “Sound & Media” tab.
- Look for a volume slider labelled “Media”. Next to that will be a checkbox labelled “Enabled”. Make sure it is unchecked.
- A little bit below that is a checkbox labelled “Allow Media to auto-play”. Make sure it is unchecked, too.
- Press the “OK” button to save your preferences.
There are simply no reasons to use a CDS, and plenty of reasons not to. They cost money, they don’t work, they violate your customers’ privacy, they ban innocent people, and damage your reputation when your customers find out you use one.
I understand that content ripping is a serious issue. If you have had your products ripped, you likely feel hurt and violated. But turning around and violating your customers is not the solution.