Friday, July 2, 2010

CopyBot Herald

The Facts About Copybot
by Mechagliel Gears

This is a mirror post for Krypton Radio

In recent times, especially with the upcoming enforcement of Linden Labs ™ Third Party Viewer policy on May 1, 2010, there has been much ado about Copybot. Accusations ranging from the reasonable to the outlandish fly around like so much debris in a windstorm, and often it is hard to tell fact from fiction. According to some ‘the sky is falling’ stories there’s a Copybot round every corner lurking to nab your stuff, format your hard drive, and shave your house cat. This paranoia cripples content creators , closing Second Life businesses and damaging its reputation - this is what griefers want. The goal of this article is to clarify and educate on three facets of the Copybot phenomenon: What is Copybot? What isn’t Copybot? And last, what can be done about it?

Copybot, is a a popular term for a viewer or tool that does not recognize or respect SLs permission systems. Often it is built on the LibSL library or adapted from Linden Labs own open source. When an asset is ’seen ‘ by the viewer most of the information about that asset , be it a shirt, sound, prim, or other item, is downloaded by the viewer. This is normal viewer behavior, and is in fact needed for the viewer to function at all. It is at this point in the process that Copybot-capable viewers differ.

Normally an asset’s information is only held in encrypted form while it is needed and then discarded. Copybot viewers omit this encryption and allow, either automatically or on demand, export of the asset to storage to the disk for later import or copying. It is at this point that the Copybot viewer is in violation of Terms of service and the TPV policy. There are several means by which this “asset nabbing” may occur, from the simple unencrypted export to the pulling of texture data directly from the memory in your graphics card.


Because of the various techniques Copybots use, you should understand that “Copybot” is a broad term covering a myriad of content theft tools, and not a specific product or viewer. Other things that Copybot is not include:

An actual ‘bot

The word “bot”, in this case, refers to a program running on a computer which drives an avatar unattended. While the original Copybot could do this, Linden Labs took steps to cripple it. Because the original Copybots had little control over what they saw and where they went, they were mostly useless for content thieves. Such users are usually much more interested in targeted theft, also called copyboting when using such tools.

A get rich quick scheme

Content thieves will very rarely, if ever, attempt to sell assets they have acquired. Doing so exposes their actions and quickly gets them removed from Second life. More commonly, copied assets will be used personally, shared with friends or, as a form of harassment intended to drive a SL business out of business by giving away the copied objects as freebies. Such an attempt was made on Redgrave skins - this attempt failed as Redgrave is still very much in business.

Legitimate Backup

There are several viewers and tools which allow users to back-up, or store to hard drive, items they own. Properly respecting permissions makes this not a case of Copybot. As example the Emerald viewer incorporates a backup like feature only for full permission items that the user owns. Until recently, this was within compliance with LL definitions of permissions and thus was legitimate. These definitions have changed to include creator verification, on a per prim basis. A new, TPV policy compliant, Emerald viewer is expected to be released shortly.

In world object mirroring scripts

There were at a time and still are scripts that when placed in modify permission objects would make a copy of that object in world, these scripts were made in response to poorly permissioned items as a form of legitimate back up. For example, if hairpiece was no copy/mod/transfer, one might conceivably ‘ break ‘ the hair accidentally and thus be left with an unusable product. It is important to note however that the resale of such a backup was and remains a violation of the Terms of Service.

Capable of stealing scripts

I must be clear on this: yes, at one time a script could indeed be ‘popped’ from the asset server independent of permissions. This happened to Strokers Inc., a popular manufacturer of love beds. This was done via an exploit , not Copybot, which Linden labs has since sealed. As it stands a viewer will only ever “see” the source code of a script the user has modify permissions for and the viewer only ever “sees” the machine code of a script on compilation, requiring modify permissions again. Thus script theft is the result of poorly set permissions, and/or exploits other than Copybot.

Ubiquitous

There is a common myth that “copybotters” are “everywhere” and that walking into a sandbox, or running a business, is tantamount to surrendering your assets. Nothing could be further from the truth. Again, content theft is usually targeted, and the vast majority of SL users have little to no interest in content theft - preferring to actually enjoy SL. This myth is in fact the most damaging and often promoted by griefers as a ‘psyop’ to drive content creators out of business, or sell useless snake oil ‘anti-copybot’ devices.

This brings us nicely to the topic of protection. There are several techniques and devices out there which claim to protect from Copybots. Some do afford some defense, but none are fully reliable. These are a few of them:

!Quit

You may have seen this text pop up at some stores, it is becoming less and less prevalent now as it does not work. This technique worked on the very first version of the original copybot which is now defunct.

So-called Inspection Shields

These are prims worn around an avatar under the mistaken impression that a Copybot capable viewer must select an attachment to copy it. While that may be true of some older Copybot viewers, it is not so true of the newer generation ones. This tool falls easily into the ’snake oil’ category. Personally, I advise people not to waste their Linden dollars on these.

Cryo-life Detection

Cryo-life is one of several Copybot capable viewers that was discussed in the SL forums at one point, where it came to bare that Cryo “told” on itself, leading to a number of tools for detecting its use. The issue here is multi-fold: firstly Cryo is only one of several Copybot capable viewers; secondly, as soon as this information was released new versions without the “tattling’ were released; lastly, and perhaps most importantly, the detection techniques can lead easily to false positives, resulting in anything from unfair banning to outright harassment of the innocent parties.

Skinlayer shields

These are incorporated into viewers like Emerald and provide a measure of protection for non-prim clothing and skin only . Even with this measure there are times when the individual layers of skin or clothing are transmitted separately, so it is a stop gap, but by no means a panacea.

I must digress for a moment to mention Gemini Cybernetics’ CDS, or ’ Client Detection Service ‘. This acts as a shared ban pool for users detected by the system to be using known Copybot-capable viewers. This system is by no means foolproof and will become redundant, even useless, after the 30′th of April when viewers not compliant with Linden Lab’s Third Party Viewer policy will be unable to log into the Second Life servers. In addition, its method of detection can easily be misused by those with the skill to collect and cross reference the data it acquires. Automated ban shares have always had problems and this one is no exception, as it can generate false positives. Inclusive security systems , meaning those that allow everyone but those on the ban share list, are better when moderated by live persons.

In the end , there is nothing wrong with utilizing protective measures against Copybot. However, understand that no measure is 100% effective. Panicking or adopting a ’sky is falling’ mentality will achieve nothing but granting griefers and doomsayers what they want. Awareness of your surroundings and watchfulness are your best tools against Copybot. If, in a sandboxm you see someone rezzing exact copies of someone else’s new build.. well it’s fairly obvious what is going on, file that AR, certainly never buy items in a sandbox .

It is my hope that I have enlightened and relieved some of the confusion about Copybot. Cheers!

2 comments:

Anonymous said...

I just wanted to thank you for publishing this! I for one have done the research and homework, I owne a shop inworld and create, design and sell clotheing. I am in no way worried about copybots and will not spend money on scam systems like CDS for protection. Education is the best resistance to theft in any given case RL or SL and knowing what thhey are and arent capable of is your best defense. No copybot can grab items from a box or vendor and a live model useing emerald viewer cannot have clothes ripped.
What many store owners dont realize is that CDS with its offline database along with Redzone are pushing the TOS themselves to a point where even the sellers of these systems will not condone or support some of their features. These systems take SL names and match them with IPaddress to identify alt accounts, logging matches and banning "alts" as well as whomever triggered a positive.
What they dont do is catch 100% of copybots, which arent a danger in the store anyways if everything is contained in boxes and vendors. It's another !quit scam only this time a lil more thought out and hightech with privacy invasion tactics.
The best thing to remember store owners, theft doesn't happen in the store, it happens at home so save your lindens and be smart about wearing emerald clothing layer protection and rez builds unlinked, you wont have anything to worry about!

Crone said...

First!

And btw, yea, totally right Herald, isnt it awesome?