h1

Copy theft in SL – a (partial) solution at last?

May 29, 2008

Okso..

There’s been a lot of talk lately in SL and the blogs about copy theft. Its becoming a real issue, as peoples work on skins, textures, scripts and even entire builds are being ripped off, stolen, and resold at lower rates, or worse given out full mods. I think most of us would agree this is a bad thing. I know some of you think everything should be free, some are big fans of the opensource movement, but this isnt a post about that. I wont go into the semantics of it, but as someone who builds a lot in SL, and is friends with a lot of people who make their RL living from selling goods in-world, suffice to say I think copy theft is a bad thing! I think opensource is cool too, but I think it should be a choice the creator makes as to whether their creation should be free to all – or not.

So, why isnt it being stopped? How are they getting away with it? One point of view, is that it’s impossible to stop people stealing textures/models/skins. I’m not gonna go into details (please dont ask me – refusal often offends) , but yeah.. it is actually pretty easy to rip anything you want out of SL, because of the way the client downloads everything anyway. The thieves (damn you, thieves! – shakes fist) exploit this, and then reupload things, and reoffer them for sale. They usually get shut down pretty fast, but they pocket a fistfull of cash on their anonymous account, transferring it out as it comes in, then when the account gets banned for repeated theft AR’s they just rinse and repeat with a new anon-o-tar. How can we stop that? Its anonymous, right? Meanwhile, someone somewhere is having their RL income destroyed. The beautiful builds and skins and textures of SL dont make themselves! Someone works lonnggg and hard to make all the lovely places we’re so enamoured of. The situation is terribly unfair.

So what options are there? Make everyone provide RL details, to be able to log in? “No bank account, no entry!!”? It might work, but thats using a sledgehammer to crack a peanut. SL is a place where you are free to create, free to be what you want. We’re free of borders here, and to a large extent, the conflicts that can often arise over race and gender, too. We’re beginning to collectivley define a third place, where we can meet other people like us, in a way we never could in ‘Real Life’. If we crack down on the thieves by making everybody link their account to their RL identity, we risk some of that. So, for me, I dont feel that we can go down the ‘RL verification for everyone route’

Others have suggested that only verified accounts should be allowed to build/create/upload. I’m against that too, for a couple of reasons. One of the things that makes secondlife great is the freedom to create people have. People who have never thought of themselves as creative have discovered a whole new side to themselves, some have even totally re-invented their real lives around their newfound creativity and talent. How many media items have there been along the lines of “my job was crap, I used to put the plastic bits on the end of shoelaces 12 hours a day, now I sell virtual hair from my cabin in the mountain” I love the fact that SL has liberated so many people from doing things they didnt enjoy, and empowered them to lead self fulfilling, creative lives. I’m happy for the people that have ‘made it’ and want to support the ones that are still trying. Stopping them from creating things in-world not only prevents them from accessing their creativity, it stops us from enjoying it too. These people don’t come in-world with the intention of becoming a creator, they come in because they’re curious, or someone told them it was fun, and they find a new depth to themselves, an ability they often never imagined they could have. If we restrict people from building, we’re depriving them of that chance, and to be fair, I think its a chance that they’re entitled to.

But all of that is negative – everything above is basically things we can’t do. What about finding something we *can* do, to protect the rights of people that have worked long and hard to create something, without infringing the rights of the people who are innocent of any wrongdoing?

One system that I’ve come up with, (and this is the point of this post, to get this idea out there, and see what you all think) is this – to have a system wherby as an unverified user, you can create, and sell your objects, but cruicially, the money you make from selling items is held in a seperate ‘pot’ from your other L$ balance. It works like this. Lets say I’m a brand new avie, inworld for the first time. I make something, lets say.. a house – and its really good. People tell me they want to buy it, so I set up a small shop and start selling. Pretty soon I’ve racked up about $100 USD worth of sales, and I want to get that money. At this point, I have to verify, and when I do, the two pots merge, and the money made from sales combines with my other ‘regular’ L$ balance, and I can do what I want with it – Spend it in-world, or cash it our for RL funds. Until I do, it just sits there as a second balance at the top of my screen. I cant spend it, transfer it, do anything with it other than watch it sit and accrue. I can, however, continue to build things, to generate business, to prototype and improve my products, and improve my skills by learning, practising and refining what I’ve already learned at many of the excellent classes or online tutorials.

Here’s what that second account balance might look like:

In the meantime, before I verify my details, I’m also free to camp to make money, or DJ or work in a bar, or any of the other many SL occupations – effectivley nothing else changes, but to get access to the money I’ve made selling things, I have to verifiy my account. My ability to create in and enjoy secondlife is unchanged. I wouldnt be able to bypass the Linden currency exchange either, by selling my L’s on paypal, or through another bank, because until I verify, I cant transfer it, spend it, exchange it for RL funds, nothing. Just sell, and watch the money accrue.

How would this help? In several ways, I think. Firstly, if I did copy someones house and sell it, I’d have to verify at some point to get the money – leaving me open to reprisal for my illegal action. Thieves are greedy, and often stupid – the main, if not only, reason they rip off peoples work is because they want to make the money – if we take away the mechanism that allows them to do that safely, with no fear of reprisal or consequence, how many of them will really be motivated to continue? Even if I copied something, and gave it to someone else to sell, in order to get any money out of it, the seller would have to be verified. It doesnt matter what you do, how many alts you pass the copied things through the hands of, somewhere along the line if the money is to come out of SL, its going to have to be paid out to a verified RL person.

Could this work? How would LL tell what money was from camping, and what money was from sales? Well, if you look at your transaction history on the secondlife.com website, you can see that LL already has a way to determine what money is from sales, and what money is from say camping. All they’d need to do is apply that filtering to the grid, and presto – we have a way to see who is actually taking the money out. If they’re thieves, we can start a RL action to pursue them. As well as being stupid and greedy, most thieves are also pretty cowardly. It’d only take one or two big high profile cases of people getting into major trouble for copyright theft for them to realise, “hey, you know, maybe its not worth going to court for the sake of making $100 bucks or so”. And copyright theft would, with a bit of luck, come right down.

Of course, its only a partial solution. There’d be a lot of wrangling to prove who made what first, and then tracking people down with overseas law suits that’d probbably involve a few subpoenas. But at least, we’d then have the tools to hold people to account for their actions, and to stop them getting away with it, scott free. There would also be a lot of people trying to circumvent the ‘filtering’ system – and it’d probbably have to be refined a few times to get it working just right. But thats ok – nothing is perfect to start with, and even if it only cuts down on 75% of copy theft, thats a fantastic start and lets us clear our heads and go after the remainder of the thefts.

Some of you will hate this idea. Thats ok. Some of you will think its fantastic, thats ok too –

I’ve written this beause its just an idea I had. I’m not saying ‘This is it, this is our salvation!!’ but its a starting point – its where we begin dialog and a process to refine the original idea. I saw a problem, and this is my attempt at devising a fix. I want to put it out there, to you, the community, to see what you think, what your feeling toward this might be. Please do make a comment – but keep it on topic – I manually approve/reject my comments and any ‘smash the FIC’ or ‘they shouldnt be selling anything, it should all be free’ – thats not what this post is about – its about the system described above, and any flaws you can see in its mechanism. I’m not going to get into arguing the rights and wrongs of copy theft – as far as i’m concerned it is wrong, and it is theft, there’s no point discussing that, here.

Thanks for reading, post a comment and let me know what you think. Lets have a well informed, non-emotional discussion and maybe when we have consensus, a developed idea/system that we all agree wouldnt be unfair to the innocent, but wouldnt protect the guilty, we can go forward again to lindenlabs as a group and with one voice say, “we dont like copyright theft, we want you to stop it, and here’s how we think you can.”

Thanks for reading this post and my blog,

All the best,

Neil.

Advertisements

21 comments

  1. One possible problem I see with this is that the linden system can only catch box sales. This doesn’t stop folk selling things using vendor scripts and pocketing the money unverified. LL’s system I believe can not differentiate between another money script such as a dj tip jar or payments system, and a vendor script.


  2. Hm, well I guess that being the case they might have to work out some sort of way of stopping people circumventing the system in that way. Great comment, good point – I know they did something along the lines of stopping people being able to ‘pay’ transparant objects, to stop people putting boxes over other peoples for sale items to steal the money that way – maybe they could do some sort of check on what the thing being paid does, or something along those lines.


  3. Yes, the vendor problem is there, and slightly more convoluted transactions (paired avatars with outside communications) are possible too. Outside services like onrez and SLExchange have this kind of “laundering” built in as a side effect of their designs, with those the L$ transactions aren’t really connected to sales (especially in the case of SLX where you can also purchase L$).


  4. I have thought on this a while, since reading your post, and I do think that this may be a viable option for Linden Lab to take. There would be the obvious uproar from the general community, who like the anonymous nature of Second Life but I think from the point of view of a legitimate business person working and making my living in Second Life, I don’t see the harm at all in verifying who I am to take money out of the system. Making this a requirement I would hope could lead to verified legitimate content creators and a little piece of mind, when we DO have to run down those that have stolen from us.

    Keep in mind, this isn’t the age verification issue, but a way of tracking where the money is going, should someone sell your original content.


  5. As an addendum to the post, You could also go so far as to say that ALL transactions, vendor box or script payouts or personal transactions would be held. This would effectively limit people who have not entered financial information. This may also put an end to ‘bot accounts’ camping.

    My 2 cents.


  6. Yes thats true TC – it’d be hard to stop people selling stuff on SLex and OnRez and getting money, unless LL worked with them to divert money coming in from sales to the ‘second balance’. Still, cutting out inworld sales would be a start ๐Ÿ™‚ And it could be possible for LL to do the diversion, hopefully. It’d be great if someone from SLex or OnRez could give us a statement as to how they’d feel about working with LL in that way…


  7. Holding all transactions could also address what TC brought up with outside websites that allow you to purchase money and sell items.


  8. That’d definetley work, I think, Kriss – but it would possibly clamp down unfairly on people who havent done anything wrong, and work in clubs or as security or other things in SL – I agree it’d work but I think the community would have a big problem with that, it might do more harm than good ๐Ÿ˜ฆ


  9. anyone know anyone at SLexchange or OnRez that might want to have a read of this post?


  10. I think in this case it would be one or the other. You can either leave things as they are, or make a change like the one you are proposing. I’m not saying it wouldn’t affect people who take up services on the side, apart from selling things from a box, but it would also prevent that from being the method that people who steal and resell content would circumvent the system.


  11. If LL would totally change how they do things/make money etc.. and if they hadn’t open sourced the client, but they won’t change unless it guarantees profits on their end. That makes Bea a sad panda. (totally hoping this makes sense, i’m sleep deprived)
    To sum it up, I like yer thinkin Neil.


  12. thought provoking post… for those serious about business, providing RL info should NOT be an issue. we do it for banks, paypal, etc.

    for thieves it might be. so i’d lean towards those who want to set up a business having to provide RL info. business is business… and unless you’re a street vendor, no one let’s you have a job or set up a show w/o knowing who you are.

    additionally… this would have to be kept confidential by LL, but those of use with “payment info on file” have trusted them already. it’s show of good faith.

    one major issue tho is NOT being able to get your sales records for more than 30 days. with LL acting as a “bank” of sorts, i believe there is a law that states those need to be available for 2 years… this is a concern… but a whole other subject.

    good post.

    caLLie cLine


  13. Your assumption is that it is only free accounts with anonymous users who steal content, which is wrong. It is also easy to play a shell game with money, a determined user will have an alt for making real money, say by 99% commission, selling a free account’s goods via vendor. There are too many holes. Way too complicated and won’t solve anything.

    A tip: write a long blog post (well make it shorter, but even so) like an essay: state your thesis within the first couple of lines, don’t spend three long paragraphs getting to it, you will lose readers.


  14. Well, rather interesting idea, (SLX/OnRez issue can be also fixed if LL wants to this-they force Risk API after all on them). And rather novel one. It could actually work to at least some degree

    Potential problems:
    – I personally saw several places filled with mainly 0L$ ‘freebees'(pirated) (on private sim, they were used as adversitment) how to solve THAT kind?
    – It may sound rather strange but NOT ALL SL users have Visa/MC. Even if they paying via some other ways.Not everybody lives in US/EU.And they cannot get it. Possible partial solution to this is require EITHER payment information or ‘age verification'(via current system or variant of it). Using age verification system for this is not too good but still better than nothing. Otherwise this situation needs to be clarified somehow(‘alternate’ payment systems have financial trail after all too, so solution may to make mandatory(in addition to Risk API) somethinh like that ‘if you use RL-SL exchange you agree to provide LL or 3rd party on LL request all identification information you have on customer from transaction XX from 11.12.2008 13:33’).

    – Having payment information DOESN’T mean it’s linked to real person (i.e. it’s possible to have _legetimate_ visa card with bogus name,with will pass bank authorization, I’m not saying about stolen cards here, some gift cards works that way). Of course providing non-RL(or at least non-completly real payment info is ToS violation-but (c) infrigment too, in this case it wouldn’t be financial fraud so…)
    – there always will be way to wash L$ clean.


  15. Fia, I can see what you’re saying, but when the 99% percentage thing is uncovered, the person getting the 99% still has to have a verified account to get the money out – RL info – Altmapping via IP address would easily show who was who. Technology to do that already exists and is in use. Still, your right, its another potential loophole, but I think one that could be shut down with a bit of backend from the lab..


  16. Vikrari – Good points ๐Ÿ™‚ – Stopping the freeware 0L$ redistrib stuff is really hard. I dont think this system would help with that. Its not designed to, so I wont try to think of ways it can be modified to do that (you lot feel free to, though!)
    I know a lot of SL users dont have visa/MC – but maybe there are other options. Remember the word OPTIONS there – nobody would FORCE them, but why cant I CHOOSE to use a passport and 2 utility bills to verify? Or other similar things. Or what about Paypal’s system, where they send you a letter with a code, and you verify by typing in that code to their website. Or many other similar ways. It doesnt have to be Visa/Mastercard. But there HAS to be some solid tie of RL to SL to make this work.

    And I wouldnt reccomend supplying a valid visa card with an alternate name on it!! Here in the UK that is known as Fraud and possibly “Obtaining false identity by deception” and its a criminal offence – in the US I think you just call it a felony..

    The Gift Cards would have to be blacklisted. Perhaps not from payment into SL, but for verification. There’s totally no point accepting them. Since they’re so easy to obtain without ID, they cant be trusted to substantiate it.


  17. seems like an interesting direction. Ultimately it is sort of a trusted seller network, which can also be done via endorsement. But, it does take two parties in a sale and often the buyer knows that he is buying something ripped-off and is doing so to save money.

    An endorsement system at least solves part of the problem for honest buyers–not sure that is biggest problem though!


  18. Exactly, people are like water – they take the easiest path. Often they’ll know something is stolen and buy it to save costs – I’m hoping that by precluding unregistered accounts from profiting from any sort of sale, it will remove the incentive to see reselling stolen property as a source of income and therefore disrupt the supply – if not the demand.

    It is for the same reason that I feel the current route taken by the lindens and other interested parties in general of attempting a gridwide increase in the visibility of the problem and peoples understanding of it is doomed to failure – as so often the problem isnt people are unaware that the goods they are purchasing are stolen. Potentially, there is even a risk with the current ‘ad campaign’ that it will merely inform those corrupt enough to desire copied goods that a ‘black market’ exists, which they will then activley seek out.

    Thanks for the comment though!! Its interesting to hear these ideas and they’re coming thick and fast, tell your friends to have a read and see what they think!


  19. As for not valid names on cards.
    Well, point is WHO could file complaint?
    Certainly not legitimate owner and not banks/Visa itself(because in fact legitimate owner IS paying). Point is card _passes_ bank name verification and that means bank think name is ok and not wrong one.
    You?for which reason exactly?Gift card is transferable by design. And even if put my RL name – there is interesting thing how I should spell it in English. And ‘official’ spelling is not that you likely think will be correct -:)

    And blocking gift cards – HOW?I don’t think it is too easy.

    As for your idea with paypal-style,etc verification..
    if LL does that they must be prepared to (and know how to) deal with MANY alternate local things (like: WebMoney ‘certificates’-common in xUSSR ONLY)

    For utility bills, let’s suppose you ask me to send you them. And suppose I will send them(in reality i will not do that except to LL). Of course they were not in English (and even in not latin script). You will be translating?Or you will ask for notarized translation? Passport scans?You will get _internal_ passport scan(not a even one letter in latin script ) and I say that i don’t have foreign passport(which many don’t have…). You will have to either refuse me for no reason(from my point of view) or don’t get correct verification.
    IP geolocation will not help you here too much.

    p.s. about my experience with age verification:
    2 alts used:first one is passed, 2nd one is not passed but I was asked to send utility bill, point _where_ in this bill my name and address and got verification for 2nd alt.

    p.p.s. Point is – it still better to implement such system EVEN WITH ALL THOSE PROBLEMS(for example:just forgot about gift cards). It will be better anyway. Just implement this system with _existing_ Payment info used/verification passed system arleady in place and think

    p.p.s#2. I _have_ Visa (and LL thinks it’s ok), I also have enough problems of various kinds _required_ me to learn enough about such side tricks and how to prevent their usage by people.


  20. Some good points there Viktari – Verifying RL information would be a bit tricky, but it is doable. I dont believe we’re in a situation where its impossible to verify who someone is. It doesnt hold true to say that a system cannot be designed to have people prove who they are in real life. Airports can do it, banks can, hotels and car rental all require this kind of information – there are well established systems in place to deal with the difficulties you mention, and if someone chooses to circumvent them by providing false data, or partial true and partial false data, then its usually fraud, and a criminal offence in its own right. It is possible to distinguish gift cards from ‘proper’ cards, companies like experian and other credit checking agencies can provide real time information on somebodys credit rating and history, if someone tries to proccess through a ‘gift’ visa card their software would certainley catch it.

    I agree that the verification of data wont be super easy, but the main thing i wanted to explore was how residents would feel about the concept of the ‘dual balances’ of their L$, about not getting access to funds from sales without verification. So far people dont seem to have too much of a problem with that except for that vendors would be tricky to cope with..

    So far so good, keep it coming guys!


  21. Experian, again…USA,possible Western Europe
    not other parts of world. Require credit score for entering?
    And as for gift cards,how you would distinguish them?(don’t think experian will have means of determining, even if they-there are other options).

    As for talks on ‘fraud’, different coutries different laws, different things people FEEL right.
    I don’t think in my local countrly it’s against a law to use psedonym on Internet,provided that this is not cause problems like ‘real’ card fraud(usage of stolen card),etc.

    Ideal system for the beggining will be JUST implement your idea using EXISTING ‘Payment info exist’ or/and ‘Adult verification passed’, now only if LL do that.
    Technical protection(beyond that’s arleady exist, and rather limited) will not help.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: