So…very timely to our launch tomorrow of the Second Life Business Plan contest is the Copybot scandal that’s threatening to undermine the entire SL virtual economy.
CopyBot captures the data being streamed to a local SL client and allows the user to clone that data in a way that creates an identical copy. Furthermore, this copy is not linked to the original in any meaningful way on the server-side and thus can’t be identified as a direct copy. Needless to say, this disrupts SL’s entire economy because it’s now easy to create millions of perfect knock-offs of the virtual Hermes boots it took me 15 craftsmen and 2 months to painstakingly build.
(Not Hermes Boots by Sol Columbia available for sale at the SL Boutique)
My friend Raph Koster wrote an awesome post yesterday analogizing the situation to the heated debates about DRM in the music and video markets: DRM is good when it works to protect your economic interests, evil when it prevents us from enjoying the data we want. Raph says, “CopyBot is a mirror, and what we see reflected in it is the unsavory fact that we all want DRM, if it favors us.”
A lot of controversy has erupted within the SL community over what to do about this issue, with many content creators vocally attacking SL’s developer, Linden Lab, for allowing the situation to occur. Interestingly, CopyBot grew out of an open source library that was developed by third-party OSS developers but is unofficially endorsed and supported by Linden Labs. Once CopyBot fell into the hands of end users for the purposes what amounts to basically SL piracy, the libsecondlife developers removed the CopyBot source code from their servers at the request of Linden Labs. But of course, once something like this has been unleashed, it is essentially impossible to contain it. In fact the press surrounding the scandal only amplifies the tool’s popularity amongst the folks who are most likely to abuse it.
The interesting question that arises is how do you close Pandora’s box? What can Linden Labs do now?
The simple answer in most cases is that you can’t close Pandora’s box, at least not completely. Linden Labs has begun to take a hardline stance on this issue by threatening people caught using the CopyBot with world banning, based on Terms of Services violations. I suspect they will also go down the obfuscation road in future patches of the SL software.
Data and code obfuscation is something that software developers have been dealing with for a while now. As computer languages (such as Java and C#) emerged with rich metadata that allowed developers to use programming concepts such as reflection, the amount of descriptive data in the executable that runs the program has grown to the point where it is often trivial for a decompiler to reverse engineer the program back into usable source code.
There is no real bullet-proof way to avoid this situation without losing all the benefits that the meta-data provides and so the primary way of dealing with the issue is to obfuscate the code before shipping it out to users. Basically, this involves running an executable which reads your executable, and using many of the same meta-data constructs that allow for de-compilation, it does a lot of renaming of identifiers, so that every method or public variable in your program will be named a, aa, aaa, aaaa, etc. instead of the real names that are in the original source code. The end result is an executable that can still be decompiled, but when decompiled is so confusing to a human reader that it is pretty much useless.
This exact type of obfuscation isn’t directly applicable to 3D data as used in Second Life but I can easily see Linden Labs employing the same basic strategy of complicating the 3D mesh format they used for the sake of being harder to reverse engineer. This doesn’t stop things like CopyBot from being written (in fact, there are already graphical capture software programs that work at the OpenGL or DirectX driver layer that could have done what CopyBot is doing a long time ago) but it does make them a lot more difficult. And in the end pretty much the best you can hope for when it comes to digital data duplication is to make it so difficult to do that it is just much easier for the user to acquire it legally than it is to steal a copy. Which gets us back to the DRM debate.
And with regards to the Second Life business plan contest - I’m interested to see whether or not it dampens the entrepreneurial spirit within SL or whether new folks will see all of the fear and concern as an opportunity from which to build new businesses.
7 comments
Comments feed for this article
November 16, 2006 at 4:49 pm
Ian Holsman
Couldn’t things like this be circumvented by digital signatures/watermarks embedded into the designs themselves.
SL could then determine ownership of the design and possibly prevent simplistic copybots.
The user could register where the watermark is on their design, and SL could possibly check for these watermarks when a design is first submitted, as well as the initial owner who created it.
copybots would then need to know where/what the watermark is on each design, and would run the risk that if they copy 1 design ALL of their designs can be easily identified and removed from the system.
November 16, 2006 at 9:57 pm
Out to Pasture » Blog Archive » SL Growth, Copybot roundup
[...] Raph Koster, MMO expert and designer Pham Neutra, SL resident Doeko Cassidy, SL resident and SLNN writer Susan Wu (VC at Charles River Ventures) [...]
November 16, 2006 at 11:56 pm
Taran Rampersad (aka Nobody Fugazi)
A thoughtful post.
All of this would sound a lot better if people realized that they need to protect their own copyrights. Therefore, the question is - what can they do? And the answer, of course, is things like digital watermarks.
Now, as far as ‘DRM’ - which is a misnomer - if it actually did what would be intuitive for the name, it would still not make sense. It’s called ‘copy protection’. I realize it sounds old, BUT — that’s what it is.
Using a copybot, which breaks a copy protection mechanism (which SL *does* have) is probably a violation of DMCA. But if you’re making $100 a month and a lawyer costs $300 an hour… oh.
Standardizing watermarks so that SL can read it is just asking for trouble. Remember what the copybot does? It intercepts… ahh.
Anyway, I wrote a post on this a few days ago.
Enjoy: http://www.knowprose.com/node/16654
As far as encrypting - sure, no problem, PGP keys for everyone. But if people have problems with poofers, I bet 128 bit encryption isn’t going to make them real happy on their dance pose balls (or others, for that matter).
November 17, 2006 at 9:59 am
Jeff Maurone
Hey Susan. Great to see that you’re blogging…keep it up!
November 17, 2006 at 2:23 pm
Andrew Parker
I like this post in the greater context of a digital goods marketplace. Second Life is a proof of concept for the sustainability of such an enterprise, but the money in Second Life isn’t as interesting as a company like IGE that positions itself as a middle-man for the buying/selling of digital goods in MMORPGs (most notably WOW). If the ideas behind the copybot flaw in SL can be carried over to other MMOGs, it could cripple IGE and the entire digital goods reselling marketplace.
Is the flaw being leveraged in SL based on that fact that the goods being duped are user-generated instead of server-generated (a distinction unique to SL)? If so, then other MMOGs are likely safe. If not, then digital goods marketplaces are in for a rough ride.
November 21, 2006 at 12:45 am
Susan Wu
Hi Andrew,
WoW doesn’t allow users to create and upload content, and that’s the crux of the problem facing Second Life. As I mentioned briefly, there have long been tools available which allow you to capture the 3D model and texture data from any running program, by hooking into the low level OpenGL or Direct3D layers and capturing the data as it is sent to the drawing APIs. This is pretty much the same thing CopyBot does, except copybot steals the data at the network level, not the graphics drawing level, but the end result is the same.
The reason this is a big problem on SL is that people can take that data and then reupload it to SL instantly as if it were a new SL object THEY created using the creation tools. If you capture the 3D data for the WoW Night Elf or a WoW Object, you can’t actually do much with it except load it into Maya and play around with it, because WoW doesn’t allow you to upload objects. So no big deal. So really the situation isn’t directly applicable to WoW or any other virtual world that doesn’t allow people to submit their own user created objects.
And the other thing is that this was always possible on SL, using those graphical debugging tools I mentioned. CopyBot’s main sin is just making the process way too easy, so an end user can just run a simple script and copy the object without any technical knowledge regarding how it works.
November 21, 2006 at 9:31 pm
Andrew Parker
Very helpful. Makes perfect sense. Sounds similar to the issues with people messing with other people’s user-created objects in MUDs (not that I’d know, before my time, but I studied it in an ethics class). I guess this problem applies to any online community with an upload component (I can steal images from Flickr, reupload them, claim them as my own, and sell them on a microstock site; or I can grab an RSS feed from Scoble, slap some CSS on it, claim it as my own original ideas, and then advertise around it; you get the picture…). Authorship and uniqueness are getting grey and difficult to verify in a crowdsourced world.
That’s a big part of the appeal of Etsy. With a handmade physical good, there can only be one (there are rare exceptions, like printed t-shirts, but you see my point).