Friday, June 20, 2008

Cloning Copybot Hitting The Grid

While browsing my Flickr contacts I ran across this photo and entry posted by Prad Prathivi, a designer in Second Life. Apparently a copy bot exists now that will duplicate a Second Life Avatar, including major features of the Avatar profile, and and at least some of the Avatar's attachments.

According to Prad, Second Life allows copy bots for legitimate purposes-backing up inventory for instance but using them to copy other people's stuff-including their avatars is against the Second Life terms of service.

Indeed, according to Second Life's Knowledge Base entry on protecting copyrights, using copy bots to "infringe" on someone's content is a violation of the Terms of Service. However, SL also notes that residents are allowed to have Copy Bots for legitimate reasons.

When I asked Prad how one could tell the real Avatar from the copy he said this:

"I wouldn't have been able to tell them apart, aside of the rez date, quality of avatar and the No payment Info on File. But even that wouldn't have given me a second thought.. your avatar could be duplicated without you even knowing it, as well as content creator's work being stolen."

By the way I have a query to the person, whose AV is allegedly Kulton Short, who was reported to be selling the copy bot, but I have received no response.

Not everyone responding Prad's post feels there is a problem, several SL users didn't think there is much merit in duplicating avatars. Caliburn Sustanto says basically who cares, noting that it is already possible to make a copy of someone's avatar by tracking down all the attachments and duplicating the appearance of the avatar. Besides "Thousands of avatars already look pretty much the same already".

It is not clear to me how big of a problem copy bots are but I think there is at least the potential of a problem. The analogy is of course phishing in which users are lured to false websites in order to steal passwords. IN the old days an alert user could generally spot phishing sites after all. Once before phishing became widespread I got a message about my AOL account that said to go to the AOL website and enter my account and password because of some security issue. The site looked official but the URL was clearly not from AOL. So I called AOL security. As a reward I got several months of free service.

At the very least, these sorts of copy bots might have the affect of undermining confidence in Second Life's security and users ability to protect their avatars and original content.

By the way these bots don't seem to reside in Second Life but are external programs orginally developed for debugging purposes. Also they cannot get at account information so the avatar show up with no payment on record.

Here is another very recent report of what sounds like the same copy bot that Prad reported.

No comments: